Compare commits
No commits in common. "fba9237dba3cbaae01dd6a8b02990f2fc112511f" and "22399a23b36083e6427cc0251c3257e2ef52e7f8" have entirely different histories.
fba9237dba
...
22399a23b3
|
@ -5,8 +5,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
@ -15,21 +14,19 @@
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{
|
{ device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
|
||||||
device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
|
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{
|
{ device = "/dev/disk/by-uuid/47A1-0296";
|
||||||
device = "/dev/disk/by-uuid/47A1-0296";
|
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
options = [ "fmask=0022" "dmask=0022" ];
|
options = [ "fmask=0022" "dmask=0022" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nas" = {
|
fileSystems."/nas" = {
|
||||||
device = "/dev/disk/by-label/WD_RED_4T_1";
|
device = "/dev/disk/by-label/WD_RED_4T_1";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
@ -39,24 +36,7 @@
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
networking.defaultGateway = "192.168.100.1";
|
# networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
|
||||||
networking.interfaces.enp9s0 = {
|
|
||||||
useDHCP = false;
|
|
||||||
ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.100.3";
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
address = "192.168.100.4";
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
address = "192.168.100.5";
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
|
@ -1,80 +1,32 @@
|
||||||
{ config, pkgs, lib, unstable, ... }:
|
{ config, pkgs, unstable, ... }:
|
||||||
let
|
|
||||||
cfg = config.profile.neovim;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
repository = "git@github.com:tigorlazuardi/nvim.git";
|
|
||||||
nvimCloneDir = "${config.home.homeDirectory}/nvim";
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
config = mkIf cfg.enable {
|
home.file.".config/nvim" = {
|
||||||
systemd.user.services.clone-nvim = {
|
source = ./.;
|
||||||
Unit = {
|
recursive = true;
|
||||||
Description = "Clone neovim configuration if not exists";
|
|
||||||
Wants = [ "network-online.target" ];
|
|
||||||
After = [ "nss-lookup.target" ];
|
|
||||||
StartLimitIntervalSec = 300;
|
|
||||||
StartLimitBurst = 10;
|
|
||||||
};
|
|
||||||
Service =
|
|
||||||
let
|
|
||||||
git = "${pkgs.git}/bin/git";
|
|
||||||
bash = "${pkgs.bash}/bin/bash";
|
|
||||||
ping = "${pkgs.unixtools.ping}/bin/ping";
|
|
||||||
host = "github.com";
|
|
||||||
sleep = "${pkgs.coreutils}/bin/sleep";
|
|
||||||
script = pkgs.writeScriptBin "clone-nvim.sh" ''
|
|
||||||
#${bash}
|
|
||||||
|
|
||||||
if [ -d "${nvimCloneDir}" ]; then
|
|
||||||
exit 0;
|
|
||||||
fi
|
|
||||||
|
|
||||||
until ${ping} -c 1 ${host}; do
|
|
||||||
${sleep} 1;
|
|
||||||
done
|
|
||||||
|
|
||||||
${git} clone ${repository} ${nvimCloneDir}
|
|
||||||
'';
|
|
||||||
path = "${script}/bin/clone-nvim.sh";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
Type = "simple";
|
|
||||||
ExecStart = path;
|
|
||||||
Restart = "on-failure";
|
|
||||||
RemainAfterExit = "yes";
|
|
||||||
};
|
|
||||||
Install = {
|
|
||||||
WantedBy = [ "default.target" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
xdg.configFile.nvim = {
|
|
||||||
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nvim";
|
|
||||||
recursive = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.secrets."copilot" = {
|
|
||||||
path = "${config.home.homeDirectory}/.config/github-copilot/hosts.json";
|
|
||||||
};
|
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
stylua
|
|
||||||
lua-language-server
|
|
||||||
docker-compose-language-service
|
|
||||||
emmet-ls
|
|
||||||
silicon # For code screenshots
|
|
||||||
|
|
||||||
###### Golang development tools ######
|
|
||||||
gomodifytags
|
|
||||||
gotests
|
|
||||||
iferr
|
|
||||||
curl
|
|
||||||
cargo
|
|
||||||
nixpkgs-fmt
|
|
||||||
nil
|
|
||||||
|
|
||||||
gcc
|
|
||||||
python3
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."copilot" = {
|
||||||
|
path = "${config.home.homeDirectory}/.config/github-copilot/hosts.json";
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
stylua
|
||||||
|
lua-language-server
|
||||||
|
docker-compose-language-service
|
||||||
|
emmet-ls
|
||||||
|
silicon # For code screenshots
|
||||||
|
|
||||||
|
###### Golang development tools ######
|
||||||
|
gomodifytags
|
||||||
|
gotests
|
||||||
|
iferr
|
||||||
|
curl
|
||||||
|
cargo
|
||||||
|
nixpkgs-fmt
|
||||||
|
nil
|
||||||
|
|
||||||
|
gcc
|
||||||
|
python3
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,21 +29,4 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mpris-proxy.enable = config.profile.mpris-proxy.enable;
|
services.mpris-proxy.enable = config.profile.mpris-proxy.enable;
|
||||||
|
|
||||||
sops.secrets =
|
|
||||||
let
|
|
||||||
sopsFile = ../secrets/ssh.yaml;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"ssh/id_ed25519/public" = {
|
|
||||||
inherit sopsFile;
|
|
||||||
path = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
|
|
||||||
mode = "0444";
|
|
||||||
};
|
|
||||||
"ssh/id_ed25519/private" = {
|
|
||||||
inherit sopsFile;
|
|
||||||
path = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
|
||||||
mode = "0400";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,11 +19,6 @@
|
||||||
default = "eth0";
|
default = "eth0";
|
||||||
};
|
};
|
||||||
|
|
||||||
neovim.enable = lib.mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
user = {
|
user = {
|
||||||
name = lib.mkOption {
|
name = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
let
|
|
||||||
inherit (lib) mkEnableOption;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
options.profile.docker = {
|
options.profile.docker = {
|
||||||
enable = lib.mkEnableOption "docker";
|
enable = lib.mkEnableOption "docker";
|
||||||
caddy.enable = mkEnableOption "caddy docker";
|
caddy.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,5 @@
|
||||||
enable = lib.mkEnableOption "podman";
|
enable = lib.mkEnableOption "podman";
|
||||||
caddy.enable = lib.mkEnableOption "caddy podman";
|
caddy.enable = lib.mkEnableOption "caddy podman";
|
||||||
kavita.enable = lib.mkEnableOption "kavita podman";
|
kavita.enable = lib.mkEnableOption "kavita podman";
|
||||||
pihole.enable = lib.mkEnableOption "pihole podman";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,11 +24,6 @@
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pihole.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
docker = {
|
|
||||||
enable = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
@ -1,10 +1,4 @@
|
||||||
forgejo:
|
runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
|
||||||
runners:
|
|
||||||
global: ENC[AES256_GCM,data:LuYqYDMgaq+L94JL5tGTlOhm7x98jpb7n6o5jYVKdN/9Z/5LA10lmwdDDsBYuA==,iv:UkLz8qW/C2M2XomRz+Oc+d4LIioxyh2pPgBaiY6x4N8=,tag:k0xRH8+gMoM4DbITXn1SfA==,type:str]
|
|
||||||
user_tokens:
|
|
||||||
tigor:
|
|
||||||
#ENC[AES256_GCM,data:5IEV/X4fpfydhdSw7LYOLMFZYqD/Kp96Zyp/YXnvFzVh8GluX4+9qGgsdWAsFgLlPXDRAi1ViA==,iv:v1OmczINHtT+AtdXMBjstmGejV62nhQ/T9aIoJG8DR8=,tag:b4Xg3ybhrxy70n/UB5D7nQ==,type:comment]
|
|
||||||
push_docker_image_token: ENC[AES256_GCM,data:jMTz+c3IEcpqRkYLZyrUWLWLIw0AOdDk7LsIDvjCW3rKxTiOOmb1wg==,iv:OjZArNhCCKZkngGjYbCQVYJkQww9K5b4ehUXxsdOqdU=,tag:EViefKbS+II+MXWqLE7rKw==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -20,8 +14,8 @@ sops:
|
||||||
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
|
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
|
||||||
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
|
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-15T09:16:06Z"
|
lastmodified: "2024-06-13T12:44:00Z"
|
||||||
mac: ENC[AES256_GCM,data:583xIAMkXyVNEkGeM2LM7CLRsypeeJ6Fpt3HxNw7jVmB3PFB/KKwcyhw4UDjNM2xsIjgGMjuAGc3SBI7zubfy9YotrP6m+NOw+8lC9JZbBQIaHIOPTgpeUJLHGveNe2SEBYfbhCjQid+EAWW92oRddZoGyrh2OWq33FgRvTM00A=,iv:/6mZEm2jyJ1cxOQ1mUoGHu6oZjWGknllKYF9/uV80Ao=,tag:oCYlwgXZuin7uBUeRjnOlw==,type:str]
|
mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
pihole:
|
|
||||||
env: ENC[AES256_GCM,data:JLpWZwnefbu0mauukndehWjrsqjvnGdqKYev+UwqP3EoqG88o6c9,iv:u5iaBCjQdga/+O+/IN6dt86ElOO4sferh/BOnS/AXZw=,tag:4oRuUQJ8g11DkYGkRt6EPg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWFhuaFp4Zm5idmFXUGRO
|
|
||||||
RG9YbzV3WUdJcHRFWlpISE5GNzVRZEpILzFvCjJUQlFqeWFsNU15Y1pINWgvc2wz
|
|
||||||
OU82L3ZPdW9GY1dyaXV4dndIUmNGRzQKLS0tIGpYMGZQeFJMMlhYUGR5c3lkbng2
|
|
||||||
VlpjTVo3NlIzR0QrVGZNdWdORjVMVmMKIrSq+w9oB3UdOxGNbwabXrpgPSfys+zo
|
|
||||||
M79xEqCUZ30jmfpPvL2VUiD25Bq/iWyj3x8d1xVGxQqUOg23AMb9mA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-06-16T17:29:06Z"
|
|
||||||
mac: ENC[AES256_GCM,data:e4VrmU1OtVuTxIz56NIumSoLTN2PDCYk5+f8UhPZyTF9rH/hz78LxhbPEPLy4TqQpxZZw/cH8wUUTNXUsYRdlbeL+IIbsEcwzjEBWZCSu38gMj/bNhBNwKU/oAWoKHdAQJYxYe3xnyji1xMLZofDVGQv2i46AI1TMXjFBU9Lz6Q=,iv:ILLCVVWxEKgVqCLHGuDmVINdgh0T3oYimdBIeWvQ7PE=,tag:7yvr0eEciG8yOVrHk1eGeg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,24 +0,0 @@
|
||||||
ssh:
|
|
||||||
id_ed25519:
|
|
||||||
public: ENC[AES256_GCM,data:JmFWFRSIvgL4gzEwezyijkc11ll9GueYY2lxxmkPMqSz7zGnAcQ9+mQIU97MDyPp9eCQVPOIDDrWM8ct7+ji7Sxg25H80XlsvoKmawT8sPdzQ60DAumAdqNal3I=,iv:UivMLLFFCkIFcL8mCxIDPdDWlluxqhjpO7asnF8OUSg=,tag:zOeEALrhmHwSpmtiCX5mWg==,type:str]
|
|
||||||
private: ENC[AES256_GCM,data:kv5Qlt1yib7nhBj4z8CIuqNc7xmFCZgybZx41yMoeRGQimUy1Z++YaYRg5YKYmIIXSodsmFLrrR5zuIiysLn/5fI9eLsPYNiInerqTtE5SwHH6hwya/GX6gfh9bnakvWAd8J+jp2pgrCLDTT1V5TSL+t8APSs3pvMsmSfd+ojRrTFs7omY75gE91FAjlub/SmnDnlQHQMbBdfYhFY3zgiHzsSBD0SvHjiE3c6t3YsqS2CDxape78Z64+kJzTgL0dMiIAwzMZB3BH2ufnVMwi7FWYxA/dkqj2tFJLTwHaJQZgr/ou1oOng+MstLfpL/45toyDsjNzJe4dChDOdNzAmP8ZFdL2uXqSTy1biK03ifaGxDMaiDARFMUOEZNA1V3+RkariSfO129/0izAjtttlITughRMV3JRsvs81uIETVBp+S9kljsT1TIdlCNWspo8gvBI41DN4bnLFQCFip0HRGhC4F3oq49A/CV94An8IdwwwQwoxsaNeilJDwNnQDVdChhYoDa8ynvA00F+xJmh,iv:oKWlw2I9mXTdY2oq++rxA8IbOlfSHuB7QwilD1Q7Xas=,tag:zhhsiJ91XdBnR85MYG8+WQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFeDU3eEwrNGljcmFueHFU
|
|
||||||
NEtrdVF5MU9ueTNDeTlCdmRPSFpnNFJDZTBzCnk4NU9ZcEc0YkhGcnNQVktNMDR2
|
|
||||||
a3dHTWV4RmNINlA1ZVhzSU9xNGtWVzQKLS0tIDF4dnRlQUo3OTJjNzFiYmlGVThE
|
|
||||||
M2pJUzhSUDFRWGtjdnNCZmlMT2puZlEKBxDLcxTU0E81lqqPQ75N5Et69Z1Dwac6
|
|
||||||
n3+oBzhhJoOhYagmp/Zm3FVh3kcHGoCe6pyDnrZSka/zO3kkZKigng==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-06-17T09:01:59Z"
|
|
||||||
mac: ENC[AES256_GCM,data:i2MCNIJ8LVspz878zTH7QrXOAA/8+G4xFhYGRoWmzCzRIHYAXsTDDU4ATgZM3rSqCWgvO/3ynKbGmiDN2z5tYreB8KDRk92WVuCqaJSfdnYulvgf1346+9NxbMbJnAi34evUcPj7QJTooRF0vGCIAk8zOCu75TIB8acVwFB+viY=,iv:9+rfk7QqLjNH0FZ617A2Y1vciwBBYlm54S2o1G93kb4=,tag:qz55kt+IFQDBt6vWK+v6Cw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.docker;
|
cfg = config.profile.docker;
|
||||||
username = config.profile.user.name;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.users.${username}.extraGroups = [ "docker" ];
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.docker.autoPrune.enable = true;
|
virtualisation.docker.autoPrune.enable = true;
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.android;
|
cfg = config.profile.android;
|
||||||
username = config.profile.user.name;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.users.${username}.extraGroups = [ "adbusers" ];
|
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
androidenv.androidPkgs_9_0.platform-tools
|
androidenv.androidPkgs_9_0.platform-tools
|
||||||
|
|
|
@ -11,6 +11,5 @@
|
||||||
{
|
{
|
||||||
enable = cfg.enable;
|
enable = cfg.enable;
|
||||||
allowedTCPPorts = cfg.allowedTCPPorts;
|
allowedTCPPorts = cfg.allowedTCPPorts;
|
||||||
allowedUDPPorts = [ 53 ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.printing;
|
cfg = config.profile.printing;
|
||||||
username = config.profile.user.name;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.users.${username}.extraGroups = [ "lp" ];
|
|
||||||
services.printing = {
|
services.printing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
drivers = [ pkgs.brlaser ]; # Brother Laser Printer
|
drivers = [ pkgs.brlaser ]; # Brother Laser Printer
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.scanner;
|
cfg = config.profile.scanner;
|
||||||
username = config.profile.user.name;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.users.${username}.extraGroups = [ "scanner" ];
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
skanlite
|
skanlite
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.podman;
|
cfg = config.profile.podman;
|
||||||
username = config.profile.user.name;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
users.users.${username}.extraGroups = [ "podman" ];
|
|
||||||
# services.caddy.enable = true;
|
# services.caddy.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
dive # look into docker image layers
|
dive # look into docker image layers
|
||||||
|
@ -13,7 +11,6 @@ in
|
||||||
podman-compose # start group of containers for dev
|
podman-compose # start group of containers for dev
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.timers."podman-auto-update".enable = true;
|
|
||||||
virtualisation.containers.enable = true;
|
virtualisation.containers.enable = true;
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
virtualisation.podman = {
|
virtualisation.podman = {
|
||||||
|
@ -24,7 +21,7 @@ in
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
};
|
};
|
||||||
# https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
|
# https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
|
||||||
networking.firewall.interfaces."podman[0-9]+" = {
|
networking.firewall.interfaces.podman1 = {
|
||||||
allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
|
allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -33,6 +30,5 @@ in
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
./kavita.nix
|
./kavita.nix
|
||||||
./pihole.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,90 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
name = "pihole";
|
|
||||||
podman = config.profile.podman;
|
|
||||||
pihole = podman.pihole;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
gateway = "10.1.1.1";
|
|
||||||
subnet = "10.1.1.0/29";
|
|
||||||
ip = "10.1.1.3";
|
|
||||||
ip-range = "10.1.1.3/29";
|
|
||||||
image = "pihole/pihole:latest";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf (podman.enable && pihole.enable) {
|
|
||||||
services.caddy.virtualHosts."pihole.tigor.web.id".extraConfig = ''
|
|
||||||
@root path /
|
|
||||||
redir @root /admin
|
|
||||||
reverse_proxy ${ip}:80
|
|
||||||
'';
|
|
||||||
|
|
||||||
sops.secrets."pihole/env" = {
|
|
||||||
sopsFile = ../../secrets/pihole.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
systemd.services.create-kavita-network = {
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
};
|
|
||||||
wantedBy = [ "podman-pihole.service" ];
|
|
||||||
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."pihole/custom.list" = {
|
|
||||||
# Copy file instead of symlink
|
|
||||||
mode = "0400";
|
|
||||||
|
|
||||||
# Creates a pihole custom.list file with the following pattern:
|
|
||||||
#
|
|
||||||
# custom.list:
|
|
||||||
# 192.168.100.5 {domain_name_1}
|
|
||||||
# 192.168.100.5 {domain_name_2}
|
|
||||||
#
|
|
||||||
# For each domain defined in services.caddy.virtualHosts
|
|
||||||
text =
|
|
||||||
let
|
|
||||||
inherit (lib) strings attrsets;
|
|
||||||
in
|
|
||||||
''${strings.concatStringsSep "\n" (
|
|
||||||
attrsets.mapAttrsToList (name: _: "192.168.100.5 ${strings.removePrefix "https://" name}") config.services.caddy.virtualHosts
|
|
||||||
)}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
virtualisation.oci-containers.containers.pihole = {
|
|
||||||
inherit image;
|
|
||||||
environment = {
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
PIHOLE_DNS_ = "192.168.100.5";
|
|
||||||
DHCP_ACTIVE = "true";
|
|
||||||
DHCP_START = "192.168.100.20";
|
|
||||||
DHCP_END = "192.168.100.254";
|
|
||||||
DHCP_ROUTER = "192.168.100.1";
|
|
||||||
DNS_BOGUS_PRIV = "false";
|
|
||||||
DNS_FQDN_REQUIRED = "false";
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"192.168.100.4:53:53/udp"
|
|
||||||
"67:67/udp"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"pihole-etc:/etc/pihole"
|
|
||||||
"pihole-dnsmasq:/etc/dnsmasq.d"
|
|
||||||
"/etc/pihole/custom.list:/etc/pihole/custom.list"
|
|
||||||
];
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.secrets."pihole/env".path
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--ip=${ip}"
|
|
||||||
"--network=${name}"
|
|
||||||
"--cap-add=NET_ADMIN"
|
|
||||||
"--cap-add=NET_BIND_SERVICE"
|
|
||||||
"--cap-add=NET_RAW"
|
|
||||||
"--cap-add=SYS_NICE"
|
|
||||||
"--cap-add=CHOWN"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -31,7 +31,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."forgejo/runners/global" = {
|
sops.secrets."runner_token" = {
|
||||||
sopsFile = ../../secrets/forgejo.yaml;
|
sopsFile = ../../secrets/forgejo.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -42,15 +42,8 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
url = config.services.forgejo.settings.server.ROOT_URL;
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||||
tokenFile = config.sops.secrets."forgejo/runners/global".path;
|
tokenFile = config.sops.secrets."runner_token".path;
|
||||||
settings = {
|
settings = {
|
||||||
runner = {
|
|
||||||
capacity = 2;
|
|
||||||
timeout = "1h";
|
|
||||||
};
|
|
||||||
cache = {
|
|
||||||
enabled = true;
|
|
||||||
};
|
|
||||||
container = {
|
container = {
|
||||||
privileged = true;
|
privileged = true;
|
||||||
# docker_host = "unix:///var/run/docker.sock";
|
# docker_host = "unix:///var/run/docker.sock";
|
||||||
|
|
|
@ -5,13 +5,13 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.resolvconf.useLocalResolver = false;
|
networking.resolvconf.useLocalResolver = true;
|
||||||
networking.nameservers = [ "192.168.100.5" ];
|
|
||||||
services.stubby = {
|
services.stubby = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = pkgs.stubby.passthru.settingsExample // {
|
settings = pkgs.stubby.passthru.settingsExample // {
|
||||||
listen_addresses = [
|
listen_addresses = [
|
||||||
"192.168.100.5"
|
"0.0.0.0@53"
|
||||||
|
"0::0"
|
||||||
];
|
];
|
||||||
upstream_recursive_servers = [
|
upstream_recursive_servers = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -7,7 +7,7 @@ in
|
||||||
users.users.${user} = {
|
users.users.${user} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = fullName;
|
description = fullName;
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue