Compare commits
17 commits
a06b102eaf
...
11d5c3dcc0
Author | SHA1 | Date | |
---|---|---|---|
Laureηt | 11d5c3dcc0 | ||
Laureηt | f112055076 | ||
Laureηt | 0c7e768235 | ||
Laureηt | 42d74ddd66 | ||
Laureηt | fef75b9b3b | ||
Laureηt | a8a72ffdb6 | ||
Laureηt | 46a1f9b975 | ||
Laureηt | e5ebf882d6 | ||
Laureηt | cc6d8f0545 | ||
Laureηt | 146076bad4 | ||
Laureηt | 7da10c80f6 | ||
Laureηt | 1b88aa463d | ||
Laureηt | f83dda4946 | ||
Laureηt | 3e36af50d5 | ||
Laureηt | 4a3e8eeb0f | ||
Laureηt | e74af8434c | ||
Laureηt | b94ba8a7b4 |
279
flake.lock
279
flake.lock
|
@ -144,6 +144,46 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700927249,
|
||||
"narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-anywhere",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698422527,
|
||||
"narHash": "sha256-SDu3Xg263t3oXIyTaH0buOvFnKIDeZsvKDBtOz+jRbs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "944d338d24a9d043a3f7461c30ee6cfe4f9cca30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "master",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -198,6 +238,27 @@
|
|||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixos-anywhere",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698882062,
|
||||
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_3": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
|
@ -268,6 +329,24 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -313,7 +392,7 @@
|
|||
"hyprland": {
|
||||
"inputs": {
|
||||
"hyprland-protocols": "hyprland-protocols",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"systems": "systems_2",
|
||||
"wlroots": "wlroots",
|
||||
"xdph": "xdph"
|
||||
|
@ -363,7 +442,7 @@
|
|||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
|
@ -381,6 +460,45 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-2305": {
|
||||
"locked": {
|
||||
"lastModified": 1698911509,
|
||||
"narHash": "sha256-FFwqTbF+1laraWTL/t7LI+gN+DYfoj+iFYLof5wCea8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ecd985f22e007e6ac3152d68590c06cbbaea8c0e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-anywhere": {
|
||||
"inputs": {
|
||||
"disko": "disko_2",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"nixos-2305": "nixos-2305",
|
||||
"nixos-images": "nixos-images",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700914752,
|
||||
"narHash": "sha256-d81ed+ZO7i93KTTOOW1cSbh7OsFvGoKHF1JpHEdLw3E=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-anywhere",
|
||||
"rev": "7351eb2f45efc30f2cedd5f62b2e526681a21875",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-anywhere",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1701020860,
|
||||
|
@ -396,18 +514,43 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-images": {
|
||||
"inputs": {
|
||||
"nixos-2305": [
|
||||
"nixos-anywhere",
|
||||
"nixos-2305"
|
||||
],
|
||||
"nixos-unstable": [
|
||||
"nixos-anywhere",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1697515196,
|
||||
"narHash": "sha256-EZivLoJHCqJdi23Mn/p+lPNHBBctGSWzEnAhYfC0VD0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-images",
|
||||
"rev": "87bccdbdfbeb07e0c4fb4c2ec3d71986e8fa24d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-images",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
"lastModified": 1697915759,
|
||||
"narHash": "sha256-WyMj5jGcecD+KC8gEs+wFth1J1wjisZf8kVZH13f1Zo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
|
||||
"rev": "51d906d2341c9e866e48c2efcaac0f2d70bfd43e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -447,6 +590,22 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1699354722,
|
||||
"narHash": "sha256-abmqUReg4PsyQSwv4d0zjcWpMHrd3IFJiTb2tZpfF04=",
|
||||
|
@ -462,7 +621,23 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1700218750,
|
||||
"narHash": "sha256-ft54Un/pZ/KoI6hx9HLeb/SLg0SB8NvV+z7vzrpWs8c=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2542afeb0d81db4d1e5bc8df8354cbdcc29c2f53",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1700794826,
