bchmnn/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(MOMO): setup syncthing and vaultwarden

Browse source
This commit is contained in:
Jacob Bachmann 2025-01-01 21:33:50 +01:00
parent 7968a18271
commit 6ca4dd9e57
No known key found for this signature in database
GPG key ID: 7753026D577922A6
33 changed files with 419 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/core/applications.nix
View file

@ -32,6 +32,8 @@
pkgs.inotify-tools # a c library and a set of command-line programs providing a simple interface to inotify
pkgs.mkcert # a simple tool for making locally-trusted development certificates
pkgs.hexedit
pkgs.gdu # fast disk usage analyzer with console interface written in go
pkgs.duf # disk usage/free utility - a better 'df' alternative
]
++ lib.optionals (config.bchmnn.collections.cli-utils.enable && config.bchmnn.nvidia.enable) [
pkgs.nvtopPackages.full

82
modules/core/network.nix
View file

@ -1,10 +1,22 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
{
options.bchmnn = {
network = {
nm = {
enable = lib.mkEnableOption "nm";
};
resolved = {
enable = lib.mkEnableOption "resolved";
};
networkd = {
enable = lib.mkEnableOption "networkd";
};
};
collections = {
vpn = {
dryborg = {
@ -15,14 +27,16 @@
};
config = {
networking = {
networkmanager.enable = true;
networkmanager.enable = config.bchmnn.network.nm.enable;
};
systemd.services = {
systemd.services = lib.mkIf (config.bchmnn.network.nm.enable) {
NetworkManager-wait-online.enable = false;
};
services.resolved.enable = config.bchmnn.collections.vpn.enable;
services.resolved.enable = (
config.bchmnn.network.nm.enable || config.bchmnn.collections.vpn.enable
);
environment.systemPackages = lib.optionals (config.bchmnn.collections.vpn.enable) [
pkgs.openvpn3
@ -31,31 +45,35 @@
];
services.mullvad-vpn.enable = config.bchmnn.collections.vpn.enable;
age.secrets = lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable) {
keys-wireguard-dryborg-privatekey = {
file = ../../secrets/keys/wireguard/dryborg/privatekey.age;
};
keys-wireguard-dryborg-presharedkey = {
file = ../../secrets/keys/wireguard/dryborg/presharedkey.age;
};
};
age.secrets =
lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable)
{
keys-wireguard-dryborg-privatekey = {
file = ../../secrets/keys/wireguard/dryborg/privatekey.age;
};
keys-wireguard-dryborg-presharedkey = {
file = ../../secrets/keys/wireguard/dryborg/presharedkey.age;
};
};
networking.wg-quick.interfaces = lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable) {
"vpn.dryb.org" = {
autostart = false;
privateKeyFile = config.age.secrets.keys-wireguard-dryborg-privatekey.path;
address = [ "10.200.200.1/24" ];
dns = [ "192.168.2.1" ];
peers = [
{
publicKey = "JY5fb0RS7C8WyPPEeymzuMSUeIhDtICGk1FYJgTRnTs=";
presharedKeyFile = config.age.secrets.keys-wireguard-dryborg-presharedkey.path;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "vpn.dryb.org:53280";
persistentKeepalive = 21;
}
];
};
};
networking.wg-quick.interfaces =
lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable)
{
"vpn.dryb.org" = {
autostart = false;
privateKeyFile = config.age.secrets.keys-wireguard-dryborg-privatekey.path;
address = [ "10.200.200.1/24" ];
dns = [ "192.168.2.1" ];
peers = [
{
publicKey = "JY5fb0RS7C8WyPPEeymzuMSUeIhDtICGk1FYJgTRnTs=";
presharedKeyFile = config.age.secrets.keys-wireguard-dryborg-presharedkey.path;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "vpn.dryb.org:53280";
persistentKeepalive = 21;
}
];
};
};
};
}

