Compare commits
No commits in common. "6c09df8fa0147c3dd3b928b89d449b2db02f4051" and "544ea1236dd87bd27aac54170f11ff42eb404ae1" have entirely different histories.
6c09df8fa0
...
544ea1236d
|
@ -1,5 +0,0 @@
|
|||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
@ -7,7 +7,7 @@
|
|||
];
|
||||
|
||||
sops.secrets."smb/secrets" = {
|
||||
owner = config.profile.user.name;
|
||||
owner = config.users.users.tigor.name;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
|
@ -15,10 +15,10 @@
|
|||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
system.fsPackages = [ pkgs.bindfs pkgs.cifs-utils ];
|
||||
system.fsPackages = [ pkgs.bindfs ];
|
||||
fileSystems."/nas" =
|
||||
{
|
||||
device = "//192.168.100.5/nas";
|
||||
device = "//192.168.100.5/wd_red_1";
|
||||
fsType = "cifs";
|
||||
options = [
|
||||
"_netdev"
|
||||
|
@ -27,8 +27,8 @@
|
|||
"x-systemd.idle-timeout=60"
|
||||
"x-systemd.device-timeout=5s"
|
||||
"x-systemd.mount-timeout=5s"
|
||||
"uid=${toString config.profile.user.uid}"
|
||||
"gid=${toString config.profile.user.gid}"
|
||||
"uid=1000"
|
||||
"gid=100"
|
||||
"credentials=${config.sops.secrets."smb/secrets".path}"
|
||||
];
|
||||
};
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
./hyprland.nix
|
||||
./docker.nix
|
||||
./podman.nix
|
||||
./services.nix
|
||||
];
|
||||
options.profile = {
|
||||
|
||||
|
|
|
@ -6,6 +6,5 @@
|
|||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,6 +6,5 @@
|
|||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption;
|
||||
in
|
||||
{
|
||||
options.profile.services = {
|
||||
caddy.enable = mkEnableOption "caddy";
|
||||
cockpit.enable = mkEnableOption "cockpit";
|
||||
forgejo.enable = mkEnableOption "forgejo";
|
||||
kavita.enable = mkEnableOption "kavita";
|
||||
samba.enable = mkEnableOption "samba";
|
||||
};
|
||||
}
|
|
@ -48,19 +48,5 @@
|
|||
brightnessctl.enable = true;
|
||||
keyboard.language.japanese = true;
|
||||
|
||||
mpris-proxy.enable = true;
|
||||
kitty.enable = true;
|
||||
neovide.enable = true;
|
||||
spotify.enable = true;
|
||||
vscode.enable = true;
|
||||
jellyfin.enable = false;
|
||||
mpv.enable = true;
|
||||
go.enable = true;
|
||||
chromium.enable = true;
|
||||
bitwarden.enable = true;
|
||||
dbeaver.enable = true;
|
||||
|
||||
microsoft-edge.enable = true;
|
||||
nextcloud.enable = false;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,28 +17,17 @@
|
|||
audio.enable = false;
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
podman = {
|
||||
enable = false;
|
||||
};
|
||||
openssh.enable = true;
|
||||
go.enable = true;
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
cockpit.enable = true;
|
||||
cockpit.enable = false;
|
||||
docker = {
|
||||
enable = false;
|
||||
caddy.enable = false;
|
||||
kavita.enable = false;
|
||||
};
|
||||
podman = {
|
||||
enable = true;
|
||||
caddy.enable = false;
|
||||
kavita.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
caddy.enable = true;
|
||||
cockpit.enable = true;
|
||||
forgejo.enable = true;
|
||||
kavita.enable = true;
|
||||
samba.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
|
||||
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK1lrMkJlNmJwK3ZvSjhz
|
||||
VnFQa2xMdEt0dU9pRlQxbWZIT09ObVI2cUNBCkx2UnBQOTFRYkhXR0pyWGgxdVIr
|
||||
R3NvZDBTU3lIY3RHZkxKRDQzRWhmYUUKLS0tIDJtNFc2VzRNQVdxZ0kxME91Um9p
|
||||
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
|
||||
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-13T06:44:09Z"
|
||||
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,7 +1,7 @@
|
|||
gnome-keyring:
|
||||
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
|
||||
smb:
|
||||
secrets: ENC[AES256_GCM,data:2XiBlll1fhr2N7CYfMmqVR6INm5j1B0dUhhLUDUmHH/Med0XzWrqh+0Fme7CTt3mdnbIO+AOe0U=,iv:jhWoP97kyGwDicB0CV2B0ppNB8JlFrajsnhvJsUv7FE=,tag:Alo0zX0AqbjziGflNFvepw==,type:str]
|
||||
secrets: ENC[AES256_GCM,data:DKG6wjW/gBLX4cqisodnCX5OO6vVMQFerlAzlvW434xLQjHfn/SyTr3D/8GOSsMO,iv:4Qqdg2bDzNeCNeLifySfxwN/rA+qcAG0JSjt8ByFG/o=,tag:ALOoJ7h3EtjRIHskBfIouA==,type:str]
|
||||
spotify:
|
||||
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||
|
@ -23,8 +23,8 @@ sops:
|
|||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-13T09:09:57Z"
|
||||
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
|
||||
lastmodified: "2024-06-12T16:32:51Z"
|
||||
mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -4,8 +4,7 @@
|
|||
profile-path
|
||||
hardware-configuration
|
||||
./modules
|
||||
./services
|
||||
./podman
|
||||
# ./podman
|
||||
./docker
|
||||
./programs.nix
|
||||
./user.nix
|
||||
|
|
|
@ -11,6 +11,5 @@ in
|
|||
|
||||
imports = [
|
||||
./caddy.nix
|
||||
./kavita.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
user = config.profile.user;
|
||||
docker = config.profile.docker;
|
||||
volume = "/nas/kavita";
|
||||
image = "lscr.io/linuxserver/kavita:latest";
