erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Compare commits

base: erwin:00d9b7925a0406f4eebab7b50a7a4f44f0abfcc5
Branches Tags
erwin:main
..
compare: erwin:f5de5bea15b08c6270585801ffc6b7bb306d804c
Branches Tags
erwin:main

17 commits
00d9b7925a ... f5de5bea15

Author SHA1 Message Date
Erwin Boskma
f5de5bea15
read(miniflux): Fix typo 2024-07-16 10:57:09 +02:00
Erwin Boskma
2e568f7f75
read(miniflux): Enable debug logging 2024-07-16 00:55:16 +02:00
Erwin Boskma
bfebda4f84
read(miniflux): Remove last '/' from OIDC discovery URL 2024-07-16 00:37:51 +02:00
Erwin Boskma
bbfbca672e
read(miniflux): Listen on HTTP 2024-07-16 00:08:27 +02:00
Erwin Boskma
427f7f4485
read(miniflux): Mash all secrets into one env file 2024-07-16 00:04:59 +02:00
Erwin Boskma
8b537059af
read: Update deploy address 2024-07-15 23:59:48 +02:00
Erwin Boskma
97c80dac0d
read(caddy): fix proxy address 2024-07-15 23:59:14 +02:00
Erwin Boskma
ecdf88bb32
read: Increase net.core.rmem_max and net.core.wmem_max 2024-07-15 23:57:32 +02:00
Erwin Boskma
1ee0e5255e
valkyrie(coredns): Put zone files in /etc/coredns so reloading should work 2024-07-15 23:53:39 +02:00
Erwin Boskma
f7f49cca18
valkyrie(coredns): Add read.datarift.nl 2024-07-15 23:47:42 +02:00
Erwin Boskma
35a39995fc
read: init container 2024-07-15 23:41:19 +02:00
Erwin Boskma
acdb3bc5e8
flake.lock: Update 
Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/717cc95983cdc357bc347d70be20ced21f935843?narHash=sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk%3D' (2024-06-01)
  → 'github:zhaofengli/attic/6139576a3ce6bb992e0f6c3022528ec233e45f00?narHash=sha256-aKjJ/4l2I9%2BwNGTaOGRsuS3M1%2BIoTibqgEMPDikXm04%3D' (2024-07-09)
• Updated input 'atuin':
    'github:atuinsh/atuin/6d254c694677af6189159fad1c7737f2e06e4a78?narHash=sha256-sZVo8ngBpot1XrSqAEj7jou8DOuh1yH9mGveR8SA0vs%3D' (2024-07-08)
  → 'github:atuinsh/atuin/7eb985b616c12aed261fbef74a47c5a928c03e61?narHash=sha256-T%2BkLHwraj0u238/MoqYKrtz4rKZT4a4UAzEs%2BZGqLsQ%3D' (2024-07-15)
• Updated input 'disko':
    'github:nix-community/disko/f1a00e7f55dc266ef286cc6fc8458fa2b5ca2414?narHash=sha256-zJv6euDOrJWMHBhxfp/ay%2BDvjwpe8YtMuEI5b09bxmo%3D' (2024-07-08)
  → 'github:nix-community/disko/bad376945de7033c7adc424c02054ea3736cf7c4?narHash=sha256-Gof4Lj1rgTrX59bNu5b/uS/3X/marUGM7LYw31NoXEA%3D' (2024-07-15)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/743e01cc6f5be48230b99178e3f14b34da84022e?narHash=sha256-DFDThlsRInZPkbReZgXOhDv3CqsOkf8KEs1RkGTb4R4%3D' (2024-07-08)
  → 'github:nix-community/emacs-overlay/7c521a93160b3f3deb2325ba5485eabaecc76100?narHash=sha256-di%2BYqstcANGipdJP%2BlQ/vPOlB%2BUIFNSZjg6rlpMOyFs%3D' (2024-07-15)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40?narHash=sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN%2BMXpA%3D' (2024-07-06)
  → 'github:NixOS/nixpkgs/53e81e790209e41f0c1efa9ff26ff2fd7ab35e27?narHash=sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs%3D' (2024-07-14)
• Updated input 'home-manager':
    'github:nix-community/home-manager/6b7ce96f34b324e4e104abc30d06955d216bac71?narHash=sha256-kAsg3Lg4YKKpGw%2Bf1W2s5hzjP8B0y/juowvjK8utIag%3D' (2024-07-07)
  → 'github:nix-community/home-manager/90ae324e2c56af10f20549ab72014804a3064c7f?narHash=sha256-neWQ8eNtLTd%2BYMesb7WjKl1SVCbDyCm46LUgP/g/hdo%3D' (2024-07-11)
• Updated input 'nix-ld-rs':
    'github:nix-community/nix-ld-rs/45eec25fe63b5c421c9439a743a2416a6cdea00b?narHash=sha256-QyuNREH5M0FZG0iVeOB3pUABIz9kqN%2Ba1MYLzl3978Q%3D' (2024-07-07)
  → 'github:nix-community/nix-ld-rs/befdf953399eeff2c4e7c5a2b63af964ad209269?narHash=sha256-CaL618a842JxU69/c9U7TysASx51LeFR4TwAai3YBfI%3D' (2024-07-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/72d3c007024ce47d838bb38693c8773812f54bf2?narHash=sha256-d6JI5IgJ1xdrk7DvYVx7y8ijcYz5I1nhCwOiDP6cq00%3D' (2024-07-08)
  → 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751?narHash=sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w%3D' (2024-07-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6?narHash=sha256-rwz8NJZV%2B387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ%3D' (2024-07-03)
  → 'github:nixos/nixpkgs/693bc46d169f5af9c992095736e82c3488bf7dbb?narHash=sha256-oedh2RwpjEa%2BTNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA%3D' (2024-07-14)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/2b6bd3c87d3a66fb0b8f2f06c985995e04b4fb96?narHash=sha256-1in42htN3g3MnE3/AO5Qgs6pMWUzmtPQ7s675brO8uw%3D' (2024-07-08)
  → 'github:cachix/git-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd?narHash=sha256-6FPUl7HVtvRHCCBQne7Ylp4p%2BdpP3P/OYuzjztZ4s70%3D' (2024-07-15)
• Updated input 'pre-commit-hooks/nixpkgs-stable':
    'github:NixOS/nixpkgs/03d771e513ce90147b65fe922d87d3a0356fc125?narHash=sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90%2B%2BqRN3lukGaIk%3D' (2024-06-19)
  → 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7?narHash=sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo%3D' (2024-07-07)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/f0ca58b37ff4179ce4587589c32205764d9b4a4f?narHash=sha256-7D57KwmTIbsopE/1g8hFeIbVoeJGgU3wfuGYvTlNQG4%3D' (2024-07-08)
  → 'github:oxalica/rust-overlay/3ef018b6d0f62eb59580a8e9fe141e37bf1d972d?narHash=sha256-GuPw2xhJZ%2BeszIJFu7z7AtqUmirSWPHpxuCpG6dSOic%3D' (2024-07-15)
• Updated input 'sops':
    'github:Mic92/sops-nix/c184aca4db5d71c3db0c8cbfcaaec337a5d065ea?narHash=sha256-kcI8q9Nh8/CSj0ygfWq1DLckHl8IHhFarL8ie6g7OEk%3D' (2024-07-07)
  → 'github:Mic92/sops-nix/0703ba03fd9c1665f8ab68cc3487302475164617?narHash=sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY%3D' (2024-07-14)
• Updated input 'sops/nixpkgs-stable':
    'github:NixOS/nixpkgs/550ac3e955c30fe96dd8b2223e37e0f5d225c927?narHash=sha256-dudRkHPRivMNOhd04YI%2Bv4sWvn2SnN5ODSPIu5IVbco%3D' (2024-07-06)
  → 'github:NixOS/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/6fc8bded78715cdd43a3278a14ded226eb3a239e?narHash=sha256-/cKXod0oGLl%2BvH4bKBZnTV3qxrw4jgOLnyQ8KXey5J8%3D' (2024-07-08)
  → 'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398?narHash=sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto%3D' (2024-07-15)
 2024-07-15 20:21:34 +02:00
Erwin Boskma
b829575b97
emacs: Add neocmake to 'eglot-server-programs 2024-07-15 20:20:52 +02:00
Erwin Boskma
d09a0f973d
home: Remove eww 2024-07-15 20:20:38 +02:00
Erwin Boskma
43e468cefb
overlay: Add temporary hack until Python on nixos-unstable is unfucked 2024-07-15 20:20:15 +02:00
Erwin Boskma
f8e68cb04a
sound: Remove deprecated option 2024-07-15 20:19:02 +02:00
Erwin Boskma
3628e8804a
valkyrie(coredns): Add record for Unifi Cloud Gateway 2024-07-15 20:18:16 +02:00
13 changed files with 284 additions and 55 deletions
Show stats Expand all files Collapse all files

7
.sops.yaml
View file

@ -13,6 +13,7 @@ keys:
- &neo age1s95yw988he30l6wegfwquh4nh03jst2tvyu4ykng4g88h7s3a3rs5zh5fp
- &nix-cache age1ffpkfl4ged52ym7ynyhjc40t9v2g6pgjp4ue670lxcr6mxy7mdtqt5qjlq
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
- &read age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
creation_rules:
@ -88,6 +89,12 @@ creation_rules:
- *erwin
- *erwin_horus
- *proxy
- path_regex: machines/read/[^/]+\.ya?ml$
key_groups:
- age:
- *erwin
- *erwin_horus
- *read
- path_regex: machines/saga/[^/]+\.ya?ml$
key_groups:
- age:

92
flake.lock
View file

@ -31,11 +31,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1717279440,
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
"lastModified": 1720542474,
"narHash": "sha256-aKjJ/4l2I9+wNGTaOGRsuS3M1+IoTibqgEMPDikXm04=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
"rev": "6139576a3ce6bb992e0f6c3022528ec233e45f00",
"type": "github"
},
"original": {
@ -56,11 +56,11 @@
]
},
"locked": {
"lastModified": 1720438061,
"narHash": "sha256-sZVo8ngBpot1XrSqAEj7jou8DOuh1yH9mGveR8SA0vs=",
"lastModified": 1721067121,
"narHash": "sha256-T+kLHwraj0u238/MoqYKrtz4rKZT4a4UAzEs+ZGqLsQ=",
"owner": "atuinsh",
"repo": "atuin",
"rev": "6d254c694677af6189159fad1c7737f2e06e4a78",
"rev": "7eb985b616c12aed261fbef74a47c5a928c03e61",
"type": "github"
},
"original": {
@ -197,11 +197,11 @@
]
},
"locked": {
"lastModified": 1720402389,
"narHash": "sha256-zJv6euDOrJWMHBhxfp/ay+Dvjwpe8YtMuEI5b09bxmo=",
"lastModified": 1721007199,
"narHash": "sha256-Gof4Lj1rgTrX59bNu5b/uS/3X/marUGM7LYw31NoXEA=",
"owner": "nix-community",
"repo": "disko",
"rev": "f1a00e7f55dc266ef286cc6fc8458fa2b5ca2414",
"rev": "bad376945de7033c7adc424c02054ea3736cf7c4",
"type": "github"
},
"original": {
@ -221,11 +221,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1720429744,
"narHash": "sha256-DFDThlsRInZPkbReZgXOhDv3CqsOkf8KEs1RkGTb4R4=",
"lastModified": 1721063376,
"narHash": "sha256-di+YqstcANGipdJP+lQ/vPOlB+UIFNSZjg6rlpMOyFs=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "743e01cc6f5be48230b99178e3f14b34da84022e",
"rev": "7c521a93160b3f3deb2325ba5485eabaecc76100",
"type": "github"
},
"original": {
@ -587,11 +587,11 @@
]
},
"locked": {
"lastModified": 1720327769,
"narHash": "sha256-kAsg3Lg4YKKpGw+f1W2s5hzjP8B0y/juowvjK8utIag=",
"lastModified": 1720734513,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6b7ce96f34b324e4e104abc30d06955d216bac71",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github"
},
"original": {
@ -679,11 +679,11 @@
]
},
"locked": {
"lastModified": 1720354748,
"narHash": "sha256-QyuNREH5M0FZG0iVeOB3pUABIz9kqN+a1MYLzl3978Q=",
"lastModified": 1721014541,
"narHash": "sha256-CaL618a842JxU69/c9U7TysASx51LeFR4TwAai3YBfI=",
"owner": "nix-community",
"repo": "nix-ld-rs",
"rev": "45eec25fe63b5c421c9439a743a2416a6cdea00b",
"rev": "befdf953399eeff2c4e7c5a2b63af964ad209269",
"type": "github"
},
"original": {
@ -694,11 +694,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1720429258,
"narHash": "sha256-d6JI5IgJ1xdrk7DvYVx7y8ijcYz5I1nhCwOiDP6cq00=",
"lastModified": 1720737798,
"narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "72d3c007024ce47d838bb38693c8773812f54bf2",
"rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751",
"type": "github"
},
"original": {
@ -753,11 +753,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"lastModified": 1720954236,
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"type": "github"
},
"original": {
@ -769,27 +769,27 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1718811006,
"narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=",
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "03d771e513ce90147b65fe922d87d3a0356fc125",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1720282526,
"narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
"lastModified": 1720915306,
"narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
"rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d",
"type": "github"
},
"original": {
@ -801,11 +801,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1720031269,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"type": "github"
},
"original": {
@ -853,11 +853,11 @@
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1720450253,
"narHash": "sha256-1in42htN3g3MnE3/AO5Qgs6pMWUzmtPQ7s675brO8uw=",
"lastModified": 1721042469,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "2b6bd3c87d3a66fb0b8f2f06c985995e04b4fb96",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"type": "github"
},
"original": {
@ -943,11 +943,11 @@
]
},
"locked": {
"lastModified": 1720405186,
"narHash": "sha256-7D57KwmTIbsopE/1g8hFeIbVoeJGgU3wfuGYvTlNQG4=",
"lastModified": 1721010111,
"narHash": "sha256-GuPw2xhJZ+eszIJFu7z7AtqUmirSWPHpxuCpG6dSOic=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f0ca58b37ff4179ce4587589c32205764d9b4a4f",
"rev": "3ef018b6d0f62eb59580a8e9fe141e37bf1d972d",
"type": "github"
},
"original": {
@ -964,11 +964,11 @@
"nixpkgs-stable": "nixpkgs-stable_4"
},
"locked": {
"lastModified": 1720321395,
"narHash": "sha256-kcI8q9Nh8/CSj0ygfWq1DLckHl8IHhFarL8ie6g7OEk=",
"lastModified": 1720926522,
"narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c184aca4db5d71c3db0c8cbfcaaec337a5d065ea",
"rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
"type": "github"
},
"original": {
@ -1061,11 +1061,11 @@
]
},
"locked": {
"lastModified": 1720436211,
"narHash": "sha256-/cKXod0oGLl+vH4bKBZnTV3qxrw4jgOLnyQ8KXey5J8=",
"lastModified": 1721059077,
"narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "6fc8bded78715cdd43a3278a14ded226eb3a239e",
"rev": "0fb28f237f83295b4dd05e342f333b447c097398",
"type": "github"
},
"original": {

11
home-manager/modules/emacs/config.org
View file

@ -1315,7 +1315,16 @@ Add [[https://melpa.org/#/cmake-mode][cmake-mode]]
#+begin_src emacs-lisp
(use-package cmake-mode
:after eglot
:hook (cmake-mode . eglot-ensure))
:hook
((cmake-mode cmake-ts-mode) . eglot-ensure))
#+end_src
Add =neocmakelsp= to language servers
#+begin_src emacs-lisp
(with-eval-after-load 'eglot
(add-to-list 'eglot-server-programs
'(cmake-ts-mode . ("neocmakelsp" "--stdio"))))
#+end_src
*** YAML

8
machines/default.nix
View file

@ -105,6 +105,14 @@ inputs: {
tags = [ "metal" ];
};
};
read = {
config = import ./read/configuration.nix inputs;
deploy = {
# host = "10.0.0.101";
host = "read.barn-beaver.ts.net";
tags = [ "container" ];
};
};
proxy = {
config = import ./proxy/configuration.nix inputs;
deploy = {

103
machines/read/configuration.nix Normal file
View file

@ -0,0 +1,103 @@
{ self, caddy-with-plugins, ... }:
{
modulesPath,
pkgs,
config,
...
}:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
./miniflux
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "read.datarift.nl";
proxyAddress = "http://${config.services.miniflux.config.LISTEN_ADDR}";
}
];
};
tailscale.enable = true;
};
boot = {
isContainer = true;
kernel.sysctl = {
"net.core.rmem_max" = 7500000;
"net.core.wmem_max" = 7500000;
};
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "read";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd = {
services.logrotate-checkconf.enable = false;
network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.207/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
caddy-env = { };
miniflux-env = { };
};
system.stateVersion = "24.11";
}

15
machines/read/miniflux/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, ... }:
{
services.miniflux = {
enable = true;
config = {
BASE_URL = "https://read.datarift.nl";
POLLING_SCHEDULER = "entry_frequency";
OAUTH2_PROVIDER = "oidc";
OAUTH2_REDIRECT_URL = "https://read.datarift.nl/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.datarift.nl/realms/datarift";
WEBAUTHN = 1;
};
adminCredentialsFile = config.sops.secrets.miniflux-env.path;
};
}

40
machines/read/secrets.yaml Normal file
View file

@ -0,0 +1,40 @@
caddy-env: ENC[AES256_GCM,data:gw+QSN+c2Lp2F4wNzhTXklq9sUrDT389KLAh2YRpZbqxWpodx4LPJ1uIUsMC1TdeYmq+lkI+,iv:iXjLwOfQo9wEa9bBlE5HYUKDNriJgcm7hxPsBys62hk=,tag:DbutFgWz5ZqHE1/aP4+7Ag==,type:str]
miniflux-env: ENC[AES256_GCM,data:5H+/yRuPW6BodnHaq3E7bcqD7xSRLHwle6BdSpsyFPUY9lw7JT4445lnQlV/uliGJJTu0H9N3G5KhsDQbvvU8vw+5yQvX4EgYQnJfYMyEn8LmQE+ErGz5Lpx3A6sjFuy0KHCqbFJwf5jjfZwuxvNdTKv34gnR2u9+4Vyg5qjwAP4jw==,iv:HfLie5OUOkEKjSmm7rBfOtVhkIq9GA3NRfwDg5AD7MQ=,tag:1ysgjaklV6twaLPe5na+hw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRHo4TVNEeWhySXlVOWZs
amRZOWRCUzlvenNkeXY0MzFtNUl6dzJiR1hnCkJzZno4NE5lQzAzb3U5TGN5NnlG
dlh4VmxQWVRrZUFGUEs5OVFzV3FYbFUKLS0tIFJnMTVFVFlja2FNM1VPa0d5MDVZ
OG80aHp3OWRwWTZqWFBlSUhuZWFLRHcKjLMykruXBQxp5ncKqGJ6R1xcFx0xRJjW
+svOHaCOb+j7J8AFr/wLn1Cz9lhinqAfKL+rncCn+sq2tTsH1L0nrA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMnVwSnhTNk9jM2pYWmVP
Q0t2RnJJNnZPRXpCQXlHQzB1YUl5aXpSc0RvClB5Q0xTemJpb3o3MUFjMlNuYlFO
LzZwRHZnVlU3OVB0bFZIektFMitiZXMKLS0tIHNKSzBVOVh5TXoySWxlOXFaQ25N
ZFlhanZ3WTZuR3Zoa3FiMGNHMXlkZFUKSR5yoXow2D07xpBIrgo2mDwjiWbWp1L9
svyLVXtkxwSun0PqvZ4vg9dl7qLX3IwdaqtWvdetFF9ps7QEsnHzOg==
-----END AGE ENCRYPTED FILE-----
- recipient: age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWSjJKRHV1azVyUGF6NVpL
NHlyWDBnbjRhdjRRR2ZxZy8rcDM1Q0Z4Um5RCjRjOExKWHJPSjExeSsxOEJLQlpI
Q0JkYlZGbVZuSy9yZTdRbFd2OGJwU00KLS0tIE1vbERsbDNOVWR3UHAxQVl2ZEts
alprbldiMEtZQ29DaUJzaEZlWmxXTmMKPYHIg4fMR5fbCoCAyHHuL/WGfn4D6mXJ
yulfOqthMxvvWr+9sOBeAWIWSCcc0DBmDjvUTaDqVA7pnhZE+hQ2mw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T22:03:26Z"
mac: ENC[AES256_GCM,data:T4BUMEd6lxXtndOH52M2SGqMm08kW6tG4VDcpaBv5De+DmSaXX2cojM2MIOVBnQjNxCT6534RZAvnG4cQkUiIgaqP+PDyb1w0cYnv+zfgE/yHQ/AkBXlnr4jblJLYtU/04HpFm5OGvjYxqXDrrcWu/tZD6lZgiDcqLO5R+V0Azg=,iv:/WNzbV8YJpdVD7nF+AFQz/why5QFKGYidIgh1V8VLGA=,tag:RyyZRIsF7kyg+ZgDD+7DhQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

4
machines/valkyrie/coredns/datarift.zone
View file

@ -1,6 +1,6 @@
$ORIGIN datarift.nl.
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 3 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 5 3600 900 86400 1800
home IN A 10.0.0.251
frigate IN A 10.0.0.251
@ -10,5 +10,7 @@ minio IN A 10.0.0.251
minio-admin IN A 10.0.0.251
mqtt IN A 10.0.0.254
nix-cache IN A 10.0.0.209
read IN A 10.0.0.207
saga IN A 10.0.0.251
vidz IN A 10.0.0.211
unifi IN A 10.0.0.1

15
machines/valkyrie/coredns/default.nix
View file

@ -9,7 +9,7 @@
.:5454 {
bind lo
reload 5s
file ${./tailscale.zone} datarift.nl {
file /etc/coredns/tailscale.zone datarift.nl {
reload 10s
}
forward . 127.0.0.1:5335
@ -21,7 +21,7 @@
.:5455 {
bind lo
reload 5s
file ${./datarift.zone} datarift.nl {
file /etc/coredns/datarift.zone datarift.nl {
reload 10s
}
forward . 127.0.0.1:5335
@ -32,6 +32,17 @@
'';
};
environment.etc = {
"coredns/datarift.zone" = {
source = ./datarift.zone;
mode = "0644";
};
"coredns/tailscale.zone" = {
source = ./tailscale.zone;
mode = "0644";
};
};
systemd.services.coredns = {
environment = {
HOME = "%S/coredns";

4
machines/valkyrie/coredns/tailscale.zone
View file

@ -1,5 +1,5 @@
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 11 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 14 3600 900 86400 1800
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
@ -9,6 +9,7 @@ minio.datarift.nl. IN CNAME minio.barn-beaver.ts.net.
minio-admin.datarift.nl. IN CNAME minio.barn-beaver.ts.net.
mqtt.datarift.nl. IN CNAME homeassistant.barn-beaver.ts.net.
nix-cache.datarift.nl. IN CNAME nix-cache.barn-beaver.ts.net.
read.datarift.nl. IN CNAME read.barn-beaver.ts.net.
saga.datarift.nl. IN CNAME saga.barn-beaver.ts.net.
vidz.datarift.nl. IN CNAME vidz.barn-beaver.ts.net.
heimdall.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
@ -17,3 +18,4 @@ odin.datarift.nl. IN CNAME odin.barn-beaver.ts.net.
id.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
unifi.datarift.nl. IN A 10.0.0.1

1
modules/sound/default.nix
View file

@ -15,7 +15,6 @@ in
};
config = mkIf cfg.enable {
sound.enable = true;
services = {
pipewire = {
enable = true;

36
overlays/default.nix
View file

@ -1,4 +1,4 @@
_final: prev: {
final: prev: {
backscrub = prev.pkgs.callPackage ../pkgs/backscrub {
inherit (prev.pkgs)
gcc
@ -19,4 +19,38 @@ _final: prev: {
);
git-repo-go = prev.pkgs.callPackage ../pkgs/git-repo-go { };
# Temporary until nixos-unstable is fixed for Python 3.12
python312 = prev.python312.override {
packageOverrides = _finalPkgs: prevPkgs: {
nose = prevPkgs.nose.overrideAttrs {
patches = [
(final.fetchpatch2 {
url = "https://github.com/NixOS/nixpkgs/raw/599e471d78801f95ccd2c424a37e76ce177e50b9/pkgs/development/python-modules/nose/0001-nose-python-3.12-fixes.patch";
hash = "sha256-aePOvO5+TJL4JzXywc7rEiYRzfdObSI9fg9Cfrp+e2o=";
})
];
};
wxpython = prevPkgs.wxpython.overrideAttrs {
disabled = false;
postPatch =
let
waf_2_0_25 = prev.fetchurl {
url = "https://waf.io/waf-2.0.25";
hash = "sha256-IRmc0iDM9gQ0Ez4f0quMjlIXw3mRmcgnIlQ5cNyOONU=";
};
in
''
cp ${waf_2_0_25} bin/waf-2.0.25
chmod +x bin/waf-2.0.25
substituteInPlace build.py \
--replace-fail "wafCurrentVersion = '2.0.24'" "wafCurrentVersion = '2.0.25'" \
--replace-fail "wafMD5 = '698f382cca34a08323670f34830325c4'" "wafMD5 = 'a4b1c34a03d594e5744f9e42f80d969d'" \
--replace-fail "distutils.dep_util" "setuptools.modified"
'';
};
python-hglib = prevPkgs.python-hglib.overrideAttrs { dontUseSetuptoolsCheck = "1"; };
};
};
python312Packages = final.python312.pkgs;
}

3
users/erwin/home.nix
View file

@ -43,7 +43,7 @@ in
wayland = true;
};
eww = {
enable = true;
enable = false;
};
firefox = {
enable = true;
@ -177,7 +177,6 @@ in
easyeffects
element-desktop
fd
freecad
ffmpeg_5-full
helvum
imagemagick