initial commit
This commit is contained in:
commit
ebc1be5217
143 changed files with 7721 additions and 0 deletions
155
modules/nixos/hosts/candlekeep/git.nix
Normal file
155
modules/nixos/hosts/candlekeep/git.nix
Normal file
|
|
@ -0,0 +1,155 @@
|
|||
{
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
programs.git = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
user = {
|
||||
name = "gwg313";
|
||||
email = "gwg313@pm.me";
|
||||
};
|
||||
|
||||
credential = {
|
||||
helper = "!pass-git-helper $@";
|
||||
};
|
||||
user = {
|
||||
signingkey = "60FF63B4826B7400";
|
||||
};
|
||||
commit = {
|
||||
gpgsign = true;
|
||||
verbose = "true";
|
||||
};
|
||||
diff = {
|
||||
algorithm = "histogram";
|
||||
colorMoved = "plain";
|
||||
mnemonicPrefix = "true";
|
||||
renames = "true";
|
||||
compactionHeuristic = "true";
|
||||
tool = "nvimdiff";
|
||||
};
|
||||
"difftool \"nvimdiff\"" = {
|
||||
cmd = "nvim -d \"$LOCAL\" \"$REMOTE\" -c \"wincmd w\" -c \"wincmd L\"";
|
||||
};
|
||||
merge = {
|
||||
tool = "nvimdiff4";
|
||||
prompt = "false";
|
||||
conflictstyle = "zdiff3";
|
||||
};
|
||||
"mergetool \"nvimdiff4\"" = {
|
||||
cmd = "nvim -d $LOCAL $BASE $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'";
|
||||
};
|
||||
mergetool = {
|
||||
keepBackup = false;
|
||||
};
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
core = {
|
||||
pager = "delta";
|
||||
editor = "nvim";
|
||||
};
|
||||
delta = {
|
||||
features = "line-numbers decorations";
|
||||
navigate = "true";
|
||||
whitespace-error-style = "22 reverse";
|
||||
};
|
||||
interactive = {
|
||||
diffFilter = "delta --color-only";
|
||||
};
|
||||
push = {
|
||||
default = "simple";
|
||||
autoSetupRemote = "true";
|
||||
followTags = "true";
|
||||
};
|
||||
pull = {
|
||||
rebase = "true";
|
||||
};
|
||||
rebase = {
|
||||
autoSquash = "true";
|
||||
autoStash = "true";
|
||||
updateRefs = "true";
|
||||
};
|
||||
fetch = {
|
||||
prune = "true";
|
||||
pruneTags = "true";
|
||||
all = "true";
|
||||
};
|
||||
tag = {
|
||||
sort = "version:refname";
|
||||
};
|
||||
branch = {
|
||||
sort = "-committerdate";
|
||||
};
|
||||
|
||||
help = {
|
||||
autocorrect = "true";
|
||||
};
|
||||
rerere = {
|
||||
enabled = "true";
|
||||
autoupdate = "true";
|
||||
};
|
||||
|
||||
color.ui = "1";
|
||||
};
|
||||
ignores = [
|
||||
"__pycache__"
|
||||
".direnv"
|
||||
"npm-debug.log"
|
||||
".cache/"
|
||||
".DS_Store"
|
||||
".idea/"
|
||||
"*.swp"
|
||||
"*.elc"
|
||||
"auto-save-list"
|
||||
".direnv/"
|
||||
"node_modules"
|
||||
"result"
|
||||
"result-*"
|
||||
];
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
shellAliases = {
|
||||
trackme = "git branch --set-upstream-to=origin/$(git symbolic-ref --short HEAD)";
|
||||
rebasemain = "git pull origin main --rebase";
|
||||
hist = ''log --pretty=format:"%Cgreen%h %Creset%cd %Cblue[%cn] %Creset%s%C(yellow)%d%C(reset)" --graph --date=relative --decorate --all'';
|
||||
llog = ''log --graph --name-status --pretty=format:"%C(red)%h %C(reset)(%cd) %C(green)%an %Creset%s %C(yellow)%d%Creset" --date=relative'';
|
||||
g = "lazygit";
|
||||
ga = "git add";
|
||||
gc = "git commit";
|
||||
gcu = "git add . && git commit -m 'Update'";
|
||||
gp = "git push";
|
||||
gpl = "git pull";
|
||||
gs = "git status";
|
||||
gd = "git diff";
|
||||
gco = "git checkout";
|
||||
gcb = "git checkout -b";
|
||||
gbr = "git branch";
|
||||
grs = "git reset HEAD~1";
|
||||
grh = "git reset --hard HEAD~1";
|
||||
|
||||
gaa = "git add .";
|
||||
gcm = "git commit -m";
|
||||
};
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
cocogitto
|
||||
delta
|
||||
lazygit
|
||||
gh
|
||||
pre-commit
|
||||
graphite-cli
|
||||
tig
|
||||
pass-git-helper
|
||||
];
|
||||
|
||||
xdg.configFile."pass-git-helper/git-pass-mapping.ini".text = ''
|
||||
[git.gwg313.xyz*]
|
||||
target=git/https/git.gwg313.xyz
|
||||
line_username=1
|
||||
'';
|
||||
}
|
||||
82
modules/nixos/hosts/candlekeep/networking.nix
Normal file
82
modules/nixos/hosts/candlekeep/networking.nix
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
user = config.dendritic.current.primaryUser;
|
||||
secretName = "wireless.env";
|
||||
in
|
||||
{
|
||||
sops.secrets.${secretName} = {
|
||||
sopsFile = ../../../../secrets/users/${user}.yaml;
|
||||
};
|
||||
|
||||
networking.networkmanager.ensureProfiles = {
|
||||
environmentFiles = [
|
||||
config.sops.secrets.${secretName}.path
|
||||
];
|
||||
|
||||
profiles = {
|
||||
home-wifi = {
|
||||
connection.id = "home-wifi";
|
||||
connection.type = "wifi";
|
||||
wifi.ssid = "$home_uuid";
|
||||
wifi-security = {
|
||||
auth-alg = "open";
|
||||
key-mgmt = "wpa-psk";
|
||||
psk = "$home_psk";
|
||||
};
|
||||
connection.autoconnect-priority = 100;
|
||||
};
|
||||
|
||||
eduroam = {
|
||||
connection.id = "eduroam";
|
||||
connection.type = "wifi";
|
||||
wifi.ssid = "eduroam";
|
||||
wifi-security = {
|
||||
key-mgmt = "wpa-eap";
|
||||
};
|
||||
"802-1x" = {
|
||||
eap = "peap;";
|
||||
identity = "$eduroam_identity";
|
||||
password = "$school_password";
|
||||
phase2-auth = "mschapv2";
|
||||
};
|
||||
connection.autoconnect = true;
|
||||
connection.autoconnect-priority = 80;
|
||||
wifi.powersave = 2;
|
||||
wifi.mode = "infrastructure";
|
||||
ipv4.method = "auto";
|
||||
# ipv4.dns = "8.8.8.8,8.8.4.4.";
|
||||
# ipv6.dns = "2001:4860:4860::8888";
|
||||
# wifi.mac-address-randomization = "random";
|
||||
ipv4.dhcp-send-hostname = false;
|
||||
# ipv4.dhcp-hostname = "NoName";
|
||||
# connection.metered = "yes";
|
||||
};
|
||||
|
||||
school = {
|
||||
connection.id = "School";
|
||||
connection.type = "wifi";
|
||||
wifi.ssid = "$school_uuid";
|
||||
wifi-security = {
|
||||
key-mgmt = "wpa-eap";
|
||||
};
|
||||
"802-1x" = {
|
||||
eap = "peap;";
|
||||
identity = "$school_identity";
|
||||
password = "$school_password";
|
||||
phase2-auth = "mschapv2";
|
||||
};
|
||||
connection.autoconnect = true;
|
||||
connection.autoconnect-priority = 90;
|
||||
wifi.powersave = 2;
|
||||
wifi.mode = "infrastructure";
|
||||
ipv4.method = "auto";
|
||||
# ipv4.dns = "8.8.8.8,8.8.4.4.";
|
||||
# ipv6.dns = "2001:4860:4860::8888";
|
||||
# wifi.mac-address-randomization = "random";
|
||||
ipv4.dhcp-send-hostname = false;
|
||||
# ipv4.dhcp-hostname = "NoName";
|
||||
# connection.metered = "yes";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
53
modules/nixos/hosts/candlekeep/nfs.nix
Normal file
53
modules/nixos/hosts/candlekeep/nfs.nix
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
fileSystems = {
|
||||
"/books" = {
|
||||
device = inputs.secrets.nfs.devices.books;
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.after=network-online.target"
|
||||
"x-systemd.mount-timeout=90"
|
||||
];
|
||||
};
|
||||
|
||||
"/music" = {
|
||||
device = inputs.secrets.nfs.devices.music;
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.after=network-online.target"
|
||||
"x-systemd.mount-timeout=90"
|
||||
];
|
||||
};
|
||||
|
||||
"/personal" = {
|
||||
device = inputs.secrets.nfs.devices.personal;
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.after=network-online.target"
|
||||
"x-systemd.mount-timeout=90"
|
||||
];
|
||||
};
|
||||
|
||||
"/backups" = {
|
||||
device = inputs.secrets.nfs.devices.backups;
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.after=network-online.target"
|
||||
"x-systemd.mount-timeout=90"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
106
modules/nixos/hosts/candlekeep/ssh-hosts.nix
Normal file
106
modules/nixos/hosts/candlekeep/ssh-hosts.nix
Normal file
|
|
@ -0,0 +1,106 @@
|
|||
{ ... }:
|
||||
{
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
hashKnownHosts = true;
|
||||
matchBlocks = {
|
||||
"router" = {
|
||||
hostname = "router.local.gwg313.xyz";
|
||||
user = "glen";
|
||||
identityFile = "/home/gwg313/.ssh/home/id_ed25519";
|
||||
};
|
||||
"github.com" = {
|
||||
hostname = "github.com";
|
||||
identityFile = "/home/gwg313/.ssh/github/id_ed25519";
|
||||
};
|
||||
"candlekeep" = {
|
||||
hostname = "candlekeep.local.gwg313.xyz";
|
||||
user = "gwg313";
|
||||
identityFile = "/home/gwg313/.ssh/home/id_ed25519";
|
||||
};
|
||||
"candlekeep.zt" = {
|
||||
hostname = "candlekeep.zt"; # added to hosts in zerotier config
|
||||
user = "gwg313";
|
||||
identityFile = "/home/gwg313/.ssh/home/id_ed25519";
|
||||
};
|
||||
"grymforge" = {
|
||||
hostname = "grymforge.local.gwg313.xyz";
|
||||
user = "gwg313";
|
||||
identityFile = "/home/gwg313/.ssh/home/id_ed25519";
|
||||
};
|
||||
"grymforge.zt" = {
|
||||
hostname = "grymforge.zt"; # added to hosts in zerotier config
|
||||
user = "gwg313";
|
||||
identityFile = "/home/gwg313/.ssh/home/id_ed25519";
|
||||
extraOptions = {
|
||||
"VisualHostKey" = "no";
|
||||
};
|
||||
};
|
||||
|
||||
"waypoint" = {
|
||||
hostname = "waypoint.local.gwg313.xyz";
|
||||
user = "root";
|
||||
identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
|
||||
};
|
||||
|
||||
"seikan" = {
|
||||
hostname = "147.182.147.32";
|
||||
user = "root";
|
||||
identityFile = "/home/gwg313/.ssh/digital_ocean/id_ed25519";
|
||||
};
|
||||
|
||||
"panopticon" = {
|
||||
hostname = "10.1.10.9";
|
||||
user = "root";
|
||||
identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
|
||||
};
|
||||
|
||||
"vault-tec" = {
|
||||
hostname = "10.1.10.13";
|
||||
user = "root";
|
||||
identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
|
||||
};
|
||||
|
||||
"qnx" = {
|
||||
hostname = "10.1.40.32";
|
||||
user = "qnxuser";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/home/gwg313/.ssh/qnxuser";
|
||||
extraOptions = {
|
||||
"Ciphers" = "aes256-ctr";
|
||||
};
|
||||
};
|
||||
|
||||
"qnxzt" = {
|
||||
hostname = "10.1.40.32";
|
||||
user = "qnxuser";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/home/gwg313/.ssh/qnxuser";
|
||||
proxyJump = "grymforge.zt";
|
||||
extraOptions = {
|
||||
"Ciphers" = "aes256-ctr";
|
||||
"VisualHostKey" = "no";
|
||||
};
|
||||
};
|
||||
|
||||
"qnxproj" = {
|
||||
hostname = "10.1.10.66";
|
||||
user = "qnxuser";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/home/gwg313/.ssh/qnxuser";
|
||||
proxyJump = "bastion";
|
||||
extraOptions = {
|
||||
"Ciphers" = "aes256-ctr";
|
||||
"VisualHostKey" = "no";
|
||||
};
|
||||
};
|
||||
|
||||
"bastion" = {
|
||||
hostname = "10.1.10.9";
|
||||
user = "bastion";
|
||||
identitiesOnly = true;
|
||||
identityFile = "/home/gwg313/.ssh/qnxuser";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
19
modules/nixos/hosts/candlekeep/ssh.nix
Normal file
19
modules/nixos/hosts/candlekeep/ssh.nix
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
user = config.dendritic.current.primaryUser;
|
||||
in
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
AllowUsers = [ user ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users.${user}.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILq54YrM3BbhBs0oDLOrc1bkg6FCCmkV4E3pWLZp0ejN gwg313@pm.me"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZK7127ict2+Urhi1cbD6EIU85mD4lkQ9/ihaif0jsX" # Phone
|
||||
];
|
||||
}
|
||||
78
modules/nixos/hosts/candlekeep/syncthing.nix
Normal file
78
modules/nixos/hosts/candlekeep/syncthing.nix
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
dataDir = "/home/gwg313";
|
||||
openDefaultPorts = true;
|
||||
configDir = "/home/gwg313/.config/syncthing";
|
||||
user = "gwg313";
|
||||
group = "users";
|
||||
guiAddress = "127.0.0.1:8384";
|
||||
|
||||
overrideDevices = true;
|
||||
overrideFolders = true;
|
||||
settings = {
|
||||
gui = {
|
||||
user = inputs.secrets.syncthing.gui_user;
|
||||
password = inputs.secrets.syncthing.gui_password;
|
||||
};
|
||||
devices = {
|
||||
"grymforge" = {
|
||||
id = inputs.secrets.syncthing.grymforge_id;
|
||||
};
|
||||
};
|
||||
|
||||
folders = {
|
||||
"repos" = {
|
||||
path = "/home/gwg313/repos";
|
||||
devices = [ "grymforge" ];
|
||||
versioning = {
|
||||
type = "staggered";
|
||||
params = {
|
||||
cleanInterval = "3600";
|
||||
maxAge = "15768000";
|
||||
};
|
||||
};
|
||||
};
|
||||
"documents" = {
|
||||
path = "/home/gwg313/Documents";
|
||||
devices = [ "grymforge" ];
|
||||
versioning = {
|
||||
type = "staggered";
|
||||
params = {
|
||||
cleanInterval = "3600";
|
||||
maxAge = "15768000";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
"password-store" = {
|
||||
path = "/home/gwg313/.local/share/password-store";
|
||||
devices = [ "grymforge" ];
|
||||
versioning = {
|
||||
type = "staggered";
|
||||
params = {
|
||||
cleanInterval = "3600";
|
||||
maxAge = "15768000";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
"zettelkasten" = {
|
||||
path = "/home/gwg313/zettelkasten/";
|
||||
devices = [ "grymforge" ];
|
||||
versioning = {
|
||||
type = "staggered";
|
||||
params = {
|
||||
cleanInterval = "3600";
|
||||
maxAge = "15768000";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
4
modules/nixos/hosts/candlekeep/usbguard.nix
Normal file
4
modules/nixos/hosts/candlekeep/usbguard.nix
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
services.usbguard.rules = lib.mkAfter "";
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue