diff --git a/README.md b/README.md index f7ceb5b..2f001dd 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations +[Repository Documentation](https://truxnell.github.io/nix-config/) + ## Background Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go. diff --git a/docs/includes/assets/zed_alert.png b/docs/includes/assets/zed_alert.png new file mode 100644 index 0000000..a278740 Binary files /dev/null and b/docs/includes/assets/zed_alert.png differ diff --git a/docs/monitoring/zed.md b/docs/monitoring/zed.md new file mode 100644 index 0000000..c22aa3e --- /dev/null +++ b/docs/monitoring/zed.md @@ -0,0 +1,6 @@ +Zed monitoring can also send to pushover! + +
+![Alt text](../includes/assets/zed_alert.png) +
Come on these drives are hardly 12months old
+
diff --git a/docs/motd.md b/docs/motd.md index 091b9c4..93b8323 100644 --- a/docs/motd.md +++ b/docs/motd.md @@ -11,7 +11,7 @@ Code TLDR :simple-github:[/nixos/modules/nixos/system/motd](https://github.com/truxnell/nix-config/blob/462144babe7e7b2a49a985afe87c4b2f1fa8c3f9/nixos/modules/nixos/system/motd/default.nix]) -Write a shell script using nix with a bash motd +Write a shell script using nix with a bash motd of your choosing. ```nix let diff --git a/docs/vm/k8s.md b/docs/overview/k8s.md similarity index 100% rename from docs/vm/k8s.md rename to docs/overview/k8s.md diff --git a/nixos/hosts/dns01/default.nix b/nixos/hosts/dns01/default.nix index 78911d4..2f92caf 100644 --- a/nixos/hosts/dns01/default.nix +++ b/nixos/hosts/dns01/default.nix @@ -14,13 +14,22 @@ mySystem.services = { openssh.enable = true; - maddy.enable = true; - dnscrypt-proxy.enable = true; cfDdns.enable = true; - bind.enable = true; - + powerdns = { + enable = true; + admin-ui = false; + }; + adguardhome.enable = true; }; + # no mutable state I care about + mySystem.system.resticBackup = + { + local.enable = false; + remote.enable = false; + }; + + networking.hostName = "dns01"; # Define your hostname. networking.useDHCP = lib.mkDefault true; diff --git a/nixos/hosts/dns02/default.nix b/nixos/hosts/dns02/default.nix index 3abb963..ebe905c 100644 --- a/nixos/hosts/dns02/default.nix +++ b/nixos/hosts/dns02/default.nix @@ -14,11 +14,22 @@ mySystem.services = { openssh.enable = true; - dnscrypt-proxy.enable = true; cfDdns.enable = true; - bind.enable = true; + powerdns = { + enable = true; + admin-ui = false; + }; + adguardhome.enable = true; }; + # no mutable state I care about + mySystem.system.resticBackup = + { + local.enable = false; + remote.enable = false; + }; + + networking.hostName = "dns02"; # Define your hostname. networking.useDHCP = lib.mkDefault true; diff --git a/nixos/hosts/durandal/default.nix b/nixos/hosts/durandal/default.nix index b57a871..a64912a 100644 --- a/nixos/hosts/durandal/default.nix +++ b/nixos/hosts/durandal/default.nix @@ -14,7 +14,7 @@ gatus.enable = true; homepage.enable = true; - backrest.enable = true; + # backrest.enable = true; plex.enable = true; tautulli.enable = true; @@ -22,6 +22,7 @@ }; + mySystem.system.systemd.pushover-alerts.enable = false; mySystem.nfs.nas.enable = true; mySystem.persistentFolder = "/persistent"; diff --git a/nixos/modules/nixos/services/adguardhome/default.nix b/nixos/modules/nixos/services/adguardhome/default.nix new file