Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Fix server config path

Browse source
This commit is contained in:
DashieTM 2024-08-04 15:50:45 +02:00
parent 47d5758cca
commit a5de016eed
7 changed files with 85 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

20
base/common_hardware.nix
View file

@ -27,7 +27,16 @@ in
services.xserver.enable = true; services.xserver.enable = true;
nixpkgs.hostPlatform = lib.mkDefault config.conf.system; nixpkgs.hostPlatform = lib.mkDefault config.conf.system;
nix.settings.auto-optimise-store = true; nix = {
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
};
extraOptions = ''
!include ${config.sops.secrets.access.path}
'';
};
# Enable sound with pipewire. # Enable sound with pipewire.
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
@ -103,4 +112,13 @@ in
swapDevices = swapDevices =
[{ device = "/dev/disk/by-label/SWAP"; }]; [{ device = "/dev/disk/by-label/SWAP"; }];
sops = {
gnupg = {
home = "/home/${config.conf.username}/.gnupg";
sshKeyPaths = [ ];
};
defaultSopsFile = ../secrets/secrets.yaml;
secrets.access = { };
};
} }

49
flake.lock generated
View file

@ -218,11 +218,11 @@
"nixvim": "nixvim" "nixvim": "nixvim"
}, },
"locked": { "locked": {
"lastModified": 1722560743, "lastModified": 1722777725,
"narHash": "sha256-e2FhudX6P+kwtYALgpmJG7l03ayhkGY9+j9Hrcyl7gQ=", "narHash": "sha256-QQ1yP9rag8vslOJRXR8kL+KkrL/iAC6/vSfvorHicNQ=",
"owner": "DashieTM", "owner": "DashieTM",
"repo": "DashVim", "repo": "DashVim",
"rev": "5a2c4fa3a7cd0718dc8c08d1c41cc6a44de9869f", "rev": "0169fb3fd02229ab19e23951d9caecf92ea4f265",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -884,11 +884,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1722707408, "lastModified": 1722773977,
"narHash": "sha256-hyTuWhcid8UklJBC4Yh3dpf7Xhx4oJDyM/3n10E1wSk=", "narHash": "sha256-AqSmHptledo4Tp+hrHWovGR+e//bejR458sRmhq+jT4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "51ffd7fa6f186419276e5d3d5fe141a3fdb3c55c", "rev": "5dd2c27b631f16e49a2c6e6cbbefba9fa50bf543",
"revCount": 5048, "revCount": 5050,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@ -1013,11 +1013,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1722698043, "lastModified": 1722775753,
"narHash": "sha256-Hsgi1DJP+oodbsULTrqpO6KPSJYeyswluNLVGxUtwJE=", "narHash": "sha256-YFarQSZEIFpA1/9eRK4tm88mZYvWGIaAgCEAjazBO38=",
"owner": "JakeStanger", "owner": "JakeStanger",
"repo": "ironbar", "repo": "ironbar",
"rev": "6e43c7ae0cce4b8c6dfe2f74756574195b944abe", "rev": "92c690dcd14c21272f89bfde292546a2ee828e23",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1413,11 +1413,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1722421184, "lastModified": 1722630782,
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=",
"owner": "NixOs", "owner": "NixOs",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "rev": "d04953086551086b44b6f3c6b7eeb26294f207da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1487,11 +1487,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1722709906, "lastModified": 1722770616,
"narHash": "sha256-I27FkJ3qSsxc5aZSwpYHMqJwLpvQt6eV4MrwGfVjCvM=", "narHash": "sha256-A40yRytGkUb40yQYjspVU3Z/QBONgFYZqQiz00V1IJ4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "ac1226f223779364c73f1a450654383768dab1b7", "rev": "5605ce776b3d21c0ee477fcd028a817bd3524e6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1682,6 +1682,7 @@
"reset": "reset", "reset": "reset",
"reset-plugins": "reset-plugins", "reset-plugins": "reset-plugins",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stable": "stable",
"stylix": "stylix" "stylix": "stylix"
} }
}, },
@ -1840,6 +1841,22 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1722651103,
"narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=",
"owner": "NixOs",
"repo": "nixpkgs",
"rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51",
"type": "github"
},
"original": {
"owner": "NixOs",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16_2", "base16": "base16_2",

14
hardware/server/configuration.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
nextcloud_pw = (builtins.readFile ./nextcloud); nextcloud_pw = (builtins.readFile /etc/nixos/nextcloud);
forgejo_pw = (builtins.readFile ./dbpw/forgejo); forgejo_pw = (builtins.readFile /etc/nixos/dbpw/forgejo);
matrix_pw = (builtins.readFile ./dbpw/matrix-synapse); matrix_pw = (builtins.readFile /etc/nixos/dbpw/matrix-synapse);
mautrix_signal_pw = (builtins.readFile ./dbpw/mautrix_signal); mautrix_signal_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_signal);
mautrix_whatsapp_pw = (builtins.readFile ./dbpw/mautrix_whatsapp); mautrix_whatsapp_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_whatsapp);
mautrix_discord_pw = (builtins.readFile ./dbpw/mautrix_discord); mautrix_discord_pw = (builtins.readFile /etc/nixos/dbpw/mautrix_discord);
fqdn = "matrix.${config.networking.domain}"; fqdn = "matrix.${config.networking.domain}";
baseUrl = "https://${fqdn}"; baseUrl = "https://${fqdn}";
@ -219,7 +219,7 @@ in
}; };
services.forgejo = { services.forgejo = {
enable = true; enable = true;
database.passwordFile = ./dbpw/forgejo; database.passwordFile = /etc/nixos/dbpw/forgejo;
settings = { settings = {
server.DOMAIN = "git.dashie.org"; server.DOMAIN = "git.dashie.org";
server.SSH_PORT = 12008; server.SSH_PORT = 12008;

41
lib/default.nix
View file

@ -1,22 +1,25 @@
{ inputs, pkgs, ... }: { { inputs, pkgs, ... }: {
build_systems = systems: builtins.listToAttrs (map (name: { build_systems = systems: builtins.listToAttrs (map
name = name; (name: {
value = name = name;
let value =
mod = ../hardware/${name}/configuration.nix; let
in mod = ../hardware/${name}/configuration.nix;
inputs.nixpkgs.lib.nixosSystem { in
specialArgs = { inputs.nixpkgs.lib.nixosSystem {
inherit inputs pkgs mod; specialArgs = {
inherit inputs pkgs mod;
};
modules = [
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
inputs.stylix.nixosModules.stylix
../base
../programs
mod
] ++ inputs.nixpkgs.lib.optional (builtins.pathExists ../hardware/${name}/${name}.nix) ../hardware/${name}/${name}.nix
++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod;
}; };
modules = [ })
inputs.home-manager.nixosModules.home-manager systems);
inputs.stylix.nixosModules.stylix
../base
../programs
mod
] ++ inputs.nixpkgs.lib.optional (builtins.pathExists ../hardware/${name}/${name}.nix) ../hardware/${name}/${name}.nix
++ inputs.nixpkgs.lib.optional (builtins.pathExists mod) mod;
};
} )systems);
} }

2
modules/programs/base_packages.nix
View file

@ -64,8 +64,6 @@
cantarell-fonts cantarell-fonts
]; ];
nix.settings.experimental-features = "nix-command flakes";
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.upower.enable = true; services.upower.enable = true;

1
programs/common.nix
View file

@ -48,5 +48,6 @@ in
secrets.${username} = { }; secrets.${username} = { };
secrets.nextcloud = { }; secrets.nextcloud = { };
}; };
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
} }

