Merge branch 'master' of github.com:Kropatz/dotfiles

2023-11-20 15:37:30 +00:00
parent 0bbe5e771d 7eb2c4b5fe
commit adbfd24240
30 changed files with 107 additions and 52 deletions
--- a/.gitconfig
+++ b/.gitconfig
@@ -25,5 +25,3 @@
    path = .gitconfig-gitea
 [includeIf "gitdir/i:~/projects/fh/**"]
    path = .gitconfig-gitlabfh
-[core]
-	editor = kate
--- a/flake.nix
+++ b/flake.nix
@@ -38,7 +38,10 @@
        ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
        ./systems/server/configuration.nix
        ### Modules ###
+        ./modules/static-ip.nix
        ./modules/hdd-spindown.nix
+        ./modules/firewall.nix
+        ./modules/wireshark.nix
        ./modules/minecraft-server.nix
        ./modules/motd.nix
        ./modules/postgres.nix
@@ -83,7 +86,11 @@
          ./laptop/configuration.nix
          ./modules/virt-manager.nix
          ./modules/ssh.nix
-          ./modules/wake-on-lan.nix
+          #./modules/static-ip.nix
+          #./modules/no-sleep-lid-closed.nix
+          #./modules/wake-on-lan.nix
+          ./modules/thunderbolt.nix
+          ./modules/rdp.nix
          nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
          agenix.nixosModules.default
          home-manager.nixosModules.home-manager
@@ -102,6 +109,9 @@
          ./modules/virt-manager.nix
          ./modules/ssh.nix
          ./modules/wake-on-lan.nix
+          ./modules/static-ip.nix
+          ./modules/no-sleep-lid-closed.nix
+          ./modules/thunderbolt.nix
          nixos-hardware.nixosModules.dell-xps-15-7590
          agenix.nixosModules.default
          home-manager.nixosModules.home-manager
--- a/modules/firewall.nix
+++ b/modules/firewall.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, lib, inputs, vars, ... }:
+let
+  allowedUDPPortRanges = vars.udpRanges;
+in
+{
+  networking.firewall.allowedUDPPortRanges = allowedUDPPortRanges;
+}
--- a/modules/no-sleep-lid-closed.nix
+++ b/modules/no-sleep-lid-closed.nix
@@ -0,0 +1,4 @@
+
+{
+  services.logind.lidSwitchExternalPower = "ignore";
+}
--- a/modules/rdp.nix
+++ b/modules/rdp.nix
@@ -1,5 +1,9 @@
+{ config, pkgs, lib, vars, ... }:
+let
+  wm = vars.wm;
+in
 {
    services.xrdp.enable = true;
-    services.xrdp.defaultWindowManager = "startplasma-x11";
+    services.xrdp.defaultWindowManager = wm;
    services.xrdp.openFirewall = true;
 }
--- a/systems/server/static-ip.nix
+++ b/systems/server/static-ip.nix
@@ -1,6 +1,7 @@
 { config, vars, ...}:
 let
 ip = vars.ipv4;
+ dns = vars.dns;
 interface = vars.interface;
 in
 {
@@ -12,7 +13,7 @@ in
      allowedUDPPorts = [ 5000 ];
    };
    nameservers = [
-      "127.0.0.1"
+      dns
      "1.1.1.1"
    ];
    interfaces = {
--- a/modules/thunderbolt.nix
+++ b/modules/thunderbolt.nix
@@ -0,0 +1,7 @@
+{
+  services.udev.extraRules = ''
+    # Always authorize thunderbolt connections when they are plugged in.
+    # This is to make sure the USB hub of Thunderbolt is working.
