fix: finish hax?

This commit is contained in:
truxnell 2024-03-26 21:11:56 +11:00
parent 1a4d6ecd2a
commit b44499c92e
27 changed files with 381 additions and 492 deletions

View file

@ -45,7 +45,8 @@ tasks:
vars:
- host
cmds:
- echo "This will dry-run your config."
- echo "This will dry-run your config and add your untracked git files."
- git add .
- nixos-rebuild dry-run --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
preconditions:
- sh: which nix
@ -61,7 +62,9 @@ tasks:
vars:
- host
cmds:
- git add .
- nixos-rebuild build --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
- nvd diff /run/current-system result
preconditions:
- sh: which nix
msg: "nix not found"

BIN
dns01.qcow2 Normal file

Binary file not shown.

View file

@ -6,14 +6,6 @@
, pkgs
, ...
}: {
imports = [
# Common imports
../common/optional/gnome.nix
../common/optional/editors/vscode
../common/optional/firefox.nix
];
config = {

View file

@ -1,11 +0,0 @@
{ inputs
, outputs
, config
, ...
}: {
# Time
networking.timeServers = [ "10.8.10.1" ];
services.chrony = {
enable = true;
};
}

View file

@ -1,41 +0,0 @@
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
{ inputs
, outputs
, pkgs
, config
, ...
}: {
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
config.services.resolved.enable = false;
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
# causing a risk of no dns if service fails.
config.networking = {
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
dhcpcd.extraConfig = "nohook resolv.conf";
};
# configure secret for forwarding rules
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
# Restart dnscrypt when secret changes
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
config.services.dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
listen_addresses = [ "0.0.0.0:53" ];
server_names = [ "NextDNS" ];
static = {
"NextDNS" = {
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
};
};
};
};
}

View file

@ -1,139 +0,0 @@
{ config
, pkgs
, lib
, ...
}: {
# TODO add USER settings.json
# Enable vscode & addons
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions;
[
bbenoist.nix
mkhl.direnv
]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "prettier-vscode";
publisher = "esbenp";
version = "10.1.0";
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
}
{
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.28.0";
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
}
{
name = "gitlens";
publisher = "eamodio";
version = "14.7.0";
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
}
{
name = "remote-containers";
publisher = "ms-vscode-remote";
version = "0.327.0";
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
}
{
name = "remote-ssh";
publisher = "ms-vscode-remote";
version = "0.107.1";
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
}
{
name = "vscode-yaml";
publisher = "redhat";
version = "1.14.0";
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
}
{
name = "todo-tree";
publisher = "gruntfuggly";
version = "0.0.226";
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
}
{
name = "path-autocomplete";
publisher = "ionutvmi";
version = "1.25.0";
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
}
{
name = "even-better-toml";
publisher = "tamasfe";
version = "0.19.2";
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
}
{
name = "linter";
publisher = "fnando";
version = "0.0.19";
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
}
{
name = "catppuccin-vsc";
publisher = "catppuccin";
version = "3.11.0";
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
}
{
name = "catppuccin-vsc-icons";
publisher = "catppuccin";
version = "1.8.0";
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
}
{
name = "nix-ide";
publisher = "jnoortheen";
version = "0.2.2";
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
}
{
name = "vscode-swissknife";
publisher = "luisfontes19";
version = "1.8.1";
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
}
{
name = "pre-commit-helper";
publisher = "elagil";
version = "0.5.0";
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
}
{
name = "sops-edit";
publisher = "shipitsmarter";
version = "1.0.0";
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
}
{
name = "json5-for-vscode";
publisher = "tudoudou";
version = "0.0.3";
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
}
];
})
];
}

