Satori:added vault-agent, changed hardware config

2021-06-07 10:05:51 +05:30
parent b9b297ae0f
commit 7602cbf16a
6 changed files with 60 additions and 29 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,7 @@
      Satori = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [ 
+          ./modules/vault-agent.nix
          ./hosts/personal/satori.nix
          inputs.agenix.nixosModules.age
          inputs.home-manager.nixosModules.home-manager
--- a/home/config/dwm/autostart.sh
+++ b/home/config/dwm/autostart.sh
@@ -1,4 +1,2 @@
 #!/usr/bin/env bash
-picom --experimental-backends &
 ~/.dwm/bruhstatus.sh &
-feh --bg-scale ~/Downloads/stallman.jpg
--- a/hosts/personal/satori/hardware.nix
+++ b/hosts/personal/satori/hardware.nix
@@ -7,42 +7,41 @@
    ];
  
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
+    {
+      device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
      fsType = "btrfs";
      options = ["compress-force=zstd:2"];
    };

  fileSystems."/boot/efi" =
-    { device = "/dev/disk/by-uuid/58B1-4631";
+    {
+      device = "/dev/disk/by-uuid/58B1-4631";
      fsType = "vfat";
    };
-  
-  fileSystems."/home" =
-   { device = "/dev/nvme0n1p6";
-     fsType = "ext4";
-   };
-
  fileSystems."/mnt/Stuff" = 
-  { device = "/dev/sda2";
-    fsType = "ntfs";
-    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
-  };
-  fileSystems."/mnt/Games" = 
-  { device = "/dev/sda4";
+  {
+    device = "/dev/disk/by-uuid/843E68573E6843F0";
    fsType = "ntfs";
    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
  };
  fileSystems."/mnt/Extra" = 
-  { device = "/dev/sda3";
+  { 
+    device = "/dev/disk/by-uuid/32EE9F63EE9F1DE3";
    fsType = "ntfs";
    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
  };
-  fileSystems."/mnt/LinuxGames" = 
-  { device = "/dev/sda5";
-    fsType = "btrfs";
-    options = ["rw" "compress-force=zstd:2"];
+  fileSystems."/mnt/Games" = 
+  {
+    device = "/dev/disk/by-uuid/A4CC66B6CC668282";
+    fsType = "ntfs";
+    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
  };
-
+  fileSystems."/mnt/Stuff2" =
+    {
+      device = "/dev/disk/by-uuid/e5be3621-8608-4ffe-bd33-5e6d22fef4ff";
+      fsType = "btrfs";
+      options = ["compress-force=zstd:1"];
+    };
  swapDevices = [ {device = "/dev/nvme0n1p7";} ];
  powerManagement = {
    enable = true;
--- a/hosts/personal/satori/networking.nix
+++ b/hosts/personal/satori/networking.nix
@@ -21,7 +21,7 @@
    wireguard.interfaces.wg0 = {
      ips = [ "10.55.0.3/32" ];
      listenPort = 17840;
-      privateKeyFile = "/var/secrets/wg";
+      privateKeyFile = "/var/secrets/wg.key";
      peers = [
        {
        #Oracle VM1
--- a/hosts/personal/satori/services.nix
+++ b/hosts/personal/satori/services.nix
@@ -24,11 +24,34 @@
      enable = true;
      permitRootLogin = "yes";
    };
- /*   vault = {
+    vault-agent = {
      enable = true;
-      storageBackend = "mysql";
-      storagePath = "/var/db";
-    };*/
+      settings = {
+        vault = {
+          address = "https://10.55.0.2:8800";
+          client_cert = "/var/vault/cert.pem";
+          client_key = "/var/vault/key.pem";
+        };
+        auto_auth = {
+          method = [
+            {
+              "cert" = {
+                name = "Satori";
+              };
+            }
+          ];
+        };
+        template = [
+          {
+            source = pkgs.writeText "wg.tpl" ''
+              {{ with secret "kv/systems/Satori/wg" }}{{ .Data.data.private }}{{ end }}
+            '';
+            destination = "/var/secrets/wg.key";
+          }
+        ];
+      };
+    };
+
  };
  systemd.services = {
    tor.wantedBy = lib.mkForce [];
@@ -38,4 +61,5 @@
    #printing.wantedBy = lib.mkForce [];
    #vault.wantedBy = lib.mkForce [];
  };
+  security.pki.certificateFiles = [ ../../../cert.pem ];
 }
--- a/overlays/suckless/st.patch
+++ b/overlays/suckless/st.patch
@@ -1,5 +1,5 @@
 diff --color -u a/config.def.h b/config.def.h
--- a/config.def.h	2020-06-19 14:59:45.000000000 +0530
+--- a/config.def.h	2021-05-28 03:15:40.807354500 +0530
 +++ b/config.def.h	2021-05-21 05:21:13.476454500 +0530
@@ -3,9 +3,10 @@
 /*
@@ -985,7 +985,7 @@ diff --color -u a/win.h b/win.h
 void xsetmode(int, unsigned int);
 diff --color -u a/x.c b/x.c
 --- a/x.c	2020-06-19 14:59:45.000000000 +0530
-+++ b/x.c	2021-05-21 05:20:09.551000300 +0530
+++ b/x.c	2021-06-05 02:08:06.403477337 +0530
@@ -93,7 +93,7 @@
 	Window win;
 	Drawable buf;
@@ -1117,4 +1117,13 @@ diff --color -u a/x.c b/x.c
 xsettitle(char *p)
 {
 	XTextProperty prop;
+@@ -1595,6 +1675,8 @@
+ int
+ xstartdraw(void)
+ {
+	if (IS_SET(MODE_VISIBLE))
+		XCopyArea(xw.dpy, xw.win, xw.buf, dc.gc, 0, 0, win.w, win.h, 0, 0);
+ 	return IS_SET(MODE_VISIBLE);
+ }
+ 
 Only in b: x.c.orig