13
modules/core/shell.nix
View file

@ -1,4 +1,9 @@
{ pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
common = import ./common.nix;
in
@ -7,8 +12,10 @@ in
enable = true;
};
users.users.gandalf = {
shell = pkgs.zsh;
users.users = lib.mkIf (config.bchmnn.home.enable) {
gandalf = {
shell = pkgs.zsh;
};
};
environment = {

5
modules/default.nix
View file

@ -1,6 +1,11 @@
{ lib, ... }:
{
options.bchmnn = with lib; {
home = {
enable = mkEnableOption "home";
};
user = {
extraGroups = mkOption {
type = types.listOf types.str;

2
modules/home-manager/applications.nix
View file

@ -5,8 +5,6 @@
pkgs.gopass-jsonapi # enables communication with gopass via json messages
pkgs.bitwarden-cli # secure and free password manager for all of your devices
pkgs.yt-dlp # command-line tool to download videos from youtube.com and other sites (youtube-dl fork)
pkgs.gdu # fast disk usage analyzer with console interface written in go
pkgs.duf # disk usage/free utility - a better 'df' alternative
pkgs.stress # simple workload generator for posix systems. it imposes a configurable amount of cpu, memory, i/o, and disk stress on the system
pkgs.s-tui # stress-terminal ui monitoring tool
pkgs.fio # flexible io tester - an io benchmark tool

97
modules/home-manager/default.nix
View file

@ -1,63 +1,64 @@
{ config, ... }@inputs:
{ lib, config, ... }@inputs:
let
common = import ../core/common.nix;
in
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
users.users.gandalf = {
isNormalUser = true;
extraGroups = config.bchmnn.user.extraGroups;
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOG8Sja2i6nepkEkuxYdu86XbT9vS5uniBmZifSMZ0t jacob.bachmann@posteo.de"
];
config = lib.mkIf (config.bchmnn.home.enable) {
users.users.gandalf = {
isNormalUser = true;
extraGroups = config.bchmnn.user.extraGroups;
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOG8Sja2i6nepkEkuxYdu86XbT9vS5uniBmZifSMZ0t jacob.bachmann@posteo.de"
];
};
};
};
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
home-manager.users.gandalf = rec {
imports = [
./gui
./scripts
./applications.nix
./audio.nix
./dconf.nix
./git.nix
./gnupg.nix
./keyd.nix
./neovim.nix
./shell.nix
./zsh.nix
];
home-manager.users.gandalf = rec {
imports = [
./gui
./scripts
./applications.nix
./audio.nix
./dconf.nix
./git.nix
./gnupg.nix
./keyd.nix
./neovim.nix
./shell.nix
./zsh.nix
];
config = {
home = {
username = "gandalf";
homeDirectory = "/home/gandalf";
shellAliases = common.aliases;
stateVersion = "23.05";
};
config = {
home = {
username = "gandalf";
homeDirectory = "/home/gandalf";
shellAliases = common.aliases;
stateVersion = "23.05";
};
xdg.userDirs = {
enable = true;
createDirectories = true;
desktop = "${config.home.homeDirectory}/tmp";
documents = "${config.home.homeDirectory}/docs";
download = "${config.home.homeDirectory}/dl";
music = "${config.home.homeDirectory}/music";
pictures = "${config.home.homeDirectory}/pics";
publicShare = "${config.home.homeDirectory}/public";
templates = "${config.home.homeDirectory}/templates";
videos = "${config.home.homeDirectory}/vids";
xdg.userDirs = {
enable = true;
createDirectories = true;
desktop = "${config.home.homeDirectory}/tmp";
documents = "${config.home.homeDirectory}/docs";
download = "${config.home.homeDirectory}/dl";
music = "${config.home.homeDirectory}/music";
pictures = "${config.home.homeDirectory}/pics";
publicShare = "${config.home.homeDirectory}/public";
templates = "${config.home.homeDirectory}/templates";
videos = "${config.home.homeDirectory}/vids";
};
};
};
};