mirror of
https://github.com/tboerger/nixos-config
synced 2024-11-22 18:21:58 +01:00
chore: even more restructuring
This commit is contained in:
parent
543d2d6f90
commit
3bb742392a
15
TODO.md
15
TODO.md
@ -1,14 +1,15 @@
|
||||
# Todo
|
||||
|
||||
## desktop
|
||||
|
||||
* clickup (package https://nixos.org/manual/nixpkgs/stable/#sec-pkgs-appimageTools)
|
||||
* curseforge (package)
|
||||
* deezer (mpd / mopidy)
|
||||
* mail (thunderbird / mailspring / prospect-mail)
|
||||
* assign windows to right desktop
|
||||
* autostart standard tools on desktops
|
||||
|
||||
# Maybe
|
||||
## server
|
||||
|
||||
* hexchat (irc client)
|
||||
* irssi (irc client)
|
||||
* kitty (terminal)
|
||||
* mangohud (fps overlay)
|
||||
* ncmpcpp (mpd client)
|
||||
* coredns for private domain names
|
||||
* nfs server on asgard
|
||||
* mount nfs volumes on utgard
|
||||
|
67
flake.lock
67
flake.lock
@ -20,6 +20,26 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"arion": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1654878283,
|
||||
"narHash": "sha256-JWdKBMzEibS2neY0nEs9E8kn4zRepEbwSw7HzxbEiAg=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "arion",
|
||||
"rev": "e5fb978143240f8d293e6e5acc9691acf472928d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "arion",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deployrs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
@ -60,16 +80,15 @@
|
||||
},
|
||||
"hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1664387039,
|
||||
"narHash": "sha256-RlSksOo/OUwBXus7qnS84mzjNwO3cRgHbdF0KzATPlw=",
|
||||
"lastModified": 1665987993,
|
||||
"narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "203dd7d7b9361c92579f086581f278f2707bcd76",
|
||||
"rev": "0e6593630071440eb89cd97a52921497482b22c6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "master",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
@ -78,30 +97,30 @@
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1656169755,
|
||||
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
|
||||
"lastModified": 1664783440,
|
||||
"narHash": "sha256-KlMwR7mUf5h8MPnzV7nGFUAt6ih/euW5xgvZ5x+hwvI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
|
||||
"rev": "e4e639dd4dc3e431aa5b5f95325f9a66ac7e0dd9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-22.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1664281702,
|
||||
"narHash": "sha256-haixZ4TJLu1Dciow54wrHrHvlGDVr5sW6MTeAV/ZLuI=",
|
||||
"lastModified": 1664780719,
|
||||
"narHash": "sha256-Oxe6la5dSqRfJogjtY4sRzJjDDqvroJIVkcGEOT87MA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7e52b35fe98481a279d89f9c145f8076d049d2b9",
|
||||
"rev": "fd54651f5ffb4a36e8463e0c327a78442b26cbe7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -113,11 +132,11 @@
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1664400119,
|
||||
"narHash": "sha256-G6gKRK9uOk7kt1uWCzmyuLB/qdQtGO8mxjs/dtTIr9A=",
|
||||
"lastModified": 1664894790,
|
||||
"narHash": "sha256-FAixnreJ0bXzK/m5a9KsC5XoiZFHqC4le0tseldsHZc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "e378da2e2cd205a55a0203b91162fefba04087e6",
|
||||
"rev": "529b4b6fc32b428cd07cc2a11abf728bdc59b4e5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -129,12 +148,13 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"arion": "arion",
|
||||
"deployrs": "deployrs",
|
||||
"hardware": "hardware",
|
||||
"homemanager": "homemanager",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nur": "nur",
|
||||
"utils": "utils_2"
|
||||
"utils": "utils_3"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
@ -166,6 +186,21 @@
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
43
flake.nix
43
flake.nix
@ -6,10 +6,6 @@
|
||||
url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
};
|
||||
|
||||
hardware = {
|
||||
url = "github:nixos/nixos-hardware/master";
|
||||
};
|
||||
|
||||
nur = {
|
||||
url = "github:nix-community/NUR";
|
||||
};
|
||||
@ -18,23 +14,32 @@
|
||||
url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
deployrs = {
|
||||
url = "github:serokell/deploy-rs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
homemanager = {
|
||||
url = "github:nix-community/home-manager/release-22.05";
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
deployrs = {
|
||||
url = "github:serokell/deploy-rs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
arion = {
|
||||
url = "github:hercules-ci/arion";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
hardware = {
|
||||
url = "github:nixos/nixos-hardware";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, hardware, nur, utils, deployrs, agenix, homemanager, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nur, utils, agenix, homemanager, deployrs, arion, hardware, ... }@inputs:
|
||||
let
|
||||
|
||||
in
|
||||
@ -64,8 +69,12 @@
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/chnum
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
@ -98,8 +107,12 @@
|
||||
hardware.nixosModules.raspberry-pi-4
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/midgard
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
@ -133,8 +146,12 @@
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/utgard
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
@ -166,8 +183,12 @@
|
||||
})
|
||||
homemanager.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
arion.nixosModules.arion
|
||||
./machines/asgard
|
||||
./profiles/thomas
|
||||
# ./profiles/anna
|
||||
# ./profiles/adrian
|
||||
# ./profiles/tabea
|
||||
];
|
||||
|
||||
specialArgs = {
|
||||
|
@ -12,7 +12,17 @@
|
||||
];
|
||||
|
||||
personal = {
|
||||
services = { };
|
||||
services = {
|
||||
docker = {
|
||||
enable = true;
|
||||
};
|
||||
samba = {
|
||||
enable = true;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system = {
|
||||
|
@ -12,7 +12,23 @@
|
||||
];
|
||||
|
||||
personal = {
|
||||
services = { };
|
||||
services = {
|
||||
acme = {
|
||||
enable = true;
|
||||
};
|
||||
adguard = {
|
||||
enable = true;
|
||||
};
|
||||
coredns = {
|
||||
enable = true;
|
||||
};
|
||||
docker = {
|
||||
enable = true;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system = {
|
||||
|
@ -3,7 +3,6 @@ with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
./frpc.nix
|
||||
./network.nix
|
||||
./nixpkgs.nix
|
||||
./prowlarr.nix
|
||||
|
@ -1,106 +0,0 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.frpc;
|
||||
|
||||
configFile =
|
||||
pkgs.writeText "frpc.conf" (generators.toINI { } cfg.settings);
|
||||
|
||||
in
|
||||
{
|
||||
options.services.frpc = {
|
||||
enable = mkEnableOption "frpc";
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "frpc";
|
||||
description = ''
|
||||
User under which frpc runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "frpc";
|
||||
description = ''
|
||||
Group under which frpc runs.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.frp;
|
||||
defaultText = "pkgs.frp";
|
||||
description = ''
|
||||
The frp package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
token = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Path to token secret file.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Full settings for the client.
