mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sops sops sops

Browse Source
This commit is contained in:
mjallen18
2025-05-27 17:11:53 -05:00
parent 4019491ef6
commit d868b717ac
7 changed files with 94 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
flake.lock generated
View File

@@ -103,11 +103,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1747576719, "lastModified": 1748012392,
"narHash": "sha256-a+QFKYlsgWZyuCdFqjRout85mZjrtkq1dmMEPuB50qA=", "narHash": "sha256-ySnLv8+Z91PxcYA0royImfqDNyN/oijxE94ftUCR/vc=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "a5137694fccd0a36dc0c578c3ce9b02278a8f198", "rev": "cfddf4d048eb19f03009c626e5ef3f1913cd063d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -124,11 +124,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747565775, "lastModified": 1747978958,
"narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", "rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -180,11 +180,11 @@
}, },
"desktop-nixos-hardware": { "desktop-nixos-hardware": {
"locked": { "locked": {
"lastModified": 1747684167, "lastModified": 1747900541,
"narHash": "sha256-l6jbonaboCBlB8lCjBkrqgh2zEnvt6F3f4dOU/8CLd4=", "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "e8f38b2c19c0647e39021c3d47172ff5469af8a9", "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -196,11 +196,11 @@
}, },
"desktop-nixpkgs": { "desktop-nixpkgs": {
"locked": { "locked": {
"lastModified": 1747542820, "lastModified": 1747744144,
"narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -598,11 +598,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747439237, "lastModified": 1747875884,
"narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -641,11 +641,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747466853, "lastModified": 1747893327,
"narHash": "sha256-/evYltwuF8Kz1odgocWnguh/8VQV1i76VB4yMTU9m7k=", "narHash": "sha256-9MVhGXDVDG3+eqzNsxK4n2uriPGVvjOvlxUKEEnGiAs=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "0ba1a34fa6d995fe433109f0ad66de8d5613d46e", "rev": "953023adda652e7ff9c64dacaa9f44da7c120191",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1066,11 +1066,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1747327360, "lastModified": 1747744144,
"narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
"type": "github" "type": "github"
}, },
"original": { "original": {

32
hosts/deck/configuration.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports =
@@ -38,6 +38,35 @@
enable = true; enable = true;
wifi.powersave = lib.mkDefault false; wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
}; };
}; };
@@ -60,6 +89,7 @@
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.deck = { users.users.deck = {
hashedPasswordFile = config.sops.secrets."desktop/matt_password".path;
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

2
hosts/desktop/boot.nix
View File

@@ -60,6 +60,8 @@ in
bootspec.enable = true; bootspec.enable = true;
}; };
zramSwap.enable = true;
environment.systemPackages = with pkgsVersion; [ environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell edk2-uefi-shell
]; ];

2
hosts/desktop/configuration.nix
View File

@@ -125,6 +125,8 @@ in
# ../../modules/desktop-environments/cosmic/specialisation.nix # ../../modules/desktop-environments/cosmic/specialisation.nix
]; ];
chaotic.mesa-git.enable = true;
# Environment configuration # Environment configuration
environment = { environment = {
systemPackages = systemPackages; systemPackages = systemPackages;

14
hosts/desktop/filesystems.nix
View File

@@ -13,26 +13,26 @@ let
]; ];
defaultLocalOptions = [ defaultLocalOptions = [
"compress=zstd" "compress=zstd"
"autodefrag" # "autodefrag"
"nofail" "nofail"
"x-systemd.automount" # "x-systemd.automount"
"auto" # "auto"
"rw" "rw"
]; ];
in in
{ {
fileSystems = { fileSystems = {
"/home/matt/Steam" = { "/home/matt/Steam" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751"; device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [ options = [
"subvol=Steam" "subvol=steam"
"noatime" "noatime"
] ++ defaultLocalOptions; ] ++ defaultLocalOptions;
}; };
"/home/matt/Heroic" = { "/home/matt/Heroic" = {
device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751"; device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [ options = [
"subvol=Heroic" "subvol=heroic"
"noatime" "noatime"
] ++ defaultLocalOptions; ] ++ defaultLocalOptions;
}; };

28
hosts/nas/apps/traefik/default.nix
View File

@@ -18,6 +18,9 @@ let
lubeloggerUrl = "http://10.0.1.18:6754"; lubeloggerUrl = "http://10.0.1.18:6754";
immichUrl = "http://10.0.1.18:2283"; immichUrl = "http://10.0.1.18:2283";
# internal services
codeUrl = "http://10.0.1.18:4444";
# Plugins # Plugins
traefikPlugins = { traefikPlugins = {
bouncer = { bouncer = {
@@ -208,6 +211,15 @@ in
}; };
}; };
}; };
internal-ipallowlist =
{
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
}; };
services = { services = {
@@ -281,6 +293,13 @@ in
url = immichUrl; url = immichUrl;
} }
]; ];
# internal services
code.loadBalancer.servers = [
{
url = codeUrl;
}
];
}; };
routers = { routers = {
@@ -371,6 +390,15 @@ in
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
# internal services
code = {
entryPoints = [ "websecure" ];
rule = "Host(`code.${domain}`)";
service = "code";
middlewares = [ "internal-ipallowlist" ];
tls.certResolver = "letsencrypt";
};
}; };
}; };
}; };

3
hosts/nas/services.nix
View File

@@ -18,6 +18,9 @@ in
port = 4444; port = 4444;
auth = "none"; auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
};
}; };
minecraft-server = { minecraft-server = {