diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg index 8596d3f..a3f91d8 100644 --- a/.gitsecret/paths/mapping.cfg +++ b/.gitsecret/paths/mapping.cfg @@ -1 +1 @@ -configs/secrets.nix:98200935d7749b2aa2f1e99951b6960c70a7777afbd1cc2f87f2500ea2ac5f71 +configs/secrets.nix:b18f9f61e87047362ace7028d25a48d42f3e2ee6c7047c9347279207d36ce182 diff --git a/configs/common.nix b/configs/common.nix index 0f5b08a..27c5592 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -35,6 +35,15 @@ in networking = { nameservers = [ "127.0.0.1" "::1" ]; + hosts = { + "2.56.97.114" = ["szczepan.ski"]; + "10.100.0.1" = ["vps.wg"]; + "10.100.0.2" = ["desktop.wg"]; + "10.100.0.3" = ["mini.wg"]; + "192.168.0.24" = ["mini.lan"]; + "192.168.0.100" = ["homeserver.lan"]; + "192.168.0.150" = ["desktop.lan"]; + }; # If using dhcpcd: dhcpcd.extraConfig = "nohook resolv.conf"; # If using NetworkManager: diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret index 7604894..9268b2e 100644 Binary files a/configs/secrets.nix.secret and b/configs/secrets.nix.secret differ diff --git a/configs/user.nix b/configs/user.nix index 4ca82e9..07f28ae 100644 --- a/configs/user.nix +++ b/configs/user.nix @@ -11,6 +11,7 @@ extraGroups = [ "wheel" "docker" "networkmanager" "libvirtd" "lp" "scanner" "adbusers" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIsOYaj6+akcgTQPvm0/htYgO5z+PR1TJRxCnbRNI/ucqvcC6/eTzPU7tKG+UJtkfy30NSnwu/k9aENyb5zYLVoDHngOzH8DLl93B2nHgwUiLpv7kFXOhvD1jsA5RsryeumaL7YbtlePrso+FEJkUez8mncAjG4t9U/MifkTbujjS5AP35NONH01fQWKvivnqw4T0dq36e0J0YF/zcb1mQovt3dw7+NE0A6OwNGAElRNwVh619jL9g0TJBi3Ge8LASsHBildzTlNVHzIwdDzRdAvsoAXjYF42fjHSQXZJv5P5eJcT7JEt7x+yVWzTnk/K6/dtKi6kewbp/srUGSsVLP6x+o6QTQ5rYKoBRsM/3bfqG0PwijfDXEdn7bQn6+7PcnMhVi5wJppUeEOt0SbRBDSa3ewzTWjjESPW03b/oIlNrnDhk5UJmF5jlfxz9HHP73lqEpcNhEAiZMLbfvnwtufS/wYnZXz44i8rVEiNMfIOS2VIM74aNloPTvkq0Ek0GzTT6H4wQy7VbRgSOaW+XN5TSOEqtfZ0TpmYNrpskVx5yDrbOOArmULICGLlexed8fsFZX8P1ouTg96pM5Kr47HZsdEZzS8DKuDx8EP50ORYKbN6Kyb+f0FcMEfD1RQV+IECKnnFUyoozFjE0aV+ROjAKoDmyWdU2lpOPA8kRBw== alex@desktop" ]; }; }; diff --git a/machine/desktop.nix b/machine/desktop.nix index bf0b23f..4084f63 100644 --- a/machine/desktop.nix +++ b/machine/desktop.nix @@ -24,43 +24,48 @@ in options = [ "noatime" "discard" ]; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "nodev"; - boot.loader.grub.efiSupport = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub.gfxmodeEfi = "1024x768"; - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.plymouth.enable = true; - boot.extraModulePackages = with pkgs.linuxPackages; [ it87 ]; - boot.kernelModules = [ "it87" "v4l2loopback" ]; + boot = { + loader = { + grub = { + enable = true; + version = 2; + device = "nodev"; + efiSupport = true; + gfxmodeEfi = "1024x768"; + }; - networking.hostName = "desktop"; # Define your hostname. - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.2/24" ]; - privateKey = secrets.wireguard-desktop-private; + efi.canTouchEfiVariables = true; + }; - peers = [ - { - publicKey = secrets.wireguard-vps-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "szczepan.ski:51820"; - persistentKeepalive = 25; - } - ]; + initrd.kernelModules = [ "amdgpu" ]; + plymouth.enable = true; + extraModulePackages = with pkgs.linuxPackages; [ it87 ]; + kernelModules = [ "it87" "v4l2loopback" ]; + }; + + networking = { + hostName = "desktop"; # Define your hostname. + useDHCP = false; + wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.2/24" ]; + privateKey = secrets.wireguard-desktop-private; + + peers = [ + { + publicKey = secrets.wireguard-vps-public; + presharedKey = secrets.wireguard-preshared; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "szczepan.ski:51820"; + persistentKeepalive = 25; + } + ]; + }; }; }; - # Set your time zone. time.timeZone = "Europe/Berlin"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - console = { font = "latarcyrheb-sun32"; keyMap = "us"; @@ -113,10 +118,25 @@ in fswatch ]; - services.xserver.videoDrivers = [ "amdgpu" ]; - services.hardware.xow.enable = true; - services.printing.enable = true; sound.enable = true; + services = { + printing.enable = true; + xserver.videoDrivers = [ "amdgpu" ]; + hardware.xow.enable = true; + borgbackup.jobs.home-alex = { + compression = "auto,zstd"; + encryption = { + mode = "repokey-blake2" ; + passphrase = secrets.borg-desktop-key; + }; + environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa"; + paths = "/home/alex"; + repo = "ssh://alex@szczepan.ski/borg-backup/desktop"; + startAt = "daily"; + user = "alex"; + }; + }; + system.stateVersion = "21.05"; }