1
0
Fork 0

Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace

This commit is contained in:
Aires 2024-12-09 13:30:39 -05:00
parent 69acc20396
commit a78b7f55e1
18 changed files with 194 additions and 185 deletions

View file

@ -46,7 +46,7 @@ To enable automatic updates for a host, set `config.${namespace}.services.autoUp
```nix
services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};

View file

@ -1,109 +1,110 @@
U2FsdGVkX1/RQfGVP76sNDrjrnhTIFoeGKoRj1M66ltbkzqEVZrSGke1jDZA9e0Q
cwUIfzRo+k2bhNi6VbG4OvteEFeABGn6aoL38owyEgKDlGEti2m6/MPfIrTOYpWS
UArXOKkSCgPi+mzD6ez6ZKXRdaVgn230Iipg4ZacUXkFzUf1YqybTMyp3xVuPaID
AKCdEa9YiL0R5cOMBIKyN3zaj509R9ocauKeJ9w/pVPzgqMoeFNgkeUBh42Z+QFg
/0vy9jX2yoNQrWlOJNfkq50UeivWF90RJzf30gm1uAPX5102Pt0dvUOdfouunFIE
OxYwnBrqJAq2bnoCMCEJkogspVeBVWY/RdJZEhr6Fj6R8Dd/K1rPhvL1UzrrwMo4
3vcXy6AcvEGVA+i7nfSj7J4EfDJnNfsQl0hOV8tm2o/rlOqGiRwPLdi3PxUrAm5I
jZdcNWeendXtBuXZwZSpVFDvi85taasgE7IaPdYj5VfKMwZmdmm7vpmVe3wKtxJf
D1Z2kW34dtUkAAA5LXAnEYpM0jJo1hLQyOSm8KUcOOmLHHRa3vNHzUxLdSSZluCY
DqLfRdx/3Krio8WoypopgG4mW0/nI1jUl5aRVgM2tuBVUjz2meDtTZk4dnTx8ys4
bEmEn+BIzmMHzVK7PlNLAQWBGFj4e2rdLUsy3846YB2tRo/IUxQSv32gF/RYW5Py
ToOjRpoaVDSJPT26w25/rwMYoqvtYDakoRXmSFOLg9k1WIlEhCJFSZRts9DuFU23
XxXmhxC+R0I9InY/+JGBHqkmKcTpILZItjL0jLrIggXwE5wJ3emNBJsh8zwoKlWY
6mUhG0xiiVrNWXlOOc9mw8ElRzxqhUDMd5mBiGQoZuBzXt8z05s8DA1ZDbrx9sQZ
LVapZlUiYPcO/C29Bk2elK10IeQrzdqSSiF504afudaMPUcHSDWpG7Ew70R9wPHU
h3I/q/YPoyYC2txrC9lJGfnJnylXf6eXoJNNgUIsqFMViTVYDBRbZ/4er1tB8bZl
TjOgyRxgheUT0y/FodKznOEFtGSOsiO+ErQ04G6LAp59iJu5XJr3QVTyj4bvZa/S
SjAOh1FMcg79p3ZWIFvfqupsStnKPHkDWawlM/var1xBSKcJ47YfgnPycxCdIm3x
eSDP4BziKhAIBo0bX/9TGfrcectQedMSxFV+4+EhwKVKR+01rA7SfT9pNcBG+yS8
Z6kJ+cNQzGtAveD9TwvajpGAIWQQz3QXtoXJvOYrpxKSl89VWcAhVAZD5f/J0xr3
nHdJmIiefGCC9uV6ztLolxgjgRw76SydgewgRnuAXS6RF1nR4cgN1/2nVA7okm16
JFvE+G7xxqbGgaNJNAzWIGn0JknSbrW+ymI08ig5FN49heOPW3+CNyPhhM/8Z1wM
4/vhfUSMFQxx+XZYAImCk3d9u1RW38I6MHMu4S9jwH1tBk4z66l8UfFixxf222n8
tMIoXMWVZJPEEFJhRW4uGoebDdmjtkgAASy70T414QKPdWy24sNr8E7bxpIemS5u
4K8aO7UpKiiroXDdXBJJH3nYXBNeHNq/UASV5Ye2e2tNKGyepaIpFw4xr0qLXvAf
QHL19XzKhpmeAhbxgvkF/R9N6lnRTAUdk9bmx+02ZVrDHqB0J/TWi6rwPoh7B92F
0tbk3J8BOvdlJg74/96HBy4HQby7BxPKIFMkBVXNY4sACcWOGc+RbJf2KQRDUJ+y
2S3UDcc3pIowA8SgRPQiW8HPgwxKNSONQOqN7+EitKT0OBxgD2UiVSL8WPEXyn3O
IARI5N99Go9h29NkDxl0RH1rZpZMTtpJfW/0VKb2KIT1ctO57mYMBDrZsTYD8OLZ
KQY57J5E6n+j60aowVxRpIXDQBaiMb0gOSVg1VASLkIforfJ7Du+8mS7vtatyO/G
W02ddqdjqOBtYWsbN7Qo/pjSwWRbzKyhML7QRimG076p4jM0Md/oQMrzvGzZ5TXR
MkqeK5la0425VwOeoLETmoaohzEwQ3Pdj4wum2bmHJnUUwDWSUI/HWVTSEiIyiih
7XgHYHxfJZO774FaFBuXDNP1fSXdQMVF/eJomqKAPXdkMsj2Z8fo8dDDEGiVP6s0
DY5Imp5foGQIXxo0OqwX60dlgAWNjs27sd6j2qD+IRHDooOvseqMP1t+Ap7Cie19
duFEkBk7mthWwqjQb+i2GN+Cp3d+kRaN3fL4xFkEeE0ozn32dr07U0ZaZPLUoO5N
JtpqpQ/m+F2OEGHmIQblyXzcgvBVVfewhABzdLdWFv5aG9MGL7hVDM73kbB6119G
7YcvS1nRxsVZXGpS24814tmgJfTAhMJxD5e6lK1892NgFqfYMF8srtywZ6DJHL7N
X4FvjLZFQAhTCLUzHutYT2xmvqwVvwfdsIAd58F7LWJuhQuJkQS4i7yISvBqG0t2
tSEjJQ44hPhxGqvWgVaG9AHOQuZSYfRCQWBcfmBfq9T+I0qINkrnwLUgAGgKMsZG
9qf1pEpyBjdV86nBK8JTmsIZGxPh+D3Y07E3g6bV99eZDjSuPMMN+Dv2ABB6ZZLN
gglFVktPINZ27TY7k20sGBHfv9C70+tkYBkp2YwmxRMOsLVv+3fxUKQwf7SH9zYr
Y9Aojrn6xtddP9PbxQUukc7H/jxDmgYeq6fQJ67T1SaFARO+qmf2dKESUCaf+JhV
S7Bjbqut+FxqS4S1ru6UqOXCZc6pwTpZsopqgwrBczGKQ8g7f5xLZN0+g9N+Dy3R
sLdOVofOeEhvFE6NGY5K50aXsMRaR2bJAVg6+ppqAE1BJWvsuqQ6TqYjefrhb3Az
wGI/Cr51x8ncVapKw2Fsu/XjPuefaaT+7rWOBGLr1NKxWGT9Jyj9f2PhphPMLbT9
f9B0Gn63tY6tyPJIJjelCTkkE13euGDnTfkJ6FcNs7C4QWj6PwD1QL4rbgmmSAuk
6ThnwDhvPICgVnfLwl8B5YqQsC/TqOOwECitJgltehjKPA2BqWQ4mXqt6AT0VMNd
cC/lxYq6YRPtsFlHE5py/4pBXaAXtYFq7Ow15Dp4BF5C1ahQc5JoIw2eedzl3gy3
sViHBA4O1tk3VJSNX7OPf8+N9wA4XTlYt3he58mdh0X6+3ppIVOwdcTKiBLXm5WR
UEdMfQUgwYLGBoYbK2sLxSH2Wff+fWVJadMSHM1HaNv1vbkJBF5qi4BzxuRb3fw2
T7Uo3fdy7atYq0Fp2hbWhbdN7/JVa+ZxM/HscORlPv2GiB6IVnfjrhuFXKZJ7uxw
ZVSGkEVDZWTWZkLlO+rGS6QwR8MHIBqhsnVWG830XkdWt+BtRN9XO2wpV8Wig1H8
vLiFcoeftauk7alz3GU7C+/6j0tnjWTEG21tuuq7N2nflgCHcFxQWl4S/+s07/cS
INpyi3eDvuadd2JB1jFRXssI8kss1OEVdJHUXwx64nKsKAX01AA/Li2scjzqq7h6
zntoISGSD1XuDuxu9rZmF57w9kO+EAxJnXLZRbHDMwWllaTzWK+/KJt7iBE59cuj
9Tr/DF6uji/ggGvrjUfXQ+MT1JMeEGYI9RPE2p1qQNYR7MBfrdkiu3ZnPEqPD7cy
YLPeBLwPuAG73Td5fBROJmNFiC/KGa11/35xKL44XE9tNiGfVrWOyn5qXkSmEHSA
2dpbRrKfaOWTufFfd5Ssfq+3bM47Nvmg0NmoY91iLwuuhc1NHHHevibPwniprjx1
DrAHiJ2iYifl0P8MLRZixYEoexmJ/Wr8wzw74k2F3YY0UeD5tCGX4HsF/ojoqS2q
9JZhh4o/OaO9JioZA6FUDWDzUOHw8xi4OpELlr5+k+4jBXZDwKycz30/xemfObx/
wngRA7yJY3rJ7l1ED6sjVNPGgv8u0yzRE8m6/jCQwXKJVQi659q/iVDoU3IkEdc1
5PsGHTMpCBQyZxFfCzehfvfVPAkPI8Xl+GSNB4Y0kAXnM6Xb6Axd/utjE3Hcrvvu
D/yG+F+8q58OMxU5QBpr/HEyKLPBSXHCv37cJzG1M9qPbfwpANZ4zKWisbvEAO5z
pz6Ddk7rhxZ+xTWiB/iXwya3JSp+Vr/HT8n27GAGuKuRqwkhWI8Qh7n1rA1s8y/N
ozgA3FAAUS5ztb8UR8yLLRRNPpzR/j6hoYR2l4nrrFjv+hEpBXomBLXOkO03b9v/
3QQMFTj2AXWiykafqzCXQ0Kj64g8U3D6AtCiABDCSPjUdSxzUK+H7YXoyAZai6cX
fTKbQl4oX2JCw0yic2J1umFnTdlnLaHVc/PzeZP8w8MLXlvlGEvQx7m7mOLCkcQB
nIDn9tMOkiZ5hyzMS5PvWWsPQM1kx0vE4fym1JJZNbZ2YMirus8t/PgC7IV1bu8b
3XIO3GorcQk4VuaeWsNYMvm9zHawpBwnR1zECeAppp5/52ivQqfsGiC/HQ3baYSI
PqEOxAprd1sYNEjVlg1T/fD89Uhi2QZdzR0wuvikchOnSXtqwOXYxdOOwwkANnaO
wLhqB+VLBLpiM0juL4FYTrk1wKThhy87wG1kRgWClfVRYNp7kpT4MF6J9VDMh0B8
pxRE5ODMq8hjIEF+7h0W2RkWUdAfrupFRnvpTJP7uelNVr73ue83BfYCpV/uPxu5
pxSIPDP+nEGqwGCp9pjhxuRGr/Dc5g+lgSOj+8PehEqdGEKfmn+xFXuaVFq2fucG
Myx2Fu05LVSAfDsbprzUz5vM1GJ2PEo9XcMvAo7CaLrxgukA63hg3i7Mwjd6lmQl
EvkvTMkcZvojxqHJh/rfGon2nmXMep6YgKGKdKZpzRgZ6twj22NrchzDxw3RQk4X
pM0SjT49ZyhJmtoREN669Htyy40mvNck0CrqVY8OUka/qsJ/f7r7HaNt53eed1rj
osGjUtUPOlqmi7e1TV3v+H6WPGq+uW6hNWbZwifiNkTH6AJCjDw5kutfQr8oBU/P
5BGNWMvy+f1YCikZNW6chOI+08E24O/Ny1PscUirDR6adVNBjO3Xjqq0y2tfPvN5
8d1PSyoh5f6qlRH4ky6SjL4BbLCzzHwQ6ke/IAHmm/s8Ge4XEroznOQXW3qKDqYy
mTok86TkezZb9NfCB/4X0Tndfxk/x1T+00r2eLortyAO5YOwEo/HvANbdsRM9JJ0
0p0JCZWFEcArwthaUGDkLHVtBbT+wPYmWtyhMgSiTJrx9EpeqB6FWIZJlUts1W4G
r/srbRe2h5OTPN43//NS/7p6OYDuJcVbAVGGxy4PES8WrhujFfSmBw8BL188sjx/
Kh43guhzTC8moAp+a9IM0kGXtAajHppZ7BUyncTAXsRUdOhlS7Q2fdLPOV48MyWT
11UhvH2fuXKJhaXequ1PE2CePSXI2x5S4anJFNoUWEw5TgRF3rkQ3p/cZm1VAy2y
Z+VxQud0iVE15J9jGkGGa89D4m8ng16oGrSMKZAr1Gt4ZFJ5L1dP+WyPzecvzJMY
xq75CrFXuWXdpGrYRGhjGa7B2fhzylSpVfLUyWA+HZq64ZNJOqzeioyamG1OkF6e
6dHgjPmQUZeYckFEimIkXP9zHQPJfB8gX6gSyC+GSFIsitu9A3HEX5zS1uFDasdI
CZ5Upc20BZiybfGcwd8+allHYScidzpWei78LfcpuPfnMOf6hVdhlsfuvwV9F/ua
Gv0kw0+zxoDNxWhN4SqKHgYX0A1CyW/Olwb5l3s69PyUlLHTBKwf2Kth8ZCxoKpY
kiiEKQQLHEa7mRX8d0U2bDmkx9EKJc7Cfz3JoDHB5aRZ4sbbJO447Fhn9fnuzaTi
j7bDticnZymvjG13foBAJi16Pf431NsFdDYAfnmYYBFEJj/oIa5DtvidrRb+fRZv
rkQuJ59tvEGD5hymQPEe3zqiUktPl1G6Q2jYctBjmFSM9m1eIJrfD8qNCrDlKd4Y
uZJwt7XRWXirURBRk+aw0P0ZCLaWmWAKmfr+rZ8Dm8V9dO2PgjLxHRI0aEDSh/Jm
Noc2ba8YhjNwQbLTMWe3WjacbyUC9m9YqhMx5ZV6EUK+jPR7FEw158wCaV2+qFNY
ZKvILBoZywEqZkkeGp6zy7UJFzlVNzh7U0YyE6l0GxNFJ2fp2ViQ930TZt28wuTT
If34N/+h1TGc4MqWcI9/4HeXZ5UV5v+gLa/sb6i0RuTrhNM50JinC1Bkqy5GrQLK
wUOFb9PNNTNz3M6pl1HEmwbiAUAhrbUhcVQPcmneLQYpzW5/sv+s+vfx8xRujZtv
kknt2ftLE7YedA1KvfjRis0d9J/EbzhLdIBg3mA0OBA1cIy7GKq9EIyg2FFiok3y
T7taZPr0BuaZqFq4UaL1Se5okrBO/gwHcNj6isnQBlIDV/m858dMMYedajIHLnWb
bgsNOXjj+FxdmappOqUJKjLseFx91NBuix5d92oUM8LvWQ9iHXVk9y7KVgFxFpc/
lCw+UTzzBPnC0GcmJzOT8AaWkMYrnikoL4lYn9mr8wwLpJFkUOmyF/EUSiCj72Gb
v1GmsjbgAECIjEgIMXRAC5Vx1L9zjzHhxyHOk2f6/kfbsjSl0kKUIWTlNz9JWi4/
MuzXdleauhHYjE5zjaJ9Mp3KNhYNH2y8xUliSPLeX0TXyAJVKSYTtxq1JVyKTHBL
yVEBUFcOtAkF5Mo7nTyjUGMcHVq7+3udXz8PSmxwDUSsWbwcOAvhqyW4d/tnCHk7
wc3pMAIJUrsG/mAjy9Jc4jUsHOlzNu09w6YpDk7PyJBdm6pibyKdFbWhHxspZCwx
