Compare commits
10 commits
24acc44273
...
84774f3710
Author | SHA1 | Date | |
---|---|---|---|
Félix Baylac Jacqué | 84774f3710 | ||
Félix Baylac Jacqué | bb854dca45 | ||
Félix Baylac Jacqué | 17cf09cbe4 | ||
Félix Baylac Jacqué | 2b5525c495 | ||
Félix Baylac Jacqué | 07e4c3b9f6 | ||
Félix Baylac Jacqué | 0e8f24fe39 | ||
Félix Baylac Jacqué | 4289795740 | ||
Félix Baylac Jacqué | 20d66cfdf2 | ||
Félix Baylac Jacqué | c2f38c6f43 | ||
Félix Baylac Jacqué | d2df46fab8 |
|
@ -3,6 +3,8 @@ keys:
|
|||
- &trantorclient age1e04uuvp3wpczkxnp9pdp6ecx0dwgn2elgrr6u3c5vdh9ryalf57q7ats4a
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOE7oDtq+xt5RuvMigDZMeZQODFr5Otz6HCO8wnI80oo
|
||||
- &framework age1l7dhaqw0h9588450aptey879g3xkq006rg5r5k0kpxrxqsy775zszhl2k6
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7c9uOJL4XwyYT268tfgOfV0hAB/zNsHs/etXiywpxL
|
||||
- &frameworkhost age1lnrx793ny5yfp8ssgaz35gvs36ea05487de0q4heeq8lyav755ss35wfss
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv1ua2tM555ZxeUl/48KO82lYo4EsEZuJVASp6jlyjS
|
||||
- &dundies age1kzlxxxdp526wtnnhsqmha9wn42xkn0qa5f7gxs2zk5euajqs0uuseh8y8p
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkJPzhry1XDdPAmyFE707+BjXDzvUa3CW5SuxWOUjWR
|
||||
|
@ -28,3 +30,9 @@ creation_rules:
|
|||
- *trantorclient
|
||||
- *framework
|
||||
- *hardin
|
||||
- path_regex: secrets/framework.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *trantorclient
|
||||
- *framework
|
||||
- *frameworkhost
|
||||
|
|
|
@ -2,24 +2,6 @@ self: super:
|
|||
let
|
||||
sources = import ../nix/sources.nix {};
|
||||
in {
|
||||
nsncd = super.rustPlatform.buildRustPackage ({
|
||||
pname = "nsncd";
|
||||
version = "unstable-2023-10-16";
|
||||
|
||||
src = /home/ninjatrappeur/code-root/github.com/nix-community/nsncd;
|
||||
cargoSha256 = "sha256-fsLdzuGGYDp3i7IYtO7M5T6j1tU9/7l46LGw9Ozqor4=";
|
||||
|
||||
doCheck = false;
|
||||
meta = with super.lib; {
|
||||
description = "the name service non-caching daemon";
|
||||
longDescription = ''
|
||||
nsncd is a nscd-compatible daemon that proxies lookups, without caching.
|
||||
'';
|
||||
homepage = "https://github.com/twosigma/nsncd";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ flokli ninjatrappeur ];
|
||||
};
|
||||
});
|
||||
ninjatrappeur-pkgs = rec {
|
||||
weeslack = super.callPackage ./weeslack.nix {};
|
||||
pod-youtube = super.callPackage ./pod-youtube.nix {};
|
||||
|
|
5
keys.nix
5
keys.nix
|
@ -39,6 +39,7 @@ rec {
|
|||
# Profpatsch
|
||||
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8e/+nzKt5Zyy3dAuGB3t2SjKo/Tp6T1Ye+x5b3HXPb" ] ++
|
||||
# Flokli
|
||||
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU0dvOBPN75tzvTv83Jq5r4+a/iXq+EUaFIsD9+ak7P"];
|
||||
|
||||
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU0dvOBPN75tzvTv83Jq5r4+a/iXq+EUaFIsD9+ak7P"] ++
|
||||
# Simon
|
||||
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu2pGUqoYUrm7QdOcjfJjVU6dyW5AeVTuTcuZFH14C4" ];
|
||||
}
|
||||
|
|
|
@ -73,7 +73,7 @@
|
|||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
#networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
myusers = import ../users.nix { inherit pkgs; };
|
||||