|
||||
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
|
||||
|
@ -478,7 +653,23 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1700794826,
|
||||
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1700612854,
|
||||
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=",
|
||||
|
@ -494,7 +685,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"nixpkgs_8": {
|
||||
"locked": {
|
||||
"lastModified": 1698318101,
|
||||
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
|
||||
|
@ -541,10 +732,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"resume": {
|
||||
"projet-intelligence-artificielle-multimedia": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701038653,
|
||||
"narHash": "sha256-mif1mtvfKUcLeLcHBjDeE8nDvSXqCgU2FlXwb123K7M=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "52c1f4c76d9da18c5d674b4db3b413af9193d285",
|
||||
"revCount": 20,
|
||||
"type": "git",
|
||||
"url": "https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia"
|
||||
}
|
||||
},
|
||||
"resume": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_7",
|
||||
"typst": "typst"
|
||||
},
|
||||
"locked": {
|
||||
|
@ -564,12 +774,15 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"disko": "disko",
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"hyprland": "hyprland",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"nixos-anywhere": "nixos-anywhere",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"projet-intelligence-artificielle-multimedia": "projet-intelligence-artificielle-multimedia",
|
||||
"resume": "resume"
|
||||
}
|
||||
},
|
||||
|
@ -698,12 +911,48 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_6": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-anywhere",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698438538,
|
||||
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"typst": {
|
||||
"inputs": {
|
||||
"crane": "crane_3",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"systems": "systems_5"
|
||||
"flake-parts": "flake-parts_3",
|
||||
"nixpkgs": "nixpkgs_8",
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700840283,
|
||||
|
|
32
flake.nix
32
flake.nix
|
@ -1,17 +1,21 @@
|
|||
{
|
||||
description = "Laureηt's infrastructure";
|
||||
|
||||
# TODO: setup flake-parts à la place de flake-utils
|
||||
# TODO: setup le formatter comme sioodmy
|
||||
# TODO: rekey les secrets + changer la key de hydrogen
|
||||
# TODO: luks encrypt hydrogen (dropbear ?)
|
||||
# TODO: dégager btfrs de neodymium, ext4 ftw
|
||||
# TODO: setup disko sur neodymium
|
||||
|
||||
inputs = {
|
||||
nixpkgs = {
|
||||
url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
# url = "git+file:///home/laurent/Documents/nixpkgs?shallow=1";
|
||||
};
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
lanzaboote = {
|
||||
url = "github:nix-community/lanzaboote";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
agenix = {
|
||||
|
@ -19,17 +23,16 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
lanzaboote.url = "github:nix-community/lanzaboote";
|
||||
hyprland.url = "github:hyprwm/Hyprland";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
disko.url = "github:nix-community/disko";
|
||||
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
||||
|
||||
resume.url = "git+https://git.fainsin.bzh/Laurent/resume";
|
||||
projet-intelligence-artificielle-multimedia.url =
|
||||
"git+https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia";
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
|
@ -42,7 +45,7 @@
|
|||
};
|
||||
|
||||
outputs = { nixpkgs, flake-utils, lanzaboote, agenix, home-manager
|
||||
, nixos-hardware, ... }@inputs:
|
||||
, nixos-hardware, disko, ... }@inputs:
|
||||
|
||||
(flake-utils.lib.eachDefaultSystem (system:
|
||||
let pkgs = nixpkgs.legacyPackages.${system};
|
||||
|
@ -84,6 +87,7 @@
|
|||
modules = [
|
||||
./hosts/hydrogen
|
||||
home-manager.nixosModules.home-manager
|
||||
disko.nixosModules.default
|
||||
agenix.nixosModules.default
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
];
|
||||
|
|
|
@ -1,9 +1 @@
|
|||
{ modulesPath, lib, ... }: {
|
||||
imports =
|
||||
lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
|
||||
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
||||
|
||||
./services
|
||||
./system
|
||||
];
|
||||
}
|
||||
{ ... }: { imports = [ ./services ./system ]; }
|
||||
|
|
|
@ -1,103 +0,0 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall = {
|
||||
# allow dns queries trough wireguard
|
||||
interfaces."wg0".allowedUDPPorts = [
|
||||
53 # dns default port
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.blocky = {
|
||||
enable = true;
|
||||
settings = {
|
||||
upstream.default = [ "208.67.222.222" "208.67.220.220" ];
|
||||
|
||||
clientLookup.clients = {
|
||||
hydrogen = [ "10.0.0.1" "127.0.0.1" ];
|
||||
pixel5 = [ "10.0.0.2" ];
|
||||
neodymium = [ "10.0.0.3" ];
|
||||
};
|
||||
|
||||
blocking = {
|
||||
refreshPeriod = "24h";
|
||||
clientGroupsBlock.default =
|
||||
[ "firebog-tick" "firebog-nocross" "regex" ];
|
||||
blackLists = {
|
||||
firebog-tick = [
|
||||
# https://v.firebog.net/hosts/lists.php?type=tick
|
||||
"https://adaway.org/hosts.txt"
|
||||
"https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt"
|
||||
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
|
||||
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
|
||||
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
|
||||
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
|
||||
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
|
||||
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
|
||||
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
|
||||
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
|
||||
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
||||
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
|
||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
|
||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
|
||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
|
||||
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
|
||||
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
|
||||
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
|
||||
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
||||
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
|
||||
"https://urlhaus.abuse.ch/downloads/hostfile/"
|
||||
"https://v.firebog.net/hosts/AdguardDNS.txt"
|
||||
"https://v.firebog.net/hosts/Admiral.txt"
|
||||
"https://v.firebog.net/hosts/Easylist.txt"
|
||||
"https://v.firebog.net/hosts/Easyprivacy.txt"
|
||||
"https://v.firebog.net/hosts/Prigent-Ads.txt"
|
||||
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
|
||||
"https://v.firebog.net/hosts/RPiList-Malware.txt"
|
||||
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
|
||||
"https://v.firebog.net/hosts/static/w3kbl.txt"
|
||||
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
|
||||
];
|
||||
firebog-nocross = [
|
||||
# https://v.firebog.net/hosts/lists.php?type=nocross
|
||||
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
|
||||
"https://malware-filter.gitlab.io/malware-filter/phishing-filter-hosts.txt"
|
||||
"https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt"
|
||||
"https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts"
|
||||
"https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt"
|
||||
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt"
|
||||
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt"
|
||||
"https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt"
|
||||
"https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt"
|
||||
"https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts"
|
||||
"https://someonewhocares.org/hosts/zero/hosts"
|
||||
"https://v.firebog.net/hosts/neohostsbasic.txt"
|
||||