View file

@ -1,174 +0,0 @@
# Warning, this file is autogenerated by nix4vscode. Don't modify this manually.
{ pkgs }:
let
vscode-utils = pkgs.vscode-utils;
in
{
"ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace {
name = "python";
publisher = "ms-python";
version = "2024.0.0";
sha256 = "0sy1z2r6b0m1lkivjyrcf41dbgj9m5zkjy6yncpji1hisjcbgq6n";
};
"ms-python"."vscode-pylance" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-pylance";
publisher = "ms-python";
version = "2023.12.1";
sha256 = "03fr9zanhdsf3wirv65vb41swvdnxxaz8lviyjdbmzcw9yihf8dv";
};
"esbenp"."prettier-vscode" = vscode-utils.extensionFromVscodeMarketplace {
name = "prettier-vscode";
publisher = "esbenp";
version = "10.1.0";
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
};
"ms-azuretools"."vscode-docker" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.28.0";
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
};
"eamodio"."gitlens" = vscode-utils.extensionFromVscodeMarketplace {
name = "gitlens";
publisher = "eamodio";
version = "14.7.0";
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
};
"ms-vscode-remote"."remote-containers" = vscode-utils.extensionFromVscodeMarketplace {
name = "remote-containers";
publisher = "ms-vscode-remote";
version = "0.327.0";
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
};
"ms-vscode-remote"."remote-ssh" = vscode-utils.extensionFromVscodeMarketplace {
name = "remote-ssh";
publisher = "ms-vscode-remote";
version = "0.107.1";
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
};
"redhat"."vscode-yaml" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-yaml";
publisher = "redhat";
version = "1.14.0";
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
};
"github"."copilot" = vscode-utils.extensionFromVscodeMarketplace {
name = "copilot";
publisher = "github";
version = "1.156.0";
sha256 = "16nzwazfbh895kmc2887b17zzbbcjyk8fhiphk5xmy1nm9qxszk0";
};
"golang"."go" = vscode-utils.extensionFromVscodeMarketplace {
name = "go";
publisher = "golang";
version = "0.40.3";
sha256 = "15kicpv9xpn7l3w9mbmsjdzjmavh88p3skkim0a9prg9p40bsq0m";
};
"gruntfuggly"."todo-tree" = vscode-utils.extensionFromVscodeMarketplace {
name = "todo-tree";
publisher = "gruntfuggly";
version = "0.0.226";
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
};
"ms-kubernetes-tools"."vscode-kubernetes-tools" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-kubernetes-tools";
publisher = "ms-kubernetes-tools";
version = "1.3.15";
sha256 = "1x6npc90p6b1wx5sd1hd0x0djahmffr6lw9cxh2zg10rbpq48w8i";
};
"hashicorp"."terraform" = vscode-utils.extensionFromVscodeMarketplace {
name = "terraform";
publisher = "hashicorp";
version = "2.29.3";
sha256 = "sha256-cYYtBZaWgtT6vS6In+tbpLfp/GdyWodBXyHsxn8ZZrU=";
};
"ionutvmi"."path-autocomplete" = vscode-utils.extensionFromVscodeMarketplace {
name = "path-autocomplete";
publisher = "ionutvmi";
version = "1.25.0";
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
};
"tamasfe"."even-better-toml" = vscode-utils.extensionFromVscodeMarketplace {
name = "even-better-toml";
publisher = "tamasfe";
version = "0.19.2";
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
};
"redhat"."ansible" = vscode-utils.extensionFromVscodeMarketplace {
name = "ansible";
publisher = "redhat";
version = "2.9.118";
sha256 = "0yndj2r0w2zxc5firxgfrykkc5ajy9gsmrfmkz80kfhwk33n9y1p";
};
"fnando"."linter" = vscode-utils.extensionFromVscodeMarketplace {
name = "linter";
publisher = "fnando";
version = "0.0.19";
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
};
"catppuccin"."catppuccin-vsc" = vscode-utils.extensionFromVscodeMarketplace {
name = "catppuccin-vsc";
publisher = "catppuccin";
version = "3.11.0";
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
};
"catppuccin"."catppuccin-vsc-icons" = vscode-utils.extensionFromVscodeMarketplace {
name = "catppuccin-vsc-icons";
publisher = "catppuccin";
version = "1.8.0";
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
};
"jnoortheen"."nix-ide" = vscode-utils.extensionFromVscodeMarketplace {
name = "nix-ide";
publisher = "jnoortheen";
version = "0.2.2";
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
};
"luisfontes19"."vscode-swissknife" = vscode-utils.extensionFromVscodeMarketplace {
name = "vscode-swissknife";
publisher = "luisfontes19";
version = "1.8.1";
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
};
"elagil"."pre-commit-helper" = vscode-utils.extensionFromVscodeMarketplace {
name = "pre-commit-helper";
publisher = "elagil";
version = "0.5.0";
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
};
"shipitsmarter"."sops-edit" = vscode-utils.extensionFromVscodeMarketplace {
name = "sops-edit";
publisher = "shipitsmarter";
version = "1.0.0";
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
};
"tudoudou"."json5-for-vscode" = vscode-utils.extensionFromVscodeMarketplace {
name = "json5-for-vscode";
publisher = "tudoudou";
version = "0.0.3";
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
};
}

