erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Added dropbox, drone config, updated flake.lock

Browse source
This commit is contained in:
Erwin Boskma 2021-12-10 20:11:36 +01:00
parent 7cb55cd7b2
commit ee5b5bd7e1
Signed by: erwin
GPG key ID: 270B20D17394F7E5
12 changed files with 165 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -1,9 +1,15 @@
keys:
- &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b
- &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7
- &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf
creation_rules:
- path_regex: machines/loki/[^/]+\.yaml$
key_groups:
- pgp:
- *erwin
- *loki
- path_regex: machines/drone/[^/]+\.yaml$
key_groups:
- pgp:
- *erwin
- *drone

38
flake.lock
View file

@ -2,11 +2,11 @@
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
@ -34,12 +34,12 @@
"rev": "1cc03904328e4c9414fa67d99370a338cba55219",
"revCount": 11,
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/ha-now-playing.git"
"url": "https://@git.datarift.nl/erwin/ha-now-playing.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/ha-now-playing.git"
"url": "https://@git.datarift.nl/erwin/ha-now-playing.git"
}
},
"home-manager": {
@ -49,11 +49,11 @@
]
},
"locked": {
"lastModified": 1637875789,
"narHash": "sha256-kwW26kGhqNsWpTz+prw/pAfqz673GojbxZuB0boc1eM=",
"lastModified": 1638959036,
"narHash": "sha256-d75Ow/rV3nq4penfTJz9H3/OlIHttoKoJUDEfink/8k=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "579f2e8bebb954a103a96b905c27b10f15ef38c7",
"rev": "829e89a16f4f96428d1b94e68d4c06107b5491c0",
"type": "github"
},
"original": {
@ -69,11 +69,11 @@
]
},
"locked": {
"lastModified": 1637576998,
"narHash": "sha256-bGQ66hh4Dl78T9bd1pqdp6fprHMCkrkeKqED6sDUYqo=",
"lastModified": 1639051343,
"narHash": "sha256-62qARP+5Q0GmudcpuQHJP3/yXIgmUVoHR4orD/+FAC4=",
"owner": "nix-community",
"repo": "naersk",
"rev": "b043f2447a4a761529254f4983cacd94b034a122",
"rev": "ebde51ec0eec82dc71eaca03bc24cf8eb44a3d74",
"type": "github"
},
"original": {
@ -84,11 +84,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1637841632,
"narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=",
"lastModified": 1638986258,
"narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1",
"rev": "581d2d6c9cd5c289002203581d8aa0861963a933",
"type": "github"
},
"original": {
@ -117,12 +117,12 @@
"rev": "7c037fef4cdc5933a70694d8c743b5439c8354ea",
"revCount": 4,
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/pamedia-rs.git"
"url": "https://git.datarift.nl/erwin/pamedia-rs.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/pamedia-rs.git"
"url": "https://git.datarift.nl/erwin/pamedia-rs.git"
}
},
"root": {
@ -143,11 +143,11 @@
]
},
"locked": {
"lastModified": 1637735079,
"narHash": "sha256-VC6FEfYHkNMrCd9+0nATtUQAtkWOrkH4gzwGHNG4TTQ=",
"lastModified": 1638821683,
"narHash": "sha256-oyqALhGijy2ZQxFSACrcC+Z8MzYLiomKCr9FQXVZ47U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "871408582627f43d0ecc5e4595dcf20cfe2ee227",
"rev": "afe00100b16648c1d79e62926caacac561df93a5",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -22,14 +22,14 @@
};
ha-now-playing = {
url = "git+ssh://git@git.datarift.nl/erwin/ha-now-playing.git?ref=main";
url = "git+https://@git.datarift.nl/erwin/ha-now-playing.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils";
inputs.naersk.follows = "naersk";
};
pamedia = {
url = "git+ssh://git@git.datarift.nl/erwin/pamedia-rs.git?ref=main";
url = "git+https://git.datarift.nl/erwin/pamedia-rs.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils";
inputs.naersk.follows = "naersk";

12
home-manager/modules/dropbox/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.eboskma.programs.dropbox;
in
{
options.eboskma.programs.dropbox = { enable = mkEnableOption "activate dropbox"; };
config = mkIf cfg.enable {
services.dropbox.enable = true;
};
}

