feat: Added tailscale to stuff

2025-01-28 20:36:46 +05:30
parent 53f8e2998d
commit fd38f95f08
6 changed files with 88 additions and 16 deletions
--- a/common/gui.nix
+++ b/common/gui.nix
@@ -32,18 +32,20 @@ lib.attrsets.optionalAttrs device.hasGui {
        asvetliakov.vscode-neovim
      ];
    };
-    # ghostty = {
+    ghostty = {
-    #   enable = true;
+      enable = true;
-    #   installBatSyntax = false;
+      installBatSyntax = false;
-    #   settings = {
+      settings = {
-    #     theme = "catppuccin-mocha";
+        theme = "catppuccin-mocha";
-    #   };
+      };
-    #   package = pkgs.ghostty;
+      package = pkgs.ghostty;
-    # };
+    };
  };
  home.packages = with pkgs;
    []
    ++ lib.optionals pkgs.stdenv.isLinux [
      ghostty
      discord
      (mpv-unwrapped.wrapper {mpv = mpv-unwrapped.override {sixelSupport = true;};})
      abaddon
      catppuccinThemes.gtk
--- a/nixos/mirai/services/default.nix
+++ b/nixos/mirai/services/default.nix
@@ -8,6 +8,8 @@
    ./nextcloud.nix
    ./jellyfin.nix
    ./vscode.nix
    ./tailscale.nix
    # ./ldap.nix
  ];
  services = {
    nix-serve = {
@@ -24,11 +26,6 @@
        overalljails = true; # Calculate the bantime based on all the violations
      };
    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "server";
      extraUpFlags = "--advertise-exit-node";
    };
    caddy = {
      enable = true;
    };
--- a/nixos/mirai/services/ldap.nix
+++ b/nixos/mirai/services/ldap.nix
@@ -0,0 +1,61 @@
 {
  config,
  lib,
  ...
 }: {
  services.lldap = {
    enable = true;
    settings = {
      ldap_user_dn = "admin";
      ldap_base_dn = "dc=darksailor,dc=dev";
      ldap_user_email = "admin@darksailor.dev";
      http_host = "0.0.0.0";
      http_port = 5090;
      ldap_port = 389;
      ldap_host = "0.0.0.0";
      environment = {
        LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt".path;
        LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/seed".path;
        LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin".path;
      };
    };
  };
  services.caddy = {
    virtualHosts."console.darksailor.dev".extraConfig = ''
      reverse_proxy localhost:5090
    '';
  };
  users.users.lldap = {
    name = "lldap";
    group = "lldap";
    description = "LDAP Server User";
    isSystemUser = true;
  };
  users.groups.lldap = {};
  # systemd.services.sops-install-secrets = {
  #   after = ["lldap.service"];
  # };
  systemd.services.lldap = {
    # wants = ["sops-install-secrets.service"];
    serviceConfig = {
      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
      DynamicUser = lib.mkForce false;
    };
  };
  sops = {
    secrets = let
      owner = config.systemd.services.lldap.serviceConfig.User;
      group = config.systemd.services.lldap.serviceConfig.Group;
      restartUnits = ["lldap.service"];
      cfg = {
        inherit owner group restartUnits;
      };
    in {
      "lldap/jwt" = cfg;
      "lldap/seed" = cfg;
      "lldap/admin" = cfg;
    };
  };
 }
--- a/nixos/mirai/services/tailscale.nix
+++ b/nixos/mirai/services/tailscale.nix
@@ -0,0 +1,7 @@
 {...}: {
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "server";
    extraUpFlags = "--advertise-exit-node";
  };
 }
--- a/nixos/mirai/services/vscode.nix
+++ b/nixos/mirai/services/vscode.nix
@@ -5,6 +5,7 @@
      port = 3000;
      host = "0.0.0.0";
      extraPackages = with pkgs; [];
      withoutConnectionToken = true;
    };
    caddy = {
      virtualHosts."code.darksailor.dev".extraConfig = ''
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -13,6 +13,10 @@ authelia:
            jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
            storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
            sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
 lldap:
    jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
    seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str]
    admin: ENC[AES256_GCM,data:6eLFuyt9hBzoAGfaDLi9cwxFj/yq20BDCSzbHzakZLo=,iv:qjczQ/hswAzVVS7gCUapzqhRx1dAE7FhRUvtovlMuY0=,tag:aMBFJy+USOd5Vy2QKjoD6Q==,type:str]
 builder:
    mirai:
        cache:
@@ -33,8 +37,8 @@ sops:
            VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
            ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-06T06:02:42Z"
+    lastmodified: "2025-01-13T19:40:38Z"
-    mac: ENC[AES256_GCM,data:kMwp48xQ8Fn1nWJOajspJqVTNadEgTtfhIGfUVhCiaZzlaF7Jrw/3Vk9vM80n1HxAF56c7kSFTkJxEeuwL/ltv6RyAJOIes64rXcJuFFYF0KEWQwmDPFqZP6t7gqfC7zXh6PXJ8Sbng7Mv6p/jesfLEPFtUiIPpzegeig1ebzPE=,iv:18YVAPP0GyCF6yA2sVXaQ/wx3sXRY1sLAbE1iX4Fw/A=,tag:DEPcP1Et827UE7XsbAcnXg==,type:str]
+    mac: ENC[AES256_GCM,data:QvON+Ye/cepfw2ifELOJWG1u1uX90xRrjc2wccgqZglCcP5TL0W+uX6wqsbhW1ZVJR5yLn4S9QOSjDmegpE5CP8VqAyAlTxe6HpD/IgM+SGHa2zMbYYijoytyXQ5wT4M4ITHZZs4AB5OsisLbBCzXpaNlvBVfE8tgJoCh37FgtQ=,iv:4mtuPp+iQn7wexR8sXtpxfGMdQGT/yEdiUcBoB0osgc=,tag:MFcVs23WhukgRXTwjMS7YQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2