mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

manual_inherit

Browse Source
This commit is contained in:
mjallen18
2026-04-05 19:10:23 -05:00
parent a363622659
commit ff469102ea
84 changed files with 248 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
systems/aarch64-linux/pi5/default.nix
View File

@@ -124,9 +124,9 @@ in
network = {
hostName = net.hosts.pi5.hostname;
ipv4 = {
inherit (net.hosts.pi5) gateway;
method = "manual";
address = net.hosts.pi5.lan4;
gateway = net.hosts.pi5.gateway;
dns = "1.1.1.1";
interface = "end0";
};

2
systems/x86_64-linux/allyx/default.nix
View File

@@ -55,8 +55,8 @@
enable = true;
extraDirectories = [
{
inherit (config.jovian.decky-loader) user;
directory = config.jovian.decky-loader.stateDir;
user = config.jovian.decky-loader.user;
group = config.jovian.decky-loader.user;
mode = "u=rwx,g=rwx,o=rx";
}

2
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -127,7 +127,7 @@ in
ipv4 = {
address = net.hosts.nas.lan;
method = "manual";
gateway = net.hosts.nas.gateway;
inherit (net.hosts.nas) gateway;
dns = "1.1.1.1";
interface = "enp197s0";
};

108
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -1,7 +1,13 @@
{ config, lib, ... }:
let
user = "nix-apps";
defaultSops = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users."nix-apps".name;
inherit (config.users.users."${owner}") group;
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
sopsSettings = {
inherit owner group sopsFile;
mode = "0600";
};
in
{
# Permission modes are in octal representation (same as chmod),
@@ -25,27 +31,18 @@ in
# Secrets
# ------------------------------
secrets = {
"jallen-nas/admin_password" = {
sopsFile = defaultSops;
"jallen-nas/admin_password" = sopsSettings // {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"jallen-nas/nas_pool" = {
sopsFile = defaultSops;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"jallen-nas/nas_pool" = sopsSettings;
# ------------------------------
# ups
# ------------------------------
"jallen-nas/ups_password" = {
sopsFile = defaultSops;
inherit sopsFile;
mode = "0777";
restartUnits = [
"upsdrv.service"
@@ -73,7 +70,7 @@ in
# ------------------------------
"jallen-nas/authentik-env" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "authentik.service" ];
};
@@ -81,7 +78,7 @@ in
# attic
# ------------------------------
"jallen-nas/attic-key" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "atticd.service" ];
};
@@ -90,7 +87,7 @@ in
# ------------------------------
"jallen-nas/collabora" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "coolwsd.service" ];
};
@@ -103,7 +100,7 @@ in
# };
# "jallen-nas/crowdsec-capi" = {
# sopsFile = defaultSops;
# inherit sopsFile;
# owner = "crowdsec";
# group = "crowdsec";
# restartUnits = [ "crowdsec.service" ];
@@ -114,11 +111,11 @@ in
# ------------------------------
"jallen-nas/mariadb/db_pass" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "mysql.service" ];
};
"jallen-nas/mariadb/root_pass" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "mysql.service" ];
};
@@ -126,28 +123,20 @@ in
# nextcloud
# ------------------------------
"jallen-nas/nextcloud/dbpassword" = {
sopsFile = defaultSops;
"jallen-nas/nextcloud/dbpassword" = sopsSettings // {
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ];
};
"jallen-nas/nextcloud/adminpassword" = {
sopsFile = defaultSops;
"jallen-nas/nextcloud/adminpassword" = sopsSettings // {
mode = "0440";
owner = config.users.users."${user}".name;
group = "keys";
restartUnits = [
"nextcloud.service"
"prometheus-nextcloud-exporter.service" # actual systemd unit name
];
};
"jallen-nas/nextcloud/smtp_settings" = {
sopsFile = defaultSops;
"jallen-nas/nextcloud/smtp_settings" = sopsSettings // {
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ];
};
@@ -155,11 +144,8 @@ in
# onlyoffice
# ------------------------------
"jallen-nas/onlyoffice-key" = {
sopsFile = defaultSops;
"jallen-nas/onlyoffice-key" = sopsSettings // {
mode = "0655";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ];
};
@@ -168,7 +154,7 @@ in
# ------------------------------
"jallen-nas/manyfold/secretkeybase" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "podman-manyfold.service" ];
};
@@ -177,7 +163,7 @@ in
# ------------------------------
"jallen-nas/immich/db-password" = {
sopsFile = defaultSops;
inherit sopsFile;
mode = "0440";
group = "keys";
restartUnits = [ "immich.service" ];
@@ -188,7 +174,7 @@ in
# ------------------------------
"jallen-nas/open-webui" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "open-webui.service" ];
};
@@ -197,15 +183,15 @@ in
# ------------------------------
"jallen-nas/paperless/secret" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "paperless.service" ];
};
"jallen-nas/paperless/authentik-client-id" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "paperless.service" ];
};
"jallen-nas/paperless/authentik-client-secret" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "paperless.service" ];
};
@@ -214,14 +200,14 @@ in
# ------------------------------
"jallen-nas/gitea/mail-key" = {
sopsFile = defaultSops;
inherit sopsFile;
owner = "root";
group = "keys";
mode = "0440";
restartUnits = [ "gitea.service" ];
};
"jallen-nas/gitea/metrics-key" = {
sopsFile = defaultSops;
inherit sopsFile;
owner = "root";
group = "keys";
mode = "0440";
@@ -232,36 +218,36 @@ in
# free-games-claimer
# ------------------------------
"jallen-nas/free-games/eg-email" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/eg-pass" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/eg-otp" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/pg-email" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/pg-pass" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/gog-email" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/free-games/gog-pass" = {
sopsFile = defaultSops;
inherit sopsFile;
};
# ------------------------------
# ntfy
# ------------------------------
"jallen-nas/ntfy/auth-users" = {
sopsFile = defaultSops;
inherit sopsFile;
};
"jallen-nas/ntfy/user" = {
sopsFile = defaultSops;
inherit sopsFile;
mode = "0440";
group = "keys";
restartUnits = [
@@ -271,7 +257,7 @@ in
];
};
"jallen-nas/ntfy/password" = {
sopsFile = defaultSops;
inherit sopsFile;
mode = "0440";
group = "keys";
restartUnits = [
@@ -285,15 +271,15 @@ in
# sparky-fitness
# ------------------------------
"jallen-nas/sparky-fitness/db-password" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ];
};
"jallen-nas/sparky-fitness/api-encryption-key" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ];
};
"jallen-nas/sparky-fitness/auth-secret" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ];
};
@@ -303,7 +289,7 @@ in
# jallen-nas/authentik-rac/token: <authentik RAC outpost token>
# ------------------------------
"jallen-nas/authentik-rac/token" = {
sopsFile = defaultSops;
inherit sopsFile;
restartUnits = [ "podman-authenticRac.service" ];
};
@@ -315,7 +301,7 @@ in
# embedding it in the world-readable Nix store.
# To rotate: use https://github.com/erooke/grafana-secretkey-rotation-tool
"jallen-nas/grafana/secret-key" = {
sopsFile = defaultSops;
inherit sopsFile;
owner = "grafana";
group = "grafana";
mode = "0400";
@@ -328,6 +314,7 @@ in
# ------------------------------
templates = {
"fgc.env" = {
inherit owner group;
content = ''
EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"}
EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"}
@@ -338,8 +325,6 @@ in
GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"}
'';
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "podman-free-games-claimer.service" ];
};
@@ -407,6 +392,7 @@ in
};
"paperless.env" = {
inherit owner group;
content = ''
PAPERLESS_ADMIN_USER = "mjallen"
PAPERLESS_ADMIN_PASSWORD = ${config.sops.placeholder."matt_password"}
@@ -421,8 +407,6 @@ in
}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
'';
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "paperless-web.service" ];
};
};

2
systems/x86_64-linux/nuc-nixos/default.nix
View File

@@ -36,9 +36,9 @@ in
network = {
hostName = net.hosts.nuc.hostname;
ipv4 = {
inherit (net.hosts.nuc) gateway;
method = "manual";
address = net.hosts.nuc.lan4;
gateway = net.hosts.nuc.gateway;
dns = net.hosts.router.lan;
interface = "enp2s0";
};