diff --git a/common/gui.nix b/common/gui.nix index 1aa469fd..4b12dda1 100644 --- a/common/gui.nix +++ b/common/gui.nix @@ -32,18 +32,20 @@ lib.attrsets.optionalAttrs device.hasGui { asvetliakov.vscode-neovim ]; }; - # ghostty = { - # enable = true; - # installBatSyntax = false; - # settings = { - # theme = "catppuccin-mocha"; - # }; - # package = pkgs.ghostty; - # }; + ghostty = { + enable = true; + installBatSyntax = false; + settings = { + theme = "catppuccin-mocha"; + }; + package = pkgs.ghostty; + }; }; home.packages = with pkgs; [] ++ lib.optionals pkgs.stdenv.isLinux [ + ghostty + discord (mpv-unwrapped.wrapper {mpv = mpv-unwrapped.override {sixelSupport = true;};}) abaddon catppuccinThemes.gtk diff --git a/nixos/mirai/services/default.nix b/nixos/mirai/services/default.nix index 7a0c9eef..cb3ab496 100644 --- a/nixos/mirai/services/default.nix +++ b/nixos/mirai/services/default.nix @@ -8,6 +8,8 @@ ./nextcloud.nix ./jellyfin.nix ./vscode.nix + ./tailscale.nix + # ./ldap.nix ]; services = { nix-serve = { @@ -24,11 +26,6 @@ overalljails = true; # Calculate the bantime based on all the violations }; }; - tailscale = { - enable = true; - useRoutingFeatures = "server"; - extraUpFlags = "--advertise-exit-node"; - }; caddy = { enable = true; }; diff --git a/nixos/mirai/services/ldap.nix b/nixos/mirai/services/ldap.nix new file mode 100644 index 00000000..c486d8a4 --- /dev/null +++ b/nixos/mirai/services/ldap.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + ... +}: { + services.lldap = { + enable = true; + settings = { + ldap_user_dn = "admin"; + ldap_base_dn = "dc=darksailor,dc=dev"; + ldap_user_email = "admin@darksailor.dev"; + http_host = "0.0.0.0"; + http_port = 5090; + ldap_port = 389; + ldap_host = "0.0.0.0"; + environment = { + LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path; + LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/seed".path; + LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin".path; + }; + }; + }; + services.caddy = { + virtualHosts."console.darksailor.dev".extraConfig = '' + reverse_proxy localhost:5090 + ''; + }; + users.users.lldap = { + name = "lldap"; + group = "lldap"; + description = "LDAP Server User"; + isSystemUser = true; + }; + users.groups.lldap = {}; + + # systemd.services.sops-install-secrets = { + # after = ["lldap.service"]; + # }; + + systemd.services.lldap = { + # wants = ["sops-install-secrets.service"]; + serviceConfig = { + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + DynamicUser = lib.mkForce false; + }; + }; + sops = { + secrets = let + owner = config.systemd.services.lldap.serviceConfig.User; + group = config.systemd.services.lldap.serviceConfig.Group; + restartUnits = ["lldap.service"]; + cfg = { + inherit owner group restartUnits; + }; + in { + "lldap/jwt" = cfg; + "lldap/seed" = cfg; + "lldap/admin" = cfg; + }; + }; +} diff --git a/nixos/mirai/services/tailscale.nix b/nixos/mirai/services/tailscale.nix new file mode 100644 index 00000000..de41199d --- /dev/null +++ b/nixos/mirai/services/tailscale.nix @@ -0,0 +1,7 @@ +{...}: { + services.tailscale = { + enable = true; + useRoutingFeatures = "server"; + extraUpFlags = "--advertise-exit-node"; + }; +} diff --git a/nixos/mirai/services/vscode.nix b/nixos/mirai/services/vscode.nix index a64fec6b..3adb07d2 100644 --- a/nixos/mirai/services/vscode.nix +++ b/nixos/mirai/services/vscode.nix @@ -5,6 +5,7 @@ port = 3000; host = "0.0.0.0"; extraPackages = with pkgs; []; + withoutConnectionToken = true; }; caddy = { virtualHosts."code.darksailor.dev".extraConfig = '' diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 97b43fd5..e8847075 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -13,6 +13,10 @@ authelia: jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str] storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str] sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str] +lldap: + jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] + seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str] + admin: ENC[AES256_GCM,data:6eLFuyt9hBzoAGfaDLi9cwxFj/yq20BDCSzbHzakZLo=,iv:qjczQ/hswAzVVS7gCUapzqhRx1dAE7FhRUvtovlMuY0=,tag:aMBFJy+USOd5Vy2QKjoD6Q==,type:str] builder: mirai: cache: @@ -33,8 +37,8 @@ sops: VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-06T06:02:42Z" - mac: ENC[AES256_GCM,data:kMwp48xQ8Fn1nWJOajspJqVTNadEgTtfhIGfUVhCiaZzlaF7Jrw/3Vk9vM80n1HxAF56c7kSFTkJxEeuwL/ltv6RyAJOIes64rXcJuFFYF0KEWQwmDPFqZP6t7gqfC7zXh6PXJ8Sbng7Mv6p/jesfLEPFtUiIPpzegeig1ebzPE=,iv:18YVAPP0GyCF6yA2sVXaQ/wx3sXRY1sLAbE1iX4Fw/A=,tag:DEPcP1Et827UE7XsbAcnXg==,type:str] + lastmodified: "2025-01-13T19:40:38Z" + mac: ENC[AES256_GCM,data:QvON+Ye/cepfw2ifELOJWG1u1uX90xRrjc2wccgqZglCcP5TL0W+uX6wqsbhW1ZVJR5yLn4S9QOSjDmegpE5CP8VqAyAlTxe6HpD/IgM+SGHa2zMbYYijoytyXQ5wT4M4ITHZZs4AB5OsisLbBCzXpaNlvBVfE8tgJoCh37FgtQ=,iv:4mtuPp+iQn7wexR8sXtpxfGMdQGT/yEdiUcBoB0osgc=,tag:MFcVs23WhukgRXTwjMS7YQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2