add syncthing and keepass

2024-05-16 15:09:24 +02:00 · 2024-05-16 15:09:24 +02:00 · 4a800d9290
commit 4a800d9290
parent bb9494227f
14 changed files with 183 additions and 80 deletions
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -8,17 +8,17 @@
  ...
 }: let
  cfg = config.myHomeManager;
-  # Taking all modules in ./features and adding enables to them
-  features =
-    helperLib.extendModules
-    (name: {
-      extraOptions = {
-        myHomeManager.${name}.enable = lib.mkEnableOption "enable my ${name} configuration";
-      };
-
-      configExtension = config: (lib.mkIf cfg.${name}.enable config);
-    })
-    (helperLib.filesIn ./features);
+  # # Taking all modules in ./features and adding enables to them
+  # features =
+  #   helperLib.extendModules
+  #   (name: {
+  #     extraOptions = {
+  #       myHomeManager.${name}.enable = lib.mkEnableOption "enable my ${name} configuration";
+  #     };
+  #
+  #     configExtension = config: (lib.mkIf cfg.${name}.enable config);
+  #   })
+  #   (helperLib.filesIn ./features);

  # Taking all module bundles in ./bundles and adding bundle.enables to them
  bundles =
@ -35,7 +35,7 @@
 in {
  imports = [
  ]
-  ++ features
+  # ++ features
  ++ bundles
  ;

--- a/modules/home/features/syncthing.nix
+++ b/modules/home/features/syncthing.nix
@ -1,53 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  inputs,
-  ...
-  }: let
-    saintAlphonsoID = "LHASNUO-CXALARH-XI3TU4U-OCULV72-HS3HQ35-P4FECIT-UZ5VMSZ-PMCEPQH";
-
-    webGuiPort = [ 8384 ];
-    cfg = config;
-  in {
-  imports = [];
-
-  # options = {
-  #   rootDir = lib.mkOption {
-  #     type = lib.types.path;
-  #     default = "/home/${cfg.myNixOS.sharedSettings.mainUser}/sync";
-  #   };
-  #
-  #   remoteGui = lib.mkEnableOption "Enable port for remote WebGUI";
-  # };
-  #
-  # services.syncthing = {
-  #   enable = true;
-  #   user = cfg.myNixOS.sharedSettings.mainUser;
-  #   dataDir = config.rootDir;
-  #   configDir = "/home/${cfg.myNixOS.sharedSettings.mainUser}/.config/syncthing";
-  #   overrideDevices = true;
-  #   overrideFolders = true;
-  #   settings = {
-  #     devices = {
-  #       "saintAlphonso" = { id = saintAlphonsoID; };
-  #     };
-  #     folders = {
-  #       "KeepassXC" = {
-  #         path = "/home/${cfg.myNixOS.sharedSettings.mainUser}/KeepassXC";
-  #         devices = [ "saintAlphonso" ];
-  #       };
-  #     };
-  #   };
-  # };
-
-   # # Syncthing ports: 8384 for remote access to GUI
-   # # 22000 TCP and/or UDP for sync traffic
-   # # 21027/UDP for discovery
-   # # source: https://docs.syncthing.net/users/firewall.html
-   # networking.firewall.allowedTCPPorts = 
-   #   [ 22000 ] 
-   #   ++ webGuiPort;
-   #
-   # networking.firewall.allowedUDPPorts = [ 22000 21027 ];
-}
--- a/modules/nixOS/bundles/core/default.nix
+++ b/modules/nixOS/bundles/core/default.nix
@ -0,0 +1,9 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    # ./sops.nix
+  ];
+}
--- a/modules/nixOS/bundles/core/sops.nix
+++ b/modules/nixOS/bundles/core/sops.nix
@ -0,0 +1,37 @@
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}: let
+  secretsFile = "../../../../secrets/secrets.json";
+  secretsSet = builtins.fromJSON (builtins.readFile ./${secretsFile});
+  devices = builtins.attrNames secretsSet.syncthing.devices;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFile = ./${secretsFile};
+    validateSopsFiles = false;
+
+    age = {
+      # automatically import host SSH keys as age keys
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      # this will use an age key that is expected to already be in the filesystem
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # generate a new key if the key specified above does not exist
+      generateKey = true;
+    };
+
+    # secrets will be output to /run/secrets
+    secrets = {
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+}
+
--- a/modules/nixOS/bundles/general-desktop.nix
+++ b/modules/nixOS/bundles/general-desktop.nix
@ -68,4 +68,8 @@
      serif = ["JetBrainsMono Nerd Font"];
    };
  };
+
+  environment.systemPackages = with pkgs; [
+    keepassxc
+  ];
 }
--- a/modules/nixOS/default.nix
+++ b/modules/nixOS/default.nix
@ -34,16 +34,16 @@
    (helperLib.filesIn ./bundles);

  # taking all module services in ./services and adding service.enables to them
-  # services = 
-  #   helperLib.extendModules
-  #   (name: {
-  #     extraOptions = {
-  #       myNixOS.services.${name}.enable = lib.mkEnableOption "enable ${name} module service";
-  #     };
-  #
-  #     configExtension = config: (lib.mkIf cfg.services.${name}.enable config);
-  #   })
-  #   (helperLib.filesIn ./services);
+  services = 
+    helperLib.extendModules
+    (name: {
+      extraOptions = {
+        myNixOS.services.${name}.enable = lib.mkEnableOption "enable ${name} module service";
+      };
+
+      configExtension = config: (lib.mkIf cfg.services.${name}.enable config);
+    })
+    (helperLib.filesIn ./services);
 in {
  imports = 
  [
@ -51,7 +51,7 @@ in {
  ]
  ++ features
  ++ bundles
-  # ++ services
+  ++ services
  ;

  options.myNixOS = {
--- a/modules/nixOS/services/syncthing/default.nix
+++ b/modules/nixOS/services/syncthing/default.nix
@ -0,0 +1,56 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+  }: let
+    webGuiPort = [ 8384 ];
+    cfg = config;
+    secretsFile = "../../../secrets/secrets.json";
+    secretsSet = builtins.fromJSON (builtins.readFile ./${secretsFile});
+    devices = builtins.attrNames secretsSet.syncthing.devices;
+  in {
+  options = {
+    rootDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/home/${cfg.myNixOS.sharedSettings.mainUser}/sync";
+    };
+
+    remoteGui = lib.mkEnableOption "Enable port for remote WebGUI";
+  };
+
+  services.syncthing = {
+    enable = true;
+    user = cfg.myNixOS.sharedSettings.mainUser;
+    dataDir = config.rootDir;
+    configDir = "/home/${cfg.myNixOS.sharedSettings.mainUser}/.config/syncthing";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      devices = {
+			  "saintAlphonso"  = { id ="LHASNUO-CXALARH-XI3TU4U-OCULV72-HS3HQ35-P4FECIT-UZ5VMSZ-PMCEPQH"; };
+			  "littleUmbrella" = { id ="BH3OHYP-TGGOSZO-EM6MXRY-YHSBOUO-CQHE7DL-N2LOUFY-TF3LEJ7-FHTGTQI"; };
+			  "pixelRoot"      = { id ="PO7U5SE-DYKTOM2-TFDS3BM-A25VK7V-MQ3VPFM-EFX3J4D-B3UDCX4-3XQAIAC"; };
+			  "pixelDefault"   = { id ="HC3CKC7-OUZBLU3-JIKTRYG-DPJE6EC-7POCWNS-6VNOPDU-L7OWYWO-PL332AY"; };
+			  "pixelGooglor"   = { id ="OWDM4I2-O6STMIS-H3EXF65-FSM26K3-5FLQXRN-VOK7JGC-T6H76IR-QAVO3QK"; };
+      };
+
+      folders = {
+        "/home/${cfg.myNixOS.sharedSettings.mainUser}/KeepassXC" = {
+          label = "KeepassXC";
+          id = "xd4de-mjfcq";
+          devices = ["littleUmbrella" "pixelRoot" "pixelDefault" "pixelGooglor" "saintAlphonso"];
+          versioning = { type = "simple"; params.keep = "5"; };
+        };
+      };
+    };
+  };
+
+  # Syncthing ports: 8384 for remote access to GUI
+  # 22000 TCP and/or UDP for sync traffic
+  # 21027/UDP for discovery
+  # source: https://docs.syncthing.net/users/firewall.html
+  networking.firewall.allowedTCPPorts = [ 8384 22000 ];
+  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
+}