feat(MOMO): setup syncthing and vaultwarden

2025-01-01 21:33:50 +01:00 · 2025-01-01 21:33:50 +01:00 · 6ca4dd9e57
commit 6ca4dd9e57
parent 7968a18271
33 changed files with 419 additions and 149 deletions
--- a/modules/core/applications.nix
+++ b/modules/core/applications.nix
@ -32,6 +32,8 @@
      pkgs.inotify-tools # a c library and a set of command-line programs providing a simple interface to inotify
      pkgs.mkcert # a simple tool for making locally-trusted development certificates
      pkgs.hexedit
+      pkgs.gdu # fast disk usage analyzer with console interface written in go
+      pkgs.duf # disk usage/free utility - a better 'df' alternative
    ]
    ++ lib.optionals (config.bchmnn.collections.cli-utils.enable && config.bchmnn.nvidia.enable) [
      pkgs.nvtopPackages.full
--- a/modules/core/network.nix
+++ b/modules/core/network.nix
@ -1,10 +1,22 @@
-{ config
-, lib
-, pkgs
-, ...
+{
+  config,
+  lib,
+  pkgs,
+  ...
 }:
 {
  options.bchmnn = {
+    network = {
+      nm = {
+        enable = lib.mkEnableOption "nm";
+      };
+      resolved = {
+        enable = lib.mkEnableOption "resolved";
+      };
+      networkd = {
+        enable = lib.mkEnableOption "networkd";
+      };
+    };
    collections = {
      vpn = {
        dryborg = {
@ -15,14 +27,16 @@
  };
  config = {
    networking = {
-      networkmanager.enable = true;
+      networkmanager.enable = config.bchmnn.network.nm.enable;
    };

-    systemd.services = {
+    systemd.services = lib.mkIf (config.bchmnn.network.nm.enable) {
      NetworkManager-wait-online.enable = false;
    };

-    services.resolved.enable = config.bchmnn.collections.vpn.enable;
+    services.resolved.enable = (
+      config.bchmnn.network.nm.enable || config.bchmnn.collections.vpn.enable
+    );

    environment.systemPackages = lib.optionals (config.bchmnn.collections.vpn.enable) [
      pkgs.openvpn3
@ -31,31 +45,35 @@
    ];
    services.mullvad-vpn.enable = config.bchmnn.collections.vpn.enable;

-    age.secrets = lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable) {
-      keys-wireguard-dryborg-privatekey = {
-        file = ../../secrets/keys/wireguard/dryborg/privatekey.age;
-      };
-      keys-wireguard-dryborg-presharedkey = {
-        file = ../../secrets/keys/wireguard/dryborg/presharedkey.age;
-      };
-    };
+    age.secrets =
+      lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable)
+        {
+          keys-wireguard-dryborg-privatekey = {
+            file = ../../secrets/keys/wireguard/dryborg/privatekey.age;
+          };
+          keys-wireguard-dryborg-presharedkey = {
+            file = ../../secrets/keys/wireguard/dryborg/presharedkey.age;
+          };
+        };

-    networking.wg-quick.interfaces = lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable) {
-      "vpn.dryb.org" = {
-        autostart = false;
-        privateKeyFile = config.age.secrets.keys-wireguard-dryborg-privatekey.path;
-        address = [ "10.200.200.1/24" ];
-        dns = [ "192.168.2.1" ];
-        peers = [
-          {
-            publicKey = "JY5fb0RS7C8WyPPEeymzuMSUeIhDtICGk1FYJgTRnTs=";
-            presharedKeyFile = config.age.secrets.keys-wireguard-dryborg-presharedkey.path;
-            allowedIPs = [ "0.0.0.0/0" ];
-            endpoint = "vpn.dryb.org:53280";
-            persistentKeepalive = 21;
-          }
-        ];
-      };
-    };
+    networking.wg-quick.interfaces =
+      lib.mkIf (config.bchmnn.collections.vpn.enable && config.bchmnn.collections.vpn.dryborg.enable)
+        {
+          "vpn.dryb.org" = {
+            autostart = false;
+            privateKeyFile = config.age.secrets.keys-wireguard-dryborg-privatekey.path;
+            address = [ "10.200.200.1/24" ];
+            dns = [ "192.168.2.1" ];
+            peers = [
+              {
+                publicKey = "JY5fb0RS7C8WyPPEeymzuMSUeIhDtICGk1FYJgTRnTs=";
+                presharedKeyFile = config.age.secrets.keys-wireguard-dryborg-presharedkey.path;
+                allowedIPs = [ "0.0.0.0/0" ];
+                endpoint = "vpn.dryb.org:53280";
+                persistentKeepalive = 21;
+              }
+            ];
+          };
+        };
  };
 }
--- a/modules/core/shell.nix
+++ b/modules/core/shell.nix
@ -1,4 +1,9 @@
-{ pkgs, ... }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
 let
  common = import ./common.nix;
 in
@ -7,8 +12,10 @@ in
    enable = true;
  };

-  users.users.gandalf = {
-    shell = pkgs.zsh;
+  users.users = lib.mkIf (config.bchmnn.home.enable) {
+    gandalf = {
+      shell = pkgs.zsh;
+    };
  };

  environment = {