diff --git a/hosts/box/default.nix b/hosts/box/default.nix index a6f9ccd..6729d88 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -6,7 +6,6 @@ }: { imports = [ ./dns.nix - ./glance.nix ./packages.nix ./hardware-configuration.nix ../../modules/userapps/utils.nix @@ -14,6 +13,9 @@ ../../modules/raspberrypi.nix ../../modules/common/networking.nix ../../modules/common/shell.nix + ../../modules/de/multiple-dms.nix + ../../modules/de/gnome.nix + ../../modules/common/pipewire.nix ./user.nix ]; networking.hostName = "box"; diff --git a/hosts/oldbox/default.nix b/hosts/oldbox/default.nix new file mode 100644 index 0000000..a6f9ccd --- /dev/null +++ b/hosts/oldbox/default.nix @@ -0,0 +1,23 @@ +{ + config, + pkgs, + lib, + ... +}: { + imports = [ + ./dns.nix + ./glance.nix + ./packages.nix + ./hardware-configuration.nix + ../../modules/userapps/utils.nix + ../../modules/common/nix.nix + ../../modules/raspberrypi.nix + ../../modules/common/networking.nix + ../../modules/common/shell.nix + ./user.nix + ]; + networking.hostName = "box"; + networking.firewall.enable = false; + # This will be overridden by system/default.nix + system.stateVersion = "25.05"; +} diff --git a/hosts/oldbox/dns.nix b/hosts/oldbox/dns.nix new file mode 100644 index 0000000..2266f2e --- /dev/null +++ b/hosts/oldbox/dns.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + services.pihole-web = { + enable = true; + ports = [8085]; + }; + + services.pihole-ftl = { + enable = true; + #openFirewallDNS = true; + #openFirewallDHCP = true; + queryLogDeleter.enable = true; + lists = [ + { + url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; + # Alternatively, use the file from nixpkgs. Note its contents won't be + # automatically updated by Pi-hole, as it would with an online URL. + # url = "file://${pkgs.stevenblack-blocklist}/hosts"; + description = "Steven Black's unified adlist"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt"; + description = "Hagezi Ultimate"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt"; + description = "Hazegi NSFW"; + } + ]; + settings = { + files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db"; + dns = { + domainNeeded = true; + expandHosts = true; + interface = "end0"; + listeningMode = "BIND"; + domain = "lan"; + upstreams = ["9.9.9.11"]; + hosts = [ + "*.bigbox.lan 192.168.0.131" + "bigbox.lan 192.168.0.131" + "inv.bigbox.lan 192.168.0.131" + "media.bigbox.lan 192.168.0.131" + "type.bigbox.lan 192.168.0.131" + "bookmarks.bigbox.lan 192.168.0.131" + "bin.bigbox.lan 192.168.0.131" + "ai.bigbox.lan 192.168.0.131" + "speed.bigbox.lan 192.168.0.131" + "syncthing.bigbox.lan 192.168.0.131" + "kiwix.bigbox.lan 192.168.0.131" + "torrent.bigbox.lan 192.168.0.131" + "gitea.bigbox.lan 192.168.0.131" + "news.bigbox.lan 192.168.0.131" + ]; + }; + dhcp = { + active = false; + router = "192.168.0.1"; + start = "192.168.0.2"; + end = "192.168.0.99"; + netmask = "255.255.255.0"; + leaseTime = "1d"; + #ipv6 = true; + multiDNS = true; + rapidCommit = true; + hosts = [ + # Static address for the current host + "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite" + "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite" + "60:30:d4:6b:89:10,192.168.0.100,puter,infinite" + ]; + }; + misc.dnsmasq_lines = [ + # This DHCP server is the only one on the network + #"dhcp-authoritative" + # Source: https://data.iana.org/root-anchors/root-anchors.xml + "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16" + ]; + }; + }; +} diff --git a/hosts/box/empty.nix b/hosts/oldbox/empty.nix similarity index 100% rename from hosts/box/empty.nix rename to hosts/oldbox/empty.nix diff --git a/hosts/box/glance.nix b/hosts/oldbox/glance.nix similarity index 100% rename from hosts/box/glance.nix rename to hosts/oldbox/glance.nix diff --git a/hosts/oldbox/hardware-configuration.nix b/hosts/oldbox/hardware-configuration.nix new file mode 100644 index 0000000..0c25e76 --- /dev/null +++ b/hosts/oldbox/hardware-configuration.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: { + boot.blacklistedKernelModules = [ + "bluetooth" + "btbcm" + "hci_uart" + "hci_bcm" + ]; + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; + + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/oldbox/packages.nix b/hosts/oldbox/packages.nix new file mode 100644 index 0000000..f530050 --- /dev/null +++ b/hosts/oldbox/packages.nix @@ -0,0 +1,16 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ../../modules/userapps/utils.nix + ]; + + services.openssh.enable = true; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; +} diff --git a/hosts/oldbox/user.nix b/hosts/oldbox/user.nix new file mode 100644 index 0000000..7bead52 --- /dev/null +++ b/hosts/oldbox/user.nix @@ -0,0 +1,19 @@ +{ + config, + pkgs, + lib, + ... +}: { + users.users.boxuser = { + isNormalUser = true; + group = "boxuser"; + extraGroups = ["wheel" "docker" "networkmanager"]; # Enable ‘sudo’ for the user. + hashedPassword = "$6$Gk6L21XBSf.YbfU1$eadMLbwvAgudTjPOLCsZfRNxfGptARnAazhs0xz/GcNEYGQS/GjLov/jJsHnPIKBNIPQJEG4XhZ3K097bfi1c1"; + packages = with pkgs; [ + fastfetch + ]; + }; + + users.users.boxuser.shell = pkgs.bash; + users.groups.boxuser = {}; +}