From 4dc8f4b226bdde982f2d2fc8eb3e94b9e1dc53cb Mon Sep 17 00:00:00 2001 From: sstent Date: Thu, 30 Nov 2023 14:48:39 +0000 Subject: [PATCH] fixing fitbit --- cat | 1 - flake.nix | 21 +++++++ home-manager/default.nix | 7 ++- home-manager/keybase.nix | 20 ------- .../home-manager/beets/default.nix | 16 +++++- modules/home-manager/keybase/default.nix | 34 +++++++++++ .../home-manager/ssh-proxy/default.nix | 18 +++++- modules/nixos/mnt_public/default.nix | 21 +++++++ modules/nixos/ssh/default.nix | 22 +++++++ modules/nixos/syncthing/default.nix | 37 ++++++++++++ modules/nixos/vpn/default.nix | 38 +++++++++++++ modules/nixos/vpn/secrets.nix | 18 ++++++ modules/nixos/wsl2/default.nix | 57 +++++++++++++++++++ 13 files changed, 285 insertions(+), 25 deletions(-) delete mode 100644 cat delete mode 100644 home-manager/keybase.nix rename home-manager/beets.nix => modules/home-manager/beets/default.nix (96%) create mode 100644 modules/home-manager/keybase/default.nix rename home-manager/ssh-proxy.nix => modules/home-manager/ssh-proxy/default.nix (74%) create mode 100644 modules/nixos/mnt_public/default.nix create mode 100644 modules/nixos/ssh/default.nix create mode 100644 modules/nixos/syncthing/default.nix create mode 100644 modules/nixos/vpn/default.nix create mode 100644 modules/nixos/vpn/secrets.nix create mode 100644 modules/nixos/wsl2/default.nix diff --git a/cat b/cat deleted file mode 100644 index 341acb7..0000000 --- a/cat +++ /dev/null @@ -1 +0,0 @@ -/nix/store/x958rg592dqk6cr7rh2kqab3y5nvgi9h-start-proxy diff --git a/flake.nix b/flake.nix index a587bfe..619f415 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,27 @@ outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs: ]; }; in { + # Output all modules in ./modules to flake. Modules should be in + # individual subdirectories and contain a default.nix file + nixosModules = builtins.listToAttrs (map + (x: { + name = x; + value = import (./modules/nixos + "/${x}"); + }) + (builtins.attrNames (builtins.readDir ./modules/nixos))); + + ##import our HM modules + ## -- imported in ./home-manger/general + + homeManagerModules = builtins.listToAttrs (map + (name: { + inherit name; + value = import (./modules/home-manager + "/${name}"); + }) + (builtins.attrNames (builtins.readDir ./modules/home-manager))); + + + nixosConfigurations = { StuPC-WSL = mkHost "StuPC-WSL" "x86_64-linux"; }; diff --git a/home-manager/default.nix b/home-manager/default.nix index 243a7d6..aec5810 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -11,7 +11,7 @@ #"../modules/vscode-server/home.nix" # ../modules/home-manager/beets # ../modules/home-manager/keybase -# ../modules/home-manager/ssh-proxy +# ../modules/home-manager/ssh-proxys # ]; home.username = "sstent"; home.homeDirectory = "/home/sstent"; @@ -29,6 +29,11 @@ }; }; + custom = { + ssh-proxy.enable = false; + beets.enable = true; + keybase.enable = true; + }; ###dotfiles path variable diff --git a/home-manager/keybase.nix b/home-manager/keybase.nix deleted file mode 100644 index 4c576c7..0000000 --- a/home-manager/keybase.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - inputs, - lib, - util, - hostName, - ... -}:{ - - services.keybase.enable = true; - services.kbfs.enable = true; - systemd.user.services.keybase.Unit.After = ["sops-nix.service"]; - systemd.user.services.kbfs.Unit.After = ["sops-nix.service"]; - - sops = { - secrets = hm_secrets "$../secrets/user_dotfiles/${username}@${hostName}/keybase/" "${config.xdg.configHome}/keybase/"; - }; - -} diff --git a/home-manager/beets.nix b/modules/home-manager/beets/default.nix similarity index 96% rename from home-manager/beets.nix rename to modules/home-manager/beets/default.nix index 8689362..a6b97d8 100644 --- a/home-manager/beets.nix +++ b/modules/home-manager/beets/default.nix @@ -3,10 +3,23 @@ pkgs, lib, ... -}:{ +}: +with lib; let + cfg = config.custom.beets; +in { + options.custom.beets = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable Beets"; + }; + }; + + config = mkIf cfg.enable { home.packages = [ pkgs.ffmpeg # for replaygain ]; + sops = { secrets.discogs_json = { path = "${config.xdg.configHome}/beets/discogs_token.json"; @@ -155,4 +168,5 @@ }; }; }; + }; } diff --git a/modules/home-manager/keybase/default.nix b/modules/home-manager/keybase/default.nix new file mode 100644 index 0000000..9ee8509 --- /dev/null +++ b/modules/home-manager/keybase/default.nix @@ -0,0 +1,34 @@ +{ + config, + pkgs, + inputs, + lib, + util, + hostName, + ... +}: +with lib; +with lib.my; let + cfg = config.custom.keybase; + username = config.home.username; + secretstore = config._secretstore; +in { + options.custom.keybase = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable KeyBase"; + }; + }; + + config = mkIf cfg.enable { + services.keybase.enable = true; + services.kbfs.enable = true; + systemd.user.services.keybase.Unit.After = ["sops-nix.service"]; + systemd.user.services.kbfs.Unit.After = ["sops-nix.service"]; + + sops = { + secrets = hm_secrets "${secretstore}/user_dotfiles/${username}@${hostName}/keybase/" "${config.xdg.configHome}/keybase/"; + }; + }; +} diff --git a/home-manager/ssh-proxy.nix b/modules/home-manager/ssh-proxy/default.nix similarity index 74% rename from home-manager/ssh-proxy.nix rename to modules/home-manager/ssh-proxy/default.nix index de4c907..50a7b33 100644 --- a/home-manager/ssh-proxy.nix +++ b/modules/home-manager/ssh-proxy/default.nix @@ -3,8 +3,21 @@ pkgs, config, ... -}:{ - +}: +with lib; let + cfg = config.custom.ssh-proxy; +in { + options.custom.ssh-proxy = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable ssh-proxy for WSL + ''; + }; + }; + + config = mkIf cfg.enable { home.packages = with pkgs; [ npiperelay socat @@ -28,4 +41,5 @@ }; }; }; + }; } diff --git a/modules/nixos/mnt_public/default.nix b/modules/nixos/mnt_public/default.nix new file mode 100644 index 0000000..165b359 --- /dev/null +++ b/modules/nixos/mnt_public/default.nix @@ -0,0 +1,21 @@ +{ + lib, + inputs, + outputs, + config, + ... +}: +with lib; let + cfg = config.custom.mnt_public; +in { + options.custom.mnt_public.enable = mkEnableOption "Enable mnt/Public"; + + config = mkIf cfg.enable { + fileSystems."/mnt/Public" = { + device = "//192.168.1.109/Public"; + fsType = "cifs"; + # options = ["uid=0,gid=1000"]; + options = ["guest" "uid=1000"]; + }; + }; +} diff --git a/modules/nixos/ssh/default.nix b/modules/nixos/ssh/default.nix new file mode 100644 index 0000000..a69da60 --- /dev/null +++ b/modules/nixos/ssh/default.nix @@ -0,0 +1,22 @@ +{ + lib, + pkgs, + config, + ... +}: +with lib; let + cfg = config.custom.sshd; +in { + #define option to enable this + options.custom.sshd.enable = mkEnableOption "Enable SSH"; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + networking.firewall.allowedTCPPorts = [22]; + }; +} diff --git a/modules/nixos/syncthing/default.nix b/modules/nixos/syncthing/default.nix new file mode 100644 index 0000000..ff84da0 --- /dev/null +++ b/modules/nixos/syncthing/default.nix @@ -0,0 +1,37 @@ +{ + lib, + inputs, + outputs, + config, + ... +}: +with lib; let + cfg = config.custom.syncthing; +in { + options.custom.syncthing.enable = mkEnableOption "Enable mnt/Public"; + + config = mkIf cfg.enable { + services.syncthing = { + enable = true; + dataDir = "/home/sstent"; + openDefaultPorts = true; + configDir = "/home/sstent/.config/syncthing"; + user = "sstent"; + group = "users"; + guiAddress = "0.0.0.0:8385"; + + overrideDevices = true; + overrideFolders = true; + devices = { + "StuPC" = {id = "Z43MPGF-OKG6K34-WTTFUDO-UG6E3TE-YCLSOAT-5LN5KMW-QHL2VSK-EZCGCAP";}; + "go3" = {id = "YDOL433-AHAL33M-NWLLDDQ-2D36ZIE-YNZVTKE-25TRBZ2-JXRSN7Y-Z5EOVQN";}; + }; + folders = { + "default" = { + path = "/home/sstent/sync"; + devices = ["StuPC" "go3"]; + }; + }; + }; + }; +} diff --git a/modules/nixos/vpn/default.nix b/modules/nixos/vpn/default.nix new file mode 100644 index 0000000..9ef2140 --- /dev/null +++ b/modules/nixos/vpn/default.nix @@ -0,0 +1,38 @@ +{ + lib, + pkgs, + config, + ... +}: +with lib; let + secretstore = config._secretstore; + host = config.networking.hostName; + + cfg = config.custom.mullvad; + + secret = + if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json" + then ./secrets.nix + else {}; +in { + #define option to enable this + options.custom.mullvad.enable = mkEnableOption "Enable SSH"; + + # imports = [ secret ]; + + config = mkIf cfg.enable { + networking.wireguard.enable = true; + services.mullvad-vpn.enable = true; + + # set some options after every daemon start + # to avoid accidentally leaving unsafe settings + systemd.services."mullvad-daemon" = { + postStart = '' + while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done + ${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access + ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard + ${pkgs.mullvad}/bin/mullvad relay set location ca mtr + ''; + }; + }; +} diff --git a/modules/nixos/vpn/secrets.nix b/modules/nixos/vpn/secrets.nix new file mode 100644 index 0000000..cad2f7d --- /dev/null +++ b/modules/nixos/vpn/secrets.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + config, + ... +}: +with lib; let + secretstore = config._secretstore; + host = config.networking.hostName; + secretpath = "${secretstore}/hosts/${host}/mullvad/device.json"; +in { + sops.secrets.device_json = { + sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json"; + device_json.format = "binary"; + }; + + environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path; +} diff --git a/modules/nixos/wsl2/default.nix b/modules/nixos/wsl2/default.nix new file mode 100644 index 0000000..7f66d7a --- /dev/null +++ b/modules/nixos/wsl2/default.nix @@ -0,0 +1,57 @@ +{ + lib, + inputs, + outputs, + config, + pkgs, + ... +}: +with lib; let + cfg = config.custom.wsl; +in { + options.custom.wsl.enable = mkEnableOption "Enable WSL2 settings"; + + config = mkIf cfg.enable { + # Enable native Docker support + virtualisation.docker.enable = true; + + wsl = { + enable = true; + wslConf.automount.root = "/mnt"; + defaultUser = "sstent"; + startMenuLaunchers = true; + wslConf.interop.appendWindowsPath = false; + #No longer needed in 23.05 + #interop.preserveArgvZero = true; + # docker-native.enable = true; + + nativeSystemd = true; + # Enable integration with Docker Desktop (needs to be installed) + # docker-desktop.enable = true; + }; + + systemd.services.nixs-wsl-systemd-fix = { + description = "Fix the /dev/shm symlink to be a mount"; + unitConfig = { + DefaultDependencies = "no"; + Before = [ + "sysinit.target" + "systemd-tmpfiles-setup-dev.service" + "systemd-tmpfiles-setup.service" + "systemd-sysctl.service" + ]; + ConditionPathExists = "/dev/shm"; + ConditionPathIsSymbolicLink = "/dev/shm"; + ConditionPathIsMountPoint = "/run/shm"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ + "${pkgs.coreutils-full}/bin/rm /dev/shm" + "/run/wrappers/bin/mount --bind -o X-mount.mkdir /run/shm /dev/shm" + ]; + }; + wantedBy = ["sysinit.target"]; + }; + }; +}