sources = import ../nix/sources.nix { };
|
||||
keys = import ../keys.nix { inherit lib; };
|
||||
nixos-hardware = sources.nixos-hardware;
|
||||
mypkgs = import ../packages.nix { inherit pkgs; };
|
||||
in {
|
||||
|
@ -10,8 +11,23 @@ in {
|
|||
./framework-hardware-configuration.nix
|
||||
../modules/core.nix
|
||||
"${nixos-hardware}/framework/12th-gen-intel/default.nix"
|
||||
|
||||
"${sources.sops-nix}/modules/sops"
|
||||
];
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets/framework.yaml;
|
||||
gnupg.sshKeyPaths = [ ];
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
secrets = {
|
||||
vpn-extended-lan-key = {
|
||||
mode = "0640";
|
||||
owner = "root";
|
||||
group = "systemd-network";
|
||||
restartUnits = [ "systemd-networkd.service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -52,13 +68,14 @@ in {
|
|||
domain = "alternativebit.fr";
|
||||
|
||||
wireguard.interfaces."wg-extended-lan" = {
|
||||
privateKey = builtins.readFile /home/ninjatrappeur/.vpn/extended-lan.key;
|
||||
privateKeyFile = config.sops.secrets.vpn-extended-lan-key.path;
|
||||
ips = ["192.168.166.3"];
|
||||
peers = [{
|
||||
endpoint = "seldon.alternativebit.fr:51822";
|
||||
endpoint = "dundies.alternativebit.fr:51822";
|
||||
publicKey = "ZdeqXN3Q8ZBPCWVW6pFzIBF3iS8zlVMGAj8bcePj3zk=";
|
||||
allowedIPs = [
|
||||
"192.168.166.1/32"
|
||||
"192.168.1.0/24"
|
||||
"192.168.20.0/24"
|
||||
"192.168.21.0/24"
|
||||
"10.25.0.0/16"
|
||||
|
@ -146,15 +163,7 @@ in {
|
|||
description = "ninjatrappeur";
|
||||
extraGroups = myusers.ninjatrappeur.extraGroups;
|
||||
shell = myusers.ninjatrappeur.shell;
|
||||
};
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
(import ../custom-pkgs/default.nix)
|
||||
(import sources.emacs-overlay)
|
||||
];
|
||||
openssh.authorizedKeys.keys = lib.attrsets.attrValues keys.ninjatrappeur;
|
||||
};
|
||||
|
||||
nix = {
|
||||
|
@ -187,10 +196,9 @@ in {
|
|||
pkgs.notmuch
|
||||
pkgs.niv
|
||||
pkgs.virt-manager
|
||||
pkgs.gnomeExtensions.pop-shell
|
||||
|
||||
# Bluetooth
|
||||
pkgs.bluezFull
|
||||
pkgs.bluez
|
||||
pkgs.bluedevil
|
||||
pkgs.libsForQt5.bluez-qt.dev
|
||||
pkgs.blueman
|
||||
|
@ -201,6 +209,8 @@ in {
|
|||
pkgs.gcc
|
||||
pkgs.rust-analyzer
|
||||
pkgs.ninjatrappeur-pkgs.picobak
|
||||
|
||||
pkgs.carla
|
||||
];
|
||||
|
||||
services.avahi.enable = true;
|
||||
|
@ -229,7 +239,7 @@ in {
|
|||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true;
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/d1733d73-b03a-4716-9746-6a39cd3dc460"; }
|
||||
[ { device = "/dev/disk/by-uuid/4b9c8be9-c8e9-46ff-9fdc-080909761716"; }
|
||||
];
|
||||
|
||||
nix.settings.max-jobs = lib.mkDefault 4;
|
||||
|
|
|
@ -51,6 +51,7 @@ in
|
|||
'';
|
||||
};
|
||||
clearpath-openpvn = {
|
||||
enable = true;
|
||||
description = "Clearpath OpenVpn";
|
||||
|
||||
after = [ "network.target" ];
|
||||
|
@ -747,7 +748,6 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
vim
|
||||
sshfs
|
||||
git
|
||||
htop
|
||||
tcpdump
|
||||
|
|
|
@ -203,6 +203,7 @@ in {
|
|||
pkgs.evince
|
||||
pkgs.languagetool
|
||||
pkgs.remmina
|
||||
pkgs.carla
|
||||
(pkgs.hunspellWithDicts [
|
||||
pkgs.hunspellDicts.en-gb-ise
