xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: small fixes

Browse source
This commit is contained in:
xinyangli 2024-08-20 21:09:31 +08:00
parent ed19829fe4
commit 27901b05c6
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
5 changed files with 52 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
machines/calcite/configuration.nix
View file

@ -10,6 +10,7 @@
]; ];
commonSettings = { commonSettings = {
auth.enable = true;
nix = { nix = {
enableMirrors = true; enableMirrors = true;
signing.enable = true; signing.enable = true;
@ -23,7 +24,7 @@
# boot.kernelPackages = pkgs.linuxPackages_latest; # boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ]; boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
boot.supportedFilesystems = [ "ntfs" ]; boot.supportedFilesystems = [ "ntfs" ];
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
security.tpm2 = { security.tpm2 = {
enable = true; enable = true;
@ -49,7 +50,8 @@
programs.oidc-agent.enable = true; programs.oidc-agent.enable = true;
programs.oidc-agent.providers = [ programs.oidc-agent.providers = [
{ issuer = "https://home.xinyang.life:9201"; {
issuer = "https://home.xinyang.life:9201";
pubclient = { pubclient = {
client_id = "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69"; client_id = "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69";
client_secret = "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh"; client_secret = "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh";
@ -157,6 +159,7 @@
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
]; ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -208,13 +211,13 @@
element-desktop element-desktop
tdesktop tdesktop
qq qq
wechat-uos
feishu feishu
# Password manager # Password manager
bitwarden bitwarden
# Browser # Browser
firefox
(chromium.override { (chromium.override {
commandLineArgs = [ commandLineArgs = [
"--ozone-platform-hint=auto" "--ozone-platform-hint=auto"
@ -253,7 +256,7 @@
owner = "root"; owner = "root";
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
gitea_env = { "gitea/envfile" = {
owner = "root"; owner = "root";
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
@ -263,13 +266,19 @@
custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path; custom.restic.passwordFile = config.sops.secrets.restic_repo_calcite_password.path;
custom.forgejo-actions-runner.enable = true; custom.forgejo-actions-runner.enable = true;
custom.forgejo-actions-runner.tokenFile = config.sops.secrets.gitea_env.path; custom.forgejo-actions-runner.tokenFile = config.sops.secrets."gitea/envfile".path;
custom.prometheus = { custom.prometheus = {
enable = true; enable = true;
exporters.blackbox.enable = true; exporters.blackbox.enable = true;
}; };
services.ollama = {
enable = true;
acceleration = "cuda";
};
# MTP support # MTP support
services.gvfs.enable = true; services.gvfs.enable = true;

3
machines/calcite/network.nix
View file

@ -13,6 +13,9 @@
services.resolved = { services.resolved = {
enable = true; enable = true;
extraConfig = ''
Cache=no
'';
}; };
# Enable Tailscale # Enable Tailscale

9
machines/calcite/secrets.yaml
View file

@ -1,7 +1,8 @@
restic_repo_calcite_password: ENC[AES256_GCM,data:9ALTQULAMyLY4FIxuVztf9r3,iv:fObBBeqpHAVYl8YUopz9fZd3YWB+0sc8l+sR12rmxb4=,tag:l3xDc2/cpQr38X/cd7qMXA==,type:str] restic_repo_calcite_password: ENC[AES256_GCM,data:9ALTQULAMyLY4FIxuVztf9r3,iv:fObBBeqpHAVYl8YUopz9fZd3YWB+0sc8l+sR12rmxb4=,tag:l3xDc2/cpQr38X/cd7qMXA==,type:str]
restic_repo_calcite: ENC[AES256_GCM,data:+m9cjMXrZoCPg/S+/wV4WFBmg6pbFpqJ7JOdwOX0Z37bgoQXh4wcVPKK3CLd7G/iQjpO8SXaqJ1/d8r4Ydk21Gp1WqkB8g==,iv:DweDUujXp6i5XwwxeFjUsLDOJQJlRIT6GKPPxABNWiY=,tag:hdBHIjAcDQ1Ky/8hIv3+Ow==,type:str] restic_repo_calcite: ENC[AES256_GCM,data:+m9cjMXrZoCPg/S+/wV4WFBmg6pbFpqJ7JOdwOX0Z37bgoQXh4wcVPKK3CLd7G/iQjpO8SXaqJ1/d8r4Ydk21Gp1WqkB8g==,iv:DweDUujXp6i5XwwxeFjUsLDOJQJlRIT6GKPPxABNWiY=,tag:hdBHIjAcDQ1Ky/8hIv3+Ow==,type:str]
sing_box_url: ENC[AES256_GCM,data:2z2bDKdn51o1eaqhgE0pTg4FWcO8wcLNlnBZ69Q3Jm5GCxkXxsxN7DgqQvRVeakOHvaenQotF+nc6tlhKPsyzdQeG0yl3YYhGb9o3DkmpUjC6lalMSoiw1rSMVyBg4KYCWxmhR9iRurun62+5INGZwwHVqAjgWJhy/9+pdIFtgKyd/t0JhSU,iv:gIGbvRd88vZu3cVW7e4emZmmNO8QcubLrxS1sCwi4Co=,tag:AzLLtcA9jAbeuo6eWU6ilw==,type:str] sing_box_url: ENC[AES256_GCM,data:2z2bDKdn51o1eaqhgE0pTg4FWcO8wcLNlnBZ69Q3Jm5GCxkXxsxN7DgqQvRVeakOHvaenQotF+nc6tlhKPsyzdQeG0yl3YYhGb9o3DkmpUjC6lalMSoiw1rSMVyBg4KYCWxmhR9iRurun62+5INGZwwHVqAjgWJhy/9+pdIFtgKyd/t0JhSU,iv:gIGbvRd88vZu3cVW7e4emZmmNO8QcubLrxS1sCwi4Co=,tag:AzLLtcA9jAbeuo6eWU6ilw==,type:str]
gitea_env: ENC[AES256_GCM,data:ShKKQWSiIkQ4uaWBhN5uB3xSu/8u8LkDjZeFi3G5BZUj7Vy4hoMweyUXyMf7w9A=,iv:JK6NgIJlU8G7G/LrZtNyGC4K9jblImFXnzhUMdkFbUw=,tag:PYeafqgXaSpDNJ0oIENW4A==,type:str] gitea:
envfile: ENC[AES256_GCM,data:bO1aMYm0kPTBbyPD5cweVRzNjiDK2WlWDsxz52L3faFg5HSVmBoi5DZC17XBXYw=,iv:lo9XEcwY4FPD/rRbnuiUviioMIiiphS26UgPro56DIU=,tag:0eKfsS0pYw+FPW+Y5dgisg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -26,8 +27,8 @@ sops:
WGlLdXVoZlp3bEFXZjlMdG1VOUZDNUkKQ2NNTE3OsNUr2pOI7qeNFSCVkUIVRS+g WGlLdXVoZlp3bEFXZjlMdG1VOUZDNUkKQ2NNTE3OsNUr2pOI7qeNFSCVkUIVRS+g
FG5FbJJcFihXqr+Qo0nZkq+xq07vIia7mKoqyoIfkKwweiVzDKyrkQ== FG5FbJJcFihXqr+Qo0nZkq+xq07vIia7mKoqyoIfkKwweiVzDKyrkQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T04:32:32Z" lastmodified: "2024-08-14T01:46:18Z"
mac: ENC[AES256_GCM,data:esdTvjxnVP5t721ROLvMCvHMAkcpEFgTzHIQNyEkEaL1DKYDOJKFjufPPXDiEBX8+ni9RGYL4QHuDxlh89p0HAFHb3XCkE639NyHr6MD/DzFHbenaMJXEcWy/RSoWqroyHJA8XL7ymBGeDH7ERqyQaxc3oG653V/Uq5+/a++HQI=,iv:QvSee/Wes5RygpoCOJpVuatj+xij8EPUBayE1yUWM3g=,tag:8Un2qrflqAFB0iWz2Evi5Q==,type:str] mac: ENC[AES256_GCM,data:+RuyHG1wLykJX792bkHvRXEiW7vDYj7i2tbR0MnZZUuFcr3xQDIuCW0/XnzxeX643k4iq+h/YUer/v7tIbCh75UXTG7oxQpfJhI8zMfaxKcCZBntD+wDhEmpWhgonOR/RwOAPMPz7FntJVvt9BHnpSLVjZC7KqVPohob0DRJs2Q=,iv:p6Lov35M8SN9RIV9I3D+3cO+wi3Kd2pVe08xgWYi/tM=,tag:aOMQauv2FFEsdwaS7WOraQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.0

15
machines/dolomite/default.nix
View file

@ -95,9 +95,24 @@ in
dns = { dns = {
servers = [ servers = [
{ {
tag = "warp";
address = "1.1.1.1"; address = "1.1.1.1";
detour = "wg-out"; detour = "wg-out";
} }
{
tag = "directdns";
address = "h3://8.8.8.8/dns-query";
}
];
rules = [
{
outbound = "wg-out";
server = "warp";
}
{
outbound = "direct";
server = "directdns";
}
]; ];
}; };
inbounds = [ inbounds = [

18
modules/home-manager/direnv.nix
View file

@ -1,18 +1,30 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom-hm.direnv; cfg = config.custom-hm.direnv;
changeCacheDir = ''
declare -A direnv_layout_dirs
direnv_layout_dir() {
local hash path
echo "''${direnv_layout_dirs[$PWD]:=$(
hash="$(sha1sum - <<< "$PWD" | head -c40)"
path="''${PWD//[^a-zA-Z0-9]/-}"
echo "''${XDG_CACHE_HOME}/direnv/layouts/''${hash}''${path}"
)}"
}
'';
in in
{ {
options.custom-hm.direnv = { options.custom-hm.direnv = {
enable = mkEnableOption "direnv"; enable = mkEnableOption "direnv";
}; };
config = { config = {
programs = mkIf config.custom-hm.direnv.enable { programs = mkIf cfg.enable {
direnv = { direnv = {
enable = true; enable = true;
stdlib = changeCacheDir;
}; };
}; };
}; };
} }