Merge branch 'main' of https://git.syzygial.cc/Syzygial/NixMachines

2024-01-29 12:07:15 -05:00
parent 59bb94dd8e ed99aaae3f
commit 4286213985
9 changed files with 79 additions and 49 deletions
--- a/machines/hippocampus/servers/public/anki.nix
+++ b/machines/hippocampus/servers/public/anki.nix
@@ -1,24 +1,18 @@
 {config, pkgs, ...}:

 {
-  systemd.services.ankisync = {
-    enable = false;
-    wantedBy = ["network-online.target"];
-    script = ''
-      ${pkgs.anki-bin}/bin/anki --syncserver
-    '';
-    serviceConfig = {
-      Type = "simple";
-      DynamicUser = true;
-      PrivateTmp = true;
-      StateDirectory = "foo";
-      StateDirectoryMode = "0750";
+  sops.secrets.anki = { };
+  services.anki-sync-server = {
+    enable = true;
+    users.david = {
+      username = "David";
+      passwordFile = config.sops.secrets.anki.path;
    };
  };
  services.caddy.virtualHosts = {
    "anki.syzygial.cc" = {
      extraConfig = ''
-        reverse_proxy 127.0.0.1:4000
+        reverse_proxy 127.0.0.1:${config.services.anki-sync-server.port}
      '';
    };
  };
--- a/machines/universedesktop/configuration.nix
+++ b/machines/universedesktop/configuration.nix
@@ -13,6 +13,9 @@
      [ # Include the results of the hardware scan.
        ./hardware-configuration.nix

+        # Secrets specified via:
+        ./secrets.nix
+
        ./programs/art.nix
        ./programs/audio.nix
        ./programs/cad.nix
@@ -43,21 +46,19 @@
    ## Bridged Network Config

    networking.hostName = "universedesktop";
-    networking.useDHCP  = false;
-    networking.bridges = {
-      "br0" = {
-        interfaces = [ "enp9s0" ];
-      };
+ 
+    networking.useDHCP = false;
+    networking.interfaces.wlp6s0.useDHCP = true;
+    # Fixes DNS issue with tailscale: https://github.com/tailscale/tailscale/issues/4254
+    services.resolved.enable = true;
+
+    sops.secrets.wireless = { };
+    networking.wireless.environmentFile = config.sops.secrets.wireless.path;
+
+    networking.wireless.enable = true;
+    networking.wireless.networks = {
+      "@SSID_HOME@".psk = "@PSK_HOME@";
    };
-    networking.interfaces.br0.ipv4.addresses = [
-      {
-        address = "192.168.1.21";
-        prefixLength = 24;
-      }
-    ];
-    networking.defaultGateway = "192.168.1.1";
-    networking.nameservers = [ "192.168.1.1" ];
-    networking.interfaces.tap0.virtual = true;

    hardware.bluetooth.enable = true;

--- a/machines/universedesktop/printing.nix
+++ b/machines/universedesktop/printing.nix
@@ -1,7 +1,7 @@
 {
  services.printing.enable = true;
  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
+  services.avahi.nssmdns4 = true;
  # for a WiFi printer
  services.avahi.openFirewall = true;
 }
--- a/machines/universedesktop/programs/remote.nix
+++ b/machines/universedesktop/programs/remote.nix
@@ -11,9 +11,9 @@
 in {
  environment.systemPackages = with pkgs; [
    # Hardware accel
-    virtualgl
+    # virtualgl
    # Remote connectivity
-    xpra
-    xpra-web
+    # xpra
+    # xpra-web
  ];
 }
--- a/machines/universedesktop/secrets.nix
+++ b/machines/universedesktop/secrets.nix
@@ -0,0 +1,8 @@
+{config, pkgs, ...}: let
+in {
+  sops = {
+    age.keyFile = "/root/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/machines/universedesktop/secrets/secrets.yaml";
+    validateSopsFiles = false;
+  };
+}
--- a/machines/universedesktop/secrets/secrets.yaml
+++ b/machines/universedesktop/secrets/secrets.yaml
@@ -0,0 +1,21 @@
+wireless: ENC[AES256_GCM,data:VS8XBhc2DfqDdOeUvwnMYy8R1x/Qbr7lSuCb3l+X1xFdK7gni5aGm71pZk4=,iv:3I/GMA6KbYyD4fOkdLrW99JoIbUPA111fpZ4mlpgA8c=,tag:fAZyTM4AhNX3SENKpJxnsw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1p3958zac2e5t35dpdeysqxtc9q76zd6dyswg9y7uqt3688yphp9q6r2hdp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMC9semtyMXZmeXUxVmxC
+            UzNqN0V5M2xpd0h3WE1mOGJHeWYwWnd1UFNNClNDT1gxTEF0WWRHWldENmpaYjcv
+            R3ZNV05XZWlnOEpXTkJVWWZaU1lxRncKLS0tIFNDMFZrWWt2V2daK2xxMXF2bU9Y
+            WS93Uzg1UkFSSGM1eUR1UG9WRFVCYVEKbnE6DuVqtkynqphNIybtVgfVFJtgm6vI
+            XywmFg8F1dOq1xDz97oFBbzbJa1J9qsMjNlPxZkC04snM9msZm9v2g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-02T02:01:25Z"
+    mac: ENC[AES256_GCM,data:oZCQ9G7C7cqmuK/oXK0zo/siUvKMlKNArP39w9imAwWRSeLy1Vazu/oFH2F1Kzmq7B5iukBXID7T4kGB8vgLINa0T9qKP8s5GfxbcKadY3e6BqcMjXUXy5+UayQ+S/KxDFr4ftoJ4khwmVR8sW8Gpfo4y3VJgDBQTcrRNf8TAq0=,iv:jRMxlw+FDigIN1ZOLXQotqI+hRM6Fgi/DXWjPKKW5TQ=,tag:y7kl2Cjan+w3MqIwLW5dGA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1