|
||||
'';
|
||||
type = types.attrsOf types.attrs;
|
||||
default = { };
|
||||
example = literalExpression ''
|
||||
common = {
|
||||
server_addr = "example.com";
|
||||
server_port = 7001;
|
||||
};
|
||||
http = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 80;
|
||||
};
|
||||
https = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 443;
|
||||
};
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.groups = mkIf (cfg.group == "frpc") {
|
||||
frpc = { };
|
||||
};
|
||||
|
||||
users.users = mkIf (cfg.user == "frpc") {
|
||||
frpc = {
|
||||
group = cfg.group;
|
||||
shell = pkgs.bashInteractive;
|
||||
createHome = false;
|
||||
description = "frpc user";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.frpc = {
|
||||
description = "FRP Client";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Restart = "on-failure";
|
||||
ExecStart = pkgs.writeShellScript "frpc.sh" ''
|
||||
set -eu
|
||||
export FRP_TOKEN=$(<${cfg.token})
|
||||
${cfg.package}/bin/frpc -c ${configFile}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -6,6 +6,7 @@ with lib;
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
coreutils
|
||||
dig
|
||||
file
|
||||
git
|
||||
gnumake
|
||||
|
@ -10,7 +10,7 @@ with lib;
|
||||
users = {
|
||||
root = {
|
||||
shell = pkgs.zsh;
|
||||
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
|
||||
passwordFile = config.age.secrets."users/root/password".path;
|
||||
openssh = {
|
||||
authorizedKeys = {
|
||||
keys = [
|
||||
@ -20,10 +20,11 @@ with lib;
|
||||
};
|
||||
};
|
||||
admin = {
|
||||
description = "Admin";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
passwordFile = config.age.secrets."users/admin/password".path;
|
||||
uid = 1337;
|
||||
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
|
||||
openssh = {
|
||||
authorizedKeys = {
|
||||
keys = [
|
||||
@ -39,5 +40,13 @@ with lib;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/root/password" = {
|
||||
file = ../../secrets/users/root/password.age;
|
||||
};
|
||||
|
||||
age.secrets."users/admin/password" = {
|
||||
file = ../../secrets/users/admin/password.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
63
machines/services/adguard.nix
Normal file
63
machines/services/adguard.nix
Normal file
@ -0,0 +1,63 @@
|
||||
{ pkgs, lib, config, options, fetchurl, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.adguard;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
adguard = {
|
||||
enable = mkEnableOption "Adguard";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
adguardhome = {
|
||||
enable = true;
|
||||
mutableSettings = false;
|
||||
|
||||
host = "127.0.0.1";
|
||||
port = 3000;
|
||||
|
||||
settings = {
|
||||
dns = {
|
||||
port = 5353;
|
||||
bind_host = "127.0.0.1";
|
||||
bootstrap_dns = "1.1.1.1";
|
||||
|
||||
upstream_dns = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
};
|
||||
|
||||
users = [{
|
||||
name = "admin";
|
||||
password = "$2y$05$wzuDDF0NaP0zX.gguP8EyuBJ1wlyTPjLvXf.LCK8VCBKIUq4PnR62";
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
personal = {
|
||||
services = {
|
||||
webserver = {
|
||||
enable = true;
|
||||
|
||||
hosts = [
|
||||
{
|
||||
domain = "adguard.boerger.ws";
|
||||
proxy = "http://localhost:3000";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
{ pkgs, lib, config, options, fetchurl, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
20
machines/services/coredns.nix
Normal file
20
machines/services/coredns.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ pkgs, lib, config, options, fetchurl, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.coredns;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
coredns = {
|
||||
enable = mkEnableOption "CoreDNS";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable { };
|
||||
}
|
@ -3,15 +3,18 @@
|
||||
{
|
||||
imports = [
|
||||
./acme.nix
|
||||
./adguard.nix
|
||||
./citrix.nix
|
||||
./coredns.nix
|
||||
./desktop.nix
|
||||
./docker.nix
|
||||
./frpc.nix
|
||||
./hass.nix
|
||||
./haveged.nix
|
||||
./libvirt.nix
|
||||
./media.nix
|
||||
./nixbuild.nix
|
||||
./openssh.nix
|
||||
./tailscale.nix
|
||||
./timesyncd.nix
|
||||
./webserver.nix
|
||||
];
|
||||
|
@ -1,70 +0,0 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.frpc;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
frpc = {
|
||||
enable = mkEnableOption "FRP Client";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
frpc = {
|
||||
enable = true;
|
||||
token = config.age.secrets."services/frpc/token".path;
|
||||
|
||||
settings = {
|
||||
common = {
|
||||
server_addr = "frps.boerger.ws";
|
||||
server_port = 30601;
|
||||
token = "{{ .Envs.FRP_TOKEN }}";
|
||||
admin_addr = "127.0.0.1";
|
||||
admin_port = 7400;
|
||||
admin_user = "admin";
|
||||
admin_pwd = "admin";
|
||||
tls_enable = true;
|
||||
};
|
||||
http = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 80;
|
||||
use_encryption = true;
|
||||
use_compression = true;
|
||||
remote_port = 8080;
|
||||
health_check_type = "tcp";
|
||||
health_check_timeout_s = 3;
|
||||
health_check_max_failed = 3;
|
||||
health_check_interval_s = 10;
|
||||
};
|
||||
https = {
|
||||
type = "tcp";
|
||||
local_ip = "127.0.0.1";
|
||||
local_port = 443;
|
||||
use_encryption = true;
|
||||
use_compression = true;
|
||||
remote_port = 8443;
|
||||
health_check_type = "tcp";
|
||||
health_check_timeout_s = 3;
|
||||
health_check_max_failed = 3;
|
||||
health_check_interval_s = 10;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."services/frpc/token" = {
|
||||
file = ../../secrets/services/frpc/token.age;
|
||||
owner = "frpc";
|
||||
group = "frpc";
|
||||
};
|
||||
};
|
||||
}
|
93
machines/services/hass.nix
Normal file
93
machines/services/hass.nix
Normal file
@ -0,0 +1,93 @@
|
||||
{ pkgs, lib, config, options, fetchurl, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.hass;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
hass = {
|
||||
enable = mkEnableOption "Home Assistant";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
sqlite
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
home-assistant = {
|
||||
enable = true;
|
||||
|
||||
package = (pkgs.home-assistant.override {
|
||||
extraPackages = python3Packages: with python3Packages; [
|
||||
pyicloud
|
||||
radios
|
||||
securetar
|
||||
];
|
||||
|
||||
extraComponents = [
|
||||
"accuweather"
|
||||
"adguard"
|
||||
"alexa"
|
||||
"default_config"
|
||||
];
|
||||
}).overrideAttrs (oldAttrs: {
|
||||
doInstallCheck = false;
|
||||
});
|
||||
|
||||
config = {
|
||||
http = {
|
||||
server_host = "127.0.0.1";
|
||||
server_port = 8123;
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
use_x_forwarded_for = true;
|
||||
};
|
||||
|
||||
homeassistant = {
|
||||
name = "Boerger";
|
||||
latitude = 49.406330;
|
||||
longitude = 11.036830;
|
||||
time_zone = "Europe/Berlin";
|
||||
unit_system = "metric";
|
||||
temperature_unit = "C";
|
||||
};
|
||||
|
||||
default_config = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
