mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Major refactor of dotspace config

Browse source
This commit is contained in:
Lauren Lagarde 2025-08-21 22:25:10 -05:00
parent 53c3b2bb19
commit f6e96617df
24 changed files with 198 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

20
dotspace/configuration.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }: {
security.pki.certificates = [''
-----BEGIN CERTIFICATE-----
MIIBqzCCAVGgAwIBAgIQRC/rocbzjexwYz5mWw/YYDAKBggqhkjOPQQDAjA0MRQw
EgYDVQQKDAtEb3RzcGFjZV92MTEcMBoGA1UEAwwTRG90c3BhY2VfdjEgUm9vdCBD
QTAeFw0yNDEwMTgxNjI4NDRaFw0zNDEwMTYxNjI4NDRaMDQxFDASBgNVBAoMC0Rv
dHNwYWNlX3YxMRwwGgYDVQQDDBNEb3RzcGFjZV92MSBSb290IENBMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEJA1QxB0h6Hvp/0sjxZ+wedEaC0v8ODGb7TOQFNOR
vutG6AeH8F5yRuFmpUjTIXB6nfCn7Ruu1BjL6tjvcAgULqNFMEMwDgYDVR0PAQH/
BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFPzRcD8OgMChBACO
jN+KyAth49ZjMAoGCCqGSM49BAMCA0gAMEUCIAy+GTFir9N8Xldw0YjQIRZOrM81
mbpG5txU7FzqEOc0AiEA28/SOnR7hSQEslzfeiDbVk1FCIi9AL64cqv1J+0iJc8=
-----END CERTIFICATE-----
''];
imports = [
./parts/cifs.nix
./parts/tinc.nix
];
}

30
dotspace/home.nix Normal file
View file

@ -0,0 +1,30 @@
{ ... }: {
programs.ssh = {
enable = true;
userKnownHostsFile = "~/.ssh/known_hosts ~/.ssh/dotspace_known_hosts";
matchBlocks = {
"git.mlaga97.space" = {
hostname = "10.86.84.150";
port = 2222;
proxyJump = "fortress.mlaga97.space";
};
};
};
home.file.".ssh/dotspace_known_hosts".text = ''
[10.86.84.150]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGeO5P0YXb11gWpu+9Zj8qulnOeEHxFVIq/d4hfV6KAM
fortress.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINzNlalnh/cgosa5Vw85YEET9rwcEmfRGTFlNFqSo/53
bastion.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtmSrFZNFWFUH7ajyaFQSE85RC5Y5TdlZ0U/C863Zg9
blockhouse.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGKN+xPvC+o9f5vlItdytZfKbsQyN/7XODU2jexL1TV
drawbridge.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOphVdDU4YpAc+5JiwarKVk32kfFtVCmQUIJaXc3XqJA
vm-docker-0.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4bp3QlO6M2dfPvjzdTfcEXEsaJ1fcIxyx8aRZRzekq
vm-docker-1.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINolzmDBmxUIpR/pcvmQ91gydyty4HlrDyZcz78NYC9C
vm-docker-2.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm4WfWSfqmVGF6VwyLjxGcjn4YtqlWa2zS3eKxDJOCo
ll-latitude-e5591.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiyCBH4WDsmkbsncWbEtzKcBh7t8dKFtWbGtp70lvGm
'';
}

50
dotspace/parts/cifs.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, ... }: let
SMBShares = [
{
host = "bastion.mlaga97.space";
share = "MyBook";
}
{
host = "bastion.mlaga97.space";
share = "Frigate";
}
{
host = "blockhouse.mlaga97.space";
share = "Parlor";
}
{
host = "blockhouse.mlaga97.space";
share = "Archive";
}
];
in {
sops.secrets = builtins.listToAttrs(
map (
x: {
name = "dotspace/smb/${x.share}";
value = {};
}
) SMBShares
);
systemd.mounts = map (
x: {
type = "cifs";
options = "rw,vers=3,credentials=${config.sops.secrets."dotspace/smb/${x.share}".path},uid=1000,gid=100,dir_mode=0775,file_mode=0775";
what = "//${x.host}.mlaga97.space/${x.share}";
where = "/${x.share}";
}
) SMBShares;
systemd.automounts = map (
x: {
wantedBy = [ "multi-user.target" ];
automountConfig = {
TimeoutIdleSec = "60";
DeviceTimeout = "5";
MountTimeout = "5";
};
where = "/${x.share}";
}
) SMBShares;
}

52
dotspace/parts/tinc.nix Normal file
View file

@ -0,0 +1,52 @@
{ ... }: {
services.tinc.networks.dotspace.hosts = {
# Public Endpoints
fortress = ''
Subnet = 10.86.84.1/32
Ed25519PublicKey = y+7rtFhl2gIt2ziIqs8+Qo80ENde5vzO6yKSXCF3PLE
Address = 68.183.54.8
'';
# Hosts
casemate = ''
Subnet = 10.86.84.103/32
Ed25519PublicKey = OgHDM9ps4lOqEGLEexuaFLp/HkhkwAPbPKGifrxeOYK
'';
blockhouse = ''
Subnet = 10.86.84.104/32
Ed25519PublicKey = mHWGyv/sVAuozd456AnTuSWZCJ45NtStEiPh3xQGakF
'';
bastion = ''
Subnet = 10.86.84.105/32
Ed25519PublicKey = VzuBoJYWD/AhXUAbeWsLbJMqhJQCRn8E6sNqkJJej1G
'';
outpost = ''
Subnet = 10.86.84.106/32
Ed25519PublicKey = pYWNeHVj6nfcmmHmTTtsAnykbqDxZ+uhlPrDBOjvWzL
'';
redoubt = ''
Subnet = 10.86.84.107/32
Ed25519PublicKey = 9m4yRBs4JsYcx5kmPfH4NlKj1ybCZ6gmnVwUDH0vBKA
'';
# VMs
vm_docker_0 = ''
Ed25519PublicKey = ttOHxNuWov0mA5bDBaiujZF/sfieflx8+mcn5LVxCkD
Subnet = 10.86.84.150/32
'';
vm_docker_1 = ''
Ed25519PublicKey = ly74/CAQIEDFa+HPMJhWikIHAwm4P0X1L8EpdmI7lGD
Subnet = 10.86.84.151/32
'';
vm_docker_2 = ''
Ed25519PublicKey = jfgIkB4PcU04Evs3W/ySyxb7NIxosnmRqJ3vMqI4+kC
Subnet = 10.86.84.152/32
'';
# Clients
ll_latitude_e5591 = ''
Ed25519PublicKey = zlht9xdE9gUKON5MUshN07B6deMz3nRYnOnufi6ATGP
Subnet = 10.86.84.250/32
'';
};
}

3
flake.nix
View file

@ -69,7 +69,8 @@
];
"lauren_lagarde@tui.mlaga97.space" = self.homeManagerModules."lauren_lagarde" ++ [
./secrets/mlaga97.nix
./dotspace/home.nix
./users/lauren_lagarde/home.nix
];
"lauren_lagarde@gui.mlaga97.space" = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space" ++ [

1
home-manager/.gitignore vendored
View file

@ -1 +0,0 @@
*.swp

2
home-manager/assets/resetbluetooth.sh
View file

@ -1,2 +0,0 @@
systemctl --user restart pipewire && sudo systemctl restart bluetooth
i3-msg restart

BIN
secrets.tar.zst.gpg
View file

Binary file not shown.

5
systems/bastion/configuration.nix
View file

@ -45,12 +45,11 @@
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Bastion Features

5
systems/blockhouse/configuration.nix
View file

@ -38,12 +38,11 @@
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Blockhouse Features

7
systems/fortress/configuration.nix
View file

@ -41,16 +41,17 @@
../../nixos/tweaks/enable_flakes.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../dotspace/configuration.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
# Additional Software
../../nixos/tweaks/disable_firewall.nix
#../../nixos/features/virtualization/dockge.nix
../../nixos/features/virtualization/docker.nix
../../secrets/dotspace.nix
# Local Config
./gatus.nix
./coturn.nix

19
systems/living-room-nixos.nix
View file

@ -1,19 +0,0 @@
{ ... }: {
imports = [
../ll-nixos-base.nix
../features/gpu/intel.nix
];
home-manager.users.lauren_lagarde = {
imports = [
../../modules/mlaga97-home-manager/programs/firefox.nix
];
# Fix issue with HDMI passthrough
xsession.windowManager.i3 = {
config.startup = [
{ command = "xrandr --output HDMI-1 --mode 1920x1080 --rate 60 --primary"; }
];
};
};
}

11
systems/living-room/configuration.nix
View file

@ -40,18 +40,17 @@
../../nixos/tweaks/disable_nixos_user.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/autologin.nix
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
# i3wm
../../nixos/features/i3wm.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../nixos/features/stronghold-binary-cache.nix
# living-room
../../nixos/features/gpu/intel.nix
../../nixos/features/systemd-boot.nix

5
systems/ll-latitude-e5591/configuration.nix
View file

@ -32,7 +32,7 @@
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
# i3wm
../../nixos/features/i3wm.nix
@ -41,8 +41,7 @@
../../nixos/tweaks/intel_igpu_screen_tearing.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Additional Software

27
systems/ll-nixos-base.nix
View file

@ -1,27 +0,0 @@
{ pkgs, ... }: {
imports = [
# Core Features
../features/base.nix
../features/tui-apps.nix
../features/openssh-server.nix
# Core Tweaks
../tweaks/zram.nix
../tweaks/enable_flakes.nix
../tweaks/disable_nixos_user.nix
../tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../users/lauren_lagarde/lauren_lagarde.nix
# i3wm
../features/i3wm.nix
../features/hardware/yubikey.nix
../tweaks/bluetooth.nix
../tweaks/intel_igpu_screen_tearing.nix
# Dotspace
../secrets/dotspace.nix
../features/stronghold-binary-cache.nix
];
}

37
systems/ll-nixos-full.nix
View file

@ -1,37 +0,0 @@
{ pkgs, ... }: {
imports = [
# Core Features
../features/base.nix
../features/tui-apps.nix
../features/openssh-server.nix
# Core Tweaks
../tweaks/zram.nix
../tweaks/enable_flakes.nix
../tweaks/disable_nixos_user.nix
../tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../users/lauren_lagarde/lauren_lagarde.nix
# i3wm
../features/i3wm.nix
../features/hardware/yubikey.nix
../tweaks/bluetooth.nix
../tweaks/intel_igpu_screen_tearing.nix
# Dotspace
../secrets/dotspace.nix
../features/stronghold-binary-cache.nix
# Assume Intel GPU
../features/gpu/intel.nix
# Additional Software
../features/embedded.nix
../features/hardware/rtl-sdr.nix
../features/hardware/printing.nix
../features/virtualization/docker.nix
../features/virtualization/libvirt-host.nix
];
}

13
systems/ll-nixos-live/configuration.nix
View file

@ -31,8 +31,12 @@
../../nixos/tweaks/disable_nixos_user.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../../users/lauren_lagarde/lauren_lagarde.nix
# Dotspace
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/configuration.nix
# i3wm
../../nixos/features/i3wm.nix
@ -40,11 +44,6 @@
../../nixos/tweaks/bluetooth.nix
../../nixos/tweaks/intel_igpu_screen_tearing.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../nixos/features/stronghold-binary-cache.nix
# Additional Software
../../nixos/features/embedded.nix
../../nixos/features/hardware/rtl-sdr.nix

47
systems/ll-nixos-xmrig-worker.nix
View file

@ -1,47 +0,0 @@
{ pkgs, ... }: {
imports = [
# Core Features
../features/base.nix
../features/tui-apps.nix
../features/openssh-server.nix
# Core Tweaks
../tweaks/zram.nix
../tweaks/enable_flakes.nix
];
networking.networkmanager.enable = true;
powerManagement.cpuFreqGovernor = "performance";
environment.systemPackages = with pkgs; [
xmrig
];
# Improve xmrig performance
hardware.cpu.x86.msr.enable = true;
hardware.cpu.x86.msr.settings.allow-writes = "on";
# Helper Scripts
home-manager.users.nixos.home = {
stateVersion = "24.11";
file = {
"stronghold" = {
executable = true;
text = ''
sudo nmtui-connect Stronghold
'';
};
"mine" = {
executable = true;
text = ''
sudo xmrig --randomx-1gb-pages -o vm-docker-2.mlaga97.space:3333
'';
};
};
};
# SSH Config
users.users.nixos.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
];
}

7
systems/outpost.nix
View file

@ -22,10 +22,13 @@
../tweaks/systemd-resolved_nonsense.nix
# Dotspace
../secrets/dotspace.nix
../../dotspace/configuration.nix
# Users
../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
# Outpost
../../nixos/tweaks/disable_firewall.nix
];
##############################################################################

4
systems/redoubt/configuration.nix
View file

@ -30,11 +30,11 @@
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../secrets/dotspace.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/lauren_lagarde/configuration.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Features

8
systems/stronghold/configuration.nix
View file

@ -18,13 +18,13 @@
../../nixos/tweaks/disable_nixos_user.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../../users/lauren_lagarde/lauren_lagarde.nix
# Dotspace
../../secrets/dotspace.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/configuration.nix
# Docker Host Stuff
../../nixos/tweaks/disable_firewall.nix
../../nixos/features/virtualization/docker.nix

10
systems/vm-docker-host/vm-docker-host-base.nix
View file

@ -11,12 +11,12 @@
../../tweaks/disable_nixos_user.nix
../../tweaks/systemd-resolved_nonsense.nix
# Lauren Base
../../users/lauren_lagarde/lauren_lagarde.nix
# Dotspace
../../secrets/dotspace.nix
../../features/stronghold-binary-cache.nix
../../dotspace/configuration.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/configuration.nix
# Docker Host Stuff
../../tweaks/disable_firewall.nix

0
users/lauren_lagarde/lauren_lagarde.nix → users/lauren_lagarde/configuration.nix
View file

7
users/lauren_lagarde/home.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
programs.git = {
enable = true;
userName = "Lauren Lagarde";
userEmail = "lauren@lagarde.dev";
};
}