john/jsl-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:7205ea32a3a153d9da0829818472d206b114fa40
Branches Tags
john:main john:restic john:sops john:split-graphical john:dev
john:v3 john:v2 john:v1
...
compare: john:restic
Branches Tags
john:restic john:sops john:split-graphical john:dev john:main
john:v3 john:v2 john:v1

14 Commits
7205ea32a3 ... restic

Author SHA1 Message Date
John Lancaster
d2803b8e5c added panoptes-root 2025-11-10 08:35:24 -06:00
John Lancaster
d11d6d7f78 nixgl options rename to silence warnings 2025-11-10 08:09:42 -06:00
John Lancaster
ebfe340cf0 test-dns script 2025-11-09 22:05:59 -06:00
John Lancaster
af26a2db8b git fixes 2025-11-09 22:05:09 -06:00
John Lancaster
34eaffdd65 added resticprofile test 2025-11-09 21:21:22 -06:00
John Lancaster
fc66147173 added hermes host to ssh 2025-11-09 21:21:12 -06:00
John Lancaster
3a84c99877 commented out shell 1 password shell plugin 2025-11-09 21:21:01 -06:00
John Lancaster
09dee82f8d git updates 2025-10-29 14:05:54 -05:00
John Lancaster
0c4d651098 updated theme name 2025-10-04 10:27:31 -05:00
John Lancaster
e218eb25f3 added gmail credentials file 2025-09-23 21:10:34 -05:00
John Lancaster
01d8e9c758 disabled 1password shell home module 2025-09-23 21:10:16 -05:00
John Lancaster
682bc9d826 removed shell plugins for 1 password 2025-08-25 21:53:53 -05:00
John Lancaster
baecc7bb69 gmail api secret working 2025-08-03 12:05:51 -05:00
John Lancaster
5e9cd352d7 added gmail credential file 2025-08-03 09:23:06 -05:00
12 changed files with 185 additions and 39 deletions
Expand all files Collapse all files

7
.sops.yaml
View File

@@ -2,7 +2,12 @@ keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: \.yaml$
key_groups:
- age:
- *john-p14s
- *john-pc
- path_regex: \.json$
key_groups: key_groups:
- age: - age:
- *john-p14s - *john-p14s

2
flake.nix
View File

@@ -7,7 +7,7 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
_1password-shell-plugins.url = "github:1Password/shell-plugins"; # _1password-shell-plugins.url = "github:1Password/shell-plugins";
nixgl = { nixgl = {
url = "github:nix-community/nixGL"; url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

21
homeManagerModules/default.nix
View File

@@ -11,7 +11,8 @@
./vscode.nix ./vscode.nix
../nixosModules/options.nix ../nixosModules/options.nix
inputs._1password-shell-plugins.hmModules.default # inputs._1password-shell-plugins.hmModules.default
# Commented out because it tries to configure fish shell which we don't use
]; ];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
@@ -91,15 +92,15 @@
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;
# https://developer.1password.com/docs/cli/shell-plugins/nix/ # # https://developer.1password.com/docs/cli/shell-plugins/nix/
programs._1password-shell-plugins = lib.mkIf config._1password { # programs._1password-shell-plugins = lib.mkIf config._1password {
# enable 1Password shell plugins for bash, zsh, and fish shell # # enable 1Password shell plugins for bash, zsh, and fish shell
enable = true; # enable = true;
# the specified packages as well as 1Password CLI will be # # the specified packages as well as 1Password CLI will be
# automatically installed and configured to use shell plugins # # automatically installed and configured to use shell plugins
# https://developer.1password.com/docs/cli/shell-plugins # # https://developer.1password.com/docs/cli/shell-plugins
plugins = with pkgs; [ gh ]; # plugins = with pkgs; [ gh ];
}; # };
home.file.".config/1Password/ssh/agent.toml" = lib.mkIf config._1password { home.file.".config/1Password/ssh/agent.toml" = lib.mkIf config._1password {
# https://developer.1password.com/docs/ssh/agent/config # https://developer.1password.com/docs/ssh/agent/config
text = '' text = ''

10
homeManagerModules/ghostty.nix
View File

@@ -5,9 +5,11 @@
}; };
# nixGL is now provided as a flake input # nixGL is now provided as a flake input
nixGL.packages = nixgl.packages.${pkgs.system}; targets.genericLinux.nixGL = {
nixGL.defaultWrapper = "mesa"; packages = nixgl.packages.${pkgs.system};
nixGL.installScripts = [ "mesa" ]; defaultWrapper = "mesa";
installScripts = [ "mesa" ];
};
programs.ghostty = lib.mkIf (config.enableShell && config.graphical.ghostty) { programs.ghostty = lib.mkIf (config.enableShell && config.graphical.ghostty) {
enable = true; enable = true;
@@ -19,7 +21,7 @@
font-family = "Source Code Pro"; font-family = "Source Code Pro";
# theme = "idleToes"; # theme = "idleToes";
# theme = "CGA"; # theme = "CGA";
theme = "catppuccin-mocha"; theme = "Catppuccin Mocha";
# theme = "CobaltNext"; # theme = "CobaltNext";
# clipboard-read = "allow"; # clipboard-read = "allow";
copy-on-select = true; copy-on-select = true;

10
homeManagerModules/git.nix
View File

@@ -3,19 +3,19 @@
programs.git = lib.mkMerge [ programs.git = lib.mkMerge [
{ {
enable = true; enable = true;
extraConfig = { settings = {
credential.helper = "store --file ~/.git-credentials"; credential.helper = "store --file ~/.git-credentials";
init.defaultBranch = "main"; init.defaultBranch = "main";
push.autoSetupRemote = true; push.autoSetupRemote = true;
}; };
} }
(lib.mkIf (config.profile == "personal") { (lib.mkIf (config.profile == "personal") {
userName = "John Lancaster"; settings.user.name = "John Lancaster";
userEmail = "32917998+jsl12@users.noreply.github.com"; settings.user.email = "32917998+jsl12@users.noreply.github.com";
}) })
(lib.mkIf (config.profile == "work") { (lib.mkIf (config.profile == "work") {
userName = "John Lancaster"; settings.user.name = "John Lancaster";
userEmail = "john.lancaster@crowncastle.com"; settings.user.email = "john.lancaster@crowncastle.com";
}) })
]; ];
} }

1
homeManagerModules/restic/resticprofile.nix
View File

@@ -59,6 +59,7 @@ in {
rp schedule --all rp schedule --all
'') '')
(pkgs.writeShellScriptBin "rp-test" "rp run-schedule backup@default --dry-run") (pkgs.writeShellScriptBin "rp-test" "rp run-schedule backup@default --dry-run")
(pkgs.writeShellScriptBin "rp-test" "rp run-schedule backup@default --dry-run")
]; ];
xdg.configFile."resticprofile/profiles.yaml".source = yamlFormat.generate "profiles" { xdg.configFile."resticprofile/profiles.yaml".source = yamlFormat.generate "profiles" {
version = "2"; version = "2";

10
homeManagerModules/shell.nix
View File

@@ -37,10 +37,10 @@
] ++ lib.optional config._1password "1password"; ] ++ lib.optional config._1password "1password";
}; };
shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time"; shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
initContent = lib.mkIf config._1password '' # initContent = lib.mkIf config._1password ''
if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then # if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then
source ${config.home.homeDirectory}/.config/op/plugins.sh # source ${config.home.homeDirectory}/.config/op/plugins.sh
fi # fi
''; # '';
}; };
} }

28
homeManagerModules/sops.nix
View File

@@ -12,10 +12,36 @@ in
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = ../keys/secrets.yaml; defaultSopsFile = ../keys/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
secrets."api/gmail_client_secret" = { };
templates."gmail_creds" = {
content = ''
{
"installed": {
"client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com",
"project_id": "python-apis-423500",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "${config.sops.placeholder."api/gmail_client_secret"}",
"redirect_uris": [
"http://localhost"
]
}
}
'';
path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
}; };
};
home.sessionVariables = {
GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
};
home.packages = with pkgs; [ home.packages = with pkgs; [
(writeShellScriptBin "edit-secrets" '' (writeShellScriptBin "edit-secrets" ''
sops --config ${sopsConfigPath} ${sopsSecretsPath} ${sops}/bin/sops --config ${sopsConfigPath} ${sopsSecretsPath}
'') '')
sops sops
age age

8
homeManagerModules/ssh.nix
View File

@@ -16,10 +16,18 @@
hostname = "192.168.1.110"; hostname = "192.168.1.110";
user = "root"; user = "root";
}; };
"hermes" = {
hostname = "192.168.1.150";
user = "root";
};
"panoptes" = { "panoptes" = {
hostname = "192.168.1.107"; hostname = "192.168.1.107";
user = "panoptes"; user = "panoptes";
}; };
"panoptes-root" = {
hostname = "192.168.1.107";
user = "root";
};
"pve5070" = { "pve5070" = {
hostname = "192.168.1.130"; hostname = "192.168.1.130";
user = "root"; user = "root";

16
keys/secrets.yaml
View File

@@ -1,15 +1,7 @@
restic_password: restic_password:
john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str] john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str]
hello: ENC[AES256_GCM,data:g/YDwjNQLs4pFRzFO3nwcbmeJd6tMLNNhhnSsAFyOQ8U8yjjUoCReDvrqpqBXIP1T9B80qyBVzxBY2bAYg==,iv:YdiJdG1ZjA95DGArtfaF1E8LomqW6oHCLmoSLQvwP+k=,tag:/ipWczAvhcjw5Jv7nvMF8A==,type:str] api:
example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str] gmail_client_secret: ENC[AES256_GCM,data:du2gEY5TQIwpUEvJKDWKY3noLRGeiKek4IMwPUusVx8NMys=,iv:hIYi1xQYf6+hDhK0pNprBYu6wXwRH2yOTwQg6pzQa0A=,tag:sqmQ5GCkKbHpIy2R+Y5G/A==,type:str]
#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
example_array:
- ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
- ENC[AES256_GCM,data:8eQ2clCNBxPfdycPMOo=,iv:C9iT+wJH9ENJShNYo3IGceRwHyrlU6LUE7jpc+72KOw=,tag:YTbZqYJVMUoTRqD2ujTOvg==,type:str]
example_number: ENC[AES256_GCM,data:LhABh/RtBsdKAg==,iv:JGYFnixDNZUIRKJcuaenvO8D60T+Jvx/R7SWxbIPXsM=,tag:+1b/aj3x1yfQZ2j4OM5dcg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:pGnelw==,iv:KAayJZ8px4Qupv0NfapSQ6valrVKndEtCb3U4MTmK/U=,tag:lkl+zBgkEMbFQjNssxYQjg==,type:bool]
- ENC[AES256_GCM,data:Vqqfp2w=,iv:SC1DS7G9/lHYtA6PPRbVsi/ZhyNUYvRjXxHIqCxqEPA=,tag:9hv6F1rP7xSd08KCKkuiLQ==,type:bool]
sops: sops:
age: age:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
@@ -30,7 +22,7 @@ sops:
Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A== 9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-29T00:12:59Z" lastmodified: "2025-08-03T17:03:22Z"
mac: ENC[AES256_GCM,data:5dQiEDyfeIYJt/l1wWH8y5cQm7+PqnUDwezCmyP7nvXs0z1lupYOHV62L5hqeQb7AELi4TriOokra4XdhHfr/QnI9capnYV6qTQrfvBE0EKsUQlxTmE6EnnTQuOWQy1iL8XgM3toEIH2mW2QNwme9k3fF/gGA8bL9t0+OEYGasU=,iv:kVDSFTHQG95rDfkp8sWJnxRQ5Wd9BjfPEzmuMm+alY0=,tag:3KFmBgW6pEEBFkOa14brDw==,type:str] mac: ENC[AES256_GCM,data:c3rcMHTRxbnpQoW5eLn0X1aCL1v2ft05UTcHaCuGiCaF3b/loVjEQr30pepBgR07PSleTIi375Y0Rj8ik8Ot3j+Zl5BR32bEtqf6gcWwz6oSmeORDrJS15698d7/avJl82/EC0ZN77j+fcdkWZrCJHb47HGfRxKl9L5HbyWasA4=,iv:g3d3C571uYpTTFixYZg+ztg8jTdof1g6Hb5gtRvpRkk=,tag:8kAxrUwUVeWvpYjWMDE+AA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

1
nixosModules/scripts.nix
View File

@@ -12,5 +12,6 @@ in
nix flake update --flake $FLAKE --impure nix flake update --flake $FLAKE --impure
sudo nixos-rebuild switch --flake $FLAKE#${hostName} --impure sudo nixos-rebuild switch --flake $FLAKE#${hostName} --impure
'') '')
(pkgs.writeShellScriptBin "test-dns" (builtins.readFile ../scripts/test-dns.sh))
]; ];
} }

110
scripts/test-dns.sh Normal file
View File

@@ -0,0 +1,110 @@
#!/usr/bin/env bash
# Function to test DNS resolution for a subdomain
test_subdomain() {
local subdomain="$1"
local fqdn="${subdomain}.john-stream.com"
echo "========================================"
echo "Testing DNS for: $fqdn"
echo "========================================"
echo ""
# Test panoptes
echo "📍 Testing: panoptes"
result=$(dig @panoptes "$fqdn" +short +time=2 +tries=1 2>&1)
if [ -n "$result" ]; then
echo " ✅ Resolved to: $result"
dig @panoptes "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /'
else
echo " ❌ Failed to resolve"
fi
echo ""
# Test CoreDNS (192.168.1.107)
echo "📍 Testing: 192.168.1.107 (CoreDNS)"
result=$(dig @192.168.1.107 "$fqdn" +short +time=2 +tries=1 2>&1)
if [ -n "$result" ]; then
echo " ✅ Resolved to: $result"
dig @192.168.1.107 "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /'
else
echo " ❌ Failed to resolve"
fi
echo ""
# Test Cloudflare DNS (1.1.1.1)
echo "📍 Testing: 1.1.1.1 (Cloudflare DNS)"
result=$(dig @1.1.1.1 "$fqdn" +short +time=2 +tries=1 2>&1)
if [ -n "$result" ]; then
echo " ✅ Resolved to: $result"
dig @1.1.1.1 "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /'
else
echo " ❌ Failed to resolve"
fi
echo ""
}
# Function to check SSL certificate for the domain
check_ssl_cert() {
local subdomain="$1"
local fqdn="${subdomain}.john-stream.com"
echo "========================================"
echo "SSL Certificate Check for: $fqdn"
echo "========================================"
echo ""
# Check if openssl is available
if ! command -v openssl &> /dev/null; then
echo "❌ openssl command not found. Please install openssl to check SSL certificates."
return 1
fi
# Try to fetch SSL certificate information
echo "📍 Fetching SSL certificate information..."
cert_info=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -text 2>/dev/null)
if [ -z "$cert_info" ]; then
echo " ❌ Failed to retrieve SSL certificate. The domain may not be accessible via HTTPS."
return 1
fi
# Extract and display key certificate information
echo " ✅ SSL certificate found!"
echo ""
# Get certificate details
cert_details=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -subject -issuer -dates 2>/dev/null)
echo "📋 Certificate Details:"
echo "$cert_details" | sed 's/^/ /'
echo ""
# Check certificate expiration
expiry_date=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
if [ -n "$expiry_date" ]; then
expiry_epoch=$(date -d "$expiry_date" +%s 2>/dev/null)
current_epoch=$(date +%s)
days_until_expiry=$(( ($expiry_epoch - $current_epoch) / 86400 ))
if [ $days_until_expiry -lt 0 ]; then
echo "⚠️ Certificate Status: EXPIRED ($days_until_expiry days ago)"
elif [ $days_until_expiry -lt 30 ]; then
echo "⚠️ Certificate Status: Expiring soon ($days_until_expiry days remaining)"
else
echo "✅ Certificate Status: Valid ($days_until_expiry days remaining)"
fi
fi
echo ""
}
# Test the subdomain
if [ -z "$1" ]; then
echo "Usage: $0 <subdomain>"
echo "Example: $0 appdaemon"
exit 1
fi
test_subdomain "$1"
check_ssl_cert "$1"