feat: Added tailscale to stuff

common/gui.nix

@@ -32,18 +32,20 @@ lib.attrsets.optionalAttrs device.hasGui {
         asvetliakov.vscode-neovim
       ];
     };
-    # ghostty = {
-    #   enable = true;
-    #   installBatSyntax = false;
-    #   settings = {
-    #     theme = "catppuccin-mocha";
-    #   };
-    #   package = pkgs.ghostty;
-    # };
+    ghostty = {
+      enable = true;
+      installBatSyntax = false;
+      settings = {
+        theme = "catppuccin-mocha";
+      };
+      package = pkgs.ghostty;
+    };
   };
   home.packages = with pkgs;
     []
     ++ lib.optionals pkgs.stdenv.isLinux [
+      ghostty
+      discord
       (mpv-unwrapped.wrapper {mpv = mpv-unwrapped.override {sixelSupport = true;};})
       abaddon
       catppuccinThemes.gtk

nixos/mirai/services/default.nix

@@ -8,6 +8,8 @@
     ./nextcloud.nix
     ./jellyfin.nix
     ./vscode.nix
+    ./tailscale.nix
+    # ./ldap.nix
   ];
   services = {
     nix-serve = {
@@ -24,11 +26,6 @@
         overalljails = true; # Calculate the bantime based on all the violations
       };
     };
-    tailscale = {
-      enable = true;
-      useRoutingFeatures = "server";
-      extraUpFlags = "--advertise-exit-node";
-    };
     caddy = {
       enable = true;
     };

nixos/mirai/services/ldap.nix

@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services.lldap = {
+    enable = true;
+    settings = {
+      ldap_user_dn = "admin";
+      ldap_base_dn = "dc=darksailor,dc=dev";
+      ldap_user_email = "admin@darksailor.dev";
+      http_host = "0.0.0.0";
+      http_port = 5090;
+      ldap_port = 389;
+      ldap_host = "0.0.0.0";
+      environment = {
+        LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
+        LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/seed".path;
+        LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin".path;
+      };
+    };
+  };
+  services.caddy = {
+    virtualHosts."console.darksailor.dev".extraConfig = ''
+      reverse_proxy localhost:5090
+    '';
+  };
+  users.users.lldap = {
+    name = "lldap";
+    group = "lldap";
+    description = "LDAP Server User";
+    isSystemUser = true;
+  };
+  users.groups.lldap = {};
+
+  # systemd.services.sops-install-secrets = {
+  #   after = ["lldap.service"];
+  # };
+
+  systemd.services.lldap = {
+    # wants = ["sops-install-secrets.service"];
+    serviceConfig = {
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      DynamicUser = lib.mkForce false;
+    };
+  };
+  sops = {
+    secrets = let
+      owner = config.systemd.services.lldap.serviceConfig.User;
+      group = config.systemd.services.lldap.serviceConfig.Group;
+      restartUnits = ["lldap.service"];
+      cfg = {
+        inherit owner group restartUnits;
+      };
+    in {
+      "lldap/jwt" = cfg;
+      "lldap/seed" = cfg;
+      "lldap/admin" = cfg;
+    };
+  };
+}

nixos/mirai/services/tailscale.nix

@@ -0,0 +1,7 @@
+{...}: {
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "server";
+    extraUpFlags = "--advertise-exit-node";
+  };
+}

nixos/mirai/services/vscode.nix

@@ -5,6 +5,7 @@
       port = 3000;
       host = "0.0.0.0";
       extraPackages = with pkgs; [];
+      withoutConnectionToken = true;
     };
     caddy = {
       virtualHosts."code.darksailor.dev".extraConfig = ''

secrets/secrets.yaml

@@ -13,6 +13,10 @@ authelia:
             jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
             storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
             sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
+lldap:
+    jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
+    seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str]
+    admin: ENC[AES256_GCM,data:6eLFuyt9hBzoAGfaDLi9cwxFj/yq20BDCSzbHzakZLo=,iv:qjczQ/hswAzVVS7gCUapzqhRx1dAE7FhRUvtovlMuY0=,tag:aMBFJy+USOd5Vy2QKjoD6Q==,type:str]
 builder:
     mirai:
         cache:
@@ -33,8 +37,8 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-06T06:02:42Z"
-    mac: ENC[AES256_GCM,data:kMwp48xQ8Fn1nWJOajspJqVTNadEgTtfhIGfUVhCiaZzlaF7Jrw/3Vk9vM80n1HxAF56c7kSFTkJxEeuwL/ltv6RyAJOIes64rXcJuFFYF0KEWQwmDPFqZP6t7gqfC7zXh6PXJ8Sbng7Mv6p/jesfLEPFtUiIPpzegeig1ebzPE=,iv:18YVAPP0GyCF6yA2sVXaQ/wx3sXRY1sLAbE1iX4Fw/A=,tag:DEPcP1Et827UE7XsbAcnXg==,type:str]
+    lastmodified: "2025-01-13T19:40:38Z"
+    mac: ENC[AES256_GCM,data:QvON+Ye/cepfw2ifELOJWG1u1uX90xRrjc2wccgqZglCcP5TL0W+uX6wqsbhW1ZVJR5yLn4S9QOSjDmegpE5CP8VqAyAlTxe6HpD/IgM+SGHa2zMbYYijoytyXQ5wT4M4ITHZZs4AB5OsisLbBCzXpaNlvBVfE8tgJoCh37FgtQ=,iv:4mtuPp+iQn7wexR8sXtpxfGMdQGT/yEdiUcBoB0osgc=,tag:MFcVs23WhukgRXTwjMS7YQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2