"https://v.firebog.net/hosts/Prigent-Malware.txt"
|
||||
"https://winhelp2002.mvps.org/hosts.txt"
|
||||
"https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
|
||||
];
|
||||
regex = [
|
||||
# https://github.com/mmotti/pihole-regex/blob/master/regex.list
|
||||
''
|
||||
/^ad([sxv]?[0-9]*|system)[_.-]([^.[:space:]]+\\.){1,}|[_.-]ad([sxv]?[0-9]*|system)[_.-]/
|
||||
/^(.+[_.-])?adse?rv(er?|ice)?s?[0-9]*[_.-]/
|
||||
/^(.+[_.-])?telemetry[_.-]/
|
||||
/^adim(age|g)s?[0-9]*[_.-]/
|
||||
/^adtrack(er|ing)?[0-9]*[_.-]/
|
||||
/^advert(s|is(ing|ements?))?[0-9]*[_.-]/
|
||||
/^aff(iliat(es?|ion))?[_.-]/
|
||||
/^analytics?[_.-]/
|
||||
/^banners?[_.-]/
|
||||
/^beacons?[0-9]*[_.-]/
|
||||
/^count(ers?)?[0-9]*[_.-]/
|
||||
/^mads\\./
|
||||
/^pixels?[-.]/
|
||||
/^stat(s|istics)?[0-9]*[_.-]/
|
||||
/.*\\.g[0-9]+\\..*/
|
||||
''
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1 +1 @@
|
|||
{ ... }: { services.changedetection-io = { enable = true; }; }
|
||||
{ ... }: { services.changedetection-io.enable = true; }
|
||||
|
|
|
@ -1,12 +1 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
./acme
|
||||
./atuin
|
||||
./blocky
|
||||
./changedetection
|
||||
./fail2ban
|
||||
./gitea
|
||||
./nginx
|
||||
./wireguard
|
||||
];
|
||||
}
|
||||
{ ... }: { imports = [ ./acme ./atuin ./changedetection ./gitea ./nginx ]; }
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{ ... }: {
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 3;
|
||||
bantime = "1h";
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }: {
|
||||
{ inputs, system, pkgs, ... }: {
|
||||
services.nginx.virtualHosts = {
|
||||
"n7.laurent.fainsin.bzh" = {
|
||||
enableACME = true;
|
||||
|
@ -17,7 +17,9 @@
|
|||
import ./projet-systemes-algorithmes-repartis.nix pkgs;
|
||||
|
||||
"/projet-intelligence-artificielle-multimedia/" = # #
|
||||
import ./projet-intelligence-artificielle-multimedia.nix pkgs;
|
||||
import ./projet-intelligence-artificielle-multimedia.nix {
|
||||
inherit inputs system;
|
||||
};
|
||||
|
||||
"/projet-probleme-inverse-3D/" = # #
|
||||
import ./projet-probleme-inverse-3D.nix pkgs;
|
||||
|
|
|
@ -1,12 +1,5 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
pages = pkgs.fetchgit {
|
||||
url =
|
||||
"https://git.fainsin.bzh/ENSEEIHT/projet-intelligence-artificielle-multimedia";
|
||||
rev = "8d7708db070170f6f3b276c5ea6f2f1b38e57ee5"; # pages
|
||||
sha256 = "07cmnxmhb4l2chb8h9y45jnm10fqlmlq9d7zwllgk6l3gc0m3rdp";
|
||||
};
|
||||
in {
|
||||
alias = "${pages}/";
|
||||
index = "slides.html";
|
||||
{ inputs, system, ... }: {
|
||||
alias =
|
||||
inputs.projet-intelligence-artificielle-multimedia.packages.${system}.slides
|
||||
+ "/";
|
||||
}
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedUDPPorts = [
|
||||
5553 # wireguard
|
||||
];
|
||||
};
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
enableIPv6 = true;
|
||||
externalInterface = "ens3";
|
||||
internalInterfaces = [ "wg0" ];
|
||||
};
|
||||
|
||||
wireguard.interfaces = {
|
||||
wg0 = {
|
||||
ips = [ "10.0.0.1/24" "fd02:002:002::1/64" ];
|
||||
listenPort = 5553;
|
||||
privateKeyFile = "/root/wg-private";
|
||||
peers = [
|
||||
{ # pixel
|
||||
publicKey = "HS2q+PpPPwxqT1jCD7D4puqr4ZyaXV5TostavlYWBx0=";
|
||||
allowedIPs = [ "10.0.0.2/32" "fd02:002:002::2/64" ];
|
||||
}
|
||||
{ # neodymium
|
||||
publicKey = "IFeRvelEilNRLkhWgFKL9HrJ9XYsm+r4yvv23CigETk=";
|
||||
allowedIPs = [ "10.0.0.3/32" "fd02:002:002::3/64" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ ... }: {
|
||||
{ modulesPath, ... }: {
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
@ -7,5 +7,13 @@
|
|||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
imports = [ ./networking ./packages ./ssh ./users ];
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./disko
|
||||
./networking
|
||||
./packages
|
||||
./ssh
|
||||
./users
|
||||
];
|
||||
}
|
||||
|
|
40
hosts/hydrogen/system/disko/default.nix
Normal file
40