+    ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
+  '';
+}
--- a/modules/wake-on-lan.nix
+++ b/modules/wake-on-lan.nix
@@ -3,5 +3,5 @@ let
  interface = vars.interface;
 in
 {
-  networking.interfaces.${interface}.wakeOnLan.enable;
+  networking.interfaces.${interface}.wakeOnLan.enable = true;
 }
--- a/modules/wireshark.nix
+++ b/modules/wireshark.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+{
+    programs.wireshark.enable = true;
+    programs.wireshark.package = pkgs.wireshark;
+}
--- a/secrets/coturn-secret.age
+++ b/secrets/coturn-secret.age
--- a/secrets/duckdns.age
+++ b/secrets/duckdns.age
@@ -1,9 +1,11 @@
 age-encryption.org/v1
-> ssh-ed25519 yfCCMw qWHcQHXaRWumJlWydl0VLTNR2y4j5uVb3Sbjb0iO9Hk
-LrQOKE3+nYVEM9cg3gT+nInpdTBocmVXSBSD7EBb1MQ
-> ssh-ed25519 IV3DkQ QR2R+mQSrk0UBV4GSATs0NQkkgbQzFai7ms5xQX3RTc
-sndWMq89BmXeoyE+le7tHJQ6oSjzfhCbas5EpcJIzdc
-> 2/3Ux/5c-grease k;>AI5|g &JI / .{c
-kY1TBMB2l6gMU+1aHPbBTCad537N1aa8d0Wi8bYGMmeC9+8PV18a
--- eKaZ9bddh3SF6hitwAHBldIFpUh3s2R6pI9eDstHdk8
-·E¦·g˜v:½ô¦ü!µàÆOGy½ïg›%Ó‚Ä¬
+-> ssh-ed25519 yfCCMw bknEVINSpmzqbs669XXGW10WlRU2eYqM21nCra4Grm0
+UH/rieabfARVLfMojUzRpMV8OgQQegmkERr3OsudizI
+-> ssh-ed25519 IV3DkQ ae0X4te6ZevvoybUP20LgE4ymTiisoBMfrZQBm0LHEo
+f9VxOHjo6W349d/T9DuH0KbQRHj+EXa+yascxnG/oEA
+-> ssh-ed25519 DCzi1A vBpgN1TwpEv+mJNIMoHitLshG0q1RDTz3WrvRbRGnno
+Nc9I8WWXDDzCfOHkcbhqXjk0Fvp23f8QxiW6bdPix3Q
+-> 5-grease ;gX' KVd. S[Du |%f:LC8
+g5R1yuzS9892Jf0N+RsaVg77389vLxeowKKcD/PM962AMYCe4iHdCw
+--- u/d/x8qCopx23d4TiecnfbaL+l+JJu5i+yJqmU6XH/c
+4”‘n„~¡Xv€6ŒÉjÌ80ÄÚã}	_›=$H@ÒuÕ{Àqú·É/<2F>¬^+vÔ¹ÁOyˆ³‹E—p¢K3ª<33>L²âZ
--- a/secrets/github-runner-pw.age
+++ b/secrets/github-runner-pw.age
--- a/secrets/github-runner-token.age
+++ b/secrets/github-runner-token.age
--- a/secrets/kavita.age
+++ b/secrets/kavita.age
--- a/secrets/matrix-registration.age
+++ b/secrets/matrix-registration.age
@@ -1,10 +1,12 @@
 age-encryption.org/v1
-> ssh-ed25519 yfCCMw cm1Rv6pG2jv5YL2a3jejL3oHyp3w5AdOOkPUuC1RiTQ
-OPfb5CCkGwV1wBjxSM63i7YSWzwZrwh2GbIaIMgbnLo
-> ssh-ed25519 IV3DkQ mqIItqMdUx2rypN38qZc2MluanXzEyW82BoRvJRnmgE
-FiODCU94Dv0MRhhMjcRxtM8vSzcfWbCiQza6P3iRFK0
-> .H0wQ-grease /9 WqdeDrv> )IMX{vvR >^?
-AY2rOa0e0RS1
--- rQj2qpVKjSI/ptv2PUp2kMoAtko06QQw64Fgx46/10s
-öfÅ_¬A¤hÂêfþÄÝØ®ÞŠ<C39E>úfg~sv‘ˆ³£&L²IpÑ,Cy-9ÏªªRÄi
-D%Yì™€N3Y!Ã><3E>©Ž˜ÿ	¯4òU<C3B2>Š#ìIi(å¬`Êc.ä¯U×ÿº.óáôT#ÛÃwNžªÀô‡øl^x§$œÅƒ€×É-_¶L[6†ÛÍÊB ƒ—å2ã&”vqáX<C3A1>’ç¦ö|woìê˜BéP„'ýíRhOD>Å·éÎÄ¾IóËW
+-> ssh-ed25519 yfCCMw xrDKLBFHoh635bYYw5FlL2WnRPzzEM5EFIipjunDQ3A
+Wfkj09/KylBGszWXViglOfQnzEPy2JhOqyq6/cDXqiI
+-> ssh-ed25519 IV3DkQ +F9cs8sm432eoBD3sshRyo1GIy8/YwdanqRX/c4Y7B8
+LHpRwgpI2Np9iDvJQIb6khmWJqehHFetw2DjthvWN5E
+-> ssh-ed25519 DCzi1A PVEn4M1Q0P6HOWLUHQ0g1oFwWwrfhKkc0ptBSPVvoDk
+VXDdSofM0bMv5Rh8dHkboL/+cq8yQbvK/SZkwOaEQzY
+-> (-grease >Tbe
+9FPVr0dmrUWP7dKYoJ3tlegb7knPZlUTRFrZ3trG7Lwv30NHSYnMLtxSj3aushEM
+Izg
+--- FC8cLZftv1tiIbIr5c0gM/Gllni1PBt06Pl5HaZw520
+µœ›œÕNóê˜œe©Ç ÝH¥Ï&°àC¾Í0[`†=‚*:&ë ºi/*Vá"+ç}:
--- a/secrets/nextcloud-admin.age
+++ b/secrets/nextcloud-admin.age
--- a/secrets/nextcloud-cert.age
+++ b/secrets/nextcloud-cert.age
--- a/secrets/nextcloud-key.age
+++ b/secrets/nextcloud-key.age
--- a/secrets/paperless.age
+++ b/secrets/paperless.age
--- a/secrets/restic-gdrive.age
+++ b/secrets/restic-gdrive.age
--- a/secrets/restic-pw.age
+++ b/secrets/restic-pw.age
--- a/secrets/restic-s3.age
+++ b/secrets/restic-s3.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,21 +1,23 @@
 let
+  kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
  nix-test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVqEb1U1c9UX3AF8otNyYKpIUMjc7XSjZY3IkIPGOqi root@server";
  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
+  users = [ kop ];
  systems = [ nix-test-vm server ];
 in
 {
-  "github-runner-token.age".publicKeys = [ nix-test-vm server ];
-  "github-runner-pw.age".publicKeys = [ nix-test-vm server ];
-  "duckdns.age".publicKeys = [ nix-test-vm server ];
-  "nextcloud-admin.age".publicKeys = [ nix-test-vm server ];
-  "nextcloud-cert.age".publicKeys = [ nix-test-vm server ];
-  "nextcloud-key.age".publicKeys = [ nix-test-vm server ];
-  "restic-pw.age".publicKeys = [ nix-test-vm server ];
-  "restic-s3.age".publicKeys = [ nix-test-vm server ];
-  "restic-gdrive.age".publicKeys = [ nix-test-vm server ];
-  "wireguard-private.age".publicKeys = [ nix-test-vm server ];
-  "coturn-secret.age".publicKeys = [ nix-test-vm server ];
-  "matrix-registration.age".publicKeys = [ nix-test-vm server ];
-  "paperless.age".publicKeys = [ nix-test-vm server ];
-  "kavita.age".publicKeys = [ nix-test-vm server ];
+  "github-runner-token.age".publicKeys = [ nix-test-vm server kop ];
+  "github-runner-pw.age".publicKeys = [ nix-test-vm server kop ];
+  "duckdns.age".publicKeys = [ nix-test-vm server kop ];
+  "nextcloud-admin.age".publicKeys = [ nix-test-vm server kop ];
+  "nextcloud-cert.age".publicKeys = [ nix-test-vm server kop ];
+  "nextcloud-key.age".publicKeys = [ nix-test-vm server kop ];
+  "restic-pw.age".publicKeys = [ nix-test-vm server kop ];
+  "restic-s3.age".publicKeys = [ nix-test-vm server kop ];
+  "restic-gdrive.age".publicKeys = [ nix-test-vm server kop ];
+  "wireguard-private.age".publicKeys = [ nix-test-vm server kop ];
+  "coturn-secret.age".publicKeys = [ nix-test-vm server kop ];
+  "matrix-registration.age".publicKeys = [ nix-test-vm server kop ];
+  "paperless.age".publicKeys = [ nix-test-vm server kop ];
+  "kavita.age".publicKeys = [ nix-test-vm server kop ];
 }
--- a/secrets/wireguard-private.age
+++ b/secrets/wireguard-private.age
@@ -1,10 +1,11 @@
 age-encryption.org/v1
-> ssh-ed25519 yfCCMw 8R//RguE7Om0PFjixliXpwEchVwPcm9COYTz7TIZxTE
-81yMA9B/T6tbZfw6mU4TlYfCd6BEUC3UlBz1hNUXZ30
-> ssh-ed25519 IV3DkQ 0kS9JOiAPfLi8Zoj6BM0pVwSmDr+BnWvIh7rGwZ21G0
-jbMIkFk8DEQ2tWgOWho1JrZkwKWW93GW9dzS3fTKMF4
-> $ByN}E,-grease O$8`|NT 17d} %u)^D-
-x6SEG984W9vUAb0FCiZP0R4kQkYFOr3BGLpHP8HF8fj9LHWwxNb3PrntcOPJuvf7
-oep4FMyBFHchh6RhyrdRlOf6hCLnmybNKzs
--- fCozYj+thQdIGXzdVLgLpLup9CI0QIEdgoMxfFVHGgs
-<EFBFBD>WV”ožE›il3õ—ñz`¡†´ø<C2B4>®ð¤	, oØ³e-ÿºZüAto‹Ok¬@1åb¢.U<>NrB¢«zrZY…ëÚý
+-> ssh-ed25519 yfCCMw HoX1AI2rIYDJbfKRDRXr1ZRsNM1OVRVrr0XRnBD29FQ
+aM3HP0kxq9ACb2TFcb7f9rxKXFoT2Y9nEjL+XD3nHIM
+-> ssh-ed25519 IV3DkQ EKn/xr5EWEev3stYXDGrzfLtwt2thJ+34e5eP1v4l0g
+raaOM6zpmokVCBKNWx9xHpsQJSpTbHHQeRbz2+wC3+0
+-> ssh-ed25519 DCzi1A mVLJ1c2e1UOsTuDCKIwLliBz3OVBH8vGp/gICb8cyQY
+dXok0Tr56SdW5sf74IYk7rDnim/s7vZI/PZIGKvNuaM
+-> ;mHckk.i-grease [&? MW78 %Ee4m
+LebJ6ZshTkkY+fM5zI/sbQzGpcKN5oGiEu5tWSPnmeQQxJrjT7Utqf3KAfI
+--- 6HedZR4VvouzHmjeV9DY6BsybKcainxK9fro9MSjpxg
+h‚ÔqÂÇ<3<>:7{,Á9'Ä<1A>š„öw¾(FVGuLAA0“Ì½üÿa|½õKwµ?–¥!\Z’-\¼³$ü<>ä6yÖÖ§¿xý
--- a/systems/laptop/userdata.nix
+++ b/systems/laptop/userdata.nix
@@ -1,4 +1,7 @@

 {
-  interface = "enp0s31f6";
+  interface = "enp10s0u1u2";
+  ipv4 = "192.168.0.4";
+  dns = "192.168.0.6";
+  wm = "gnome-shell";
 }
--- a/systems/server/configuration.nix
+++ b/systems/server/configuration.nix
@@ -12,7 +12,6 @@ in{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
-      ./static-ip.nix
    ];

  # Bootloader.
--- a/systems/server/userdata.nix
+++ b/systems/server/userdata.nix
@@ -1,5 +1,13 @@
 {
  interface = "enp0s31f6";
  ipv4 = "192.168.0.6";
+  dns = "127.0.0.1";
  wireguardIp = "192.168.2.1";
+  wm = "startplasma-x11";
+  udpRanges = [
+    #{
+    #  from = 52000;
+    #  to = 52100;
+    #}
+  ];
 }
--- a/users/anon.nix
+++ b/users/anon.nix
@@ -40,12 +40,14 @@ in
    isNormalUser = true;
    description = user;
    shell = pkgs.zsh;
-    extraGroups = [ "networkmanager" "wheel" "docker" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "wireshark"];
    packages = with pkgs; [
      firefox
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop
+"
    ];
  };
 }
--- a/users/kopatz.nix
+++ b/users/kopatz.nix
@@ -44,7 +44,7 @@ in
    shell = pkgs.zsh;
    extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" ];
    packages = with pkgs; [
-      discord
+      (discord.override { withVencord = true; })
      librewolf
      ungoogled-chromium
    ];