cleanup

2026-03-18 22:43:29 -05:00
parent d9f17670e1
commit af840f242b
49 changed files with 1079 additions and 1307 deletions
--- a/systems/aarch64-linux/macbook-pro-nixos/default.nix
+++ b/systems/aarch64-linux/macbook-pro-nixos/default.nix
@@ -23,6 +23,8 @@
  ${namespace} = {
    headless.enable = false;

+    sops.enable = true;
+
    impermanence = {
      enable = true;
      # extraDirectories = [
--- a/systems/aarch64-linux/pi5/default.nix
+++ b/systems/aarch64-linux/pi5/default.nix
@@ -17,6 +17,8 @@

  ${namespace} = {

+    sops.enable = true;
+
    # ###################################################
    # #                 Impermanence                  # #
    # ###################################################
--- a/systems/x86_64-linux/allyx/default.nix
+++ b/systems/x86_64-linux/allyx/default.nix
@@ -27,6 +27,8 @@
  ${namespace} = {
    headless.enable = false;

+    sops.enable = true;
+
    bootloader.lanzaboote.enable = true;

    desktop.gnome.enable = true;
--- a/systems/x86_64-linux/jallen-nas/apps.nix
+++ b/systems/x86_64-linux/jallen-nas/apps.nix
@@ -19,10 +19,7 @@ in
      ai = {
        enable = true;
      };
-      arrs = {
-        enable = true;
-        enableVpn = true;
-      };
+      arrs.enable = true;
      attic = {
        enable = true;
        port = 9012;
--- a/systems/x86_64-linux/jallen-nas/default.nix
+++ b/systems/x86_64-linux/jallen-nas/default.nix
@@ -26,6 +26,7 @@ in
  powerManagement.cpuFreqGovernor = "powersave";

  ${namespace} = {
+    sops.enable = true;
    # ###################################################
    # #                     Boot                      # #
    # ###################################################
--- a/systems/x86_64-linux/jallen-nas/disabled.nix
+++ b/systems/x86_64-linux/jallen-nas/disabled.nix
@@ -17,6 +17,7 @@ in
          consoleLogLevel = 3;
        };
        ${namespace} = {
+          sops.enable = true;
          services = {
            actual = mkForce disabled;
            ai = mkForce disabled;
--- a/systems/x86_64-linux/jallen-nas/nas-defaults.nix
+++ b/systems/x86_64-linux/jallen-nas/nas-defaults.nix
@@ -21,66 +21,69 @@ let
  };
 in
 {
-  # Bespoke services that define their own path options (not via mkModule).
-  # Set NAS-specific paths here so the module defaults stay generic.
-  ${namespace}.services.your_spotify.configPath = lib.mkDefault "${appdata}/your_spotify";
-  ${namespace}.services.ocis = {
-    dataPath = lib.mkDefault "${data}/ocis";
-    configPath = lib.mkDefault "${appdata}/ocis";
-  };
-
-  imports = map svcDefault [
-    "actual"
-    "ai"
-    "arrs"
-    "attic"
-    "authentik"
-    "authentikRac"
-    "booklore"
-    "caddy"
-    "calibre"
-    "calibre-web"
-    "code-server"
-    "collabora"
-    "coturn"
-    "crowdsec"
-    "dispatcharr"
-    "free-games-claimer"
-    "gitea"
-    "glance"
-    "glances"
-    "grafana"
-    "guacd"
-    "headscale"
-    "immich"
-    "jellyfin"
-    "jellyseerr"
-    "lubelogger"
-    "manyfold"
-    "matrix"
-    "minecraft"
-    "mongodb"
-    "nebula"
-    "nebula-lighthouse"
-    "netbootxyz"
-    "nextcloud"
-    "ntfy"
-    "onlyoffice"
-    "opencloud"
-    "orca-slicer"
-    "paperless"
-    "paperless-ai"
-    "protonmail-bridge"
-    "restic"
-    "sparky-fitness"
-    "sparky-fitness-server"
-    "sparky-fitness-db"
-    "sunshine"
-    "tdarr"
-    "termix"
-    "tunarr"
-    "unmanic"
-    "uptime-kuma"
-    "wyoming"
-  ];
+  imports =
+    # Bespoke services with their own path option names (not configDir/dataDir).
+    [
+      {
+        ${namespace}.services.ocis = {
+          dataPath = lib.mkDefault "${data}/ocis";
+          configPath = lib.mkDefault "${appdata}/ocis";
+        };
+      }
+    ]
+    ++ map svcDefault [
+      "actual"
+      "ai"
+      "arrs"
+      "attic"
+      "authentik"
+      "authentikRac"
+      "booklore"
+      "caddy"
+      "calibre"
+      "calibre-web"
+      "code-server"
+      "collabora"
+      "coturn"
+      "crowdsec"
+      "dispatcharr"
+      "free-games-claimer"
+      "gitea"
+      "glance"
+      "glances"
+      "grafana"
+      "guacd"
+      "headscale"
+      "immich"
+      "jellyfin"
+      "jellyseerr"
+      "lubelogger"
+      "manyfold"
+      "matrix"
+      "minecraft"
+      "mongodb"
+      "nebula"
+      "nebula-lighthouse"
+      "netbootxyz"
+      "nextcloud"
+      "ntfy"
+      "onlyoffice"
+      "opencloud"
+      "orca-slicer"
+      "paperless"
+      "paperless-ai"
+      "protonmail-bridge"
+      "restic"
+      "sparky-fitness"
+      "sparky-fitness-server"
+      "sparky-fitness-db"
+      "sunshine"
+      "tdarr"
+      "termix"
+      "tunarr"
+      "unmanic"
+      "uptime-kuma"
+      "wyoming"
+      "your-spotify"
+    ];
 }
--- a/systems/x86_64-linux/matt-nixos/default.nix
+++ b/systems/x86_64-linux/matt-nixos/default.nix
@@ -31,6 +31,8 @@
  ${namespace} = {
    headless.enable = false;

+    sops.enable = true;
+
    bootloader.lanzaboote.enable = true;

    desktop = {
@@ -100,6 +102,7 @@
    "cosmic" = {
      configuration = {
        ${namespace} = {
+          sops.enable = true;
          desktop = {
            cosmic.enable = lib.mkForce true;
            hyprland = {
--- a/systems/x86_64-linux/matt-nixos/sops.nix
+++ b/systems/x86_64-linux/matt-nixos/sops.nix
@@ -28,6 +28,13 @@ in
    # Secrets
    # ------------------------------
    secrets = {
+      "matt_password" = {
+        neededForUsers = true;
+        mode = "0600";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+      };
+
      "desktop/hass_token" = {
        sopsFile = desktopSopsFile;
        mode = "0777";
--- a/systems/x86_64-linux/nuc-nixos/default.nix
+++ b/systems/x86_64-linux/nuc-nixos/default.nix
@@ -5,6 +5,7 @@
 }:
 {
  ${namespace} = {
+    sops.enable = true;
    # ###################################################
    # #                     Boot                      # #
    # ###################################################