pleb/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

litten: add ena-vpn, remove tandoor and other minor changes

Browse Source
This commit is contained in:
Brian Lee 2025-03-15 09:56:31 -07:00
parent 6468c493b4
commit ecf1494990
2 changed files with 53 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
incineroar.brenise.dev/notes/efi.md
View File

@ -22,7 +22,7 @@ $NixOSBootEntryID = "0002"
Then whenever you want to run NixOS, run the script:
```sh
PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1
ssh winroar "PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1"
```
## EFI Recovery

81
litten.brenise.dev/configuration.nix
View File

@ -27,6 +27,7 @@ in
nixpkgs.config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"claude-code"
"obsidian"
"packer"
"reaper"
@ -140,6 +141,7 @@ in
gh
solaar
binutils
brave
chromium
coreutils # base64
element-desktop
@ -152,7 +154,7 @@ in
kdenlive
libsForQt5.kcalc
# unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
unstable.ghostty
# unstable.ghostty
moonlight-qt
nmap
obs-studio
@ -201,6 +203,14 @@ in
];
};
claude = {
isNormalUser = true;
packages = with pkgs; [
unstable.claude-code
unstable.aider-chat
];
};
glance = {
isSystemUser = true;
group = "glance";
@ -243,6 +253,7 @@ in
net-snmp # snmpwalk
netcat
nettools
nix-output-monitor
parted
pass
pciutils # lspci
@ -440,11 +451,6 @@ in
reverse_proxy http://127.0.0.1:8033
}
${host_fqdn}:4434 { # tandoor-recipes
${tlsConfig}
reverse_proxy http://127.0.0.1:8034
}
${host_fqdn}:4435 { # mealie
${tlsConfig}
reverse_proxy http://127.0.0.1:8035
@ -465,18 +471,6 @@ in
desktopManager.plasma5.enable = true;
};
tandoor-recipes = {
enable = true;
port = 8034;
extraConfig = {
# https://github.com/TandoorRecipes/recipes/raw/refs/heads/develop/docs/system/configuration.md
SECRET_KEY = "${secrets.tandoorSecretKey}";
ALLOWED_HOSTS = "${host_fqdn}";
TANDOOR_PORT = "8034";
};
package = unstable.tandoor-recipes;
};
mealie = {
enable = true;
port = 8035;
@ -484,13 +478,7 @@ in
package = unstable.mealie;
};
n8n = {
enable = true;
settings = {
port = 8033;
};
};
n8n.enable = true;
};
@ -520,12 +508,47 @@ in
script = "${pkgs.nix}/bin/nix-shell";
};
services.n8n.environment = {
N8N_EDITOR_BASE_URL = "https://${config.networking.hostName}:4433";
N8N_HIRING_BANNER_ENABLED = "false";
N8N_METRICS = "true";
services.ena-vpn = {
description = "ENA Corp VPN";
# wantedBy = [ "multi-user.target" ]; # 2fa required, avoid startup
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
User = "root";
ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn -c /etc/openfortivpn/config";
};
};
services.mealie.environment = {
# https://docs.mealie.io/documentation/getting-started/installation/open-ai/
OPENAI_API_KEY = "${secrets.mealie.openai-api-key}";
};
services.n8n.environment = {
N8N_EDITOR_BASE_URL = "https://${host_fqdn}:4433";
N8N_HIRING_BANNER_ENABLED = "false";
N8N_METRICS = "true";
N8N_PORT = "8033";
};
};
# Create the OpenFortiVPN config directory and file
environment.etc = {
"openfortivpn/config" = {
text = ''
host = fortivpn.ena.net
port = 443
username = ${secrets.ena-vpn.username}
password = ${secrets.ena-vpn.password}
set-dns = 0
set-routes = 1
trusted-cert = fa59c235354ec625b0e560e4263b1eff793480f399a39b7f80b18fb865184ecd
'';
mode = "0600";
};
};
virtualisation.docker = {