|
||||
gid = toString user.gid;
|
||||
uid = toString user.uid;
|
||||
in
|
||||
{
|
||||
config = lib.mkIf (docker.enable && docker.kavita.enable) {
|
||||
system.activationScripts.docker-kavita = ''
|
||||
mkdir -p ${volume}
|
||||
chown -R ${user.name}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.kavita = {
|
||||
inherit image;
|
||||
environment = {
|
||||
PUID = uid;
|
||||
PGID = gid;
|
||||
TZ = "Asia/Jakarta";
|
||||
};
|
||||
ports = [ "5000:5000" ];
|
||||
autoStart = true;
|
||||
volumes = [
|
||||
"${volume}/config:/config"
|
||||
"${volume}/library:/library"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,16 +1,13 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.services.cockpit;
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.profile.cockpit;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = lib.mkIf config.profile.podman.enable [
|
||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||
];
|
||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
||||
reverse_proxy 0.0.0.0:9090
|
||||
'';
|
||||
services.udisks2.enable = true;
|
||||
services.cockpit = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
|
@ -7,6 +7,7 @@
|
|||
./bluetooth.nix
|
||||
./boot_loader.nix
|
||||
./brightnessctl.nix
|
||||
./cockpit.nix
|
||||
./flatpak.nix
|
||||
./font.nix
|
||||
./gnome.nix
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
owner = config.profile.user.name;
|
||||
owner = "tigor";
|
||||
in
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -31,6 +31,10 @@ in
|
|||
extraOptions = [
|
||||
"--network=caddy"
|
||||
];
|
||||
labels = {
|
||||
"caddy" = "cockpit.tigor.web.id";
|
||||
"caddy.reverse_proxy" = "hosts.container.internal:9090";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,7 +4,6 @@ let
|
|||
in
|
||||
{
|
||||
config = lib.mkIf cfg.enable {
|
||||
# services.caddy.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
dive # look into docker image layers
|
||||
podman-tui # status of containers in the terminal
|
||||
|
@ -29,6 +28,5 @@ in
|
|||
|
||||
imports = [
|
||||
./caddy.nix
|
||||
./kavita.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
user = config.profile.user;
|
||||
podman = config.profile.podman;
|
||||
volume = "/nas/kavita";
|
||||
image = "lscr.io/linuxserver/kavita:latest";
|
||||
gid = toString user.gid;
|
||||
uid = toString user.uid;
|
||||
gateway = "10.1.1.1";
|
||||
subnet = "10.1.1.0/24";
|
||||
ip = "10.1.1.3";
|
||||
ip-range = "10.1.1.3/25";
|
||||
in
|
||||
{
|
||||
config = lib.mkIf (podman.enable && podman.kavita.enable) {
|
||||
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
|
||||
reverse_proxy ${ip}:5000
|
||||
'';
|
||||
|
||||
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
|
||||
serviceConfig.Type = "oneshot";
|
||||
wantedBy = [ "${backend}-kavita.service" ];
|
||||
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
|
||||
};
|
||||
|
||||
system.activationScripts.docker-kavita = ''
|
||||
mkdir -p ${volume}
|
||||
chown -R ${user.name}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.kavita = {
|
||||
inherit image;
|
||||
environment = {
|
||||
PUID = uid;
|
||||
PGID = gid;
|
||||
TZ = "Asia/Jakarta";
|
||||
};
|
||||
extraOptions = [
|
||||
"--network=kavita"
|
||||
"--ip=${ip}"
|
||||
];
|
||||
autoStart = true;
|
||||
volumes = [
|
||||
"${volume}/config:/config"
|
||||
"${volume}/library:/library"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.caddy;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
import /etc/caddy/sites-enabled/*
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./caddy.nix
|
||||
./cockpit.nix
|
||||
./forgejo.nix
|
||||
./samba.nix
|
||||
];
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.forgejo;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
|
||||
reverse_proxy * unix//run/forgejo/forgejo.sock
|
||||
'';
|
||||
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
PROTOCOL = "http+unix";
|
||||
SSH_PORT = 2222;
|
||||
DOMAIN = "git.tigor.web.id";
|
||||
HTTP_PORT = 443;
|
||||
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
};
|
||||
session.COOKIE_SECURE = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
|
||||
};
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.samba;
|
||||
user = config.profile.user;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
services.samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = smbnix
|
||||
netbios name = smbnix
|
||||
security = user
|
||||
guest account = ${user.name}
|
||||
'';
|
||||
shares = {
|
||||
nas = {
|
||||
path = "/nas";
|
||||
browsable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "yes";
|
||||
"create mask" = "0777";
|
||||
"directory mask" = "0777";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.samba-wsdd = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue