From 9fa9bf02663cf120565732081987dd25713c0bd6 Mon Sep 17 00:00:00 2001 From: Leon Liu Date: Mon, 18 Nov 2024 14:19:10 +0900 Subject: [PATCH] update --- configuration.nix | 27 +++++++++++++++++---- flake.lock | 62 +++++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 36 deletions(-) diff --git a/configuration.nix b/configuration.nix index 2472405..435988b 100644 --- a/configuration.nix +++ b/configuration.nix @@ -26,7 +26,10 @@ in networking.hostName = "nixos"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - + networking.nftables.enable = false; + networking.firewall.package = pkgs.iptables-legacy; + + # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; @@ -67,7 +70,7 @@ in # Enable CUPS to print documents. services.printing.enable = true; - + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -95,7 +98,7 @@ in }; programs.steam = { - enable = true; + enable = false; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; @@ -151,13 +154,14 @@ in serviceConfig = { Type = "simple"; User = "root"; - Environment = "PATH=/run/current-system/sw/bin"; ExecStart = "${pkgs.easytier}/bin/easytier-core --file-log-level debug -i 10.144.144.1 --network-name 5b601a6b-fbc0-4c26-b8fb-0b6be0edfbf9 --network-secret d112e133-c80d-4b48-86bc-a2ec83a5e652 -e tcp://oracle-amd-ubuntu-1.ly-dodo.win:11010"; # ... }; + path = with pkgs; [iptables-legacy iproute2 bash]; wantedBy = [ "multi-user.target" ]; # ... }; + # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -177,6 +181,7 @@ in pavucontrol netbird easytier + iptables-legacy ]; # Some programs need SUID wrappers, can be configured further or are @@ -208,13 +213,25 @@ in # needed if you use swap kubelet.extraOpts = "--fail-swap-on=false"; + # proxy.extraOpts = "--proxy-mode=nftables"; }; + + systemd.services.kube-proxy.path = with pkgs; lib.mkForce [iptables-legacy conntrack-tools]; # Open ports in the firewall. # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; - services.tailscale.enable = true; + services.tailscale.enable = false; services.adguardhome.enable = true; + services.ollama = { + enable = true; + acceleration = "cuda"; + }; + services.open-webui = { + enable = true; + openFirewall = true; + host = "0.0.0.0"; + }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/flake.lock b/flake.lock index 48316a8..27ac7e5 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1730490306, - "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", + "lastModified": 1731887066, + "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=", "owner": "nix-community", "repo": "home-manager", - "rev": "1743615b61c7285976f85b303a36cdf88a556503", + "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a", "type": "github" }, "original": { @@ -154,11 +154,11 @@ ] }, "locked": { - "lastModified": 1730016908, - "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", + "lastModified": 1731604581, + "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e83414058edd339148dc142a8437edb9450574c8", + "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10", "type": "github" }, "original": { @@ -181,16 +181,16 @@ ] }, "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "owner": "NuschtOS", "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.5", + "ref": "v0.0.6", "repo": "ixx", "type": "github" } @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1730184279, - "narHash": "sha256-6OB+WWR6gnaWiqSS28aMJypKeK7Pjc2Wm6L0MtOrTuA=", + "lastModified": 1731642829, + "narHash": "sha256-vG+O2RZRzYZ8BUMNNJ+BLSj6PUoGW7taDQbp6QNJ3Xo=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "b379bd4d872d159e5189053ce9a4adf86d56db4b", + "rev": "f86f158efd4bab8dce3e207e4621f1df3a760b7a", "type": "github" }, "original": { @@ -218,11 +218,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730272153, - "narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", + "lastModified": 1731763621, + "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", + "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", "type": "github" }, "original": { @@ -247,11 +247,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730499477, - "narHash": "sha256-olt0Sx4alDxv3ko9BgbV3SsE2KQ/Tf0/Az1Fr9s2Y6U=", + "lastModified": 1731883908, + "narHash": "sha256-Yt/eVhoj+SwpsQVK0YxM8jou55ni0+dqANuQ2IvIA28=", "owner": "nix-community", "repo": "nixvim", - "rev": "356896f58dde22ee16481b7c954e340dceec340d", + "rev": "5bc3fa6996ee37b754f2e815a165be6e4d0cfcb9", "type": "github" }, "original": { @@ -270,11 +270,11 @@ ] }, "locked": { - "lastModified": 1730337772, - "narHash": "sha256-uTxvqDohfG85+zldO5Tf1B+fuAF8ZhMouNwG5S6OAnA=", + "lastModified": 1731582522, + "narHash": "sha256-1w6aM4bG5cl2E4jHLPnMKkrUO4tY1jUX1NI6/RwJN7Y=", "owner": "NuschtOS", "repo": "search", - "rev": "4e0a7a95a3df3333771abc4df6a656e7baf67106", + "rev": "13300b2297c51368e0892c3ebe220f688014fe15", "type": "github" }, "original": {