diff --git a/flake.lock b/flake.lock index 29d406d6..81a5b886 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1638466261, - "narHash": "sha256-X/+fUmwDQq4NYJW8cPrvluCwhkgOQdbsNJhoY3W8+8c=", + "lastModified": 1638497718, + "narHash": "sha256-KoVCSZKy1CrWLKHNndkfKYI/Stf5ouun0FPcvVYx26o=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "931eaf998fd6ebbbd662798b5756f962fb4cda6a", + "rev": "225d81933fe74ecd8dacc267a472f92159b832f4", "type": "github" }, "original": { @@ -77,11 +77,11 @@ ] }, "locked": { - "lastModified": 1638415301, - "narHash": "sha256-iqszstbHaO5PYeBXQf1ukgYj/aq9wznBbZMrtYMZzgI=", + "lastModified": 1638484748, + "narHash": "sha256-Xb5X84/PUMXCyZGnixyqjtVyEt5tlCCrSp4lfJdtiHw=", "owner": "nix-community", "repo": "home-manager", - "rev": "de54d513c74bf8f4f3a58954b80b5f690639fe72", + "rev": "fbb80207f3840785e2918143ebe709f26372f91d", "type": "github" }, "original": { diff --git a/machines/kholinar/default.nix b/machines/kholinar/default.nix index 0040a186..246c005d 100644 --- a/machines/kholinar/default.nix +++ b/machines/kholinar/default.nix @@ -1,52 +1,61 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { imports = [ ./hardware.nix ]; - networking.hostId = "3cc1a4b2"; + config = { + networking.hostId = "3cc1a4b2"; - time.timeZone = "Europe/Brussels"; + time.timeZone = "Europe/Brussels"; - # Machine-specific module settings - chvp = { - stateVersion = "20.09"; - base = { - bluetooth.enable = true; - network.mobile = { - enable = true; - wireless-interface = "wlp0s20f3"; - wired-interfaces = { - "enp0s31f6" = { }; + services.openvpn.servers.tryhackme = { + autoStart = false; + config = "config ${config.age.secrets."files/services/openvpn/tryhackme".path}"; + }; + + age.secrets."files/services/openvpn/tryhackme".file = ../../secrets/files/services/openvpn/tryhackme.age; + + # Machine-specific module settings + chvp = { + stateVersion = "20.09"; + base = { + bluetooth.enable = true; + network.mobile = { + enable = true; + wireless-interface = "wlp0s20f3"; + wired-interfaces = { + "enp0s31f6" = { }; + }; + }; + zfs = { + encrypted = true; + backups = [ + { + path = "rpool/safe/data"; + remotePath = "zdata/recv/kholinar/safe/data"; + fast = true; + location = "lasting-integrity"; + } + ]; + rootDataset = "rpool/local/root"; }; }; - zfs = { - encrypted = true; - backups = [ - { - path = "rpool/safe/data"; - remotePath = "zdata/recv/kholinar/safe/data"; - fast = true; - location = "lasting-integrity"; - } - ]; - rootDataset = "rpool/local/root"; + development = { + enable = true; + android.enable = true; }; + games.enable = true; + graphical.enable = true; + programs = { + calibre.enable = false; + deluge.enable = true; + eid.enable = true; + element.enable = true; + hledger.enable = true; + obs.enable = true; + }; + # It's a pandemic. + work.enable = true; }; - development = { - enable = true; - android.enable = true; - }; - games.enable = true; - graphical.enable = true; - programs = { - calibre.enable = false; - deluge.enable = true; - eid.enable = true; - element.enable = true; - hledger.enable = true; - obs.enable = true; - }; - # It's a pandemic. - work.enable = true; }; } diff --git a/secrets.nix b/secrets.nix index 9f9e960e..c9bcf1d5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -55,6 +55,8 @@ in "secrets/files/programs/ssh/host_configuration.age".publicKeys = hosts ++ users; + "secrets/files/services/openvpn/tryhackme.age".publicKeys = [ kholinar ] ++ users; + "secrets/files/services/matrix-appservice-slack/config.yml.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/services/matrix-appservice-slack/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/services/matrix-synapse/config.yml.age".publicKeys = [ lasting-integrity ] ++ users; diff --git a/secrets/files/services/openvpn/tryhackme.age b/secrets/files/services/openvpn/tryhackme.age new file mode 100644 index 00000000..331c4348 Binary files /dev/null and b/secrets/files/services/openvpn/tryhackme.age differ