mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

some sops

Browse Source
This commit is contained in:
mjallen18
2025-12-19 13:32:07 -06:00
parent ba446f408a
commit 479ac18f20
7 changed files with 39 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/nixos/services/glance/default.nix
View File

@@ -13,9 +13,31 @@ let
description = "glance";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/glance/arr-username" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/glance/arr-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"glance.env" = {
mode = "660";
restartUnits = [ "glance.service" ];
content = ''
ARR_USER=${config.sops.placeholder."jallen-nas/glance/arr-username"}
ARR_PASS=${config.sops.placeholder."jallen-nas/glance/arr-password"}
'';
};
};
};
services.glance = {
enable = true;
openFirewall = true;
environmentFile = config.sops.templates."glance.env".path;
settings = {
server = {
host = "0.0.0.0";
@@ -47,7 +69,7 @@ let
{
type = "local";
name = "Jallen-NAS";
cpu-temp-sensor = "/sys/class/hwmon/hwmon2/temp2_input"; # TODO
cpu-temp-sensor = "/sys/devices/pci0000:00/0000:00:08.1/0000:cd:00.0/hwmon/hwmon*/temp1_input"; # Tctl
mountpoints = {
"/home" = {
name = "Home";
@@ -129,8 +151,8 @@ let
icon = "si:sonarr";
allow-insecure = true;
basic-auth = {
username = "mjallen";
password = "BogieDudie1"; # todo
username = "\${ARR_USER}";
password = "\${ARR_PASS}";
};
}
{
@@ -139,8 +161,8 @@ let
icon = "si:radarr";
allow-insecure = true;
basic-auth = {
username = "mjallen";
password = "BogieDudie1";
username = "\${ARR_USER}";
password = "\${ARR_PASS}";
};
}
# {

1
modules/nixos/services/matrix/default.nix
View File

@@ -105,7 +105,6 @@ let
# Registration settings
enable_registration = false; # Set to true initially to create admin user
enable_registration_without_verification = false;
# registration_shared_secret = "BogieDudie1";
# Media settings
max_upload_size = "50M";

2
modules/nixos/services/minecraft/default.nix
View File

@@ -13,7 +13,7 @@ let
eula = true;
declarative = true;
openFirewall = cfg.openFirewall;
dataDir = "/media/nas/main/ssd_app_data/minecraft"; # todo
dataDir = "${cfg.configDir}/minecraft"; # todo
serverProperties = {
enforce-whitelist = true;
white-list = true;

12
modules/nixos/services/traefik/default.nix
View File

@@ -158,12 +158,10 @@ in
templates = {
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
@@ -181,7 +179,7 @@ in
enable = true;
dataDir = dataDir;
group = "jallen-nas"; # group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
environmentFiles = [ config.sops.templates."traefik.env".path ];
staticConfigOptions = {
entryPoints = {