fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added lots

Browse source
This commit is contained in:
fwastring 2026-04-27 14:46:44 +02:00
parent 14205e371f
commit 1dd4440047
14 changed files with 595 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

116
maskiner/core/configuration.nix
View file

@ -81,17 +81,47 @@ in
group = "users";
mode = "0400";
};
sops.secrets.google_oauth_client_id = {
sops.secrets.google_oauth_client_id_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.google_oauth_client_secret = {
sops.secrets.google_oauth_client_secret_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.user_google_email = {
sops.secrets.user_google_email_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.mssql_server_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.mssql_database_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.mssql_user_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.mssql_password_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.vault_addr_core = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.vault_token_core = {
owner = "fw";
group = "users";
mode = "0400";
@ -99,6 +129,62 @@ in
environment.systemPackages = [ pkgs.cifs-utils ];
# Ollama service for running local LLMs
services.ollama = {
enable = true;
package = pkgs.ollama-rocm; # AMD GPU support
# Optional: specify host and port if you want to access from other machines
# host = "0.0.0.0";
# port = 11434;
};
services.hister = {
enable = true;
# Optional: Set via Nix options (takes precedence over config file)
# port = 4433;
dataDir = "/var/lib/hister"; # NixOS Recommend: "/var/lib/hister"
# Home-Manager Recommend: "~/.local/share/hister"
# Darwin Recommend: "~/Library/Application Support/hister"
# Optional (NixOS only): open `port` in the system firewall.
# Setting `port` alone no longer mutates the firewall.
# openFirewall = true;
# Optional: Use existing YAML config file
# configPath = /path/to/config.yml;
# Optional: Inject secrets (e.g. HISTER__APP__ACCESS_TOKEN) via a
# systemd EnvironmentFile instead of placing them in the world-readable
# Nix store. Honored by the NixOS module and the Linux home-manager
# user service; ignored on launchd (Darwin).
# environmentFile = "/run/secrets/hister.env";
# Optional: Inline configuration (rendered to YAML and passed via HISTER_CONFIG)
# Note: Only one of configPath or settings can be used.
# Accepts any key the server accepts — see the upstream `app`, `server`,
# `indexer`, `crawler`, `hotkeys`, `extractors`, and
# `sensitive_content_patterns` blocks.
settings = {
app = {
search_url = "https://google.com/search?q={query}";
log_level = "info";
};
server = {
address = "127.0.0.1:4433";
database = "db.sqlite3";
};
hotkeys = {
"/" = "focus_search_input";
"enter" = "open_result";
"alt+enter" = "open_result_in_new_tab";
"alt+j" = "select_next_result";
"alt+k" = "select_previous_result";
"alt+o" = "open_query_in_search_engine";
};
};
};
systemd.services.fleet-osquery = {
description = "osquery enrolled to Fleet";
wantedBy = [ "multi-user.target" ];
@ -146,6 +232,20 @@ in
];
};
fileSystems."/mnt/testdb/C" = {
device = "//192.168.0.203/C$";
fsType = "cifs";
options =
let
automount_opts =
"x-systemd.automount,noauto,x-systemd.idle-timeout=60,"
+ "x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
[
"${automount_opts},credentials=${toString config.sops.secrets.build-service.path},vers=3.0"
];
};
fileSystems."/mnt/elastic-internal/C" = {
device = "//192.168.0.204/C$";
fsType = "cifs";
@ -216,14 +316,18 @@ in
];
};
home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.extraSpecialArgs = {
inherit inputs pkgs myhostname;
};
home-manager.users.fw = {
opencode.mcpEnabled = {
az = true;
az = false;
k8s = true;
github = true;
jira = true;
jira = false;
google = true;
mssql = true;
vault = false;
};
imports = [
./../../moduler/home.nix