View file

@ -1,9 +0,0 @@
{ config
, pkgs
, lib
, ...
}: {
programs.firefox = {
enable = true;
};
}

View file

@ -1,68 +0,0 @@
{ config
, pkgs
, lib
, ...
}: {
# Ref: https://nixos.wiki/wiki/GNOME
# GNOME plz
services.xserver = {
enable = true;
displayManager =
{
gdm.enable = true;
defaultSession = "gnome"; # TODO move to config overlay
autoLogin.enable = true;
autoLogin.user = "truxnell"; # TODO move to config overlay
};
desktopManager = {
# GNOME
gnome.enable = true;
};
layout = "us"; # `localctl` will give you
};
# TODO remove this when possible
# workaround for GNOME autologin
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# TODO tidy this
# port forward for GNOME when using RDP***REMOVED***
networking.firewall.allowedTCPPorts = [
3389
];
# And dconf
programs.dconf.enable = true;
# https://github.com/NixOS/nixpkgs/issues/114514
# dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45
# Exclude default GNOME packages that dont interest me.
environment.gnome.excludePackages =
(with pkgs; [
gnome-photos
gnome-tour
])
++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
}

View file

@ -1,22 +0,0 @@
{ inputs
, outputs
, config
, ...
}: {
# init secret
config.sops.secrets."system/mail/maddy/envFile" = {
sopsFile = ./maddy.sops.yaml;
owner = "maddy";
group = "maddy";
};
# Restart dnscrypt when secret changes
config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ];
#
config.services.maddy = {
enable = true;
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf;
};
}

View file

@ -8,10 +8,15 @@
}: {
imports = [
../common/optional/dnscrypt-proxy2.nix
../common/optional/maddy.nix
];
mySystem.services.cfddns.enable = true;
mySystem = {
services.maddy.enable = true;
services.dnscrypt-proxy.enable = true;
services.cfDdns.enable = true;
};
networking.hostName = "dns01"; # Define your hostname.
networking.useDHCP = lib.mkDefault true;

View file

@ -5,15 +5,7 @@
}: {
# hardware-configuration.nix is missing as I've abstracted out the parts
# into various areas like my global/hardware profiles, etc.
imports = [
# Common imports
../common/optional/gnome.nix
../common/optional/editors/vscode
../common/optional/firefox.nix
];
config.mySystem = {
services.openssh.enable = true;
security.wheelNeedsSudoPassword = false;

View file

@ -0,0 +1,5 @@
{
imports = [
./firefox.nix
];
}

View file

@ -0,0 +1,22 @@
{ lib
, config
, ...
}:
with lib;
let
cfg = config.mySystem.browser.firefox;
in
{
options.mySystem.browser.firefox.enable = mkEnableOption "Firefox";
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
};
};
}

View file

@ -0,0 +1,6 @@
{
imports = [
./gnome.nix
];
}

View file

@ -0,0 +1,81 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.de.gnome;
in
{
options.mySystem.de.gnome.enable = mkEnableOption "GNOME";
config = mkIf cfg.enable {
# Ref: https://nixos.wiki/wiki/GNOME
# GNOME plz
services.xserver = {
enable = true;
displayManager =
{
gdm.enable = true;
defaultSession = "gnome"; # TODO move to config overlay
autoLogin.enable = true;
autoLogin.user = "truxnell"; # TODO move to config overlay
};
desktopManager = {
# GNOME
gnome.enable = true;
};
layout = "us"; # `localctl` will give you
};
# TODO remove this when possible
# workaround for GNOME autologin
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# TODO tidy this
# port forward for GNOME when using RDP***REMOVED***
networking.firewall.allowedTCPPorts = [
3389
];
# And dconf
programs.dconf.enable = true;
# https://github.com/NixOS/nixpkgs/issues/114514
# dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45
# Exclude default GNOME packages that dont interest me.
environment.gnome.excludePackages =
(with pkgs; [
gnome-photos
gnome-tour
])
++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
};
}