5
secrets/secrets.yaml
View file

@ -13,14 +13,15 @@ matrix_server: ENC[AES256_GCM,data:fH+5kX6VyNUXzAmNkLEGf8KmhIWuTGsG3r0=,iv:B2lto
mautrix_signal_server: ENC[AES256_GCM,data:xBHtTtf725wvSltd7EgP3u/GszsaKR1D/ng=,iv:KZorceuZJulvBYyOSKaFv0UxAgMzIuXnBSDmqeqZT80=,tag:k4Dqvq7n39q6rgfB9hB8/g==,type:str] mautrix_signal_server: ENC[AES256_GCM,data:xBHtTtf725wvSltd7EgP3u/GszsaKR1D/ng=,iv:KZorceuZJulvBYyOSKaFv0UxAgMzIuXnBSDmqeqZT80=,tag:k4Dqvq7n39q6rgfB9hB8/g==,type:str]
mautrix_whatsapp_server: ENC[AES256_GCM,data:Ap5NZ9+kkusMTJlmiH2vxj2fkp1RZPSOM5s=,iv:/F3sP/7bw0uIualG8E+Mtxp60xW8OlHBBZCui887oaA=,tag:CawIZEpmbmxRYhq2fb1vDw==,type:str] mautrix_whatsapp_server: ENC[AES256_GCM,data:Ap5NZ9+kkusMTJlmiH2vxj2fkp1RZPSOM5s=,iv:/F3sP/7bw0uIualG8E+Mtxp60xW8OlHBBZCui887oaA=,tag:CawIZEpmbmxRYhq2fb1vDw==,type:str]
mautrix_discord_server: ENC[AES256_GCM,data:8MU3URa52h0sDabl+6bYZ0z0ib/S8KzYb3k=,iv:uSqT0MsK1qcphyd+5xZZ8aDqxQhZX8mKBP+2tHHG04I=,tag:mdepj3ombSru96es+lFIQQ==,type:str] mautrix_discord_server: ENC[AES256_GCM,data:8MU3URa52h0sDabl+6bYZ0z0ib/S8KzYb3k=,iv:uSqT0MsK1qcphyd+5xZZ8aDqxQhZX8mKBP+2tHHG04I=,tag:mdepj3ombSru96es+lFIQQ==,type:str]
access: ENC[AES256_GCM,data:J7lIopyeMZIIoRLMahTXNMOu8dQ+ZO0/AkcJcXdLpUnGugJmFoqHuUE=,iv:J93hLNq+mZe6cqEk32c3gxkTN5hIeZ0kkUxSmoiexeI=,tag:k3qzx0gPafHd4/3BWi8X6w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-08-04T11:57:52Z" lastmodified: "2024-08-04T13:37:08Z"
mac: ENC[AES256_GCM,data:pd8VsxocTuCAIOAXi94ltCfhqohmAIBbZBK/3WQSd0suyORcvSKrTYdvi/dZ/6x+bXgz0vEzKNanNR98eLU4Ff3ldvsT6RQA1Hjn85V4ouJqWBB//kj42gYSiIjn/1dib0hvyZyvm2mutKbkpxZkJxRZYAw2DR0yR/oPfNK3xG8=,iv:fnRC7vk/KMgRzJgn9ww9A0amQTEsOVhqUa5NLAvX+kA=,tag:bbfpvpbL2L/ctQPdz6nDRg==,type:str] mac: ENC[AES256_GCM,data:zP8fPzpMKzgEPTR2qRisPaZzYyBnYEw7zU22xwP0ZHdfhq/fwUNuduUe/sg7aoobKTMPLBKJ7ukoiHkBpglnPzPajbH0cikevFcqSP1/NuDGl/cyytVUlOuePI/8Lct2WgCDzYVW71RuObUk7yHzvnMoqvem7UYpjdE5niryiwg=,iv:lNkveEy08C2/qd4CI/jy47JJCGFlYxU1saBLrH6LnaU=,tag:SnUHbRNnl0FIDK2b5wolsw==,type:str]
pgp: pgp:
- created_at: "2024-05-14T14:35:02Z" - created_at: "2024-05-14T14:35:02Z"
enc: |- enc: |-