hosts/hydrogen/system/disko/default.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ ... }: {
|
||||
boot.loader.grub = {
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
disko.devices = {
|
||||
disk.disk1 = {
|
||||
device = "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
end = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +1,18 @@
|
|||
{ ... }: {
|
||||
networking = {
|
||||
# the name of the machine
|
||||
hostName = "hydrogen";
|
||||
|
||||
# the domain used for the machine
|
||||
domain = "fainsin.bzh";
|
||||
|
||||
# domain name servers, use clouflare family
|
||||
networking.nameservers = [ "1.1.1.2" "1.0.0.2" ];
|
||||
|
||||
# TODO: bouger ça à côté des applications
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22 # ssh
|
||||
624 # ssh
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ ... }: {
|
||||
{ lib, pkgs, nixpkgs, ... }: {
|
||||
# optimizations
|
||||
nix.settings.auto-optimise-store = true;
|
||||
|
||||
|
@ -8,4 +8,16 @@
|
|||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
# experimental features
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# pin nixpkgs registry
|
||||
nix.registry.nixpkgs.flake = nixpkgs;
|
||||
|
||||
# print diff between two generations
|
||||
system.activationScripts.nvd-report-changes = ''
|
||||
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
||||
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
{ pkgs, ... }: { environment.systemPackages = with pkgs; [ btop borgbackup ]; }
|
||||
{ pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ btop borgbackup gitMinimal sysz ];
|
||||
}
|
||||
|
|
|
@ -1 +1,6 @@
|
|||
{ ... }: { services.openssh.ports = [ 624 ]; }
|
||||
{ ... }: {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [ 642 ];
|
||||
};
|
||||
}
|
||||
|
|
6
hosts/neodymium/home/chromium/default.nix
Normal file
6
hosts/neodymium/home/chromium/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{ pkgs, ... }: {
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
package = pkgs.ungoogled-chromium;
|
||||
};
|
||||
}
|
|
@ -6,6 +6,7 @@
|
|||
./packages.nix
|
||||
|
||||
./alacritty
|
||||
./chromium
|
||||
./firefox
|
||||
./gtk
|
||||
./shell
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
{ lib, ... }: {
|
||||
# set hostname
|
||||
# the name of the machine
|
||||
networking.hostName = "neodymium";
|
||||
|
||||
# domain name servers, use clouflare family
|
||||
networking.nameservers = [ "1.1.1.2" "1.0.0.2" ];
|
||||
|
||||
# use networkManager, see nmcli
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
|
@ -20,6 +23,4 @@
|
|||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
imports = [ ./wireguard.nix ];
|
||||
}
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
{ lib, ... }: {
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
# client
|
||||
privateKeyFile = "/root/wireguard-keys/private";
|
||||
address = [ "10.0.0.3/24" "fd02:002:002::3/64" ];
|
||||
dns = [ "10.0.0.1" ];
|
||||
|
||||
# server
|
||||
peers = [{
|
||||
publicKey = "y36/EpLUerwM6NSGsVDCkb37Wj/Z3CI0mPFGatVa0Ws=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
endpoint = "fainsin.bzh:5553";
|
||||
persistentKeepalive = 30;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
# modify the systemd service to restart on failure every 10 seconds
|
||||
systemd.services.wg-quick-wg0 = {
|
||||
serviceConfig = {
|
||||
Type = lib.mkForce "simple";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
};
|
||||
unitConfig = {
|
||||
# ensures Restart= is always honoured
|
||||
StartLimitIntervalSec = 0;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -41,6 +41,7 @@
|
|||
"vscode-extension-ms-vsliveshare-vsliveshare"
|
||||
];
|
||||
|
||||
# print diff between two generations
|
||||
system.activationScripts.nvd-report-changes = ''
|
||||
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
||||
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
||||
|
|
Loading…
Reference in a new issue