Ikg5iH751ka7WzT7Bnthy2Ekj7d/0R8ZeOozFZFeGscy86SiPBxT+UyhvCgwGyNQ
9YQnrKuIzxKV76nrbD/29yBzBTQAeeYJ9IgosIdqlWXqaJJNWvVeglSYdcEFpLNV
hKbHj0pS6OtGopX4RAl2Gybi7ZXBPR2af1HywMp4FkRi4AVYcP0CWtp6TcnkBoPy
603JF3Jfoyhg1vGhCipoGx6pCa+RD2gw5VSefhZtOeukDf3BhooMQB+ya1DUCp/T
U2FsdGVkX18iXKqsKcU0KdsAaXFolKsYGVYOIaDjikeRbrTF9bCDtz4v0tWSg7kO
SuJihKbDsSJebhu7puHtSJ3Us0b8wSbv5op2ub5G7IFmpcsXrgTEVU5zzncKLHZ8
LIm46CTlOABNZbQUOvB0bIHVnT3xxR83zApgjip541r/1m7NB/KJq2S1ca1XGrRV
T+u9WBWBXiDYLjuBLGfLOLauf7jdx/qjZ3fSD50zrDLBH0JdPWKcwiwQTG5CxJ8I
xbFdzw2ijTltXe1xY1I3YSndBxUNukP9TT8J3AXND1xMBcvlyquFlO5JUV/+6CL/
1rElfgTmxmjpP2bXJMzz+MxGzlVGbje3ye23+LuD+3wF+sZihDnJOxlgLTurVxug
KbLBFRtBHC205vSltPH+7eD90O1Auvk5NaBN1QbAoLL/IPPIb5QpUETEvxyxSkNR
cAVtJlTDhORwtLhVzvd5vL1+epuMlc5JzcSl9LJ0McN22bqqyzuBThAb1eLQxYhS
N2dWiY0mvZi/X1y0xvkgm7pM7mypuHbfhfIQaIki9gl3C25c23CcsVpFp7xW16jP
GNeNM8B0gzGd1XX8++Wuu0nXxmQx3agwCHhoFy2AQV8YaJUULq9sKO2KUqtCCDl7
fRF7P857e4FysNGqfNuSZ/zhoIsj5z42V+p3WPxRvyf7ztiGrn8S8v4j2lilvKQC
cee40yDkqVzeJ+UwO1y0YqTbnyIRSyGUHBezezLM3m6IqcdAKfosaTtJQdF/LCG/
5w46E8NA8AkJbpivnwFmEeulntGNy+8t+QedL/CD8/rOKthsKMKMuweAO7UOQa+Z
ZottWsVd58sf5LX+V2+6rwxrB8pJls1QE6Ei/uxtEfWXTQJLRoa+L+NowDc3J0Pb
vILJo2u2o9M+82tZUNe/s+peA+4DkUfExoQOsbxyUOxer6QJ4VQK50Bj0gdxbaQo
TGLMrQMoaR1J+MKuMJbVmJihWRXU0i3gf7y/p0VWmNLpwYJyNHB+wxbRWMqbtu9I
1DTVhMASL0w3rGUxTdWn10En/zhfa8Nd/jt+uW429UJcT4vUbJ7teInLfPIhU01l
A3UG+jRD9dxrPSyagtkAqlhqUcB3K7UdoQu42r1DVwHUtSfZgxcgFxztk/ZmhFae
XAOi0FDwe4RlpdVlZLTgI9PdZNNt3ISHj6WKVEATy7KN5cRpblvE8NZJnR78CfXF
1yS3JljcSmmE8HBVR5EgOhqI7VTJu/r9YtYaMeTwvp6RizG6FGfAjxORtiCctSXF
23yrRHJwwVEiMYScU6LhadCj0HOwXPPs68gbasfqsOVSBBTwjhakv+wza6tCe/Y6
4Cz0Z2Y4Zz1eHTMQ3GJTHJgWSIEMhp8L6RonW/jcwHO5xKOcoMPUZhaqW51EGpeq
00Vqu2r1GtUcLUMw8X7O0uUU/KwE7CHVbtDTe0GBdcs7uKpYqi9DYm5o6D+bAq0s
POBosxL7fJuyFD4PTUHo634zFeXXpMDhwr64TkczUgxtlnexcZ049uNTORmi/DU7
q+TMgfKj1cjNWAlN07J5+TDBMXgfMeqp9wGT+9cMdkeqzAIQ0XXHJY9u3YOfbq3v
sHIVjc3AniBRrP2u08W+340EXr9AY0wMW3KC7IH+qnfVKLuZrtAEuE0VIfAg5i7O
mQo+DJqxAgLkhy5UjtZ28/H4JhYLqWWTku9GxMWKsnk82sVA0DMfG8NJGjB0mf2B
0SipN7N1lv9KwcvTM+81LxiP69H7aP9nLNuTxk5vmCF62rP66DuVJ0h+5HEcZ/p7
DCEq7hlB8CZRUu70ZfC4k67gWabyE1LXSg5OKtmIM/NMGbe3MmPGN2Y+yLwXPAhW
ckwqnS/y32Ig4UjGls92TvR2hs8T77NoBAzyivvJ45cMcVYisUGNu76VWEPx6F3+
buDsPurzVoueEMIFGyEkW3UA0gvgGBIqMJvC7uJCvUkHEh7dAhoz+5hsk+RAsIX8
8L6mqbUT+hhfAKlTl4T95Ia+e4ZjhtNOGPF2sXKzOXwUnrq9Obp6KlGpsYOeRHKa
wpmCWSBSZa7gBAh2vI3e4KSwwOupYAau3NcJYBdFcRVdavte619aH6gJ3nbSvd+B
9gy24pQQSdpqKd6LpDoHLwTvv1K5aLe+26yeDVP3Aw9VfzXmDjv3obUouK7H9paF
MTlgxprc9SKmoBScVb22LLhuMLvocErgfKeq8R5ATVnsnYcfVLGbu1YdF4jLjNpQ
5uk85LsMxEIhlq2ldO4Y0D3RsJ+i7e+9k6CHkovSNTlqPnQ1U/ILoRXS4kQDAi3+
2uf12V7yKhAJ7pRLMIClIeTflyUO3+Y0f8KAXPx3ECeFSsRbjvSkiC/JKi5efiOx
7kVXvH1dlgu3WScZVbtVzy0M9moVa5ne+vuZW2E3tZ3xuTZYihkq3dQs7EXkTC1S
sF0Df9WiuTWG971OXtrYH/5kK5Z1vSi5oGjignHe92JyRd075D0UiULuyTb3gt7l
CBsHvuobEka5UuYdT5YTHKU+Co3YhybjZu/ncp9ho4e1HZe+tTRHunxl2k/idpjE
dnA2DQiPQTO34MbkvxxJ6LcetrMeH6ZSXhq0col/ftqQ/Iw9P8H0ZbBvYOgBQTi0
OIxnZ7qwxu3Qe7vbZ5TBHxXURFt0yCsa6pmM+s0wWMXsyD5IOq2x740/HUOQiGqd
0dQ3f3gm8mYvE3a/o9R1exZz3kHsAhwJS6wG4GnkKHiSQlVRkgDMLBKrensSepHg
rfReoFnN6TyU58F6vviUdTi52E8j1H+34HtIGmE/H+q8U4DfMttOAYY0+pC+ZGjJ
wi501ylCJdp7vlsAFC4rXvaVjlo0B9fwlG7iFx7jWeqwZ7zdnJmkwVKiY9tcPH7f
qOXob2uFCgGVWgDk7zKh0P0a2AqJ+oYN2zeGMDWwtB5pOqVxAQ29QqEFMixY1EFt
ryFyy4HPxk/1C/iBuUOIUVuUv8ZXigeZ0nbuFI5qWmaV5wrtnciG4vqxwpMeQtgc
16URcuwKg1AKOVWnGkgAqqXxifp8MBYscHV4eVZ1XIzgbPalv8JAG15u9aeFdCup
GzpmzAqb0IlqpHdRjusZeMK1lWEygg4YQHAaXxxJeDUViFWbbROyz2+MsbMc679v
QZmP/zCwsCAhv8Uj/WNNNywUqlIekhXYYKRYh3s/N053OBWPKblVT3erKQ8YcybV
VoAvLfdaJflsVhps/+6ac3Zxhq8mGOjTA76PL+6dsAJ5tE5RMAhJnxVPR01PfjyB
Sv/xJb7wxfuWlMNtpgCOeLrQJPuXACJj/3IQo+jteuEUEvfdBstIIrhWzjDmt3uy
irsFPa2Z2mcJd7h8o6nRPDS8nlVgB9gfM3qlV+4JaU3HhaC9OHv/IiGuwuI5D7o2
Lk76Ac4zB24A6DGvoiMb0T+Qy5hDwFd81yyjxPHlfx11x02re1qft6J0a1JSmwLt
EFYuPhcvGNPfSqH67dqt2COYnas9tMnjJTgdNhVgyFT23MG63Z/lP05yuq40DwK4
8QSC+10ByT10f4z+NLPHetK03XZ/teCblv80FmofIHkDX1Z37KDydezrE9vIW781
+oaYYe888lS5EWl/qLyA2LUCr9P/hhqVFhAkAt8L79RJrUK3oyVrjPoBabDjjUIT
iY2tzAZFRbvHUoYqa3pmQf8YXy6V1XV9D1tWO+d/kOT4nhqA2s3EcHxRafU7xZio
HVXpZdw3nw+sKoDIv879fwIsADmaK7GJps+xgQ3AO7ZHDonOdZKOSwOVn2OdwKuy
DdxqfCbvDJT4JCC5TEzk0jNmNmLi84eYv83RakCi2TUPpxD7deggPXiifocaWuZ+
c8L7f8roEMTpMyTVdvIvEK8jJNqOUKPjYtGhMU7eXEOhry3XONVJ+k4ow2HLOJ7n
1Lx2dvWRJY/jUusZhbKgwjkGfprV9JgMJ73eFWEaeBctB5JwYll63pUb3JW+3I75
+frSu1nt6eusGTcAkdUqsoOCXeTBLfeuGKQo1pC6vsLcR8dZXFqkVhlOPPsjyDgw
C0I+afbjpadGhslid4eXgn0et+2WBdBYmURTQI+sNCWXfxzuZN8gP8V7TKldtuss
78nP3DXOwgGQIirx2DoMpoonK30hFrVbessSaK60iTds5wIveRhOXQHilST3v1d9
UyNgykcrouhN5KKdzgy8JZBm7b8QO36/P+klYQg+a5KqM4sMFTINVbDjE4PxpYCn
S7FQ7zvRBxSt+IPsJdaNoduRT+r2OMDDdmXc5nKfiDutiKZu92p+pKlDaXtNFcvj
J588btpnRxkgVpd3ts3XYe2eoi+j1Reb1FP0KqbyND9DlW0nZILy/G1t4OE0sCbL
A0pcIpPXYVMjd2UKKHNXsm/cG2C5mcg7DWL9gtOa70GfAYCTNiLakxE2SElDyazg
WnjgaXzROzxqIsdN55irfQqSRPhxJ4bOvzY3oC4Lz6zlvQ4Dfoiww6r2u7xyhBSW
so9zedXmUDmANzlW7hBDAbBgD6d5lWu6X3I2/Hmecj/EfhrewC0+8zuHrJ6pqOfB
rk3/+rlxx1ENJBfOQst52DERydiZoE0B07DZKzt2a4lohQIvY/caCpjGDutEejZr
ddTS4P2zh38xqlRXSd+iLqMNJfuCzg0S0EAKP7UtOS5tkmVWVlnOrBPBC0n5yTHR
7ehgiT79SngjyHz32XXUe/1W/ZlbLo4CbXHeLThg0/uipmoure3i9p1CFeumOb5K
qZ5kAdag54mxAmCcmec88RrFVpbxpLHvbOzQSrfwpi3q6srZyFuCwLzJzsOzSYUi
qFdIdtLnEs68x+qu3UubaApquZHuI4hch5nqnYbHrrGZJrEWFUzcU5l+UasFztmq
AkLqBihLTrhEaNA0Qt/NfDwwQeE30K7q+dBuL7tpuQB7vs7VU3Vnugu/XrECDASD
+EF/zIszAHZZk1HX8DXfuwDq4lW2wkemzoFkvcZU8ZyzoCLx2D5Aj/Qlgjlf+1+4
DY03Ew/DWZHRuuOyAnInFAvPErX75SI/RIGtdS1PRjhrV0Yni+TqcsRW+PRziaFz
WdE0lW/zceuDJUVNqZFCN07vBGxpWOevKOPh7M8tpY73nfoSnZu5GRQw3r41Dpkn
ELsMAzFOZ7L7hy6IVHcVWqSKB1bQsXY46lj7s5KnBen4CFBDzboT4S/S2p3wIpxZ
+Og1mjgywzHXDr5zxWSjeOEYSHXO2w/2p29g4g7UNLGNzLddlDQMZKPHHFlAlx2/
OZr2FY87o2eAFLe71CqrJTLCdndmgYDpQz4Zr0dyAvYZpPMORsskdWL1CSfz4WmU
KQTnfBkpCzWtuftMBSNzMvE3yzP1H9A5hAgCcRj+MYEIKPqGczXxeWP9sbtHYL+G
+MdfOb4FIdFcNF96hLNFWxYiyqh3qUyGwuFKKOTp+jkDqTg6dZs1vxRWPTkL+zBo
zuvS/Qdi7yZPd3Am0WhERaq8w5OwspOvJqJzq2DZtHTzb7gQP+tiqlMCRMr9cJEp
c+V3xr8+fqVzBJb1L8JYw2GDS5P92zbZnqXcXLpdbEAj5b5zGb2eSLKgyz+X//T1
qXJphSirbsvf2cZHOrmbi2NQRAiak1yG3DX+YELxAdDWZE81tQdpCMfkP+XAn8Yw
D28QC2wJ29P7fTn8QL9QLlD804Mcmb4YYXJACZaMBtyVgoXrTUc2YjbdqofZibzT
teJ+o8m4OO6P+P/ryhqwxyrGncDIo0qJ7N0VzCeZ5qpYnA37SfU+3Ek6ntQ1XjOe
YJJDPQr3QChFVZes/4H4407CvXKqg9Pcs3GBjtyW0yw1OTNYbauuK8Oc45oV5utG
n12jd6FMV2tLo9IQHa76Zxzl0IUONDh60O58vkB4wy56B0McJeZbwh3eTJ/fuJCW
w7N5X/bodH1wwIB98jr1SCOb81oAbWVIPMCbIuQoUnU38vptH9W7KcLAfqs18vEi
1v4xKmkToDqW27TA337FwYDuiLJUL166BBzqk17hJFKIgbXNNISnWsE/yuTWeuLf
4Wn/V8zISkCML50PG4SwUlpLkcQcMTG6SRU3y5e2j1ABqEic74lkY4GTnjaCLvvJ
MjxFjYD5eWjJPd/xs0kzAcZJrb/iyfLY42lDVtByIOPxS96LPOnKTev1z36E7oy9
GzZ77JJlfgBQE4j5cT1ZXYymnGcZGlBNzC259dSQOqaW4OwbF7Q2JW3ns46/QJYa
HrKZc8gg3MFoyd6iQ5B8uIuOD0G90lNQAON7Rr3KWzWAJIlf41oyycVAY3/OxiNH
C3vpBZv8Rb8ICNSXcKOP0Xmzj/p3vSTHwdQ8cp7XjZwSKDD0ZsOPPqbsvHW6fYU7
23n3LbqFecnxgXW0FO976Z4PQdZkjxD7iG4bIk2jF73QewwgRh+C8chlzPcwrQHV
7t4GmTj1Q/hW4Hm/8djmJ30bONw5B8VkdRJeg2Eg48y543Jr9+fq3wFV/r72x61k
0elpDZ1enKbIrSSh+b5yp4r4V+iZKLyA3gR19vLLYWIvO3eDB8aowjZSh4grBVPR
fIVGWXNLzt+8JDvb3nL9BZq2lrfeRlYtETfHGAG9ZaNkWLFLNDcEoiaI381AXE9A
32MSW8K5i6l3l3jv6qLtDjB0BdQfFPDwa2uLaGfn6JRXhk+i6CPt4RUM/UaVk3MO
Wk85ThtpgHzu2OEfWn8qppnOnRHZ03OI+2MVK+LzmqlTNhQoyN0m8iWzAAbUWIW7
YFx5eamutucjjpy1Cb9VMLMXorrRa0EW/edItt7JDY+skUjXGyCmTST7x497Chcj
FV9VKKyvL0g5BM1N6KGY3dD/Obgt8Ame2VvUcetAgiiiaNqnvlQ2rYdWzi8nDiQ9
1OlakuZhGqLAnTrpc72PKNHFlQ2t1R+S33sE/Lw6vfhzuT0UJEZYgeSB2IOd72O5
64nI2BuJZA1mzwK5kETVjGzc1ZJKVnN09Do/RxLGa+G4kBQFRi53PfwPIdweFDos
+oljJOO2Hkr0DBNhVkmfMq4Vbbyl+aJ3Us+lXI1pibLUd2WNgsYrfdxIC8muib72

View file

@ -49,7 +49,7 @@ in
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;

View file

@ -22,7 +22,7 @@ in
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.Sapana.duplicacy-web ];
environment.systemPackages = [ pkgs.${namespace}.duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ];
@ -37,7 +37,7 @@ in
description = "Start the Duplicacy backup service and web UI";
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.Sapana.duplicacy-web}/duplicacy-web'';
ExecStart = ''${pkgs.${namespace}.duplicacy-web}/duplicacy-web'';
Restart = "on-failure";
RestartSec = 10;
KillMode = "process";

View file

@ -32,7 +32,7 @@ in
enable = true;
settings = {
server = {
DOMAIN = lib.Sapana.getDomainFromURI cfg.url;
DOMAIN = lib.${namespace}.getDomainFromURI cfg.url;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
@ -42,7 +42,7 @@ in
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";

View file

@ -35,7 +35,7 @@ in
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";

View file

@ -51,11 +51,13 @@ in
public = true;
allowOrigin = "*";
# Enable Ngrams
settings.languageModel = lib.mkIf cfg.ngrams.enable "${pkgs.Sapana.languagetool-ngrams}/share/languagetool/ngrams";
settings.languageModel = lib.mkIf cfg.ngrams.enable "${
pkgs.${namespace}.languagetool-ngrams
}/share/languagetool/ngrams";
};
# Create Nginx virtualhost
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;

View file

@ -51,7 +51,7 @@ in
(lib.mkIf (cfg.enable && cfg.type == "parent") {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;
@ -77,7 +77,7 @@ in
configDir = {
# Allow incoming streams
"stream.conf" = pkgs.writeText "stream.conf" ''
[${config.secrets.services.netdata.apiKey}]
[${config.${namespace}.secrets.services.netdata.apiKey}]
enabled = no
default history = 3600
default memory mode = dbengine

View file

@ -59,7 +59,7 @@ in
config = lib.mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${cfg.port}";
@ -102,7 +102,7 @@ in
environment = {
VPN_SERVICE_PROVIDER = "protonvpn";
VPN_TYPE = "wireguard";
WIREGUARD_PRIVATE_KEY = config.secrets.services.protonvpn.privateKey;
WIREGUARD_PRIVATE_KEY = config.${namespace}.secrets.services.protonvpn.privateKey;
SERVER_COUNTRIES = (lib.strings.concatStringsSep "," cfg.vpn.countries);
TZ = "America/New_York";
};

View file

@ -57,7 +57,7 @@ in
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true;
};
};

View file

@ -69,8 +69,8 @@ in
mail = lib.mkIf config.${namespace}.services.msmtp.enable {
enable = true;
mailer = "/run/wrappers/bin/sendmail";
sender = "${config.networking.hostName}@${config.secrets.networking.domains.primary}";
recipient = config.secrets.users.aires.email;
sender = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
recipient = config.${namespace}.secrets.users.aires.email;
};
};
};

View file

@ -46,16 +46,16 @@ in
# Set up secondary binary caches for Lix and Hevana
substituters = [
"https://cache.lix.systems"
"https://${config.secrets.services.binary-cache.url}"
"https://${config.${namespace}.secrets.services.binary-cache.url}"
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
config.secrets.services.binary-cache.pubcert
config.${namespace}.secrets.services.binary-cache.pubcert
];
# Authentication for Hevana's binary cache
netrc-file =
with config.secrets.services.binary-cache;
with config.${namespace}.secrets.services.binary-cache;
pkgs.writeText "netrc" ''
machine ${url} login ${auth.username} password ${auth.password}
'';
@ -96,7 +96,7 @@ in