|
||||
pkgs.hunspellDicts.en-gb-ize
|
||||
|
|
|
@ -42,6 +42,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
programs.firefox = {
|
||||
nativeMessagingHosts.ff2mpv = true;
|
||||
};
|
||||
|
||||
hardware.nvidia.nvidiaSettings = false;
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
|
@ -179,6 +183,10 @@ in {
|
|||
10.25.3.191 harbor.clearpathrobotics.com
|
||||
10.25.3.60 bundles.clearpath.ai
|
||||
10.25.20.15 vsphere.clearpath.ai
|
||||
|
||||
# Framework via local VPN
|
||||
192.168.166.3 framework
|
||||
|
||||
'';
|
||||
hosts = {
|
||||
#"127.0.0.1" = [ "www.youtube.com" "youtube.com" "youtu.be" "twitter.com" ];
|
||||
|
@ -317,6 +325,7 @@ in {
|
|||
pkgs.strawberry
|
||||
pkgs.ninjatrappeur-pkgs.picobak
|
||||
pkgs.ninjatrappeur-pkgs.backup-iphone
|
||||
pkgs.file
|
||||
|
||||
# KDE
|
||||
pkgs.korganizer
|
||||
|
@ -351,11 +360,11 @@ in {
|
|||
trusted-users = [ "root" "${myusers.ninjatrappeur.name}" ];
|
||||
sandbox = "relaxed";
|
||||
substituters = [
|
||||
"http://hydra.clearpath.ai"
|
||||
# "http://hydra.clearpath.ai"
|
||||
"https://cache.nixos.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"hydra.clearpath.ai:VkmY4UV6HIDct2ZwjlvJniEQNZ1C7ZLglQweQpt6vE4="
|
||||
# "hydra.clearpath.ai:VkmY4UV6HIDct2ZwjlvJniEQNZ1C7ZLglQweQpt6vE4="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
];
|
||||
experimental-features = [
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, fetchFromGithub, callPackage, ... }:
|
||||
|
||||
{
|
||||
services.gitea = {
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server.SSH_PORT = 22;
|
||||
|
@ -24,7 +24,7 @@
|
|||
# For now, we'll assume gitea is hosted on home.alternativebit.fr
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
||||
proxyPass = "http://unix:/run/forgejo/forgejo.sock";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
|
@ -65,6 +65,8 @@
|
|||
|
||||
ip saddr 192.168.1.0/24 udp dport ${nfListFormat localUdpList} accept
|
||||
ip saddr 192.168.1.0/24 tcp dport ${nfListFormat localTcpList} accept
|
||||
ip saddr 192.168.166.0/24 udp dport ${nfListFormat localUdpList} accept
|
||||
ip saddr 192.168.166.0/24 tcp dport ${nfListFormat localTcpList} accept
|
||||
tcp dport ${nfListFormat globalTcpList} accept
|
||||
udp dport ${nfListFormat globalUdpList} accept
|
||||
}
|
||||
|
|
|
@ -35,10 +35,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "12ae810bf81432484baf86610a848cb9479f29e8",
|
||||
"sha256": "12dy44h67mps72mgznvcd0w245hd4hbscxqgcm3vbvd766w9cvgl",
|
||||
"rev": "00fe9cdc30398cb126f104a8bebbfaf3b2344ccb",
|
||||
"sha256": "0dvdb7nv89dv82h5lhdssrgcqcafdiw9y6knjj5j5i9vgq6cnc6x",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/emacs-overlay/archive/12ae810bf81432484baf86610a848cb9479f29e8.tar.gz",
|
||||
"url": "https://github.com/nix-community/emacs-overlay/archive/00fe9cdc30398cb126f104a8bebbfaf3b2344ccb.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"home-manager": {
|
||||
|
@ -47,10 +47,10 @@
|
|||
"homepage": "https://rycee.gitlab.io/home-manager/",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f540f30f1f3c76b68922550dcf5f78f42732fd37",
|
||||
"sha256": "15i1wczgbknh1dm8kf2d7rncaaa01gj47s4bsg8aip2hv2l3r99g",
