From ecf1494990171adf21d9de38be54af7e65448e97 Mon Sep 17 00:00:00 2001 From: Brian Lee Date: Sat, 15 Mar 2025 09:56:31 -0700 Subject: [PATCH] litten: add ena-vpn, remove tandoor and other minor changes --- incineroar.brenise.dev/notes/efi.md | 2 +- litten.brenise.dev/configuration.nix | 81 ++++++++++++++++++---------- 2 files changed, 53 insertions(+), 30 deletions(-) diff --git a/incineroar.brenise.dev/notes/efi.md b/incineroar.brenise.dev/notes/efi.md index 6576705..98a070f 100644 --- a/incineroar.brenise.dev/notes/efi.md +++ b/incineroar.brenise.dev/notes/efi.md @@ -22,7 +22,7 @@ $NixOSBootEntryID = "0002" Then whenever you want to run NixOS, run the script: ```sh -PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1 +ssh winroar "PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1" ``` ## EFI Recovery diff --git a/litten.brenise.dev/configuration.nix b/litten.brenise.dev/configuration.nix index d1f50d5..b257bad 100644 --- a/litten.brenise.dev/configuration.nix +++ b/litten.brenise.dev/configuration.nix @@ -27,6 +27,7 @@ in nixpkgs.config = { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "claude-code" "obsidian" "packer" "reaper" @@ -140,6 +141,7 @@ in gh solaar binutils + brave chromium coreutils # base64 element-desktop @@ -152,7 +154,7 @@ in kdenlive libsForQt5.kcalc # unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912 - unstable.ghostty + # unstable.ghostty moonlight-qt nmap obs-studio @@ -201,6 +203,14 @@ in ]; }; + claude = { + isNormalUser = true; + packages = with pkgs; [ + unstable.claude-code + unstable.aider-chat + ]; + }; + glance = { isSystemUser = true; group = "glance"; @@ -243,6 +253,7 @@ in net-snmp # snmpwalk netcat nettools + nix-output-monitor parted pass pciutils # lspci @@ -440,11 +451,6 @@ in reverse_proxy http://127.0.0.1:8033 } - ${host_fqdn}:4434 { # tandoor-recipes - ${tlsConfig} - reverse_proxy http://127.0.0.1:8034 - } - ${host_fqdn}:4435 { # mealie ${tlsConfig} reverse_proxy http://127.0.0.1:8035 @@ -465,18 +471,6 @@ in desktopManager.plasma5.enable = true; }; - tandoor-recipes = { - enable = true; - port = 8034; - extraConfig = { - # https://github.com/TandoorRecipes/recipes/raw/refs/heads/develop/docs/system/configuration.md - SECRET_KEY = "${secrets.tandoorSecretKey}"; - ALLOWED_HOSTS = "${host_fqdn}"; - TANDOOR_PORT = "8034"; - }; - package = unstable.tandoor-recipes; - }; - mealie = { enable = true; port = 8035; @@ -484,13 +478,7 @@ in package = unstable.mealie; }; - n8n = { - enable = true; - settings = { - port = 8033; - }; - - }; + n8n.enable = true; }; @@ -520,12 +508,47 @@ in script = "${pkgs.nix}/bin/nix-shell"; }; - services.n8n.environment = { - N8N_EDITOR_BASE_URL = "https://${config.networking.hostName}:4433"; - N8N_HIRING_BANNER_ENABLED = "false"; - N8N_METRICS = "true"; + services.ena-vpn = { + description = "ENA Corp VPN"; +# wantedBy = [ "multi-user.target" ]; # 2fa required, avoid startup + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + Type = "simple"; + User = "root"; + ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn -c /etc/openfortivpn/config"; + }; }; + services.mealie.environment = { + # https://docs.mealie.io/documentation/getting-started/installation/open-ai/ + OPENAI_API_KEY = "${secrets.mealie.openai-api-key}"; + }; + + services.n8n.environment = { + N8N_EDITOR_BASE_URL = "https://${host_fqdn}:4433"; + N8N_HIRING_BANNER_ENABLED = "false"; + N8N_METRICS = "true"; + N8N_PORT = "8033"; + }; + + }; + + # Create the OpenFortiVPN config directory and file + environment.etc = { + "openfortivpn/config" = { + text = '' + host = fortivpn.ena.net + port = 443 + username = ${secrets.ena-vpn.username} + password = ${secrets.ena-vpn.password} + set-dns = 0 + set-routes = 1 + trusted-cert = fa59c235354ec625b0e560e4263b1eff793480f399a39b7f80b18fb865184ecd + ''; + mode = "0600"; + }; + }; virtualisation.docker = {