homefree/homefree
1
0
Fork 0
Code Issues 66 Pull requests Projects 2 Releases Packages Wiki Activity Actions

upgraded to NixOS 24.05; doc update; minor tweaks

Browse source
This commit is contained in:
Ellis Rahhal 2024-09-19 21:40:20 -07:00
parent 52de6d6a5f
commit 984e7fda1b
10 changed files with 188 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -1,7 +1,7 @@
# see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml # see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
keys: keys:
- &user_homefree 06321d7f20335a7e08595ba905d137ee114ba2c2 - &user_homefree 06321d7f20335a7e08595ba905d137ee114ba2c2
- &server_homefree af60d7db5062d1de4cc90279491808670fa559b2 - &server_homefree 05e9ba90d158e2dc9eeca0a75475cb6f7af6240d
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:

32
README.md
View file

@ -13,10 +13,22 @@ liberate you from giant cloud providers.
## Don't suckle the Feed. Cultivate the Seed. ## Don't suckle the Feed. Cultivate the Seed.
## Building
```
make build-image
```
## Running
```
make run
```
## Adding a secret ## Adding a secret
``` ```
nix-shell -p sops --run "sops secrets/app.yaml" nix-shell -p sops --run "sops secrets/authentik.yaml"
``` ```
Then add a key or keys, e.g. Then add a key or keys, e.g.
@ -42,3 +54,21 @@ sops.secrets."app" = {
}; };
``` ```
and reference the path in config and reference the path in config
## Getting server key
After starting the vm using `make run`, run `make generate-sops-config`
Then, within the VM:
```
cd ~/nixcfg
make build
```
## Initializing Authentik
Browse to:
http://ha.homefree.lan:9000/if/flow/initial-setup/

2
TODOS.md
View file

@ -14,6 +14,8 @@ TODOS
* Authentik * Authentik
* Auto LDAP deploy * Auto LDAP deploy
* https://docs.goauthentik.io/docs/providers/ldap/generic_setup * https://docs.goauthentik.io/docs/providers/ldap/generic_setup
* Security
* Wazuh
* setup VLANs * setup VLANs
* https://wiki.nftables.org/wiki-nftables/index.php/Main_Page * https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
* https://serverfault.com/questions/858556/transparent-firewall-with-nftables-and-vlans * https://serverfault.com/questions/858556/transparent-firewall-with-nftables-and-vlans

4
build-image.sh
View file

@ -12,8 +12,8 @@ build_image() {
HOST=$1 HOST=$1
nix build .#nixosConfigurations.${HOST}.config.formats.qcow nix build .#nixosConfigurations.${HOST}.config.formats.qcow
mkdir -p ./build mkdir -p ./build
mv ./result ./${HOST}.qcow2 mv ./result ./${HOST}-image
rsync -L ./${HOST}.qcow2 ./build/${HOST}.qcow2 rsync -L ./${HOST}-image/nixos.qcow2 ./build/${HOST}.qcow2
chmod 750 ./build/${HOST}.qcow2 chmod 750 ./build/${HOST}.qcow2
} }

234
flake.lock generated
View file

@ -3,17 +3,17 @@
"adblock-unbound": { "adblock-unbound": {
"inputs": { "inputs": {
"adblockStevenBlack": "adblockStevenBlack", "adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils", "lancache-domains": "lancache-domains",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1688055723, "lastModified": 1704832551,
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=", "narHash": "sha256-6xS/ANMIh3b4Ia3Ubl9rtb3LVw9QldihnP3IvuG9zwQ=",
"owner": "MayNiklas", "owner": "MayNiklas",
"repo": "nixos-adblock-unbound", "repo": "nixos-adblock-unbound",
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc", "rev": "a5d3731836b1c2ca65834e07be03c02daca5b434",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -46,11 +46,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1703433843, "lastModified": 1723293904,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,18 +64,18 @@
"authentik-src": "authentik-src", "authentik-src": "authentik-src",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"napalm": "napalm", "napalm": "napalm",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-23-05": "nixpkgs-23-05", "poetry2nix": "poetry2nix",
"poetry2nix": "poetry2nix" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1713362014, "lastModified": 1725809370,
"narHash": "sha256-nR/SY8T5m6X0ncKTCcB+RaVQ0qlV6lZUzNt2e+imf94=", "narHash": "sha256-uUc+TbF17Q9H00aj1cbZGB25Tob6PpZ9M0RoY/jOo6s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "authentik-nix", "repo": "authentik-nix",
"rev": "5011f3026255999fabd8eeec254c5c39d975d04d", "rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -87,16 +87,16 @@
"authentik-src": { "authentik-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1713352755, "lastModified": 1725718494,
"narHash": "sha256-YWDpRX0z9EL96t0c7RNgAi5b3KOzy3CBEL2Jw27TkVY=", "narHash": "sha256-X4Bwm7s6/8HcvKE+kyqwU+M1GEK/+RVHtDK1GpkuM4s=",
"owner": "goauthentik", "owner": "goauthentik",
"repo": "authentik", "repo": "authentik",
"rev": "6bb180f94ec124092c4f87ae5f5d892a70b32ff3", "rev": "f5580d311d01f2202b666f76931ed04f30b9ec30",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "goauthentik", "owner": "goauthentik",
"ref": "version/2024.2.3", "ref": "version/2024.8.1",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }
@ -144,11 +144,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1712014858, "lastModified": 1725234343,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -158,23 +158,11 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": [
"authentik-nix",
"systems"
]
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -211,6 +199,22 @@
"type": "github" "type": "github"
} }
}, },
"lancache-domains": {
"flake": false,
"locked": {
"lastModified": 1679999806,
"narHash": "sha256-oDZ2pSf8IgofRS4HaRppGcd4kHQj48AC9dkS++avYy8=",
"owner": "uklans",
"repo": "cache-domains",
"rev": "31b2ba1e0a7c419327cb97f589b508d78b9aecbf",
"type": "github"
},
"original": {
"owner": "uklans",
"repo": "cache-domains",
"type": "github"
}
},
"napalm": { "napalm": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -223,15 +227,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703102458, "lastModified": 1725806412,
"narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=", "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "nix-community", "owner": "willibutz",
"repo": "napalm", "repo": "napalm",
"rev": "edcb26c266ca37c9521f6a97f33234633cbec186", "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm", "repo": "napalm",
"type": "github" "type": "github"
} }
@ -242,11 +247,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1681140879, "lastModified": 1703105021,
"narHash": "sha256-eyLPtopt7lRvmRDJx7gSBYUtYGfOSVXarf0KbLbw/Sw=", "narHash": "sha256-Ne9NG7x45a8aJyAN+yYWbr/6mQHBVVkwZZ72EZHHRqw=",
"owner": "vlinkz", "owner": "vlinkz",
"repo": "nix-editor", "repo": "nix-editor",
"rev": "ab2a7e94ca176589c1e8236ce31cd89044e4818f", "rev": "b5017f8d61753ce6a3a1a2aa7e474d59146a8ae3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -279,11 +284,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1693701915, "lastModified": 1726362065,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -300,11 +305,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696058303, "lastModified": 1726707592,
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", "narHash": "sha256-FCbXzY5cN9pMUF9xxvRAPBWj+pnmcouwuQb+OrMWo0M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", "rev": "0ac657a7486103867cb4d7dcb660cc73c8c37651",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -315,11 +320,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1700559156, "lastModified": 1726724509,
"narHash": "sha256-gL4epO/qf+wo30JjC3g+b5Bs8UrpxzkhNBBsUYxpw2g=", "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "c3abafb01cd7045dba522af29b625bd1e170c2fb", "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -345,63 +350,41 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-23-05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "lastModified": 1725233747,
"lastModified": 1711703276, "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
"repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github"
}, },
"original": { "original": {
"dir": "lib", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1705033721, "lastModified": 1725762081,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.05", "ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-trunk": { "nixpkgs-trunk": {
"locked": { "locked": {
"lastModified": 1700973916, "lastModified": 1726791267,
"narHash": "sha256-4W1xIjy67P/8ZcZMZxysTNgjNu9G8DegkI4ac+cnRYY=", "narHash": "sha256-wWRrxGq8AddZMWzdl1Ega0ntiz7SoAcKr/jdBEVgq54=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1744e3fa0103321e7d21d6b907eeff6965adf964", "rev": "8c681805d73cd0ce0dcfee2a0c7aab303a2763dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -412,11 +395,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1700794826, "lastModified": 1726463316,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -428,16 +411,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1713145326, "lastModified": 1725634671,
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -460,27 +443,27 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1700787330, "lastModified": 1726447378,
"narHash": "sha256-4VIBCyfqnEsdVP/SgKZ3rudwzxGdEqpKfgoWETs/I6k=", "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7f7851dfc570812c305d89438681b715a4f7beba", "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1704842529, "lastModified": 1725534445,
"narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,15 +484,18 @@
"authentik-nix", "authentik-nix",
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_3", "systems": [
"authentik-nix",
"systems"
],
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1708589824, "lastModified": 1725532428,
"narHash": "sha256-2GOiFTkvs5MtVF65sC78KNVxQSmsxtk0WmV1wJ9V2ck=", "narHash": "sha256-dCfawQDwpukcwQw++Cn/3LIh/RZMmH+k3fm91Oc5Pf0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "poetry2nix", "repo": "poetry2nix",
"rev": "3c92540611f42d3fb2d0d084a6c694cd6544b609", "rev": "a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -538,11 +524,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1705201153, "lastModified": 1726524647,
"narHash": "sha256-y0/a4IMDZrc7lAkR7Gcm5R3W2iCBiARHnYZe6vkmiNE=", "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "70dd0d521f7849338e487a219c1a07c429a66d77", "rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,33 +554,19 @@
}, },
"systems_2": { "systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1689347949,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default", "repo": "default-linux",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default", "repo": "default-linux",
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -604,11 +576,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708335038, "lastModified": 1719749022,
"narHash": "sha256-ETLZNFBVCabo7lJrpjD6cAbnE11eDOjaQnznmg/6hAE=", "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "e504621290a1fd896631ddbc5e9c16f4366c9f65", "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -3,7 +3,7 @@
inputs = { inputs = {
# Use stable for main # Use stable for main
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
# Trails trunk - latest packages with broken commits filtered out # Trails trunk - latest packages with broken commits filtered out
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

6
generate-sops-config.sh
View file

@ -12,7 +12,7 @@ rm /tmp/id_rsa
# remove key from known_hosts # remove key from known_hosts
ssh-keygen -R "[localhost]:2223" ssh-keygen -R "[localhost]:2223"
# Get GPG fingerprint of server RSA key # Get GPG fingerprint of server RSA key
SERVER_GPG_FINGERPRINT=$(nix-shell --quiet -p gnupg -p ssh-to-pgp --run "ssh -o StrictHostKeychecking=no -p 2223 homefree@localhost \"sudo cat /etc/ssh/ssh_host_rsa_key\" | ssh-to-pgp -private-key | gpg --import --quiet" 2>&1) SERVER_GPG_FINGERPRINT=$(nix-shell --quiet -p gnupg -p ssh-to-pgp --run "ssh -o LogLevel=ERROR -o StrictHostKeychecking=no -p 2223 homefree@localhost \"sudo cat /etc/ssh/ssh_host_rsa_key\" | ssh-to-pgp -private-key | gpg --import --quiet" 2>&1)
# This example uses YAML anchors which allows reuse of multiple keys # This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself. # without having to repeat yourself.
@ -40,3 +40,7 @@ creation_rules:
- *user_homefree - *user_homefree
- *server_homefree - *server_homefree
EOF EOF
for config in $(find secrets -name '*.yaml'); do
nix-shell -p sops --run "sops updatekeys $config"
done

6
profiles/common.nix
View file

@ -155,10 +155,6 @@
# Setting to true will kill things like tmux on logout # Setting to true will kill things like tmux on logout
services.logind.killUserProcesses = false; services.logind.killUserProcesses = false;
# network locator e.g. scanners and printers
services.avahi.enable = true;
services.avahi.nssmdns = true;
services.gvfs.enable = true; # SMB mounts, trash, and other functionality services.gvfs.enable = true; # SMB mounts, trash, and other functionality
services.tumbler.enable = true; # Thumbnail support for images services.tumbler.enable = true; # Thumbnail support for images
@ -210,7 +206,7 @@
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
}; };
environment.interactiveShellInit = '' environment.interactiveShellInit = ''
alias vi='nvim' alias vi='nvim'

42
profiles/home-assistant/default.nix
View file

@ -16,7 +16,7 @@ in
# Afterward, it can be re-included # Afterward, it can be re-included
## @TODO: Auto-initializatin for HA ## @TODO: Auto-initializatin for HA
## See: https://github.com/home-assistant/core/issues/16554 ## See: https://github.com/home-assistant/core/issues/16554
# ./ldap.nix ./ldap.nix
./trusted-networks.nix ./trusted-networks.nix
./weather.nix ./weather.nix
]; ];
@ -34,10 +34,49 @@ in
extraComponents = [ extraComponents = [
# Components required to complete the onboarding # Components required to complete the onboarding
"adguard"
"backup"
"brother"
"ecobee"
"enphase_envoy"
"esphome" "esphome"
"flume"
"iaqualink"
"jellyfin"
"litterrobot"
"met" "met"
"mqtt"
"radio_browser" "radio_browser"
"roborock"
"schlage"
"snapcast"
"synology_dsm"
"unifi"
"usgs_earthquakes_feed"
"volumio"
"wake_on_lan"
"yamaha_musiccast"
"zwave_js"
]; ];
customComponents = with pkgs.home-assistant-custom-components; [
frigate
smartthinq-sensors
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
button-card
card-mod
decluttering-card
lg-webos-remote-control
light-entity-card
mini-graph-card
mini-media-player
multiple-entity-row
mushroom
valetudo-map-card
];
config = { config = {
# Includes dependencies for a basic setup # Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/ # https://www.home-assistant.io/integrations/default_config/
@ -66,6 +105,7 @@ in
]; ];
}; };
## enable with empty top level key
wake_on_lan = {}; wake_on_lan = {};
switch = [ switch = [

2
profiles/router.nix
View file

@ -345,7 +345,7 @@ in
]; ];
# network locator e.g. scanners and printers # network locator e.g. scanners and printers
nssmdns = true; nssmdns4 = true;
}; };
#----------------------------------------------------------------------------------------------------- #-----------------------------------------------------------------------------------------------------