2
krops.nix
View file

@ -32,5 +32,5 @@ rec {
# nix-build ./krops.nix -A loki && ./result
loki = createHost "loki" "root@loki";
drone = createHost "drone" "root@10.0.0.185";
drone = createHost "drone" "root@10.0.0.202";
}

11
machines/drone/configuration.nix
View file

@ -8,6 +8,7 @@
eboskma = {
docker.enable = true;
drone.enable = true;
nix-common.enable = true;
};
@ -25,7 +26,7 @@
eth0 = {
ipv4.addresses = [{
address = "10.0.0.202";
prefixLength = "24";
prefixLength = 24;
}];
};
};
@ -34,7 +35,15 @@
nameservers = [ "10.0.0.254" ];
};
environment.noXlibs = true;
services.openssh.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
drone = { };
drone-runner = { };
};
system.stateVersion = "21.11";
}

53
machines/drone/secrets.yaml Normal file
View file

@ -0,0 +1,53 @@
drone: ENC[AES256_GCM,data:QjRQzIrT9sqFmG4anJpbKl/p8IzazUjddjm9s3Szf5eVzD4Mq4xu3a+0jCDnBV8Ya8+s2o5+pEtqZCfU933NvJ/wSB7vF0ZF+JUfiZPDLwOCJfKG5szi25c7TkPi96yga/sClbIoaip0L4smY0ynKz3HhZAUCoUz33Gfc8mpWjA5LL15xT0heOAWHlR6qVy9FlmZzTH+Jwhkbxmf/3WK6RAsvHqhqVmuXmIaWteI8Q32zWjMerDgeTjjYuL3hxf9MxlQUHTtwiBeaFTT5mNWW7uw45bEP0YQCQYNRTzOy0qcw6hIiNWKYjkt13Mv3UIl6R9Qo9m/3uUXUXSJdoYjECfv61ZaoIFg37KMFwU2TcEYnOTZptF3oF+Gs5PLpJTum1wOxCYMsot4ZOHSzPb+bEiEtW6LFY9dKANVsTh5Iz+TcH5wz2iAXbV3qk6U,iv:xclLVEEYec2o0QCxq8DbLzpCgkapaEM8THEsBcC/nqs=,tag:gJwxJanQ6KsUcfmEAE0OyQ==,type:str]
drone-runner: ENC[AES256_GCM,data:nEvrhniOtJVsyhZwefm9B6L74fkx5tn0QUdUF0f0Jqlp/oC5b1Yw1uuQL7TjwKCYoBi68d//0IdMBKsZpbR/DA5N0PYNRqtiD743bEYTfFfQohWfEBVOQ3Ht2w/IUT07ZnEAmqTqTc4jBWwX+MqgSjk8XExTNiwOaj/VbYGZn9dAhUKm6srt+s9gAeG4IkhG1aACfajdtDaMyfwaLIVNAr46TxDtHbg=,iv:XcR6XsSYpPX2jfVxd6hWfa7921rvYCVbgnHLGmim3XY=,tag:idc7HxwT+U6QKM5zlmx5gA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-12-10T15:40:53Z"
mac: ENC[AES256_GCM,data:vZjdQm1GMCnvdSwdGqZb0VoIrHA51XDka5/hoGSzUv6WYPZangxJMD+yj3IJVFm929X6d1o0qqrEyjnHKHa3pSOcpAFMMelzs6sBUlcHwkU7dOIGprYPYKwgf8p/mtSpoCD1DwP1/PYztOvh39SG8pXw4QS78x3CsD0/hf17SJU=,iv:TnkXJVJmbyUBj0SqR2LF7R7gq18tf9n/KEx+i8hoZxo=,tag:s8/Gy+rldiDWfG6kFYE7Fg==,type:str]
pgp:
