fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added some stuff

Browse source
This commit is contained in:
fwastring 2026-04-06 20:37:39 +02:00
parent 39a1b68c8f
commit c03fa07723
7 changed files with 284 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -4,6 +4,7 @@ keys:
- &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
- &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
- &server_core age1p3uxpjku9fkyvav56fgmq2cem50wg2dh34hdpp5nzqs6cerandaqvkrgxr
- &styrelsen age1cf97rf4gq7qad0rd5dcdtel2qq7uqcxvd7dpk257e3e0e0krv9esd7sc0d
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -14,3 +15,4 @@ creation_rules:
- *server_macmini
- *server_legacy
- *server_core
- *styrelsen

22
maskiner/core/configuration.nix
View file

@ -81,6 +81,21 @@ in
group = "users";
mode = "0400";
};
sops.secrets.google_oauth_client_id = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.google_oauth_client_secret = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.user_google_email = {
owner = "fw";
group = "users";
mode = "0400";
};
environment.systemPackages = [ pkgs.cifs-utils ];
@ -203,6 +218,13 @@ in
home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.users.fw = {
opencode.mcpEnabled = {
az = true;
k8s = true;
github = true;
jira = true;
google = true;
};
imports = [
./../../moduler/home.nix
./../../moduler/programs/waybar

28
maskiner/styrelsen/configuration.nix
View file

@ -30,6 +30,7 @@ in
(modulesDirectory + /programs/hyprland)
(modulesDirectory + /programs/kubernetes-tools.nix)
(modulesDirectory + /programs/nixvim)
(modulesDirectory + /programs/neomd)
];
kubernetes-tools.enable = true;
@ -44,11 +45,31 @@ in
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-${theme}.yaml";
};
neomd.enable = true;
nixvim = {
enable = true;
theme = theme;
};
sops.defaultSopsFile = ../../secrets/sops.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.google_oauth_client_id = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.google_oauth_client_secret = {
owner = "fw";
group = "users";
mode = "0400";
};
sops.secrets.user_google_email = {
owner = "fw";
group = "users";
mode = "0400";
};
hyprland = {
enable = true;
theme = theme;
@ -56,6 +77,13 @@ in
home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.users.fw = {
opencode.mcpEnabled = {
az = false;
k8s = false;
github = false;
jira = false;
google = true;
};
imports = [
./../../moduler/home.nix
./../../moduler/programs/waybar

9
moduler/fish.nix
View file

@ -88,6 +88,15 @@ in
if test -r /run/secrets/jira_token
set -gx JIRA_API_TOKEN (string trim (cat /run/secrets/jira_token))
end
if test -r /run/secrets/google_oauth_client_id
set -gx GOOGLE_OAUTH_CLIENT_ID (string trim (cat /run/secrets/google_oauth_client_id))
end
if test -r /run/secrets/google_oauth_client_secret
set -gx GOOGLE_OAUTH_CLIENT_SECRET (string trim (cat /run/secrets/google_oauth_client_secret))
end
if test -r /run/secrets/user_google_email
set -gx USER_GOOGLE_EMAIL (string trim (cat /run/secrets/user_google_email))
end
set -gx GITHUB_PERSONAL_ACCESS_TOKEN (cat /run/secrets/github_token)
set -gx GITHUB_HOST "https://github.com"
set -gx GRAFANA_SERVICE_ACCOUNT_TOKEN (cat /run/secrets/grafana_token)

50
moduler/home.nix
View file

@ -6,7 +6,22 @@
myhostname,
...
}:
let
inherit (lib) mkOption types;
in
{
options.opencode.mcpEnabled = mkOption {
type = types.attrsOf types.bool;
default = {
az = false;
k8s = true;
github = true;
jira = true;
google = false;
};
description = "Per-host MCP enablement flags for OpenCode servers.";
};
imports = [
../moduler/tmux.nix
../moduler/fish.nix
@ -23,6 +38,7 @@
../moduler/programs/k9s
];
config = {
programs.home-manager.enable = true;
programs.fish.enable = true;
programs.opencode = {
@ -35,6 +51,7 @@
mcp = {
az = {
type = "local";
enabled = config.opencode.mcpEnabled.az or false;
command = [
"docker"
"run"
@ -47,6 +64,7 @@
};
k8s = {
type = "local";
enabled = config.opencode.mcpEnabled.k8s or false;
command = [
"docker"
"run"
@ -63,6 +81,7 @@
};
github = {
type = "local";
enabled = config.opencode.mcpEnabled.github or false;
command = [
"docker"
"run"
@ -75,6 +94,7 @@
};
jira = {
type = "local";
enabled = config.opencode.mcpEnabled.jira or false;
command = [
"docker"
"run"
@ -85,6 +105,35 @@
"ghcr.io/sooperset/mcp-atlassian:latest"
];
};
google = {
type = "local";
command = [
"docker"
"run"
"-i"
"--rm"
"--network"
"host"
"--user"
"1000:100"
"-v"
"/home/fw/.local/share/google-workspace-mcp:/home/app/.google_workspace_mcp"
"-e"
"GOOGLE_OAUTH_CLIENT_ID"
"-e"
"GOOGLE_OAUTH_CLIENT_SECRET"
"-e"
"USER_GOOGLE_EMAIL"
"-e"
"OAUTHLIB_INSECURE_TRANSPORT=1"
"--entrypoint"
"/app/.venv/bin/python"
"ghcr.io/taylorwilsdon/google_workspace_mcp:latest"
"/app/main.py"
"--single-user"
];
enabled = config.opencode.mcpEnabled.google or false;
};
};
};
};
@ -116,4 +165,5 @@
home.stateVersion = "25.05";
systemd.user.startServices = "sd-switch";
};
}

50
moduler/programs/neomd/default.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.neomd;
neomdPackage = pkgs.buildGoModule {
pname = "neomd";
version = "unstable-2026-04-06";
src = pkgs.fetchFromGitHub {
owner = "ssp-data";
repo = "neomd";
rev = "671a9dd66bb367e21be7777a6765635a99b7ab09";
hash = "sha256-9IVrp9GTwr5aFsBy7lPPRXYCaeYTkOuM+VEdK7Tf2+o=";
};
vendorHash = "sha256-cG5x23qA+AN5zwEjdx8uDBk9JjNpn/afzI0/aAJjqAU=";
subPackages = [ "cmd/neomd" ];
ldflags = [
"-s"
"-w"
];
meta = {
description = "Terminal email client for markdown and Neovim workflows";
homepage = "https://github.com/ssp-data/neomd";
license = lib.licenses.mit;
mainProgram = "neomd";
};
};
in
{
options.neomd = {
enable = lib.mkEnableOption "neomd terminal email client";
package = lib.mkOption {
type = lib.types.package;
default = neomdPackage;
description = "Package to install when neomd is enabled.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
};
}

66
secrets/sops.yaml
View file

@ -17,54 +17,66 @@ grafana_token: ENC[AES256_GCM,data:yAUqBV2/IF/wkyutHhf1Ui/xxRIt+SgsUk7QmdcnYa+x5
fleet-enroll-secret: ENC[AES256_GCM,data:2DEmgzsYvWZas65HLE4PaxZ3h7L4Gw8esVirZYrzCik=,iv:9t6ET8QnPLIl0Pnn9r24btF7VUQnRr3ukRH0oVsgIrg=,tag:mQ0yxEhx72L71DB36cfMew==,type:str]
jira_token: ENC[AES256_GCM,data:gPSgsNp4XlM6cTzLCpsJpdByTOHQ9vWfosurrd+yzo9MAkTcm5BDXwRWl1aNN2OFZu4+GXNqOho1gegDCQhZQnFRYNACASqmhGk6/GCpSNUlVAExOhvSs8tUu+YZoBUVufWHn5sIsxNHGgiJnX5ZtX7sVhUOo5u+qbb49iHsSZ6WBwP9SDMpfqXkhgZAURTk7iu7VgbHt6D1BxQH2yDCXR7OuICC5D6lSjdKo4Vbdudmz07vM1b4DHfvtP15SJfl,iv:oV3ACNPpz4Zb3bt0oWlx9On71LoXt3ZO5QosSr5XB2k=,tag:Xr0Y/ugZbQ2BaQtUJOwIng==,type:str]
opencode_atlassian_env: ENC[AES256_GCM,data:v7uz9p4/H2WNzZA+I5+qnBRw4cyB4DNt/adBn0TS1bm9Gqk+UhnpjlXuP3mpxElXrAPmqT/rIvRGZp/YGiDWODH+B/WjtAaA/R+hFfOoP+m2unx2UM/a+UwC2EO+6ci+lKtNpT8FfobQxjuCdKWCmz0U54ijtfmyh73+lIzZoffs35fvxHwvchzM3zfCy/EHkR1jDUiKykX2VR1JiBZNa6PFp+SXZGvBlcjf8WjaryEpzIGv1plFftTQSo74OHPuUAC4kXrV9eCH4OJQ6JLyfOH+8tGstyyVWO9BtG7/fO5j830bBgvbqTsjZX+NvmTiaP4caC/sy7vseKkbgRzdUuAASLM3Pbqs9QnP6lFzye/QNdnlcwOOoNniXMbwynmSwtrz6w==,iv:DrArPdRddjxqMqU+38jvc1zCy2xVRmXOD7D9UQHQfgs=,tag:ZGCBxg28k1FMKwvu2r2Aqg==,type:str]
google_oauth_client_id: ENC[AES256_GCM,data:ql6A5TCFJvK4fjKESWfpD5hUTnL/P9BQRZ6o7hrjtHo58h0OUkw8CUdy8pwmbbkz2JGgLpJjmOjOEMEWHfWJ9Yb++JlNBRbj,iv:4cnbgEbSEp1mayoq2w9TdQbUnxKyRdjdOT9cE34BCSE=,tag:iN0EokN8eEz47Dd9XUIA1A==,type:str]
google_oauth_client_secret: ENC[AES256_GCM,data:xKC3Ky5QFU3XrIx/37HhEbZEmcJDTgwZp6gqnVXKShT9ebQ=,iv:ofpmvGy3+R8oLJP1Z8JzOzuopJYnW9fYzkVyqOXtL/k=,tag:ZVSLAKGe3zhCfIWhSgCH0A==,type:str]
user_google_email: ENC[AES256_GCM,data:TQn0Fh1BKa1NZMAm9aOaucL8RAGq/zvmD61i,iv:G6v5w7sLxbo2fOO470DUkCAixoVykCQ5RZCziEr6bbc=,tag:kreDA+JQqc4TZNJWNGovbA==,type:str]
sops:
age:
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Y0lCZzc0QVlmR0ZyV3pm
VnJPSW0zRkFmSmlwWW5Hbjg4NkJKb0pVTjBzClRmUW1XTS9GWGR0RWpXYVdUUDFk
a2VjS0VGSnVrQnpkU2RrQnZ4UmNDOFEKLS0tICtkY0xBeWt1ZFFhWEV4SlRmNXBr
OXljbkIxM21mYklubWxvcmI3eW5oWTAKNaDUBT+mX+G9HrqC9Od4vtFu3Irfuy1s
7GszkEHf+/0IKO4VD26NdHnO6X0P1UOnEqcEHLessGiWBsVYjUw4Xg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdzRUNHBGdmZtdldFNHQr
dFY3RGhwbWRoSDl5UVNJSU1Cb002YUJrcmh3Ck9CbVVSeVJxdVJRYkFLWHFpVW5P
TVRrb0NLMGZrY2xhRDdEZ1ZYU3NldFEKLS0tIFgyRGZ6aXlublo4NHRlbzhXeFhx
OEg2U1h0cTlWbFFyM0xpelIzdkRGQlUKVA+DDPt1vgHZTTHna7hb6gqUyaJqJM2P
KRzZqqzddcgR84PKb4kxstAvxDVKovg2rrCFPC7NM5bvnkVQi2cfqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMcDMzMVVmNHcrSGlNd1JW
RjZhNFlqWUVBM3QyVHJKWEZVTG5PbFRzRVQ0Ck0xMnl0U0pOUnVRM0ZCdXo1TFpU
SlZKTFo1Qm16UGZ5U2pWT2twbjU4RTgKLS0tIFU5VUQ5WEY4dGNwM1ErckZHVkNp
VUMwRFNsODFCZzZZQlBUWGhDYmZCZDgKFSDgrl1lppb4cx+baBwdVt3fKFia+DvS
AvMwzqQD7/OJu5Yhai8ekiLEN4Y2r+DcK3Nb526vM64Bevk5frmJsg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTjA2VkM2SUN0SzIzamNK
TUZyN2pvMmxaMWt3TFJmNktJbkVJcGsyekU4Ck90TVFUTFd5S3JIWTB5YVd2NVcr
YjdUNzNrcDZLOFNyS3BSY2M2RFlkZTAKLS0tIDBmTFUxVjUxejFxbGlTR2lxRmx3
R1d1eXZCa1FiNnBkcHRqYjd0S1h3OEEKNmB73xPvtK3K9SpUi9dtgLDyZZyj2Url
k7BePcC8tcUYeQyhYEUIaVl1JRCPbHtdoTSyKVqa8Mr3I6pvfrkWnw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRldCMlVXTytpZVpoS2dL
eXZNRkpMRkFvRlJGSHZiOExlMTBHdllRVFRFCnc3RTBCY2hLbU90ZkpqMFQ0azQ4
UGZzRlpsZnVDMS9PSlVrSFFiYlgvUEUKLS0tIEtYS1RZY203dXN4SlZ4UVEyZFR0
TGROZTBhSXhJSm5VUit6UHpaU1JzZGsK/u8n7h445lJvzOLF7XXtAe0g5rTslRiw
+Gm/7/p0+QLlx3T+on9WfXVnxgSxVxur3xiSFjNp4fl/NqI0MSnbRg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c3cxQkVmTGpWMlR0QnBD
clFNbktaTjg5UUFabDFyRUNOZlFNQUZiaDJzClJWM0hycDl3RmM3cjNGMm10SlJ1
U3FKUmw0R3N5aHkzeXhkKzdySW5RZzgKLS0tIDh0RzNtNmRmU3FBNXRyeFdKaWJu
aGt5K1hoaEIwNXdJTW01TldSb2JFUjgKkyah1P6De1pBRLobnYB8lMj1sRaMsx5D
RIGn9Tws5Kj+VsgGenm24mMnLO48b4s+Y2XX8clydNaVB/Jf7B4d4A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUHliOXhKcFBMY1ZyeHZa
MHJUblRhMlBabFlRSlVHZmgrd0hZYWFPcWhBCnRxa2lBQk81NG9DMkQySHdhUGZk
Skc2ZEZ0bVdUNlVBUEJ6SXIyaDJuV0UKLS0tIHpMRWY2ZURBbEs0WlVZV0ZkTnZC
NGFpK3RTZ0FEc05TVkJHNlVKbzZUbTgKM1kbK9d8apdQf80tREKBfv6Sm6q9Dv0N
WWtZJOyxEldsTyF0cBiK15e8dOu/195x2Z7gbr4gECRNZg/huKHFYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOTZQdyswVUt6Vi9yejlF
Z3I0VEcrdmVFbjFBSlJ5bHZWaVp0R2U5c0dnCkJFNVM5MVRrM3NXQ3JQTzFib3k4
eTA2cTg2UFZGWkV6OVpSVWMxQ1IzNE0KLS0tIEc5SzlhRXVzQWlGd0l6ckJ4WmJO
L1QvTjhTWE1QNmswemRhVkczSnZEeFkKpeBTGWFl2rkNkR5tG3mo18WFkVZP/vwj
q/xKcMB/5lenIyYAfTlWWE84kWkt0Gx+spWFUqMqoE9805CyF6V/Ew==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p3uxpjku9fkyvav56fgmq2cem50wg2dh34hdpp5nzqs6cerandaqvkrgxr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdkhUbnV4VFphSEFrdm8w
d1A0K0x2RGlKZVNHUllZQ1Z0UlFNOFhHTEdnClhkM2RVdE1hMDhSeG93WEs2MHRi
Vk5CcmZCOTFzYmdSdXNNZFZDT3RqaTgKLS0tIGlhdndIcXUzbUhxWEZVUVVxM0Rn
dFZ3T3VUeHVnVThadHVQaVJCNkdZeDQK99L7CbBbklUUtanyFIOiCzO3hZP1mh3z
ZZhhr6BCcHBbqzLaRLbT27BTCoNuGsXxyzW6tpXYacYuITkcFq9bOQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVmd3UlhXV3U2aGdlanVu
bVBtMWxSNlNZVCs3SkhUQjlydU1JaThhMHdFCmlSR1cyWVJ0dGFuRTBMSUxqRjU1
cE90NkFlTVJ4TjFnK1J0dkR5ZEhxMGsKLS0tIGJ3akZNL2txVGFqVEZxM2wwNnNy
ODk5Rm43TmRJd3NQZUFrLzFZcyttNEUKYRsuDmk9u7GnJIM/8PphpyW0ydIud9JK
7R5Rg5fuqN9NZxZHjv5qW2sWwsP3hBaCAT6RqlYEULj03b+5y+s4Hg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-26T15:52:43Z"
mac: ENC[AES256_GCM,data:s0Oc18zrDOQkyZHre1NbwMOKxS/4KGq7WGifmAi4xJsN2oeQXXAOXE5baMRBiC4q6ak7UvowSXWeuTx7+8P37ycVL2I9SpnIamkxGbzTLCNeqa+3ipcRRWMSYWrit+KwJXYS0F+hUv0/QgFssl8W7bKquwkkQy6Aqz8sGmx/WqU=,iv:JfUR8L/6arJenH21061U8T6ld3wU0BksWKkjiK+fLHc=,tag:iABB6x6zrFIVBSV6cHKMDA==,type:str]
- recipient: age1cf97rf4gq7qad0rd5dcdtel2qq7uqcxvd7dpk257e3e0e0krv9esd7sc0d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RnE5eng3aG1PY1ZNRnJJ
SUlpbDA1eXI3VTJoUEFVRnpPTGxjanh3M2pnClI0TzVmN3ZXTkxqb2piVDJjRjRP
V2lJeGVMVXFVd1lCVVdIQlpmOGRZbVUKLS0tIHhrODBOTlpuOFptbzB5YU9BSlV0
WnpOSEZhNG1MZ2ZhelN5d2grSVl0L1kKt8fWIXZMeQMXaD3WT6joRa0YEmjHc4FU
IIge9bmr548WkDDq7uu0fbhgimiqRdjt0KxG0NnwlWm5MzpTOaYlQw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-04T21:39:51Z"
mac: ENC[AES256_GCM,data:udqMJ5wLMgNypgbgHJtvCk6DuXMVE9InuitxrkPp4y5S8seEyH292zuzB7c7z8rGRntaxopZPNBkOgAPXZkD9uiS7B2iaQlQJslZJt5JxuDdJB+s/F9mNzvJVIDdw4fLdwrMqPHTS+2aVDJKMgByZFecUdx8M93EV6j1KJ6igvw=,iv:wYRy5/2o+yao6v2l7Wv4ea0FXjXt/mY591i4C4LpUQ4=,tag:iVsEQ83fPS3fNLfqu1AYRQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.2