mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sops sops sops

Browse Source
This commit is contained in:
mjallen18
2025-05-27 17:11:53 -05:00
parent 4019491ef6
commit d868b717ac
7 changed files with 94 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
flake.lock generated
View File

@@ -103,11 +103,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1747576719,
"narHash": "sha256-a+QFKYlsgWZyuCdFqjRout85mZjrtkq1dmMEPuB50qA=",
"lastModified": 1748012392,
"narHash": "sha256-ySnLv8+Z91PxcYA0royImfqDNyN/oijxE94ftUCR/vc=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "a5137694fccd0a36dc0c578c3ce9b02278a8f198",
"rev": "cfddf4d048eb19f03009c626e5ef3f1913cd063d",
"type": "github"
},
"original": {
@@ -124,11 +124,11 @@
]
},
"locked": {
"lastModified": 1747565775,
"narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=",
"lastModified": 1747978958,
"narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8",
"rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
"type": "github"
},
"original": {
@@ -180,11 +180,11 @@
},
"desktop-nixos-hardware": {
"locked": {
"lastModified": 1747684167,
"narHash": "sha256-l6jbonaboCBlB8lCjBkrqgh2zEnvt6F3f4dOU/8CLd4=",
"lastModified": 1747900541,
"narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e8f38b2c19c0647e39021c3d47172ff5469af8a9",
"rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
"type": "github"
},
"original": {
@@ -196,11 +196,11 @@
},
"desktop-nixpkgs": {
"locked": {
"lastModified": 1747542820,
"narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"lastModified": 1747744144,
"narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
"type": "github"
},
"original": {
@@ -598,11 +598,11 @@
]
},
"locked": {
"lastModified": 1747439237,
"narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=",
"lastModified": 1747875884,
"narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708",
"rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b",
"type": "github"
},
"original": {
@@ -641,11 +641,11 @@
]
},
"locked": {
"lastModified": 1747466853,
"narHash": "sha256-/evYltwuF8Kz1odgocWnguh/8VQV1i76VB4yMTU9m7k=",
"lastModified": 1747893327,
"narHash": "sha256-9MVhGXDVDG3+eqzNsxK4n2uriPGVvjOvlxUKEEnGiAs=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0ba1a34fa6d995fe433109f0ad66de8d5613d46e",
"rev": "953023adda652e7ff9c64dacaa9f44da7c120191",
"type": "github"
},
"original": {
@@ -1066,11 +1066,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1747327360,
"narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
"lastModified": 1747744144,
"narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
"rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
"type": "github"
},
"original": {

32
hosts/deck/configuration.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
imports =
@@ -38,6 +38,35 @@
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
@@ -60,6 +89,7 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.deck = {
hashedPasswordFile = config.sops.secrets."desktop/matt_password".path;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [

2
hosts/desktop/boot.nix
View File

@@ -60,6 +60,8 @@ in
bootspec.enable = true;
};
zramSwap.enable = true;
environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell
];

2
hosts/desktop/configuration.nix
View File

@@ -125,6 +125,8 @@ in
# ../../modules/desktop-environments/cosmic/specialisation.nix
];
chaotic.mesa-git.enable = true;
# Environment configuration
environment = {
systemPackages = systemPackages;

14
hosts/desktop/filesystems.nix
View File

@@ -13,26 +13,26 @@ let
];
defaultLocalOptions = [
"compress=zstd"
"autodefrag"
# "autodefrag"
"nofail"
"x-systemd.automount"
"auto"
# "x-systemd.automount"
# "auto"
"rw"
];
in
{
fileSystems = {
"/home/matt/Steam" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751";
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=Steam"
"subvol=steam"
"noatime"
] ++ defaultLocalOptions;
};
"/home/matt/Heroic" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751";
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=Heroic"
"subvol=heroic"
"noatime"
] ++ defaultLocalOptions;
};

28
hosts/nas/apps/traefik/default.nix
View File

@@ -18,6 +18,9 @@ let
lubeloggerUrl = "http://10.0.1.18:6754";
immichUrl = "http://10.0.1.18:2283";
# internal services
codeUrl = "http://10.0.1.18:4444";
# Plugins
traefikPlugins = {
bouncer = {
@@ -208,6 +211,15 @@ in
};
};
};
internal-ipallowlist =
{
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
};
services = {
@@ -281,6 +293,13 @@ in
url = immichUrl;
}
];
# internal services
code.loadBalancer.servers = [
{
url = codeUrl;
}
];
};
routers = {
@@ -371,6 +390,15 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
# internal services
code = {
entryPoints = [ "websecure" ];
rule = "Host(`code.${domain}`)";
service = "code";
middlewares = [ "internal-ipallowlist" ];
tls.certResolver = "letsencrypt";
};
};
};
};

3
hosts/nas/services.nix
View File

@@ -18,6 +18,9 @@ in
port = 4444;
auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
};
};
minecraft-server = {