rp5: add ethernet

adguardhome: increase statistic retention time
rp5: move things in separate configs, to be reused
2024-11-26 17:05:20 +01:00 · 2024-11-26 17:03:05 +01:00 · 2024-11-26 17:02:32 +01:00
4 changed files with 106 additions and 63 deletions
--- a/modules/nixos/services/openssh/default.nix
+++ b/modules/nixos/services/openssh/default.nix
@ -0,0 +1,29 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services.openssh;
+  inherit (lib) mkIf mkEnableOption;
+in
+{
+  options.${namespace}.services.openssh = {
+    enable = mkEnableOption "Enable SSH";
+  };
+
+  config = mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+      };
+    };
+
+    services.fail2ban = {
+      enable = true;
+    };
+  };
+}
--- a/modules/nixos/services/remotebuild/default.nix
+++ b/modules/nixos/services/remotebuild/default.nix
@ -0,0 +1,48 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services.remotebuild;
+  inherit (lib) mkIf mkEnableOption;
+in
+{
+  options.${namespace}.services.remotebuild = {
+    enable = mkEnableOption "Enable remotebuild";
+  };
+
+  config = mkIf cfg.enable {
+    users.users.remotebuild = {
+      isNormalUser = true;
+      createHome = false;
+      group = "remotebuild";
+
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
+      ];
+    };
+
+    users.groups.remotebuild = { };
+
+    nix = {
+      nrBuildUsers = 64;
+      settings = {
+        trusted-users = [ "remotebuild" ];
+
+        min-free = 10 * 1024 * 1024;
+        max-free = 200 * 1024 * 1024;
+
+        max-jobs = "auto";
+        cores = 0;
+      };
+    };
+
+    systemd.services.nix-daemon.serviceConfig = {
+      MemoryAccounting = true;
+      MemoryMax = "90%";
+      OOMScoreAdjust = 500;
+    };
+  };
+}
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@ -19,40 +19,8 @@ in
    raspberry-pi-5
  ];

-  security.sudo.wheelNeedsPassword = false;
-  users.users.remotebuild = {
-    isNormalUser = true;
-    createHome = false;
-    group = "remotebuild";
-
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
-    ];
-  };
-
-  users.groups.remotebuild = { };
-
-  nix = {
-    nrBuildUsers = 64;
-    settings = {
-      trusted-users = [ "remotebuild" ];
-
-      min-free = 10 * 1024 * 1024;
-      max-free = 200 * 1024 * 1024;
-
-      max-jobs = "auto";
-      cores = 0;
-    };
-  };
-
-  systemd.services.nix-daemon.serviceConfig = {
-    MemoryAccounting = true;
-    MemoryMax = "90%";
-    OOMScoreAdjust = 500;
-  };
-
  networking = {
-    interfaces.wlan0 = {
+    interfaces.end0 = {
      ipv4.addresses = [
        {
          address = ipAddress;
@ -61,6 +29,15 @@ in
      ];
      useDHCP = true;
    };
+    interfaces.wlan0 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.178.3";
+          prefixLength = 24;
+        }
+      ];
+      useDHCP = true;
+    };
    defaultGateway = {
      address = "192.168.178.1";
      interface = "wlan0";
@ -74,16 +51,15 @@ in
        };
      };
    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [
-      53
-      80
-    ];
-    allowedUDPPorts = [
-      53
-    ];
+    firewall = {
+      allowedTCPPorts = [
+        53
+        80
+      ];
+      allowedUDPPorts = [
+        53
+      ];
+    };
  };

  services.adguardhome = {
@ -126,6 +102,10 @@ in
            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
          ];

+      statistics = {
+        enabled = true;
+        interval = "8760h";
+      };
    };
  };

@ -156,17 +136,14 @@ in
    };
  };

-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-    };
-  };
-
  ${namespace} = {
    submodules.basics = enabled;

+    services = {
+      openssh = enabled;
+      remotebuild = enabled;
+    };
+
    system = {
      # cachemiss for webkit gtk
      hardware.networking.enable = mkForce false;
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -29,18 +29,6 @@ in
    };
  };

-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-    };
-  };
-
-  services.fail2ban = {
-    enable = true;
-  };
-
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@ -101,6 +89,7 @@ in
        enable = true;
        inherit sopsFile;
      };
+      openssh = enabled;
    };

    security = {
Author	SHA1	Message	Date
Christoph Hollizeck	12cc5979f2	rp5: add ethernet	2024-11-26 17:05:20 +01:00
Christoph Hollizeck	bc1a7c4092	adguardhome: increase statistic retention time	2024-11-26 17:03:05 +01:00
Christoph Hollizeck	ca9b9f6222	rp5: move things in separate configs, to be reused	2024-11-26 17:02:32 +01:00