alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:d591feff45bdd6aedb42b3db35eb1493166388be
Branches Tags
alex:main
..
compare: alex:762ea0640663d0dfd5b5f685e0ba7bab0b40e70a
Branches Tags
alex:main

6 Commits
d591feff45 ... 762ea06406

Author SHA1 Message Date
Alexander Heldt
762ea06406 pinwheel: Remove mullvad 2024-09-12 15:39:35 +02:00
Alexander Heldt
51c4a1981c pinwheel: Increase waybar module intervals 2024-09-12 15:39:07 +02:00
Alexander Heldt
063acc40e2 pinwheel: Add tailscale module to waybar 2024-09-12 15:39:05 +02:00
Alexander Heldt
b4d1086d57 pinwheel: Add secret for preferred tailscale exit node 2024-09-12 15:28:12 +02:00
Alexander Heldt
040c0e2413 pinwheel: Add swapfile 2024-09-11 14:44:25 +02:00
Alexander Heldt
cd5fd3dffa pinwheel: Remove URL preference for gitlab in git 2024-09-11 14:44:07 +02:00
7 changed files with 68 additions and 86 deletions
Expand all files Collapse all files

7
hosts/pinwheel/hardware-configuration.nix
View File

@@ -36,7 +36,12 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [
{
device = "/swapfile";
size = 24 * 1024; # 24GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

1
hosts/pinwheel/modules/default.nix
View File

@@ -27,7 +27,6 @@ in
zsh.enable = true;
openvpn.enable = true;
mullvad.enable = true;
c.enable = true;
go.enable = true;

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,9 +5,6 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@gitlab.com:"]
insteadOf = https://gitlab.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

35
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.mullvad.enable;
in
{
options = {
mod.mullvad = {
enable = lib.mkEnableOption "enable mullvad module";
};
};
config = lib.mkIf enabled {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
age.secrets = {
"mullvad-device" = {
file = ../../../../secrets/pinwheel/mullvad-device.age;
path = "/etc/mullvad-vpn/device.json";
};
"mullvad-account-history" = {
file = ../../../../secrets/pinwheel/mullvad-account-history.age;
path = "/etc/mullvad-vpn/account-history.json";
};
};
};
}

98
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -40,49 +40,47 @@ let
fi
'';
mullvad = pkgs.writeShellScript "mullvad" ''
STATUS_DISCONNECTING="Disconnecting"
STATUS_DISCONNECTED="Disconnected"
STATUS_CONNECTING="Connecting"
STATUS_CONNECTED="Connected"
status() {
STATUS=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1{print $1}')
echo $STATUS
}
tailscale = pkgs.writeShellScript "tailscale" ''
STATUS_STOPPED="Tailscale is stopped."
output() {
case $(status) in
$STATUS_DISCONNECTED)
echo '{ "text": "", "class": "disconnected" }' ;;
$STATUS_CONNECTING)
echo '{ "text": "", "tooltip": "Connecting", "class": "disconnected" }' ;;
$STATUS_CONNECTED)
TOOLTIP=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1')
echo "{ \"text\": \"\", \"tooltip\":\"$TOOLTIP\" }" ;;
$STATUS_DISCONNECTING)
echo '{ "text": "", "tooltip": "Disconnecting", "class": "disconnected" }' ;;
STATUS=$(tailscale status)
case $STATUS in
$STATUS_STOPPED)
echo '{ "text": "", "class": "disconnected" }' ;;
*)
echo '{ "text": "", "tooltip": "Status unknown", "class": "disconnected" }' ;;
esac
}
EXIT_NODE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus)
toggle() {
CURRENT_STATUS=$(status)
EXIT_NODE_ONLINE=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .Online)
if [ "$EXIT_NODE_ONLINE" == "null" ]; then
echo '{ "text": "", "class": "disconnected" }'
exit 0
fi
case "$CURRENT_STATUS" in
$STATUS_DISCONNECTED)
${pkgs.mullvad}/bin/mullvad connect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Connected to VPN";;
$STATUS_CONNECTED)
${pkgs.mullvad}/bin/mullvad disconnect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Disconnected from VPN";;
EXIT_NODE_ID=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .ID)
EXIT_NODE_NAME=$(tailscale status --json | ${pkgs.jq}/bin/jq ".Peer.[] | select(.ID == $EXIT_NODE_ID) | .HostName")
echo "{ \"text\": \"\", \"tooltip\": $EXIT_NODE_NAME }"
;;
esac
}
toggle-exit-node() {
PREFERRED_EXIT_NODE=$(${pkgs.coreutils}/bin/cat ${config.age.secrets.tailscale-preferred-exit-node.path})
EXIT_NODE_ONLINE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus.Online)
if [ "$EXIT_NODE_ONLINE" == "true" ]; then
tailscale set --exit-node="" && ${pkgs.libnotify}/bin/notify-send "Disconnected from Exit Node"
else
tailscale set --exit-node=$PREFERRED_EXIT_NODE && ${pkgs.libnotify}/bin/notify-send "Connected to Exit Node"
fi
}
case $1 in
--toggle)
toggle ;;
--toggle-exit-node)
toggle-exit-node ;;
--output)
output ;;
output ;;
esac
'';
@@ -131,9 +129,9 @@ in
"custom/spotify"
"custom/container-status"
"custom/dunst"
"custom/mullvad"
"bluetooth"
"wireplumber"
"custom/tailscale"
"network"
"battery"
"clock"
@@ -141,12 +139,12 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"custom/spotify" = {
exec = spotify-status;
interval = 1;
interval = 2;
max-length = 70;
tooltip = false;
};
@@ -154,21 +152,21 @@ in
"custom/container-status" = {
exec = "${container-status}";
return-type = "json";
interval = 1;
interval = 2;
};
"custom/dunst" = {
exec = notifications-status;
on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle";
interval = 1;
interval = 2;
tooltip = false;
};
"custom/mullvad" = {
exec = "${mullvad} --output";
"custom/tailscale" = {
exec = "${tailscale} --output";
return-type = "json";
on-click-right = "${mullvad} --toggle";
interval = 1;
on-click-right = "${tailscale} --toggle-exit-node";
interval = 2;
};
bluetooth = {
@@ -234,7 +232,7 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"clock" = {
@@ -279,7 +277,11 @@ in
color: #${config.lib.colors.warning};
}
#custom-mullvad.disconnected {
#custom-tailscale {
font-size: 30px;
}
#custom-tailscale.disconnected {
color: #${config.lib.colors.warning};
}
@@ -298,4 +300,12 @@ in
'';
};
};
age.secrets = {
"tailscale-preferred-exit-node" = {
file = ../../../../secrets/pinwheel/tailscale-preferred-exit-node.age;
owner = "alex";
group = "users";
};
};
}

7
secrets/pinwheel/tailscale-preferred-exit-node.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 vxPbZg Tzh50F+UxH7KF782cHBQXVg4nweNTZz+epW7FxRKd1o
msJg9fkg3eBfKCkFy01BLcMqZgOTN8UGRK15KTuLV1U
-> ssh-ed25519 +oNaHQ 66eLCU7O4ahGYnVAM5YwtICh7qRdyRiME/eDzUBzkXM
14tydJ+4YWV3HlWZmdae/2GHwTRgDUrWZHqYSFrXo/U
--- JT0KTZo3ZXYe7UEXQd1ge12/Vc+fSZWB7+tQiG7UYb4
<EFBFBD><EFBFBD>ojgo<67><6F>md'<27><><EFBFBD>42<34><32><EFBFBD><EFBFBD>-<2D>i<EFBFBD>B<03><>C[D<><44><EFBFBD>?P<>!w<><EFBFBD>p<EFBFBD>Ӂ,{<7B>hn|Pqf<71>

3
secrets/secrets.nix
View File

@@ -7,8 +7,7 @@ let
in {
"pinwheel/syncthing-cert.age".publicKeys = [ pinwheel alex ];
"pinwheel/syncthing-key.age".publicKeys = [ pinwheel alex ];
"pinwheel/mullvad-device.age".publicKeys = [ pinwheel alex ];
"pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ];
"pinwheel/tailscale-preferred-exit-node.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ];
"pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ];