nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Set up tinc on macbook-nix side

Browse source
This commit is contained in:
Natsu Kagami 2022-10-17 12:59:22 +02:00 committed by Natsu Kagami
parent 295ffd4f06
commit 98fabb1dee
3 changed files with 63 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
keys:
- &admin_macbook_m1 age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
- &machine_macbook_m1 age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
creation_rules:
- path_regex: kagami-air-m1/secrets\.yaml$
key_groups:
- age:
- *admin_macbook_m1
- *machine_macbook_m1

26
kagami-air-m1/configuration.nix
View file

@ -65,8 +65,12 @@
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.enableHidpi = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma5.enable = true;
services.udev.packages = with pkgs; [ libfido2 ];
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.layout = "jp106"; # services.xserver.layout = "jp106";
# services.xserver.xkbOptions = { # services.xserver.xkbOptions = {
@ -99,7 +103,6 @@
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ packages = with pkgs; [
firefox
# kakoune # kakoune
# thunderbird # thunderbird
]; ];
@ -110,6 +113,8 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kakoune # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. kakoune # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget wget
libfido2
]; ];
# Environment variables # Environment variables
@ -141,8 +146,8 @@
# PAM # PAM
security.pam.services.lightdm.enableKwallet = true; security.pam.services.sddm.enableKwallet = true;
security.pam.services.lightdm.enableGnomeKeyring = true; security.pam.services.sddm.enableGnomeKeyring = true;
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
@ -151,12 +156,27 @@
# enable = true; # enable = true;
# enableSSHSupport = true; # enableSSHSupport = true;
# }; # };
programs.kdeconnect.enable = true;
# List services that you want to enable: # List services that you want to enable:
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
# Secrets
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
## tinc
sops.secrets."tinc/ed25519-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "macbook-nixos";
ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
bindPort = 6565;
};
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];

31
kagami-air-m1/secrets.yaml Normal file
View file

@ -0,0 +1,31 @@
tinc:
ed25519-private-key: ENC[AES256_GCM,data:2/NCyC2QvZ1BRsIxiqTGppuTH55fyMKmHqNiOHJA3QbQ7uVeied1I/3GwRt3UjtvGgLPu9QpXw4+h5qfhq0I2irOMVY6+caw+8xinU/aaWPC6h9oZzW6gskjsmeer7yCeOENqsi2CgL3ICpJ8bxMH4iRUnSp5NsehNwF65dgEDIWuFqdUMJpnzFU2E4bLoqHwzW7Gn65PNTcqE6x2WICPO55cviQzX4mmLJ2tup3L2Z3tu6ZG0XLVAXoj/n6GM9uNRSCDzDeD9o=,iv:VSn8f/roBLV4lKLRvBCKuYzBYm4/ECfFo19Z8V/8ojA=,tag:c3aiFPBk5lToJeZ/jbgMcQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQ0ZFampRSm5BbTVpUk9o
MUhLenM0czVDM1NUWFFsTGxZUllKMjNOU3pZCm00eUZjRFU3bTZnbnNVR2RnMVl2
UEV2c1VXNDRhRklIZmpnN2dLczJPVGcKLS0tIGVlTkkrWXVTbFVJS1h4YnZRKzNn
dFJYaEErRWFJZXpnWVY1dk4zbnMxK3cKZ0aiD0ZusCWnjfhEsuVNO8XZrwupDANu
GUf03lwpLiOx6OehK2wR0pfMEfmbDOP6+o673Sw9PcreEPvUovh82Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraHhUUXlpb3UvNWdkc3ZP
bFdNU0NaaStxR2c4SEY2NFByKzVGa1BkWXpjCmVlMmF3eUdid3RSMjVTUlJOM0hS
eHByVGtiUzBEZGRVRjg1TENPQlpPNjQKLS0tIG11cWFUU3JNeFY4cCt3d2ZUWmpl
dnZKYUIvM1N2eGFubkgzdUVESEVCYm8KGIEl6MKIc7Xsg9MePOgLovSBWh7b0BX/
aUXZm+elav6a7dmPSXqA7/ZSUtxZqD3sYF06YnABEhO+wQ5McArkFg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-17T10:54:59Z"
mac: ENC[AES256_GCM,data:U7ir+TrO+y6q3VOyMEoUG1hBf+p+r08WhrLx4i8zM2qJ0xu3QdLLP++smC0QgfY5w/IxHHNdU476fDca2qJgxB01D7dlun2nFUsKTkxJNT9oaZcE0hLMP7ngjDcrhXNnUysKRIcM8wRhaouRzY0USPePeueIq3ootQkqnIO4ZcQ=,iv:rKuuFADjdxi5USmm75xBexHzTyxNsl9HchTPMQnfRfU=,tag:YCwU/O3Bj49VzF6wxEsD9g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3