resilio: modularise properly
This commit is contained in:
parent
7a6a0dceed
commit
25ae59d96d
@ -1,11 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
config.system.stateVersion = "22.05";
|
|
||||||
|
|
||||||
config.networking.hostName = "gendry";
|
|
||||||
config.networking.domain = "jakehillion-terminals.ts.hillion.co.uk";
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
../../modules/common/default.nix
|
../../modules/common/default.nix
|
||||||
../../modules/desktop/awesome/default.nix
|
../../modules/desktop/awesome/default.nix
|
||||||
@ -13,36 +8,68 @@
|
|||||||
./bluetooth.nix
|
./bluetooth.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./persist.nix
|
./persist.nix
|
||||||
./resilio.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
config.boot.loader.systemd-boot.enable = true;
|
config = {
|
||||||
config.boot.loader.efi.canTouchEfiVariables = true;
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
networking.hostName = "gendry";
|
||||||
|
networking.domain = "jakehillion-terminals.ts.hillion.co.uk";
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
## Resilio
|
||||||
|
custom.resilio.enable = true;
|
||||||
|
|
||||||
|
services.resilio.deviceName = "gendry.jakehillion-terminals";
|
||||||
|
services.resilio.directoryRoot = "/data/sync";
|
||||||
|
services.resilio.storagePath = "/data/sync/.sync";
|
||||||
|
|
||||||
|
custom.resilio.folders =
|
||||||
|
let
|
||||||
|
folderNames = [
|
||||||
|
"dad"
|
||||||
|
"joseph"
|
||||||
|
"projects"
|
||||||
|
"resources"
|
||||||
|
"sync"
|
||||||
|
];
|
||||||
|
mkFolder = name: {
|
||||||
|
name = name;
|
||||||
|
secret = {
|
||||||
|
name = "resilio/plain/${name}";
|
||||||
|
file = ../../secrets/resilio/plain/${name}.age;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
builtins.map (mkFolder) folderNames;
|
||||||
|
|
||||||
## Tailscale
|
## Tailscale
|
||||||
config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".file = ../../secrets/tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age;
|
age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".file = ../../secrets/tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age;
|
||||||
config.tailscalePreAuth = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path;
|
tailscalePreAuth = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path;
|
||||||
|
|
||||||
## Password (for interactive logins)
|
## Password (for interactive logins)
|
||||||
config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".file = ../../secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age;
|
age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".file = ../../secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age;
|
||||||
config.users.users."jake".passwordFile = config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".path;
|
users.users."jake".passwordFile = config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".path;
|
||||||
|
|
||||||
config.security.sudo.wheelNeedsPassword = lib.mkForce true;
|
security.sudo.wheelNeedsPassword = lib.mkForce true;
|
||||||
|
|
||||||
## Enable btrfs compression
|
## Enable btrfs compression
|
||||||
config.fileSystems."/data".options = [ "compress=zstd" ];
|
fileSystems."/data".options = [ "compress=zstd" ];
|
||||||
config.fileSystems."/nix".options = [ "compress=zstd" ];
|
fileSystems."/nix".options = [ "compress=zstd" ];
|
||||||
|
|
||||||
## Graphics
|
## Graphics
|
||||||
config.boot.initrd.kernelModules = [ "amdgpu" ];
|
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
config.services.xserver.videoDrivers = [ "amdgpu" ];
|
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||||
|
|
||||||
## Spotify
|
## Spotify
|
||||||
config.home-manager.users.jake.services.spotifyd.settings = {
|
home-manager.users.jake.services.spotifyd.settings = {
|
||||||
global = {
|
global = {
|
||||||
device_name = "Gendry";
|
device_name = "Gendry";
|
||||||
device_type = "computer";
|
device_type = "computer";
|
||||||
bitrate = 320;
|
bitrate = 320;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,44 +0,0 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
folderNames = [
|
|
||||||
"dad"
|
|
||||||
"joseph"
|
|
||||||
"projects"
|
|
||||||
"resources"
|
|
||||||
"sync"
|
|
||||||
];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
../../modules/resilio/default.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
## Resilio Sync (Unencrypted)
|
|
||||||
config.services.resilio.enable = true;
|
|
||||||
config.services.resilio.deviceName = "gendry.jakehillion-terminals";
|
|
||||||
config.services.resilio.directoryRoot = "/data/sync";
|
|
||||||
config.services.resilio.storagePath = "/data/sync/.sync";
|
|
||||||
|
|
||||||
config.age.secrets =
|
|
||||||
let
|
|
||||||
mkSecret = name: {
|
|
||||||
name = "resilio/plain/${name}";
|
|
||||||
value = {
|
|
||||||
file = ../../secrets/resilio/plain/${name}.age;
|
|
||||||
owner = "rslsync";
|
|
||||||
group = "rslsync";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
builtins.listToAttrs (builtins.map (mkSecret) folderNames);
|
|
||||||
|
|
||||||
config.resilioFolders =
|
|
||||||
let
|
|
||||||
mkFolder = name: {
|
|
||||||
name = name;
|
|
||||||
secretFile = config.age.secrets."resilio/plain/${name}".path;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
builtins.map (mkFolder) folderNames;
|
|
||||||
}
|
|
@ -1,35 +1,35 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
config.system.stateVersion = "22.05";
|
|
||||||
|
|
||||||
config.networking.hostName = "vm";
|
|
||||||
config.networking.domain = "strangervm.ts.hillion.co.uk";
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
../../modules/common/default.nix
|
../../modules/common/default.nix
|
||||||
../../modules/drone/server.nix
|
../../modules/drone/server.nix
|
||||||
../../modules/matrix/default.nix
|
../../modules/matrix/default.nix
|
||||||
../../modules/resilio/default.nix
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
config.boot.loader.grub = {
|
config = {
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
networking.hostName = "vm";
|
||||||
|
networking.domain = "strangervm.ts.hillion.co.uk";
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
device = "/dev/sda";
|
device = "/dev/sda";
|
||||||
};
|
};
|
||||||
|
|
||||||
## Custom Services
|
## Custom Services
|
||||||
config.custom.www.global.enable = true;
|
custom.www.global.enable = true;
|
||||||
|
|
||||||
## Networking
|
## Networking
|
||||||
config.networking.interfaces.ens18.ipv4.addresses = [{
|
networking.interfaces.ens18.ipv4.addresses = [{
|
||||||
address = "10.72.164.3";
|
address = "10.72.164.3";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
config.networking.defaultGateway = "10.72.164.1";
|
networking.defaultGateway = "10.72.164.1";
|
||||||
|
|
||||||
config.networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = lib.mkForce [
|
allowedTCPPorts = lib.mkForce [
|
||||||
22 # SSH
|
22 # SSH
|
||||||
];
|
];
|
||||||
@ -48,43 +48,34 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
## Tailscale
|
## Tailscale
|
||||||
config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age;
|
age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age;
|
||||||
config.tailscalePreAuth = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path;
|
tailscalePreAuth = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path;
|
||||||
|
|
||||||
## Resilio Sync (Encrypted)
|
## Resilio Sync (Encrypted)
|
||||||
config.services.resilio.enable = true;
|
custom.resilio.enable = true;
|
||||||
config.services.resilio.deviceName = "vm.strangervm";
|
services.resilio.deviceName = "vm.strangervm";
|
||||||
config.services.resilio.directoryRoot = "/data/sync";
|
services.resilio.directoryRoot = "/data/sync";
|
||||||
config.services.resilio.storagePath = "/data/sync/.sync";
|
services.resilio.storagePath = "/data/sync/.sync";
|
||||||
|
|
||||||
config.age.secrets."resilio/encrypted/dad" = {
|
custom.resilio.folders =
|
||||||
file = ../../secrets/resilio/encrypted/dad.age;
|
let
|
||||||
owner = "rslsync";
|
folderNames = [
|
||||||
group = "rslsync";
|
"dad"
|
||||||
};
|
"projects"
|
||||||
config.age.secrets."resilio/encrypted/projects" = {
|
"resources"
|
||||||
file = ../../secrets/resilio/encrypted/projects.age;
|
"sync"
|
||||||
owner = "rslsync";
|
|
||||||
group = "rslsync";
|
|
||||||
};
|
|
||||||
config.age.secrets."resilio/encrypted/resources" = {
|
|
||||||
file = ../../secrets/resilio/encrypted/resources.age;
|
|
||||||
owner = "rslsync";
|
|
||||||
group = "rslsync";
|
|
||||||
};
|
|
||||||
config.age.secrets."resilio/encrypted/sync" = {
|
|
||||||
file = ../../secrets/resilio/encrypted/sync.age;
|
|
||||||
owner = "rslsync";
|
|
||||||
group = "rslsync";
|
|
||||||
};
|
|
||||||
|
|
||||||
config.resilioFolders = [
|
|
||||||
{ name = "dad"; secretFile = config.age.secrets."resilio/encrypted/dad".path; }
|
|
||||||
{ name = "projects"; secretFile = config.age.secrets."resilio/encrypted/projects".path; }
|
|
||||||
{ name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; }
|
|
||||||
{ name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
|
|
||||||
];
|
];
|
||||||
|
mkFolder = name: {
|
||||||
|
name = name;
|
||||||
|
secret = {
|
||||||
|
name = "resilio/encrypted/${name}";
|
||||||
|
file = ../../secrets/resilio/encrypted/${name}.age;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
builtins.map (mkFolder) folderNames;
|
||||||
|
|
||||||
## Backups
|
## Backups
|
||||||
config.services.postgresqlBackup.location = "/data/backup/postgres";
|
services.postgresqlBackup.location = "/data/backup/postgres";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,15 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./resilio.nix
|
||||||
./www/global.nix
|
./www/global.nix
|
||||||
./www/www-repo.nix
|
./www/www-repo.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
options.custom = {
|
||||||
|
user = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "jake";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
68
modules/resilio.nix
Normal file
68
modules/resilio.nix
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
{ pkgs, lib, config, nixpkgs-unstable, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.custom.resilio;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
|
||||||
|
disabledModules = [ "services/networking/resilio.nix" ];
|
||||||
|
|
||||||
|
options.custom.resilio = {
|
||||||
|
enable = lib.mkEnableOption "resilio";
|
||||||
|
|
||||||
|
extraUsers = lib.mkOption {
|
||||||
|
type = with lib.types; listOf str;
|
||||||
|
default = [ config.custom.user ];
|
||||||
|
};
|
||||||
|
|
||||||
|
folders = lib.mkOption {
|
||||||
|
type = with lib.types; uniq (listOf attrs);
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
users.users =
|
||||||
|
let
|
||||||
|
mkUser =
|
||||||
|
(user: {
|
||||||
|
name = user;
|
||||||
|
value = {
|
||||||
|
extraGroups = [ "rslsync" ];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
in
|
||||||
|
builtins.listToAttrs (builtins.map mkUser cfg.extraUsers);
|
||||||
|
|
||||||
|
age.secrets =
|
||||||
|
let
|
||||||
|
mkSecret = (secret: {
|
||||||
|
name = secret.name;
|
||||||
|
value = {
|
||||||
|
file = secret.file;
|
||||||
|
owner = "rslsync";
|
||||||
|
group = "rslsync";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
in
|
||||||
|
builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders);
|
||||||
|
|
||||||
|
services.resilio = {
|
||||||
|
enable = true;
|
||||||
|
sharedFolders =
|
||||||
|
let
|
||||||
|
mkFolder = name: secret: {
|
||||||
|
directory = "${config.services.resilio.directoryRoot}/${name}";
|
||||||
|
secretFile = "${config.age.secrets."${secret.name}".path}";
|
||||||
|
knownHosts = [ ];
|
||||||
|
searchLAN = true;
|
||||||
|
useDHT = true;
|
||||||
|
useRelayServer = true;
|
||||||
|
useSyncTrash = false;
|
||||||
|
useTracker = true;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -1,28 +0,0 @@
|
|||||||
{ pkgs, lib, config, nixpkgs-unstable, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
|
|
||||||
disabledModules = [ "services/networking/resilio.nix" ];
|
|
||||||
|
|
||||||
options.resilioFolders = lib.mkOption {
|
|
||||||
type = with lib.types; uniq (listOf attrs);
|
|
||||||
default = [ ];
|
|
||||||
};
|
|
||||||
|
|
||||||
config.users.users.jake.extraGroups = [ "rslsync" ];
|
|
||||||
|
|
||||||
config.services.resilio.sharedFolders =
|
|
||||||
let
|
|
||||||
mkFolder = name: secretFile: {
|
|
||||||
directory = "${config.services.resilio.directoryRoot}/${name}";
|
|
||||||
secretFile = "${secretFile}";
|
|
||||||
knownHosts = [ ];
|
|
||||||
searchLAN = true;
|
|
||||||
useDHT = true;
|
|
||||||
useRelayServer = true;
|
|
||||||
useSyncTrash = false;
|
|
||||||
useTracker = true;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
builtins.map (folder: mkFolder folder.name folder.secretFile) config.resilioFolders;
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user