mode 100644 index 0000000..ecb0f8e --- /dev/null +++ b/nixos/modules/nixos/services/adguardhome/default.nix @@ -0,0 +1,90 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +let + cfg = config.mySystem.services.adguardhome; + port = 53; + port_webui = 3000; +in +{ + options.mySystem.services.adguardhome = { + enable = mkEnableOption "Adguard Home"; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + }; + + config = mkIf cfg.enable { + + services.adguardhome = { + enable = true; + + mutableSettings = false; + settings = { + bind_host = "0.0.0.0"; + bind_port = port_webui; + auth_attempts = 3; + block_auth_min = 3600; + dns = { + bind_host = "127.0.0.1"; + port = port; + upstream_dns = [ + "https://dns10.quad9.net/dns-query" + "https://doh.mullvad.net/dns-query" + ]; + fallback_dns = [ "https://dns.cloudflare.com/dns-query" ]; + bootstrap_dns = [ + # quad9 + "9.9.9.10" + "149.112.112.10" + "2620:fe::10" + "2620:fe::fe:10" + # cloudflare + "1.1.1.1" + "2606:4700:4700::1111" + ]; + upstream_mode = "load_balance"; + cache_size = 4194304; + cache_ttl_min = 60; + cache_optimistic = true; + use_private_ptr_resolvers = true; + local_ptr_upstreams = [ "localhost:5353" ]; + + rewrites = [{ + domain = "*.${config.networking.domain}"; + answer = "10.8.10.1"; # UDMP router + }]; + + filters = [ + { + name = "AdGuard DNS filter"; + url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt"; + enabled = true; + } + { + name = "AdAway Default Blocklist"; + url = "https://adaway.org/hosts.txt"; + enabled = true; + } + { + name = "OISD (Big)"; + url = "https://big.oisd.nl"; + enabled = true; + } + ]; + }; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + + allowedTCPPorts = [ port port_webui ]; + allowedUDPPorts = [ port port_webui ]; + + }; + + }; +} diff --git a/nixos/modules/nixos/services/bind/default.nix b/nixos/modules/nixos/services/bind/default.nix index cec6950..1d32570 100644 --- a/nixos/modules/nixos/services/bind/default.nix +++ b/nixos/modules/nixos/services/bind/default.nix @@ -88,19 +88,14 @@ in 10.5.0.0/24; # CONTAINERS }; - key "tsig-key" { - algorithm hmac-sha512; - secret "iZhi4kaPJBvqxyW73aKYRnNy5e7N2A+7WczxAMcCvDl8QpAc0HFjfI1Q+0g1SBUQBZXqAvGFViegPsK9lZ3bkA=="; - }; - zone "trux.dev." { type master; file "${config.sops.secrets."system/networking/bind/trux.dev".path}"; allow-transfer { - tsig-key; + }; update-policy { - grant tsig-key zonesub ANY; + }; allow-query { any; }; diff --git a/nixos/modules/nixos/services/bind/secrets.sops.yaml b/nixos/modules/nixos/services/bind/secrets.sops.yaml index 776cb5a..f6b6744 100644 --- a/nixos/modules/nixos/services/bind/secrets.sops.yaml +++ b/nixos/modules/nixos/services/bind/secrets.sops.yaml @@ -1,8 +1,9 @@ system: networking: bind: - trux.dev: ENC[AES256_GCM,data:+4mZg26mT4V0+ugHOyhuXUl+WdpBju+Nd222jDKMZBQzIrw1ab9J3yBd5X55yT57sdm10AMh78qg/tvoOjMjFSjnU7ftyoTmT4IaKJ64feFX01v02iaH3Qs5WS18qDpQ3WcY2qe2UlACe35jhEzC9jXn+dHM5evwkkVou+BfTbFOTaqmAJnZ4d2q1vzxMQFjTEUm8z5no5c2wOacQJ6zZUQC0q80kLsfuh+dlrMyC6Pb8gpxkvWxGNZM3JkpjA0QOlMhmANAAC5Jo34Cr2tdaM/P2yeo8iiM6UAbBdzX49fc9TBSByQN2NALG5tEpW4/SEBkUAAo2NKXPaWcsQLiQxNFfEPtRKFKeADtc88SE65YsDwr9dtt09YV/0cPoUOo7fI0YLqtdMLKkljYKRTI1hyeyAcZ5uMPfcAcKRs7r+REWn6PRueAF3ncP6aSYEgLUTft3qkrfeJRB/yWtrW/ixQ/0/C66Rm2DQOpZGyVBx7PBUkMb2r9SHRJa/sTpjDTt18/En36qIkhuJjjnTJ93GO1WnnSo3rlUmWVHKBon8Bwegr53qc/j3tEePs1jzwcVDkaRZpiNPG7DVTzC7Z1pY9HiAPNTDR90Odb8WBZGIbm2vuX8ZKOVhbGyX0KJn2x4Z0bgRIAAub8gTn3nvYa0QM0IWM3RhPa3Bng9Q3rCU7TT2k4584sMlz+n3TwARM4k2lR9tuS4g73UpqYX7zzN3tjRdyzaX43R3PtIv3fVES5bStoYssVqih6k6nqwU/osUIgFsag8qC17//d2WNiEltewm5aPEFI3uPT9HIU1ItklUnbvS4rg84nZ2+LPUe3+XjRMGs03CbxFpqifMjM/cqVvx8iWg+OMxph3yhCaiIMA75lXNA59bxrEbLD1kFyq1q/ivwLAiYg6XSRL9pL93MHmQu8MG6zRHDXwV5VyTJ1TndPY13ayFflrdu2eaaE9VxG20j1V9F2+dIVPKRBeX3FAGcDIxxp6KHOyYfl8dgEIrYtPMcdwPxFJebxtvJtj26+RraeP78US7XyUYxlJr4R9lK8rN3VHb5bYSkBk+OoDsEWDQoN/xaPbrAeMPk+sFyXXNG2fp9tSOCdisMkYo0iyuaQ3Vu2ZHdANNrnWmcKpXMFm4R2ro5LGPKeVrDwCXMVX8oa7ahmYTvg0ItE73ocn3jlfITccY6zJ7P3nq/AmF4p17iQI3mri9on8hi5jRkcjieiZZnG995d5YmoG4LPpgzlgrDt5b3lpVeAQHSd+cR/QKiXomYU4rJb/+fuoA5TbuA+/nhY4FzYAteWafeYrboK6GHHkMSMoyudV4apYvanpAUSAvYoAxRiNsy7WRkWrmsEVqCE6ynuNBEYYufp7rUfkSAIuI0u6Jr1RGmzZ0i7KlU524rs2WfiNf/7pu9UCVrvmRmDXXCauLYtoz0I/97746pMdeHENE5lPn8yWRnAL22l6uakYGTXpqgitu7OSwoMHCGPeC1EWkOBTaE+WC9rtI4ERvcaLbAOuT4y9YlmxZo5cRBmGcgaQMWbjFnZ/+Bt9xVPfbchD4+UO6BtxtVHvghny4RP5U+n4HrJyrQTyc02ac8gdUjqDBumNR0iGaxD4lisEu+QqwT4ZDOs+6l6mxdCtKzkqHIquEmwzDO0TAM9UnPbEtcjnVGdxR/k58FqNdPffi4iFouordGgt8neqoK9W72pyVnT/lX1ZFFkSTnj1CiR4UNmQ3ezkWazfaswNKwi5ockF033qpDZQe00nej7AN6WKPDQjPuKDsyftN9Wgr1cFyZsCw9qH4WFJux9lI4rNGEhyTe7oDx8nnLfi8Sj4G49sDCKUqgVgGWKXngI+OfvGnh5nSGe7zzRRzDltCgaWAZYBmZxqUb2odHw2UnI/dyvQzvf76U4wVSF06kef/EaPRsuzYUKCMi6e++tXxXJRlh7GSzz5tDaENhP6G+WTrHBq/harf6+sUhRSmI7fKOR1BJZXv8VOMt1rU6EnWJhusOPsh6GwbmdNvh4nMcZ6Xc2dmPFBJMyYsb2zh1l55bn0ICOZzz0mbQdRJnfwKYvEQPbyJvVGnqN+RP+EUFXsUGXR97ajNJIImeFWM9NI7OLVTs9qk6y9EHNEVXUXszT63eaVrAB3x+GBGuk3ZngWzS4KTnTdhwAX0+6uGYWpKgIPVQpdWVPOoGMcs5aVLTgUNYmfDiDncC671YjNA4qhMo2sD8D/9ClAOrmyamRcZbGN2LKBKUk4UPCN/Pj8Ci5rdc+8qHzzPhuZVosB/qsw5bwB4xDeno/YW5edupvdzYKCETp6rNbK+a5bSP5sD9EliksJa5czAevezR252XcI6JO1Q3PYaBzyzRw6BKRz+5+JMg+4oxdCKTTo4LEvBjwvYQuIveiRwlg211JraswTQbGfGsXhaJJAZFaET5ysAjiuzlIEkvJmv7pG3u8jw9Nd34re5a7NNkwFjGe6m7B+x6Uy2SG6+apzv71QsCOSkbAXZDgmId98Gq3T7+oZqESII9xXTA5usuB3cJiVcdTdw5muj6fYDTqcKYTjzb5pAz6TUSEUbNgm4ft1Iprs/cibiZ7zTm3mRrdOelxGHSGyAHDvhBP4fW1vbXhH+F7nar41gT6EfIgIck4mEaPnnXN9cA7fhvdgK4HZQQ5VGeVpEtOcIuDZa1dZzzxSqekDYylI9KaoNnslLB/vuZkakehU1A9TJrK83ZQMxABRLjMrcPzrgmFawz+qQgx6QgOQBE39RnLh58AuomNc3yqU6FRf8UMsubAOMM9U3yS3eVD1OuyaU8cFa3TqSJkidJoTSr83TwMVca74fn6S6RfBXDMScAUs23zRiaXbcX4rccha/gZj60UHdLrou+fxLKancInp/stqjFyHZH4Xge7Lm9Vx2Go/jxvDzHA4/B02AM5l1KudphXKPBJ1POdcMStCSBQg7ist7NuGquujZKwDlJO78wczqoqegXnzfZTBz5lcgsVd8NZTCuDMcbmgYIZsC1gX8K1+7N++mcvBx2DrmQ2Hh8FpEp58yrsDAyTy8jwv3+tX5vDiKJpl6K9+5bkbx5g3YxPpGR4gUBzKHF3Ze//aAnl8PEls3AvD3a/wwvIi6GLyhQ/+gSwkj2xbAjYi3u57sJZ7A8vjjHiORqmTdBSXndV1WL9qxpVFW6TXMw3A3JgCF5AK/hwVJUIaIXCbv5/nVUo+YtKghTlOiuLUeYKJaEMaZjOBf6EXyCLYs5b9OYx8mNIwqqsQyDhdW+nnZ9BhXytwA1olUccI/oOLxfoqcipj3tHXyMLzvNLNKOyRzknfqRpcfLQTihdm0G6VFB6vUndYdvOZoQgcfluo92TpSUAz+YwSMSINm9DzSXbMbH5ObdBiDiE+QGmXQ0yB2aH/upe0A==,iv:zQXRmnAz6eYEdi1CvPELMLtBDlAn5DJ16Q5GCQ8gBjM=,tag:gLfa8MFwLN64HXhGRP1LpA==,type:str] - natallan.com: ENC[AES256_GCM,data:xyWDDIp6tSuJt0ESUeCnpzQFhzQ/AzrTSVGO8kAR2I3kAGgcuBYRiyWMhMo7dUYYeFSBtybzyB+fWldBbcdi/pXr4SpSCTzM7dRKi2ICbGDc5Uvm7NHHo69KDcG0ZX/xuw5uAkt7kq4D49t5DwaWPUb9fQj9s5TWj6kY3YTDOdGvlpVum7M2T5c4+HQnN3U8EfPRntq3bApzWLpytkS8fb9INFPo1zmf7dC19xwIszPzafHB6VNVlkuHydxD35y9a2gjHmR9pYmdHMrd/ObYsx5+mhXKQTgAuLEqIe9LqOxlJ17LcrcKgPc9x6bxo3AAe5iELIXguqfYYc0zLKMqnB2wba+gBHkpHhPNkNglvuemevi+CyXNHtNoV9SSfU2+UwactGqm04SlNyri7Nl6vqBi1lfQGxthD2PPAW34y0t6Pahdd4HbGk8Zn+nvq74HwiOcbH0pDBh/G3ODbfBk+gfrCvnPr2QNF6Rns9SBj82J84qPMvCr4+ZN0GqTPE0+SU9s8ihzsfmOYBw5KbA6wnTZL6no1+HMMXaffcGJ9oz646WjMvcnRCbY4pS3ACcHa3ReQBpBkbTHiauyYyYEJp3FEis4H75usZyv8qKWey7/nXFRSE+UBwyIXDNRNuzxDG/3xfvfEB3vdY68lFGhP2YswiAfeluGjtG2zLEPrWyWrlA4kyzQOsTTY3fQSyHOOt4BDLYz+c0kogHfvypqEl+5/hLWmnnUOWhf5pO/jAFkU3tnJCqWp7cncyjY1vJfPBHr4pFprAIyDplRzdAYErrji8ZvVHSXDdtYGDhsDq+4ua5/b4kvFw==,iv:BaKS5fV/9FTn6+XV0FOWhJ/qTZKwZbjFkzrOhZWSaIA=,tag:6swVM+KhxffMmFbOzU+6OQ==,type:str] + key: ENC[AES256_GCM,data:43QoyVqdwHO6eSgjbjgl28FSlD2xaoNxWpnc5D7g7jj6HaMwkz0tAnmg+g1fxEj1m826wxxqtgBjbMaDPj/hHtqYrgXsIvPShBSUDAyjoLcNFcsr0BhFVQ/ZWCCiI95SScbMTBJVcegf,iv:/R/7Qb+xPQXjYaQbF3NLeA63XAvdctayO5G8pE9bCE4=,tag:roNy7HNjWrIwZjy3BDAedw==,type:str] + trux.dev: ENC[AES256_GCM,data:vpbUHK8vWPlKvRdsKKI6oonri8HkwhxXMHuEpFYxtUPjX7/FduMkt08YYBAsjemiYfsV4NoKLmUlbP6nO3yiEY4HObkzM5DYOvMHE1YiFVg8YtAmW46fCAP7kSqz4my5GZ8CBA7/jJNy/Mc2sPsrE/N9IAmsl5nMJTOzaVm2b8QW/WZmHONGRkL3o8lqdhZpETmOJfII0lLd5VBiZRNeDOsldr4RZs4e8TyWRxGoO8/HaRdocGj0wvyKpnUmqwz6SbM1JXzT2zbZBsDNXr7chLdfTVptPwy2dgZzpZtZHi0ZZH7X656Ai4nkuyS/wPu4Zr8uXbvCAoR7K1FPc2fOxPJLrZeciWrauhTRg424NWz3esL0OEnol0LF0LWKQfC/eIlA7rN/MR0eAUvRuWWZtzwGlU+cUUXD+XJcKoos68Do9E1vXhO2OOcA1P0Hsp0+tmEi/7qMwyyikwPhQ6+NmyU9Il3hwkfbpVyA3WvfqeOnL/vAGs42BQFxgbPGmrNTzOVuvDblslodPngbvr3dwukSI5VBhpdPnKfTtJPKqgXGbiIJHhHYCeFXoY3GNx6qAshTqq2/xGiZuZ7mqqHO6aSJr+EQrZGrKiUE5EXn1GE88oK0QWXZyJQoQjygS+Xx1a22wcKv3ZDq/3ueUHR6heLrfGXPoZ7Rjiovb7HOZUNKVNk6laJcGzMMBKyLwoLLdyuWVBGqxjAdEC4umHVT/LBPQ2b+ubqAo2dIMBsqb2x19rLTWyUAEU1fy70C/Pco1P/Y8TkQ/Z9KtutRydIkDp2b0OL2CRBKJw48K7xjjfX5mVMrVTkOsV2RzYiTgf/kjaMFkck4mFZwWoJySnp1vc8WZ93VVy5LfjoTpIWugwy7qnpJ1jq57/o5V3LS90AW92lCa7x7djbIS3YIY0izNCJciLJoKJ6iPCulmP0zq41QV5Ms//uJD7g5667tqDtN7yyqEa02I72VHKiNRQeKpFDlivruQsdQAL3MyCf6in8wwFTac7mL4ZUYb5nsb9xv9vbZqNYl2OBNu28IZrI17vOI4AgaQ9pUV13u4vIJ6hBfSGOzoA1N7uurBS3XIqr3drs8Oc3pWgujP06ok6wRXLGxUuOtBRwM8RE+hmTxKsE4o1Q8fMbpfMfYZsL5i17gDcvuzoP65G/hZNFGNURUuh+kUzbay21igVp6SCMqDSCGdyX9C6l68SIc3K6vkvrJv2mSQnYm80ynhc+zGuGCEvfcbXcPut/OjwHc+6IEXqDbKERv3h+okQtdf3ELq0b0dZwZFO3n1PccbX3pPgQE+Mhv+36JcD0PGqOh5KbZo2vQybfElsP+ipRjvQHNLs7NRiL7JAveavbdczXY1lTdasXJtAHZaZk5LMR3wtF2+8mTTl8wI5Bzrad3iY+WsKBFu2ClyCdYY34X8W/69Nn6xx0LZ0E1gH6uaL5YCKlS/cizR2WOPa6b7litell84p5OkCtvltzQdCxloRWhCa89UASa2SX/wmobuHm9PFHVWHI3rKFoLBtUOrEdIK4f3JAxdaE2lQp6HF6rDoEj4QWF/XqrC2hDb6vneXCZwqvemtwWHTQItPo4/Lz5s2rIi/YSSPxfYTP1w+QNQX751ln7S7g+u7gyE1VH7T6UBsFI/jFnOykdqSOjPNjI6P4w1d1xaObXnlVAkDjNTZAwJqu/zdRA2p9eY93SOB1ppDLxrDufLUIdp2lh4N5R1MeJjq/pFSEWP8yw9av+z719cTKVLLkv0g4z8ynhwZhgd0j5xKEBY5NlSVrt12lP+Pu9qa+srPr1yUFKvkFyMZny3g5o8Cm3vX4LY+QfnVlmXWKzOUR+ZcT8t2mNLUdydGm9X1JGkSw8VkIMGrrZJLYZFl5TSppf1VOhMgY6FnVgY8Ofri+SjaQsUtEtBFfMcTniCHVqviVwQ1T29/PqV9aFagIrynHGdKsZU0FpeBjv42YKLk7gOTVdGfoFcQ7JfbpZnyLGZ/OlVUNO2vsTsrijMloRZQCnQVMgece+9IFDsbI8++HEbhnE6vHslkdfJe6qmMuDhluTSvFsSQK+GoM1ur7ZK8Q26OJzDoROHZg0xdPs8RY/lMv9CCDOcvAx916Ut50GicVgt2pLn2hN1qYVLxZVRhW06+YgjRzKJdBG6i6DCVJDBD9gyukdTUC1md5ifKdnXznDltS1wiHmyDpomaW7FD0shgEehAS8HF5QeqksFPoLyYe1DYjhulwZa9RWTzA8OQaXqfatiXR4fFiS+iWhCT7qwkk2qti6MUlImNV36ZPanjyuv/VP/u1zg8s1S9L+tXxAHoSestkJ0