- created_at: "2021-12-10T15:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA6BoiFpcAxNSAQ/+OSwvGygGaNXlXdgWAcPC0QsYdYx2qGEfK0V0J68XNdvJ
3dDc72fWz0w/aGW/tmAGMCcOLjhbl5lveVEmSdBETngVyQYG4xyv0WNs3104IqK1
XxZO5ZOTuzrHJBmdQUdLu6Ig/ciEKJlhY314HxAb6oelNGCJX58ZhjwkxJSwJRc4
/5lAlYe7b6MX039EWxl1NpSpSE6IWq3OeOKmMQfO60OTmSGKiV8HF84PmG0WzCRn
TJ34n/fO4fS017H7YSi5VGo+MQ0GSutSyPK8UrO1UovePupfyuOIz9W8vCFMo8Qz
Uef/MrN38sEl4UVsK7GQ0DbXaLXfbNSioAZORk0Lnpwrf8OHt4IGc94Vu63Bn4Xu
KJ/Lq0IjCcw0givEfplkdCtnEHADuTK4n8Qk/gAxjZUvqAUTkS68MxMc1ApzMMGt
IcOgKJors+J8pGfm0WKzKLl+KseP3Ek2l6pTHztjK/hTvr92xoCn0jQkTaS4ZrKw
pO6AO3s+EF2bzdVA3iw46Fl4vL0pCc27L+7m0PwEFKcQVtpoy4AATkqBSYCIgGgH
48dW/tSM8F679bt798CUOkrzG0+4c381nZQS76dioNa7zNDWiLXhrYIEwlgooXdN
m98xpFFEu5zOnCTen4yct5qmFXzYauqCqvoeqr+4/h6dwG8E169cbjPYyLU5v9DS
XgHsFJMx8eWn0fXHkcVOzyFgRGBNdgn5PXoSYokJiLCT0ubZwoSM3NE0ZlIoXFU5
ElfMHKSV1hhU99TJ29uTIqmjrH/vs8usHRg9isi75yHjH53Hq53RuYSNnheoP0c=
=SRmn
-----END PGP MESSAGE-----
fp: b785a9688947edabb9ec8933ee7adefe1d943c7b
- created_at: "2021-12-10T15:35:15Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA2kjcrH8S7m/ARAAsq89iB59zGF5kk+t0zUWaTYxJzqee0lug949a32YMQyp
t1ECn1dmQyxEI2uVb+F0KqrLYIscR/ASKcW7QQ3MSld04YmNElFZ7IPUHeZMDu8e
KswRoPNB6qJBwgHswLrqxzYf29RJumP0HB1vh9rVh5hvr/RrtewTOCz6Glfk5Zr2
tm3xfWfEJWo1E4IgCJSn8xV2y8AsXJOKob4dyhpwGts9VBSvlSnhm5NpXpZqKscW
TPwIO0gWqioISv92mmr67pVwy4fb8QXQpdcbpAe5PY4csAfvLq+n5ARNJkNS/ImL
VKnSg1XIM7veLqik8ixi3DvpAoQZdywxxv8lH8oqsAp7UBFT+zc186z8axua+KBJ
zXbIcSfNmthiixItVLLts40r7CopPv7eK36QO0od9BikRjMvyzfmRo7tMJ6eQPeh
6ASfhcwpHlQWK2w8v06921/iXXKrRpKb1rITHoj7I3enyQjFFJ5p63V22/B/UnqZ
g1pV4Gs+ekfFz02juYOeai2Q55MysrY+ytIbPj92TdCLPg58kvjFWjyIxqOSCGAI
YzeD2IeKrq4ii54Qafx8Gnq+a/1t5jT2sYi9eem7n3u9gB5ymHEZriQ9p+jDFmQ0
NOqj9s6cqvqDOOzeoMYNUVXfcuNfjWJB3/as9paAalypV00w0tZHfqwajYeXkcDS
UAFo872CqsByrH64v/9ihvis4/8VoAsGBenGJylorRI2dyIC4DYUB+u3zAgU/v52
XD4fcleIym+icxCi6ZCRLS8DDXLLI9qurXbHiptQO4pK
=wCQo
-----END PGP MESSAGE-----
fp: 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf
unencrypted_suffix: _unencrypted
version: 3.7.1

12
machines/loki/configuration.nix
View file

@ -56,8 +56,16 @@
services.openssh.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.ha_now_playing_token = {
owner = "erwin";
sops.secrets = {
ha_now_playing_token = {
owner = "erwin";
};
gh_token = {
owner = "erwin";
};
renovate_env = {
owner = "erwin";
};
};
# This value determines the NixOS release from which the default

5
machines/loki/secrets.yaml
View file

@ -1,13 +1,14 @@
ha_now_playing_token: ENC[AES256_GCM,data:2NKdfEn0tQx+DTE6HBVo79Ico8+afqJ2XFaBVOgIikaL4eMa34CqHwhX91T64VVdmWyjvhaC1kRzxsALoJvw1ZHEnSG2va6lX0vN36j/n8R3ulcX23ZJetMHYQQE6ss7A+gvnBHTnTBG+F9XyrPFT7xnfQ363lWHQ3nRFiGAZJjj6eYqLxSuG7KMWHtfSozy5gSy2JKoxyV4KnqpDs39PhBmNA7OSh3FRYZPIaq+i4qhdCfHRET+,iv:Znl6IW36aqhL/KBr0cRgPBPtqkhuc1GtoqCQEQJ/cXI=,tag:ubvLck9m9qiutU2zcQtdDw==,type:str]
gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01tUdRA==,iv:HY82pn2rp9zf+xHWRg6Zwbl5V2qgp+67LghxHRQjiMI=,tag:OrkwDDYpJLXnsWZvqBtY9g==,type:str]
renovate_env: ENC[AES256_GCM,data:LZ1cCywgO4lqT18nM85oYCwtAgm0fDBlZdZUXYyCXcA6mOcDw0lvj0KqF/Y3+NKjvyl3qKMqhEw=,iv:xqjI0Vgl95WafQwg1Rs/+c6TyN96pBMXtlcusqX/QEM=,tag:VFmCukB36LDUFON0H40RPg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-11-29T09:10:11Z"
mac: ENC[AES256_GCM,data:TLXP58YOqyrHx3u//bK64yOsgmzaP8GPyCSMdABeQKMeejVwavNtQS+b2zuq8/58T/AYPajhmmPznoChpSrzqUk51pLclAG/jWAZ5Z/tv7sOv7q4zak4+HZx38zfuKNqr7U4cuo5n/vWhnXiJRNN9vz4OzXNBn4gUm+FTGX98Gg=,iv:iCY+pFC4JNtMPwtqeBLdJ2t6fxgVJrqU3LLhLgXT/xY=,tag:gIz59GuqjSul4CPsUYPT2g==,type:str]
lastmodified: "2021-12-10T18:54:00Z"
mac: ENC[AES256_GCM,data:30K4XFb/WaIoJDtfFL4AJWjP8xu7PbRGkNIyTOUTBQMW0PkNHkSKPLLqtv9AEP04zAYGdJ/9jFBn0d3VJYSVuO0wgec/35AMEo5JA07Jd7miC4cPUp5LX0sjEm9bh9i7dLa6U/83xoDJpQ0+MeUs2DUlFumlhtGvGP9S/6JppO8=,iv:TtPjqB2nXkNjR/jGXkGNvZRN1MXhBZRPGp2FZBoKU8o=,tag:GOytAKkjcg0ozLjDerR7bw==,type:str]
pgp:
- created_at: "2021-11-25T22:00:17Z"
enc: |

7
modules/desktop/default.nix
View file

@ -41,6 +41,7 @@ in
programs = {
alacritty.enable = true;
bat.enable = true;
dropbox.enable = true;
dunst.enable = true;
electron = {
enable = true;
@ -73,7 +74,9 @@ in
git
gnome.nautilus
imagemagick
imv
(jetbrains.clion.override { jdk = pkgs.jetbrains.jdk; })
mpv
neovim
nomachine-client
pamedia
@ -87,7 +90,8 @@ in
tdesktop
unzip
wl-clipboard
];
] ++
(with gst_all_1; [ gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gst-vaapi ]);
xdg = {
enable = true;
@ -120,6 +124,7 @@ in
}
../../home-manager/modules/alacritty
../../home-manager/modules/bat
../../home-manager/modules/dropbox
../../home-manager/modules/dunst
../../home-manager/modules/electron
../../home-manager/modules/firefox

38
modules/drone/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.eboskma.drone;
in
{
options.eboskma.drone = {
enable = mkEnableOption "activate drone CI";
};
config = mkIf cfg.enable {
eboskma.docker.enable = true;
virtualisation.oci-containers.containers = {
drone = {
autoStart = true;
image = "drone/drone:2";
ports = [ "8100:80" ];
volumes = [ "drone_data:/data" ];
environmentFiles = [
/var/run/secrets/drone
];
};
drone-runner-docker = {
autoStart = true;
image = "drone/drone-runner-docker:1";
ports = [ "3000:3000" ];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environmentFiles = [
/var/run/secrets/drone-runner
];
};
};
};
}

5
modules/networking/default.nix
View file

@ -47,6 +47,11 @@ in
};
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];
environment.systemPackages = with pkgs; [
nmap
nmap-formatter
];
services.avahi = {
enable = true;
nssmdns = true;