Compare commits
5 commits
a2e3d507f9
...
7df6889d30
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | 7df6889d30 | ||
Tigor Hutasuhut | 87ce0ba7b8 | ||
Tigor Hutasuhut | f0cdeb41b6 | ||
Tigor Hutasuhut | 8fed0e2502 | ||
Tigor Hutasuhut | cd96add85a |
110
flake.lock
110
flake.lock
|
@ -88,11 +88,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717664902,
|
||||
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
|
||||
"lastModified": 1718879355,
|
||||
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
|
||||
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -152,11 +152,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717527182,
|
||||
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
|
||||
"lastModified": 1718530513,
|
||||
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "845a5c4c073f74105022533907703441e0464bc3",
|
||||
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -182,11 +182,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717181720,
|
||||
"narHash": "sha256-yv+QZWsusu/NWjydkxixHC2g+tIJ9v+xkE2EiVpJj6g=",
|
||||
"lastModified": 1718450675,
|
||||
"narHash": "sha256-jpsns6buS4bK+1sF8sL8AaixAiCRjA+nldTKvcwmvUs=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprcursor",
|
||||
"rev": "9e27a2c2ceb1e0b85bd55b0afefad196056fe87c",
|
||||
"rev": "66d5b46ff94efbfa6fa3d1d1b66735f1779c34a6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -206,11 +206,11 @@
|
|||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718313803,
|
||||
"narHash": "sha256-xyptaxC172FB/m4fSCSEYaCVYp6e8IWLDHvDLiSuu6M=",
|
||||
"lastModified": 1719150233,
|
||||
"narHash": "sha256-HOt6FGQdTRIitp5agm3tnZ/4OYM6RG6KOm3UGMntlrY=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "8055b1c00a102f5419e40f5eddfb6ee8be693f33",
|
||||
"revCount": 4822,
|
||||
"rev": "e09addf8dede9a8e7f2dd0e5bb414d3a0d5dc471",
|
||||
"revCount": 4878,
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/hyprwm/Hyprland"
|
||||
|
@ -228,11 +228,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716228712,
|
||||
"narHash": "sha256-y+LOXuSRMfkR2Vfwl5K2NVrszi1h5MJpML+msLnVS8U=",
|
||||
"lastModified": 1718476555,
|
||||
"narHash": "sha256-fuWpgh8KasByIJWE+xVd37Al0LV5YAn6s871T50qVY0=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "contrib",
|
||||
"rev": "33b38358559054d316eb605ccb733980dfa7dc63",
|
||||
"rev": "29a8374f4b9206d5c4af84aceb7fb5dff441ea60",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -255,11 +255,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1691753796,
|
||||
"narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
|
||||
"lastModified": 1714869498,
|
||||
"narHash": "sha256-vbLVOWvQqo4n1yvkg/Q70VTlPbMmTiCQfNTgcWDCfJM=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprland-protocols",
|
||||
"rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
|
||||
"rev": "e06482e0e611130cd1929f75e8c1cf679e57d161",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -309,11 +309,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717881334,
|
||||
"narHash": "sha256-a0inRgJhPL6v9v7RPM/rx1kbXdfe3xJA1c9z0ZkYnh4=",
|
||||
"lastModified": 1718804078,
|
||||
"narHash": "sha256-CqRZne63BpYlPd/i8lXV0UInUt59oKogiwdVtBRHt60=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprutils",
|
||||
"rev": "0693f9398ab693d89c9a0aa3b3d062dd61b7a60e",
|
||||
"rev": "4f1351295c55a8f51219b25aa4a6497a067989d0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -334,11 +334,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717784906,