+Q8CoiGnPOyTbQEPNKstEbgjl5gUrmYP54l9gKnI++HKNkwKW1FAnpWjCi0G6VaNcxNfLheEZqBq+kzbzxcYEFG3Uwf8fwcZlp+EDQg40O7R0uDcsteSTtmc6ktrfSw6iFXcVTUW6YFJ6lsbzbjL4z1NFBZIvBCerVXLEY5UWMDS6BsLT4DvEynf4PwSWDnHrkJ5XgyDE5siutkTPgK4qWVy8DIASAUwu+lczKGY9ygKfaRyYVKripEcrpxs8Wq/5z1jgMU4HYH1asiV32sX/gAYK+2mduJY/aBiHWzmcIjsKHWtJPYLqeoPy7f0DmQrMs78L3uYYqyv8JBN27ilxAHYqxjETOZNE9uapnaJH2brKCPFQMYq5LnU2CfRZkvfuwVFejGgDhhRmgyIwpYTo7I9vLa7cxtSI54kRwJ96JPnxVbhI127v6CrrQlhQHJTpGkZtavIFNATctdPP9CWk19K2puzonVHeyfp9TajiaerKZPCPTDdoOFrMUJc9bX7wKIhCZl/xdg7FuzhRTcU8L2hPulmNEXMKRg3MfMgRAaIXvus9Rl0HGmggCg9TNt4SBSt3Wd/hxbNMf14B9Hvf5Jycb8pj5pekk/kw5G8ujU70QLiSBeyerMQodZNfHUxpdm8pi2x4DHjUW3nTWKWAheVO+qOpx7CiWJT751qcPpZz4/hEcT3srPhRA1Bb9br19drklKI4xbvD2S1ZohAN7D1rTKfkfVHNf+j0IHvNHQ8gyyQTIdsysUbv5/a4C1a5KSpFhefKQq+kxJJLmbj42FUJojMSRpOn5rTIKQtTzhiAMg1mfEdui+pZmM1s/H9q8Sbg71x/6/6wjou2/qq8xjxxVk0xJmnlMBxsQ745VQR+TIBIr5Hc0GHm05LnZBlKw0ej3gyUtAtTke6zmSXezU4yPQ6qo8XpTYNXxeFvJMRe0YEpTgEYXvAaaxuU154/nqqLlySNpnXf/s2WFdDCdf6Q5ZaPotzoaICanl1J4fxMNG4Kk5wZ31+9281A3rPJBENFxznj/UK7i4Odir9oCLfNeUyGVbr2VV6Iig3i+RBBwgyQ==,iv:MEA1aXQR/4LFrVOrJmWWwXkbT3FWR8Hp2c4kiw4yv7Y=,tag:FufABt/+oXZCXXw55hvuwA==,type:str] + natallan.com: ENC[AES256_GCM,data:nsivV8P1dSHSN/ty7tvBciKz/9xslQFohHh8fYkgoMy2dRoywaxT4+S3/tl499KP1mepw6E0z8SC3vnj5XzT4kFPEcSoUk6OpZTaqNWlwIU7PsaPys41uK9wszkj4W0J1BdbExC9hn4IkwXJ7iRlMqwSlTc2VlNiu+nhiuixvSdsYWqzGpXFzWzd0oPphq/PmJCM2ZQMbVKTnFSer9oeQBRxJ6lj4XYxO6HxT2XNPkXBnx8dr7vgLSANN8GwdnYHbIZ9XWDhaVw+VY21pXyF0I9tnbuZ5oherqTO9cbZ6NGpYeschs3ep9tpoC7QLnJwbOncfCcCvbKxjbdfRzJ+8Mjv16jAmDyFjQII9tvW7NtJtV1zWM59l62u2d7NAHuaEYE2Gr+UES4+DDKw5n6SoYAgHw6k9jMmrtSUKI8TRaBDBTrbuvnhbZOaYF0kLV2De5HWs2wvR7W58tWkmKejI2xYinpkXjtdF8zESdPjgDImnDobQX03GF7HY7tdbZ0ZtdWMI7fud66Db8TumXN3bbQAx9nOFTaNba49jKjVybwVMeOVKrYbbh3X9SpM+REh6fDN0a4iEgrP4I8YF+PqeAxVFlmHWe8JAICLR3JhU75mVYve3u27XGxX3DhGzvIM/JiifcpOg3Lg1rn1RhWt3Zq+H9ygo4N9Sigk/pT7pBhlm548uibYi7/TFe1I5CXkGGQ+I47CKUJzK934EqN9zZ80qDdQS0AN7cI8hXCXgc7+nVBNc/5cu3y9ubKF7xWyhL3RgwdSbCnthG2EQ7GEMZnhDRdazYtdmZhoJw6MyL/AFVZgbHfAyg==,iv:TLCkT60LTZ2m3gYCz4YQ/XYhvbdZJApoW3OekEVjULI=,tag:ZlxHEZQa/pUwjQF3HdqYdw==,type:str] sops: kms: [] gcp_kms: [] @@ -12,59 +13,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmk1WUJNMlJZeUJYV0xJ - a01wZ05OeE1vRjEydGg5cmdzVzlWZ05uZTJRCitHdm9sWmFYY3A4eVNZSGpSMzFu - emRtc0xIYUlxbnNpeW45c3ZRem5LUXcKLS0tIFdad25hbktKYkVoQWtLVGJvU1hE - clJPcm9jbHA4dk5vYzBHTDJvOCtTczAKkFuEWjBNgoVhfsMmmfM8+LEOq1ZQYzWK - NzAHoA0tzMV1775qmxbrYjd4296QwPBpmda/6LFgCbeZVTj2yKNQvw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cW5zMXc2Skc0S0lvWXF2 + NE0za1kyOU5GY0Z0QW9hTDVuTWRPd2pTcTBjClhOT0xrYUo4Y2Rtd0dyQU9MeWtq + dHZMWGZhbWtTOUVPMDlhWUdhVEhIZVEKLS0tIG12Ujh6WEVNeUdvVmtuYmZJdVJG + bWZxWXU5TzlYNDZnY1Fua3RGUEJnNUkKMC/png4A565h/S3B2ZVce7LJi1SMDS5n + aYx/nrPTktIe8bCvwF300tNZoZolXONR4awJ9e88uw84t8GYjlNNPw== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQVUxRHpsQ1F2ZnFCYitj - dWtnVmpsZnFuT3ZuL1dsQWY3a28rYzdEdERNCjJhYTBKZmsyQzdJMXo0N1lrUXo2 - ZzdETDA1cUlFcUx6QVQ2c21JSVRYS1UKLS0tIGFMM3VTaUJMR1d4ekhFVVFVeTBN - NW5EWHIxVDNQV28yMktmUGRKRllEVEkKKrt+lmoGUdzzBQj5xQ3W2XasgWREBuuw - TjjW+1Xcq6CfczAtxAAsr8C5nyIFJO9EUcDsMYabAQyZZp0/tvAy9w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVmkxam5MVW1FSEo4QjB4 + c0VKUDJIVDI1WkFOYmJ2TEcrWGlqQVFGQm1RClBxSjRjSGd3SkRIbUc4OUdhT0F2 + WVJoUlR0amdOcTE4YUMwR1JjTGlBRUkKLS0tIHZFKy9XWnVoQUJLTzZGclp6Y0tQ + cUVoQk9JMEpRNUNQbjcxbnFiUDNmbFUKIBJcq8uJCIhdMv5e79K66Qrxlg88K/Gb + MT1h2v6h5uiYm6JaspSqz9Hqx9YfRocl/kJmVy/QdeIGPVzm24dnIQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVVJTZjV1bVpPemtPSjRO - ZHRDRHBraXk5YXV6SDB0QVY1bXIvSnBQRjM4Cms3aWdrQ2NyelB0ODMxclI0ai9v - dWVGUThkV2kvOGlQdXI1bjBPRC9uVFEKLS0tIFRDVGhZRWx2NEhFcHJ4U0lJRlky - QXMwK1pkSTAwYWZnREY3OEx3TU0yamcKHAr9joyZgv8w1QXdIjgsBtwEE75nil2P - HSQ0LRfRln71JMarqaCvrX3HjCi94yT5+toT+MOor7kovb+o4GEwcQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Sy85ZVA3WGVhVWlSZmhy + VDBDK2dZYmR6djlQYkhhQ25zeWdxM1JpMEg0Ck5hZm12ZmtkQmJLUmdMNm94WnZL + NnY1eG1neEpLSEVkRGhkY2FHUFhTWVkKLS0tIGVpNlZrRGtqRFR1OVc3enpRUVQ2 + N2swa1BIellpbjBUbmsyc2NnYmphOU0Kx/4I/zjyi3GlYMgcNIb7sYufLfvJ9Xny + HeR7r03YuHu5dOQ1T8iFigXUhy/2DkdW8kWtKlpuT0qg35dKqjCi/w== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ0ZaY1dEUlhCNzRiMFNu - dkRyWGRoTzFJblNHV2trVkdsMVhlMlNzMFYwCkhZUmJRdjAwZTFhcCtlV1hKUE5u - RzUxckNEOFNqSnR6UVdhWTdaY25VWHMKLS0tIGpWNjRKNnJKc3g0R0NtQ09uQnRT - SC93Unl6TEh0ZVlzaTFpSEwrMHRuWkEKAcZRLzyOzTOUbZw4Rr6McFVDnZO1U+Ha - HkAd9qJ+n0YSd4NKdHitnL25NXxPs3r0z9gZlPXdgIlT2XbK4RR9uA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVjBXb2EzM3U0MDRnRGV6 + YWJieTFHaXFFOEhFdjJNU2x3VVlSOEpBNFFjCkpNZWpxa3ZRRFVabXd5enFqenZY + aXpqOC90YXB2aTR5K1FFQ2dnNXVCZlUKLS0tIGkvTmpLeFNGdWpaRU9CaGtLcWgr + d09aV285U3YrNjY2VVpFaGtFS1B3bUUKRL1dsEHuWbEjRaKqd2F6xrhC7htNo0hw + fItd7J3gccRP5jUTzJ0QZBJvsj9wCAQU1iJfv14zcO6TzOB5B4jW7w== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN0VwWDNid1c4SmVZQVVI - UmlFVHhwWHc2ZGMxY0lSNER6Wkt3TzR1QlFzCmo0amJqTHFEYXc1dzQ4d2JrYlhU - N3Z4dWdSeGFqUi8vTzU5eE9rOWp5dUUKLS0tIGZhcVhXQzFEZUJhOVdRMXpPeTFF - QnZ3Vmt6WkpEdHhWeGJ1YURhd3NZdHcKySPUb9MGFyNmy1EZySRjE4RL8KvbltVO - PRUdEwurrCp9ZBq87JfeUbHVvPw5+S0ha+aP8yPefXJGFs4yZBQnSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WE5LVEFIdVFXT3I1Znk1 + NmJzWWZHQ05GclNuMFUvZE9PazdFYmZVWmlNClpHVVB1bFhUU3phUjlhQTBDTENq + QkNFMTc3VTU1SkxtK0x3SnFzYm90aTgKLS0tIHJHc3NXekM4Ly9SSEFydFZrTk9l + MVUxcEpUemlmWmRvQThUdTdkQ2svNHcK0WyOuWbv+eyYWLFsKBl+K+/n9QCfehqQ + 0hC0SY2Nf+9YHMDXrSse44NPs/ucOPlYRFV/HbPNvfEF62K7Gt79lA== -----END AGE ENCRYPTED FILE----- - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQVJmTWxzSzNDT1d1NzFX - UnFFbHF6YkVjUmRYTm5VVkhRbXF1SzJuT1NvCmROeFRQNkJpNkE2UWVYeW45b0Zt - dW9Ld3NVend5cEdyN20rV3EzczdHK2MKLS0tIGJYK041RVBBN0IzMC9KRUY1UFNk - REM3YnFBaGY1ejRQeldlc0JJSW5aWjQK3ZYIRxiLOx88kimDGq8GoDMVNbpLvOPz - EVtii9SHQWk4lTVqyqo2WAIc/2PMM8P7Je9xgc/sigR1i8rLQlAyTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SHFQQUIzQXlqZFFnTWNt + YVJIb0MzTFM2NENpNFFiaHFmaU95K3VLNGdZCkFyMEFHZjhZclJMTE4yRWNJQnJR + T25yTWZQOFE5L011M3FnMUxPb3hPbVEKLS0tIElzYlpHUEQwejlDNTFmK3R1dU0r + RzJ5UGIvUUluZXNzRzlXRWl5aGdmaUUKObqo2Wj62ZcK0qMcsttRHphWTgkPOTz4 + NkvAvOaSX2wJHRhH9SHGhkPwEhsgdmaagsVpwpLPrOCRlWI/bd1Qhg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-15T06:36:15Z" - mac: ENC[AES256_GCM,data:cIXRUz3h2+PCdp0HLs1WjKPQOeGqgxpKfEXflMMUkX5GspOsrDZZYTF2A6bALaGqWAoqvHp5kxN8exTyl8fGM4x1i/eXQiZmTq/DICfCR890buSWAf83bP3X5+H1FJwR9NX37HZlmFVNWxnrKq4DTkC5Yn750LDd9aMls4EjkWA=,iv:ZDF4tgnUE6sfB7NaCouH3jd5IA5fZhZA9++jgBhg3A8=,tag:7gO7vrpkC+EI6ERjFUSy0A==,type:str] + lastmodified: "2024-04-16T06:30:13Z" + mac: ENC[AES256_GCM,data:PsD5hu5nyjPY9/bgLTiTReqoT+hwlJx8A5pOkCTcPNQs63So4GM5mDDTuWG8u1WlBOEdKEDqVefVMtCiwOsC6xIVM8AHCGOcad2j4qQbHR+2lc8nMZE8R7ceJc2ZeLBPlD5/BQ2R5XiQ+NXu0qypHjYkVwnkI62nPSXALSd9btg=,iv:cy7slD5dcfTEeObWraswcghwhgAe1RylU4aafXezEYU=,tag:/nSCQJDYfrWpfpfdkigV7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix index af73741..b516957 100644 --- a/nixos/modules/nixos/services/default.nix +++ b/nixos/modules/nixos/services/default.nix @@ -14,5 +14,7 @@ ./glances ./syncthing ./restic + ./powerdns + ./adguardhome ]; } diff --git a/nixos/modules/nixos/services/powerdns/default.nix b/nixos/modules/nixos/services/powerdns/default.nix index 70a4aba..a57da2c 100644 --- a/nixos/modules/nixos/services/powerdns/default.nix +++ b/nixos/modules/nixos/services/powerdns/default.nix @@ -6,16 +6,86 @@ with lib; let cfg = config.mySystem.services.powerdns; + persistentFolder = "${config.mySystem.persistentFolder}/nixos/pdns"; + user = "pdns"; + group = "pdns"; + configDir = pkgs.writeTextDir "pdns.conf" "${pdnsConfig}"; + + # $APIKEY is replaced via envsubst in the pdns module + pdnsConfig = '' + expand-alias=yes + resolver=9.9.9.9:53 + local-address=0.0.0.0:5353 + launch=gsqlite3 + gsqlite3-database=${persistentFolder}/pdns.sqlite3 + webserver=yes + webserver-address=0.0.0.0:8081 + webserver-allow-from=10.8.10.0/20 + api=yes + api-key=$APIKEY + ''; in { - options.mySystem.services.powerdns.enable = mkEnableOption "powerdns"; + options.mySystem.services.powerdns = + { + enable = mkEnableOption "powerdns"; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + admin-ui = mkEnableOption "Powerdns-admin UI"; + }; config = mkIf cfg.enable { + # ensure folder exist and has correct owner/group + systemd.tmpfiles.rules = [ + "d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period + ]; + services.powerdns = { enable = true; + extraConfig = pdnsConfig; + secretFile = config.sops.secrets."system/services/powerdns/apiKey".path; + }; + sops.secrets."system/services/powerdns/apiKey" = { + sopsFile = ./secrets.sops.yaml; + restartUnits = [ "pdns.service" ]; + }; + + # powerdns doesnt create the sqlite database for us + # so we gotta either do it manually once-off or do the below to ensure its created + # if the file is missing before service start + systemd.services.pdns.serviceConfig.ExecStartPre = lib.mkBefore [ + (pkgs.writeScript "pdns-sqlite-init.sh" + '' + #!${pkgs.bash}/bin/bash + + pdns_folder="${persistentFolder}" + echo "INIT: Checking if pdns sqlite exists" + # Check if the pdns.sqlite3 file exists in the pdns folder + if [ ! -f "${persistentFolder}/pdns.sqlite3" ]; then + echo "INIT: No sqlite db found, initializing from pdns github schema..." + + ${pkgs.wget}/bin/wget -O "${persistentFolder}/schema.sqlite3.sql" https://raw.githubusercontent.com/PowerDNS/pdns/master/modules/gsqlite3backend/schema.sqlite3.sql + ${pkgs.sqlite}/bin/sqlite3 "${persistentFolder}/pdns.sqlite3" < "${persistentFolder}/schema.sqlite3.sql" + ${pkgs.busybox}/bin/chown pdns:pdns ${persistentFolder}/pdns.sqlite3 + ${pkgs.busybox}/bin/rm "${persistentFolder}/schema.sqlite3.sql" + fi + + # Exit successfully + exit 0 + + '' + ) + ]; + + networking.firewall = mkIf cfg.openFirewall { + + allowedTCPPorts = [ 8081 