natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Satori:added vault-agent, changed hardware config

Browse Source
This commit is contained in:
Amneesh Singh
2021-06-07 10:05:51 +05:30
parent b9b297ae0f
commit 7602cbf16a
6 changed files with 60 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@@ -58,6 +58,7 @@
Satori = nixpkgs.lib.nixosSystem { Satori = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
./modules/vault-agent.nix
./hosts/personal/satori.nix ./hosts/personal/satori.nix
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager

2
home/config/dwm/autostart.sh
View File

@@ -1,4 +1,2 @@
#!/usr/bin/env bash #!/usr/bin/env bash
picom --experimental-backends &
~/.dwm/bruhstatus.sh & ~/.dwm/bruhstatus.sh &
feh --bg-scale ~/Downloads/stallman.jpg

39
hosts/personal/satori/hardware.nix
View File

@@ -7,42 +7,41 @@
]; ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047"; {
device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress-force=zstd:2"]; options = ["compress-force=zstd:2"];
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/58B1-4631"; {
device = "/dev/disk/by-uuid/58B1-4631";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" =
{ device = "/dev/nvme0n1p6";
fsType = "ext4";
};
fileSystems."/mnt/Stuff" = fileSystems."/mnt/Stuff" =
{ device = "/dev/sda2"; {
fsType = "ntfs"; device = "/dev/disk/by-uuid/843E68573E6843F0";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/Games" =
{ device = "/dev/sda4";
fsType = "ntfs"; fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"]; options = ["uid=natto" "gid=users" "umask=0022" "rw"];
}; };
fileSystems."/mnt/Extra" = fileSystems."/mnt/Extra" =
{ device = "/dev/sda3"; {
device = "/dev/disk/by-uuid/32EE9F63EE9F1DE3";
fsType = "ntfs"; fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"]; options = ["uid=natto" "gid=users" "umask=0022" "rw"];
}; };
fileSystems."/mnt/LinuxGames" = fileSystems."/mnt/Games" =
{ device = "/dev/sda5"; {
fsType = "btrfs"; device = "/dev/disk/by-uuid/A4CC66B6CC668282";
options = ["rw" "compress-force=zstd:2"]; fsType = "ntfs";
options = ["uid=natto" "gid=users" "umask=0022" "rw"];
};
fileSystems."/mnt/Stuff2" =
{
device = "/dev/disk/by-uuid/e5be3621-8608-4ffe-bd33-5e6d22fef4ff";
fsType = "btrfs";
options = ["compress-force=zstd:1"];
}; };
swapDevices = [ {device = "/dev/nvme0n1p7";} ]; swapDevices = [ {device = "/dev/nvme0n1p7";} ];
powerManagement = { powerManagement = {
enable = true; enable = true;

2
hosts/personal/satori/networking.nix
View File

@@ -21,7 +21,7 @@
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.55.0.3/32" ]; ips = [ "10.55.0.3/32" ];
listenPort = 17840; listenPort = 17840;
privateKeyFile = "/var/secrets/wg"; privateKeyFile = "/var/secrets/wg.key";
peers = [ peers = [
{ {
#Oracle VM1 #Oracle VM1

32
hosts/personal/satori/services.nix
View File

@@ -24,11 +24,34 @@
enable = true; enable = true;
permitRootLogin = "yes"; permitRootLogin = "yes";
}; };
/* vault = { vault-agent = {
enable = true; enable = true;
storageBackend = "mysql"; settings = {
storagePath = "/var/db"; vault = {
};*/ address = "https://10.55.0.2:8800";
client_cert = "/var/vault/cert.pem";
client_key = "/var/vault/key.pem";
};
auto_auth = {
method = [
{
"cert" = {
name = "Satori";
};
}
];
};
template = [
{
source = pkgs.writeText "wg.tpl" ''
{{ with secret "kv/systems/Satori/wg" }}{{ .Data.data.private }}{{ end }}
'';
destination = "/var/secrets/wg.key";
}
];
};
};
}; };
systemd.services = { systemd.services = {
tor.wantedBy = lib.mkForce []; tor.wantedBy = lib.mkForce [];
@@ -38,4 +61,5 @@
#printing.wantedBy = lib.mkForce []; #printing.wantedBy = lib.mkForce [];
#vault.wantedBy = lib.mkForce []; #vault.wantedBy = lib.mkForce [];
}; };
security.pki.certificateFiles = [ ../../../cert.pem ];
} }

13
overlays/suckless/st.patch
View File

@@ -1,5 +1,5 @@
diff --color -u a/config.def.h b/config.def.h diff --color -u a/config.def.h b/config.def.h
--- a/config.def.h 2020-06-19 14:59:45.000000000 +0530 --- a/config.def.h 2021-05-28 03:15:40.807354500 +0530
+++ b/config.def.h 2021-05-21 05:21:13.476454500 +0530 +++ b/config.def.h 2021-05-21 05:21:13.476454500 +0530
@@ -3,9 +3,10 @@ @@ -3,9 +3,10 @@
/* /*
@@ -985,7 +985,7 @@ diff --color -u a/win.h b/win.h
void xsetmode(int, unsigned int); void xsetmode(int, unsigned int);
diff --color -u a/x.c b/x.c diff --color -u a/x.c b/x.c
--- a/x.c 2020-06-19 14:59:45.000000000 +0530 --- a/x.c 2020-06-19 14:59:45.000000000 +0530
+++ b/x.c 2021-05-21 05:20:09.551000300 +0530 +++ b/x.c 2021-06-05 02:08:06.403477337 +0530
@@ -93,7 +93,7 @@ @@ -93,7 +93,7 @@
Window win; Window win;
Drawable buf; Drawable buf;
@@ -1117,4 +1117,13 @@ diff --color -u a/x.c b/x.c
xsettitle(char *p) xsettitle(char *p)
{ {
XTextProperty prop; XTextProperty prop;
@@ -1595,6 +1675,8 @@
int
xstartdraw(void)
{
+ if (IS_SET(MODE_VISIBLE))
+ XCopyArea(xw.dpy, xw.win, xw.buf, dc.gc, 0, 0, win.w, win.h, 0, 0);
return IS_SET(MODE_VISIBLE);
}
Only in b: x.c.orig Only in b: x.c.orig