personal = {
|
||||
services = {
|
||||
webserver = {
|
||||
enable = true;
|
||||
|
||||
hosts = [
|
||||
{
|
||||
domain = "home.boerger.ws";
|
||||
proxy = "http://127.0.0.1:8123";
|
||||
|
||||
proxyOptions = ''
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -11,14 +11,6 @@ in
|
||||
services = {
|
||||
media = {
|
||||
enable = mkEnableOption "Media";
|
||||
|
||||
domain = mkOption {
|
||||
description = ''
|
||||
Domain used for media vhosts
|
||||
'';
|
||||
type = types.str;
|
||||
default = "boerger.ws";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -28,10 +20,13 @@ in
|
||||
users = {
|
||||
users = {
|
||||
media = {
|
||||
uid = 20000;
|
||||
description = "Media";
|
||||
shell = pkgs.zsh;
|
||||
isSystemUser = true;
|
||||
group = "media";
|
||||
home = "/var/lib/media";
|
||||
uid = 20000;
|
||||
isSystemUser = true;
|
||||
passwordFile = config.age.secrets."users/media/password".path;
|
||||
};
|
||||
};
|
||||
|
||||
@ -138,35 +133,35 @@ in
|
||||
|
||||
hosts = [
|
||||
{
|
||||
domain = "nzbget.${cfg.domain}";
|
||||
domain = "nzbget.boerger.ws";
|
||||
proxy = "http://localhost:6789";
|
||||
}
|
||||
{
|
||||
domain = "jellyfin.${cfg.domain}";
|
||||
domain = "jellyfin.boerger.ws";
|
||||
proxy = "http://localhost:8096";
|
||||
}
|
||||
{
|
||||
domain = "radarr.${cfg.domain}";
|
||||
domain = "radarr.boerger.ws";
|
||||
proxy = "http://localhost:7878";
|
||||
}
|
||||
{
|
||||
domain = "sonarr.${cfg.domain}";
|
||||
domain = "sonarr.boerger.ws";
|
||||
proxy = "http://localhost:8989";
|
||||
}
|
||||
{
|
||||
domain = "lidarr.${cfg.domain}";
|
||||
domain = "lidarr.boerger.ws";
|
||||
proxy = "http://localhost:8686";
|
||||
}
|
||||
{
|
||||
domain = "readarr.${cfg.domain}";
|
||||
domain = "readarr.boerger.ws";
|
||||
proxy = "http://localhost:8787";
|
||||
}
|
||||
{
|
||||
domain = "bazarr.${cfg.domain}";
|
||||
domain = "bazarr.boerger.ws";
|
||||
proxy = "http://localhost:6767";
|
||||
}
|
||||
{
|
||||
domain = "prowlarr.${cfg.domain}";
|
||||
domain = "prowlarr.boerger.ws";
|
||||
proxy = "http://localhost:9696";
|
||||
}
|
||||
];
|
||||
@ -180,5 +175,9 @@ in
|
||||
allowedUDPPorts = [ 1900 7359 ];
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/media/password" = {
|
||||
file = ../../secrets/users/media/password.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
188
machines/services/samba.nix
Normal file
188
machines/services/samba.nix
Normal file
@ -0,0 +1,188 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.samba;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
samba = {
|
||||
enable = mkEnableOption "Samba";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users = {
|
||||
users = {
|
||||
media = {
|
||||
uid = 20000;
|
||||
description = "Media";
|
||||
shell = pkgs.zsh;
|
||||
isSystemUser = true;
|
||||
group = "media";
|
||||
home = "/var/lib/media";
|
||||
passwordFile = config.age.secrets."users/media/password".path;
|
||||
};
|
||||
printer = {
|
||||
uid = 20001;
|
||||
description = "Printer";
|
||||
shell = pkgs.zsh;
|
||||
isSystemUser = true;
|
||||
group = "printer";
|
||||
home = "/var/lib/printer";
|
||||
passwordFile = config.age.secrets."users/printer/password".path;
|
||||
};
|
||||
};
|
||||
|
||||
groups = {
|
||||
media = {
|
||||
gid = 20000;
|
||||
};
|
||||
printer = {
|
||||
gid = 20001;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
samba = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = Sharing
|
||||
netbios name = Sharing
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
'';
|
||||
|
||||
shares = {
|
||||
photos = {
|
||||
comment = "Shared photos";
|
||||
path = "/var/lib/media/photos";
|
||||
|
||||
"browseable" = "yes";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "yes";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
};
|
||||
|
||||
videos = {
|
||||
comment = "Shared videos";
|
||||
path = "/var/lib/media/videos";
|
||||
|
||||
"browseable" = "yes";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "yes";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
};
|
||||
|
||||
movies = {
|
||||
comment = "Shared movies";
|
||||
path = "/var/lib/media/movies";
|
||||
|
||||
"browseable" = "no";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
"valid users" = "media";
|
||||
};
|
||||
|
||||
shows = {
|
||||
comment = "Shared shows";
|
||||
path = "/var/lib/media/shows";
|
||||
|
||||
"browseable" = "no";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
"valid users" = "media";
|
||||
};
|
||||
|
||||
books = {
|
||||
comment = "Shared books";
|
||||
path = "/var/lib/media/books";
|
||||
|
||||
"browseable" = "no";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
"valid users" = "media";
|
||||
};
|
||||
|
||||
music = {
|
||||
comment = "Shared music";
|
||||
path = "/var/lib/media/music";
|
||||
|
||||
"browseable" = "no";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
"valid users" = "media";
|
||||
};
|
||||
|
||||
downloads = {
|
||||
comment = "Shared downloads";
|
||||
path = "/var/lib/media/downloads";
|
||||
|
||||
"browseable" = "no";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
"force user" = "media";
|
||||
"force group" = "media";
|
||||
"valid users" = "media";
|
||||
};
|
||||
|
||||
printer = {
|
||||
comment = "Shared printer";
|
||||
path = "/var/lib/printer";
|
||||
|
||||
"browseable" = "yes";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "yes";
|
||||
"force user" = "printer";
|
||||
"force group" = "printer";
|
||||
};
|
||||
|
||||
backup = {
|
||||
comment = "Shared backup";
|
||||
path = "/var/lib/backup/%u";
|
||||
|
||||
"browseable" = "yes";
|
||||
"read only" = "no";
|
||||
"writeable" = "yes";
|
||||
"guest ok" = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/printer/password" = {
|
||||
file = ../../secrets/users/printer/password.age;
|
||||
};
|
||||
|
||||
age.secrets."users/media/password" = {
|
||||
file = ../../secrets/users/media/password.age;
|
||||
};
|
||||
};
|
||||
}
|
57
machines/services/tailscale.nix
Normal file
57
machines/services/tailscale.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ pkgs, lib, config, options, fetchurl, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.personal.services.tailscale;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
personal = {
|
||||
services = {
|
||||
tailscale = {
|
||||
enable = mkEnableOption "Tailscale";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking = {
|
||||
firewall = {
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
tailscale = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.tailscaled-autoconnect = {
|
||||
description = "Automatic connection for Tailscale";
|
||||
|
||||
after = [ "network-pre.target" "tailscale.service" ];
|
||||
wants = [ "network-pre.target" "tailscale.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
script = ''
|
||||
sleep 3
|
||||
|
||||
STATUS="$(${pkgs.tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
|
||||
if [ $\{STATUS\} = "Running" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
${pkgs.tailscale}/bin/tailscale up --auth-key file:${config.age.secrets."services/tailscale/authkey".path}
|
||||
'';
|
||||
};
|
||||
|
||||
age.secrets."services/tailscale/authkey" = {
|
||||
file = ../../secrets/services/tailscale/authkey.age;
|
||||
};
|
||||
};
|
||||
}
|
@ -60,22 +60,6 @@ in
|
||||
type = types.str;
|
||||
default = "boerger.ws";
|
||||
};
|
||||
|
||||
defaultDomain = mkOption {
|
||||
description = ''
|
||||
Domain used by default vhost
|
||||
'';
|
||||
type = types.str;
|
||||
default = "boerger.ws";
|
||||
};
|
||||
|
||||
redirectDomain = mkOption {
|
||||
description = ''
|
||||
Domain to redirect the default
|
||||
'';
|
||||
type = types.str;
|
||||
default = "jellyfin.boerger.ws";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -101,20 +85,25 @@ in
|
||||
locations = {
|
||||
"/" = mkIf (builtins.hasAttr "proxy" elem) {
|
||||
proxyPass = elem.proxy;
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
'' + (elem.proxyOptions or "");
|
||||
extraConfig = (
|
||||
elem.proxyOptions or ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
''
|
||||
);
|
||||
};
|
||||
};
|
||||
} // (elem.domainOptions or { });
|
||||
})
|
||||
config.personal.services.webserver.hosts) // {
|
||||
"${cfg.defaultDomain}" = {
|
||||
"boerger.ws" = {
|
||||
useACMEHost = cfg.acmeHost;
|
||||
addSSL = true;
|
||||
forceSSL = false;
|
||||
default = true;
|
||||
globalRedirect = cfg.redirectDomain;
|
||||
root = "/var/empty";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -16,12 +16,15 @@
|
||||
acme = {
|
||||
enable = true;
|
||||
};
|
||||
frpc = {
|
||||
hass = {
|
||||
enable = true;
|
||||
};
|
||||
media = {
|
||||
enable = true;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,25 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cifsServer = "\\192.168.1.10";
|
||||
cifsOptions = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.idle-timeout=60"
|
||||
"x-systemd.device-timeout=5s"
|
||||
"x-systemd.mount-timeout=5s"
|
||||
"credentials=${config.age.secrets."users/media/smbpasswd".path}"
|
||||
"uid=${config.users.users.media.uid}"
|
||||
"gid=${config.users.groups.media.gid}"
|
||||
];
|
||||
|
||||
in
|
||||
{
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
cifs-utils
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [{
|
||||
device = "/dev/disk/by-label/swap";
|
||||
}];
|
||||
@ -109,20 +128,6 @@
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/media/downloads" = {
|
||||
device = "/dev/disk/by-label/downloads";
|
||||
fsType = "ext4";
|
||||
options = [
|
||||
"noatime"
|
||||
"discard"
|
||||
];
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/downloads" = {
|
||||
# device = "192.168.1.10:/downloads";
|
||||
# fsType = "nfs";
|
||||
# };
|
||||
|
||||
fileSystems."/var/lib/media/movies" = {
|
||||
device = "/dev/disk/by-label/movies";
|
||||
fsType = "ext4";
|
||||
@ -133,8 +138,9 @@
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/movies" = {
|
||||
# device = "192.168.1.10:/movies";
|
||||
# fsType = "nfs";
|
||||
# device = "${cifsServer}/movies";
|
||||
# fsType = "cifs";
|
||||
# options = cifsOptions;
|
||||
# };
|
||||
|
||||
fileSystems."/var/lib/media/series" = {
|
||||
@ -146,9 +152,10 @@
|
||||
];
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/series" = {
|
||||
# device = "192.168.1.10:/series";
|
||||
# fsType = "nfs";
|
||||
# fileSystems."/var/lib/media/shows" = {
|
||||
# device = "${cifsServer}/shows";
|
||||
# fsType = "cifs";
|
||||
# options = cifsOptions;
|
||||
# };
|
||||
|
||||
fileSystems."/var/lib/media/books" = {
|
||||
@ -161,8 +168,9 @@
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/books" = {
|
||||
# device = "192.168.1.10:/books";
|
||||
# fsType = "nfs";
|
||||
# device = "${cifsServer}/books";
|
||||
# fsType = "cifs";
|
||||
# options = cifsOptions;
|
||||
# };
|
||||
|
||||
fileSystems."/var/lib/media/music" = {
|
||||
@ -175,7 +183,27 @@
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/music" = {
|
||||
# device = "192.168.1.10:/music";
|
||||
# fsType = "nfs";
|
||||
# device = "${cifsServer}/music";
|
||||
# fsType = "cifs";
|
||||
# options = cifsOptions;
|
||||
# };
|
||||
|
||||
fileSystems."/var/lib/media/downloads" = {
|
||||
device = "/dev/disk/by-label/downloads";
|
||||
fsType = "ext4";
|
||||
options = [
|
||||
"noatime"
|
||||
"discard"
|
||||
];
|
||||
};
|
||||
|
||||
# fileSystems."/var/lib/media/downloads" = {
|
||||
# device = "${cifsServer}/downloads";
|
||||
# fsType = "cifs";
|
||||
# options = cifsOptions;
|
||||
# };
|
||||
|
||||
age.secrets."users/media/smbpasswd" = {
|
||||
file = ../../secrets/users/media/smbpasswd.age;
|
||||
};
|
||||
}
|
||||
|
52
profiles/adrian/default.nix
Normal file
52
profiles/adrian/default.nix
Normal file
@ -0,0 +1,52 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
username = "adrian";
|
||||
fullname = "Adrian Boerger";
|
||||
desktop = config.personal.services.desktop.enable;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../modules
|
||||
./desktop
|
||||
|
||||
../programs
|
||||
./programs
|
||||
|
||||
../services
|
||||
./services
|
||||
];
|
||||
|
||||
profile = {
|
||||
username = username;
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
"${username}" = {
|
||||
description = "${fullname}";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
passwordFile = config.age.secrets."users/${username}/password".path;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"networkmanager"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users."${username}" = { config, ... }: {
|
||||
home = {
|
||||
homeDirectory = "/home/${username}";
|
||||
stateVersion = "18.09";
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/${username}/password" = {
|
||||
file = ../../secrets/users/${username}/password.age;
|
||||
};
|
||||
}
|
9
profiles/adrian/desktop/default.nix
Normal file
9
profiles/adrian/desktop/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
desktop = { };
|
||||
};
|
||||
};
|
||||
}
|
7
profiles/adrian/programs/default.nix
Normal file
7
profiles/adrian/programs/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
7
profiles/adrian/services/default.nix
Normal file
7
profiles/adrian/services/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
52
profiles/anna/default.nix
Normal file
52
profiles/anna/default.nix
Normal file
@ -0,0 +1,52 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
username = "anna";
|
||||
fullname = "Anna Boerger";
|
||||
desktop = config.personal.services.desktop.enable;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../modules
|
||||
./desktop
|
||||
|
||||
../programs
|
||||
./programs
|
||||
|
||||
../services
|
||||
./services
|
||||
];
|
||||
|
||||
profile = {
|
||||
username = username;
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
"${username}" = {
|
||||
description = "${fullname}";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
