adguardhome: increase statistic retention time

rp5: move things in separate configs, to be reused
xwayland: tried to fix clipboard issues
2024-11-26 17:03:05 +01:00 · 2024-11-26 17:02:32 +01:00 · 2024-11-26 15:08:30 +01:00 · 2024-11-26 15:06:39 +01:00
6 changed files with 148 additions and 64 deletions
--- a/modules/nixos/desktop/hyprland/default.nix
+++ b/modules/nixos/desktop/hyprland/default.nix
@ -34,6 +34,48 @@ let
        1password&
    fi
  '';
  # clipsync = pkgs.writeShellScriptBin "clipsync" ''
  #   insert() {
  #     # Read all the piped input into variable.
  #     value=$(cat)
  #     wValue="$(wl-paste)"
  #     xValue="$(xclip -o -selection clipboard)"
  #     notify() {
  #       notify-send -u low -c clipboard "$1" "$value"
  #     }
  #     if [ "$value" != "$wValue" ]; then
  #       notify "Wayland"
  #       echo -n "$value" | wl-copy
  #     fi
  #     if [ "$value" != "$xValue" ]; then
  #       notify "X11"
  #       echo -n "$value" | xclip -selection clipboard
  #     fi
  #   }
  #   watch() {
  #     # Wayland -> X11
  #     wl-paste --type text --watch clipsync insert &
  #     # X11 -> Wayland
  #     while clipnotify; do
  #       xclip -o -selection clipboard | clipsync insert
  #     done &
  #   }
  #   kill() {
  #     pkill wl-paste
  #     pkill clipnotify
  #     pkill xclip
  #     pkill clipsync
  #   }
  #   "$@"
  # '';
 in
 {
  options.${namespace}.desktop.hyprland = {
@ -54,9 +96,14 @@ in
      libnotify
      # Wayland Utilities
      wl-clipboard
      wlr-randr
      # Clipboard Stuff
      wl-clipboard
      xclip
      clipnotify
      # clipsync
      # Screenshot Utility
      grimblast
@ -128,6 +175,8 @@ in
                "[workspace 8 silent] vesktop"
                "[workspace 9 silent] 1password"
                "[workspace 1 silent] zen"
                "${pkgs.xorg.xhost}/bin/xhost +"
              ];
              windowrulev2 = [
--- a/modules/nixos/services/openssh/default.nix
+++ b/modules/nixos/services/openssh/default.nix
@ -0,0 +1,29 @@
 {
  lib,
  config,
  namespace,
  ...
 }:
 let
  cfg = config.${namespace}.services.openssh;
  inherit (lib) mkIf mkEnableOption;
 in
 {
  options.${namespace}.services.openssh = {
    enable = mkEnableOption "Enable SSH";
  };
  config = mkIf cfg.enable {
    services.openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
      };
    };
    services.fail2ban = {
      enable = true;
    };
  };
 }
--- a/modules/nixos/services/remotebuild/default.nix
+++ b/modules/nixos/services/remotebuild/default.nix
@ -0,0 +1,48 @@
 {
  lib,
  config,
  namespace,
  ...
 }:
 let
  cfg = config.${namespace}.services.remotebuild;
  inherit (lib) mkIf mkEnableOption;
 in
 {
  options.${namespace}.services.remotebuild = {
    enable = mkEnableOption "Enable remotebuild";
  };
  config = mkIf cfg.enable {
    users.users.remotebuild = {
      isNormalUser = true;
      createHome = false;
      group = "remotebuild";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
      ];
    };
    users.groups.remotebuild = { };
    nix = {
      nrBuildUsers = 64;
      settings = {
        trusted-users = [ "remotebuild" ];
        min-free = 10 * 1024 * 1024;
        max-free = 200 * 1024 * 1024;
        max-jobs = "auto";
        cores = 0;
      };
    };
    systemd.services.nix-daemon.serviceConfig = {
      MemoryAccounting = true;
      MemoryMax = "90%";
      OOMScoreAdjust = 500;
    };
  };
 }
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@ -19,38 +19,6 @@ in
    raspberry-pi-5
  ];
  security.sudo.wheelNeedsPassword = false;
  users.users.remotebuild = {
    isNormalUser = true;
    createHome = false;
    group = "remotebuild";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
    ];
  };
  users.groups.remotebuild = { };
  nix = {
    nrBuildUsers = 64;
    settings = {
      trusted-users = [ "remotebuild" ];
      min-free = 10 * 1024 * 1024;
      max-free = 200 * 1024 * 1024;
      max-jobs = "auto";
      cores = 0;
    };
  };
  systemd.services.nix-daemon.serviceConfig = {
    MemoryAccounting = true;
    MemoryMax = "90%";
    OOMScoreAdjust = 500;
  };
  networking = {
    interfaces.wlan0 = {
      ipv4.addresses = [
@ -74,16 +42,15 @@ in
        };
      };
    };
-  };
+    firewall = {
-
+      allowedTCPPorts = [
-  networking.firewall = {
+        53
-    allowedTCPPorts = [
+        80
-      53
+      ];
-      80
+      allowedUDPPorts = [
-    ];
+        53
-    allowedUDPPorts = [
+      ];
-      53
+    };
    ];
  };
  services.adguardhome = {
@ -126,6 +93,10 @@ in
            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
          ];
      statistics = {
        enabled = true;
        interval = "8760h";
      };
    };
  };
@ -156,17 +127,14 @@ in
    };
  };
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };
  ${namespace} = {
    submodules.basics = enabled;
    services = {
      openssh = enabled;
      remotebuild = enabled;
    };
    system = {
      # cachemiss for webkit gtk
      hardware.networking.enable = mkForce false;
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -29,18 +29,6 @@ in
    };
  };
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };
  services.fail2ban = {
    enable = true;
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@ -101,6 +89,7 @@ in
        enable = true;
        inherit sopsFile;
      };
      openssh = enabled;
    };
    security = {
--- a/systems/x86_64-linux/yggdrasil/default.nix
+++ b/systems/x86_64-linux/yggdrasil/default.nix
@ -80,9 +80,10 @@ in
        };
        exec-once = [
          "xrandr --output DP-2 --primary"
          "[workspace 1 silent] obsidian --disabled-gpu"
          "[workspace 9 silent] git-butler"
          "${pkgs.xorg.xrandr}/bin/xrandr --output DP-2 --primary"
        ];
        workspace = [
Author	SHA1	Message	Date
Christoph Hollizeck	bc1a7c4092	adguardhome: increase statistic retention time	2024-11-26 17:03:05 +01:00
Christoph Hollizeck	ca9b9f6222	rp5: move things in separate configs, to be reused	2024-11-26 17:02:32 +01:00
Christoph Hollizeck	fbd3a669fd	xwayland: tried to fix clipboard issues originally wanted to fix a 1password copy issue, but that fixed itself after a restart, leaving xclip and the commented code in for potentional future endeavors	2024-11-26 15:08:30 +01:00
Christoph Hollizeck	7f80d5a263	xwayland: refer to xrandr package rather than global installation	2024-11-26 15:06:39 +01:00