5353 ]; + allowedUDPPorts = [ 8081 5353 ]; }; + }; } diff --git a/nixos/modules/nixos/services/powerdns/secrets.sops.yaml b/nixos/modules/nixos/services/powerdns/secrets.sops.yaml new file mode 100644 index 0000000..09c1a25 --- /dev/null +++ b/nixos/modules/nixos/services/powerdns/secrets.sops.yaml @@ -0,0 +1,69 @@ +system: + services: + powerdns: + apiKey: ENC[AES256_GCM,data:JaOeUekiyKPum0v18Eundtee1UEG2cRjRU4GNQbAZQ==,iv:bSWeb7aIMIKcK1bbqDES85pjdF6X/fUYodsS2CcMo+s=,tag:35/FQRAN9SHe7a0CORFJzw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUHV3Y2RXblFhOEZCUkxZ + bW1VS29LdjBMaWlGdkJoMjVQcTYwR1dWdkhVCnQweW1zYmpGM2dlelN5UHNkSW4z + SzVPeEVVeUk4Z3FBekJjZEdzN0RxOVkKLS0tIGpUTzlHb1BNbC9ubGpsZW4yaVBP + NXFYK0xocE95eW9yeDBCTy9mZEpKZHcKW2Ih9qfT4uIin+R4x8Qz2RFTmD7Oka0z + y8+QoJJh1tLlndUCXqmvgdUf+8ZnUa/AgWqq1g9qxQNg3tng0gi11A== + -----END AGE ENCRYPTED FILE----- + - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TnNlRGpJMVhhQUF4ZEJM + WmdsSGgrN0hzNGk4dkZNa01pS2crN2tNN21RCjArcHZnUE1vb3FDL0dOaXBDMkNV + NlBId21KTnlGVEJWVENnYi8xRVNkbDQKLS0tIDl3dEpkNDNDNy9tNEhCR3RuSUtl + SWM0Z1BqNzh5RFlRdFNIeVhGTUcvQWsKO9OrohKpjgXdaJZ91REZREv/3iYxaWcV + xPXPl702ionxmgBYz6PIYqLI7vIPaAoUhoGk9f5NSlh2f/aqJBxKbA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa3djcTNhQTFUTHR5VGxM + T1VTVVdGMjdjcC9KSEYxQ3Q4NlZ3VE4zY21nCnFhSmJzSXkyV0NGcjFyNFRsMVha + VEZubXVBWGhMS2U3bFB4N2RETzFmUjQKLS0tIGRrQXZKNjdvN1dxMW5VUFVhb1Rs + cTJROVhkUDExdHBKNi9SYm1vSGhGYW8K3QBsU3XKJrXaTU/hq5PJYaA23SBjWYSZ + yy6zxLp2JB3Hr45GhL9D6Nv+eLyO1grasQEOGNVXnHJC+b/iFqbBYw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2M1UrVU9LT1BQOFpsdjkr + NHZYM0JrY3Q4cHhER1haZVJtUjU0OVNkM1dJCmlsRHBHYm4xMHBrUzF1b044NzRv + VnpHQmFPNzg2ZU5tV01HZjRBM0Y1RVUKLS0tIHJVK2VOeEgrMFpDK1R5YmR5TEpp + MmxzMlhxeWhqdHNVN0Q1czFlcm5vR0UKHZuB0sllhE3oFPwhQ/S8vgQoy5siszvj + vJ0eYAWtRh9CCwI1Mmzz7378Bsz1ukC06Q+ClqKRlvqT11y6djBGCg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyY2VjeUx1bzFuZzhTbkFZ + YnhWNE9hV0kraWV5SnVYaFZxRmlBTWNQSGc4CkRaUU90SXQxWk1oMk5KN3Rqd1Q1 + NDA2empEbXdvU3dyRWpWSSsvM05mcFUKLS0tIENabFJkd2ZjUFR1M2E1R1RZblhO + N042ZUkyek1JR1p5aWo5YnMwMUhaZ3MKMYK57X47Orwb0/wO8L3wZOR2QHXcN+Yu + FoJugwYJVOw9r0aTnpSybCMLDoAMqd7FmzBKkgcpouMObqiVhosXrg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZEMzQ0lydDR4YmJKczU1 + UUVTTDlxRjZIWGFiVi81M2xCQVpvNFRIbkZVCnpiTGF2emVlb3g1YkluRWJHSEJL + NVhHcVgrNXdmajh4QUNudElWK2NMQ2cKLS0tIGlweFZhR2N2U1hrV2hpZ0F0dzRv + M0Q2ajg1aXM2UUJzVFRveXQ1MWJzWkEKHh+pa5qeVnBYFc5fAUSQVKYkcRn81/12 + HiP5gBVEKZMt33ny8Pyrb8UtrLRe0UPBa2dhOlnq7v8ye48kgY+VFQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-16T09:43:39Z" + mac: ENC[AES256_GCM,data:OM1CJJ5GqOMw6jqV6HbL0+xvcmS1JFxq7Q+jCyVvAmC1+FGWBrC5LL4KgLT0BcDgf1QnkQ5EKjYLLQPuXQmZDUDB66M3KXryxoW1n3RfPziLDHSHtybevLlHZ2J+d0k/6Dmp7LkmGVUka/V2ZzFxKGXbwCuUU0clnLRMt47h388=,iv:VysReEM8UaKhrrXXWyUgEqqrrPyVdw4hKeoahSIaK/M=,tag:s2jG5ghsKPU28E1ZHown4Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/profiles/role-worstation.nix b/nixos/profiles/role-worstation.nix index e80253a..5f35033 100644 --- a/nixos/profiles/role-worstation.nix +++ b/nixos/profiles/role-worstation.nix @@ -69,6 +69,9 @@ with config; dnsutils nix + # nix dev + dnscontrol # for updating internal DNS servers with homelab services + # Sensors etc lm_sensors cpufrequtils