ryan/lifetracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add syncthing, secrets, logseq

Browse Source
This commit is contained in:
installer 2025-01-25 16:03:42 -08:00
parent 28cc1cc831
commit a6988f3411
14 changed files with 189 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml Normal file
View File

@ -0,0 +1,12 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
# for a more complex example.
keys:
- &ryan_orion age1a560amc8xx3uwku8a7tmu3spmjnfs4cvq2hr5pgnr82lwhgg5d8q892l3q
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ryan_orion

1
modules/apps/default.nix
View File

@ -14,6 +14,7 @@
./obs
./steam
./sunshine
./syncthing
./vscode
./zsh
];

71
modules/apps/syncthing/default.nix Normal file
View File

@ -0,0 +1,71 @@
{
lib,
config,
pkgs,
username,
...
}:
let
cfg = config.syncthing;
in
{
options = {
syncthing = {
enable = lib.mkEnableOption "Enable syncthing in NixOS and home-manager";
};
};
config = lib.mkIf cfg.enable {
services.syncthing = {
enable = true;
key = "${config.sops.secrets."syncthing/key".path}";
cert = "${config.sops.secrets."syncthing/cert".path}";
user = "${username}";
group = "users";
dataDir = "/home/${username}";
configDir = "/home/${username}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
urAccepted = -1;
gui = {
user = username;
password = config.sops.secrets.password_insecure;
};
devices = {
"luna" = {
id = "TM4RJVL-W2CJ32S-ZF3VN2K-DYOUT5Z-DJPAK4R-DMB4B7X-L35KLEP-NAM7QQJ";
};
"thalia" = {
id = "TPTJE5T-3EKRCLJ-LWH5RTK-QCBNQ4V-AXNOLOS-6GB2C3R-Z3SYAFQ-PBS6BAP";
};
};
folders = {
"Notes" = {
id = "erz9x-lv3ww";
label = "Notes";
path = "~/Notes";
devices = [
"luna"
"thalia"
]; # Which devices to share the folder with
};
"Documents" = {
id = "ye1o9-0c6bd";
label = "Documents";
path = "~/Documents";
devices = [
"luna"
"thalia"
];
};
};
};
};
networking.firewall.allowedTCPPorts = [ 22000 ];
networking.firewall.allowedUDPPorts = [
22000
21027
];
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
};
}

3
modules/apps/vscode/default.nix
View File

@ -13,7 +13,7 @@ let
ban.spellright
charliermarsh.ruff
#codeium.codeium
eamodio.gitlens
# eamodio.gitlens
formulahendry.code-runner
foxundermoon.shell-format
jnoortheen.nix-ide
@ -26,6 +26,7 @@ let
redhat.vscode-xml
redhat.vscode-yaml
rust-lang.rust-analyzer
signageos.signageos-vscode-sops
skellock.just
s-nlf-fh.glassit
sumneko.lua

10
modules/apps/zsh/default.nix
View File

@ -39,11 +39,11 @@ in
extended = true;
ignoreSpace = true;
};
/*
initExtra = ''
export GITHUB_TOKEN="$(cat ${config.sops.secrets."github_token".path})"
'';
*/
initExtra = ''
export GITHUB_TOKEN="$(cat ${config.sops.secrets."github_token".path})"
'';
oh-my-zsh = {
enable = true;
custom = "${config.xdg.configHome}/zsh/.zsh_custom";

1
modules/components/networking/default.nix
View File

@ -27,6 +27,7 @@ in
};
useDHCP = lib.mkDefault true;
wireguard.enable = true;
timeServers = [ "router.home" ];
};
# Fix for automatic-timezoned not working currently (Jan 2025)

4
modules/default.nix
View File

@ -11,6 +11,6 @@
./profiles
# Secrets
# ../secrets
../secrets
];
}
}

3
modules/profiles/base.nix
View File

@ -65,7 +65,8 @@ in
nixConfig.enable = true;
packages.enable = true;
# pipewire.enable = true;
# secrets.enable = true;
secrets.enable = true;
syncthing.enable = true;
# users.enable = true;
# virtualization.enable = true;

