Compare commits

..

No commits in common. "6c09df8fa0147c3dd3b928b89d449b2db02f4051" and "544ea1236dd87bd27aac54170f11ff42eb404ae1" have entirely different histories.

23 changed files with 24 additions and 267 deletions

View file

@ -1,5 +0,0 @@
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll

View file

@ -7,7 +7,7 @@
];
sops.secrets."smb/secrets" = {
owner = config.profile.user.name;
owner = config.users.users.tigor.name;
};
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
@ -15,10 +15,10 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
system.fsPackages = [ pkgs.bindfs pkgs.cifs-utils ];
system.fsPackages = [ pkgs.bindfs ];
fileSystems."/nas" =
{
device = "//192.168.100.5/nas";
device = "//192.168.100.5/wd_red_1";
fsType = "cifs";
options = [
"_netdev"
@ -27,8 +27,8 @@
"x-systemd.idle-timeout=60"
"x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s"
"uid=${toString config.profile.user.uid}"
"gid=${toString config.profile.user.gid}"
"uid=1000"
"gid=100"
"credentials=${config.sops.secrets."smb/secrets".path}"
];
};

View file

@ -5,7 +5,6 @@
./hyprland.nix
./docker.nix
./podman.nix
./services.nix
];
options.profile = {

View file

@ -6,6 +6,5 @@
type = lib.types.bool;
default = true;
};
kavita.enable = lib.mkEnableOption "kavita docker";
};
}

View file

@ -6,6 +6,5 @@
type = lib.types.bool;
default = true;
};
kavita.enable = lib.mkEnableOption "kavita docker";
};
}

View file

@ -1,13 +0,0 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile.services = {
caddy.enable = mkEnableOption "caddy";
cockpit.enable = mkEnableOption "cockpit";
forgejo.enable = mkEnableOption "forgejo";
kavita.enable = mkEnableOption "kavita";
samba.enable = mkEnableOption "samba";
};
}

View file

@ -48,19 +48,5 @@
brightnessctl.enable = true;
keyboard.language.japanese = true;
mpris-proxy.enable = true;
kitty.enable = true;
neovide.enable = true;
spotify.enable = true;
vscode.enable = true;
jellyfin.enable = false;
mpv.enable = true;
go.enable = true;
chromium.enable = true;
bitwarden.enable = true;
dbeaver.enable = true;
microsoft-edge.enable = true;
nextcloud.enable = false;
};
}

View file

@ -17,28 +17,17 @@
audio.enable = false;
security.sudo.wheelNeedsPassword = false;
podman = {
enable = false;
};
openssh.enable = true;
go.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
cockpit.enable = true;
cockpit.enable = false;
docker = {
enable = false;
caddy.enable = false;
kavita.enable = false;
};
podman = {
enable = true;
caddy.enable = false;
kavita.enable = true;
};
services = {
caddy.enable = true;
cockpit.enable = true;
forgejo.enable = true;
kavita.enable = true;
samba.enable = true;
};
};
}

View file

@ -1,22 +0,0 @@
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK1lrMkJlNmJwK3ZvSjhz
VnFQa2xMdEt0dU9pRlQxbWZIT09ObVI2cUNBCkx2UnBQOTFRYkhXR0pyWGgxdVIr
R3NvZDBTU3lIY3RHZkxKRDQzRWhmYUUKLS0tIDJtNFc2VzRNQVdxZ0kxME91Um9p
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T06:44:09Z"
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,7 +1,7 @@
gnome-keyring:
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
smb:
secrets: ENC[AES256_GCM,data:2XiBlll1fhr2N7CYfMmqVR6INm5j1B0dUhhLUDUmHH/Med0XzWrqh+0Fme7CTt3mdnbIO+AOe0U=,iv:jhWoP97kyGwDicB0CV2B0ppNB8JlFrajsnhvJsUv7FE=,tag:Alo0zX0AqbjziGflNFvepw==,type:str]
secrets: ENC[AES256_GCM,data:DKG6wjW/gBLX4cqisodnCX5OO6vVMQFerlAzlvW434xLQjHfn/SyTr3D/8GOSsMO,iv:4Qqdg2bDzNeCNeLifySfxwN/rA+qcAG0JSjt8ByFG/o=,tag:ALOoJ7h3EtjRIHskBfIouA==,type:str]
spotify:
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
@ -23,8 +23,8 @@ sops:
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T09:09:57Z"
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
lastmodified: "2024-06-12T16:32:51Z"
mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -4,8 +4,7 @@
profile-path
hardware-configuration
./modules
./services
./podman
# ./podman
./docker
./programs.nix
./user.nix

View file

@ -11,6 +11,5 @@ in
imports = [
./caddy.nix
./kavita.nix
];
}

View file

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
user = config.profile.user;
docker = config.profile.docker;
volume = "/nas/kavita";
image = "lscr.io/linuxserver/kavita:latest";
gid = toString user.gid;
uid = toString user.uid;
in
{
config = lib.mkIf (docker.enable && docker.kavita.enable) {
system.activationScripts.docker-kavita = ''
mkdir -p ${volume}
chown -R ${user.name}:${gid} ${volume}
'';
virtualisation.oci-containers.containers.kavita = {
inherit image;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
ports = [ "5000:5000" ];
autoStart = true;
volumes = [
"${volume}/config:/config"
"${volume}/library:/library"
];
};
};
}

View file

@ -1,16 +1,13 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.cockpit;
inherit (lib) mkIf;
cfg = config.profile.cockpit;
in
{
config = mkIf cfg.enable {
environment.systemPackages = mkIf config.profile.podman.enable [
config = lib.mkIf cfg.enable {
environment.systemPackages = lib.mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:9090
'';
services.udisks2.enable = true;
services.cockpit = {
enable = true;
openFirewall = true;

View file

@ -7,6 +7,7 @@
./bluetooth.nix
./boot_loader.nix
./brightnessctl.nix
./cockpit.nix
./flatpak.nix
./font.nix
./gnome.nix

View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
owner = config.profile.user.name;
owner = "tigor";
in
{
environment.systemPackages = with pkgs; [

View file

@ -31,6 +31,10 @@ in
extraOptions = [
"--network=caddy"
];
labels = {
"caddy" = "cockpit.tigor.web.id";
"caddy.reverse_proxy" = "hosts.container.internal:9090";
};
};
};
};

View file

@ -4,7 +4,6 @@ let
in
{
config = lib.mkIf cfg.enable {
# services.caddy.enable = true;
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
@ -29,6 +28,5 @@ in
imports = [
./caddy.nix
./kavita.nix
];
}

View file

@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
podman = config.profile.podman;
volume = "/nas/kavita";
image = "lscr.io/linuxserver/kavita:latest";
gid = toString user.gid;
uid = toString user.uid;
gateway = "10.1.1.1";
subnet = "10.1.1.0/24";
ip = "10.1.1.3";
ip-range = "10.1.1.3/25";
in
{
config = lib.mkIf (podman.enable && podman.kavita.enable) {
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
reverse_proxy ${ip}:5000
'';
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-kavita.service" ];
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
};
system.activationScripts.docker-kavita = ''
mkdir -p ${volume}
chown -R ${user.name}:${gid} ${volume}
'';
virtualisation.oci-containers.containers.kavita = {
inherit image;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
extraOptions = [
"--network=kavita"
"--ip=${ip}"
];
autoStart = true;
volumes = [
"${volume}/config:/config"
"${volume}/library:/library"
];
};
};
}

View file

@ -1,15 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.services.caddy;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
services.caddy = {
enable = true;
extraConfig = ''
import /etc/caddy/sites-enabled/*
'';
};
};
}

View file

@ -1,9 +0,0 @@
{ ... }:
{
imports = [
./caddy.nix
./cockpit.nix
./forgejo.nix
./samba.nix
];
}

View file

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.services.forgejo;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
reverse_proxy * unix//run/forgejo/forgejo.sock
'';
services.forgejo = {
enable = true;
settings = {
server = {
PROTOCOL = "http+unix";
SSH_PORT = 2222;
DOMAIN = "git.tigor.web.id";
HTTP_PORT = 443;
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
service = {
DISABLE_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
};
};
networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
};
}

View file

@ -1,36 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.services.samba;
user = config.profile.user;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
guest account = ${user.name}
'';
shares = {
nas = {
path = "/nas";
browsable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0777";
"directory mask" = "0777";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
};
}