diff --git a/drives.nix b/drives.nix new file mode 100644 index 0000000..933133b --- /dev/null +++ b/drives.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + fileSystems = { + "/mnt/nethergarde/windblows" = { + device = "10.94.157.2:/mnt/Nethergarde/Windows"; + fsType = "nfs"; + }; + "/mnt/nethergarde/bigdata" = { + device = "10.94.157.2:/mnt/Nethergarde/Bigdata"; + fsType = "nfs"; + }; + "/mnt/nethergarde/nextcloud" = { + device = "10.94.157.2:/mnt/Nethergarde/New-Nextcloud"; + fsType = "nfs"; + }; + + "/" = { + device = "/dev/disk/by-uuid/f8ce741e-1a4d-469d-bc6c-0777c1c84423"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/802B-4F26"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; +} + diff --git a/hardware-configuration.nix b/hardware-configuration.nix index 68c3d78..22af24c 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -10,20 +10,10 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "vfio_pci" ]; + boot.kernelParams = [ "amd_iommu=on" "iommu=pt" "pci_acs_override=downstream,multifunction" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/f8ce741e-1a4d-469d-bc6c-0777c1c84423"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/802B-4F26"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/7e34cdc3-bd48-435a-8ea2-e1fe43926262"; } ]; diff --git a/master.nix b/master.nix index a385d59..08b27e6 100644 --- a/master.nix +++ b/master.nix @@ -21,7 +21,8 @@ in ./sshd.nix ./tailscale.nix ./incus.nix - ./auto-upgrade.nix + ./drives.nix + #./auto-upgrade.nix ]; # This value determines the NixOS release from which the default diff --git a/networking.nix b/networking.nix index 3dd6f0e..d12e1d3 100644 --- a/networking.nix +++ b/networking.nix @@ -3,7 +3,7 @@ { networking = { hostName = "Stormwind"; - networkmanager.enable = true; + networkmanager.enable = false; nftables = { enable = true; @@ -11,31 +11,136 @@ table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; - iifname "enp3s0" tcp dport 80 dnat to 10.94.157.229:80 - iifname "enp3s0" tcp dport 443 dnat to 10.94.157.229:443 + iifname "enp3s0" tcp dport 80 dnat to 10.94.157.2:80 + iifname "enp3s0" tcp dport 443 dnat to 10.94.157.2:443 + iifname "enp3s0" tcp dport 20 dnat to 10.94.157.2:20 + iifname "enp3s0" tcp dport 21 dnat to 10.94.157.2:21 + iifname "enp3s0" tcp dport 22 dnat to 10.94.157.2:22 + iifname "enp3s0" tcp dport 990 dnat to 10.94.157.2:990 + iifname "enp3s0" tcp dport 989 dnat to 10.94.157.2:989 + iifname "enp3s0" tcp dport 445 dnat to 10.94.157.2:445 + iifname "enp3s0" tcp dport 111 dnat to 10.94.157.2:111 + iifname "enp3s0" udp dport 111 dnat to 10.94.157.2:111 + iifname "enp3s0" tcp dport 2049 dnat to 10.94.157.2:2049 + iifname "enp3s0" udp dport 2049 dnat to 10.94.157.2:2049 + iifname "enp3s0" tcp dport 32765 dnat to 10.94.157.2:32765 + iifname "enp3s0" udp dport 32765 dnat to 10.94.157.2:32765 + iifname "enp3s0" tcp dport 32768 dnat to 10.94.157.2:32768 + iifname "enp3s0" udp dport 32768 dnat to 10.94.157.2:32768 + iifname "enp3s0" tcp dport 20048 dnat to 10.94.157.2:20048 + iifname "enp3s0" udp dport 20048 dnat to 10.94.157.2:20048 } } ''; }; firewall = { - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ 80 443 20 21 22 990 989 445 111 2049 32765 32768 20048 ]; + allowedUDPPorts = [ 111 2049 20048 32765 32768 ]; }; nat = { enable = true; internalInterfaces = [ "incusbr0" ]; - externalInterface = "enp3s0"; + externalInterface = "enp4s0"; forwardPorts = [ { sourcePort = 80; proto = "tcp"; - destination = "10.94.157.229:80"; + destination = "10.94.157.2:80"; } { sourcePort = 443; proto = "tcp"; - destination = "10.94.157.229:443"; + destination = "10.94.157.2:443"; + } + # FTP + { + sourcePort = 20; + proto = "tcp"; + destination = "10.94.157.2:20"; + } + { + sourcePort = 21; + proto = "tcp"; + destination = "10.94.157.2:21"; + } + { + sourcePort = 22; + proto = "tcp"; + destination = "10.94.157.2:22"; + } + { + sourcePort = 990; + proto = "tcp"; + destination = "10.94.157.2:990"; + } + { + sourcePort = 989; + proto = "tcp"; + destination = "10.94.157.2:989"; + } + { + sourcePort = 21; + proto = "tcp"; + destination = "10.94.157.2:21"; + } + # SMB + { + sourcePort = 445; + proto = "tcp"; + destination = "10.94.157.2:445"; + } + # NFS + { + sourcePort = 111; + proto = "tcp"; + destination = "10.94.157.2:111"; + } + { + sourcePort = 111; + proto = "udp"; + destination = "10.94.157.2:111"; + } + { + sourcePort = 2049; + proto = "tcp"; + destination = "10.94.157.2:2049"; + } + { + sourcePort = 2049; + proto = "udp"; + destination = "10.94.157.2:2049"; + } + { + sourcePort = 32765; + proto = "tcp"; + destination = "10.94.157.2:32765"; + } + { + sourcePort = 32765; + proto = "udp"; + destination = "10.94.157.2:32765"; + } + { + sourcePort = 32768; + proto = "tcp"; + destination = "10.94.157.2:32768"; + } + { + sourcePort = 32768; + proto = "udp"; + destination = "10.94.157.2:32768"; + } + { + sourcePort = 20048; + proto = "tcp"; + destination = "10.94.157.2:20048"; + } + { + sourcePort = 20048; + proto = "udp"; + destination = "10.94.157.2:20048"; } ]; }; diff --git a/packages.nix b/packages.nix index c91436c..102dc3f 100644 --- a/packages.nix +++ b/packages.nix @@ -13,6 +13,10 @@ hyfetch lvm2 cryptsetup + pciutils + smartmontools + helix # Very bazed terminal editor + broot # Very bazed terminal file explorer ]; } diff --git a/sshd.nix b/sshd.nix index 4990bf8..a2d3e5c 100644 --- a/sshd.nix +++ b/sshd.nix @@ -3,6 +3,7 @@ { services.openssh = { enable = true; + ports = [ 2222 ]; settings = { PasswordAuthentication = false; }; diff --git a/user/stormwind/dotfiles/helix.toml b/user/stormwind/dotfiles/helix.toml new file mode 100644 index 0000000..cffd5da --- /dev/null +++ b/user/stormwind/dotfiles/helix.toml @@ -0,0 +1,21 @@ +theme = "dark_plus" + +[keys.normal] +"{" = ["goto_prev_paragraph", "collapse_selection"] +"}" = ["goto_next_paragraph", "collapse_selection"] +"…" = "repeat_last_motion" # Alt+. +"‚" = "split_selection_on_newline" # Alt+S +"ø" = "expand_selection" # Alt+O +"⁄" = "shrink_selection" # Alt+I +"π" = "select_prev_sibling" # Alt+P +"µ" = "select_next_sibling" # Alt+M +"ç" = "copy_selection_on_prev_line"# Alt+C. Shift+C, but upwards + +[keys.select] +"{" = ["goto_prev_paragraph", "collapse_selection"] +"}" = ["goto_next_paragraph", "collapse_selection"] +"ø" = "expand_selection" # Alt+O +"⁄" = "shrink_selection" # Alt+I +"π" = "select_prev_sibling" # Alt+P +"µ" = "select_next_sibling" # Alt+M + diff --git a/user/stormwind/master.nix b/user/stormwind/master.nix index 57b6b52..e266898 100644 --- a/user/stormwind/master.nix +++ b/user/stormwind/master.nix @@ -49,6 +49,7 @@ home.stateVersion = "24.11"; home.file = { ".config/nvim/init.vim".source = dotfiles/neovim/init.vim; + ".config/helix/config.toml".source = dotfiles/helix.toml; }; }; }