Compare commits
	
		
			15 Commits
		
	
	
		
			911f3589a2
			...
			home_manag
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 869d3957b5 | |||
| a49c4f40e5 | |||
| a8851c19e4 | |||
| 3497d93dcb | |||
| 2eaffa8cfb | |||
| 955c3255a0 | |||
| 6b367a7c95 | |||
| 02155976ab | |||
| 4c7f22b903 | |||
| f0f7c2613e | |||
| b92ca00054 | |||
| 2315d56db0 | |||
| 98c0142938 | |||
| 4b3eef4150 | |||
| 857f0daa95 | 
							
								
								
									
										3
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.gitmodules
									
									
									
									
										vendored
									
									
								
							| @@ -1,3 +1,6 @@ | |||||||
| [submodule "assets/compose"] | [submodule "assets/compose"] | ||||||
| 	path = assets/compose | 	path = assets/compose | ||||||
| 	url = ssh://git@code.lazyworkhorse.net:2222/gortium/compose.git | 	url = ssh://git@code.lazyworkhorse.net:2222/gortium/compose.git | ||||||
|  | [submodule "assets/dotfiles"] | ||||||
|  | 	path = assets/dotfiles | ||||||
|  | 	url = ssh://git@code.lazyworkhorse.net:2222/gortium/dotfiles.git | ||||||
|   | |||||||
							
								
								
									
										26
									
								
								AGENTS.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								AGENTS.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | # AGENTS.md | ||||||
|  |  | ||||||
|  | This document outlines the development conventions for this NixOS-based infrastructure repository. | ||||||
|  |  | ||||||
|  | ## Build & Deployment | ||||||
|  |  | ||||||
|  | - **Build/Deploy:** Use `nixos-rebuild switch --flake .#<hostname>` to build and deploy the configuration for a specific host. | ||||||
|  | - **Development Shell:** Activate the development environment with `nix develop`. | ||||||
|  |  | ||||||
|  | ## Linting & Formatting | ||||||
|  |  | ||||||
|  | - **Formatting:** This project uses `nixpkgs-fmt` for automatic formatting. Ensure it is run before committing changes. | ||||||
|  |   - `nixpkgs-fmt .` | ||||||
|  | - **Linting:** No specific linter is configured, but adhere to standard Nix language conventions. | ||||||
|  |  | ||||||
|  | ## Testing | ||||||
|  |  | ||||||
|  | - No automated testing suite is configured. Manually verify changes by deploying to a non-critical host. | ||||||
|  |  | ||||||
|  | ## Code Style & Conventions | ||||||
|  |  | ||||||
|  | - **Imports:** Keep module imports clean and organized at the top of files. | ||||||
|  | - **Naming:** Follow Nix community conventions for variable and function names (e.g., `camelCase` for variables, `kebab-case` for package names). | ||||||
|  | - **Secrets:** Secrets are managed with `agenix`. Edit encrypted files with `agenix -e <file>`. | ||||||
|  | - **Modularity:** Structure configurations into logical, reusable modules under `modules/`. New modules should be registered in `modules/nixos/default.nix` to be available to all hosts. | ||||||
|  | - **Error Handling:** Ensure Nix expressions are robust and handle potential evaluation errors gracefully. | ||||||
 Submodule assets/compose updated: bcaad554a6...5def86e278
									
								
							
							
								
								
									
										33
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										33
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -10,11 +10,11 @@ | |||||||
|         "systems": "systems" |         "systems": "systems" | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1754337839, |         "lastModified": 1754433428, | ||||||
|         "narHash": "sha256-fEc2/4YsJwtnLU7HCFMRckb0u9UNnDZmwGhXT5U5NTw=", |         "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", | ||||||
|         "owner": "ryantm", |         "owner": "ryantm", | ||||||
|         "repo": "agenix", |         "repo": "agenix", | ||||||
|         "rev": "856df6f6922845abd4fd958ce21febc07ca2fa45", |         "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
| @@ -44,13 +44,33 @@ | |||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "home-manager_2": { | ||||||
|  |       "inputs": { | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nixpkgs" | ||||||
|  |         ] | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1755625756, | ||||||
|  |         "narHash": "sha256-t57ayMEdV9g1aCfHzoQjHj1Fh3LDeyblceADm2hsLHM=", | ||||||
|  |         "owner": "nix-community", | ||||||
|  |         "repo": "home-manager", | ||||||
|  |         "rev": "dd026d86420781e84d0732f2fa28e1c051117b59", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "nix-community", | ||||||
|  |         "repo": "home-manager", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "nixpkgs": { |     "nixpkgs": { | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1753939845, |         "lastModified": 1755615617, | ||||||
|         "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", |         "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", | ||||||
|         "owner": "nixos", |         "owner": "nixos", | ||||||
|         "repo": "nixpkgs", |         "repo": "nixpkgs", | ||||||
|         "rev": "94def634a20494ee057c76998843c015909d6311", |         "rev": "20075955deac2583bb12f07151c2df830ef346b4", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
| @@ -63,6 +83,7 @@ | |||||||
|     "root": { |     "root": { | ||||||
|       "inputs": { |       "inputs": { | ||||||
|         "agenix": "agenix", |         "agenix": "agenix", | ||||||
|  |         "home-manager": "home-manager_2", | ||||||
|         "nixpkgs": "nixpkgs" |         "nixpkgs": "nixpkgs" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|   | |||||||
							
								
								
									
										15
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										15
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -8,15 +8,23 @@ | |||||||
|       inputs.darwin.follows = ""; |       inputs.darwin.follows = ""; | ||||||
|       inputs.nixpkgs.follows = "nixpkgs"; |       inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|     }; |     }; | ||||||
|  |     home-manager = { | ||||||
|  |       url = "github:nix-community/home-manager"; | ||||||
|  |       inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |     }; | ||||||
|  |     self.submodules = true; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   outputs = { self, nixpkgs, agenix, ... }@inputs: |   outputs = { self, nixpkgs, agenix, home-manager, ... }@inputs: | ||||||
|     let |     let | ||||||
|       system = "x86_64-linux"; |       system = "x86_64-linux"; | ||||||
|       keys = import ./lib/keys.nix; |       keys = import ./lib/keys.nix; | ||||||
|       paths = { |       paths = { | ||||||
|         flake = "/home/gortium/infra"; |         flake = "/home/gortium/infra"; | ||||||
|         identities = [ "/home/gortium/.ssh/gortium_ssh_key" "/etc/ssh/ssh_host_ed25519_key" ]; |         identities = [ | ||||||
|  |           "/home/gortium/.ssh/gortium_ssh_key" | ||||||
|  |           "/etc/ssh/ssh_host_ed25519_key" | ||||||
|  |           "/root/.age/bootstrap.key" ]; | ||||||
|       }; |       }; | ||||||
|       overlays = [ agenix.overlays.default ]; |       overlays = [ agenix.overlays.default ]; | ||||||
|       pkgs = import nixpkgs { |       pkgs = import nixpkgs { | ||||||
| @@ -35,10 +43,11 @@ | |||||||
|             modules = [ |             modules = [ | ||||||
|               { nixpkgs.overlays = overlays; } |               { nixpkgs.overlays = overlays; } | ||||||
|               agenix.nixosModules.default |               agenix.nixosModules.default | ||||||
|  |               home-manager.nixosModules.default | ||||||
|               ./hosts/lazyworkhorse/configuration.nix |               ./hosts/lazyworkhorse/configuration.nix | ||||||
|               ./hosts/lazyworkhorse/hardware-configuration.nix |               ./hosts/lazyworkhorse/hardware-configuration.nix | ||||||
|               ./modules/default.nix |               ./modules/default.nix | ||||||
|               ./users/gortium.nix |               ./users/gortium | ||||||
|             ]; |             ]; | ||||||
|           }; |           }; | ||||||
|         }; |         }; | ||||||
|   | |||||||
| @@ -29,6 +29,8 @@ | |||||||
|   boot.loader.systemd-boot.enable = true; |   boot.loader.systemd-boot.enable = true; | ||||||
|   boot.loader.efi.canTouchEfiVariables = false; |   boot.loader.efi.canTouchEfiVariables = false; | ||||||
|  |  | ||||||
|  |   boot.kernelModules = [ "nct6775" "lm63" ]; | ||||||
|  |   boot.blacklistedKernelModules = [ "eeepc_wmi" ]; | ||||||
|   networking.hostName = "lazyworkhorse"; # Define your hostname. |   networking.hostName = "lazyworkhorse"; # Define your hostname. | ||||||
|   # Pick only one of the below networking options. |   # Pick only one of the below networking options. | ||||||
|   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant. |   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant. | ||||||
| @@ -56,31 +58,6 @@ | |||||||
|     LC_CTYPE = "en_CA.UTF-8"; |     LC_CTYPE = "en_CA.UTF-8"; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   # Private host ssh key |  | ||||||
|   age = { |  | ||||||
|     identityPaths = paths.identities; |  | ||||||
|     secrets = { |  | ||||||
|       lazyworkhorse_host_ssh_key = { |  | ||||||
|         file = "${self}/secrets/lazyworkhorse_host_ssh_key.age"; |  | ||||||
|         owner = "root"; |  | ||||||
|         group = "root"; |  | ||||||
|         mode = "0600"; |  | ||||||
|         path = "/etc/ssh/ssh_host_ed25519_key"; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   # Public host ssh key |  | ||||||
|   environment.etc."ssh/ssh_host_ed25519_key.pub".text = keys.hosts.lazyworkhorse.main; |  | ||||||
|  |  | ||||||
|   # Prevent sshd from generating new keys and use this one |  | ||||||
|   services.openssh.hostKeys = [ |  | ||||||
|     { |  | ||||||
|       path = "/etc/ssh/ssh_host_ed25519_key"; |  | ||||||
|       type = "ed25519"; |  | ||||||
|     } |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   # Configure network proxy if necessary |   # Configure network proxy if necessary | ||||||
|   # networking.proxy.default = "http://user:password@proxy:port/"; |   # networking.proxy.default = "http://user:password@proxy:port/"; | ||||||
|   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; |   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; | ||||||
| @@ -130,6 +107,7 @@ | |||||||
|     age |     age | ||||||
|     git |     git | ||||||
|     nh |     nh | ||||||
|  |     lm_sensors | ||||||
|   ]; |   ]; | ||||||
|  |  | ||||||
|   # Some programs need SUID wrappers, can be configured further or are |   # Some programs need SUID wrappers, can be configured further or are | ||||||
| @@ -142,12 +120,50 @@ | |||||||
|  |  | ||||||
|   # List services that you want to enable: |   # List services that you want to enable: | ||||||
|  |  | ||||||
|   # Enable the OpenSSH daemon. |   # Enable the OpenSSH daemon | ||||||
|   services.openssh = { |   services.openssh = { | ||||||
|     enable = true; |     enable = true; | ||||||
|     settings.PermitRootLogin = "no"; |     settings.PermitRootLogin = "no"; | ||||||
|  |     hostKeys = [ | ||||||
|  |       { | ||||||
|  |         path = "/etc/ssh/ssh_host_ed25519_key"; | ||||||
|  |         type = "ed25519"; | ||||||
|  |       } | ||||||
|  |     ]; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|  |   # Private host ssh key managed by agenix | ||||||
|  |   age = { | ||||||
|  |     identityPaths = paths.identities; | ||||||
|  |     secrets = { | ||||||
|  |       containers_env = { | ||||||
|  |         file = ../../secrets/containers.env.age; | ||||||
|  |         path = "/run/secrets/containers.env"; | ||||||
|  |         owner = "root"; | ||||||
|  |         group = "root"; | ||||||
|  |         mode = "0400"; | ||||||
|  |       }; | ||||||
|  |       lazyworkhorse_host_ssh_key = { | ||||||
|  |         file = ../../secrets/lazyworkhorse_host_ssh_key.age; | ||||||
|  |         owner = "root"; | ||||||
|  |         group = "root"; | ||||||
|  |         mode = "0600"; | ||||||
|  |         path = "/etc/ssh/ssh_host_ed25519_key"; | ||||||
|  |       }; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   fileSystems."/".neededForBoot = true; | ||||||
|  |  | ||||||
|  |   # Public host ssh key (kept in sync with the private one) | ||||||
|  |   environment.etc."ssh/ssh_host_ed25519_key.pub".text = | ||||||
|  |     "${keys.hosts.lazyworkhorse.main}"; | ||||||
|  |  | ||||||
|  |   services.fstrim.enable = true; | ||||||
|  |  | ||||||
|  |   services.zfs.autoSnapshot.enable = true; | ||||||
|  |   services.zfs.autoScrub.enable = true; | ||||||
|  |  | ||||||
|  # Open ports in the firewall. |  # Open ports in the firewall. | ||||||
|   # networking.firewall.allowedTCPPorts = [ ... ]; |   # networking.firewall.allowedTCPPorts = [ ... ]; | ||||||
|   # networking.firewall.allowedUDPPorts = [ ... ]; |   # networking.firewall.allowedUDPPorts = [ ... ]; | ||||||
|   | |||||||
| @@ -9,9 +9,10 @@ | |||||||
|  |  | ||||||
|   hosts = { |   hosts = { | ||||||
|     lazyworkhorse = { |     lazyworkhorse = { | ||||||
|       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmPv4JssvhHGIx85UwFxDSrL5anR4eXB/cd9V2i9wdW"; |       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmXqD+bBveCYf4khmARA0uaCzkBOUIE077ZrInLNs1O"; | ||||||
|       github = ""; |       github = ""; | ||||||
|       gitea = ""; |       gitea = ""; | ||||||
|  |       bootstrap = "age1r796v2uldtspawyh863pks74sd2pwcan8j4e4pjzsvkmr3vjja9qpz5ste"; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| { pkgs, lib, config, ... }: { | { pkgs, lib, config, ... }: { | ||||||
|  |  | ||||||
|   options = { |   options = { | ||||||
|     hoardingcow-mount.enable = lib.mkEnableOption "enable hoardingcow acces"; |     hoardingcow-mount.enable = lib.mkEnableOption "enable hoardingcow access"; | ||||||
|   }; |   }; | ||||||
|   config = lib.mkIf config.hoardingcow-mount.enable { |   config = lib.mkIf config.hoardingcow-mount.enable { | ||||||
|     fileSystems."/mnt/HoardingCow_docker_data" = { |     fileSystems."/mnt/HoardingCow_docker_data" = { | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { pkgs, lib, config, ... }: { | { | ||||||
|   imports = |   imports = [ | ||||||
|     [ |     ./dotfiles.nix | ||||||
|     ./systemd |     ./systemd | ||||||
|   ]; |   ]; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										69
									
								
								modules/nixos/services/dotfiles.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								modules/nixos/services/dotfiles.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | |||||||
|  | { config, lib, pkgs, ... }: | ||||||
|  |  | ||||||
|  | with lib; | ||||||
|  |  | ||||||
|  | let | ||||||
|  |   cfg = config.services.dotfiles; | ||||||
|  |   stowDir = cfg.stowDir; | ||||||
|  |  | ||||||
|  |   # Function to recursively find all files in a directory | ||||||
|  |   findFiles = dir: | ||||||
|  |     let | ||||||
|  |       files = builtins.attrNames (builtins.readDir dir); | ||||||
|  |     in | ||||||
|  |       concatMap (name: | ||||||
|  |         let | ||||||
|  |           path = dir + "/${name}"; | ||||||
|  |         in | ||||||
|  |           if (builtins.typeOf (builtins.readDir path) == "set") | ||||||
|  |           then findFiles path | ||||||
|  |           else [ path ] | ||||||
|  |       ) files; | ||||||
|  |  | ||||||
|  |   # Get a list of all packages (directories) in the stow directory | ||||||
|  |   stowPackages = builtins.attrNames (builtins.readDir stowDir); | ||||||
|  |  | ||||||
|  |   # Create an attribute set where each attribute is a package name | ||||||
|  |   # and the value is a list of files to be linked. | ||||||
|  |   homeManagerLinks = listToAttrs (map (pkg: | ||||||
|  |     let | ||||||
|  |       pkgPath = stowDir + "/${pkg}"; | ||||||
|  |       files = findFiles pkgPath; | ||||||
|  |     in | ||||||
|  |       nameValuePair pkg (map (file: { | ||||||
|  |         source = file; | ||||||
|  |         target = removePrefix (pkgPath + "/") file; | ||||||
|  |       }) files) | ||||||
|  |   ) stowPackages); | ||||||
|  |  | ||||||
|  | in | ||||||
|  | { | ||||||
|  |   options.services.dotfiles = { | ||||||
|  |     enable = mkEnableOption "Enable dotfiles management"; | ||||||
|  |  | ||||||
|  |     stowDir = mkOption { | ||||||
|  |       type = types.path; | ||||||
|  |       description = "The directory where your stow packages are located."; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     user = mkOption { | ||||||
|  |       type = types.str; | ||||||
|  |       description = "The user to manage dotfiles for."; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   config = mkIf cfg.enable { | ||||||
|  |     home-manager.users.${cfg.user} = { | ||||||
|  |       home.file = | ||||||
|  |         let | ||||||
|  |           allFiles = concatLists (attrValues homeManagerLinks); | ||||||
|  |         in | ||||||
|  |           listToAttrs (map (file: | ||||||
|  |             nameValuePair file.target { | ||||||
|  |               source = file.source; | ||||||
|  |             } | ||||||
|  |           ) allFiles); | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  | } | ||||||
|  |  | ||||||
| @@ -4,6 +4,7 @@ | |||||||
|       ./network.nix |       ./network.nix | ||||||
|       ./passwordmanager.nix |       ./passwordmanager.nix | ||||||
|       ./versioncontrol.nix |       ./versioncontrol.nix | ||||||
|  |       ./fancontrol.nix | ||||||
|     ]; |     ]; | ||||||
|  |  | ||||||
|   virtualisation.docker = { |   virtualisation.docker = { | ||||||
| @@ -12,17 +13,4 @@ | |||||||
|       "dns" = [ "1.1.1.1" "8.8.8.8" ]; |       "dns" = [ "1.1.1.1" "8.8.8.8" ]; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   age = { |  | ||||||
|     identityPaths = paths.identities; |  | ||||||
|     secrets = { |  | ||||||
|       containers_env = { |  | ||||||
|         file = self + "/secrets/containers.env.age"; |  | ||||||
|         path = "/run/secrets/containers.env"; |  | ||||||
|         owner = "root"; |  | ||||||
|         group = "root"; |  | ||||||
|         mode = "0400"; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										37
									
								
								modules/nixos/services/systemd/fancontrol.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								modules/nixos/services/systemd/fancontrol.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,37 @@ | |||||||
|  | { config, lib, pkgs, ... }: | ||||||
|  |  | ||||||
|  | with lib; | ||||||
|  |  | ||||||
|  | let | ||||||
|  |   cfg = config.services.systemd-fancon; | ||||||
|  | in | ||||||
|  | { | ||||||
|  |   options.services.systemd-fancon = { | ||||||
|  |     enable = mkEnableOption "systemd-fancon service for fan control"; | ||||||
|  |     config = mkOption { | ||||||
|  |       type = types.lines; | ||||||
|  |       default = ""; | ||||||
|  |       description = "Configuration for systemd-fancon."; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   config = mkIf cfg.enable { | ||||||
|  |     environment.systemPackages = with pkgs; [ | ||||||
|  |       systemd-fancon | ||||||
|  |       lm_sensors | ||||||
|  |     ]; | ||||||
|  |  | ||||||
|  |     boot.kernelModules = [ "amdgpu" ]; | ||||||
|  |  | ||||||
|  |     systemd.services.systemd-fancon = { | ||||||
|  |       description = "systemd-fancon service"; | ||||||
|  |       wantedBy = [ "multi-user.target" ]; | ||||||
|  |       after = [ "network-online.target" ]; | ||||||
|  |       serviceConfig = { | ||||||
|  |         ExecStart = "${pkgs.systemd-fancon}/bin/systemd-fancon -c ${cfg.configFile}"; | ||||||
|  |         Restart = "on-failure"; | ||||||
|  |       }; | ||||||
|  |       configFile = pkgs.writeText "systemd-fancon.conf" cfg.config; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  | } | ||||||
| @@ -16,8 +16,8 @@ in | |||||||
|  |  | ||||||
|   systemd.services.network_stack = { |   systemd.services.network_stack = { | ||||||
|     description = "Traefik + DDNS updater via Docker Compose"; |     description = "Traefik + DDNS updater via Docker Compose"; | ||||||
|     after = [ "network.target" "docker.service" ]; |     after = [ "network-online.target" "docker.service" ]; | ||||||
|     requires = [ "network.target" "docker.service" ]; |     wants = [ "network-online.target" "docker.service" ]; | ||||||
|     serviceConfig = { |     serviceConfig = { | ||||||
|       WorkingDirectory = "${network_compose_dir}"; |       WorkingDirectory = "${network_compose_dir}"; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -22,10 +22,10 @@ in | |||||||
|       # Stop left over container by the same name |       # Stop left over container by the same name | ||||||
|       ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'"; |       ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'"; | ||||||
|  |  | ||||||
|       # Démarrer les conteneurs avec Docker Compose |       # Start the services using Docker Compose | ||||||
|       ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d"; |       ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d"; | ||||||
|  |  | ||||||
|       # Arrêter et supprimer les conteneurs à l’arrêt |       # Stop and remove containers on shutdown | ||||||
|       ExecStop = "${pkgs.docker-compose}/bin/docker-compose down"; |       ExecStop = "${pkgs.docker-compose}/bin/docker-compose down"; | ||||||
|  |  | ||||||
|       RemainAfterExit = true; |       RemainAfterExit = true; | ||||||
|   | |||||||
| @@ -24,10 +24,10 @@ in | |||||||
|       # Stop left over container by the same name |       # Stop left over container by the same name | ||||||
|       ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'"; |       ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.docker-compose}/bin/docker-compose down || true'"; | ||||||
|  |  | ||||||
|       # Démarrer les conteneurs avec Docker Compose |       # Start the services using Docker Compose | ||||||
|       ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d"; |       ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d"; | ||||||
|  |  | ||||||
|       # Arrêter et supprimer les conteneurs à l’arrêt |       # Stop and remove containers on shutdown | ||||||
|       ExecStop = "${pkgs.docker-compose}/bin/docker-compose down"; |       ExecStop = "${pkgs.docker-compose}/bin/docker-compose down"; | ||||||
|  |  | ||||||
|       RemainAfterExit = true; |       RemainAfterExit = true; | ||||||
|   | |||||||
| @@ -1,7 +1,9 @@ | |||||||
| age-encryption.org/v1 | age-encryption.org/v1 | ||||||
| -> ssh-ed25519 GhMD8A 9Tjo08Hbj3S+nCdLUylZoUK6meXtuHq9F/qwSJZBYho | -> ssh-ed25519 GhMD8A gLjSioFoNbora4jCZw3UguGp5TdUBLLMaYAiW11T824 | ||||||
| iu2MmQ2VHm+QEvqGjkEy02V0cNRanAyhrA8Xu7UWRFk | TXRVls3R4Zaz2AOvRujcy1kf2XqBQulK3gRzoh45g5g | ||||||
| -> ssh-ed25519 eB5ENw 8UTi2pmZML1Zyh9zCfEx4JqJhQ1vM/jZCEhrkuc1Hh4 | -> ssh-ed25519 kYn3oA 25YlZSMkVE6I3VMUrlF4t3ZwuKj9PsMQoh2gi/pHb10 | ||||||
| et6FoN8E4tgo2DXlt/KTGLRsByJFyDu2oHA/Js/pIB8 | CAFHTAZ7eyGHT8t766aBiT2Iiq9ZBKitVIIt3AxJfTE | ||||||
| --- dmEv5Fz1iUJ3W93lFtkHgtknfQGQNkMqglJZ+3e1qM8 | -> X25519 2mIaB09iQVif9F3UF9azfs5bFpUkLIU4wtjsyavHPHc | ||||||
| <EFBFBD>U<EFBFBD><EFBFBD><EFBFBD>.<2E><>#C\<11><><EFBFBD>	<09>V<EFBFBD><56>-<2D><><EFBFBD><EFBFBD><1F>tp<74>wnީ<><02><>n<EFBFBD><<3C>E<EFBFBD><45><EFBFBD>~<7E><>bX<62><02><><EFBFBD>_<EFBFBD><5F><07><><EFBFBD><EFBFBD>u<EFBFBD>l?<3F>),s<>Ec7<63><37><EFBFBD><EFBFBD>v<EFBFBD>;<3B>A<EFBFBD>U<EFBFBD>-<2D>I<EFBFBD>7Y<37>-<2D>3g[<5B>jh~<7E>/<2F> | GAoZGils65rkG8wOhR4MJB1M2c9IdVSPh0frZdc3Pg0 | ||||||
|  | --- 4Ujt4d9bouX5RsLq4WnkKb8vvGCrsLXfk3MWxP4Jar0 | ||||||
|  | <EFBFBD>ڝ<11><><08>ғ<EFBFBD>w9"<22><>=UYEފ(<0B>J9<4A>mw{<7B><>\<16>jcc><0E>N<EFBFBD>q<EFBFBD><71>T|<7C> | ||||||
										
											Binary file not shown.
										
									
								
							| @@ -1,6 +1,6 @@ | |||||||
| let | let | ||||||
|   keys = import ../lib/keys.nix; |   keys = import ../lib/keys.nix; | ||||||
|   authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main ]; |   authorizedKeys = [ keys.users.gortium.main keys.hosts.lazyworkhorse.main keys.hosts.lazyworkhorse.bootstrap ]; | ||||||
| in | in | ||||||
| { | { | ||||||
|   "containers.env.age".publicKeys = authorizedKeys; |   "containers.env.age".publicKeys = authorizedKeys; | ||||||
|   | |||||||
| @@ -1,4 +1,5 @@ | |||||||
| { pkgs, inputs, config, keys, ... }: { | { pkgs, inputs, config, keys, ... }: { | ||||||
|  |   home-manager.users.gortium = import ./home.nix; | ||||||
|   users.users.gortium = { |   users.users.gortium = { | ||||||
|     isNormalUser = true; |     isNormalUser = true; | ||||||
|     extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user. |     extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user. | ||||||
							
								
								
									
										12
									
								
								users/gortium/home.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								users/gortium/home.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | { pkgs, ... }: { | ||||||
|  |   services.dotfiles = { | ||||||
|  |     enable = true; | ||||||
|  |     stowDir = ../../../assets/dotfiles; | ||||||
|  |     user = "gortium"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   home.username = "gortium"; | ||||||
|  |   home.homeDirectory = "/home/gortium"; | ||||||
|  |   home.stateVersion = "23.11"; # Please change this to your version. | ||||||
|  |   programs.home-manager.enable = true; | ||||||
|  | } | ||||||
		Reference in New Issue
	
	Block a user