diff --git a/lib/module/default.nix b/lib/module/default.nix index e32da5b..af29c39 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -39,7 +39,7 @@ rec { reverseProxyConfig = lib.${namespace}.mkReverseProxy { inherit name; subdomain = cfg.reverseProxy.subdomain; - url = "http://${config.${namespace}.network.ipv4.address}:${toString cfg.port}"; # TODO: address + url = "http://${config.${namespace}.network.ipv4.address}:${toString cfg.port}"; middlewares = cfg.reverseProxy.middlewares; }; diff --git a/modules/nixos/services/glance/default.nix b/modules/nixos/services/glance/default.nix index 1c12fae..9009eea 100644 --- a/modules/nixos/services/glance/default.nix +++ b/modules/nixos/services/glance/default.nix @@ -13,9 +13,31 @@ let description = "glance"; options = { }; moduleConfig = { + sops = { + secrets = { + "jallen-nas/glance/arr-username" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + }; + "jallen-nas/glance/arr-password" = { + sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + }; + }; + templates = { + "glance.env" = { + mode = "660"; + restartUnits = [ "glance.service" ]; + content = '' + ARR_USER=${config.sops.placeholder."jallen-nas/glance/arr-username"} + ARR_PASS=${config.sops.placeholder."jallen-nas/glance/arr-password"} + ''; + }; + }; + }; + services.glance = { enable = true; openFirewall = true; + environmentFile = config.sops.templates."glance.env".path; settings = { server = { host = "0.0.0.0"; @@ -47,7 +69,7 @@ let { type = "local"; name = "Jallen-NAS"; - cpu-temp-sensor = "/sys/class/hwmon/hwmon2/temp2_input"; # TODO + cpu-temp-sensor = "/sys/devices/pci0000:00/0000:00:08.1/0000:cd:00.0/hwmon/hwmon*/temp1_input"; # Tctl mountpoints = { "/home" = { name = "Home"; @@ -129,8 +151,8 @@ let icon = "si:sonarr"; allow-insecure = true; basic-auth = { - username = "mjallen"; - password = "BogieDudie1"; # todo + username = "\${ARR_USER}"; + password = "\${ARR_PASS}"; }; } { @@ -139,8 +161,8 @@ let icon = "si:radarr"; allow-insecure = true; basic-auth = { - username = "mjallen"; - password = "BogieDudie1"; + username = "\${ARR_USER}"; + password = "\${ARR_PASS}"; }; } # { diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 66199e3..cecd7cf 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -105,7 +105,6 @@ let # Registration settings enable_registration = false; # Set to true initially to create admin user enable_registration_without_verification = false; - # registration_shared_secret = "BogieDudie1"; # Media settings max_upload_size = "50M"; diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index b678845..790b97a 100644 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -13,7 +13,7 @@ let eula = true; declarative = true; openFirewall = cfg.openFirewall; - dataDir = "/media/nas/main/ssd_app_data/minecraft"; # todo + dataDir = "${cfg.configDir}/minecraft"; # todo serverProperties = { enforce-whitelist = true; white-list = true; diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix index 19e1934..cd58393 100755 --- a/modules/nixos/services/traefik/default.nix +++ b/modules/nixos/services/traefik/default.nix @@ -158,12 +158,10 @@ in templates = { "traefik.env" = { content = '' - CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} - CLOUDFLARE_ZONE_API_TOKEN = ${ - config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token" - } - CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} - CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} + CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} + CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"} + CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} + CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} ''; owner = config.users.users.traefik.name; group = config.users.users.traefik.group; @@ -181,7 +179,7 @@ in enable = true; dataDir = dataDir; group = "jallen-nas"; # group; - environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops + environmentFiles = [ config.sops.templates."traefik.env".path ]; staticConfigOptions = { entryPoints = { diff --git a/secrets/nas-secrets.yaml b/secrets/nas-secrets.yaml index 4beb34b..53e85e9 100644 --- a/secrets/nas-secrets.yaml +++ b/secrets/nas-secrets.yaml @@ -60,6 +60,9 @@ jallen-nas: matrix: client-id: ENC[AES256_GCM,data:Cv5nbJQPo2YkNwVlzaquXguaVpfVxmYu4LvwlgLJw1EVfDz8ZqgCtQ==,iv:OO9q+q36wCq0yuTxLpqh5Nn0oVWdNISTMZzeQedPcGE=,tag:KDsox/yemi9t76xr2/yvbg==,type:str] client-secret: ENC[AES256_GCM,data:5OcfUAVZ0xfGEkGr8rp08lFRbcvMf2XvCU08XnaK8iwjWEmVJjLHtBV0rzulPpdJf9eVapCz0udC8v1bPgD2tvVLNNdSUK5CMwYIB6dsa44/lkUe+EvNl/7w68vUqyo3rWAgTLIUksglvk/aCXH0p3ZIrQgQgeI6EbvdS5bcLqY=,iv:OeCnHFGaXUQhqdPX4XksKwwZrbhBr8bsNeDTiIbfSpY=,tag:KWqDU9iJmIQpObxNdLs6AQ==,type:str] + glance: + arr-username: ENC[AES256_GCM,data:PlLrcaYLmvv5,iv:ZdBAkR93TLh0FMYhqBhxw8hZI5a/UeS3fpWkORH2e4k=,tag:hpuEgLnF5hCtt0XJTC/gAg==,type:str] + arr-password: ENC[AES256_GCM,data:K8J3fPGWc3SWeKo=,iv:pkr+m92OlAszLXmGn34tEtaEvvBV+ohObj2uRDqKIYc=,tag:wBxe9gijHie6sq0brtpMRQ==,type:str] sops: shamir_threshold: 1 age: @@ -180,8 +183,8 @@ sops: NXZkbVZyV0VtTzArOE1uU1JwMXZZN0EKLDU1x+rIWecDD9x//huoM2BM9NRSa4g1 L5nodU/J0XsfB9z3kr7eY5LYSwsqGkAxI1cXJYZGHF+bozJjweyXTQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-19T18:25:38Z" - mac: ENC[AES256_GCM,data:iJ5W0/Vc3P1uADpyPHKkpiBV3b4ls6zrkSvNKlLtKu0avFdf0zEQlxHRIdMqN9AY0CVnOeEu58kxI9J0ld8cTJtgnNvRWhWys4G8a5hCLkTdOB1uJvpRKu+ju+DbKJ2x5ozgDrzXweeG5Mt7vh8ZUFQ9LM3FEuFOzBokLhx6VCA=,iv:WbqHUYLHeG7rY17QN+MFp1UEpgYliT0ULiMah0TQtNo=,tag:Y9cL9KqSgcO11dYhBy6eNw==,type:str] + lastmodified: "2025-12-19T19:13:19Z" + mac: ENC[AES256_GCM,data:WxMZoYKjoEF1VLtmf8HvPqBizpoOTXUdVA7/IIYN0X4mBrg5Bcqj4fLx9hog6UbSQG5hbKxJzHxyeHJldun5bImmdrrE86aWWen3ukmOWxbT5TSVvZvqiwip3xDn4KmAjdoxkrL4SZrgvO6cHY8yTwbKIb3NtUIAKexsgfz6QjY=,iv:PSlNC2z4LZ/Vp0zaP7yyPvoojea9s3/CwnrrPMhF3YU=,tag:Wvc/aXzYLrl7DJe0AI8RyQ==,type:str] pgp: - created_at: "2025-08-24T02:21:34Z" enc: |- diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix index e93defd..536b3d2 100755 --- a/systems/aarch64-linux/pi4/default.nix +++ b/systems/aarch64-linux/pi4/default.nix @@ -39,7 +39,6 @@ user = { name = "matt"; hashedPasswordFile = null; - password = "BogieDudie1"; mutableUsers = false; extraGroups = [ "docker"