mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-03-19 20:19:38 -05:00
parent 6b43ce5ddd
commit e0713e0ba0
18 changed files with 353 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/deck/configuration.nix
View File

@@ -108,6 +108,11 @@
vulkan-loader
];
nix-index = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
services = {

2
hosts/deck/home.nix
View File

@@ -86,8 +86,6 @@ in
};
};
programs.command-not-found.enable = true;
home.packages = with pkgs; [
age
apple-cursor

5
hosts/desktop/configuration.nix
View File

@@ -67,6 +67,11 @@ in
programs = {
gamemode.enable = true;
coolercontrol.enable = true;
nix-index = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
# Configure environment

1
hosts/desktop/home.nix
View File

@@ -47,7 +47,6 @@ in
fish.enable = false;
mangohud.enable = true;
java.enable = true;
command-not-found.enable = true;
home-manager.enable = true;
zsh = {

15
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,10 +1,10 @@
{ config, pkgs, ... }:
let
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
smtppassword = "egzo mltu kkoc hrfe";#builtins.readFile config.sops.secrets."jallen-nas/nextcloud/smtppassword".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud30;
nextcloudPackage = pkgs.unstable.nextcloud31;
in
{
containers.nextcloud = {
@@ -60,6 +60,7 @@ in
configureRedis = true;
enableImagemagick = true;
https = true;
secretFile = secretsFile;
config = {
adminuser = "mjallen";
@@ -85,16 +86,6 @@ in
trusted_proxies = [ "10.0.1.18" ];
maintenance_window_start = 6;
default_phone_region = "US";
mail_from_address = "matt.l.jallen";
mail_smtpmode = "smtp";
mail_sendmailmode = "smtp";
mail_domain = "gmail.com";
mail_smtpauth = 1;
mail_smtpname = "matt.l.jallen";
mail_smtppassword = smtppassword;
mail_smtpsecure = "ssl";
mail_smtphost = "smtp.gmail.com";
mail_smtpport = 465;
enable_previews = true;
enabledPreviewProviders = [
"OC\\Preview\\PNG"

2
hosts/nas/apps/ollama/default.nix
View File

@@ -45,7 +45,7 @@ in
};
services.open-webui = {
enable = true;
enable = false;
host = "0.0.0.0";
port = 8888;
openFirewall = true;

19
hosts/nas/apps/paperless/default.nix
View File

@@ -7,10 +7,8 @@ let
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessSecret = config.sops.templates."paperless-secret".content;
clientId = config.sops.templates."paperless-client-id".content;
clientSecret = config.sops.templates."paperless-client-secret".content;
paperlessPkg = pkgs.stable.paperless-ngx;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx;
in
{
containers.paperless = {
@@ -35,13 +33,7 @@ in
user = "paperless";
address = "0.0.0.0";
passwordFile = "/var/lib/paperless/paperless-password";
settings = {
PAPERLESS_URL = "https://paperless.jallen.dev";
PAPERLESS_SECRET = paperlessSecret;
PAPERLESS_ENABLE_ALLAUTH = true;
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIALACCOUNT_PROVIDERS = ''{"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${clientId}","secret":"${clientSecret}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}'';
};
environmentFile = paperlessEnv;
};
# Create required users and groups
@@ -87,6 +79,11 @@ in
hostPath = "/media/nas/ssd/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {
hostPath = "/run/secrets/jallen-nas/paperless";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
};
};

6
hosts/nas/configuration.nix
View File

@@ -93,6 +93,7 @@
qrencode
rcon
sbctl
sops
speedtest-cli
tailscale
tigervnc
@@ -117,6 +118,11 @@
enable = true;
nvidiaSupport = true;
};
nix-index = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
hardware.fancontrol = {

1
hosts/nas/home.nix
View File

@@ -61,7 +61,6 @@ in
programs = {
home-manager.enable = true;
command-not-found.enable = true;
fish.enable = false;
mangohud.enable = true;
java.enable = true;

3
hosts/nas/nix-serve.nix
View File

@@ -67,7 +67,4 @@
RandomizedDelaySec = "1h"; # Spread load
};
};
# Monitor the cache service
services.prometheus.exporters.node.enabledCollectors = [ "systemd" ];
}

62
hosts/nas/sops.nix
View File

@@ -1,6 +1,6 @@
{ config, ... }:
let
user = "admin";
user = "nix-apps";
in
{
# Permission modes are in octal representation (same as chmod),
@@ -19,7 +19,7 @@ in
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
@@ -34,7 +34,12 @@ in
"wifi" = { };
"jallen-nas/ups_password" = {
mode = "0777";
# restartUnits = [ "ups stuff lol" ];
restartUnits = [
"upsdrv.service"
"upsd.service"
"ups-killpower.service"
"upsmon.service"
];
};
"jallen-nas/collabora" = {
restartUnits = [ "podman-collabora.service" ];
@@ -46,13 +51,22 @@ in
restartUnits = [ "podman-mariadb.service" ];
};
"jallen-nas/nextcloud/dbpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "container@nextcloud.service" ];
};
"jallen-nas/nextcloud/adminpassword" = {
restartUnits = [ "podman-nextcloud.service" ];
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "container@nextcloud.service" ];
};
"jallen-nas/nextcloud/smtppassword" = {
restartUnits = [ "podman-nextcloud.service" ];
"jallen-nas/nextcloud/smtp_settings" = {
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "container@nextcloud.service" ];
};
"jallen-nas/manyfold/secretkeybase" = {
restartUnits = [ "podman-manyfold.service" ];
@@ -87,18 +101,12 @@ in
"jallen-nas/paperless/secret" = {
restartUnits = [ "container@paperless.service" ];
};
secrets."jallen-nas/paperless/authentik-client-id" = {
"jallen-nas/paperless/authentik-client-id" = {
restartUnits = [ "container@paperless.service" ];
};
"jallen-nas/paperless/authentik-client-secret" = {
restartUnits = [ "container@paperless.service" ];
};
"jallen-nas/nextcloud/dbpassword" = {
mode = "0777";
};
"jallen-nas/nextcloud/adminpassword" = {
mode = "0777";
};
"ssh-keys-public/jallen-nas-root" = {
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
@@ -136,19 +144,21 @@ in
mode = "0600";
};
};
templates = {
"nextcloud-smtp".content = ''
${config.sops.secrets."jallen-nas/nextcloud/smtppassword"}
'';
"paperless-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/secret".path}
'';
"paperless-client-id".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-id".path}
'';
"paperless-client-secret".content = ''
${config.sops.secrets."jallen-nas/paperless/authentik-client-secret".path}
'';
"paperless.env" = {
content = ''
PAPERLESS_URL = "https://paperless.jallen.dev"
PAPERLESS_SECRET = ${config.sops.placeholder."jallen-nas/paperless/secret"}
PAPERLESS_ENABLE_ALLAUTH = true
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-id"}","secret":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
'';
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "container@paperless.service" ];
};
};
};
}

11
hosts/pi4/configuration.nix
View File

@@ -8,7 +8,7 @@ let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joey's Jungle 5G";
SSIDpassword = ""; # config.sops.templates."wifi-password".content;
wifiSecrets = config.sops.secrets."wifi-password".path;
interface = "wlan0";
timezone = "America/Chicago";
hostname = "pi4";
@@ -82,7 +82,8 @@ in
hostName = hostname;
wireless = {
enable = false;
networks."${SSID}".psk = SSIDpassword;
secretsFile = wifiSecrets;
networks."${SSID}".psk = "ext:PSK";
interfaces = [ interface ];
};
@@ -124,6 +125,12 @@ in
services.openssh.enable = true;
programs.nix-index = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
users = {
mutableUsers = false;
users."${user}" = {

53
hosts/pi4/home.nix
View File

@@ -25,12 +25,47 @@ in
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
};
};
programs = {
fish.enable = false;
mangohud.enable = true;
java.enable = true;
home-manager.enable = true;
zsh = {
enable = true;
@@ -45,15 +80,13 @@ in
plugins = [ "git" ];
theme = "fishy";
};
git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
programs.command-not-found.enable = true;
}

15
hosts/pi4/sops.nix
View File

@@ -1,10 +1,11 @@
{ config, ... }:
{ ... }:
{
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."wifi" = { };
sops.templates."wifi-password".content = ''
${config.sops.secrets."wifi".path}
'';
secrets = {
"wifi" = { };
};
};
}