7
modules/profiles/desktop.nix
View File

@ -109,6 +109,7 @@ in
# GUI Apps
firefox
ungoogled-chromium
logseq
filezilla
spotify
anki-bin
@ -219,12 +220,6 @@ in
openFirewall = true;
};
ipp-usb.enable = true;
syncthing = {
enable = true;
user = "${username}";
dataDir = "/home/${username}";
configDir = "/home/${username}/.config/syncthing";
};
pipewire = {
enable = true;
alsa.enable = true;

5
modules/profiles/packages.nix
View File

@ -66,6 +66,7 @@ in
with pkgs;
[ ]
++ lib.optionals cfg.dev [
emacs-nox
# devbox
just
powershell
@ -130,10 +131,12 @@ in
jq
lazydocker
mkvtoolnix-cli
qrscan
streamrip
systemctl-tui
television
termscp
tree
ttysvr
wikiman
yq
@ -206,4 +209,4 @@ in
];
};
};
}
}

51
secrets/default.nix Normal file
View File

@ -0,0 +1,51 @@
{
lib,
config,
username,
...
}:
let
cfg = config.secrets;
in
{
options = {
secrets = {
enable = lib.mkEnableOption "Enable secrets in NixOS & home-manager";
};
};
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
password_secure = { };
password_insecure = { };
"syncthing/cert" = { };
"syncthing/key" = { };
};
# templates = {
# "nix-github-token.conf" = {
# content = ''
# access-tokens = "${config.sops.secrets.github_token}"
# '';
# };
# };
};
home-manager.users.${username} =
{ config, ... }:
{
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
defaultSymlinkPath = "/run/user/1000/secrets";
defaultSecretsMountPoint = "/run/user/1000/secrets.d";
secrets = {
"test" = { };
"github_token" = { };
};
};
};
};
}

27
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,27 @@
test: ENC[AES256_GCM,data:CYgdmGHZMZBRsOkQJYcm7Nr4iqxWmIGO1N5SgQ7S2InC1XNY2rM/fDFHhgwLZQ==,iv:jmNMolijuBVSHDpDJhlMYS4tPfKbdrdCHlX9AJsZlJo=,tag:bdIaX71QBamnRXpXL4iKNg==,type:str]
github_token: ENC[AES256_GCM,data:yI9GSOpVQVEvgehmkcWkAN1sZO3VDFgg/buJe60tp1rwFdqDK8vqYA==,iv:5rg9WkZZi67vDUGSjqIQu9jQN96aWQe8AZnkEshRIfg=,tag:+lwie2Xyg/l4BxtWMjtN/A==,type:str]
password_secure: ENC[AES256_GCM,data:86zyxrfTpZbEpA==,iv:61PjfuIO5cylyEHyrtIUbTbmXgubz/ssZtpU8FY/Y3U=,tag:3Kb5qdbnRJR/JSiZZSJqpg==,type:str]
password_insecure: ENC[AES256_GCM,data:q6g19uQcIqjmsg==,iv:Wy2FDNtFU1pl+23jqu8K9kfksyOlIMf5itdW0BREeBI=,tag:lDybgVyiM9iyJbi6lgLt/w==,type:str]
syncthing:
cert: ENC[AES256_GCM,data:ebg+4Nv/cwafq4Iy66fFfmsRtMBfpJqWwb2u4LH9w6MURjRtsOQxERYnGwyA7G9DcntSJpoTD2pV+jVNfpQ50sCoRlTcI/jZdGu8yLc+HR9yhPLn2avn/oKXrd2ktvrw8S/munYxIBuwNFYgAGUqY6rzzkmz3UpGAYGs13TRUzPRmVpiBHup8P4KMpXymgaDKI1vklKPkIWXwpClU1qnPerrz43QtbR68T4S2dBRK+mU7HyxPyRD2D91CNap73AorUhy6Lge1JIioRl0D20qhT9MLOX0+0TbN0v8yl6iQpnDW5eYsf/oQuTAabAHNKJ0N2IJwkJwXUy3I+Ng/LzK51PG97x5BuO5ZrVNvteAu5Jkn4jDu9eAETA7l4JzL8BOcAsfRzYnpBcF1RoCnMq5rjrcArFcqk/nIkeDgtMMAu6TUu5+gSLdlB2aSy0bACrQfMfU90vOlpMV/x8tslzr1D+Y6pheTPff6bUQ16oqfxfGBoOCX+WBRzY7Y1EaVnTf2+VnvjIXwA+pcPg/Tc6DcDHVeBPKepJPV32ziQM928Kx7f9kow5aGeMYQwxHjfNKSvE5Umy6CgwOhHZaJdpBLp2B4F/r0QNaYuBbCxSHa7cLOuvilCF30h6WYhbaMoSNzPVG83UyiKVBdFVXZKqT1eee7kGPY4wfxSMJXzvqVLbrh/xN1aYnjojzpQNJVJFCseqaqC68wo2HCeIlJNf6p0N5gVUFt+OgXpG+T0VRaGIWQcrJSoWGaxq+ZqVkUwMMJXpmGTwm7M14TwAta8TDDX0b/fo12J9K1OiYhS+Zf71v8dK1XooLCvxFG4Y9tWnLzn62O/51Xg2FBXkRyqo+Y8DDGnbA/hEcrhOdzOaDZnpr5R2qJ2QruW2k2DM+I1jvJZPRbIMAXOeIlbShz1F1PaAYY1PnxInT9Zt5hCIH0P7XcoA9oBeV83PogvwK2dukGMxnHGzlrbABdmmiDulN0uL+1ZADchsKMvu81wqvy+ifriYIGOo5geOlRmtBkHo3yM8epX0edRG3lj4JkFgzA6L7lmBSVGgCgPM=,iv:xThuPyFq3lPtnYXyCx9WtYWzPK3A6HH2K7ulnNbo+kU=,tag:PaU6Fa4jXgRnwCg9lRTBvg==,type:str]
key: ENC[AES256_GCM,data:PJVykKJq86KSXi3Oo3NukZwew6pxVrR2i7qofbxmHSvsVCGHdaYJSzCz1dvLCU0XFH2soLfQfY/fQXf0gTaUFmPyf/NZwinWIbDOaYXIFYDdCT1JmxENeRgASrCFAZ2pN3CtQpzpPYoG0c6j6LwwLFeuMecGcm9oCzXgIzV+FZzyRu4juFwWtdvllYpl0yfi6EUwcxYIYof574XY7KhNxvx1bshTZkS0WDePwBliS8PxswN66xzpP969cmoGA5gQ5Otohia3f+K8ehoy8wr+rAMorxAsElYtRmOOJ1rG6UySr6+j+xo722J+cNk4n+vFWlmoAQajX5JgK0H6R3s8ciUVvs81TZYPJU8rGZD1nxrrkqkJwEjRE4jxXhtpNW+f,iv:1vfQ65juysJbKprZjtI+7WBmm+UaxTA60LOHA05SRx4=,tag:D6JGMJKzSUKVKmG7fEvR/w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1a560amc8xx3uwku8a7tmu3spmjnfs4cvq2hr5pgnr82lwhgg5d8q892l3q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UjMyVkJWRGp5Uk9YSXRZ
NDEwd1J1RGdTbzdER28yUS84bDMyUmlzbGpNCjZ3YXNpQlBpS1A5MHJQeFdUemZs
eXdYODZLbHBvVkZ4Nlh1TWkxY3VuUnMKLS0tIFUrbCtsUExYMWhPY01LNVl1MVJk
UUhHcUFFVVdkVG91NTdDZXRGZzZ4aGcKZvHvEIQBEenoOlh+jPrWF5Tdd8faSK3u
9uEOgg203CYgiZ+jUPFPpqR8vHKOmIFDq2vkKV8UdobrLuXG5fApsw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-25T23:20:14Z"
mac: ENC[AES256_GCM,data:mv9PkbKCRxG+Wgno1/1B9iKMIfI9/7isxJtcKMP8/cynf+uc9HwY5EFETnsW3Fc7aLwpESnlPCLs7uL0kd2YtPtHq7b6HL3xmlbYy1DRIr7OMYYoGNGhtdCjc1MBvmPE0kcRy7scKZ5Gjgh4oPcPE47K1f4zgyrpewEl3k4rerM=,iv:COnQbiDSeK0kaIB0QZxUHF1cCaPeIJMkkIl0mtLQj14=,tag:7oZYpDl80h0qisOUQxTg6g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

BIN
thalia-dev.qcow2
View File

Binary file not shown.

10
todo Normal file
View File

@ -0,0 +1,10 @@
TODO boot into Hyprland
TODO autologin on boot
DONE syncthing
TODO Logseq
TODO secrets
TODO zsh error
TODO ags
TODO sudo nopasswd
TODO brightness controls
TODO sounds (disable bell!!!)