-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Peter Lehmann
committed
Feb 21, 2024
1 parent
361fa92
commit 460addd
Showing
10 changed files
with
255 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,24 @@ | ||
keys: | ||
- &peter age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g | ||
- &system_mns age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr | ||
- &system_sync age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76 | ||
|
||
creation_rules: | ||
- path_regex: secrets/common.(yaml|json|env|ini)$ | ||
key_groups: | ||
- age: | ||
- *peter | ||
- *system_mns | ||
- *system_sync | ||
|
||
- path_regex: secrets/[^/]+\.mns.(yaml|json|env|ini)$ | ||
key_groups: | ||
- age: | ||
- *peter | ||
- *system_mns | ||
|
||
- path_regex: secrets/[^/]+\.sync.(yaml|json|env|ini)$ | ||
key_groups: | ||
- age: | ||
- *peter | ||
- *system_sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
imports = [ | ||
# ./backup.nix | ||
./disko.nix | ||
./hardware-configuration.nix | ||
./mount.nix | ||
./networking.nix | ||
./syncthing.nix | ||
]; | ||
|
||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{ | ||
disko.devices = { | ||
disk = { | ||
sda = { | ||
device = "/dev/sda"; | ||
type = "disk"; | ||
content = { | ||
type = "gpt"; | ||
partitions = { | ||
ESP = { | ||
label = "EFI"; | ||
type = "EF00"; | ||
size = "500M"; | ||
content = { | ||
type = "filesystem"; | ||
format = "vfat"; | ||
mountpoint = "/boot"; | ||
}; | ||
}; | ||
root = { | ||
label = "NIXOS"; | ||
size = "100%"; | ||
content = { | ||
type = "filesystem"; | ||
format = "ext4"; | ||
mountpoint = "/"; | ||
}; | ||
}; | ||
}; | ||
}; | ||
}; | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{ config, lib, pkgs, modulesPath, ... }: | ||
{ | ||
imports = | ||
[ | ||
(modulesPath + "/profiles/qemu-guest.nix") | ||
]; | ||
|
||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; | ||
|
||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||
# (the default) this is the recommended approach. When using systemd-networkd it's | ||
# still possible to use this option, but it's recommended to use it in conjunction | ||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||
networking.useDHCP = lib.mkDefault true; | ||
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; | ||
|
||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ inputs | ||
, pkgs | ||
, config | ||
, ... | ||
}: | ||
{ | ||
sops.secrets."storagebox" = { | ||
neededForUsers = true; | ||
sopsFile = "${inputs.self}/secrets/mount.sync.yaml"; | ||
}; | ||
environment.systemPackages = [ pkgs.cifs-utils ]; | ||
fileSystems."/mnt/share" = { | ||
device = "//u351929.your-storagebox.de/backup"; | ||
fsType = "cifs"; | ||
options = | ||
let | ||
# this line prevents hanging on network split | ||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; | ||
|
||
in | ||
[ "${automount_opts},uid=237,credentials=${config.sops.secrets."storagebox".path}" ]; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
{ lib | ||
, ... | ||
}: | ||
{ | ||
networking = { | ||
useNetworkd = true; | ||
useDHCP = false; | ||
hostName = "sync"; | ||
usePredictableInterfaceNames = lib.mkDefault false; | ||
domain = "xnee.de"; | ||
nameservers = [ | ||
#HETZNER | ||
"2a01:4ff:ff00::add:2" | ||
"2a01:4ff:ff00::add:1" | ||
]; | ||
dhcpcd.enable = false; | ||
}; | ||
systemd.network = { | ||
enable = true; | ||
networks."10-wan" = { | ||
networkConfig.DHCP = "no"; | ||
matchConfig.Name = "eth0"; | ||
address = [ | ||
"2a01:4f9:c011:aeba::1/64" | ||
"135.181.206.213/32" | ||
]; | ||
routes = [ | ||
{ routeConfig.Gateway = "fe80::1"; } | ||
{ routeConfig = { Destination = "172.31.1.1"; }; } | ||
{ | ||
routeConfig = { | ||
Gateway = "172.31.1.1"; | ||
GatewayOnLink = true; | ||
}; | ||
} | ||
]; | ||
linkConfig.RequiredForOnline = "routable"; | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
{ config, lib, pkgs, ... }: | ||
let | ||
domain = "sync.xnee.de"; | ||
in | ||
{ | ||
networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||
services.caddy = { | ||
enable = true; | ||
virtualHosts = { | ||
"sync.xnee.de" = { | ||
extraConfig = '' | ||
reverse_proxy http://localhost:8384 { | ||
header_up Host {upstream_hostport} | ||
} | ||
''; | ||
}; | ||
}; | ||
}; | ||
|
||
services.syncthing = { | ||
enable = true; | ||
dataDir = "/mnt/share"; | ||
guiAddress = "127.0.0.1:8384"; | ||
settings = { | ||
devices = { | ||
kleeblatt = { | ||
name = "kleeblatt.xnee.net"; | ||
id = "ZMOLUG3-6LSPE3R-FRAO253-HEFQ4FC-Y6XS7ED-P5WWKKJ-NHPAL3U-CKOKSAH"; | ||
}; | ||
hasenpfote = { | ||
name = "hasenpfote.xnee.net"; | ||
id = "LAXQGRV-P7YOQLX-OACH3ZD-RHOQHFI-T233PKG-FKVKOMM-HQHM2FT-E7P6FAV"; | ||
}; | ||
tab_s8_xnee_de = { | ||
name = "Tab S8"; | ||
id = "TWRW63W-65RC4D4-76XRSPS-RCLMBF2-4W3GLAV-4M2DN36-R3BHNZM-ZXDLQAB"; | ||
}; | ||
win11_desktop_xnee_de = { | ||
name = "Win11@Desktop"; | ||
id = "7LVG6JG-N7GRS45-B3THPPH-THPNTKJ-SHL5PX2-AMEVKWP-F24PED6-74CWNAV"; | ||
}; | ||
}; | ||
folders = { | ||
keepass = { | ||
id = "56n2x-jhoz6"; | ||
path = "~/keepass"; | ||
devices = [ "kleeblatt" "hasenpfote" "tab_s8_xnee_de" "win11_desktop_xnee_de" ]; | ||
}; | ||
obsidianvault = { | ||
id = "esczl-qkfaz"; | ||
path = "~/obsidianvault"; | ||
devices = [ "kleeblatt" "hasenpfote" "tab_s8_xnee_de" "win11_desktop_xnee_de" ]; | ||
}; | ||
dcim = { | ||
id = "vpehd-xcue1"; | ||
path = "~/dcim"; | ||
devices = [ "kleeblatt" "hasenpfote" "tab_s8_xnee_de" "win11_desktop_xnee_de" ]; | ||
}; | ||
}; | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
storagebox: ENC[AES256_GCM,data:MJCHyYDvyySm7axUDkgLh9F8Imw3+NQz/CGef4Lo7On2dH447rL2d1Ws,iv:6Ar2/wG4VoFeyevYLX8XoGRuBhHaZve7ee8Akxtzwi8=,tag:46GAdKZ3yfnrubEbOMG8Rg==,type:str] | ||
sops: | ||
kms: [] | ||
gcp_kms: [] | ||
azure_kv: [] | ||
hc_vault: [] | ||
age: | ||
- recipient: age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g | ||
enc: | | ||
-----BEGIN AGE ENCRYPTED FILE----- | ||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdndDY3A0SzNKNlpkWFJY | ||
T0g5SXNiZHF2YkZNZy9PeHNTSWh3NFJ0MVZnClk5YUk4djJSQjF4d0VEK3FPbm11 | ||
ZUFPS0x5RE1yYUJIWG1SMThGYnZmVTAKLS0tIDF0VWI3U1oyb2F2TWZwY2JKNWwz | ||
VjBJOVdyL00rL3cwcnNDWXlVWldlRmMKd281qvbSyTAfU9sod7A+HEJXyACScYQ/ | ||
VDxjb6q5T2TxsucYilbKs/R6OvwweQ+kRuFGkp7h8xxsl/C2etP0Aw== | ||
-----END AGE ENCRYPTED FILE----- | ||
- recipient: age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76 | ||
enc: | | ||
-----BEGIN AGE ENCRYPTED FILE----- | ||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQTlIalk4TDZTNW5DeHhI | ||
VU9lbGVTRC9MZldBVnEwT2h2eFhkcDRPcHo4CjF3dmtrYk9sOHRXUkY4dkxILzJT | ||
eUdaRXRBcHRrYVdpamgrK0k2dE9xL00KLS0tIFdvV0xUWnVISXo0eUpJS1lDMWtF | ||
TWw4YnVRcEV3b0J5VmJGaTkvMWx1U0kKadJQi9phyEisv0JTrVPF6/syUgp6i4VO | ||
3rGwYDWrmtV/Zq+DBVKPKenS5OlMQMM/HhiFiKI8CSjt0an0nbtd9g== | ||
-----END AGE ENCRYPTED FILE----- | ||
lastmodified: "2023-11-07T11:42:25Z" | ||
mac: ENC[AES256_GCM,data:5bHMoxqEOCqHZt12ajhWaMC3gm0LPiARnNscVvXBmi42bnyob1BPZ2rRYv4nyiCb41yuDAQCNc7BDBhMVif1ATUnaEV67wQAe+7LHrIaoozcA0bA1040FD7HJi/DpKw6elFiSxefj706DW+nmShawZ7+153umOlFrcvKq1eG96A=,iv:BLCFmq4XwHeOmGu91slvWnYxaIuxzLFitllsr7xuD4c=,tag:VWMuzt9B4ab+Pg36Gv4tYg==,type:str] | ||
pgp: [] | ||
unencrypted_suffix: _unencrypted | ||
version: 3.8.1 |