View file

@ -3,6 +3,9 @@
./system
./programs
./services
./browser
./de
./editor
];
}

View file

@ -0,0 +1,6 @@
{
imports = [
./vscodium.nix
];
}

View file

@ -0,0 +1,154 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.editor.vscodium;
in
{
options.mySystem.editor.vscodium.enable = mkEnableOption "Vscodium";
config = mkIf cfg.enable {
# TODO add USER settings.json
# Enable vscode & addons
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions;
[
bbenoist.nix
mkhl.direnv
]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "prettier-vscode";
publisher = "esbenp";
version = "10.1.0";
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
}
{
name = "vscode-docker";
publisher = "ms-azuretools";
version = "1.28.0";
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
}
{
name = "gitlens";
publisher = "eamodio";
version = "14.7.0";
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
}
{
name = "remote-containers";
publisher = "ms-vscode-remote";
version = "0.327.0";
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
}
{
name = "remote-ssh";
publisher = "ms-vscode-remote";
version = "0.107.1";
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
}
{
name = "vscode-yaml";
publisher = "redhat";
version = "1.14.0";
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
}
{
name = "todo-tree";
publisher = "gruntfuggly";
version = "0.0.226";
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
}
{
name = "path-autocomplete";
publisher = "ionutvmi";
version = "1.25.0";
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
}
{
name = "even-better-toml";
publisher = "tamasfe";
version = "0.19.2";
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
}
{
name = "linter";
publisher = "fnando";
version = "0.0.19";
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
}
{
name = "catppuccin-vsc";
publisher = "catppuccin";
version = "3.11.0";
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
}
{
name = "catppuccin-vsc-icons";
publisher = "catppuccin";
version = "1.8.0";
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
}
{
name = "nix-ide";
publisher = "jnoortheen";
version = "0.2.2";
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
}
{
name = "vscode-swissknife";
publisher = "luisfontes19";
version = "1.8.1";
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
}
{
name = "pre-commit-helper";
publisher = "elagil";
version = "0.5.0";
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
}
{
name = "sops-edit";
publisher = "shipitsmarter";
version = "1.0.0";
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
}
{
name = "json5-for-vscode";
publisher = "tudoudou";
version = "0.0.3";
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
}
];
})
];
};
}

View file

@ -22,13 +22,13 @@ in
# TODO add notifications on IP change
# init secret
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
# Restart when secret changes
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
# Cloudflare dynamic dns to keep my DNS records pointed at home
config.services.cloudflare-dyndns = {
services.cloudflare-dyndns = {
enable = true;
ipv6 = false;
proxied = true;

View file

@ -3,5 +3,7 @@
./monitoring.nix
./reboot-required-check.nix
./cloudflare-dyndns
./maddy
./dnscrypt-proxy2
];
}

View file

@ -0,0 +1,48 @@
{ lib
, config
, ...
}:
with lib;
let
cfg = config.mySystem.services.dnscrypt-proxy;
in
{
options.mySystem.services.dnscrypt-proxy.enable = mkEnableOption "Cloudflare ddns";
config = mkIf cfg.enable {
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
services.resolved.enable = false;
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
# causing a risk of no dns if service fails.
networking = {
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
dhcpcd.extraConfig = "nohook resolv.conf";
};
# configure secret for forwarding rules
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
# Restart dnscrypt when secret changes
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
services.dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
listen_addresses = [ "0.0.0.0:53" ];
server_names = [ "NextDNS" ];
static = {
"NextDNS" = {
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
};
};
};
};
};
}

View file

@ -0,0 +1,30 @@
{ lib
, config
, ...
}:
with lib;
let
cfg = config.mySystem.services.maddy;
in
{
options.mySystem.services.maddy.enable = mkEnableOption "Maddy SMTP Client (Relay)";
config = mkIf cfg.enable {
sops.secrets."system/mail/maddy/envFile" = {
sopsFile = ./maddy.sops.yaml;
owner = "maddy";
group = "maddy";
};
sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ];
services.maddy = {
enable = true;
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf;
};
};
}

View file

@ -3,16 +3,20 @@
# Covers desktops/laptops, expected to have a GUI and do worloads
# Will have home-manager installs
with lib;
with config;
{
config.boot = {
mySystem.de.gnome.enable = true;
mySystem.editor.vscodium.enable = true;
mySystem.browser.firefox.enable = true;
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
plymouth.enable = true; # hide console with splash screen
};
config.nix.settings = {
nix.settings = {
# TODO factor out into mySystem
# Avoid disk full issues
max-free = lib.mkDefault (1000 * 1000 * 1000);
@ -20,7 +24,7 @@ with lib;
};
# set xserver videodrivers if used
config.services.xserver.enable = true;
services.xserver.enable = true;
# Laptop so ill likely use wireles
# very likely to be set by GUI packages but lets