|
||||
"narHash": "sha256-YxmfxHfWed1fosaa7fC1u7XoKp1anEZU+7Lh/ojRKoM=",
|
||||
"lastModified": 1718119275,
|
||||
"narHash": "sha256-nqDYXATNkyGXVmNMkT19fT4sjtSPBDS1LLOxa3Fueo4=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprwayland-scanner",
|
||||
"rev": "0f30f9eca6e404130988554accbb64d1c9ec877d",
|
||||
"rev": "1419520d5f7f38d35e05504da5c1b38212a38525",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -357,11 +357,11 @@
|
|||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718298978,
|
||||
"narHash": "sha256-7jIX4cUdn6LYP4l38S38nsSNbGMF5eXP9qKe69SR02k=",
|
||||
"lastModified": 1719151941,
|
||||
"narHash": "sha256-6DlzbOUC14DN3ChG6YDfHp3dlyRunlCuNIGiJ0/j0SU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "neovim-nightly-overlay",
|
||||
"rev": "84299e229226207721e142246ff8343f8a8c6e5d",
|
||||
"rev": "8fbf3ad99db5af164230b7965de5572ce238c0da",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -373,11 +373,11 @@
|
|||
"neovim-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1718209811,
|
||||
"narHash": "sha256-hZYLBealuoS3bL3eXFeQVAoasThqf7DDwg8kW0ASTOE=",
|
||||
"lastModified": 1719082813,
|
||||
"narHash": "sha256-C2stSASvUp0XHljA6iZfDFHSH0JIDJ0g7g0uQUIHU2E=",
|
||||
"owner": "neovim",
|
||||
"repo": "neovim",
|
||||
"rev": "53afdf360cf195c02c22865f4e63b273d1ef152e",
|
||||
"rev": "6c3f7e7e27a0ffcf6d58dc1f5ad2fce7e59a2d88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -388,11 +388,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1717974879,
|
||||
"narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=",
|
||||
"lastModified": 1718530797,
|
||||
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3",
|
||||
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -404,11 +404,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1717880976,
|
||||
"narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
|
||||
"lastModified": 1719099622,
|
||||
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
|
||||
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -420,11 +420,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1718160348,
|
||||
"narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=",
|
||||
"lastModified": 1719075281,
|
||||
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "57d6973abba7ea108bac64ae7629e7431e0199b6",
|
||||
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -435,11 +435,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1718149104,
|
||||
"narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=",
|
||||
"lastModified": 1718983919,
|
||||
"narHash": "sha256-+1xgeIow4gJeiwo4ETvMRvWoircnvb0JOt7NS9kUhoM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e913ae340076bbb73d9f4d3d065c2bca7caafb16",
|
||||
"rev": "90338afd6177fc683a04d934199d693708c85a3b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -451,11 +451,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1718208800,
|
||||
"narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=",
|
||||
"lastModified": 1718835956,
|
||||
"narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cc54fb41d13736e92229c21627ea4f22199fee6b",
|
||||
"rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -466,11 +466,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1718354773,
|
||||
"narHash": "sha256-p0pjm5l6LOYoEzSMLZv0QSE4vgGwfhkCz7VN58IUjzc=",
|
||||
"lastModified": 1719153056,
|
||||
