update readme for nipr on personal

provision/additional-setup.md

@@ -22,6 +22,17 @@ or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
 Encrypted keys for various aspects of the config are stored in `./secrets/secrets.yaml` 
 to the required key for decryption must be placed at `~/.config/sops/age/keys.txt`.
 
+### NIPR email, Teams, etc.
+
+- Run `pcscan` and make sure card reader shows up.
+- Run `pkcs11-register` to register cac.
+- Download certs (i.e. unclass-certificates_pkcs7_DoD.zip) and import into Firefox.
+- Use below links:
+
+[Teams](https://dod.teams.microsoft.us)
+[Outlook](https://webmail.apps.mil/owa)
+[OneDrive](https://usaf-my.dps.mil)
+
 ## Wireguard Client
 
 Wireguard is nice for a home vpn. NixOS setus up all of the configurations for 

provision/hosts/bulwark/configuration.nix

@@ -48,14 +48,10 @@
     nerdfonts
   ];
 
-  # Enable docker 
-  virtualisation.docker.enable = true;
-  virtualisation.docker.storageDriver = "btrfs";
-
   # Define user account.
   users.users.${user} = {
     isNormalUser = true;
-    extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "dialout" "wheel" ]; # Enable ‘sudo’ for the user.
   };
 
   # Password-less root
@@ -98,6 +94,7 @@
       virt-manager.enable = false;
     };
     system = {
+      nipr.enable = true;
       ssh.enable = true;
       terminal.enable = true;
       secrets.enable = true;

provision/hosts/kestrel/configuration.nix

@@ -101,6 +101,7 @@
       virt-manager.enable = true;
     };
     system = {
+      nipr.enable = true;
       secrets.enable = true;
       ssh.enable = true;
       terminal.enable = true;

provision/hosts/torus/configuration.nix

@@ -80,15 +80,6 @@
     gollum # Wiki software that provides a simple, Git-based wiki engine.
   ];
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.pcscd.enable = true;
-  programs.gnupg.agent = {
-     enable = true;
-     pinentryPackage = pkgs.pinentry-curses;
-     enableSSHSupport = true;
-  };
-
   security.acme = {
     acceptTerms = true;
     defaults.email = "starrtyler88@gmail.com";
@@ -123,6 +114,18 @@
       "git.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:3001/"; 
       });
+      "workspace.tstarr.us" = (SSL // {
+        locations."/".proxyPass = "http://localhost:5000/"; 
+      });
+      "code.tstarr.us" = (SSL // {
+        locations."/" = {
+          proxyPass = "http://localhost:8443/"; 
+          proxyWebsockets = true;
+        };
+      });
+      "plot.tstarr.us" = (SSL // {
+        locations."/".proxyPass = "http://localhost:8988/"; 
+      });
       "share.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:5001/"; 
         extraConfig = ''

provision/hosts/torus/rss.nix

@@ -30,7 +30,7 @@ in
   
   services.rss-bridge = {
     enable = true;
-    whitelist = [ "*" ];
+    config.system.enabled_bridges = [ "*" ];
     virtualHost = "${domain}";
   };
 

provision/modules/system/default.nix

@@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ];
+  imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ];
 }

provision/modules/system/nipr.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, user, ... }:
+
+let cfg = config.modules.system.nipr;
+in {
+  options.modules.system.nipr.enable = lib.mkEnableOption "nipr";
+  config = lib.mkIf cfg.enable {
+
+    environment.systemPackages = with pkgs; [
+      opensc
+      pcsc-tools
+      pkcs11helper
+      firefox
+    ];
+  };
+}

provision/modules/system/terminal.nix

@@ -39,6 +39,10 @@ in {
       timewarrior # Command-line time tracking utility.
       ollama # Command-line tool for viewing and managing Open Location Codes.
       docker-compose
+      opensc
+      pcsc-tools
+      firefox
+      pkcs11helper
     ];
   };
 }