(lib.mkIf cfg.nixos-operations-script.enable {
# Enable and configure NOS
${namespace}.packages = [ nixos-operations-script ];
environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder;
environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder;
})
];
}

View file

@ -24,7 +24,7 @@ in
isNormalUser = true;
description = "Aires";
uid = 1000;
hashedPassword = config.secrets.users.aires.hashedPassword;
hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword;
extraGroups = [
"input"
"networkmanager"
@ -64,14 +64,14 @@ in
# Set up git
git = {
enable = true;
userName = config.secrets.users.aires.firstName;
userEmail = config.secrets.users.aires.email;
userName = config.${namespace}.secrets.users.aires.firstName;
userEmail = config.${namespace}.secrets.users.aires.email;
extraConfig = {
core.editor = config.${namespace}.editor;
merge.conflictStyle = "zdiff3";
pull.ff = "only";
push.autoSetupRemote = "true";
safe.directory = "${config.secrets.nixConfigFolder}/.git";
safe.directory = "${config.${namespace}.secrets.nixConfigFolder}/.git";
submodule.recurse = true;
credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
};
@ -80,7 +80,7 @@ in
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.aires.sshConfig;
matchBlocks = config.${namespace}.secrets.users.aires.sshConfig;
};
# Set up Zsh

View file

@ -24,7 +24,7 @@ in
isNormalUser = true;
description = "Gremlin";
uid = 1001;
hashedPassword = config.secrets.users.gremlin.hashedPassword;
hashedPassword = config.${namespace}.secrets.users.gremlin.hashedPassword;
extraGroups = [
"networkmanager"
"input"
@ -80,7 +80,7 @@ in
# Set up SSH
ssh = {
enable = true;
matchBlocks = config.secrets.users.gremlin.sshConfig;
matchBlocks = config.${namespace}.secrets.users.gremlin.sshConfig;
};
# Set up Zsh

View file

@ -19,8 +19,8 @@ in
# Connect to the network automagically
networkmanager.enable = lib.mkForce false;
wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = {
psk = "${config.secrets.networking.networks.home.password}";
"${config.${namespace}.secrets.networking.networks.home.SSID}" = {
psk = "${config.${namespace}.secrets.networking.networks.home.password}";
};
};
};
@ -35,7 +35,7 @@ in
];
services.ssh = {
enable = true;
ports = [ config.secrets.hosts.hevana.ssh.port ];
ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
};
users.aires.enable = true;
};

View file

@ -17,10 +17,10 @@ let
# Credentials for interacting with the Porkbun API
porkbunCredentials = {
"PORKBUN_API_KEY_FILE" = "${pkgs.writeText "porkbun-api-key" ''
${config.secrets.networking.porkbun.api.apiKey}
${config.${namespace}.secrets.networking.porkbun.api.apiKey}
''}";
"PORKBUN_SECRET_API_KEY_FILE" = "${pkgs.writeText "porkbun-secret-api-key" ''
${config.secrets.networking.porkbun.api.secretKey}
${config.${namespace}.secrets.networking.porkbun.api.secretKey}
''}";
};
@ -34,7 +34,9 @@ let
serviceList = lib.attrsets.collect (
x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x)
) config.${namespace}.services;
subdomains = builtins.catAttrs "url" serviceList;
subdomains = (builtins.catAttrs "url" serviceList) ++ [
config.${namespace}.secrets.services.gremlin-lab.url
];
in
{
@ -52,9 +54,11 @@ in
configFile = pkgs.writeText "ddclient.conf" ''
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
protocol=porkbun
apikey=${config.secrets.networking.porkbun.api.apiKey}
secretapikey=${config.secrets.networking.porkbun.api.secretKey}
*.${config.secrets.networking.domains.primary},*.${config.secrets.networking.domains.blog}
apikey=${config.${namespace}.secrets.networking.porkbun.api.apiKey}
secretapikey=${config.${namespace}.secrets.networking.porkbun.api.secretKey}
*.${config.${namespace}.secrets.networking.domains.primary},*.${
config.${namespace}.secrets.networking.domains.blog
}
cache=/tmp/ddclient.cache
pid=/var/run/ddclient.pid
'';
@ -78,7 +82,9 @@ in
};
path = config.${namespace}.corePackages;
script = ''
/run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${config.secrets.nixConfigFolder}
/run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${
config.${namespace}.secrets.nixConfigFolder
}
'';
};
systemd.timers."build-hosts" = {
@ -110,22 +116,22 @@ in
# Enable support for primary RAID array
raid.storage = {
enable = true;
keyFile = config.secrets.devices.storage.keyFile.path;
mailAddr = config.secrets.users.aires.email;
keyFile = config.${namespace}.secrets.devices.storage.keyFile.path;
mailAddr = config.${namespace}.secrets.users.aires.email;
};
services = {
acme = {
enable = true;
defaultEmail = config.secrets.users.aires.email;
defaultEmail = config.${namespace}.secrets.users.aires.email;
certs = {
"${config.secrets.networking.domains.primary}" = {
"${config.${namespace}.secrets.networking.domains.primary}" = {
dnsProvider = "porkbun";
extraDomainNames = subdomains;
webroot = null; # Required in order to prevent a failed assertion
credentialFiles = porkbunCredentials;
};
"${config.secrets.networking.domains.blog}" = {
"${config.${namespace}.secrets.networking.domains.blog}" = {
dnsProvider = "porkbun";
webroot = null; # Required in order to prevent a failed assertion
credentialFiles = porkbunCredentials;
@ -139,17 +145,17 @@ in
autoUpgrade = {
enable = true;
pushUpdates = true; # Update automatically and push updates back up to Forgejo
configDir = config.secrets.nixConfigFolder;
configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
binary-cache = {
enable = true;
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
url = config.secrets.services.binary-cache.url;
url = config.${namespace}.secrets.services.binary-cache.url;
auth = {
user = config.secrets.services.binary-cache.auth.username;
password = config.secrets.services.binary-cache.auth.password;
user = config.${namespace}.secrets.services.binary-cache.auth.username;
password = config.${namespace}.secrets.services.binary-cache.auth.password;
};
};
boinc = {
@ -163,36 +169,36 @@ in
forgejo = {
enable = true;
home = "${services-root}/forgejo";
url = config.secrets.services.forgejo.url;
url = config.${namespace}.secrets.services.forgejo.url;
};
jellyfin = {
enable = true;
home = "${services-root}/jellyfin";
url = config.secrets.services.jellyfin.url;
url = config.${namespace}.secrets.services.jellyfin.url;
};
languagetool = {
enable = true;
url = config.secrets.services.languagetool.url;
url = config.${namespace}.secrets.services.languagetool.url;
port = 8100;
auth.user = config.secrets.services.languagetool.auth.user;
auth.password = config.secrets.services.languagetool.auth.password;
auth.user = config.${namespace}.secrets.services.languagetool.auth.user;
auth.password = config.${namespace}.secrets.services.languagetool.auth.password;
ngrams.enable = true;
};
msmtp = {
enable = true;
accounts.default = {
host = config.secrets.services.msmtp.host;
user = config.secrets.services.msmtp.user;
password = config.secrets.services.msmtp.password;
host = config.${namespace}.secrets.services.msmtp.host;
user = config.${namespace}.secrets.services.msmtp.user;
password = config.${namespace}.secrets.services.msmtp.password;
auth = true;
tls = true;
tls_starttls = true;
port = 587;
from = "${config.networking.hostName}@${config.secrets.networking.domains.primary}";
from = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
};
aliases = {
text = ''
default: ${config.secrets.users.aires.email}
default: ${config.${namespace}.secrets.users.aires.email}
'';
mode = "0644";
};
@ -200,34 +206,34 @@ in
netdata = {
enable = true;
type = "parent";
url = config.secrets.services.netdata.url;
url = config.${namespace}.secrets.services.netdata.url;
auth = {
user = config.users.users.aires.name;
password = config.secrets.services.netdata.password;
apiKey = config.secrets.services.netdata.apiKey;
password = config.${namespace}.secrets.services.netdata.password;
apiKey = config.${namespace}.secrets.services.netdata.apiKey;
};
};
nginx = {
enable = true;
virtualHosts = {
"${config.secrets.networking.domains.primary}" = {
"${config.${namespace}.secrets.networking.domains.primary}" = {
default = true;
enableACME = true; # Enable Let's Encrypt
locations."/" = {
# Catchall vhost, will redirect users to Forgejo
return = "301 https://${config.secrets.services.forgejo.url}";
return = "301 https://${config.${namespace}.secrets.services.forgejo.url}";
};
};
"${config.secrets.networking.domains.blog}" = {
useACMEHost = config.secrets.networking.domains.blog;
"${config.${namespace}.secrets.networking.domains.blog}" = {
useACMEHost = config.${namespace}.secrets.networking.domains.blog;
forceSSL = true;
root = "${services-root}/nginx/sites/${config.secrets.networking.domains.blog}";
root = "${services-root}/nginx/sites/${config.${namespace}.secrets.networking.domains.blog}";
};
"${config.secrets.services.gremlin-lab.url}" = {
useACMEHost = config.secrets.networking.domains.primary;
"${config.${namespace}.secrets.services.gremlin-lab.url}" = {
useACMEHost = config.${namespace}.secrets.networking.domains.primary;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.secrets.services.gremlin-lab.ip}";
proxyPass = "http://${config.${namespace}.secrets.services.gremlin-lab.ip}";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
@ -237,11 +243,11 @@ in
qbittorrent = {
enable = true;
home = "${services-root}/qbittorrent";
url = config.secrets.services.qbittorrent.url;
url = config.${namespace}.secrets.services.qbittorrent.url;
port = "8090";
vpn = {
enable = true;
privateKey = config.secrets.services.protonvpn.privateKey;
privateKey = config.${namespace}.secrets.services.protonvpn.privateKey;
countries = [
"Switzerland"
"Netherlands"
@ -251,15 +257,15 @@ in
rss = {
enable = false;
home = "${services-root}/freshrss";
url = config.secrets.services.rss.url;
auth = with config.secrets.services.rss.auth; {
url = config.${namespace}.secrets.services.rss.url;
auth = with config.${namespace}.secrets.services.rss.auth; {
user = user;
password = password;
};
};
ssh = {
enable = true;
ports = [ config.secrets.hosts.hevana.ssh.port ];
ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
};
syncthing = {
enable = true;

View file

@ -44,7 +44,7 @@ in
services = {
autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
configDir = config.${namespace}.secrets.nixConfigFolder;
extraFlags = "--build-host hevana";
onCalendar = "weekly";
user = config.users.users.aires.name;

View file

@ -19,8 +19,6 @@ in
system.stateVersion = stateVersion;
networking.hostName = hostName;
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
${namespace} = {
apps = {
development.enable = true;
@ -42,6 +40,8 @@ in
tpm2.enable = true;
};
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
# Change the default text editor. Options are "emacs", "nano", or "vim".
editor = "nano";
@ -64,7 +64,7 @@ in
# Run daily automatic updates.
autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily";
operation = "boot";
user = config.users.users.aires.name;