wayne/system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

PIA w/agenix added.

Browse Source
This commit is contained in:
wayne 2024-12-03 10:21:22 -08:00
parent a1e986b617
commit 77ecbd3071
8 changed files with 153 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
configuration.nix
View File

@ -1,31 +1,41 @@
# NixOS's declarative configuration calculates which software packages need to be installed and then soft-links the storage paths of these packages in the Nix Store to /run/current-system, and by modifying environment variables like PATH
{ lib, config, pkgs, zen-browser, hyprland, inputs, agenix, pkgs-unstable, ... }:
{
lib,
config,
pkgs,
zen-browser,
hyprland,
inputs,
agenix,
pkgs-unstable,
pia,
...
}:
let
unstable = import <nixpkgs> {
overlays = pkgs.overlays;
};
in
{
imports =
[
./environment.nix
./hardware-configuration.nix
imports = [
./environment.nix
./hardware-configuration.nix
# (import ./modules/containers.nix { inherit pkgs inputs config lib pkgs-unstable ;})
./modules/containers.nix
./modules/display.nix
./modules/files.nix
./modules/fonts.nix
./modules/musnix.nix
./modules/network.nix
./modules/nix.nix
# ./modules/qt.nix
./modules/security.nix
./modules/tailscale.nix
./modules/users.nix
./modules/wm.nix
./modules/xdg.nix
];
# (import ./modules/containers.nix { inherit pkgs inputs config lib pkgs-unstable ;})
./modules/containers.nix
./modules/display.nix
./modules/files.nix
./modules/fonts.nix
./modules/musnix.nix
./modules/network.nix
./modules/nix.nix
# ./modules/qt.nix
./modules/security.nix
./modules/tailscale.nix
./modules/users.nix
./modules/wm.nix
./modules/xdg.nix
];
programs.hyprland = {
enable = true;
@ -137,11 +147,15 @@ in
#media-session.enable = true;
# wireplumber.enable = true;
};
hardware.openrgb = {
# hardware.openrgb = {
# enable = false;
# package = pkgs.openrgb-with-all-plugins;
# motherboard = "intel";
# server.port = 6742;
# };
pia = {
enable = true;
package = pkgs.openrgb-with-all-plugins;
motherboard = "intel";
server.port = 6742;
authUserPassFile = config.age.secrets.pia.path;
};
};

55
flake.lock generated
View File

@ -127,6 +127,24 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@ -332,6 +350,27 @@
"type": "github"
}
},
"pia": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730809692,
"narHash": "sha256-L2nzuQOK36xYcY6hQ3+waIFd0lWGlz7YTBnUCgV5Ox4=",
"owner": "Fuwn",
"repo": "pia.nix",
"rev": "445e82bd030080fb250f83805a7cc2feeea174c9",
"type": "github"
},
"original": {
"owner": "Fuwn",
"repo": "pia.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -345,6 +384,7 @@
"nix-colors": "nix-colors",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"pia": "pia",
"tt-schemes": "tt-schemes",
"zen-browser": "zen-browser"
}
@ -379,6 +419,21 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tt-schemes": {
"flake": false,
"locked": {

7
flake.nix
View File

@ -45,6 +45,9 @@
# inputs.nixpkgs.follows = "nixpkgs";
# };
agenix.url = "github:ryantm/agenix";
# PIA
pia.url = "github:Fuwn/pia.nix";
pia.inputs.nixpkgs.follows = "nixpkgs";
musnix.url = "github:musnix/musnix";
};
@ -63,6 +66,7 @@
agenix,
# nix-ld,
musnix,
pia,
...
} @ inputs:
let
@ -101,11 +105,12 @@
nixosConfigurations = {
launchpad = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix ;};
specialArgs = {inherit inputs outputs systemSettings userSettings lib agenix pia ;};
modules = [
# kmonad.nixosModules.default
musnix.nixosModules.musnix
agenix.nixosModules.default
pia.nixosModules."x86_64-linux".default
./configuration.nix
# nix-ld.nixosModules.nix-ld

