first working version

author: Mike Vink <ivi@vinkies.net> 2024-02-11 18:34:12 +0100
committer: Mike Vink <ivi@vinkies.net> 2024-02-11 18:34:12 +0100
commit: 1f0a1359730f90949f56254551ce85a92de97abc (patch)
tree: 8eee927eb425dedf4612105ac686333dfb8244c5
parent: 3cc299a59572c8c9c09b67fc26cfc699355447fd (diff)
5 files changed, 32 insertions, 9 deletions
diff --git a/flake.lock b/flake.lock
index 0130e49..5cf123b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -275,8 +275,8 @@
         ]
       },
       "locked": {
-        "lastModified": 1707601714,
-        "narHash": "sha256-/IRc56GzSexkZYni1FxyLnr8WRkMvlExFELG7vQekgw=",
+        "lastModified": 1707672079,
+        "narHash": "sha256-qwjdPzi6nPKnsBGWm0vhtf32aOPMbI7+ydRpa6SRMrQ=",
         "path": "/Users/ivi/nix-darwin",
         "type": "path"
       },
diff --git a/machines/work.nix b/machines/work.nix
index 7fe204b..6584cb6 100644
--- a/machines/work.nix
+++ b/machines/work.nix
@@ -4,8 +4,8 @@
     programs = {
       virt-manager = mkSinkUndeclaredOptions {};
       steam = mkSinkUndeclaredOptions {};
-      hardware = mkSinkUndeclaredOptions {};
     };
+    hardware = mkSinkUndeclaredOptions {};
     services = {
       resolved = mkSinkUndeclaredOptions {};
       openssh.enable = mkOption {
@@ -47,6 +47,24 @@
         tailscale = 1475387142;
       };
     };
+    services.syncthing = {
+      cert = builtins.toFile "syncthing-cert" ''
+        -----BEGIN CERTIFICATE-----
+        MIICHDCCAaKgAwIBAgIICf/IfhEqojIwCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ
+        U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG
+        A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIwOTAwMDAwMFoXDTQ0MDIwNDAwMDAwMFow
+        SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl
+        bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID
+        YgAEB3N4kE5gTlpCt8W/ocQQbDZMvIzmNghcl0tsc+EVPXCTnpinIB48jOxGNkPr
+        rm0o3EEPrI8O+cJqSydeyeSVMKYCjNswP6LiYNWaWua+SXjz25FurJxV21LXYMhc
+        1egPo1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+        AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG
+        SM49BAMCA2gAMGUCMEOYa4HZKLy4WimWlAIpXU/joYvpIPS3dJP50VQIkKFj/eL8
+        p8+rG7+7P03W7J4E6AIxANp5CxwCtTlh1a1+8Kdvfc7ZvFuMwPlM3d8EFk9y9aRZ
+        jurkqKKyl7EUOk0ufvUaQQ==
+        -----END CERTIFICATE-----
+      '';
+    };
 
     # Auto upgrade nix package and the daemon service.
     services.nix-daemon.enable = true;
@@ -66,7 +84,9 @@
 
     # The platform the configuration will be used on.
     nixpkgs.hostPlatform = "aarch64-darwin";
-    users.users.${ivi.username}.shell = pkgs.bashInteractive;
+    users.users.${ivi.username} = {
+      shell = pkgs.bashInteractive;
+    };
     environment.shells = [pkgs.bashInteractive];
   };
 }
diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix
index d8ad29f..a17fde4 100644
--- a/profiles/core/configuration.nix
+++ b/profiles/core/configuration.nix
@@ -29,7 +29,7 @@
   time.timeZone = "Europe/Amsterdam";
   users.users = {
       ${ivi.username} = {
-        uid = 1000;
+        uid = mkIf (!machine.isDarwin) 1000;
         description = ivi.realName;
         openssh.authorizedKeys.keys = ivi.sshKeys;
         extraGroups = ["wheel" "networkmanager" "docker" "transmission"];
diff --git a/profiles/core/syncthing.nix b/profiles/core/syncthing.nix
index a1767a6..7135fad 100644
--- a/profiles/core/syncthing.nix
+++ b/profiles/core/syncthing.nix
@@ -1,8 +1,10 @@
-{config, lib,...}: with lib; {
+{machine, config, lib,...}: with lib; let
+    group = if machine.isDarwin then (builtins.toString config.ivi.gid) else config.ivi.group;
+in {
   services.syncthing = {
     enable = true;
     user = ivi.username;
-    inherit (config.ivi) group;
+    inherit group;
     dataDir = config.ivi.home;
     overrideDevices = true;
     overrideFolders = true;
diff --git a/secrets/syncthing.yaml b/secrets/syncthing.yaml
index 422eb06..8276d38 100644
--- a/secrets/syncthing.yaml
+++ b/secrets/syncthing.yaml
@@ -1,5 +1,6 @@
 lemptop: ENC[AES256_GCM,data:3dmcPh8EtBYe2KQQ1HMddLey5Qdhtz7kGvMFZaqidMZ099ycd+EnXrHsJIRHoWFrGsRbBs6vgWytKX49JBcrl5im8u7Jw6AbFtCh81XOau8+EaKD+Z+uynRhbJ31y+AH5MTGIniM+7RviGUDeBM8oZAvtazbaiswckFkR8HrJ8WcGOi2xkq+HY/OIqTnBpy83Q7A0oD6YPfNjvFJUB0LJFU/mYfrbmADEkobeKQz57sHc22scjrfszWmxcgcjrriuqRReucClU9uQ3GO8bEMvWFT7epjZAkwht7Oq1K2U17kt6xsrqTWRPNwQsB3P2w7i5YQMBnGAtz0b9VC5hH8GyZJGBFLRkk0fzxhUL9SXRid2wvTKrCAoMnjWTCw8K2D,iv:ojRT/RzCcxQlGh2FFz5tdUYOq4bekGcmE8Hm9tUSrDg=,tag:jd/g0vpTCOmf2EdQCcpcZQ==,type:str]
 pump: ENC[AES256_GCM,data:2Vu1idorw/kMsDThT2ywGmdPMgQdDHQItpZRukpdiapcKxMa65U/AQzshkbuQVTN5AaDkMNnLQrrLt8qQY0QxhTpddc4+y1kLaVAE5G+8di/2GJiGKUAjHOwyX72BXqjkAYOZ6u96PThOs3PmyhHhiH5ge9ZpOh1zOG2CD4dzoMLHHPHgSv8NLuhZ3kuc3yE3a/YgMgs9NjCvL44Pks8ktVq9DZAJfJB+eRGJPA9k6sN1NP1vMW9RKnk6dI+ZwOz1OHnQvfyVqe/vJxG96m4ALq4oeqn003+me72GB4DO9GLx2IkAsK0Jw9ZoiiJDSfEMVGzhH348mZXfAsTTb2coN9+834V5tBIT9OVDx+cJfHF7+7sm1FHH+fkzbteSH4q,iv:2IY08X5IYjGPEEZYqB/Sa8B1GOkURQg8nqgRwgTJs5c=,tag:ey3TMSDpt5xuEB9eH1ylOw==,type:str]
+work: ENC[AES256_GCM,data:Kfw00ljs0JUEMET3Ii+pQwdNAe7A49oZUB+f5+rKU/doKqW5KC5T4vRV+AY2xIle6Gz2qQI4tN9ffdFZnKS6HvS/aoSnPwSrZo9VYyyBFlhcEwqfdhtzspu+oDkz6EQtqOxZAqzKP5mEPN5YRT0FWTWT99oYtXEHtuG7h80ivZbnY2gjQgkGGieq/c2TDVotS6Av/ycUd5ZQrd9iNXgeuHuQbfLF7/xhOZweYgcDuTqcGNaPdz4y/TRWQa05VkhkcByvHZ+6fG8SkZ7RjUuRsAC5D6ErJqqQmRznOZ6E6RElLWZdkIr2ahXtdU8t7VCDsInA8ua15V2vTEcVNoNYRFjDCAx3lbgO0pelHUno1bwXah6YFEPCMqlieSOMtT3p,iv:jsPrGHem6Qq87/ePRjGLcPWfAqWcy13yNCuZjN2I8pw=,tag:ED7trfDcmuIB/ljyqPMB8Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +34,8 @@ sops:
             L1J2UnNuT1pFTkJFL2xvVTA2Vms2c28Krpo5CfIjPvPq1zduh3CiALLsCtjkx6Hv
             py/kzJ8BGgTiwP25WfP62nhIctU/G3kLHhFf6eppS6asqsK/fRSwtg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-11T11:44:24Z"
-    mac: ENC[AES256_GCM,data:QLQt9uFoAVzUOOmCLDoEs5Dmqy0ll64Yb/kcRk38WxMhj6cX5q7WqKajiv0Ns5jWGTi0pq+KilZ+KPhTSPId/l+oKV1CGVrrlk+BrddEWQ+eLYPUph+ib/dl+qP4QPp0HHrpmfAOb3s3I1kJjFTj8oT2iLV5Nbp8U8FTm5AauP0=,iv:wKr5Xr9YQJKhGXZSoYSTwZ6W1LauaQ/5usPS1KH8s5g=,tag:oLB80fGkxKxT3DQa6LspsA==,type:str]
+    lastmodified: "2024-02-11T17:26:59Z"
+    mac: ENC[AES256_GCM,data:bPiEENY5iGWOTSwbeBX67ztTbUn26kkt4y/4QTMEjES/kfbPdlpfIXGGPTV0QSfsWAJuKWUPLnTYAMpoHDc9i/F7xTANadrbco58iPv75g57ShpTvOj4HrtY0XQ23xTDkA92iqPv9A+ahcFoc38LEJ0WTjm6fenEFzj2dtcTLI8=,iv:iMqBGjCVdGj4RnDBr29wJDq5LKueqIPazKTsuTWQ9y0=,tag:9ae92gQeoFiRa155/eNqCg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
author	Mike Vink <ivi@vinkies.net>	2024-02-11 18:34:12 +0100
committer	Mike Vink <ivi@vinkies.net>	2024-02-11 18:34:12 +0100
commit	1f0a1359730f90949f56254551ce85a92de97abc (patch)
tree	8eee927eb425dedf4612105ac686333dfb8244c5
parent	3cc299a59572c8c9c09b67fc26cfc699355447fd (diff)