mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sops sops sops

Browse Source
This commit is contained in:
mjallen18
2025-05-27 17:11:53 -05:00
parent 4019491ef6
commit d868b717ac
7 changed files with 94 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
hosts/deck/configuration.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
imports =
@@ -38,6 +38,35 @@
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
@@ -60,6 +89,7 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.deck = {
hashedPasswordFile = config.sops.secrets."desktop/matt_password".path;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [

2
hosts/desktop/boot.nix
View File

@@ -60,6 +60,8 @@ in
bootspec.enable = true;
};
zramSwap.enable = true;
environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell
];

2
hosts/desktop/configuration.nix
View File

@@ -125,6 +125,8 @@ in
# ../../modules/desktop-environments/cosmic/specialisation.nix
];
chaotic.mesa-git.enable = true;
# Environment configuration
environment = {
systemPackages = systemPackages;

14
hosts/desktop/filesystems.nix
View File

@@ -13,26 +13,26 @@ let
];
defaultLocalOptions = [
"compress=zstd"
"autodefrag"
# "autodefrag"
"nofail"
"x-systemd.automount"
"auto"
# "x-systemd.automount"
# "auto"
"rw"
];
in
{
fileSystems = {
"/home/matt/Steam" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751";
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=Steam"
"subvol=steam"
"noatime"
] ++ defaultLocalOptions;
};
"/home/matt/Heroic" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751";
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=Heroic"
"subvol=heroic"
"noatime"
] ++ defaultLocalOptions;
};

28
hosts/nas/apps/traefik/default.nix
View File

@@ -18,6 +18,9 @@ let
lubeloggerUrl = "http://10.0.1.18:6754";
immichUrl = "http://10.0.1.18:2283";
# internal services
codeUrl = "http://10.0.1.18:4444";
# Plugins
traefikPlugins = {
bouncer = {
@@ -208,6 +211,15 @@ in
};
};
};
internal-ipallowlist =
{
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
};
services = {
@@ -281,6 +293,13 @@ in
url = immichUrl;
}
];
# internal services
code.loadBalancer.servers = [
{
url = codeUrl;
}
];
};
routers = {
@@ -371,6 +390,15 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
# internal services
code = {
entryPoints = [ "websecure" ];
rule = "Host(`code.${domain}`)";
service = "code";
middlewares = [ "internal-ipallowlist" ];
tls.certResolver = "letsencrypt";
};
};
};
};

3
hosts/nas/services.nix
View File

@@ -18,6 +18,9 @@ in
port = 4444;
auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
};
};
minecraft-server = {