chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn

Browse source
This commit is contained in:
Chaos 2023-08-01 17:48:59 +00:00
parent 1ac2e16a6f
commit b98df12529
No known key found for this signature in database
11 changed files with 60 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
home/apps/toot-cli.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
toot
];
}

1
home/backup-apps.nix
View file

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = with pkgs; [gitlab_archiver];}

1
home/home-folders.nix
View file

@ -9,6 +9,7 @@
"Mounts/Backups"
"Mounts/Backups-Crypt"
"Mounts/Photos-Crypt"
"Mounts/Personal-Crypt"
"Mounts/Public"
"Mounts/Temp1"
"Mounts/Temp2"

24
home/manual-backup-apps.nix Normal file
View file

@ -0,0 +1,24 @@
{
pkgs,
nixosConfig,
...
} @ file_inputs: let
# Requires secrets.{gitlab_archiver_token, restic_music_env}
# expected to be in default locations
# Incase home.apps.manual-backup-apps is running in container which passes secrets in from host
secrets =
if builtins.elem "host_secrets" (builtins.attrNames file_inputs)
then file_inputs.host_secrets
else nixosConfig.services.secrets.secrets;
in {
home.packages = with pkgs; [
restic
(pkgs.writeShellScriptBin "restic-music" ''
env $(cat ${secrets.restic_music_env.path}) \
${pkgs.restic}/bin/restic $@
'')
gitlab_archiver
];
}

2
hosts/lappy-t495/lappy-t495.nix
View file

@ -22,7 +22,7 @@
home.base
home.dev.all
home.home-folders
home.backup-apps
home.manual-backup-apps
home.programming.editors.vscode
home.programming.languages.rust

28
hosts/lappy-t495/profiles/harry-vpn.nix
View file

@ -1,28 +0,0 @@
{
config,
pkgs,
...
}: let
secrets = config.services.secrets.secrets;
in {
environment.systemPackages = with pkgs; [wireguard-tools];
networking.wg-quick.interfaces = {
wg-harry-vpn = {
autostart = false;
address = ["185.186.9.71/26" "2a0b:6b84:2022:6::1/64"];
dns = ["8.8.8.8"];
mtu = 1280;
privateKeyFile = "${secrets.wg_harry_priv.path}";
peers = [
{
publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
presharedKeyFile = "${secrets.wg_harry_preshared.path}";
allowedIPs = ["0.0.0.0/0" "::/0"];
endpoint = "185.186.9.1:8081";
persistentKeepalive = 25;
}
];
};
};
}

39
hosts/lappy-t495/profiles/wireguard.nix
View file

@ -1,39 +0,0 @@
{config, ...}: let
secrets = config.services.secrets.secrets;
in {
networking.firewall.trustedInterfaces = ["wg0"];
networking.wg-quick.interfaces = {
wg0 = {
autostart = false;
address = ["10.69.42.2/32"];
privateKeyFile = "${secrets.wg_priv.path}";
peers = [
# hetzner-vm
{
publicKey = "UJr+EmUM7KWkIy0nk0JA38ibvcLC++6iuOKkHdrx9Dc=";
presharedKeyFile = "${secrets.wg_preshared_hetzner-vm.path}";
allowedIPs = ["10.69.42.1/32"];
endpoint = "hetzner-vm.servers.genderfucked.monster:51820";
persistentKeepalive = 25;
}
# vault
{
publicKey = "IGq+WanFM/bKNUkwjO/0AAtDhJLvtvU+mVxH27QyHTc=";
presharedKeyFile = "${secrets.wg_preshared_vault.path}";
allowedIPs = ["10.69.42.3/32"];
endpoint = "vault.servers.genderfucked.monster:51820";
persistentKeepalive = 25;
}
# storage
{
publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
presharedKeyFile = "${secrets.wg_preshared_storage.path}";
allowedIPs = ["10.69.42.4/32"];
endpoint = "storage.servers.genderfucked.monster:51820";
persistentKeepalive = 25;
}
];
};
};
}

27
hosts/lappy-t495/secrets.nix
View file

@ -3,6 +3,7 @@
enable = true;
secrets = {
usb_encryption_passphrase = {manual = true;};
music_stream_password = {
user = "chaos";
group = "users";
@ -10,6 +11,32 @@
simple_get "/api-keys/music-stream" .password > $secretFile
'';
};
# Required for home.apps.manual-backup-apps
gitlab_archiver_token = {
user = "chaos";
group = "users";
fetchScript = ''
simple_get "/api-keys/gitlab/gitlab_archiver" .token > $secretFile
'';
};
# Required for home.apps.manual-backup-apps
restic_music_env = {
user = "chaos";
group = "users";
fetchScript = ''
api_username=$(simple_get "/api-keys/storage/restic/Music" .username)
api_password=$(simple_get "/api-keys/storage/restic/Music" .password)
restic_password=$(simple_get "/private-public-keys/restic/Music" .password)
echo > $secretFile
echo "RESTIC_REPOSITORY=rest:https://''${api_username}:''${api_password}@storage-restic.owo.monster/Music" >> $secretFile
echo "RESTIC_PASSWORD=''${restic_password}" >> $secretFile
'';
};
};
};
}

28
hosts/tablet/profiles/harry-vpn.nix
View file

@ -1,28 +0,0 @@
{
config,
pkgs,
...
}: let
secrets = config.services.secrets.secrets;
in {
environment.systemPackages = with pkgs; [wireguard-tools];
networking.wg-quick.interfaces = {
wg-harry-vpn = {
autostart = false;
address = ["185.186.9.71/26" "2a0b:6b84:2022:6::1/64"];
dns = ["8.8.8.8"];
mtu = 1280;
privateKeyFile = "${secrets.wg_harry_priv.path}";
peers = [
{
publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
presharedKeyFile = "${secrets.wg_harry_preshared.path}";
allowedIPs = ["0.0.0.0/0" "::/0"];
endpoint = "185.186.9.1:8081";
persistentKeepalive = 25;
}
];
};
};
}

3
hosts/tablet/tablet.nix
View file

@ -10,7 +10,6 @@
presets.nixos.encrypted-usb
hosts.tablet.profiles.wireguard
hosts.tablet.profiles.harry-vpn
./secrets.nix
];
@ -25,7 +24,7 @@
home.base
home.dev.all
home.home-folders
home.backup-apps
home.manual-backup-apps
home.programming.editors.vscode
home.programming.languages.rust

1
presets/nixos/desktop.nix
View file

@ -23,6 +23,7 @@
home.apps.telegram
home.apps.quassel
home.apps.session
home.apps.toot-cli
home.apps.obsidian
home.apps.strawberry