16
hm/home.nix
View File

@ -1,6 +1,18 @@
# Last stable generation 359 10/13/24
# home-manager works by soft-linking the software packages configured by the user to /etc/profiles/per-user/your-username and modifying environment variables like PATH to point to this path, thus installing user software packages.
{ inputs, outputs, lib, config, pkgs, systemSettings, userSettings, zen-browser, hyprland, nix-colors, ... }:
{
inputs,
outputs,
lib,
config,
pkgs,
systemSettings,
userSettings,
zen-browser,
hyprland,
nix-colors,
...
}:
let
system = "x86_64-linux";
@ -139,7 +151,7 @@ in
};
};
fonts.fontconfig.enable = true;
# colorScheme = nix-colors.colorSchemes.nord;
# colorScheme = nix-colors.colorSchemes.nord;
home.packages = with pkgs; [
zsh bash git stow tmux tmuxPlugins.tmux-fzf

17
modules/containers.nix
View File

@ -402,6 +402,12 @@
localAddress = "192.168.12.76/24";
hostBridge = "br0";
autoStart = false;
allowedDevices = [
{
modifier = "rw";
node = "/dev/net/tun";
}
];
bindMounts = {
"/var/www" = {
hostPath = "/home/wayne/dev/whd/live";
@ -418,7 +424,7 @@
{
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 1025 3000 3001 8025 8080 2222 3306 ];
allowedTCPPorts = [ 22 80 443 1025 3000 3001 41641 8025 8080 2222 3306 ];
};
networking = {
enableIPv6 = false;
@ -445,6 +451,15 @@
};
};
services.tailscale = {
enable = true;
package = pkgs.tailscale;
interfaceName = "tailscale0";
openFirewall = true;
port = 41641;
useRoutingFeatures = "server";
};
services.openssh = {
enable = true;
ports = [ 22 ];

6
modules/security.nix
View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{
security.polkit = {
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function (action, subject) {
@ -74,6 +74,7 @@
};
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
nextcloud = {
file = ../secrets/nextcloud.age;
@ -84,6 +85,9 @@
onlyoffice = {
file = ../secrets/onlyoffice-jwt.age;
};
pia = {
file = ../secrets/pia.age;
};
};
};
}

17
secrets/pia.age Normal file
View File

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa 28puQg
JGtoK7DucZvBPjewFHiFnOKOTjIaSOGfRJybUD14VcHRk0uiSfXidkp/Gf/wf3KJ
narocC7/qcVIdHWiMe+TbNcE/Kcly3BUpW7w7QFIxJ3+X49TttE4/VcTp5QJ2nbV
Wm5q+Kd9IG2B2Bt/8BmQCiwOkoo+ps3mub4xY2yBmuPo8kvZhMdnwEx2NLQy9CiC
JOtd77ZpmsETuBOodu/4eAIxqfS+qooZVUkc/mzywOgCjMU94YLrwGxt1iwdTXMX
xEtm9rd3W2Sjj7ksh6G+rFarg5NODSMc/7LIoiQui6w9ytRsu3FukS8dhYe92Yep
rw+2Jmz5FHLiVdfh9ZTzEOGVojGlHVJpthZPWUGHsWH1+p9FXbPCYThGVSzWZh/2
vj6/5C/xpN3yzVoQtVqu/svrSH8Ls9cBJpo2yqopS85nzwjnA/ypkHrXQ4QUaZQg
upzsNc7EAaY91CIBGxyattGODJ+bRuehVgo/xpb+W9fwFVkvP6wm3UiTJwFsKwE6
pdusUwqzyhcvhm8lGj5H0JW5jvEd+UjpVBHc1+DC2vLeqwuUzo/Ya5qNTBrNwdKT
nkXyyiXuTdRJ5lkcM9xjY0vikNN348dURVIB1Ub+iTG85Pg4IdBgR2S5s01L/b4n
c0vOvWf3jcx/SkZoKgiYjiWYoIXVRrAlcVnwXJ09h+8
-> ssh-ed25519 rxYdLA jMpoBVQ9mBa2Rtyx9EeEGHYKlXYlmTAw0uR+5Jbclyc
xibncpFqofpBcebRdwALgdjJlUIO4dY7kJYXMB2P9xc
--- eM2ZXQ4YYbeGThU1RChJ1Qmn2NwknMc7jOqd264rHGI
*OÁ¨„CEŽñBò÷èŠú°U`c2iþ«<8“ HëÛÑW<>Á|^¥b'2Nµ.Ý–

3
secrets/secrets.nix
View File

@ -11,4 +11,5 @@ in
"nextcloud.age".publicKeys = [ nextcloud wayne launchpad ];
"onlyoffice-jwt.age".publicKeys = [ onlyoffice wayne launchpad ];
"whayes.age".publicKeys = [ wayne launchpad ];
}
"pia.age".publicKeys = [ wayne launchpad ];
}