ryan/lifetracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add syncthing, secrets, logseq

Browse Source
This commit is contained in:
installer 2025-01-25 16:03:42 -08:00
parent 28cc1cc831
commit a6988f3411
14 changed files with 189 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml Normal file
View File

@ -0,0 +1,12 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
# for a more complex example.
keys:
- &ryan_orion age1a560amc8xx3uwku8a7tmu3spmjnfs4cvq2hr5pgnr82lwhgg5d8q892l3q
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ryan_orion

1
modules/apps/default.nix
View File

@ -14,6 +14,7 @@
./obs ./obs
./steam ./steam
./sunshine ./sunshine
./syncthing
./vscode ./vscode
./zsh ./zsh
]; ];

71
modules/apps/syncthing/default.nix Normal file
View File

@ -0,0 +1,71 @@
{
lib,
config,
pkgs,
username,
...
}:
let
cfg = config.syncthing;
in
{
options = {
syncthing = {
enable = lib.mkEnableOption "Enable syncthing in NixOS and home-manager";
};
};
config = lib.mkIf cfg.enable {
services.syncthing = {
enable = true;
key = "${config.sops.secrets."syncthing/key".path}";
cert = "${config.sops.secrets."syncthing/cert".path}";
user = "${username}";
group = "users";
dataDir = "/home/${username}";
configDir = "/home/${username}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
urAccepted = -1;
gui = {
user = username;
password = config.sops.secrets.password_insecure;
};
devices = {
"luna" = {
id = "TM4RJVL-W2CJ32S-ZF3VN2K-DYOUT5Z-DJPAK4R-DMB4B7X-L35KLEP-NAM7QQJ";
};
"thalia" = {
id = "TPTJE5T-3EKRCLJ-LWH5RTK-QCBNQ4V-AXNOLOS-6GB2C3R-Z3SYAFQ-PBS6BAP";
};
};
folders = {
"Notes" = {
id = "erz9x-lv3ww";
label = "Notes";
path = "~/Notes";
devices = [
"luna"
"thalia"
]; # Which devices to share the folder with
};
"Documents" = {
id = "ye1o9-0c6bd";
label = "Documents";
path = "~/Documents";
devices = [
"luna"
"thalia"
];
};
};
};
};
networking.firewall.allowedTCPPorts = [ 22000 ];
networking.firewall.allowedUDPPorts = [
22000
21027
];
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
};
}

3
modules/apps/vscode/default.nix
View File

@ -13,7 +13,7 @@ let
ban.spellright ban.spellright
charliermarsh.ruff charliermarsh.ruff
#codeium.codeium #codeium.codeium
eamodio.gitlens # eamodio.gitlens
formulahendry.code-runner formulahendry.code-runner
foxundermoon.shell-format foxundermoon.shell-format
jnoortheen.nix-ide jnoortheen.nix-ide
@ -26,6 +26,7 @@ let
redhat.vscode-xml redhat.vscode-xml
redhat.vscode-yaml redhat.vscode-yaml
rust-lang.rust-analyzer rust-lang.rust-analyzer
signageos.signageos-vscode-sops
skellock.just skellock.just
s-nlf-fh.glassit s-nlf-fh.glassit
sumneko.lua sumneko.lua

10
modules/apps/zsh/default.nix
View File

@ -39,11 +39,11 @@ in
extended = true; extended = true;
ignoreSpace = true; ignoreSpace = true;
}; };
/*
initExtra = '' initExtra = ''
export GITHUB_TOKEN="$(cat ${config.sops.secrets."github_token".path})" export GITHUB_TOKEN="$(cat ${config.sops.secrets."github_token".path})"
''; '';
*/
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
custom = "${config.xdg.configHome}/zsh/.zsh_custom"; custom = "${config.xdg.configHome}/zsh/.zsh_custom";

1
modules/components/networking/default.nix
View File

@ -27,6 +27,7 @@ in
}; };
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
wireguard.enable = true; wireguard.enable = true;
timeServers = [ "router.home" ];
}; };
# Fix for automatic-timezoned not working currently (Jan 2025) # Fix for automatic-timezoned not working currently (Jan 2025)

4
modules/default.nix
View File

@ -11,6 +11,6 @@
./profiles ./profiles
# Secrets # Secrets
# ../secrets ../secrets
]; ];
} }

3
modules/profiles/base.nix
View File

@ -65,7 +65,8 @@ in
nixConfig.enable = true; nixConfig.enable = true;
packages.enable = true; packages.enable = true;
# pipewire.enable = true; # pipewire.enable = true;
# secrets.enable = true; secrets.enable = true;
syncthing.enable = true;
# users.enable = true; # users.enable = true;
# virtualization.enable = true; # virtualization.enable = true;

7
modules/profiles/desktop.nix
View File

@ -109,6 +109,7 @@ in
# GUI Apps # GUI Apps
firefox firefox
ungoogled-chromium ungoogled-chromium
logseq
filezilla filezilla
spotify spotify
anki-bin anki-bin
@ -219,12 +220,6 @@ in
openFirewall = true; openFirewall = true;
}; };
ipp-usb.enable = true; ipp-usb.enable = true;
syncthing = {
enable = true;
user = "${username}";
dataDir = "/home/${username}";
configDir = "/home/${username}/.config/syncthing";
};
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;

5
modules/profiles/packages.nix
View File

@ -66,6 +66,7 @@ in
with pkgs; with pkgs;
[ ] [ ]
++ lib.optionals cfg.dev [ ++ lib.optionals cfg.dev [
emacs-nox
# devbox # devbox
just just
powershell powershell
@ -130,10 +131,12 @@ in
jq jq
lazydocker lazydocker
mkvtoolnix-cli mkvtoolnix-cli
qrscan
streamrip streamrip
systemctl-tui systemctl-tui
television television
termscp termscp
tree
ttysvr ttysvr
wikiman wikiman
yq yq
@ -206,4 +209,4 @@ in
]; ];
}; };
}; };
} }

51
secrets/default.nix Normal file
View File

@ -0,0 +1,51 @@
{
lib,
config,
username,
...
}:
let
cfg = config.secrets;
in
{
options = {
secrets = {
enable = lib.mkEnableOption "Enable secrets in NixOS & home-manager";
};
};
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
password_secure = { };
password_insecure = { };
"syncthing/cert" = { };
"syncthing/key" = { };
};
# templates = {
# "nix-github-token.conf" = {
# content = ''
# access-tokens = "${config.sops.secrets.github_token}"
# '';
# };
# };
};
home-manager.users.${username} =
{ config, ... }:
{
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
defaultSymlinkPath = "/run/user/1000/secrets";
defaultSecretsMountPoint = "/run/user/1000/secrets.d";
secrets = {
"test" = { };
"github_token" = { };
};
};
};
};
}

27
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,27 @@
test: ENC[AES256_GCM,data:CYgdmGHZMZBRsOkQJYcm7Nr4iqxWmIGO1N5SgQ7S2InC1XNY2rM/fDFHhgwLZQ==,iv:jmNMolijuBVSHDpDJhlMYS4tPfKbdrdCHlX9AJsZlJo=,tag:bdIaX71QBamnRXpXL4iKNg==,type:str]
github_token: ENC[AES256_GCM,data:yI9GSOpVQVEvgehmkcWkAN1sZO3VDFgg/buJe60tp1rwFdqDK8vqYA==,iv:5rg9WkZZi67vDUGSjqIQu9jQN96aWQe8AZnkEshRIfg=,tag:+lwie2Xyg/l4BxtWMjtN/A==,type:str]
password_secure: ENC[AES256_GCM,data:86zyxrfTpZbEpA==,iv:61PjfuIO5cylyEHyrtIUbTbmXgubz/ssZtpU8FY/Y3U=,tag:3Kb5qdbnRJR/JSiZZSJqpg==,type:str]
password_insecure: ENC[AES256_GCM,data:q6g19uQcIqjmsg==,iv:Wy2FDNtFU1pl+23jqu8K9kfksyOlIMf5itdW0BREeBI=,tag:lDybgVyiM9iyJbi6lgLt/w==,type:str]
syncthing:
cert: ENC[AES256_GCM,data:ebg+4Nv/cwafq4Iy66fFfmsRtMBfpJqWwb2u4LH9w6MURjRtsOQxERYnGwyA7G9DcntSJpoTD2pV+jVNfpQ50sCoRlTcI/jZdGu8yLc+HR9yhPLn2avn/oKXrd2ktvrw8S/munYxIBuwNFYgAGUqY6rzzkmz3UpGAYGs13TRUzPRmVpiBHup8P4KMpXymgaDKI1vklKPkIWXwpClU1qnPerrz43QtbR68T4S2dBRK+mU7HyxPyRD2D91CNap73AorUhy6Lge1JIioRl0D20qhT9MLOX0+0TbN0v8yl6iQpnDW5eYsf/oQuTAabAHNKJ0N2IJwkJwXUy3I+Ng/LzK51PG97x5BuO5ZrVNvteAu5Jkn4jDu9eAETA7l4JzL8BOcAsfRzYnpBcF1RoCnMq5rjrcArFcqk/nIkeDgtMMAu6TUu5+gSLdlB2aSy0bACrQfMfU90vOlpMV/x8tslzr1D+Y6pheTPff6bUQ16oqfxfGBoOCX+WBRzY7Y1EaVnTf2+VnvjIXwA+pcPg/Tc6DcDHVeBPKepJPV32ziQM928Kx7f9kow5aGeMYQwxHjfNKSvE5Umy6CgwOhHZaJdpBLp2B4F/r0QNaYuBbCxSHa7cLOuvilCF30h6WYhbaMoSNzPVG83UyiKVBdFVXZKqT1eee7kGPY4wfxSMJXzvqVLbrh/xN1aYnjojzpQNJVJFCseqaqC68wo2HCeIlJNf6p0N5gVUFt+OgXpG+T0VRaGIWQcrJSoWGaxq+ZqVkUwMMJXpmGTwm7M14TwAta8TDDX0b/fo12J9K1OiYhS+Zf71v8dK1XooLCvxFG4Y9tWnLzn62O/51Xg2FBXkRyqo+Y8DDGnbA/hEcrhOdzOaDZnpr5R2qJ2QruW2k2DM+I1jvJZPRbIMAXOeIlbShz1F1PaAYY1PnxInT9Zt5hCIH0P7XcoA9oBeV83PogvwK2dukGMxnHGzlrbABdmmiDulN0uL+1ZADchsKMvu81wqvy+ifriYIGOo5geOlRmtBkHo3yM8epX0edRG3lj4JkFgzA6L7lmBSVGgCgPM=,iv:xThuPyFq3lPtnYXyCx9WtYWzPK3A6HH2K7ulnNbo+kU=,tag:PaU6Fa4jXgRnwCg9lRTBvg==,type:str]
key: ENC[AES256_GCM,data:PJVykKJq86KSXi3Oo3NukZwew6pxVrR2i7qofbxmHSvsVCGHdaYJSzCz1dvLCU0XFH2soLfQfY/fQXf0gTaUFmPyf/NZwinWIbDOaYXIFYDdCT1JmxENeRgASrCFAZ2pN3CtQpzpPYoG0c6j6LwwLFeuMecGcm9oCzXgIzV+FZzyRu4juFwWtdvllYpl0yfi6EUwcxYIYof574XY7KhNxvx1bshTZkS0WDePwBliS8PxswN66xzpP969cmoGA5gQ5Otohia3f+K8ehoy8wr+rAMorxAsElYtRmOOJ1rG6UySr6+j+xo722J+cNk4n+vFWlmoAQajX5JgK0H6R3s8ciUVvs81TZYPJU8rGZD1nxrrkqkJwEjRE4jxXhtpNW+f,iv:1vfQ65juysJbKprZjtI+7WBmm+UaxTA60LOHA05SRx4=,tag:D6JGMJKzSUKVKmG7fEvR/w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1a560amc8xx3uwku8a7tmu3spmjnfs4cvq2hr5pgnr82lwhgg5d8q892l3q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UjMyVkJWRGp5Uk9YSXRZ
NDEwd1J1RGdTbzdER28yUS84bDMyUmlzbGpNCjZ3YXNpQlBpS1A5MHJQeFdUemZs
eXdYODZLbHBvVkZ4Nlh1TWkxY3VuUnMKLS0tIFUrbCtsUExYMWhPY01LNVl1MVJk
UUhHcUFFVVdkVG91NTdDZXRGZzZ4aGcKZvHvEIQBEenoOlh+jPrWF5Tdd8faSK3u
9uEOgg203CYgiZ+jUPFPpqR8vHKOmIFDq2vkKV8UdobrLuXG5fApsw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-25T23:20:14Z"
mac: ENC[AES256_GCM,data:mv9PkbKCRxG+Wgno1/1B9iKMIfI9/7isxJtcKMP8/cynf+uc9HwY5EFETnsW3Fc7aLwpESnlPCLs7uL0kd2YtPtHq7b6HL3xmlbYy1DRIr7OMYYoGNGhtdCjc1MBvmPE0kcRy7scKZ5Gjgh4oPcPE47K1f4zgyrpewEl3k4rerM=,iv:COnQbiDSeK0kaIB0QZxUHF1cCaPeIJMkkIl0mtLQj14=,tag:7oZYpDl80h0qisOUQxTg6g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

BIN
thalia-dev.qcow2
View File

Binary file not shown.

10
todo Normal file
View File

@ -0,0 +1,10 @@
TODO boot into Hyprland
TODO autologin on boot
DONE syncthing
TODO Logseq
TODO secrets
TODO zsh error
TODO ags
TODO sudo nopasswd
TODO brightness controls
TODO sounds (disable bell!!!)