feat: flesh out home manager gnome, firefox (#56)
* feat: add test node and spin up podman/cockpit * dev hack * bug: disable wayland temporarily #52 * feat: add nfs mount to nas * chore: add nas to sshconf * derp * hax * fix: hax * feat: firefox and gnome tweaks * chore: tweak nautilus --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
parent
74dcd8a683
commit
b447282c7a
45 changed files with 922 additions and 236 deletions
1
.github/workflows/diff-pr.yaml
vendored
1
.github/workflows/diff-pr.yaml
vendored
|
@ -54,6 +54,7 @@ jobs:
|
||||||
extra_nix_config: |
|
extra_nix_config: |
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
extra-platforms = aarch64-linux
|
extra-platforms = aarch64-linux
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
- name: Register binfmt
|
- name: Register binfmt
|
||||||
run: |
|
run: |
|
||||||
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
||||||
|
|
1
.github/workflows/nix-lint.yaml
vendored
1
.github/workflows/nix-lint.yaml
vendored
|
@ -17,6 +17,7 @@ jobs:
|
||||||
uses: cachix/install-nix-action@v26
|
uses: cachix/install-nix-action@v26
|
||||||
with:
|
with:
|
||||||
nix_path: nixpkgs=channel:nixos-unstable
|
nix_path: nixpkgs=channel:nixos-unstable
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
|
||||||
- name: Install Nix Linting and Formatting Tools
|
- name: Install Nix Linting and Formatting Tools
|
||||||
run: nix-env -i statix nixpkgs-fmt -f '<nixpkgs>'
|
run: nix-env -i statix nixpkgs-fmt -f '<nixpkgs>'
|
||||||
|
|
|
@ -9,20 +9,19 @@
|
||||||
# copying one key to each machine
|
# copying one key to each machine
|
||||||
|
|
||||||
keys:
|
keys:
|
||||||
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
|
||||||
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
|
||||||
- &dns01 age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- &dns01 age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
- &dns02 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- &dns02 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: .*\.sops\.yaml$
|
- path_regex: .*\.sops\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *nixosvm
|
|
||||||
- *nixosvm2
|
|
||||||
- *dns01
|
- *dns01
|
||||||
- *dns02
|
- *dns02
|
||||||
- *citadel
|
- *citadel
|
||||||
- *rickenbacker
|
- *rickenbacker
|
||||||
|
- *shodan
|
||||||
|
|
27
.vscode/module.code-snippets
vendored
Normal file
27
.vscode/module.code-snippets
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
"nix-module": {
|
||||||
|
"prefix": "nm",
|
||||||
|
"body": [
|
||||||
|
"{ lib",
|
||||||
|
", config",
|
||||||
|
", pkgs",
|
||||||
|
", ...",
|
||||||
|
"}:",
|
||||||
|
"with lib;",
|
||||||
|
"let",
|
||||||
|
" cfg = config.mySystem.${1}.${2};",
|
||||||
|
"in",
|
||||||
|
"{",
|
||||||
|
" options.mySystem.${1}.${2}.enable = mkEnableOption \"${3}\";",
|
||||||
|
"",
|
||||||
|
" config = mkIf cfg.enable {",
|
||||||
|
"",
|
||||||
|
" $4{}",
|
||||||
|
"",
|
||||||
|
" };",
|
||||||
|
"}",
|
||||||
|
""
|
||||||
|
],
|
||||||
|
"description": "nix-module"
|
||||||
|
}
|
||||||
|
}
|
4
docs/tips.md
Normal file
4
docs/tips.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
|
||||||
|
* Dont make conditional imports (nix needs to resolve imports upfront)
|
||||||
|
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
|
||||||
|
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
|
16
flake.lock
16
flake.lock
|
@ -179,6 +179,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nur": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1712033433,
|
||||||
|
"narHash": "sha256-iHEU6YnoQAA7odXmUjKzRBVh9Dwa/k9ptCDo4b0wQL8=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"rev": "4c166e425d61650861a412af9afaae5b749d5781",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
|
@ -187,6 +202,7 @@
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"nur": "nur",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
26
flake.nix
26
flake.nix
|
@ -6,6 +6,9 @@
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
|
# nur
|
||||||
|
nur.url = "github:nix-community/NUR";
|
||||||
|
|
||||||
# nix-community hardware quirks
|
# nix-community hardware quirks
|
||||||
# https://github.com/nix-community
|
# https://github.com/nix-community
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
|
@ -177,6 +180,21 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"shodan" = mkNixosConfig {
|
||||||
|
# Rpi for DNS and misc services
|
||||||
|
|
||||||
|
hostname = "shodan";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
hardwareModules = [
|
||||||
|
./nixos/profiles/hw-generic-x86.nix
|
||||||
|
];
|
||||||
|
profileModules = [
|
||||||
|
./nixos/profiles/role-server.nix
|
||||||
|
{ home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -228,10 +246,9 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
rickenbacker = mkDeployConfig "rickenbacker" self.nixosConfigurations.rickenbacker;
|
|
||||||
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
|
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
|
||||||
dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02;
|
dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02;
|
||||||
|
shodan = mkDeployConfig "10.8.20.33" self.nixosConfigurations.shodan;
|
||||||
|
|
||||||
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
|
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
|
||||||
};
|
};
|
||||||
|
@ -246,11 +263,8 @@
|
||||||
nixtop = nixpkgs.lib.genAttrs
|
nixtop = nixpkgs.lib.genAttrs
|
||||||
(builtins.attrNames inputs.self.nixosConfigurations)
|
(builtins.attrNames inputs.self.nixosConfigurations)
|
||||||
(attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel);
|
(attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel);
|
||||||
hometop = nixpkgs.lib.genAttrs
|
|
||||||
(builtins.attrNames inputs.self.homeConfigurations)
|
|
||||||
(attr: inputs.self.homeManagerConfigurations.${attr}.activationPackage);
|
|
||||||
in
|
in
|
||||||
nixtop // hometop;
|
nixtop;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./shell
|
./shell
|
||||||
./programs
|
./programs
|
||||||
|
./security
|
||||||
];
|
];
|
||||||
|
|
||||||
options.myHome.username = lib.mkOption {
|
options.myHome.username = lib.mkOption {
|
||||||
|
|
|
@ -13,27 +13,33 @@ in
|
||||||
{
|
{
|
||||||
options.myHome.programs.firefox.enable = mkEnableOption "Firefox";
|
options.myHome.programs.firefox.enable = mkEnableOption "Firefox";
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable
|
||||||
|
{
|
||||||
|
|
||||||
programs.firefox = {
|
programs.firefox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.firefox.override
|
package = pkgs.firefox.override
|
||||||
{
|
{
|
||||||
extraPolicies = {
|
extraPolicies = {
|
||||||
DontCheckDefaultBrowser = true;
|
DontCheckDefaultBrowser = true;
|
||||||
DisablePocket = true;
|
DisablePocket = true;
|
||||||
# See nixpkgs' firefox/wrapper.nix to check which options you can use
|
# See nixpkgs' firefox/wrapper.nix to check which options you can use
|
||||||
nativeMessagingHosts = [
|
nativeMessagingHosts = [
|
||||||
# Gnome shell native connector
|
# Gnome shell native connector
|
||||||
pkgs.gnome-browser-connector
|
pkgs.gnome-browser-connector
|
||||||
# plasma connector
|
# plasma connector
|
||||||
# plasma5Packages.plasma-browser-integration
|
# plasma5Packages.plasma-browser-integration
|
||||||
];
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
policies = import ./policies.nix;
|
||||||
|
|
||||||
|
profiles.default = import ./profile-default.nix { inherit pkgs; };
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
20
nixos/home/modules/programs/browsers/firefox/policies.nix
Normal file
20
nixos/home/modules/programs/browsers/firefox/policies.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
DisableTelemetry = true;
|
||||||
|
DisableFirefoxStudies = true;
|
||||||
|
EnableTrackingProtection = {
|
||||||
|
Value = true;
|
||||||
|
Locked = true;
|
||||||
|
Cryptomining = true;
|
||||||
|
Fingerprinting = true;
|
||||||
|
};
|
||||||
|
DisablePocket = true;
|
||||||
|
# DisableFirefoxAccounts = true;
|
||||||
|
# DisableAccounts = true;
|
||||||
|
# DisableFirefoxScreenshots = true;
|
||||||
|
# OverrideFirstRunPage = "";
|
||||||
|
OverridePostUpdatePage = "";
|
||||||
|
DontCheckDefaultBrowser = true;
|
||||||
|
DisplayBookmarksToolbar = "never"; # alternatives: "always" or "newtab"
|
||||||
|
DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on"
|
||||||
|
SearchBar = "unified"; # alternative: "separate"
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
{ pkgs }:
|
||||||
|
{
|
||||||
|
id = 0;
|
||||||
|
name = "default";
|
||||||
|
isDefault = true;
|
||||||
|
settings = {
|
||||||
|
"browser.startup.homepage" = "https://search.trux.dev";