passwordFile = config.age.secrets."users/${username}/password".path;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"networkmanager"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users."${username}" = { config, ... }: {
|
||||
home = {
|
||||
homeDirectory = "/home/${username}";
|
||||
stateVersion = "18.09";
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/${username}/password" = {
|
||||
file = ../../secrets/users/${username}/password.age;
|
||||
};
|
||||
}
|
9
profiles/anna/desktop/default.nix
Normal file
9
profiles/anna/desktop/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
desktop = { };
|
||||
};
|
||||
};
|
||||
}
|
7
profiles/anna/programs/default.nix
Normal file
7
profiles/anna/programs/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
7
profiles/anna/services/default.nix
Normal file
7
profiles/anna/services/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
@ -31,6 +31,8 @@
|
||||
./slack.nix
|
||||
./steam.nix
|
||||
./teams.nix
|
||||
./telegram.nix
|
||||
./thunderbird.nix
|
||||
./tmux.nix
|
||||
./whatsapp.nix
|
||||
./wine.nix
|
||||
|
@ -4,18 +4,18 @@ with lib;
|
||||
let
|
||||
cfg = config.profile.programs.develop;
|
||||
|
||||
python = pkgs.python39.withPackages (p: with p; [
|
||||
ansible-core
|
||||
ansible-doctor
|
||||
# ansible-later
|
||||
ansible-lint
|
||||
boto3
|
||||
botocore
|
||||
hcloud
|
||||
passlib
|
||||
requests
|
||||
yamllint
|
||||
]);
|
||||
# python = pkgs.python39.withPackages (p: with p; [
|
||||
# ansible-core
|
||||
# ansible-doctor
|
||||
# # ansible-later
|
||||
# ansible-lint
|
||||
# boto3
|
||||
# botocore
|
||||
# hcloud
|
||||
# passlib
|
||||
# requests
|
||||
# yamllint
|
||||
# ]);
|
||||
|
||||
in
|
||||
{
|
||||
@ -32,20 +32,18 @@ in
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
python
|
||||
|
||||
php80
|
||||
php80Packages.composer
|
||||
|
||||
nodejs-16_x
|
||||
yarn
|
||||
# python
|
||||
|
||||
act
|
||||
ansible-doctor
|
||||
ansible-later
|
||||
ansible-lint
|
||||
awscli2
|
||||
eksctl
|
||||
git-chglog
|
||||
gopass
|
||||
graphviz
|
||||
hcloud
|
||||
httpie
|
||||
ipcalc
|
||||
ngrok
|
||||
@ -53,9 +51,17 @@ in
|
||||
reflex
|
||||
shellcheck
|
||||
sops
|
||||
upx
|
||||
yamllint
|
||||
|
||||
checkov
|
||||
terraform
|
||||
terragrunt
|
||||
upx
|
||||
tflint
|
||||
tfsec
|
||||
|
||||
nodejs-16_x
|
||||
yarn
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -19,7 +19,7 @@ in
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
mattermost
|
||||
mattermost-desktop
|
||||
];
|
||||
};
|
||||
};
|
||||
|
26
profiles/programs/telegram.nix
Normal file
26
profiles/programs/telegram.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.profile.programs.telegram;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
programs = {
|
||||
telegram = {
|
||||
enable = mkEnableOption "Telegram";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
tdesktop
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
26
profiles/programs/thunderbird.nix
Normal file
26
profiles/programs/thunderbird.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.profile.programs.thunderbird;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
programs = {
|
||||
thunderbird = {
|
||||
enable = mkEnableOption "Thunderbird";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
thunderbird-bin
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -5,6 +5,7 @@
|
||||
./blueman.nix
|
||||
./caffeine.nix
|
||||
./flameshot.nix
|
||||
./mopidy.nix
|
||||
./nmapplet.nix
|
||||
./owncloud.nix
|
||||
./udiskie.nix
|
||||
|
50
profiles/services/mopidy.nix
Normal file
50
profiles/services/mopidy.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.profile.services.mopidy;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
services = {
|
||||
mopidy = {
|
||||
enable = mkEnableOption "Mopidy";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home-manager.users."${config.profile.username}" = { config, ... }: {
|
||||
programs = {
|
||||
ncmpcpp = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
mopidy = {
|
||||
enable = true;
|
||||
|
||||
extensionPackages = with pkgs; [
|
||||
mopidy-iris
|
||||
mopidy-jellyfin
|
||||
mopidy-mpd
|
||||
mopidy-tunein
|
||||
];
|
||||
|
||||
# extraConfigFiles = [
|
||||
# config.age.secrets."services/mopidy/jellyfin".path
|
||||
# ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# age.secrets."services/mopidy/jellyfin" = {
|
||||
# file = ../../secrets/services/mopidy/jellyfin.age;
|
||||
# owner = config.profile.username;
|
||||
# };
|
||||
};
|
||||
}
|
52
profiles/tabea/default.nix
Normal file
52
profiles/tabea/default.nix
Normal file
@ -0,0 +1,52 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
username = "tabea";
|
||||
fullname = "Tabea Boerger";
|
||||
desktop = config.personal.services.desktop.enable;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../modules
|
||||
./desktop
|
||||
|
||||
../programs
|
||||
./programs
|
||||
|
||||
../services
|
||||
./services
|
||||
];
|
||||
|
||||
profile = {
|
||||
username = username;
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
"${username}" = {
|
||||
description = "${fullname}";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
passwordFile = config.age.secrets."users/${username}/password".path;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"networkmanager"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users."${username}" = { config, ... }: {
|
||||
home = {
|
||||
homeDirectory = "/home/${username}";
|
||||
stateVersion = "18.09";
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/${username}/password" = {
|
||||
file = ../../secrets/users/${username}/password.age;
|
||||
};
|
||||
}
|
9
profiles/tabea/desktop/default.nix
Normal file
9
profiles/tabea/desktop/default.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
profile = {
|
||||
desktop = { };
|
||||
};
|
||||
};
|
||||
}
|
7
profiles/tabea/programs/default.nix
Normal file
7
profiles/tabea/programs/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
7
profiles/tabea/services/default.nix
Normal file
7
profiles/tabea/services/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, lib, config, options, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
||||
];
|
||||
}
|
@ -20,7 +20,7 @@ in
|
||||
];
|
||||
|
||||
profile = {
|
||||
username = "${username}";
|
||||
username = username;
|
||||
|
||||
desktop = {
|
||||
i3 = {
|
||||
@ -68,6 +68,9 @@ in
|
||||
lutris = {
|
||||
enable = desktop;
|
||||
};
|
||||
thunderbird = {
|
||||
enable = desktop;
|
||||
};
|
||||
mattermost = {
|
||||
enable = desktop;
|
||||
};
|
||||
@ -80,9 +83,9 @@ in
|
||||
owncloud = {
|
||||
enable = desktop;
|
||||
};
|
||||
playonlinux = {
|
||||
enable = desktop;
|
||||
};
|
||||
# playonlinux = {
|
||||
# enable = desktop;
|
||||
# };
|
||||
rocketchat = {
|
||||
enable = desktop;
|
||||
};
|
||||
@ -101,6 +104,9 @@ in
|
||||
teams = {
|
||||
enable = desktop;
|
||||
};
|
||||
telegram = {
|
||||
enable = desktop;
|
||||
};
|
||||
whatsapp = {
|
||||
enable = desktop;
|
||||
};
|
||||
@ -141,6 +147,9 @@ in
|
||||
flameshot = {
|
||||
enable = desktop;
|
||||
};
|
||||
mopidy = {
|
||||
enable = desktop;
|
||||
};
|
||||
nmapplet = {
|
||||
enable = desktop;
|
||||
};
|
||||
@ -151,9 +160,9 @@ in
|
||||
enable = desktop;
|
||||
};
|
||||
|
||||
dunst = {
|
||||
enable = desktop;
|
||||
};
|
||||
# dunst = {
|
||||
# enable = desktop;
|
||||
# };
|
||||
polybar = {
|
||||
enable = desktop;
|
||||
};
|
||||
@ -166,7 +175,7 @@ in
|
||||
description = "${fullname}";
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
|
||||
passwordFile = config.age.secrets."users/${username}/password".path;
|
||||
openssh = {
|
||||
authorizedKeys = {
|
||||
keys = [
|
||||
@ -229,4 +238,8 @@ in
|
||||
stateVersion = "18.09";
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."users/${username}/password" = {
|
||||
file = ../../secrets/users/${username}/password.age;
|
||||
};
|
||||
}
|
||||
|
@ -4,6 +4,81 @@ with lib;
|
||||
let
|
||||
cfg = config.profile.desktop.i3;
|
||||
|
||||
programs = {
|
||||
term = [
|
||||
{
|
||||
exec = "Alacritty";
|
||||
class = "Alacritty";
|
||||
}
|
||||
];
|
||||
|
||||
editor = [
|
||||
{
|
||||
exec = "code";
|
||||
class = "code";
|
||||
}
|
||||
];
|
||||
|
||||
browser = [
|
||||
{
|
||||
exec = "google-chrome-stable";
|
||||
class = "google-chrome";
|
||||
}
|
||||
];
|
||||
|
||||
music = [ ];
|
||||
|
||||
mail = [
|
||||
{
|
||||
exec = "thunderbird";
|
||||
class = "thunderbird";
|
||||
}
|
||||
];
|
||||
|
||||
chat = [
|
||||
{
|
||||
exec = "discord";
|
||||
class = "discord";
|
||||
}
|
||||
{
|
||||
exec = "element-desktop";
|
||||
class = "element";
|
||||
}
|
||||
{
|
||||
exec = "mattermost-desktop";
|
||||
class = "mattermost";
|
||||
}
|
||||
{
|
||||
exec = "rocketchat-desktop";
|
||||
class = "rocket.chat";
|
||||
}
|
||||
{
|
||||
exec = "signal-desktop";
|
||||
class = "signal";
|
||||
}
|
||||
{
|
||||
exec = "skypeforlinux";
|
||||
class = "skype";
|
||||
}
|
||||
{
|
||||
exec = "slack";
|
||||
class = "slack";
|
||||
}
|
||||
{
|
||||
exec = "teams";
|
||||
class = "microsoft teams";
|
||||
}
|
||||
{
|
||||
exec = "tdekstop";
|
||||
class = "telegram-desktop";
|
||||
}
|
||||
{
|
||||
exec = "whatsapp-for-linux";
|
||||
class = "whatsapp-for-linux";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
@ -21,15 +96,23 @@ in
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
betterlockscreen
|
||||
deadd-notification-center
|
||||
feh
|
||||
gnome.nautilus
|
||||
gucharmap
|
||||
libnotify
|
||||
lxappearance
|
||||
playerctl
|
||||
scrot
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
gnome-keyring = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
xsession = {
|
||||
enable = true;
|
||||
|
||||
@ -55,21 +138,23 @@ in
|
||||
};
|
||||
|
||||
assigns = {
|
||||
"1" = [{
|
||||
class = "Alacritty";
|
||||
}];
|
||||
"3" = [{
|
||||
class = "google-chrome";
|
||||
}];
|
||||
"1" = map (i: { class = i.class; }) programs.term;
|
||||
"2" = map (i: { class = i.class; }) programs.editor;
|
||||
"3" = map (i: { class = i.class; }) programs.browser;
|
||||
"4" = map (i: { class = i.class; }) programs.mail;
|
||||
"5" = map (i: { class = i.class; }) programs.music;
|
||||
"6" = map (i: { class = i.class; }) programs.chat;
|
||||
};
|
||||
|
||||
startup = [
|
||||
{
|
||||
command = "feh --borderless --no-fehbg --bg-scale $HOME/.wallpapers/tower.jpg";
|
||||
command = "feh --no-fehbg --bg-scale $HOME/.wallpapers/tower.jpg";
|
||||
always = false;
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
command = "betterlockscreen -w dim -u $HOME/.wallpapers/tower.jpg";
|
||||
command = "betterlockscreen --update $HOME/.wallpapers/tower.jpg";
|
||||
always = false;
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
@ -77,11 +162,11 @@ in
|
||||
always = true;
|
||||
notification = false;
|
||||
}
|
||||
{
|
||||
command = "systemctl --user restart dunst";
|
||||
always = true;
|
||||
notification = false;
|
||||
}
|
||||
# {
|
||||
# command = "systemctl --user restart dunst";
|
||||
# always = true;
|
||||
# notification = false;
|
||||
# }
|
||||
{
|
||||
command = "systemctl --user restart udiskie";
|
||||
always = true;
|
||||
@ -97,7 +182,19 @@ in
|
||||
always = true;
|
||||
notification = false;
|
||||
}
|
||||
];
|
||||
|
||||
{
|
||||
command = "deadd-notification-center";
|
||||
always = false;
|
||||
notification = false;
|
||||
}
|
||||
|
||||
# {
|
||||
# command = "clockify";
|
||||
# always = false;
|
||||
# notification = false;
|
||||
# }
|
||||
] ++ (map (i: { command = i.exec; notification = false; }) programs.term) ++ (map (i: { command = i.exec; notification = false; }) programs.editor) ++ (map (i: { command = i.exec; notification = false; }) programs.browser) ++ (map (i: { command = i.exec; notification = false; }) programs.mail) ++ (map (i: { command = i.exec; notification = false; }) programs.music) ++ (map (i: { command = i.exec; notification = false; }) programs.chat);
|
||||
|
||||
gaps = {
|
||||
smartGaps = true;
|
||||
@ -210,7 +307,7 @@ in
|
||||
set $power "[l]ock log[o]ut [s]uspend [h]ibernate [r]eboot [p]oweroff"
|
||||
|
||||
mode $power {
|
||||
bindsym l exec betterlockscreen -w dim -u $HOME/.wallpapers/tower.jpg; mode "default"
|
||||
bindsym l exec betterlockscreen --lock dim; mode "default"
|
||||
bindsym o exec i3-msg exit; mode "default"
|
||||
bindsym s exec systemctl suspend; mode "default"
|
||||
bindsym h exec systemctl hibernate; mode "default"
|
||||
|
@ -2,11 +2,27 @@ let
|
||||
thomas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn";
|
||||
users = [ thomas ];
|
||||
|
||||
midgard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGC6aSeeKiMO9y3NMxPOh2JvvGYcyS4za+0+hSqI3Bj";
|
||||
asgard = "";
|
||||
utgard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN02izetkp+Wru4KE0ZASwOcjJfXr3U0H/Q/i0fjdgJ7";
|
||||
systems = [ utgard ];
|
||||
systems = [ midgard asgard utgard ];
|
||||
in
|
||||
{
|
||||
"services/acme/credentials.age".publicKeys = users ++ systems;
|
||||
"services/frpc/token.age".publicKeys = users ++ systems;
|
||||
"services/mopidy/jellyfin.age".publicKeys = users ++ systems;
|
||||
"services/nixbuild/sshkey.age".publicKeys = users ++ systems;
|
||||
"services/tailscale/authkey.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/media/password.age".publicKeys = users ++ systems;
|
||||
"users/media/smbpasswd.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/printer/password.age".publicKeys = users ++ systems;
|
||||
"users/root/password.age".publicKeys = users ++ systems;
|
||||
"users/admin/password.age".publicKeys = users ++ systems;
|
||||
|
||||
"users/thomas/password.age".publicKeys = users ++ systems;
|
||||
"users/anna/password.age".publicKeys = users ++ systems;
|
||||
"users/adrian/password.age".publicKeys = users ++ systems;
|
||||
"users/tabea/password.age".publicKeys = users ++ systems;
|
||||
}
|
||||
|
Binary file not shown.