"narHash": "sha256-nIp6HOIrPTMeIoaaj8MavebUI1HBeq1iz9P0nzWq1CI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "2fe75ecfd4dd1d2063fcc31ccb5db6d9f2b6b33c",
|
||||
"rev": "46ab9f286d5546781726537039455867a59c19a3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -499,11 +499,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718137936,
|
||||
"narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=",
|
||||
"lastModified": 1719111739,
|
||||
"narHash": "sha256-kr2QzRrplzlCP87ddayCZQS+dhGW98kw2zy7+jUXtF4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "c279dec105dd53df13a5e57525da97905cc0f0d6",
|
||||
"rev": "5e2e9421e9ed2b918be0a441c4535cfa45e04811",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -544,11 +544,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717918856,
|
||||
"narHash": "sha256-I38bmPLqamvOfVSArd1hhZtkVRAYBK38fOHZCU1P9Qg=",
|
||||
"lastModified": 1718619174,
|
||||
"narHash": "sha256-FWW68AVYmB91ZDQnhLMBNCUUTCjb1ZpO2k2KIytHtkA=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "xdg-desktop-portal-hyprland",
|
||||
"rev": "72907822c19afc0983c69d59d299204381623725",
|
||||
"rev": "c7894aa54f9a7dbd16df5cd24d420c8af22d5623",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
{ lib, config, pkgs, unstable, ... }:
|
||||
let
|
||||
cfg = config.profile.whatsapp;
|
||||
in
|
||||
{
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = [ pkgs.whatsapp-for-linux ];
|
||||
home.packages = [ unstable.whatsapp-for-linux ];
|
||||
|
||||
systemd.user = lib.mkIf cfg.autostart {
|
||||
services.whatsapp = {
|
||||
|
@ -21,7 +21,7 @@ in
|
|||
ping = "${pkgs.unixtools.ping}/bin/ping";
|
||||
host = "web.whatsapp.com";
|
||||
sleep = "${pkgs.coreutils}/bin/sleep";
|
||||
whatsapp = "${pkgs.whatsapp-for-linux}/bin/whatsapp-for-linux";
|
||||
whatsapp = "${unstable.whatsapp-for-linux}/bin/whatsapp-for-linux";
|
||||
exec = ''${bash} -c "until ${ping} -c 1 ${host}; do ${sleep} 1; done; ${whatsapp}"'';
|
||||
in
|
||||
{
|
||||
|
|
|
@ -15,5 +15,7 @@ in
|
|||
stubby.enable = mkEnableOption "stubby";
|
||||
jellyfin.enable = mkEnableOption "jellyfin";
|
||||
rust-motd.enable = mkEnableOption "rust-motd";
|
||||
wireguard.enable = mkEnableOption "wireguard";
|
||||
photoprism.enable = mkEnableOption "photoprism";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -45,10 +45,12 @@
|
|||
samba.enable = true;
|
||||
nextcloud.enable = true;
|
||||
syncthing.enable = true;
|
||||
openvpn.enable = true;
|
||||
openvpn.enable = false;
|
||||
stubby.enable = true;
|
||||
jellyfin.enable = true;
|
||||
rust-motd.enable = true;
|
||||
wireguard.enable = true;
|
||||
photoprism.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
22
secrets/photoprism.yaml
Normal file
22
secrets/photoprism.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
photoprism:
|
||||
admin_password: ENC[AES256_GCM,data:t1r/fwZkRFHgx9g=,iv:F2tzhjtkFL31sT2d8yEokBagkVVv+0EgNWKOUwUU1Xo=,tag:keya0UMf7XE0VMq8nax89Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ25oYW9zcjFtU1FhT2gv
|
||||
ODZ1WmJzRWRBR1h5cWxOV1U1UXhnbVcxTlFRCmVIWUlTTUFBdWp0OTgyOUFSZGFK
|
||||
UTdGbzlvQ1VGZDJVWXBnaUFJREdUNkEKLS0tIG1KdCtXRWF5WVJ6ZnBNWlBnQjNS
|
||||
eUJUaXd3NDNrWXZnOEk0NUhjTmY4UHcKJ9HEaQ6Ymh1SlzjLkWMe1YhxEC2kR3sF
|
||||
Q93kWOv6AwOnnypa9Sa+WGRs27Tp5XAAv/6Kmv+gkGMjPrL/H/SDuw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-23T13:54:19Z"
|
||||
mac: ENC[AES256_GCM,data:MYyinNaNmDJiT03xTg6qAZwtjVuDUVXoMF7fI3taMEC5mef43PNdzTT7s/4j2ul223vhg0hYpZunNlOpYtbPgIEh8oV6DycUQqWnpahwCtg5PWgwexb0Je6J7tIno/NF/9qgce1KgLy8qlQa20x4F1Lg/ZvEK6OujoCuc+yMFzU=,iv:+uEhLGXf/97iHhKvsD7D6YlKcTAHYAItxxA8p5g74N0=,tag:Kf5xkiF1aJ758ro5o4KwAg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
25
secrets/wireguard.yaml
Normal file
25
secrets/wireguard.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
wireguard:
|
||||
private_keys:
|
||||
server: ENC[AES256_GCM,data:YMk7ovSiX+vWsTEw1pwVLnLXTxFZwNbAlc9jdOamMJ3RwRePI1gpocg6ygQ=,iv:KteQl87XR6qs8uGX6v5AcSkl/X9/U5HvsDTqQx5ewCc=,tag:bERlujgiMOCfU9PzgFyUaQ==,type:str]
|
||||
laptop: ENC[AES256_GCM,data:IuXyPe8WoiJ5eU4YCurSIQm9KfnM7isu3lgMuEnwDUDBG6YVtQxaEe2DAa4=,iv:leaYu6Wn/SanZp9//6/ssiFcUq2Z2lIrTP+NkXgdjZ8=,tag:7eSmYjs+y7qnnqfZMFZWfg==,type:str]
|
||||
phone: ENC[AES256_GCM,data:n/RpqkgQ8NsuPf/K4aWhkxKlJ7KQJ3ogy+sihS/BeU5/NlrqTC7Qc7SJzdU=,iv:oZCTSnSl4IYQEBM514e6dn+HqyBK5IoHjPJ2l2ekBps=,tag:Ld1TzK/65kHkaW9qnvWmlQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ODgrS1Y1dERLWWFEYTBY
|
||||
Ti9zTWYwdlBhVlJIM3hLVUt4TzdmRUZTakRjCkVMOEhQbHBua0JNRVNGbEJJZ2hW
|
||||
RDhRYzhKWFlDTjJwS0ZCRzA1RFBtY1EKLS0tIGJGcCszd1VaM1NMdnRuazgzT3ox
|
||||
U3MwaXpzNjZMdjY2UFhOM3dmdUdXdXcKp+1e2vPXL9xoNzepobH8Z23YaAxmOV44
|
||||
9KYdsjudhLSSbQvVpvSca++WChWlMNHNq+5PgLy7uinP5lOocQUajQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-23T12:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:DaLwpgmaRkiNM4AjbDxf2fH8dbGZ8DKx8rAoyJNnvTVlO4bKt31/yMGeCH6VW0SC0RApRc8NrBgdH3uYHAsSxDlwj/eXXVDAPrjjAhXTmABPGXLtMIK0LYhfq4nu5d5zsIaV1vrAsAmjcSm35FrttYsPMpL7V00Ah3pOlo6UCSA=,iv:qZlM2cgeWSWSKEVZJzojOk4cCWeG3GHD9axwi2WSeFQ=,tag:pbUwOBytwNuFmABuICYa9Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -12,5 +12,7 @@
|
|||
./samba.nix
|
||||
./stubby.nix
|
||||
./syncthing.nix
|
||||
./wireguard.nix
|
||||
./photoprism.nix
|
||||
];
|
||||
}
|
||||
|
|
36
system/services/photoprism.nix
Normal file
36
system/services/photoprism.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.photoprism;
|
||||
photoDir = "/nas/photos";
|
||||
domain = "photos.tigor.web.id";
|
||||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
system.activationScripts.photoprism = ''
|
||||
mkdir -p ${photoDir}
|
||||
chown ${uid}:${gid} ${photoDir}
|
||||
'';
|
||||
|
||||
users.groups.${user.name}.members = [ "photoprism" ];
|
||||
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
|
||||
'';
|
||||
sops.secrets."photoprism/admin_password" = {
|
||||
sopsFile = ../../secrets/photoprism.yaml;
|
||||
};
|
||||
services.photoprism = {
|
||||
enable = true;
|
||||
port = 44999;
|
||||
originalsPath = photoDir;
|
||||
passwordFile = config.sops.secrets."photoprism/admin_password".path;
|
||||
settings = {
|
||||
PHOTOPRISM_ADMIN_USER = "hutasuhut";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -73,27 +73,32 @@ in
|
|||
id = "OpenVPN";
|
||||
devices = lib.attrsets.mapAttrsToList (key: _value: key) config.services.syncthing.settings.devices;
|
||||
};
|
||||
"/nas/Syncthing/Sync/WireGuard" = {
|
||||
label = "WireGuard";
|
||||
id = "WireGuard";
|
||||
devices = lib.attrsets.mapAttrsToList (key: _value: key) config.services.syncthing.settings.devices;
|
||||
};
|
||||
};
|
||||
devices = {
|
||||
s20fe = {
|
||||
name = "Samsung S20FE";
|
||||
id = "ASH4PGY-H2ANIMX-RJJRODR-AD6KH5X-632CAG2-5NCDSGN-I27XNAC-EMVL6A7";
|
||||
autoAcceptFolders = true;
|
||||
};
|
||||
onyx = {
|
||||
name = "Onyx Note Air 3";
|
||||
id = "FZMFBD5-5PS566H-XJGV3FO-NQVSMX5-3VHPS7V-SUT27WA-MXHFBYT-BDSS6AW";
|
||||
autoAcceptFolders = true;
|
||||
};
|
||||
windows = {
|
||||
name = "Windows";
|
||||
id = "FSTIYS6-REFXIJX-KPLYC4L-QSZO46L-RV3VTPZ-VWVTE7O-Y663OZN-RTKP3QI";
|
||||
autoAcceptFolders = true;
|
||||
};
|
||||
work-laptop = {
|
||||
name = "Work Laptop";
|
||||
id = "BOU76IK-5AE7ARF-ZQDFOTX-KWUQL22-SAGXBYG-B75JRZA-L4MCYPU-OYTY5AU";
|
||||
autoAcceptFolders = true;
|
||||
};
|
||||
samsung-s22-mama = {
|
||||
name = "Samsung S22 Mama";
|
||||
id = "5G2Q7XE-HILUI46-GWTE6P6-NJHAG3A-HSZKMAU-K5PBOKR-QN3IFQO-GX7KTQU";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
103
system/services/wireguard.nix
Normal file
103
system/services/wireguard.nix
Normal file
|
@ -0,0 +1,103 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.services.wireguard;
|
||||
externalInterface = config.profile.networking.externalInterface;
|
||||
devices = [
|
||||
{
|
||||
name = "phone";
|
||||
ip = "10.100.0.2";
|
||||
secret = "wireguard/private_keys/phone";
|
||||
publicKey = "27GSz9iWqtg23sWcwIQI3VglNtE/RWykv+nZUrmHHxA=";
|
||||
}
|
||||
{
|
||||
name = "laptop";
|
||||
ip = "10.100.0.3";
|
||||
secret = "wireguard/private_keys/laptop";
|
||||
publicKey = "5nporvzbJtTQC9Hek8JBJNIF+wGlWUj4En2w9DrvaV0=";
|
||||
}
|
||||
];
|
||||
serverPublicKey = "GDRUvnKUPNzwAloQ5fxvdHoVw4D1YbdCR0GyiOyyB38=";
|
||||
sopsFile = ../../secrets/wireguard.yaml;
|
||||
inherit (lib) mkIf mergeAttrsList generators;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets = mergeAttrsList ([
|
||||
{
|
||||
"wireguard/private_keys/server" = { inherit sopsFile; };
|
||||
}
|
||||
] ++
|
||||
(map (device: { ${device.secret} = { inherit sopsFile; }; }) devices)
|
||||
);
|
||||
|
||||
sops.templates =
|
||||
let
|
||||
template = { privateKey, ip }:
|
||||
generators.toINI ({ }) {
|
||||
Interface = {
|
||||
Address = "${ip}/32";
|
||||
PrivateKey = privateKey;
|
||||
DNS = "192.168.100.3";
|
||||
};
|
||||
|
||||
Peer = {
|
||||
PublicKey = serverPublicKey;
|
||||
Endpoint = "vpn.tigor.web.id:51820";
|
||||
AllowedIPs = "0.0.0.0/0, ::/0";
|
||||
};
|
||||
};
|
||||
in
|
||||
mergeAttrsList (map
|
||||
(device: {
|
||||
"wireguard/clients/${device.name}" = {
|
||||
content = template {
|
||||
privateKey = config.sops.placeholder.${device.secret};
|
||||
ip = device.ip;
|
||||
};
|
||||
path = "/nas/Syncthing/Sync/WireGuard/${device.name}.conf";
|
||||
owner = config.profile.user.name;
|
||||
};
|
||||
})
|
||||
devices
|
||||
);
|
||||
|
||||
networking = {
|
||||
nat = {
|
||||
enable = true;
|
||||
inherit externalInterface;
|
||||
internalInterfaces = [ "wg0" ];
|
||||
};
|
||||
firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
wireguard.interfaces = {
|
||||
wg0 = {
|
||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
ips = [ "10.100.0.1/16" ];
|
||||
|
||||
# The port that WireGuard listens to. Must be accessible by the client.
|
||||
listenPort = 51820;
|
||||
|
||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/16 -o ${externalInterface} -j MASQUERADE
|
||||
'';
|
||||
|
||||
# This undoes the above command
|
||||
postShutdown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/16 -o ${externalInterface} -j MASQUERADE
|
||||
'';
|
||||
|
||||
privateKeyFile = config.sops.secrets."wireguard/private_keys/server".path;
|
||||
|
||||
peers = map
|
||||
(device: {
|
||||
publicKey = device.publicKey;
|
||||
allowedIPs = [ device.ip ];
|
||||
})
|
||||
devices;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue