sops ace + docker fix

2024-06-03 23:52:44 +02:00
parent aff6992949
commit 4f01013081
7 changed files with 53 additions and 32 deletions
--- a/system-modules/docker.nix
+++ b/system-modules/docker.nix
@@ -3,8 +3,18 @@
 {
  environment.systemPackages = with pkgs; [
    lazydocker
+    docker-compose-language-service
  ];
  
-  virtualisation.docker.enable = true;
+  virtualisation.docker = {
+    enable = true;
+    # daemon.settings = {
+    #   vpnKitMaxPortIdleTime = 0;
+    # };
+  };
  users.users."${user}".extraGroups = [ "docker" ];
+  networking.firewall.allowedTCPPorts = [ 
+    80
+    8384
+  ];
 }
--- a/system-modules/sshd.nix
+++ b/system-modules/sshd.nix
@@ -6,7 +6,7 @@
    else if ( host == "NxXPS") then
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf+08+t8a0lY2+nR1mhIU3vuksStiJOlojJjzCwFk7r root@NxXPS"
    else 
-    "";
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFfZpWVPlujsz3FklSVAM+tuYn4pzDSijhp5CeYNOZk root@NxACE";
  sops.secrets."ssh/${host}-ssh_host_ed25519_key" = {
    mode = "0600";
    path = "/etc/ssh/ssh_host_ed25519_key.shadow";
--- a/system-modules/syncthing.nix
+++ b/system-modules/syncthing.nix
@@ -19,7 +19,6 @@ let
  dirs = {
    default = { name = "sync"; path = "/home/${user}/sync"; };
  };
-  cd = "/home/${user}/.config/syncthing";
 in 
 lib.mkIf (user != "tv")
 {
@@ -33,11 +32,12 @@ lib.mkIf (user != "tv")
    enable = true;
    user = "${user}";
    dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
-    configDir = cd; 
+    configDir = "/home/${user}/.config/syncthing"; 
    key = config.sops.secrets."syncthing/${host}/key.pem".path;
    cert = config.sops.secrets."syncthing/${host}/cert.pem".path;
    overrideDevices = true;    
    overrideFolders = true;    
+    # guiAddress = "127.0.0.1:8384";
    guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
    settings = {
      devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then (
@@ -45,19 +45,18 @@ lib.mkIf (user != "tv")
      ) else if (host == "NxNORTH") then (        
        xps // ace // s21u
      ) else (
-        north // xps // s21u // diane // daniel // tessa // georg 
+        # north // xps // s21u // diane // daniel // tessa // georg 
+        north // xps // s21u
      );
      folders = with dirs; if (host == "NxXPS") then {
        "${default.name}" = {        
          path = default.path;
-          devices = with devices; (justname [ north s21u ]);     
-          # devices = with devices; (justname [ north ace s21u ]);     
+          devices = with devices; (justname [ north ace s21u ]);     
        };
      } else if (host == "NxNORTH") then {
        "${default.name}" = {        
          path = default.path;
-          devices = with devices; (justname [ s21u xps ]);
-          # devices = with devices; (justname [ xps ace s21u ]);
+          devices = with devices; (justname [ xps ace s21u ]);
        };
      } else {
        "${default.name}" = {        
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -8,7 +8,7 @@
    extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzEtnN/GrgXK7yz+0z1x6rKHhYYQhTOFQ6c6Faz79g2 Nx2-ed25519-ssh-key"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
    ];
    packages = with pkgs; []; # all in home.nix
  };