alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:main
Branches Tags
alex:main
...
compare: alex:762ea0640663d0dfd5b5f685e0ba7bab0b40e70a
Branches Tags
alex:main

9 Commits
main ... 762ea06406

Author SHA1 Message Date
Alexander Heldt
762ea06406 pinwheel: Remove mullvad 2024-09-12 15:39:35 +02:00
Alexander Heldt
51c4a1981c pinwheel: Increase waybar module intervals 2024-09-12 15:39:07 +02:00
Alexander Heldt
063acc40e2 pinwheel: Add tailscale module to waybar 2024-09-12 15:39:05 +02:00
Alexander Heldt
b4d1086d57 pinwheel: Add secret for preferred tailscale exit node 2024-09-12 15:28:12 +02:00
Alexander Heldt
040c0e2413 pinwheel: Add swapfile 2024-09-11 14:44:25 +02:00
Alexander Heldt
cd5fd3dffa pinwheel: Remove URL preference for gitlab in git 2024-09-11 14:44:07 +02:00
Alexander Heldt
d591feff45 Update url for pppdotpm-site input 2024-09-05 19:25:48 +02:00
Alexander Heldt
06c9b628b6 tadpole: Add match block for git.ppp.pm in ssh 2024-09-05 18:44:19 +02:00
Alexander Heldt
3870b95c4b tadpole: Add secrets for git.ppp.pm 2024-09-05 18:44:19 +02:00
14 changed files with 109 additions and 89 deletions
Expand all files Collapse all files

8
alex.tadpole-git.ppp.pm Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDJGnS+ne
CYQhwLNFuW0lORAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48Fa
nAdf8Q0K52iHn62D37Zq7MVDbAjEAAAAoLI0dbPITXAhkRXqAKJUh9IsWmviAJE8XMUAMQ
WPKr2GUxRwf9rVrIB3/VEhY2xfTFzFOiyPkMu4zFvBFoYyqlpXaojihfJv+obV+SgtxnPT
PxmUG5X0HMryYxswpY/kAG4c2Y7iDQZOuN504WSlDV8ZNkmEzr05Nc+JqaY8J70k7Kl1Wr
qqtbilUNtETsEGUgXaQ/msYWRmt2K8EwiyhdY=
-----END OPENSSH PRIVATE KEY-----

1
alex.tadpole-git.ppp.pm.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFoVMhke2g8n48FanAdf8Q0K52iHn62D37Zq7MVDbAjE alex.tadpole-git.ppp.pm

4
flake.lock generated
View File

@@ -242,12 +242,12 @@
"rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58",
"revCount": 54,
"type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git"
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git"
"url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}
},
"root": {

2
flake.nix
View File

@@ -34,7 +34,7 @@
};
pppdotpm-site = {
url = "git+ssh://git@codeberg.org/ppp/ppp.pm-site.git?ref=main";
url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
};

7
hosts/pinwheel/hardware-configuration.nix
View File

@@ -36,7 +36,12 @@
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [
{
device = "/swapfile";
size = 24 * 1024; # 24GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

1
hosts/pinwheel/modules/default.nix
View File

@@ -27,7 +27,6 @@ in
zsh.enable = true;
openvpn.enable = true;
mullvad.enable = true;
c.enable = true;
go.enable = true;

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,9 +5,6 @@
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@gitlab.com:"]
insteadOf = https://gitlab.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

35
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.mullvad.enable;
in
{
options = {
mod.mullvad = {
enable = lib.mkEnableOption "enable mullvad module";
};
};
config = lib.mkIf enabled {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
age.secrets = {
"mullvad-device" = {
file = ../../../../secrets/pinwheel/mullvad-device.age;
path = "/etc/mullvad-vpn/device.json";
};
"mullvad-account-history" = {
file = ../../../../secrets/pinwheel/mullvad-account-history.age;
path = "/etc/mullvad-vpn/account-history.json";
};
};
};
}

94
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -40,47 +40,45 @@ let
fi
'';
mullvad = pkgs.writeShellScript "mullvad" ''
STATUS_DISCONNECTING="Disconnecting"
STATUS_DISCONNECTED="Disconnected"
STATUS_CONNECTING="Connecting"
STATUS_CONNECTED="Connected"
status() {
STATUS=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1{print $1}')
echo $STATUS
}
tailscale = pkgs.writeShellScript "tailscale" ''
STATUS_STOPPED="Tailscale is stopped."
output() {
case $(status) in
$STATUS_DISCONNECTED)
echo '{ "text": "", "class": "disconnected" }' ;;
$STATUS_CONNECTING)
echo '{ "text": "", "tooltip": "Connecting", "class": "disconnected" }' ;;
$STATUS_CONNECTED)
TOOLTIP=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1')
echo "{ \"text\": \"\", \"tooltip\":\"$TOOLTIP\" }" ;;
$STATUS_DISCONNECTING)
echo '{ "text": "", "tooltip": "Disconnecting", "class": "disconnected" }' ;;
STATUS=$(tailscale status)
case $STATUS in
$STATUS_STOPPED)
echo '{ "text": "", "class": "disconnected" }' ;;
*)
echo '{ "text": "", "tooltip": "Status unknown", "class": "disconnected" }' ;;
EXIT_NODE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus)
EXIT_NODE_ONLINE=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .Online)
if [ "$EXIT_NODE_ONLINE" == "null" ]; then
echo '{ "text": "", "class": "disconnected" }'
exit 0
fi
EXIT_NODE_ID=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .ID)
EXIT_NODE_NAME=$(tailscale status --json | ${pkgs.jq}/bin/jq ".Peer.[] | select(.ID == $EXIT_NODE_ID) | .HostName")
echo "{ \"text\": \"\", \"tooltip\": $EXIT_NODE_NAME }"
;;
esac
}
toggle() {
CURRENT_STATUS=$(status)
toggle-exit-node() {
PREFERRED_EXIT_NODE=$(${pkgs.coreutils}/bin/cat ${config.age.secrets.tailscale-preferred-exit-node.path})
case "$CURRENT_STATUS" in
$STATUS_DISCONNECTED)
${pkgs.mullvad}/bin/mullvad connect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Connected to VPN";;
$STATUS_CONNECTED)
${pkgs.mullvad}/bin/mullvad disconnect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Disconnected from VPN";;
esac
EXIT_NODE_ONLINE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus.Online)
if [ "$EXIT_NODE_ONLINE" == "true" ]; then
tailscale set --exit-node="" && ${pkgs.libnotify}/bin/notify-send "Disconnected from Exit Node"
else
tailscale set --exit-node=$PREFERRED_EXIT_NODE && ${pkgs.libnotify}/bin/notify-send "Connected to Exit Node"
fi
}
case $1 in
--toggle)
toggle ;;
--toggle-exit-node)
toggle-exit-node ;;
--output)
output ;;
esac
@@ -131,9 +129,9 @@ in
"custom/spotify"
"custom/container-status"
"custom/dunst"
"custom/mullvad"
"bluetooth"
"wireplumber"
"custom/tailscale"
"network"
"battery"
"clock"
@@ -141,12 +139,12 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"custom/spotify" = {
exec = spotify-status;
interval = 1;
interval = 2;
max-length = 70;
tooltip = false;
};
@@ -154,21 +152,21 @@ in
"custom/container-status" = {
exec = "${container-status}";
return-type = "json";
interval = 1;
interval = 2;
};
"custom/dunst" = {
exec = notifications-status;
on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle";
interval = 1;
interval = 2;
tooltip = false;
};
"custom/mullvad" = {
exec = "${mullvad} --output";
"custom/tailscale" = {
exec = "${tailscale} --output";
return-type = "json";
on-click-right = "${mullvad} --toggle";
interval = 1;
on-click-right = "${tailscale} --toggle-exit-node";
interval = 2;
};
bluetooth = {
@@ -234,7 +232,7 @@ in
"custom/work-vpn-status" = {
exec = "${work-vpn-status}";
interval = 1;
interval = 2;
};
"clock" = {
@@ -279,7 +277,11 @@ in
color: #${config.lib.colors.warning};
}
#custom-mullvad.disconnected {
#custom-tailscale {
font-size: 30px;
}
#custom-tailscale.disconnected {
color: #${config.lib.colors.warning};
}
@@ -298,4 +300,12 @@ in
'';
};
};
age.secrets = {
"tailscale-preferred-exit-node" = {
file = ../../../../secrets/pinwheel/tailscale-preferred-exit-node.age;
owner = "alex";
group = "users";
};
};
}

18
hosts/tadpole/modules/ssh/default.nix
View File

@@ -23,6 +23,11 @@ in
enable = true;
matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
};
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.tadpole-codeberg.org";
@@ -84,6 +89,19 @@ in
path = "${authorizedKeysPath}/alex.pinwheel-tadpole.pub";
};
"alex.tadpole-git.ppp.pm" = {
file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.tadpole-git.ppp.pm.pub" = {
file = ../../../../secrets/tadpole/alex.tadpole-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.tadpole-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
"alex.tadpole-codeberg.org" = {
file = ../../../../secrets/tadpole/alex.tadpole-codeberg.org.age;
path = "/home/alex/.ssh/alex.tadpole-codeberg.org";

7
secrets/pinwheel/tailscale-preferred-exit-node.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 vxPbZg Tzh50F+UxH7KF782cHBQXVg4nweNTZz+epW7FxRKd1o
msJg9fkg3eBfKCkFy01BLcMqZgOTN8UGRK15KTuLV1U
-> ssh-ed25519 +oNaHQ 66eLCU7O4ahGYnVAM5YwtICh7qRdyRiME/eDzUBzkXM
14tydJ+4YWV3HlWZmdae/2GHwTRgDUrWZHqYSFrXo/U
--- JT0KTZo3ZXYe7UEXQd1ge12/Vc+fSZWB7+tQiG7UYb4
<EFBFBD><EFBFBD>ojgo<67><6F>md'<27><><EFBFBD>42<34><32><EFBFBD><EFBFBD>-<2D>i<EFBFBD>B<03><>C[D<><44><EFBFBD>?P<>!w<><EFBFBD>p<EFBFBD>Ӂ,{<7B>hn|Pqf<71>

5
secrets/secrets.nix
View File

@@ -7,8 +7,7 @@ let
in {
"pinwheel/syncthing-cert.age".publicKeys = [ pinwheel alex ];
"pinwheel/syncthing-key.age".publicKeys = [ pinwheel alex ];
"pinwheel/mullvad-device.age".publicKeys = [ pinwheel alex ];
"pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ];
"pinwheel/tailscale-preferred-exit-node.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ];
"pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ];
"pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ];
@@ -45,5 +44,7 @@ in {
"tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-codeberg.org.pub.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ];
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
}

9
secrets/tadpole/alex.tadpole-git.ppp.pm.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A SjTykRW7aC2zFTfn1iwWLyL7c3vch2CkXFeuK2DoGho
kB7DS7oisvaXAT3e/5TjGJ+2fh6cBYPNV1RroqiHmHY
-> ssh-ed25519 +oNaHQ rTFOC8msC/pYYz1+KyDE4I25QP/wuVod3BC18l4HFl0
QedkePuE4SRMYcv9bXWhfkIO5qrybshEM2+ksapF1Eg
--- NWT5RQkz3KjzSD5DOqDei/sYcgsWuAWHmjEN1taV+ZQ
i<10><05><02><17>!<21><>wq<77>`<60>1l<31>u<EFBFBD><75>j@<40><>,"<22><01><>Ƀ<EFBFBD><C983><1E>~&fD<66>w<EFBFBD>n<EFBFBD><6E><EFBFBD>D<EFBFBD><1D>1v*<2A><><06><><EFBFBD>P<1F><>
<EFBFBD>,[x<><78>~(ni "<22><>O<EFBFBD><4F>brK<14>mC<6D>02<30>D<EFBFBD><44><08><><EFBFBD><17><>q9ݎ<><DD8E>a<EFBFBD>Ѱ_c<5F><63><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>i<EFBFBD>H<EFBFBD>ZIo<49><6F><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD><`g<>C<EFBFBD><43>ׂu<D782>/<2F><14>21Q<31>2<EFBFBD>!(<28><><14>2<EFBFBD>H<EFBFBD><48><EFBFBD>D<EFBFBD><44><0E>p+<2B>h]<5D><>Y<14>O.vи%~ <20><><EFBFBD>^<5E><><EFBFBD>M<EFBFBD>m<EFBFBD><10><01><>jP@<01>~<7E><><EFBFBD>_LV<4C>fs<19>x<EFBFBD>ʣ%<25>xQ<78>"S<>%-dA9Y<39><59><EFBFBD>Io|<15><1A><51><D589><EFBFBD><EFBFBD>$<24>r<EFBFBD><72><EFBFBD>ŵ<EFBFBD>!<21><>唛u<E5949B><75><EFBFBD><EFBFBD>Ht<48>TM<54>v<1A>P<EFBFBD><50>N<EFBFBD><4E>І<EFBFBD>}#<23>C<EFBFBD>p<EFBFBD><70>| ~<7E><>]<5D><>5<18><>_Bw<03><>]<5D><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>f<10><02>!~<7E>IN<<3C><><42>Vul<75>O<EFBFBD><4F>G<EFBFBD>}0@Sy<53>^V!<21><><EFBFBD>K4Ŏb<C58E><62>X<EFBFBD><01>d<EFBFBD>[<5B><><EFBFBD><EFBFBD>d<EFBFBD>Z<EFBFBD>?j<>hK?$<24>J/<2F>PgU(t<><74>K<EFBFBD><4B>FV%<1E>5x <09>:ǻ<>v]U<><55><EFBFBD><EFBFBD>]<5D>z<EFBFBD><7A><EFBFBD>R<15><><EFBFBD>ڣB\<5C><>7<EFBFBD>`<60>$<24>i

BIN
secrets/tadpole/alex.tadpole-git.ppp.pm.pub.age Normal file
View File

Binary file not shown.