Merge branch 'master' of github.com:mrjones2014/dotfiles

mrjones2014 · Dec 12, 2024 · bd6b301 · bd6b301
2 parents 8dee776 + c97bf98
commit bd6b301
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 37 deletions.
diff --git a/hosts/pc/default.nix b/hosts/pc/default.nix
@@ -10,6 +10,8 @@
   boot.loader.efi.efiSysMountPoint = "/boot/efi";
   powerManagement.cpuFreqGovernor = "performance";
   hardware = {
+    # setup udev rules for ZSA keyboard firmware flashing
+    keyboard.zsa.enable = true;
     # use proprietary nvidia drivers
     graphics.enable = true;
     nvidia = {
@@ -54,6 +56,7 @@
     parsec-bin
     mullvad-vpn
     prismlauncher
+    wally-cli
     # dolphinEmu # dolphin build is suuuuper slow and also broken rn
     # rpcs3 # broken right now
   ];

diff --git a/hosts/server/cleanuperr.nix b/hosts/server/cleanuperr.nix
@@ -0,0 +1,13 @@
+{ config, ... }:
+let envFile = config.age.secrets.cleanuperr_env.path;
+in {
+  age.secrets.cleanuperr_env.file = ../../secrets/cleanuperr_env.age;
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers.cleanuperr = {
+      autoStart = true;
+      image = "ghcr.io/flmorg/cleanuperr:latest";
+      environmentFiles = [ envFile ];
+    };
+  };
+}
diff --git a/hosts/server/content.nix b/hosts/server/content.nix
@@ -4,6 +4,7 @@
     ./deluge.nix
     # port 8082
     ./homepage.nix
+    ./cleanuperr.nix
   ];
   services = {
     jellyfin = {

diff --git a/hosts/server/default.nix b/hosts/server/default.nix
@@ -23,7 +23,6 @@
 
   imports = [
     ./hardware-configuration.nix
-    ./secrets.nix
     ./content.nix
     ./nas.nix
     ./containers.nix

diff --git a/hosts/server/deluge.nix b/hosts/server/deluge.nix
@@ -3,6 +3,7 @@ let
   configDir = "/var/lib/delugevpn";
   wireguardConfigPath = config.age.secrets.mullvad_wireguard.path;
 in {
+  age.secrets.mullvad_wireguard.file = ../../secrets/mullvad_wireguard.age;
 
   systemd.tmpfiles.rules = [
     "d ${configDir} 055 delugevpn delugevpn - -"
@@ -17,33 +18,31 @@ in {
   };
   virtualisation.oci-containers = {
     backend = "podman";
-    containers = {
-      delugevpn = {
-        autoStart = true;
-        image = "ghcr.io/binhex/arch-delugevpn";
-        extraOptions =
-          [ "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--privileged=true" ];
-        ports = [ "8112:8112" "8118:8118" "58846:58846" "58946:58946" ];
-        volumes = [ "/mnt/jellyfin:/data" "${configDir}:/config" ];
-        environment = {
-          VPN_ENABLED = "yes";
-          VPN_PROV = "custom";
-          VPN_CLIENT = "wireguard";
-          STRICT_PORT_FORWARD = "yes";
-          ENABLE_PRIVOXY = "yes";
-          LAN_NETWORK = "192.168.189.0/24";
-          NAME_SERVERS =
-            "84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1";
-          DELUGE_DAEMON_LOG_LEVEL = "info";
-          DELUGE_WEB_LOG_LEVEL = "info";
-          DELUGE_ENABLE_WEBUI_PASSWORD = "yes";
-          VPN_INPUT_PORTS = "";
-          VPN_OUTPUT_PORTS = "";
-          DEBUG = "false";
-          UMASK = "000";
-          PUID = "0";
-          PGID = "0";
-        };
+    containers.delugevpn = {
+      autoStart = true;
+      image = "ghcr.io/binhex/arch-delugevpn";
+      extraOptions =
+        [ "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--privileged=true" ];
+      ports = [ "8112:8112" "8118:8118" "58846:58846" "58946:58946" ];
+      volumes = [ "/mnt/jellyfin:/data" "${configDir}:/config" ];
+      environment = {
+        VPN_ENABLED = "yes";
+        VPN_PROV = "custom";
+        VPN_CLIENT = "wireguard";
+        STRICT_PORT_FORWARD = "yes";
+        ENABLE_PRIVOXY = "yes";
+        LAN_NETWORK = "192.168.189.0/24";
+        NAME_SERVERS =
+          "84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1";
+        DELUGE_DAEMON_LOG_LEVEL = "info";
+        DELUGE_WEB_LOG_LEVEL = "info";
+        DELUGE_ENABLE_WEBUI_PASSWORD = "yes";
+        VPN_INPUT_PORTS = "";
+        VPN_OUTPUT_PORTS = "";
+        DEBUG = "false";
+        UMASK = "000";
+        PUID = "0";
+        PGID = "0";
       };
     };
   };

diff --git a/hosts/server/homepage.nix b/hosts/server/homepage.nix
@@ -1,4 +1,5 @@
 { config, ... }: {
+  age.secrets.homepage.file = ../../secrets/homepage.age;
   services.homepage-dashboard = {
     enable = true;
     openFirewall = true;

diff --git a/hosts/server/secrets.nix b/hosts/server/secrets.nix
diff --git a/hosts/server/wireguard.nix b/hosts/server/wireguard.nix
@@ -4,6 +4,7 @@ let
   wireguard_interface = "wgvpn";
   external_interface = "enp0s31f6";
 in {
+  age.secrets.wireguard_server.file = ../../secrets/wireguard_server.age;
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   services.dnsmasq = {
     enable = true;

diff --git a/secrets.nix b/secrets.nix
@@ -14,4 +14,5 @@ in {
   "secrets/mullvad_wireguard.age".publicKeys = users ++ systems;
   "secrets/homepage.age".publicKeys = users ++ systems;
   "secrets/wireguard_server.age".publicKeys = users ++ systems;
+  "secrets/cleanuperr_env.age".publicKeys = users ++ systems;
 }
diff --git a/secrets/cleanuperr_env.age b/secrets/cleanuperr_env.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 FeK1Dw eEjoWtalIg0C/ukN1EbKmDbnhvRhjJiPu3VcVqmB4Ew
+qv1QVBf7QoL8jfl+tFR3TQxzBgWYmP4nG9LoyuIk8Rg
+-> ssh-ed25519 kfVkkw 1+c6Me4TwMhFRPkGBjHjUlkTkE2GB6LbflbU1HVfyxg
+9nn5nsXLKSX1ncSVSGQAyz9Mo/N5jsxmvEramfsagkg
+--- sAi2mVHywDItxTGGHJV/HXoAAb+pNMiMcjqivNPJc0k
+��E��� �(7M��`���`�NF?s����v��a��s�5���	Iv��`���0����d<N��N����Jx:))up��'���9R��7"}�u�v��fs~���_st�QBA�{kc���aH��B�Oஊq]�Sk��le�p.�h�&r� Fv��`�Q>�
+p��������Ԃ�m~�`�v�-!!���T�;ПԊ�%9��l��T�Nc��S�0����0�X4�*�0��%�Ř�$���v�c���U&�Q�S/���R��_�60�?��s�^��+�Ž����G'S�k-Z�:��Q��rz�����v�x}-37��R�z\9h
+��ߧ,�e�= û�n��sw7,�ͭ����� �q�w�5�d%/����0`�Q��$O�}L�Gd�R�vM!����&��v��,q�|}�nK�Qeh�6=�`.�4��ml,{�lq�ڤ`;����&_7:c`�Ō���¿$H�S��������ojC������[p�
+j�8�����͚�<
+��u�R���ڿ�����W���a�6)����˒I�	�_Ļ��tat|Qk��"e�Z� u���fEץy�8a�P��"L�;%$W~)�������gZbدahs�c���B��8tf�t�i�:(��ۖ�D�y�H�Ţ��O.�e��l�������m�D