|
||||
"rev": "1aabb0a31b25ad83cfaa37c3fe29053417cd9a0f",
|
||||
"sha256": "1r01dn4nshacky2kpjhiasan2gv0hh73df6d0dp5rzmgq1dfwvli",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/f540f30f1f3c76b68922550dcf5f78f42732fd37.tar.gz",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/1aabb0a31b25ad83cfaa37c3fe29053417cd9a0f.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nix": {
|
||||
|
@ -95,10 +95,10 @@
|
|||
"homepage": null,
|
||||
"owner": "Ninjatrappeur",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "aaf0834b2f7090897079671d0345f4191f24c7a4",
|
||||
"sha256": "12hz1cpc6fnxrhzy0w3pn01kfd9mrc51wy82msbmcr3y3yf5dm61",
|
||||
"rev": "c4504f025414b104e4f54c8cb0d4ee965b23b45e",
|
||||
"sha256": "1ndj14xj1jdjbvzgl7bn8why5hc7grq09vlrik6jisbk923w94f1",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/Ninjatrappeur/nixpkgs/archive/aaf0834b2f7090897079671d0345f4191f24c7a4.tar.gz",
|
||||
"url": "https://github.com/Ninjatrappeur/nixpkgs/archive/c4504f025414b104e4f54c8cb0d4ee965b23b45e.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"npmlock2nix": {
|
||||
|
|
39
secrets/framework.yaml
Normal file
39
secrets/framework.yaml
Normal file
|
@ -0,0 +1,39 @@
|
|||
vpn-extended-lan-key: ENC[AES256_GCM,data:65urP4YOp5K0snx3yNrHOrE/7FLQLBFJoXDT8Rv+N1jgYDt/UbW5rN6K9k4=,iv:9vS5+3t1EfY1JVyCbzqRJ6xg028SMtGIBPfC3bh6qUo=,tag:MdfypzLzwPXRcrPpE3Ekdw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1e04uuvp3wpczkxnp9pdp6ecx0dwgn2elgrr6u3c5vdh9ryalf57q7ats4a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNM1VkZGF5MkEyeEVieEFa
|
||||
UVZJLzdMOUxhYUNGRUVyeExrNVFzYWh2T1dzCjhVVVF1VTdFTDlGUTJtbW9CL3ly
|
||||
UW1Bcm0rWWhMeUNCYWRVSFFDRXpxNE0KLS0tIHIxTTJhTjJzZUNXUDNqNHhzNmdh
|
||||
VkI5cGtQSVFZb3BvOUZMMHhPOFNuNm8KUOz2htsv++zz6kC3YnRtdPtE5E73iXGJ
|
||||
TeR9Ma2Ht2Wb+ODg9AJm+gVTMNjxTvkWnZduv5NDFUAE/qnzQF6Tiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1l7dhaqw0h9588450aptey879g3xkq006rg5r5k0kpxrxqsy775zszhl2k6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlN05MQ3RZYXZFWVNSQ1k5
|
||||
VHpYNG9NN3BCUUxrWUIybkRtT2Jic1NNQ0NrCmJ4OEs5WnVhNkxubjdMT1pkNE9G
|
||||
THJGb1FxODh0dlJJWlIwaFk3QXNUSDgKLS0tICtzQm1SeVZKQVZZd20rV21CY3hl
|
||||
TTVZNTNFTk5rYXdzaXhBRithMDMxek0KsGSQjZ70kDPZ1zuG9/gIu9Ag1p2fmJzQ
|
||||
mWkJ5PJGIZ7hNfMJTzeX9HvWaaoYSb/vTQjCpR9cf+TA8Dc5eHTIBg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lnrx793ny5yfp8ssgaz35gvs36ea05487de0q4heeq8lyav755ss35wfss
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UEplMDQvSVlQNlVqajg1
|
||||
SmszNkxCZjR5ZkdoQk9PZFVQb1B1NkxmNUd3CkYrU08rWThmQm1OMlBjdWo4WURY
|
||||
V1FQd1k5TjYrbmI0WFdwcWh3TUtVSmMKLS0tIEdCWDM2ckQybkJoTjgra0RiVFdM
|
||||
dGxFRC8yRW1HajU0STRHTm04d3VFMEUKMxFWyRMf4+W0iuU4MI8DS+PaBN6rvP8b
|
||||
TemNsrVt7UVJB/g9xbsElyPwBpN51P6LfnuWjva8V+A7ARKt2wUloA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-22T14:43:54Z"
|
||||
mac: ENC[AES256_GCM,data:403I0uS/WNO1l6vYOqiBx/sDeTgrivGgimfFOUt4a0ZF7F88ybKtmUGhR6j1grwi5ZXFeNa2Pgm8hScLoQy1zeMXv0jCd5cDErhHfvo1NZK6egbhjIVsRysO0xkLa4IMJq12KcRFCeaCxGyzCMoQXz0lqbaLjd41GakJxuErntk=,iv:mH8dtF8x1DpmURhS6jRaAojqY/S6t9wz9lnr/sw+oLo=,tag:D5YfjmHJCadSvmba3gxaHQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue