dusk/ark
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
dusk 2023-05-05 01:54:16 +03:00
parent 9e3e04422a
commit 93cd9620dd
Signed by: dusk
GPG Key ID: 1D8F8FAF2294D6EA
16 changed files with 91 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
flake.lock
View File

@ -1,5 +1,26 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"all-cabal-json": {
"flake": false,
"locked": {
@ -189,6 +210,28 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": {
"flake": false,
"locked": {
@ -925,6 +968,7 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"bernbot": "bernbot",
"blender-bin": "blender-bin",
"blog": "blog",

3
flake.nix
View File

@ -41,6 +41,9 @@
vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
vscode-extensions.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
# needed for hyprland setup
# hyprland.url = "github:hyprwm/Hyprland";
# hyprland.inputs.nixpkgs.follows = "nixpkgs";

1
hosts/tkaronto/default.nix
View File

@ -9,6 +9,7 @@
imports = with inputs;
with nixos-hardware.nixosModules;
[
inputs.agenix.nixosModules.default
nixpkgs.nixosModules.notDetected
nixos-persistence.nixosModule
common-pc-ssd

5
hosts/tkaronto/modules/nix.nix Normal file
View File

@ -0,0 +1,5 @@
{config, ...}: {
nix.extraOptions = ''
!include ${config.age.secrets.nixGithubAccessToken.path}
'';
}

4
hosts/tkaronto/modules/secrets.nix Normal file
View File

@ -0,0 +1,4 @@
{
age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;
age.secrets.wgServerPrivateKey.file = ../../../secrets/wgServerPrivateKey.age;
}

11
hosts/tkaronto/modules/wireguard.nix Normal file
View File

@ -0,0 +1,11 @@
{config, ...}: {
networking.wireguard.enable = true;
networking.wireguard.interfaces."wg0" = {
privateKeyFile = config.age.secrets.wgServerPrivateKey.path;
peers = [{
publicKey = import ./wgProxyPublicKey.key.pub;
allowedIPs = ["10.99.0.1/32"];
endpoint = "${import ./wgProxyPublicIp}:51820";
}];
};
}

7
hosts/wolumonde/default.nix
View File

@ -1,12 +1,11 @@
{
inputs,
pkgs,
config,
lib,
tlib,
...
}: {
imports = tlib.importFolder (toString ./modules);
imports = [
inputs.agenix.nixosModules.default
] ++ (tlib.importFolder (toString ./modules));
boot.cleanTmpDir = true;
zramSwap.enable = true;

4
hosts/wolumonde/modules/secrets.nix Normal file
View File

@ -0,0 +1,4 @@
{
age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
age.secrets.wgProxyPrivateKey.file = ../../../secrets/wgProxyPrivateKey.age;
}

11
hosts/wolumonde/modules/wireguard.nix Normal file
View File

@ -0,0 +1,11 @@
{config, ...}: {
networking.wireguard.enable = true;
networking.wireguard.interfaces."wg0" = {
listenPort = 51820;
privateKeyFile = config.age.secrets.wgProxyPrivateKey.path;
peers = [{
publicKey = import ./wgServerPublicKey.key.pub;
allowedIPs = ["10.99.0.2/32"];
}];
};
}

2
modules/base/nix.nix
View File

@ -2,7 +2,6 @@
pkgs,
lib,
inputs,
config,
...
}: {
nix = {
@ -20,7 +19,6 @@
fallback = true
extra-experimental-features = nix-command flakes
builders-use-substitutes = true
netrc-file = /etc/nix/netrc
'';
nixPath = ["nixpkgs=${inputs.nixpkgs}" "home-manager=${inputs.home}"];
};

3
pkgs-set/overlays/agenix.nix Normal file
View File

@ -0,0 +1,3 @@
{inputs}: final: prev: {
agenix = inputs.agenix.packages."${final.system}".agenix;
}

BIN
secrets/secrets.nix Normal file
View File

Binary file not shown.

1
secrets/ssh-key.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUeDBW4hnHgnT0SjVFeGDztht9owObSmiyWXmmIEGQp2IMPqFpCxkOU61osvfCf4ZT92Ok9iJTohLwFBvHJRD/+CH8/b54sgFAx1lLObkJOMLz4iWZ5y4fNtBYuIA2McQSQoMDpDz6TDym7v7HF7zoUyBmfHMT/9WiX/z6Ft9hY63eh9DcF7WVURzeUvXLApt9wUYUxxdC2KZ/VrDPrIOxCcOgj3le+1zTiD8zwfAGhkzRD3IEx0yCYK6oztrh6WTwA5ZW+cLziH2sVEvSHFa2O398gIvZpzsdYTcQt06d/oyZIvftcpxD8IvjpGgHEsN/mAg0ovexyqAVk+TV/1XySKaoPPVCekap0R50CVD9kEk+GlD78XBYi++aAMIq0/D+NOXkgksfODt3yJPPzQx4KH8gcn0dQJM5zeyTwDfclzMRqCwL1eVHY00EbtG9IcLmMsWk/lM6vpHfyHqHlqNJ3CnUuDBccz9p5ORC1cuj4r9CmXPPmh7OYk7gGiQb4oxuqsYClzp93qmU7qMvGwmxBJaVagNIJgBqb5fsne0OMlcer5CH4L31ozszkSkzCXtFWNoTdgQHU1J3DxxL9WQJCfKku4EPJadYOh80USnauOke5CqfsGtf6uMq4l5Ylcc1QcNhRqxpeTLAIZx0EYDhmQ4eGjAZbiv6ddUp9dAdiQ== openpgp:0xDE3C8FCD

BIN
secrets/wolumonde.key.pub Normal file
View File

Binary file not shown.

BIN
secrets/yusdacra.key.pub Normal file
View File

Binary file not shown.

2
shells/default.nix
View File

@ -3,7 +3,7 @@ tlib.genPkgs (pkgs: {
default = with pkgs;
mkShell {
name = "prts";
buildInputs = [git git-crypt alejandra helix];
buildInputs = [git git-crypt alejandra helix agenix];
shellHook = "echo \"$(tput bold)welcome to PRTS, $USER$(tput sgr0)\"";
};
})