|
||||||
|
"browser.search.defaultenginename" = "whoogle";
|
||||||
|
"browser.search.order.1" = "whoogle";
|
||||||
|
"browser.search.suggest.enabled.private" = false;
|
||||||
|
# 0 => blank page
|
||||||
|
# 1 => your home page(s) {default}
|
||||||
|
# 2 => the last page viewed in Firefox
|
||||||
|
# 3 => previous session windows and tabs
|
||||||
|
"browser.startup.page" = "3";
|
||||||
|
|
||||||
|
"browser.send_pings" = false;
|
||||||
|
# Do not track
|
||||||
|
"privacy.donottrackheader.enabled" = "true";
|
||||||
|
"privacy.donottrackheader.value" = 1;
|
||||||
|
"browser.display.use_system_colors" = "true";
|
||||||
|
|
||||||
|
"browser.display.use_document_colors" = "false";
|
||||||
|
"devtools.theme" = "dark";
|
||||||
|
|
||||||
|
"extensions.pocket.enabled" = false;
|
||||||
|
};
|
||||||
|
search = import ./search.nix { inherit pkgs; };
|
||||||
|
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
||||||
|
ublock-origin
|
||||||
|
bitwarden
|
||||||
|
darkreader
|
||||||
|
vimium
|
||||||
|
languagetool # setup against my personal language-tools
|
||||||
|
privacy-badger
|
||||||
|
link-cleaner
|
||||||
|
refined-github
|
||||||
|
];
|
||||||
|
}
|
60
nixos/home/modules/programs/browsers/firefox/search.nix
Normal file
60
nixos/home/modules/programs/browsers/firefox/search.nix
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
{ pkgs }:
|
||||||
|
{
|
||||||
|
force = true;
|
||||||
|
default = "whoogle";
|
||||||
|
order = [ "whoogle" "Searx" "Google" ];
|
||||||
|
engines = {
|
||||||
|
"Nix Packages" = {
|
||||||
|
urls = [{
|
||||||
|
template = "https://search.nixos.org/packages";
|
||||||
|
params = [
|
||||||
|
{ name = "type"; value = "packages"; }
|
||||||
|
{ name = "query"; value = "{searchTerms}"; }
|
||||||
|
];
|
||||||
|
}];
|
||||||
|
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||||
|
definedAliases = [ "@np" ];
|
||||||
|
};
|
||||||
|
"Nix Options" = {
|
||||||
|
urls = [{
|
||||||
|
template = "https://search.nixos.org/options";
|
||||||
|
params = [
|
||||||
|
{ name = "query"; value = "{searchTerms}"; }
|
||||||
|
];
|
||||||
|
}];
|
||||||
|
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||||
|
definedAliases = [ "@no" ];
|
||||||
|
};
|
||||||
|
"Home-Manager Options" = {
|
||||||
|
urls = [{
|
||||||
|
template = "https://home-manager-options.extranix.com/";
|
||||||
|
params = [
|
||||||
|
{ name = "query"; value = "{searchTerms}"; }
|
||||||
|
];
|
||||||
|
}];
|
||||||
|
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||||
|
definedAliases = [ "@nhmo" ];
|
||||||
|
};
|
||||||
|
"NixOS Wiki" = {
|
||||||
|
urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
|
||||||
|
iconUpdateURL = "https://nixos.wiki/favicon.png";
|
||||||
|
updateInterval = 24 * 60 * 60 * 1000; # every day
|
||||||
|
definedAliases = [ "@nw" ];
|
||||||
|
};
|
||||||
|
"KubeSearch" = {
|
||||||
|
urls = [{ template = "https://kubesearch.dev/#{searchTerms}"; }];
|
||||||
|
iconUpdateURL = "https://kubernetes.io/images/wheel.svg";
|
||||||
|
updateInterval = 24 * 60 * 60 * 1000; # every day
|
||||||
|
definedAliases = [ "@ks" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# "Searx" = {
|
||||||
|
# urls = [{ template = "https://searx.trux.dev/?q={searchTerms}"; }];
|
||||||
|
# iconUpdateURL = "https://nixos.wiki/favicon.png";
|
||||||
|
# updateInterval = 24 * 60 * 60 * 1000; # every day
|
||||||
|
# definedAliases = [ "@searx" ];
|
||||||
|
# };
|
||||||
|
"Bing".metaData.hidden = true;
|
||||||
|
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
|
||||||
|
};
|
||||||
|
}
|
5
nixos/home/modules/programs/de/default.nix
Normal file
5
nixos/home/modules/programs/de/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ ... }: {
|
||||||
|
imports = [
|
||||||
|
./gnome
|
||||||
|
];
|
||||||
|
}
|
41
nixos/home/modules/programs/de/gnome/default.nix
Normal file
41
nixos/home/modules/programs/de/gnome/default.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Adjusted manually from generated output of dconf2nix
|
||||||
|
# https://github.com/gvolpe/dconf2nix
|
||||||
|
{ lib
|
||||||
|
, pkgs
|
||||||
|
, osConfig
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib.hm.gvariant; {
|
||||||
|
|
||||||
|
config = lib.mkIf osConfig.mySystem.de.gnome.enable {
|
||||||
|
# add user packages
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
dconf2nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# worked out from dconf2nix
|
||||||
|
# dconf dump / | dconf2nix > dconf.nix
|
||||||
|
# can also dconf watch
|
||||||
|
dconf.settings = {
|
||||||
|
"org/gnome/mutter" = {
|
||||||
|
edge-tiling = true;
|
||||||
|
workspaces-only-on-primary = false;
|
||||||
|
};
|
||||||
|
"org/gnome/desktop/wm/preferences" = {
|
||||||
|
workspace-names = [ "sys" "talk" "web" "edit" "run" ];
|
||||||
|
};
|
||||||
|
"org/gnome/shell" = {
|
||||||
|
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
|
||||||
|
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
|
||||||
|
favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" ];
|
||||||
|
};
|
||||||
|
"org/gnome/nautilus/preferences" = {
|
||||||
|
default-folder-viewer = "icon-view";
|
||||||
|
};
|
||||||
|
"org/gnome/nautilus/icon-view" = {
|
||||||
|
default-zoom-level = "small";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./browsers
|
./browsers
|
||||||
|
./de
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
5
nixos/home/modules/security/default.nix
Normal file
5
nixos/home/modules/security/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ ... }: {
|
||||||
|
imports = [
|
||||||
|
./ssh
|
||||||
|
];
|
||||||
|
}
|
25
nixos/home/modules/security/ssh/default.nix
Normal file
25
nixos/home/modules/security/ssh/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ config
|
||||||
|
, pkgs
|
||||||
|
, lib
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.myHome.security.ssh;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.myHome.security.ssh = {
|
||||||
|
enable = mkEnableOption "ssh";
|
||||||
|
matchBlocks = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
programs.ssh = {
|
||||||
|
inherit (cfg) matchBlocks;
|
||||||
|
enable = true;
|
||||||
|
# addKeysToAgent = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -23,7 +23,8 @@ in
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
local wez = require('wezterm')
|
local wez = require('wezterm')
|
||||||
return {
|
return {
|
||||||
|
-- https://github.com/wez/wezterm/issues/2011
|
||||||
|
enable_wayland = false,
|
||||||
color_scheme = "Dracula (Official)",
|
color_scheme = "Dracula (Official)",
|
||||||
check_for_updates = false,
|
check_for_updates = false,
|
||||||
window_background_opacity = .90,
|
window_background_opacity = .90,
|
||||||
|
|
|
@ -10,6 +10,47 @@ with config;
|
||||||
myHome.shell.fish.enable = true;
|
myHome.shell.fish.enable = true;
|
||||||
myHome.shell.wezterm.enable = true;
|
myHome.shell.wezterm.enable = true;
|
||||||
|
|
||||||
|
myHome.security = {
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
citadel = {
|
||||||
|
hostname = "citadel";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
rickenbacker = {
|
||||||
|
hostname = "rickenbacker";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
dns01 = {
|
||||||
|
hostname = "dns01";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
dns02 = {
|
||||||
|
hostname = "dns02";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
pikvm = {
|
||||||
|
hostname = "pikvm";
|
||||||
|
port = 22;
|
||||||
|
user = "root";
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
helios = {
|
||||||
|
hostname = "helios";
|
||||||
|
user = "nat";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
# Install these packages for my user
|
# Install these packages for my user
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
|
@ -19,6 +60,8 @@ with config;
|
||||||
brightnessctl
|
brightnessctl
|
||||||
prusa-slicer
|
prusa-slicer
|
||||||
bitwarden
|
bitwarden
|
||||||
|
yubioath-flutter
|
||||||
|
yubikey-manager-qt
|
||||||
|
|
||||||
bat
|
bat
|
||||||
dbus
|
dbus
|
||||||
|
@ -28,6 +71,7 @@ with config;
|
||||||
python3
|
python3
|
||||||
fzf
|
fzf
|
||||||
ripgrep
|
ripgrep
|
||||||
|
flyctl # fly.io control line
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -101,7 +101,7 @@
|
||||||
# TODO Harden SSH
|
# TODO Harden SSH
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.truxnell.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,11 @@
|
||||||
security.wheelNeedsSudoPassword = false;
|
security.wheelNeedsSudoPassword = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
networking.hostName = "citadel"; # Define your hostname.
|
networking.hostName = "citadel"; # Define your hostname.
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
security.wheelNeedsSudoPassword = false;
|
security.wheelNeedsSudoPassword = false;
|
||||||
};
|
};
|
||||||
|
mySystem.services.traefik.enable = true;
|
||||||
|
|
||||||
# TODO build this in from flake host names
|
# TODO build this in from flake host names
|
||||||
networking.hostName = "rickenbacker";
|
networking.hostName = "rickenbacker";
|
||||||
|
|
59
nixos/hosts/shodan/default.nix
Normal file
59
nixos/hosts/shodan/default.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
mySystem.services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
cockpit.enable = true;
|
||||||
|
podman.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# for managing/mounting ntfs
|
||||||
|
supportedFilesystems = [ "ntfs" ];
|
||||||
|
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
# why not ensure we can memtest workstatons easily?
|
||||||
|
grub.memtest86.enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "shodan"; # Define your hostname.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/2e843998-f409-4ccc-bc7c-07099ee0e936";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/12CE-A600";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/0ae2765b-f3f4-4b1a-8ea6-599f37504d70"; }];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
49
nixos/modules/nixos/containers/default.nix
Normal file
49
nixos/modules/nixos/containers/default.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
# let
|
||||||
|
# cfg = config.mySystem.xx.yy;
|
||||||
|
# in
|
||||||
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./traefik
|
||||||
|
];
|
||||||
|
|
||||||
|
options.myLab.containers.fileRoot = mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "root file path for containers";
|
||||||
|
default = "/persistence/containers/";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Email
|
||||||
|
options.myLab.email.adminFromAddr = mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "From address for admin emails";
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
options.myLab.email.adminToAddr = mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Address for admin emails to be sent to";
|
||||||
|
default = "admin@trux.dev";
|
||||||
|
};
|
||||||
|
options.myLab.email.smtpServer = mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "SMTP server address";
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
# CONFIG HERE
|
||||||
|
myLab.email.adminFromAddr = "admin@trux.dev";
|
||||||
|
myLab.email.smtpServer = "dns02"; # forwards to maddy relay
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
}
|
84
nixos/modules/nixos/containers/traefik/default.nix
Normal file
84
nixos/modules/nixos/containers/traefik/default.nix
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
{ config, lib, vars, networksLocal, ... }:
|
||||||
|
let
|
||||||
|
internalIP = "0.0.0.0"; # TODO fix
|
||||||
|
directories = [
|
||||||
|
"${config.myLab.containers.fileRoot}/traefik"
|
||||||
|
];
|
||||||
|
files = [
|
||||||
|
"${config.myLab.containers.fileRoot}/traefik/acme.json"
|
||||||
|
];
|
||||||
|
cfg = config.myLab.containers.traefik;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
options.myLab.containers.traefik.enable = lib.mkEnableOption "Traefik container";
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 9091 ];
|
||||||
|
|
||||||
|
sops.secrets.authelia-jwt = { owner = config.systemd.services.authelia-default.serviceConfig.User; };
|
||||||
|
sops.secrets.authelia-sek = { owner = config.systemd.services.authelia-default.serviceConfig.User; };
|
||||||
|
|
||||||
|
services.authelia.instances.default = {
|
||||||
|
enable = true;
|
||||||
|
secrets = {
|
||||||
|
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
|
||||||
|
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
log.level = "debug";
|
||||||
|
theme = "dark";
|
||||||
|
default_2fa_method = "totp";
|
||||||
|
default_redirection_url = "https://passport.notohh.dev/";
|
||||||
|
authentication_backend = {
|
||||||
|
file.path = "/var/lib/authelia-default/user.yml";
|
||||||
|
};
|
||||||
|
session = {
|
||||||
|
domain = "notohh.dev";
|
||||||
|
expiration = 3600;
|
||||||
|
inactivity = 300;
|
||||||
|
};
|
||||||
|
totp = {
|
||||||
|
issuer = "authelia.com";
|
||||||
|
disable = false;
|
||||||
|
algorithm = "sha1";
|
||||||
|
digits = 6;
|
||||||
|
period = 30;
|
||||||
|
skew = 1;
|
||||||
|
secret_size = 32;
|
||||||
|
};
|
||||||
|
server = {
|
||||||
|
host = "0.0.0.0";
|
||||||
|
port = 9091;
|
||||||
|
};
|
||||||
|
access_control = {
|
||||||
|
default_policy = "deny";
|
||||||
|
rules = [
|
||||||
|
{
|
||||||
|
domain = "notohh.dev";
|
||||||
|
policy = "bypass";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
regulation = {
|
||||||
|
max_retries = 3;
|
||||||
|
find_time = 120;
|
||||||
|
ban_time = 300;
|
||||||
|
};
|
||||||
|
notifier.filesystem = {
|
||||||
|
filename = "/var/lib/authelia-default/notif.txt";
|
||||||
|
};
|
||||||
|
storage.postgres = {
|
||||||
|
host = "192.168.1.211";
|
||||||
|
port = 5432;
|
||||||
|
database = "authelia";
|
||||||
|
schema = "public";
|
||||||
|
username = "authelia";
|
||||||
|
password = "authelia";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -10,30 +10,70 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.mySystem.de.gnome.enable = mkEnableOption "GNOME";
|
options.mySystem.de.gnome.enable = mkEnableOption "GNOME";
|
||||||
|
options.mySystem.de.gnome.systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
|
||||||
|
options.mySystem.de.gnome.gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
|
||||||
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
# Ref: https://nixos.wiki/wiki/GNOME
|
# Ref: https://nixos.wiki/wiki/GNOME
|
||||||
|
|
||||||
# GNOME plz
|
# GNOME plz
|
||||||
services.xserver = {
|
services = {
|
||||||
enable = true;
|
xserver = {
|
||||||
displayManager =
|
enable = true;
|
||||||
{
|
displayManager =
|
||||||
gdm.enable = true;
|
{
|
||||||
defaultSession = "gnome"; # TODO move to config overlay
|
gdm.enable = true;
|
||||||
|
defaultSession = "gnome"; # TODO move to config overlay
|
||||||
|
|
||||||
autoLogin.enable = true;
|
autoLogin.enable = true;
|
||||||
autoLogin.user = "truxnell"; # TODO move to config overlay
|
autoLogin.user = "truxnell"; # TODO move to config overlay
|
||||||
|
};
|
||||||
|
desktopManager = {
|
||||||
|
# GNOME
|
||||||
|
gnome.enable = true;
|
||||||
};
|
};
|
||||||
desktopManager = {
|
|
||||||
# GNOME
|
|
||||||
gnome.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
layout = "us"; # `localctl` will give you
|
layout = "us"; # `localctl` will give you
|
||||||
|
};
|
||||||
|
udev.packages = optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# systyray icons
|
||||||
|
|
||||||
|
|
||||||
|
# extra pkgs and extensions
|
||||||
|
environment = {
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
||||||
|
playerctl # gsconnect play/pause command
|
||||||
|
pamixer # gcsconnect volume control
|
||||||
|
gnome.gnome-tweaks
|
||||||
|
gnome.dconf-editor
|
||||||
|
|
||||||
|
# This installs the extension packages, but
|
||||||
|
# dont forget to enable them per-user in dconf settings -> "org/gnome/shell"
|
||||||
|
gnomeExtensions.vitals
|
||||||
|
gnomeExtensions.caffeine
|
||||||
|
gnomeExtensions.spotify-tray
|
||||||
|
gnomeExtensions.dash-to-dock
|
||||||
|
|
||||||
|
]
|
||||||
|
++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# enable gsconnect
|
||||||
|
# this method also opens the firewall ports required when enable = true
|
||||||
|
programs.kdeconnect = mkIf
|
||||||
|
cfg.gsconnect
|
||||||
|
{
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.gnomeExtensions.gsconnect;
|
||||||
|
};
|
||||||
|
|
||||||
# GNOME connection to browsers - requires flag on browser as well
|
# GNOME connection to browsers - requires flag on browser as well
|
||||||
services.gnome.gnome-browser-connector.enable = lib.any
|
services.gnome.gnome-browser-connector.enable = lib.any
|
||||||
(user: user.programs.firefox.enable)
|
(user: user.programs.firefox.enable)
|
||||||
|
@ -48,6 +88,7 @@ in
|
||||||
# TODO tidy this
|
# TODO tidy this
|
||||||
# port forward for GNOME when using RDP***REMOVED***
|
# port forward for GNOME when using RDP***REMOVED***
|
||||||
|
|
||||||
|
# for RDP TODO make this a flag if RDP is enabled per host
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
3389
|
3389
|
||||||
];
|
];
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
./browser
|
./browser
|
||||||
./de
|
./de
|
||||||
./editor
|
./editor
|
||||||
|
./containers
|
||||||
|
./hardware
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
5
nixos/modules/nixos/hardware/default.nix
Normal file
5
nixos/modules/nixos/hardware/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./nvidia
|
||||||
|
];
|
||||||
|
}
|
62
nixos/modules/nixos/hardware/nvidia/default.nix
Normal file
62
nixos/modules/nixos/hardware/nvidia/default.nix
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.hardware.nvidia;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.hardware.nvidia.enable = mkEnableOption "NVIDIA config";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
# ref: https://nixos.wiki/wiki/Nvidia
|
||||||
|
# Enable OpenGL
|
||||||
|
hardware.opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# This is for the benefit of VSCODE running natively in wayland
|
||||||
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||||
|
|
||||||
|
hardware.nvidia = {
|
||||||
|
|
||||||
|
# Modesetting is required.
|
||||||
|
modesetting.enable = true;
|
||||||
|
|
||||||
|
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
|
||||||
|
# Enable this if you have graphical corruption issues or application crashes after waking
|
||||||
|
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
|
||||||
|
# of just the bare essentials.
|
||||||
|
powerManagement.enable = false;
|
||||||
|
|
||||||
|
# Fine-grained power management. Turns off GPU when not in use.
|
||||||
|
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
|
||||||
|
powerManagement.finegrained = false;
|
||||||
|
|
||||||
|
# Use the NVidia open source kernel module (not to be confused with the
|
||||||
|
# independent third-party "nouveau" open source driver).
|
||||||
|
# Support is limited to the Turing and later architectures. Full list of
|
||||||
|
# supported GPUs is at:
|
||||||
|
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
|
||||||
|
# Only available from driver 515.43.04+
|
||||||
|
# Currently alpha-quality/buggy, so false is currently the recommended setting.
|
||||||
|
open = false;
|
||||||
|
|
||||||
|
# Enable the Nvidia settings menu,
|
||||||
|
# accessible via `nvidia-settings`.
|
||||||
|
nvidiaSettings = true;
|
||||||
|
|
||||||
|
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
||||||
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,70 +1,61 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
#ENC[AES256_GCM,data:y2k8WKDdMW/+lCc7OnJTPd21DZFkjXqRSDRuIHTvN3p8AZ0KB0ERjf5/Fzpgq9wRjktcGMfFRzl9AaLN0DNXLseV5hoeX8pzXrZddA==,iv:hMuTiccA2PSUKGK5bZ9YCGHYgj58+TMbid7/FOXqK6A=,tag:B9A3H4ssQsi3aD/bUvh8IA==,type:comment]
|
#ENC[AES256_GCM,data:UGDccdo5xL48r9VxuaY9QR2jfIdVZ0EZ84SKRO8dyZe7SIhvFUpX2tCEzVUMNPuDgXqoBSvWOP9WTEveunH56GknlOQdhZOYMb7T9Q==,iv:PLaSHpZRCu5xNsmWtz5UY+nTGGPow1YLppKZiZJz/9c=,tag:cePl/udz3BNSjVPqGVpmLg==,type:comment]
|
||||||
cloudflare-dyndns:
|
cloudflare-dyndns:
|
||||||
apiTokenFile: ENC[AES256_GCM,data:AQA6X+GoPgudn+qwGpNnX3PmWNfgYFuvYGbthoOXPTiAs54oPrH6XGyFjGS5skqe9vypjPbl/Zj+z8q4rLGKrZt9cgF5JywoS2pyjscDW9QI74mAS6bcH8eJ/PMLopDYybKEMS8w1cMeGP5J46Uhg2HLJA==,iv:vjzMXBt9NbFcoqzpew/s/h1OXNWEnDLY0JuyASvbojM=,tag:8Ca+0ieZUZ9Wk9Q2UigF0A==,type:str]
|
apiTokenFile: ENC[AES256_GCM,data:6CggP0liJTWfD9HnpD6ALf7a9smRNEbuOYsyU6HnFqDtZj4U/mYzG+9fAv/SM+DYl7eSCdF2xzINyAbAVl6j8g2utEkRiitGEVv29vaQSpIBUFrjl4vJgw/AyXdB9r5fR6XXpc6baeO3ctsjaUmlgRxGmQ==,iv:YYh5sZVwJVKKnuTEbNujm3yL16gfL98pEnwU9ZX8618=,tag:162cpSSAdAZoOiAwPbFlTg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHR0VlFlL21SNzJJQ2F0
|
|
||||||
UUJ3Vy9mem0veTJlV3FKbVNGd1htRHNOQkI4Ckd3QXk5bVR0WmNkaXZUZXBZY0px
|
|
||||||
NTJJZ3NKRDBLZTRJd2xOZ0pBazk2SFEKLS0tIG1zQTlCcUFSUUthaUxLeHlyZWpQ
|
|
||||||
NXBYeUx6bmYwSXFrZlNmZitYM1ZlK28KvKU5iig3qg1tGOX8jDsXjXJ9ly8cP+4y
|
|
||||||
tcsCDuQWxiJ2v2U4FD47iRs2IfxZadYGJM2nOToOKHnuTTSpvNXAVQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZzEyRkZZbTcvOVRLU3JH
|
|
||||||
bWZ4eXdUZlAxQjNkN2c1SzNiQVdkWU1FR24wClYwVjdGYm1xditOYWxIMGNmVDFr
|
|
||||||
cXZLdHhqOS9yNHEzQ29aKzVCNU5uMWMKLS0tIHoveWJmcS80MENxSnVXNlpJN0lx
|
|
||||||
bFNWU3dUTXFkMDZaWjUxWVlVd2x6dkUKKEBaUX/euYu9VEzhudWs4PUb+xVvpjQQ
|
|
||||||
GoOcFJvp+A60X2pK5mDxzgyWWudr+ZjiQNn3A/6XE4KfLhzmmI5Bsg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSkNCTFZaSTYyYjRwN0lP
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORnZQZEI2VU9tdEQ1VkZw
|
||||||
Qzd4R3krZVJlREtueHlqUTBPRTNhcU5ORVNzCmdkYWFUQWRNajB4UEc3bzA2anIr
|
aFFxaThqS2VWVVljejNxNVovMHlNc2ZUdUNvCktyT1pTRGpSK1N3MXpMNFZuVVhL
|
||||||
cm92alRQUWI0UDR2T0c5OTVhZ1hRQ0UKLS0tIFkxUHl1c3psYU1CTUI2NEpmL1hR
|
UCtINGo3SDhSNmwyRkEzVGNTVVFlTE0KLS0tIDhvaFk0SVdHNFlhRkxEb0hLdkdu
|
||||||
VnVacXZDQ3UyR1VoVGVQUzdteDRXRUUKkK9LP5sCjS2t2M+tftUqBh8jqwjmfKU6
|
QTFCVUg5VzJzOUlRcFBlR0puNGVGNlUKpdSYWZZPKq1Vw0pR8suOqqgzxDzKWaMx
|
||||||
HsIaMzELohiV5/91iq5FlIArQe7F5KFQfY3vRfYuh26I6zgqvVUlrA==
|
Aft/TpSuS8m6603HlTw3LUyBOnIYJCFFsGJqVBF6Q1z6U4FPAfNnlA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NEJjblpGK2dGMmJ6OHBu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUzNqQ1U2aWV3WUVUZDdD
|
||||||
bnc0dUg0dXJROUMvQW1mOEcyWlpqb3BzUGc4CjdmT1FkaTdsRndGUXlod1cwSnpm
|
eXNhQUlBdGRndVJ1NXdXZlBNb0VvNzlFYnd3CjlRRm1FWTljL0VMbTB4M21HVDY3
|
||||||
OFNLcjc3NlpPY2ZOMm55Y0ZFSjVpelkKLS0tIDVZV2hmMG1Qd0g1dXFEY0x0ZmhC
|
Y2oyTG50SUtIT29OZjhiZi83OCtpNm8KLS0tIFNYMkErVDFhTHhOVndQdUFHWUxZ
|
||||||
Y3NleUZ2azM0amdHRlplSGtvcWowd1kK+PNq8czpnC5zfwET60aQkNdcUwQopZ9W
|
bG0xMG9heitnUGFNdk5ITWhKNERZbDgKX23jlQyLus3FzDQ55hIyUqqwlLbPeKxV
|
||||||
nUX+QutTCdFoWoCKGsoQK42uXWQheHNtoPT258s2+8SBtdwLIckHgQ==
|
LJHaDfO4IOzIGrWFCwQZpCa8ZgQzUmnpqKZqvdTZuXibZEoyjV6GUA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T25vdlB1VGFBVGdYd3k4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUFRMZHIyY3lFeVNnenky
|
||||||
em42STFmdU9tZW9vVCtTZlBqOFZnUzFHYlZJCnJuSGk0cGlOSkQ1VzlRZ0ZONmlx
|
bG1hdXoxSXo2akR1bGlHSHNZbzFOMGE3cW1FCjdzZUYzRFZrcXZvcTNSc3V5TE5n
|
||||||
bXNkQ0hCaFBrMmt3dXZ2dXZzN09UVGsKLS0tIHo5bnVxcWEyQ2JkMk9qK1pxVW1S
|
T01Tem9oVDdYRlBST2tNNUpZTENOTkkKLS0tIENUdmxBajZpbFRoNXZzRVlvOVpJ
|
||||||
ZnJ0R0hDVDU4WDFVS1Jka0h3b0R4bjAKcJ88Yzxn2HTqEEu0ujVMZGXJpc9jbypI
|
MnlaMHpGUGo1WmVMb2FsZ0o2Q3NuKzQK7n+HqB+7K6drnkNyc863wTfoohk90uWx
|
||||||
hlsDzMESTAlrZx7ZmI+nJw36RolDPRTfteHJFGI8LEx6zGXLcBp3LQ==
|
ehuz7kmZcdnwxpMX6hV2ynUumcVEqfR+jiUuF/eBpuPRQy/eejVm4Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbmdMeGUxaGN1cTFXVlFV
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlSExpSE1hUldqSnJoRDBj
|
||||||
dElYSkVMTm9DMGFLTDRLYzRGQ1dGaUFHSzNRCjk0bkprSHpsUjRRdnNaeWpTbG0y
|
L2xROXd3U2EvZ0xoek8ra1RqdVdaK2s5Q2dZCmdVWmJrZTc3Nis2L0NkSlJQK1pq
|
||||||
T3BKK1h6VWNCMC96Y3lyQ1ZRcW9mL0kKLS0tIG5GaTI5MVkwMkNEWWcvbmZGanYz
|
RmZ3aHU4YVlNcUVEemJsWGNjbEVIdUkKLS0tIEJDcmFmRUtjL3ltUjZKRmMyWW1O
|
||||||
VWIybGRha1dWWUdsaWIxOXRLZkVFNlUKLEQI3HO/7Ia7GoOJOKJVbYkDrevqh7m7
|
VHZzVVZycld5alhKaC9BQ2dweVIweHMKF/qVYH7yvmFBVDyHb1PwJrHyP9Iq1HEg
|
||||||
hjMjnl4RnrcFwq46NuYyruTartHqRPBUHyXdoiMfeHNQQ7QP8A5ZHA==
|
EfiDfZK2acYkW3GsUmH0qS5v55RswYnEg+iiSMNn+Ii6mfI65bVVYw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-30T01:29:21Z"
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
mac: ENC[AES256_GCM,data:8Z5udmxrut2IxaP9kjP7px8CoQYNBIwIhafCWC8y1+LzOJWdITIfL3S/gW8O3xIH27gS0y2CsBSFf3fB9kF0JPapnCMLwNtA/oqNdSqx4p0Jev3mdtfaboF1kGShuDiYUIhMRVk/eiDtNojakVJiMxZzEtdo5YbgRXlfbYw6gTQ=,iv:UHOH6pAVf3VBtVvGn0HijmhbPWv6d64EESMRJkXC48o=,tag:EJfBjV6qZfGNxyCU9XzuHA==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaaTNSWHM1eU92T2VMOXZD
|
||||||
|
b0R5Z2x3WloxOFhyMmkwQXp4U3lNM2xiZHhrCm9mcURMSmtUZ3VHd3lDbnp5dVVR
|
||||||
|
dHJyMkFBODMvbkpzUVl4ZUtxWmIrS1kKLS0tIHJTZ1FaYmlzUEhHWHVaWTVIRC9o
|
||||||
|
MGJLdkJpTkFGclRSZlBOOTVKd3BOa2sKbRf0BdD35bZpr8ESX1+NZ6rWxdI+x7fo
|
||||||
|
A6cIx6j8fVXvsKEipO3r4wSTqWhnY+DMzH9ZPGE5J74sx98DYVm6ig==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-01T00:26:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:U21XeE4vqc96mBq1qmjpMfDZVJZQEXwpHTEjVd4lmbam8XTv5kxK8zYWlDN8WTMqKeYHnInvEdmKnXL+NDt6lDjoDl/97/dUoWJ2xNTBOlJb6C2n11GE+ppzgZBQMj9oWr5IuQ8jiSfTYOF3/zT/sh8SSWmooQ2CrS/B3PyjmwA=,iv:9+Na88c3woPLZcawxH+mFg03Hf8oCaILdRya1CwRMEQ=,tag:eDuSLJtkLzvk+N1ncc/jwQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
21
nixos/modules/nixos/services/cockpit/default.nix
Normal file
21
nixos/modules/nixos/services/cockpit/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.services.cockpit;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.cockpit.enable = mkEnableOption "Cockpit";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.cockpit.enable = true;
|
||||||
|
services.cockpit.openFirewall = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -5,5 +5,9 @@
|
||||||
./cloudflare-dyndns
|
./cloudflare-dyndns
|
||||||
./maddy
|
./maddy
|
||||||
./dnscrypt-proxy2
|
./dnscrypt-proxy2
|
||||||
|
./cockpit
|
||||||
|
./podman
|
||||||
|
./traefik
|
||||||
|
./nfs
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,69 +1,60 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
dnscrypt-proxy2:
|
dnscrypt-proxy2:
|
||||||
forwarding-rules: ENC[AES256_GCM,data:qM6Y19pynqVruwgV7KhRfS1klhsZChZqpVxx0mV1PXSAyTf+9uiVCmpst7ZYIOzOeri4DnG2Pi1L2aOs93tsH7UnbLyKMs0qHO0y5T30clzBclw+VmjGUXJ3iwX0vL9o3fYXZ/WEfZd1vclgKqJmjwNIhqXdf+iYwm/Vlhe6Ib1cb8qUh3H0QqSARwmPw+5ffPjTBRdp+MAu8ZH+9s0lbXipk1l/YoBsd0qs6ID1D8ahTXLaUKabuE4a462Qjat0cx7b88Psam/AxqQXTbujCxAbO9t6rzPgTW79GURoIVddoURPEfWUX+7125RH4bHHZd4dQWPee1d89ikmPIG65x6mGRlI073gGP07x+uNXyvcQVG4GabiJ1xOzlnzT5obySYuH/JKhYMR8meTCQGQKJyCaFjPfOWQYkEHt8xd4/hg3zlC8H+a44th9tNadif0rys3LSx+ltyyEbYyqU6U5vs=,iv:ApcoDgN5uLjqFmWbYZoL21GlKkUwkqRcVxXm20/q8GI=,tag:TxYTmEGcf+183CyzH5cfiQ==,type:str]
|
forwarding-rules: ENC[AES256_GCM,data:I2MOqXfru2V2NDcrMfy8rwjIHKjt8ujk0GpGZRZgPRJv76P0jONja4Ft2b5j53CaM0A0dYHKc4A8ZbZgNzesVEvb5TK+wtQXziST7phRpJOpVPZjgHw3H8HD0l6mX7UmnIbv69e85UELG8Mv3DW7cRHCReelmec27+JNjhjhGUuyiNLdRxCS59D8P3p5Tdci1gMclbeXv+qv2VlWq8eIGMc5w6+0F4vVA9lhGUmWQLORtFOPLSmBn9xtx1R2Bm/itAzG+qJngAaF6o1Zm+lHvCydaddF/YJnsxk+EzwLS2RCb3+noE8cyS3S+eVCpSFmrtYB1MNREEZpBA+fXdkqSKVsNwCUgo2WJY78bPocNwQB9D/kuTnvILba8bC1pVdUH+xo0Ww7LS7j5+bp7xs9qwC9FRKgYKNReSoQn993R8n6VlqtJyqFLXtL55yIp+HSlu16jFiDP4rGjZtkxLQ21Y4=,iv:Jk4JLRzBYEIhoxgsRMXjvDNHVinuR0xjxTVTvED6lFo=,tag:4ILaKfjKM1r6MhYrOyU+Jg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2dSOEIrUUtpbFNUb3Rj
|
|
||||||
TlIyOU9EQlJCVTB4WFNjWDAwVGVpMUluV25vCnpvaXVqckIrUit6Q2NGb3Q5bnF0
|
|
||||||
ZG9JRy9VdVRLS0J3Vys4UEFZcndRU28KLS0tIGlIcFpMYXIzOEVBZ3cvbVJ2MFBl
|
|
||||||
cWtPNHRmSDNUVXJ3NUVPN3crYUVRREEKQxhNUNBYizl6qNo/JKdHeOLAn6/V2xfA
|
|
||||||
sHtn9fq0lhpWQ5oaSUOP9GHZVhEkP+fRJfK+QULEiR52zr2pYj8jMA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajZoNzE4VWhCK0E3aHNq
|
|
||||||
RUZ0TFFMejNjUmhSS2lZQnR0RHhZUzAwcERNCndUYnFPZnhuelptVUNaUWdkTWFk
|
|
||||||
R05mcXE3REcrNEJndGphTXhESW8vam8KLS0tIFMzSXFBUEY4N0d5eWN3b3IvQnFV
|
|
||||||
K21tS3FnbWZsRHVyZHI5d1NyN3c0b0kKfHq1QUZwgmIA/3cHOJuTWN99hwm2kI1p
|
|
||||||
emBoeNukVvjOgqUCEBG/O4GMHlc6BmmimnSiULg65eIyFEAdLOsBOA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZVExakR2VUVCODVoZ0tm
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbkZmSGlyMTJ6RjlGWENX
|
||||||
WnBsNXdjTXVRejFBUzVLN0s3aGgzV2pJb2pzCmpTdnhpb2h0c25TdDBSemxHS2xh
|
SUc3SU1MbGZMVmRuUWJIb2xQQlA5UFdGeDBZCmp3Y2o1Lzc4TnR4RXJTa1Rxdk5w
|
||||||
ekR0QlJLUk9JY3VqTzJVSWdZa0UrYW8KLS0tIGFjVmxDbjdXdHptK1RxZCtxcDFR
|
LzFFbUx2Q25QZUk3bklDVEVOajdPYk0KLS0tIHlBalM2RlFKQ1NKNFZHVXFUQWtV
|
||||||
NUxNNUtkQzlvTHhadS9JelFOSWI4ODQKdFjY8uyoOrRXa37M3d6qqY5zsB6UxOLv
|
VDNnQkp6ZTkwSW1peXJJTVN6TGtxYVkKDCpef2RICaAf1mSkW9V8i7siPP+gXa5r
|
||||||
d/hfiFATBbGGdj5B3AyQV8yIWTBt+k9og7wh8GVhzrkje5eJx3qMqA==
|
SNOlY5EDDU9wQ54GEWJHMz7kzaAAPQH4hXz1JdoO+Z2P2yr7pLdjAg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OGxhc054cTh1VU55eUtE
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVk5jeklpdEhLTERqWnhO
|
||||||
aklYUVI3RUhYdy9WdzhMV2dkU0FYZi9uakEwCkFPQ2lVeDNEcXVvRUV2czI5M1dS
|
ZkZsRytWNk1MUlBrSW8xTlpOOW5xWUZlbnpZClhKNDRRTE0yWXNnRHljckIzM2tY
|
||||||
d3g2R29YRHJpMXRWMlZxT25JazBab2cKLS0tIExPYWhZUktycmtNMndXVFlHcnNH
|
OVlWWlYxVGNFcitORFdmbnlUTkJkZ2sKLS0tIEFETndzSktuYlpmK3NmL2Q1L3A5
|
||||||
U2RXdlk0VThxb0hYOTR6U3dTZW5RNHcKy4iJe/O5O00Otvf7bh48+cCbhEhctu69
|
NzJLa2ZuUHppOExxZGhnandMRHR0N0kK/zHkmxJIFH5D88z92QkKrDrGApj2QGoU
|
||||||
zzrNyHgd7T1cCTd1YdgR+cuwqBLDW1br8ATh8w6Fj41gtvB8mrzXVw==
|
LkvIOSgGjEy2juzsGsjVJdu/61g7iaGO6IpHktuniyEgwnLwn+ApOw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNVFaYU1jZDhHbGRndWtZ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSDNpQ0ZBS3FqZlFKelVr
|
||||||
aS9wNnpWanBxc3Jtc1lsNXZRVGR5bDhyRXprCkVhWEIzT3JHcjFueDM0emlobFVD
|
NGRYdW9QNVA0THVLdGdQZElRVndmcmFoMzE4CmVUcVlLdGZuYi9XU0YydFNWLzBD
|
||||||
dTBqUXNnaTBMUk1sZlJ2a09SWHhQbzAKLS0tIHV0WS9TcmYxR043S1ExZHhsc3pl
|
M3pLWmlDV0Vld3k2SXoyRkJ6a1hIWVEKLS0tIHJQamFiZklzby9UQlROVTFPT0tt
|
||||||
ZFRDOWhGbmlwR2hqT0swVm5RQWdxZjQK/kWd22+oqeZ3jVgpFiJYJbdbhnOTVTSg
|
dnhReTcxeDE0NE1RNWRMN3JCOXVMTFkK8koum0Wlxgo52yDTRYCRFToQw16+iXFu
|
||||||
lBw1CGoxXlHgXMjjbAQVdFk7n8uLxIjhcV3WZyFVAYdEQ+QQUmXUyw==
|
+bzDHf9DjqvZzkZH2gEeS33meexZxyUcD/nWUQvyNcbhVO49tIb90w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZ2lWY0FiYytiM1YvRmox
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSR3M5VG9GaDkyK21wOVda
|
||||||
NDIwVlpNWWx4L0p5MTA4N214a0lqTGhjaHg0CmtwSGZxWTRrcDBiaEVNUUZNMmM4
|
WnluaERvelJ6bS9raS9DLzBCMXc1S1g1djBRCmhWYVdFeEY0bmpKSnN2bjBOKzQ4
|
||||||
VFd2Tm95Z2dTemtkLzY1WmdSUllBRjAKLS0tIFpqTDhXTW1mZ1FwYVZxbEZNdjRL
|
ckpoNGNmY0hLSTRBT2txQnEyY0hBTGsKLS0tIHY3NWN4RjRJVkdlN3JrS2krZXdn
|
||||||
YTNLREliQjJudW4rZCt3VzZYMGhoUFUKvMQEXnUNDd/RBv/zo+05d/znEZqaWONj
|
UVNSN29uQlh4WEVRVWd0a1FBNGY4VjQKMG2zUS+jehQGNo1OI2gQF0InKDzd15PM
|
||||||
BjisOFvPYDodU/hUYGCxrdiKx4CxMhrtOjZjVxF25BMbH7m+XeNLHw==
|
wyyitNB3Lh5JViREQHbYe2DrDA15W6iV5bTIzzf9zToR6+ouRBgzFA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-30T01:29:21Z"
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
mac: ENC[AES256_GCM,data:j/ofDZ5Ky8xGkQU5ciGDPWDO8WchRl7ii4aWKhLZsPRojCYDEq7uQEKVeXl8QRjeDpFiFsGVlapKpLKbdCnANxHFgwPDR4sM+cBgqP5IRagTYo+4PyXNz7gjeVDnboB0rI80TrSd9uWcBU+1mkSuzLlUiXZQ2Uo00Tnkf7xIcBk=,iv:HX4//Q5uNbLfUePXGQOjt+zuFqPL3iTl9zRD8tGZXWU=,tag:cQccCSJ2QRQA5hy/LQFgTQ==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcnd3d2JoWWtldXVQc0sr
|
||||||
|
bEkrYXN3OXVGZWFLNHlPenQ0eW1ISjNKK1ZRCjdxUWI0bUttRzlUOHRrZFhpd2Fq
|
||||||
|
TjFmWTNBWFJFOWluam9vOEQwNEVHQ2sKLS0tIFJlTFp0Z2VVRm02OGp2R0IwTUdT
|
||||||
|
dkEybVp1OEhZR0JURFJqRW5nSURxME0KZcZj9YFuSvqM5bXbZQy44t4630p2aaAw
|
||||||
|
H/yhO37jNToYUpmsbpCEYcZPfjkHkc/gKPyTcKSsUFusQAds1q6/Cg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-01T00:26:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:+bAkGkkh+sPnZlG+E8+5/tZxX3W6yBTB/mSUeHKsEjv2ymo4HU5Vdef3iw4xnLBK/Kh94R0AQLd/jRJ8034Z07qBjCHttl9k5tRWyG1qZeEzZX8OOggig3PuiLv9hE0fJ+D0MX7rDy6XMyUDmaB46/TKiYPmlh8WOCB4yjjRr+Q=,iv:CsRGS8swKLEy0x3njmY+ExICDp97P9xdg0ERLonRKoQ=,tag:GYJIMpWXnOcktIL8GMUYfQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,69 +1,60 @@
|
||||||
system:
|
system:
|
||||||
mail:
|
mail:
|
||||||
maddy:
|
maddy:
|
||||||
envFile: ENC[AES256_GCM,data:Wo+iP0IzT71mtQwTX8u4klf+Jw126+ovm3neZKlRKDxXt2GT1TR7DTXzdUIskhfVyXSS5K8VbHb/+vZgDJ8jqoIGRxd3CSnH/f5zevHzPgz8LOpXc+4pVDqQzuTqS2XFI9JPLZpiXmcrJ0aSGeupTK1vkS+KvezJNbtRCar+uRVH0Cw=,iv:qK0mHWnpnDrYl+Ovc8HlmfWgLUvhHaTEXRqvkeWuMSk=,tag:Yh9jIlt2IxK68Mi2xOa0oA==,type:str]
|
envFile: ENC[AES256_GCM,data:43LVInxptreur8lHPNz5494OrGhe2aKqy//bDd9n4Pb9bMYnmN2hru64TpOCeKb4b7KUDrp5kWXdy9Q0njpdbdBprgKFXygVw8JuB1aDYlv9+RN2JntIa3dAhsgL26d8VC67tjsMXZUcinR69I3SfIVp0o2T45WhG4IT1rnBWX0mGug=,iv:Uy6OaCzayAqMhvFCF4Ho5Om810Qxi2yFIqmz6NU3L8Q=,tag:WizECPn2ip3dQ0gidMaHyQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGhnSDc3N3M0MjY4TGsv
|
|
||||||
MkFtUGpGWGFZN1JiZ2VKTC8vUnlOd0s3bzFFCktCTDdmekhpUm1ZNzVYaUN6c1ht
|
|
||||||
czVtVXdGSGU3T0FLNGJ2Y0cwY2cyWDgKLS0tIGZTRHBBeU1DN0xtYXpzcE5aczJr
|
|
||||||
QVhRSXZOTHUvOWh0cGFOcTR5R2ZsK2cKD5fNP6Oa6W/OJck3FbYn6R5nYS2UoF8I
|
|
||||||
aOUIN98e15BaSFaOc8kmqkNZC4mKMHKaBJH2NqpbwyDP4iwLbRtP4Q==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMUluUk41a25heEkyUm1U
|
|
||||||
TDdPbHpvUi9hMG03RDBKTjVZSUY4K1p2ZkJNCmRqRWFDKzg0QVU0dGJtWUYzZThJ
|
|
||||||
RCtNYWtyNEJyNHMybVlTc2FoMWtmMWsKLS0tIFEzVDQySmNLTlNONHJZVWlSbm5G
|
|
||||||
cWE5bVZBN1ZmV0JkVXJXbzdldXU3ZnMK7EV7u1lewpEsurScWTKVscYMo9dmSoUl
|
|
||||||
O0kLRmRR4NEzuYzCFJ3JVaxTrPlMJM9C3Mwo3LsSDLCXSQ71JWiOZQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd1ZFcjhkNnJXRjZPY3FO
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcUtQcU56aGhOU3hDRis2
|
||||||
UFVmT05CTWt1dXhjSit6QmlabHJOMTMyQW1VCjY3RTR2UGVJMFBYWlZnK29yejNw
|
bGFkUFhnT3BUSFhOWFFydnI4SmdkKzlJRlR3Cjh1MkRyS0tFeEM3bWhhNnFmSWNC
|
||||||
WjRXT2NpMC9ZL1pldHRhRGk4TlAyK3cKLS0tIFgyVUhxRVh5UFdPOTRHQ0ZMMjVy
|
UzhSRjJiN1VpTlNJUWkvcU54T0MyR0UKLS0tIHhNNHNBaXhvaGtIdE10YUo2MnZi
|
||||||
aUwyczEydHNnTG9KZEk2cjFNaFBOTmsKqd5MtgAJ1aKqk9Miq9ot2garqMxtFjdJ
|
VEdEczl3b2UxZldBWkVzRWZ2RzZkZHMKofrWTXa5aedNl7uVVQF3TbysG2L6mtb/
|
||||||
1IvxprhYiPCgvhYtEbPlyCKtM/kdEGCplX3BwVOvhAU8CbyNb8zyug==
|
5hYiKHsdgPyxQWL3V727GM7xhS5Jd/O/F3Nc8zGCgCCGmBe3Uf5+nA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSHp1K3UzMXRXV3ZMRDRI
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bUFTeE9sMHVBN1RmNWhj
|
||||||
dllLWGF3NG5JOExac3BXamc3ZjRzWkFobGprCloxUzRZNU1kZ29GUWhZa2pXbUtl
|
czdaMjBjb2grTk1XWUp5emx4Q2ZsSHpIL0VjCnBVUnE2QjdTTUNON09qRkpnMEVs
|
||||||
MDZpL3NPL1hpdGtsSjBqQWpHUndpMDAKLS0tIHJBYmJPTGRxV0V6TWJiSG9iNjNZ
|
SmRoUFpmMmlZSGpyVGZIV3Q0MDMvUTAKLS0tIEI1ck5ySVhWemdpdnE1NUxCZ0Zt
|
||||||
SWNQSkV2SHJHSHNFc1BIMGpabXlwLzAKQSI0Yo71Rt1eUHUKZZHsrTJenq3ooB3i
|
eWtodW5yeG9tR2xCSTNRcTFaNDRkMXMKmuIyJlHmU7gL/iqn0L55TfCZ32/LRnLz
|
||||||
7aLQqN6jp2ZwfOPh0/HBB1HWy6AWJoWkJZb+zKXTn0v+kx9NHU43ow==
|
aZ9vqWGNvXjF4UsmhC1ChI3wUaAgXGvWl0roym/d3BTDV/rrIG31Hw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ2ZaQU5waXFMRW9oOFZ4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcUxpSFR2WGNEMHQ0QTcz
|
||||||
SHZwSzBVK3lGR3czUTJKbStWSTQvVjd1NVZzClF3L2ZDTDViQXhsZThKUXA0M0ZB
|
dTYzdWhRTEdwYW5sUTFMZkZPNTRnbmFnekJvCllTOFNMTk9MTGJRWFdGaGhBUlkx
|
||||||
SmZaYU1iTVJ3b1ZkekM0STdWZmlGSzgKLS0tIFY2a3lCUUlZM3pnRGdxSzVOSGdE
|
WVZDVGNWZ1BPRFVwLzVFbklyVzYzTGsKLS0tIEprLy9IQ3ZycGJySWoxRG5QdFU4
|
||||||
bWRpL0lvMXRRNC93eFZEaEt3TE9vTnMKhzXsQiwzuxRLKAwsgn0GMyxNQHHJQpnJ
|
azRaYnNhNzlHWFlpTGloc1JyS3dOWEUKcGY320t9R7z7wM1ebUF3QQdQzB0FMZtX
|
||||||
R3dnLC5FjDnr2u4LFeMlgWVWb6sd08GlBTgBCzGujNFo+qgvTsyNUQ==
|
W45AWV+CWVce9qBm9OFVwluiJQD+m1BxLVxM1EmaNBBsT7PUleserg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcEd4OWJGVjkzWVJLNGQw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMUROaDE2NDhzUTJYTThj
|
||||||
ZDkzNFd3a3VrQW9uMnIvS3ZwUmx5TGp2b0FrCkdjaEJRNVo3ZDM3TnFvRDlPRFph
|
U0loNnpKUTJrWkVmeEI3Uk9tN2gzNm5ZYVVzCkhCNWcyL29SVTB5UjVnNHlrNy9Y
|
||||||
V2dkUUhvYUdlSDY1TG91dlZNeCtPYmMKLS0tIG1JOWRmbFd0b2xaQkJaNjlXcjJK
|
Z2wrd1RudnRoYjRhZUJoUzdzVm9KemcKLS0tIFQvbzUwQ0lDcko0VHRPVDRFckFk
|
||||||
KzNZbGVUVXdweTFmYXdxWm9Oa05GbDAKGB7SVhd13AukH44aGPMNx3aXxXI0iQNI
|
T1RYa2J6V2FqRjUwb1ZpaHBBa2kvMncKwI9MAHNrZUD/3bEqYQ7bE65cZt9JAQ2p
|
||||||
UtAwlxSakIZ2OSb6A+BJNG68Joy8dEBp23JY+l5wGnKkPNbWIYSqbg==
|
s0nPt+izl384aYuEeOP2uGW7GyaSvG8sVytpyxOZ4DIAWdjzoWLxbQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-30T01:29:20Z"
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
mac: ENC[AES256_GCM,data:P7huPF/xSFJdbsM58kPaZqwA5LufakR9rHPQk7I4+WfKocJDxLDKknsTXvKqsEi/hnii2uFkahp+J8nTAGBjqENAdFx2ux+j++Z5dfOf/Ipl1PWZxjUKnB6SaflSja6PTsULLUl8ZiR0b6O0fitgyvaUdYsdQqVsi/VdCTTUxe8=,iv:BVmTyDkhYDW4hu5ebcytaLqAtau91KRjSg+jsHOwD5I=,tag:5sOALgUX8z0DqD0yRESerQ==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTEZlUmlRSjRxNWdpSVY3
|
||||||
|
TXl4SGZZYW1lVkRqa1VON3k5TWJCTjFacXhvCkxRR3RqbnBxemQzMUs1NW5EczVm
|
||||||
|
OWtTQm9zWkdiWmFGdHZKdU52aG5jQU0KLS0tIFEzellhYWFnSFJaZmRlVjlpeWNX
|
||||||
|
bTd2MExRU3Z5QzY5dEdEdzUvN2R4QzAKqOsV6f+NrCiOqELmJ5JJNnkxVKp3kQwy
|
||||||
|
MEkudjQ3tj+iw8C5tlIsixnT2Azbj3FcSAdTwPc1yRQ5WCyf6VTA5w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-01T00:26:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:e2S19cJ1yA3J7UAOdMR0zqUx5KMzNg+JZ46Ux21Ph/8d9CXfRo1avHwl6EtWdSaMdLUHDqwzR+7fp1NVcP/fYBOhjHLhOgV1IWBfqA1Vche2MffQyi2dPYiDX7idHsh2eW3PhhXi821YtWEqv2Rmiani9gQJTjyXJkghy5JbbHw=,iv:FNveFjSPp1byfvuKy43DUjELoUu+axuElSa3RXAdV/Y=,tag:B03Hpaib8dVcFMD16vkYmA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
38
nixos/modules/nixos/services/nfs/default.nix
Normal file
38
nixos/modules/nixos/services/nfs/default.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.nfs.nas;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.nfs.nas.enable = mkEnableOption "Mount NAS";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable
|
||||||
|
{
|
||||||
|
|
||||||
|
services.rpcbind.enable = true; # needed for NFS
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [ nfs-utils ];
|
||||||
|
|
||||||
|
systemd.mounts = [{
|
||||||
|
type = "nfs";
|
||||||
|
mountConfig = {
|
||||||
|
Options = "noatime";
|
||||||
|
};
|
||||||
|
what = "helios:/tank";
|
||||||
|
where = "/mnt/nas";
|
||||||
|
}];
|
||||||
|
|
||||||
|
systemd.automounts = [{
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
automountConfig = {
|
||||||
|
TimeoutIdleSec = "600";
|
||||||
|
};
|
||||||
|
where = "/mnt/nas";
|
||||||
|
}];
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
30
nixos/modules/nixos/services/podman/default.nix
Normal file
30
nixos/modules/nixos/services/podman/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.services.podman;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.podman.enable = mkEnableOption "Podman";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable
|
||||||
|
{
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
dockerCompat = true;
|
||||||
|
extraPackages = [ pkgs.zfs ];
|
||||||
|
defaultNetwork.settings = {
|
||||||
|
dns_enabled = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers = {
|
||||||
|
backend = "podman";
|
||||||
|
};
|
||||||
|
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
28
nixos/modules/nixos/services/traefik/default.nix
Normal file
28
nixos/modules/nixos/services/traefik/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.services.traefik;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
services.traefik = {
|
||||||
|
enable = true;
|
||||||
|
staticConfigOptions = {
|
||||||
|
api.dashboard = true;
|
||||||
|
api.insecure = true;
|
||||||
|
|
||||||
|
serversTransport = {
|
||||||
|
# Disable backend certificate verification.
|
||||||
|
insecureSkipVerify = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,21 +0,0 @@
|
||||||
{ lib
|
|
||||||
, config
|
|
||||||
, pkgs
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.xx.yy;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.mySystem.xx.yy.enable = mkEnableOption "<INSERT DESCRIPTION>";
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
|
|
||||||
# CONFIG HERE
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
|
@ -5,6 +5,8 @@
|
||||||
# deploy-rs overlay
|
# deploy-rs overlay
|
||||||
deploy-rs = inputs.deploy-rs.overlays.default;
|
deploy-rs = inputs.deploy-rs.overlays.default;
|
||||||
|
|
||||||
|
nur = inputs.nur.overlay;
|
||||||
|
|
||||||
# The unstable nixpkgs set (declared in the flake inputs) will
|
# The unstable nixpkgs set (declared in the flake inputs) will
|
||||||
# be accessible through 'pkgs.unstable'
|
# be accessible through 'pkgs.unstable'
|
||||||
unstable-packages = final: _prev: {
|
unstable-packages = final: _prev: {
|
||||||
|
|
|
@ -29,7 +29,9 @@ with lib;
|
||||||
# But wont enable plugins globally, leave them for workstations
|
# But wont enable plugins globally, leave them for workstations
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# required for yubico
|
||||||
|
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -19,14 +19,14 @@ in
|
||||||
"network"
|
"network"
|
||||||
"samba-users"
|
"samba-users"
|
||||||
"docker"
|
"docker"
|
||||||
|
"audio" # pulseaudio
|
||||||
];
|
];
|
||||||
|
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
|
||||||
];
|
]; # TODO do i move to ingest github creds?
|
||||||
|
|
||||||
# packages = [ pkgs.home-manager ];
|
# packages = [ pkgs.home-manager ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager?
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
# Enable module for NVIDIA graphics
|
||||||
|
mySystem.hardware.nvidia.enable = true;
|
||||||
|
|
||||||
mySystem.system.packages = with pkgs; [
|
mySystem.system.packages = with pkgs; [
|
||||||
ntfs3g
|
ntfs3g
|
||||||
];
|
];
|
||||||
|
@ -29,46 +32,5 @@ with lib;
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
|
||||||
|
|
||||||
# ref: https://nixos.wiki/wiki/Nvidia
|
|
||||||
# Enable OpenGL
|
|
||||||
hardware.opengl = {
|
|
||||||
enable = true;
|
|
||||||
driSupport = true;
|
|
||||||
driSupport32Bit = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
hardware.nvidia = {
|
|
||||||
|
|
||||||
# Modesetting is required.
|
|
||||||
modesetting.enable = true;
|
|
||||||
|
|
||||||
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
|
|
||||||
# Enable this if you have graphical corruption issues or application crashes after waking
|
|
||||||
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
|
|
||||||
# of just the bare essentials.
|
|
||||||
powerManagement.enable = false;
|
|
||||||
|
|
||||||
# Fine-grained power management. Turns off GPU when not in use.
|
|
||||||
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
|
|
||||||
powerManagement.finegrained = false;
|
|
||||||
|
|
||||||
# Use the NVidia open source kernel module (not to be confused with the
|
|
||||||
# independent third-party "nouveau" open source driver).
|
|
||||||
# Support is limited to the Turing and later architectures. Full list of
|
|
||||||
# supported GPUs is at:
|
|
||||||
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
|
|
||||||
# Only available from driver 515.43.04+
|
|
||||||
# Currently alpha-quality/buggy, so false is currently the recommended setting.
|
|
||||||
open = false;
|
|
||||||
|
|
||||||
# Enable the Nvidia settings menu,
|
|
||||||
# accessible via `nvidia-settings`.
|
|
||||||
nvidiaSettings = true;
|
|
||||||
|
|
||||||
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
30
nixos/profiles/hw-generic-x86.nix
Normal file
30
nixos/profiles/hw-generic-x86.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ config, lib, pkgs, imports, boot, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
mySystem.system.packages = with pkgs; [
|
||||||
|
ntfs3g
|
||||||
|
];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# for managing/mounting ntfs
|
||||||
|
supportedFilesystems = [ "ntfs" ];
|
||||||
|
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
# why not ensure we can memtest workstatons easily?
|
||||||
|
grub.memtest86.enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
||||||
|
}
|
|
@ -15,8 +15,8 @@ with config;
|
||||||
# Lets see if fish everywhere is OK on the pi's
|
# Lets see if fish everywhere is OK on the pi's
|
||||||
# TODO decide if i drop to bash on pis?
|
# TODO decide if i drop to bash on pis?
|
||||||
shell.fish.enable = true;
|
shell.fish.enable = true;
|
||||||
# But wont enable plugins globally, leave them for workstations
|
|
||||||
|
|
||||||
|
nfs.nas.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
Reference in a new issue