@ -1,9 +1,11 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ zh94IvnUClD1KSf07GormPU11pydyI2mJ0QR+dj35AU
|
||||
WJmyov9jnDRU0XOfNly+YctW4u/74nbLjp84JRHncWE
|
||||
-> ssh-ed25519 QkapZw 63is6AXw4FTrqsD0up52mIGSfLFcb+X+ZJ47QiOLgHo
|
||||
NiILE2Wc05JFcISN0HV0oZ+m8H4HUQOADLrNoAWMVmk
|
||||
-> [nwC-grease dC<=9<F[
|
||||
hiGKFg8H+Vj1ZRCNDLcJUclYKKw
|
||||
--- cy6U+0/Q0gTt5+XKisuoGbFFxggmfE3CfJkgWCuLty8
|
||||
@^ç°µYô-œ”/WQŽ&=›‡
<0A>kO y·ZêmD:íÌ)ùÕ+·‹¥+ZÙ<19>èئ!d
|
||||
-> ssh-ed25519 ptT1OQ G0UMa/hBBgKiYtBUgm6E+LHVVly/sr2+0dThm+VsNV0
|
||||
GFlyE+NmG7wND92/WXCJFFkq9M1Nsfq3k7YRnAIiH+s
|
||||
-> ssh-ed25519 vDK6kA IMw7Ugc3JS3lo+jdy3VTfxNe+BcWRvIurYcHo8/20Gw
|
||||
x6EZAsfUt/Q99W5ibar3GznBJPxgZiHGwplouzXDFdc
|
||||
-> ssh-ed25519 QkapZw u+G8NcRFQARVgqHA8GgQI/FwAVJIEPYdyMOwEcQYIDY
|
||||
EQdhk9LxqWPdIwzIhBG13dLVpXZJyadWr87YQ8M1UcQ
|
||||
-> J-grease SyWuYE |$6Yno7V B^+)$-n
|
||||
xH13RODn/QcYvsniQH4
|
||||
--- ha8bj14RU/C0zmMc4kVty3WsN6fRF8ZdyhSmqKyPshs
|
||||
<EFBFBD>ロ<EFBFBD>ミ广]2(y>ケ鋕VCテZ;ムャエD+サ\!.OEpqサI&fSェフLメフ>A「K
|
BIN
secrets/services/mopidy/jellyfin.age
Normal file
BIN
secrets/services/mopidy/jellyfin.age
Normal file
Binary file not shown.
Binary file not shown.
12
secrets/services/tailscale/authkey.age
Normal file
12
secrets/services/tailscale/authkey.age
Normal file
@ -0,0 +1,12 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ LnnwfsdOcAom5MZY4xYG+m1CUOcR2LhCYU+UMGQxwU4
|
||||
UxV1cyR0seHEmhzI0ngmf9MNEqA7Se77G52b4kw8a5E
|
||||
-> ssh-ed25519 vDK6kA 4iqbkl1XVdmO/4bb8oCPstM+c90jjlNUqx1EPnKZqAs
|
||||
voRRt0wWr4DIpkY5R+S9e7dhJ7PsirrQGYkku/86iLY
|
||||
-> ssh-ed25519 QkapZw 7atPx1R+UvxoIevJwJSuDWjs4Uwtarae1ubDKXLLWGA
|
||||
z3Xfmk2ysy+j57aRbt4kv0Jv+7ajeBlDw1VrADjNJlw
|
||||
-> Jo:^-grease 68x TN\24 Y<eo UEy
|
||||
AoDN8iMG
|
||||
--- Hkh8+TIqB75tkzt1n2Biy9ZLKogTCdTzsT11w7N+/BI
|
||||
–<*W^š†2Ú}äqî“r4Øg[Màüi<08>bbdÛ
|
||||
ÐóªêcæãOÔè „’Vttáhð9ÎÂ$iìÊ+Q™qhf½Aï_#×™(lZõ‰lp/"
|
13
secrets/users/admin/password.age
Normal file
13
secrets/users/admin/password.age
Normal file
@ -0,0 +1,13 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ OnQmMRmL4vooeJARScu0RFDRxF+DAwzzHA6Xfs9E60M
|
||||
q0oXUE7RKv/b5/v2nHbRDK0B/m/D5HQ9pCnCF1Hub/c
|
||||
-> ssh-ed25519 vDK6kA iYH6SGuEb2frh2Av9/NnhsD5SYxPU/ymow7qiwPdPAA
|
||||
iei5JokDZ4vyKYa4+oKi6tt4X+m6C9Q64YUHX75cJKo
|
||||
-> ssh-ed25519 QkapZw WrWt+aqpoT/jQdD3ktFygrodrZ1dutukEWzSlAiCFDk
|
||||
1mvKL9cnEE61wfY+yZE1N8E8SfYUWyyLftOg30JIgRg
|
||||
-> W^&%6jtg-grease v8zD(}
|
||||
NZAuTFXfI/X9rK8azx1w4fqKMrvOKcRWrGx3iXWn8Cdkb/cAtfRyckPc659jONns
|
||||
/gJx2jcqstgYR7O38wnOuuevexEeRn/2i5bISRLbN1AGW4Q
|
||||
--- LW/pRhTdYie4pUsBKMqRp38ltz1fJ9tZMRAcV71ykZk
|
||||
údb»^‚FB¤f‰‰·mÒ
|
||||
s˜Æ"2TºˆLb#¢Â‘¨p_Ï
|
12
secrets/users/adrian/password.age
Normal file
12
secrets/users/adrian/password.age
Normal file
@ -0,0 +1,12 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ 6owQsraIjwntWOLM/IgsCfo9k4xP7EgBqGHz/9ACOgc
|
||||
Qlee7D1NbteTDL97/yfvfkZnuuF1n5oCMCjwJZIERH0
|
||||
-> ssh-ed25519 vDK6kA 6OPdEol4Z3nCRInYKRNb+EboSByN+ed1X0dVVZBTLkE
|
||||
6kDLoKD+GQVaIzAy5GHdF8K/3iMZTg7x0cb8ScNA0B4
|
||||
-> ssh-ed25519 QkapZw oZ6I/sL0ZGVu+8qK+Ol4QMlOCAFy4CaS83EAnV1XLWw
|
||||
R63uqZ48KJ+M7HZ2vCQ/1eEXyzeTLZSHpp3AM6zLlTQ
|
||||
-> dw,mS#A0-grease -?,a d<}@U<
|
||||
aiBxTwXkpHMDz2mrp3+6PZE9pxA4TZe/+ioGsek0iWLjNGZ2zh1/z3cZ5dHodDfc
|
||||
pHW/9wWa0j4
|
||||
--- Yl4jZiBuNi+e4Hxo5JcbRmQGM5tzYz1UG0naPSH8fzI
|
||||
Ñ6ß®ç³âSá….BXp JR¼ð<C2BC>¢ÕŸáK±Õ‘_÷IJ±®š¸dA
|
11
secrets/users/anna/password.age
Normal file
11
secrets/users/anna/password.age
Normal file
@ -0,0 +1,11 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ ZwHZuEtXIywjlO1Qylc54X5yliYN2C20lXtxRleDOgE
|
||||
h3PEPfWVR7Y3Xc80e26UwMg8SU9ZDgs4SkyAQsYzj+Q
|
||||
-> ssh-ed25519 vDK6kA +yWQE2uLXFSpX4iCxaKyaxk/219fItLaZGC3vlzgQFs
|
||||
g6wiwF/Ym7KUuWnPVLZyMzcvwOc+gEzQtVEOMcTGE2c
|
||||
-> ssh-ed25519 QkapZw Ymvdm1Lh4AdNYQsvtnlTB+xFU0ukt0qvQGmSPodVT1M
|
||||
5wKYkK+69TVRm0P+dZEASBfbAT0R7jBNJKmzwU6KIKk
|
||||
-> (`jv:-grease j(N
|
||||
2LnNRS5xWT3s9x5gg1ls7pfVbg/uFgCyLNr9/KK4YbQbsNKrNg
|
||||
--- hLiE6yB2F7kOJw3qT31+bCbnMtcK32XYgxbI82WVlmY
|
||||
öA,½ÍìÔXx[†Z›©Ëg-2‡¦–®#â)»9ƒÚzºbÃïÿ[V¼€
|
12
secrets/users/media/password.age
Normal file
12
secrets/users/media/password.age
Normal file
@ -0,0 +1,12 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ 6nrRFAT0bfW/YJUvUidI1VKSuLYwInjTHAVBsW1m8QE
|
||||
zXaMZLYdHMe552DAOJIE+2Ej4FbNoiC0lMUVK0HwkYw
|
||||
-> ssh-ed25519 vDK6kA IgdF+Ru31yku4rGyIX9Kb5kbxfi8flHMw9jElsr/twM
|
||||
HKL3yIg8tiYgmMnjVbSxk4kq5XvtSrk30bNuyj35mg4
|
||||
-> ssh-ed25519 QkapZw vgukk5ZXct7y3e+3IDfKjM1Z/jKJhqmF2lg1WO/FfCo
|
||||
kK1WaS6PCfhbJj04PVOMgc3nGU8tFQS6kJxqhWHV6ZE
|
||||
-> V-grease * G#N'H$(
|
||||
BV3zew7ZPBc3kj8Vlsm8egFoTN0jTe7mqzFqjucThfldN+YFcKZK6VxzzCsbB6mn
|
||||
Ez2qmevGVI43inhwSmIUSnqVvj1+8hc5NICZJs24P+34HA
|
||||
--- vjzDvpUTaCep8r5cGc5JDnZUdaQ/I2qXMDHIF7gDIdo
|
||||
†Fa<46>Ûç<C39B>þC`žóìS@Op8Ü{ª)|q+öìó×v::’lú÷ìñ<>'æ!칦×c¢¶,
|
BIN
secrets/users/media/smbpasswd.age
Normal file
BIN
secrets/users/media/smbpasswd.age
Normal file
Binary file not shown.
13
secrets/users/printer/password.age
Normal file
13
secrets/users/printer/password.age
Normal file
@ -0,0 +1,13 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ 9z0mc7gau0SlDVq8NAZI0T+t2yetYhRJ5jJ+cx/pFTM
|
||||
4Yz8DPjhtAsy0abWxKR5WE9uC7n5BfhADTSUiDZBqUk
|
||||
-> ssh-ed25519 vDK6kA UPR/LPzCEBBo3WcTywbS/yjb7v+uQTjPzGVVv05VOkk
|
||||
UcbxNWcmE14VIUa6Sq4U4Q0SHLhQ7OKiE+xnGVq90tc
|
||||
-> ssh-ed25519 QkapZw uPxyBvN/TO//OGorad6hxvnDIqoLhROtU+HIcOOhXVs
|
||||
J3u69kfjynkf5lUVDk7X+4JHmOSca0Q14YOwAV14lb8
|
||||
-> GY`;C-grease (L,'+} $/@h ~
|
||||
+ur0Lzp2w7e9/dJlEDbya+IIzQ6mwiEowxCUnCzm/JPELX/OLh/hlwUUzLOAJsVS
|
||||
Kw6Rf41t6o5HPJZXLFBtQtyjgLeZx/rlIjrBmFQ41BJ0Lbmf7/g
|
||||
--- E1i31zsuxNyizZMMeGBbgi1f77T3T5cn/kORrliha6U
|
||||
õcgBˆÉMòصZ/MÌ
|
||||
]»C³®LbÅR*’娃 »Ç
¸`½Ý,îi†£|÷°£ÕeD
|
12
secrets/users/root/password.age
Normal file
12
secrets/users/root/password.age
Normal file
@ -0,0 +1,12 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ YcyAUwVMlw4/ALw7mnNSf0mZEIBy2QutWPnw/dIcdGU
|
||||
T12rjnbOaILGoVMRr2Ggi/kNThnacoLBFjCOBIROQgU
|
||||
-> ssh-ed25519 vDK6kA t/nieYJLDvK/t6nmqv9uZeznMXKZx0w6haAdGGbRUig
|
||||
L1RtzBdd2byvSb+Bei7cQk4pSeG572CmRnQ2fMl4xk8
|
||||
-> ssh-ed25519 QkapZw h50sCx6P4KcKJ1FuKBG7b1fXvfE3uLHM4CbFj0p2+zU
|
||||
b4llW691ia4zsUewi61ubDdTVuqKmZHkOQc+zcow3lo
|
||||
-> [@JJ3u-grease H9 XQF %fy3, Za.Zvj_}
|
||||
T68o20cFBiNu9Wgmk8ZpABs80V7f7Y6wBa3ldggYvp62kTswfS0mIGsO+ta6FZt9
|
||||
++GxRoSprkcVmg4
|
||||
--- 4yMs1I5euxBUuhkdu98y/ExONALCQkfx7K/6uHAFh6A
|
||||
åJ<>Á•<1B>ûèíuŸ«°!ÈÛåˆ]Œ‚;ó)5œ7ªbsɹów:›=ÅÃ
|
11
secrets/users/tabea/password.age
Normal file
11
secrets/users/tabea/password.age
Normal file
@ -0,0 +1,11 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ aldRZAe2K4bGX8GbnW01BC7pkreWmEYG50iFM5+cVkM
|
||||
Ix3RuSN12AQr0kggdEwgVBmpv7oal99PHyTeAv0tDdc
|
||||
-> ssh-ed25519 vDK6kA c9sm7SGxgbgJt2M/mKT0mnDPv8kMgvU4E+WM88pszDE
|
||||
K7jsUZzDX5cXcnTCeswxOz/5+wMJMt80/pSU36UkE+w
|
||||
-> ssh-ed25519 QkapZw HsnZIJNhcwAf7uAU6g+NtsNYSpnK0A7LOWZfNYN8tkE
|
||||
i6y8GMfYo3iwH5reeUdMwmbzjR/BcKGZg+2OKNPRfIU
|
||||
-> |/"ga-grease \:S|s5} 3HKp9_~
|
||||
hewqWDDpTlc
|
||||
--- gznXnky7kkgfMGD88xGo4dAXpZkLX7DKx8xMxRFgL+w
|
||||
*術(4qG0YEタ>H*7wNe、・ゥ<>cG[ク「L噤以<E599A4>ェ徠
|
11
secrets/users/thomas/password.age
Normal file
11
secrets/users/thomas/password.age
Normal file
@ -0,0 +1,11 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 ptT1OQ fwUu8pY2budRGKQ5KH8g3PpQkYw8nxQjXPMypWRVzmg
|
||||
KqgwVHgyLsJHXn46OwwH5a6+mXIeu4JjsXXH3nZCFQQ
|
||||
-> ssh-ed25519 vDK6kA QWFjCWEDx9y9hsBaVfdECb/9XiPtNR3SRf1dXd9szmI
|
||||
fv9QTZ9h2JWW9d+rjjTnePOW/lxOnvVNYl3P3a2Fgnc
|
||||
-> ssh-ed25519 QkapZw 9aLnV1zSbaws9Kzx7gFYBc3xQPzoNpqF8C3woF8D03E
|
||||
CUZodCA2dAvZra7367A1PNdHlVkgKqfMl/LBlD35MKo
|
||||
-> D-grease ;95[E YS| [,!+^H P~&
|
||||
+fpm
|
||||
--- FJSm4ETZT3yielQi7G05UJXRRNpOJawgSogBmyC51MU
|
||||
i%`vø\? ‡\Yã{ö›‡×I¼¾w5œCÌõrpP=ï®Gº¶Xðø<C3B0>
|
Loading…
Reference in New Issue
Block a user