mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

so many sops

Browse Source
This commit is contained in:
mjallen18
2025-03-20 21:15:52 -05:00
parent 894a8817cb
commit 3714518ead
8 changed files with 61 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/desktop/services.nix
View File

@@ -106,7 +106,7 @@ in
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008";
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];

3
hosts/desktop/sops.nix
View File

@@ -40,6 +40,9 @@ in
"desktop/restic/password" = {
mode = "0600";
};
"desktop/restic/repo" = {
mode = "0600";
};
"wifi" = { };
# ------------------------------

5
hosts/nas/apps/paperless/default.nix
View File

@@ -84,6 +84,11 @@ in
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
secret-env = {
hostPath = "/run/secrets/rendered/paperless.env";
isReadOnly = true;
mountPoint = "/run/secrets/rendered/paperless.env";
};
};
};

16
hosts/nas/home.nix
View File

@@ -1,4 +1,4 @@
{ ... }:
{ pkgs,... }:
let
shellAliases = {
ll = "ls -alh";
@@ -67,6 +67,20 @@ in
btop.enable = true;
neovim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
plugins = [
pkgs.vimPlugins.nvim-tree-lua
{
plugin = pkgs.vimPlugins.vim-startify;
config = "let g:startify_change_to_vcs_root = 0";
}
];
};
zsh = {
enable = true;
enableCompletion = true;

4
hosts/nas/services.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
let
enableDisplayManager = true;
in
@@ -18,7 +18,7 @@ in
enforce-whitelist = true;
white-list = true;
"enable-rcon" = true;
"rcon.password" = "BogieDudie1"; # todo
"rcon.password" = config.sops.secrets."jallen-nas/admin_password".path;
};
whitelist = {
mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";

23
hosts/nas/sops.nix
View File

@@ -107,6 +107,13 @@ in
"jallen-nas/paperless/authentik-client-secret" = {
restartUnits = [ "container@paperless.service" ];
};
"jallen-nas/free-games/eg-email" = { };
"jallen-nas/free-games/eg-pass" = { };
"jallen-nas/free-games/eg-otp" = { };
"jallen-nas/free-games/pg-email" = { };
"jallen-nas/free-games/pg-pass" = { };
"jallen-nas/free-games/gog-email" = { };
"jallen-nas/free-games/gog-pass" = { };
"ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
@@ -146,6 +153,22 @@ in
};
templates = {
"fgc.env" = {
content = ''
EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"}
EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"}
EG_OTPKEY = ${config.sops.placeholder."jallen-nas/free-games/eg-otp"}
PG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/pg-email"}
PG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/pg-pass"}
GOG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/gog-email"}
GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"}
'';
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "podman-free-games-claimer.service" ];
};
"paperless.env" = {
content = ''
PAPERLESS_URL = "https://paperless.jallen.dev"