litten: add ena-vpn, remove tandoor and other minor changes
This commit is contained in:
parent
6468c493b4
commit
ecf1494990
@ -22,7 +22,7 @@ $NixOSBootEntryID = "0002"
|
|||||||
Then whenever you want to run NixOS, run the script:
|
Then whenever you want to run NixOS, run the script:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1
|
ssh winroar "PowerShell.exe -ExecutionPolicy Bypass -File \Users\pleb\Documents\windows-scripts\Set-BootNext.ps1"
|
||||||
```
|
```
|
||||||
|
|
||||||
## EFI Recovery
|
## EFI Recovery
|
||||||
|
|||||||
@ -27,6 +27,7 @@ in
|
|||||||
nixpkgs.config = {
|
nixpkgs.config = {
|
||||||
allowUnfreePredicate = pkg:
|
allowUnfreePredicate = pkg:
|
||||||
builtins.elem (lib.getName pkg) [
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"claude-code"
|
||||||
"obsidian"
|
"obsidian"
|
||||||
"packer"
|
"packer"
|
||||||
"reaper"
|
"reaper"
|
||||||
@ -140,6 +141,7 @@ in
|
|||||||
gh
|
gh
|
||||||
solaar
|
solaar
|
||||||
binutils
|
binutils
|
||||||
|
brave
|
||||||
chromium
|
chromium
|
||||||
coreutils # base64
|
coreutils # base64
|
||||||
element-desktop
|
element-desktop
|
||||||
@ -152,7 +154,7 @@ in
|
|||||||
kdenlive
|
kdenlive
|
||||||
libsForQt5.kcalc
|
libsForQt5.kcalc
|
||||||
# unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
|
# unstable.logseq # warning: https://github.com/logseq/logseq/issues/10851#issuecomment-2402925912
|
||||||
unstable.ghostty
|
# unstable.ghostty
|
||||||
moonlight-qt
|
moonlight-qt
|
||||||
nmap
|
nmap
|
||||||
obs-studio
|
obs-studio
|
||||||
@ -201,6 +203,14 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
claude = {
|
||||||
|
isNormalUser = true;
|
||||||
|
packages = with pkgs; [
|
||||||
|
unstable.claude-code
|
||||||
|
unstable.aider-chat
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
glance = {
|
glance = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "glance";
|
group = "glance";
|
||||||
@ -243,6 +253,7 @@ in
|
|||||||
net-snmp # snmpwalk
|
net-snmp # snmpwalk
|
||||||
netcat
|
netcat
|
||||||
nettools
|
nettools
|
||||||
|
nix-output-monitor
|
||||||
parted
|
parted
|
||||||
pass
|
pass
|
||||||
pciutils # lspci
|
pciutils # lspci
|
||||||
@ -440,11 +451,6 @@ in
|
|||||||
reverse_proxy http://127.0.0.1:8033
|
reverse_proxy http://127.0.0.1:8033
|
||||||
}
|
}
|
||||||
|
|
||||||
${host_fqdn}:4434 { # tandoor-recipes
|
|
||||||
${tlsConfig}
|
|
||||||
reverse_proxy http://127.0.0.1:8034
|
|
||||||
}
|
|
||||||
|
|
||||||
${host_fqdn}:4435 { # mealie
|
${host_fqdn}:4435 { # mealie
|
||||||
${tlsConfig}
|
${tlsConfig}
|
||||||
reverse_proxy http://127.0.0.1:8035
|
reverse_proxy http://127.0.0.1:8035
|
||||||
@ -465,18 +471,6 @@ in
|
|||||||
desktopManager.plasma5.enable = true;
|
desktopManager.plasma5.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
tandoor-recipes = {
|
|
||||||
enable = true;
|
|
||||||
port = 8034;
|
|
||||||
extraConfig = {
|
|
||||||
# https://github.com/TandoorRecipes/recipes/raw/refs/heads/develop/docs/system/configuration.md
|
|
||||||
SECRET_KEY = "${secrets.tandoorSecretKey}";
|
|
||||||
ALLOWED_HOSTS = "${host_fqdn}";
|
|
||||||
TANDOOR_PORT = "8034";
|
|
||||||
};
|
|
||||||
package = unstable.tandoor-recipes;
|
|
||||||
};
|
|
||||||
|
|
||||||
mealie = {
|
mealie = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 8035;
|
port = 8035;
|
||||||
@ -484,13 +478,7 @@ in
|
|||||||
package = unstable.mealie;
|
package = unstable.mealie;
|
||||||
};
|
};
|
||||||
|
|
||||||
n8n = {
|
n8n.enable = true;
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
port = 8033;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -520,12 +508,47 @@ in
|
|||||||
script = "${pkgs.nix}/bin/nix-shell";
|
script = "${pkgs.nix}/bin/nix-shell";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.n8n.environment = {
|
services.ena-vpn = {
|
||||||
N8N_EDITOR_BASE_URL = "https://${config.networking.hostName}:4433";
|
description = "ENA Corp VPN";
|
||||||
N8N_HIRING_BANNER_ENABLED = "false";
|
# wantedBy = [ "multi-user.target" ]; # 2fa required, avoid startup
|
||||||
N8N_METRICS = "true";
|
after = [ "network-online.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
User = "root";
|
||||||
|
ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn -c /etc/openfortivpn/config";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.mealie.environment = {
|
||||||
|
# https://docs.mealie.io/documentation/getting-started/installation/open-ai/
|
||||||
|
OPENAI_API_KEY = "${secrets.mealie.openai-api-key}";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.n8n.environment = {
|
||||||
|
N8N_EDITOR_BASE_URL = "https://${host_fqdn}:4433";
|
||||||
|
N8N_HIRING_BANNER_ENABLED = "false";
|
||||||
|
N8N_METRICS = "true";
|
||||||
|
N8N_PORT = "8033";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
# Create the OpenFortiVPN config directory and file
|
||||||
|
environment.etc = {
|
||||||
|
"openfortivpn/config" = {
|
||||||
|
text = ''
|
||||||
|
host = fortivpn.ena.net
|
||||||
|
port = 443
|
||||||
|
username = ${secrets.ena-vpn.username}
|
||||||
|
password = ${secrets.ena-vpn.password}
|
||||||
|
set-dns = 0
|
||||||
|
set-routes = 1
|
||||||
|
trusted-cert = fa59c235354ec625b0e560e4263b1eff793480f399a39b7f80b18fb865184ecd
|
||||||
|
'';
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.docker = {
|
virtualisation.docker = {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user