provision/additional-setup.md

@@ -22,17 +22,6 @@ or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
 Encrypted keys for various aspects of the config are stored in `./secrets/secrets.yaml` 
 to the required key for decryption must be placed at `~/.config/sops/age/keys.txt`.
 
-### NIPR email, Teams, etc.
-
-- Run `pcscan` and make sure card reader shows up.
-- Run `pkcs11-register` to register cac.
-- Download certs (i.e. unclass-certificates_pkcs7_DoD.zip) and import into Firefox.
-- Use below links:
-
-[Teams](https://dod.teams.microsoft.us)
-[Outlook](https://webmail.apps.mil/owa)
-[OneDrive](https://usaf-my.dps.mil)
-
 ## Wireguard Client
 
 Wireguard is nice for a home vpn. NixOS setus up all of the configurations for 

provision/hosts/bulwark/configuration.nix

@@ -48,10 +48,14 @@
     nerdfonts
   ];
 
+  # Enable docker 
+  virtualisation.docker.enable = true;
+  virtualisation.docker.storageDriver = "btrfs";
+
   # Define user account.
   users.users.${user} = {
     isNormalUser = true;
-    extraGroups = [ "dialout" "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user.
   };
 
   # Password-less root
@@ -94,7 +98,6 @@
       virt-manager.enable = false;
     };
     system = {
-      nipr.enable = true;
       ssh.enable = true;
       terminal.enable = true;
       secrets.enable = true;

provision/hosts/kestrel/configuration.nix

@@ -101,7 +101,6 @@
       virt-manager.enable = true;
     };
     system = {
-      nipr.enable = true;
       secrets.enable = true;
       ssh.enable = true;
       terminal.enable = true;

provision/hosts/torus/configuration.nix

@@ -80,6 +80,15 @@
     gollum # Wiki software that provides a simple, Git-based wiki engine.
   ];
 
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.pcscd.enable = true;
+  programs.gnupg.agent = {
+     enable = true;
+     pinentryPackage = pkgs.pinentry-curses;
+     enableSSHSupport = true;
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "starrtyler88@gmail.com";
@@ -114,18 +123,6 @@
       "git.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:3001/"; 
       });
-      "workspace.tstarr.us" = (SSL // {
-        locations."/".proxyPass = "http://localhost:5000/"; 
-      });
-      "code.tstarr.us" = (SSL // {
-        locations."/" = {
-          proxyPass = "http://localhost:8443/"; 
-          proxyWebsockets = true;
-        };
-      });
-      "plot.tstarr.us" = (SSL // {
-        locations."/".proxyPass = "http://localhost:8988/"; 
-      });
       "share.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:5001/"; 
         extraConfig = ''

provision/hosts/torus/rss.nix

@@ -30,7 +30,7 @@ in
   
   services.rss-bridge = {
     enable = true;
-    config.system.enabled_bridges = [ "*" ];
+    whitelist = [ "*" ];
     virtualHost = "${domain}";
   };
 

provision/modules/system/default.nix

@@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ];
+  imports = [ ./secrets.nix ./ssh.nix ./backup.nix ./terminal.nix ./wireguard-client.nix ];
 }

provision/modules/system/nipr.nix

@@ -1,15 +0,0 @@
-{ config, lib, pkgs, user, ... }:
-
-let cfg = config.modules.system.nipr;
-in {
-  options.modules.system.nipr.enable = lib.mkEnableOption "nipr";
-  config = lib.mkIf cfg.enable {
-
-    environment.systemPackages = with pkgs; [
-      opensc
-      pcsc-tools
-      pkcs11helper
-      firefox
-    ];
-  };
-}

provision/modules/system/terminal.nix

@@ -39,10 +39,6 @@ in {
       timewarrior # Command-line time tracking utility.
       ollama # Command-line tool for viewing and managing Open Location Codes.
       docker-compose
-      opensc
-      pcsc-tools
-      firefox
-      pkcs11helper
     ];
   };
 }