diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 03f1801..a39d487 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -10,6 +10,7 @@ ]; commonSettings = { + auth.enable = true; nix = { enableMirrors = true; signing.enable = true; @@ -23,7 +24,7 @@ # boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ]; boot.supportedFilesystems = [ "ntfs" ]; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; security.tpm2 = { enable = true; @@ -49,7 +50,8 @@ programs.oidc-agent.enable = true; programs.oidc-agent.providers = [ - { issuer = "https://home.xinyang.life:9201"; + { + issuer = "https://home.xinyang.life:9201"; pubclient = { client_id = "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69"; client_secret = "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh"; @@ -157,6 +159,7 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1w" ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -208,13 +211,13 @@ element-desktop tdesktop qq + wechat-uos feishu # Password manager bitwarden # Browser - firefox (chromium.override { commandLineArgs = [ "--ozone-platform-hint=auto" @@ -253,7 +256,7 @@ owner = "root"; sopsFile = ./secrets.yaml; }; - gitea_env = { + "gitea/envfile" = { owner = "root"; sopsFile = ./secrets.yaml; }; @@ -263,13 +266,19 @@ custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path; custom.forgejo-actions-runner.enable = true; - custom.forgejo-actions-runner.tokenFile = config.sops.secrets.gitea_env.path; + custom.forgejo-actions-runner.tokenFile = config.sops.secrets."gitea/envfile".path; custom.prometheus = { enable = true; exporters.blackbox.enable = true; }; + services.ollama = { + enable = true; + acceleration = "cuda"; + }; + + # MTP support services.gvfs.enable = true; diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 94a7e71..3ed94c5 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -13,6 +13,9 @@ services.resolved = { enable = true; + extraConfig = '' + Cache=no + ''; }; # Enable Tailscale diff --git a/machines/calcite/secrets.yaml b/machines/calcite/secrets.yaml index 780f6cb..d0e1b64 100644 --- a/machines/calcite/secrets.yaml +++ b/machines/calcite/secrets.yaml @@ -1,7 +1,8 @@ restic_repo_calcite_password: ENC[AES256_GCM,data:9ALTQULAMyLY4FIxuVztf9r3,iv:fObBBeqpHAVYl8YUopz9fZd3YWB+0sc8l+sR12rmxb4=,tag:l3xDc2/cpQr38X/cd7qMXA==,type:str] restic_repo_calcite: ENC[AES256_GCM,data:+m9cjMXrZoCPg/S+/wV4WFBmg6pbFpqJ7JOdwOX0Z37bgoQXh4wcVPKK3CLd7G/iQjpO8SXaqJ1/d8r4Ydk21Gp1WqkB8g==,iv:DweDUujXp6i5XwwxeFjUsLDOJQJlRIT6GKPPxABNWiY=,tag:hdBHIjAcDQ1Ky/8hIv3+Ow==,type:str] sing_box_url: ENC[AES256_GCM,data:2z2bDKdn51o1eaqhgE0pTg4FWcO8wcLNlnBZ69Q3Jm5GCxkXxsxN7DgqQvRVeakOHvaenQotF+nc6tlhKPsyzdQeG0yl3YYhGb9o3DkmpUjC6lalMSoiw1rSMVyBg4KYCWxmhR9iRurun62+5INGZwwHVqAjgWJhy/9+pdIFtgKyd/t0JhSU,iv:gIGbvRd88vZu3cVW7e4emZmmNO8QcubLrxS1sCwi4Co=,tag:AzLLtcA9jAbeuo6eWU6ilw==,type:str] -gitea_env: ENC[AES256_GCM,data:ShKKQWSiIkQ4uaWBhN5uB3xSu/8u8LkDjZeFi3G5BZUj7Vy4hoMweyUXyMf7w9A=,iv:JK6NgIJlU8G7G/LrZtNyGC4K9jblImFXnzhUMdkFbUw=,tag:PYeafqgXaSpDNJ0oIENW4A==,type:str] +gitea: + envfile: ENC[AES256_GCM,data:bO1aMYm0kPTBbyPD5cweVRzNjiDK2WlWDsxz52L3faFg5HSVmBoi5DZC17XBXYw=,iv:lo9XEcwY4FPD/rRbnuiUviioMIiiphS26UgPro56DIU=,tag:0eKfsS0pYw+FPW+Y5dgisg==,type:str] sops: kms: [] gcp_kms: [] @@ -26,8 +27,8 @@ sops: WGlLdXVoZlp3bEFXZjlMdG1VOUZDNUkKQ2NNTE3OsNUr2pOI7qeNFSCVkUIVRS+g FG5FbJJcFihXqr+Qo0nZkq+xq07vIia7mKoqyoIfkKwweiVzDKyrkQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-05T04:32:32Z" - mac: ENC[AES256_GCM,data:esdTvjxnVP5t721ROLvMCvHMAkcpEFgTzHIQNyEkEaL1DKYDOJKFjufPPXDiEBX8+ni9RGYL4QHuDxlh89p0HAFHb3XCkE639NyHr6MD/DzFHbenaMJXEcWy/RSoWqroyHJA8XL7ymBGeDH7ERqyQaxc3oG653V/Uq5+/a++HQI=,iv:QvSee/Wes5RygpoCOJpVuatj+xij8EPUBayE1yUWM3g=,tag:8Un2qrflqAFB0iWz2Evi5Q==,type:str] + lastmodified: "2024-08-14T01:46:18Z" + mac: ENC[AES256_GCM,data:+RuyHG1wLykJX792bkHvRXEiW7vDYj7i2tbR0MnZZUuFcr3xQDIuCW0/XnzxeX643k4iq+h/YUer/v7tIbCh75UXTG7oxQpfJhI8zMfaxKcCZBntD+wDhEmpWhgonOR/RwOAPMPz7FntJVvt9BHnpSLVjZC7KqVPohob0DRJs2Q=,iv:p6Lov35M8SN9RIV9I3D+3cO+wi3Kd2pVe08xgWYi/tM=,tag:aOMQauv2FFEsdwaS7WOraQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix index 3a5406f..22fc0e8 100644 --- a/machines/dolomite/default.nix +++ b/machines/dolomite/default.nix @@ -95,9 +95,24 @@ in dns = { servers = [ { + tag = "warp"; address = "1.1.1.1"; detour = "wg-out"; } + { + tag = "directdns"; + address = "h3://8.8.8.8/dns-query"; + } + ]; + rules = [ + { + outbound = "wg-out"; + server = "warp"; + } + { + outbound = "direct"; + server = "directdns"; + } ]; }; inbounds = [ diff --git a/modules/home-manager/direnv.nix b/modules/home-manager/direnv.nix index 850534d..46297b8 100644 --- a/modules/home-manager/direnv.nix +++ b/modules/home-manager/direnv.nix @@ -1,18 +1,30 @@ -{ config, lib, ... }: +{ config, lib, ... }: with lib; let cfg = config.custom-hm.direnv; + changeCacheDir = '' + declare -A direnv_layout_dirs + direnv_layout_dir() { + local hash path + echo "''${direnv_layout_dirs[$PWD]:=$( + hash="$(sha1sum - <<< "$PWD" | head -c40)" + path="''${PWD//[^a-zA-Z0-9]/-}" + echo "''${XDG_CACHE_HOME}/direnv/layouts/''${hash}''${path}" + )}" + } + ''; in { options.custom-hm.direnv = { enable = mkEnableOption "direnv"; }; config = { - programs = mkIf config.custom-hm.direnv.enable { + programs = mkIf cfg.enable { direnv = { enable = true; + stdlib = changeCacheDir; }; }; }; -} \ No newline at end of file +}