Add a script for root to easily mount mongodb and force a static ip
diff --git a/flake.nix b/flake.nix
index c43c3e1..ccf714a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,7 @@
./modules/postgres.nix
./modules/samba.nix
./modules/scalpel.nix
+ ./modules/static-ip.nix
./modules/tesseract.nix
sops-nix.nixosModules.sops
{
@@ -123,6 +124,38 @@
}))
builtins.listToAttrs
]
+ ) // (
+ let
+ mkBlankConfig = username:
+ {
+ remoteBuild = true;
+ user = username;
+
+ profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
+ path =
+ deploy-rs.lib.x86_64-linux.activate.home-manager (home-manager.lib.homeManagerConfiguration
+ {
+ inherit pkgs;
+ modules = [
+ {
+ home.username = username;
+ home.stateVersion = "22.11";
+ programs.home-manager.enable = true;
+ }
+ "${./homes}/${username}"
+ ];
+ });
+ };
+ in
+ nixpkgs.lib.pipe ./homes [
+ builtins.readDir
+ (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+ builtins.attrNames
+ (map (name: {
+ inherit name; value = mkBlankConfig name;
+ }))
+ builtins.listToAttrs
+ ]
);
hostname = "clicks";
profilesOrder = [ "system" ];
diff --git a/homes/README.md b/homes/README.md
new file mode 100644
index 0000000..de81728
--- /dev/null
+++ b/homes/README.md
@@ -0,0 +1,5 @@
+# README
+
+Note: this folder is used for home-manager configuration for users that are
+setup elsewhere. If you want to setup a new service with home-manager, consider
+using the ../services folder instead.
diff --git a/modules/ecryptfs.nix b/modules/ecryptfs.nix
index 81934a7..c54c93e 100644
--- a/modules/ecryptfs.nix
+++ b/modules/ecryptfs.nix
@@ -1,6 +1,21 @@
{ pkgs, ... }: {
- environment.systemPackages = with pkgs; [
+ environment.systemPackages = with pkgs; let
+ unlock-database-script = writeScriptBin "unlock-database-encryption"
+ ''
+ if [ $UID -ne 0 ]; then
+ echo "unlock-database-encryption must be run as root"
+ exit 1
+ fi
+ ECRYPTFS_SIG=$(( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) | ecryptfs-insert-wrapped-passphrase-into-keyring ~/.ecryptfs/wrapped-passphrase - | sed -nr 's/.*\[(.*)\].*/\1/p')
+
+ keyctl link @u @s
+
+ mount -i -t ecryptfs /var/db/.mongodb-encrypted/ /var/db/mongodb -o ecryptfs_sig=$ECRYPTFS_SIG,ecryptfs_fnek_sig=$ECRYPTFS_SIG,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs
+ '';
+ in
+ [
ecryptfs
keyutils
+ unlock-database-script
];
}
diff --git a/modules/static-ip.nix b/modules/static-ip.nix
new file mode 100644
index 0000000..d577c96
--- /dev/null
+++ b/modules/static-ip.nix
@@ -0,0 +1,9 @@
+{
+ networking.useDHCP = true;
+ networking.dhcpcd.extraConfig = ''
+ interface enp5s0
+ static ip_address=192.168.185.178/16
+ static routers=192.168.0.1
+ static domain_name_servers=127.0.0.1
+ '';
+}