From a78b7f55e1831258daeb59b72877411e23347293 Mon Sep 17 00:00:00 2001 From: Andre Date: Mon, 9 Dec 2024 13:30:39 -0500 Subject: [PATCH] Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace --- README.md | 2 +- modules/nixos/secrets/default.nix | 219 +++++++++--------- .../nixos/services/binary-cache/default.nix | 2 +- .../nixos/services/duplicacy-web/default.nix | 4 +- modules/nixos/services/forgejo/default.nix | 4 +- modules/nixos/services/jellyfin/default.nix | 2 +- .../nixos/services/languagetool/default.nix | 6 +- modules/nixos/services/netdata/default.nix | 4 +- .../nixos/services/qbittorrent/default.nix | 4 +- modules/nixos/services/rss/default.nix | 2 +- modules/nixos/system/default.nix | 4 +- modules/nixos/system/nix/default.nix | 8 +- modules/nixos/users/aires/default.nix | 10 +- modules/nixos/users/gremlin/default.nix | 4 +- systems/aarch64-linux/Pihole/default.nix | 6 +- systems/x86_64-linux/Hevana/default.nix | 90 +++---- systems/x86_64-linux/Khanda/default.nix | 2 +- systems/x86_64-linux/Shura/default.nix | 6 +- 18 files changed, 194 insertions(+), 185 deletions(-) diff --git a/README.md b/README.md index 0c01954..c25f861 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ To enable automatic updates for a host, set `config.${namespace}.services.autoUp ```nix services.autoUpgrade = { enable = true; - configDir = config.secrets.nixConfigFolder; + configDir = config.${namespace}.secrets.nixConfigFolder; onCalendar = "daily"; user = config.users.users.aires.name; }; diff --git a/modules/nixos/secrets/default.nix b/modules/nixos/secrets/default.nix index 8808cfd..de5652b 100644 --- a/modules/nixos/secrets/default.nix +++ b/modules/nixos/secrets/default.nix @@ -1,109 +1,110 @@ -U2FsdGVkX1/RQfGVP76sNDrjrnhTIFoeGKoRj1M66ltbkzqEVZrSGke1jDZA9e0Q -cwUIfzRo+k2bhNi6VbG4OvteEFeABGn6aoL38owyEgKDlGEti2m6/MPfIrTOYpWS -UArXOKkSCgPi+mzD6ez6ZKXRdaVgn230Iipg4ZacUXkFzUf1YqybTMyp3xVuPaID -AKCdEa9YiL0R5cOMBIKyN3zaj509R9ocauKeJ9w/pVPzgqMoeFNgkeUBh42Z+QFg -/0vy9jX2yoNQrWlOJNfkq50UeivWF90RJzf30gm1uAPX5102Pt0dvUOdfouunFIE -OxYwnBrqJAq2bnoCMCEJkogspVeBVWY/RdJZEhr6Fj6R8Dd/K1rPhvL1UzrrwMo4 -3vcXy6AcvEGVA+i7nfSj7J4EfDJnNfsQl0hOV8tm2o/rlOqGiRwPLdi3PxUrAm5I -jZdcNWeendXtBuXZwZSpVFDvi85taasgE7IaPdYj5VfKMwZmdmm7vpmVe3wKtxJf -D1Z2kW34dtUkAAA5LXAnEYpM0jJo1hLQyOSm8KUcOOmLHHRa3vNHzUxLdSSZluCY -DqLfRdx/3Krio8WoypopgG4mW0/nI1jUl5aRVgM2tuBVUjz2meDtTZk4dnTx8ys4 -bEmEn+BIzmMHzVK7PlNLAQWBGFj4e2rdLUsy3846YB2tRo/IUxQSv32gF/RYW5Py -ToOjRpoaVDSJPT26w25/rwMYoqvtYDakoRXmSFOLg9k1WIlEhCJFSZRts9DuFU23 -XxXmhxC+R0I9InY/+JGBHqkmKcTpILZItjL0jLrIggXwE5wJ3emNBJsh8zwoKlWY -6mUhG0xiiVrNWXlOOc9mw8ElRzxqhUDMd5mBiGQoZuBzXt8z05s8DA1ZDbrx9sQZ -LVapZlUiYPcO/C29Bk2elK10IeQrzdqSSiF504afudaMPUcHSDWpG7Ew70R9wPHU -h3I/q/YPoyYC2txrC9lJGfnJnylXf6eXoJNNgUIsqFMViTVYDBRbZ/4er1tB8bZl -TjOgyRxgheUT0y/FodKznOEFtGSOsiO+ErQ04G6LAp59iJu5XJr3QVTyj4bvZa/S -SjAOh1FMcg79p3ZWIFvfqupsStnKPHkDWawlM/var1xBSKcJ47YfgnPycxCdIm3x -eSDP4BziKhAIBo0bX/9TGfrcectQedMSxFV+4+EhwKVKR+01rA7SfT9pNcBG+yS8 -Z6kJ+cNQzGtAveD9TwvajpGAIWQQz3QXtoXJvOYrpxKSl89VWcAhVAZD5f/J0xr3 -nHdJmIiefGCC9uV6ztLolxgjgRw76SydgewgRnuAXS6RF1nR4cgN1/2nVA7okm16 -JFvE+G7xxqbGgaNJNAzWIGn0JknSbrW+ymI08ig5FN49heOPW3+CNyPhhM/8Z1wM -4/vhfUSMFQxx+XZYAImCk3d9u1RW38I6MHMu4S9jwH1tBk4z66l8UfFixxf222n8 -tMIoXMWVZJPEEFJhRW4uGoebDdmjtkgAASy70T414QKPdWy24sNr8E7bxpIemS5u -4K8aO7UpKiiroXDdXBJJH3nYXBNeHNq/UASV5Ye2e2tNKGyepaIpFw4xr0qLXvAf -QHL19XzKhpmeAhbxgvkF/R9N6lnRTAUdk9bmx+02ZVrDHqB0J/TWi6rwPoh7B92F -0tbk3J8BOvdlJg74/96HBy4HQby7BxPKIFMkBVXNY4sACcWOGc+RbJf2KQRDUJ+y -2S3UDcc3pIowA8SgRPQiW8HPgwxKNSONQOqN7+EitKT0OBxgD2UiVSL8WPEXyn3O -IARI5N99Go9h29NkDxl0RH1rZpZMTtpJfW/0VKb2KIT1ctO57mYMBDrZsTYD8OLZ -KQY57J5E6n+j60aowVxRpIXDQBaiMb0gOSVg1VASLkIforfJ7Du+8mS7vtatyO/G -W02ddqdjqOBtYWsbN7Qo/pjSwWRbzKyhML7QRimG076p4jM0Md/oQMrzvGzZ5TXR -MkqeK5la0425VwOeoLETmoaohzEwQ3Pdj4wum2bmHJnUUwDWSUI/HWVTSEiIyiih -7XgHYHxfJZO774FaFBuXDNP1fSXdQMVF/eJomqKAPXdkMsj2Z8fo8dDDEGiVP6s0 -DY5Imp5foGQIXxo0OqwX60dlgAWNjs27sd6j2qD+IRHDooOvseqMP1t+Ap7Cie19 -duFEkBk7mthWwqjQb+i2GN+Cp3d+kRaN3fL4xFkEeE0ozn32dr07U0ZaZPLUoO5N -JtpqpQ/m+F2OEGHmIQblyXzcgvBVVfewhABzdLdWFv5aG9MGL7hVDM73kbB6119G -7YcvS1nRxsVZXGpS24814tmgJfTAhMJxD5e6lK1892NgFqfYMF8srtywZ6DJHL7N -X4FvjLZFQAhTCLUzHutYT2xmvqwVvwfdsIAd58F7LWJuhQuJkQS4i7yISvBqG0t2 -tSEjJQ44hPhxGqvWgVaG9AHOQuZSYfRCQWBcfmBfq9T+I0qINkrnwLUgAGgKMsZG -9qf1pEpyBjdV86nBK8JTmsIZGxPh+D3Y07E3g6bV99eZDjSuPMMN+Dv2ABB6ZZLN -gglFVktPINZ27TY7k20sGBHfv9C70+tkYBkp2YwmxRMOsLVv+3fxUKQwf7SH9zYr -Y9Aojrn6xtddP9PbxQUukc7H/jxDmgYeq6fQJ67T1SaFARO+qmf2dKESUCaf+JhV -S7Bjbqut+FxqS4S1ru6UqOXCZc6pwTpZsopqgwrBczGKQ8g7f5xLZN0+g9N+Dy3R -sLdOVofOeEhvFE6NGY5K50aXsMRaR2bJAVg6+ppqAE1BJWvsuqQ6TqYjefrhb3Az -wGI/Cr51x8ncVapKw2Fsu/XjPuefaaT+7rWOBGLr1NKxWGT9Jyj9f2PhphPMLbT9 -f9B0Gn63tY6tyPJIJjelCTkkE13euGDnTfkJ6FcNs7C4QWj6PwD1QL4rbgmmSAuk -6ThnwDhvPICgVnfLwl8B5YqQsC/TqOOwECitJgltehjKPA2BqWQ4mXqt6AT0VMNd -cC/lxYq6YRPtsFlHE5py/4pBXaAXtYFq7Ow15Dp4BF5C1ahQc5JoIw2eedzl3gy3 -sViHBA4O1tk3VJSNX7OPf8+N9wA4XTlYt3he58mdh0X6+3ppIVOwdcTKiBLXm5WR -UEdMfQUgwYLGBoYbK2sLxSH2Wff+fWVJadMSHM1HaNv1vbkJBF5qi4BzxuRb3fw2 -T7Uo3fdy7atYq0Fp2hbWhbdN7/JVa+ZxM/HscORlPv2GiB6IVnfjrhuFXKZJ7uxw -ZVSGkEVDZWTWZkLlO+rGS6QwR8MHIBqhsnVWG830XkdWt+BtRN9XO2wpV8Wig1H8 -vLiFcoeftauk7alz3GU7C+/6j0tnjWTEG21tuuq7N2nflgCHcFxQWl4S/+s07/cS -INpyi3eDvuadd2JB1jFRXssI8kss1OEVdJHUXwx64nKsKAX01AA/Li2scjzqq7h6 -zntoISGSD1XuDuxu9rZmF57w9kO+EAxJnXLZRbHDMwWllaTzWK+/KJt7iBE59cuj -9Tr/DF6uji/ggGvrjUfXQ+MT1JMeEGYI9RPE2p1qQNYR7MBfrdkiu3ZnPEqPD7cy -YLPeBLwPuAG73Td5fBROJmNFiC/KGa11/35xKL44XE9tNiGfVrWOyn5qXkSmEHSA -2dpbRrKfaOWTufFfd5Ssfq+3bM47Nvmg0NmoY91iLwuuhc1NHHHevibPwniprjx1 -DrAHiJ2iYifl0P8MLRZixYEoexmJ/Wr8wzw74k2F3YY0UeD5tCGX4HsF/ojoqS2q -9JZhh4o/OaO9JioZA6FUDWDzUOHw8xi4OpELlr5+k+4jBXZDwKycz30/xemfObx/ -wngRA7yJY3rJ7l1ED6sjVNPGgv8u0yzRE8m6/jCQwXKJVQi659q/iVDoU3IkEdc1 -5PsGHTMpCBQyZxFfCzehfvfVPAkPI8Xl+GSNB4Y0kAXnM6Xb6Axd/utjE3Hcrvvu -D/yG+F+8q58OMxU5QBpr/HEyKLPBSXHCv37cJzG1M9qPbfwpANZ4zKWisbvEAO5z -pz6Ddk7rhxZ+xTWiB/iXwya3JSp+Vr/HT8n27GAGuKuRqwkhWI8Qh7n1rA1s8y/N -ozgA3FAAUS5ztb8UR8yLLRRNPpzR/j6hoYR2l4nrrFjv+hEpBXomBLXOkO03b9v/ -3QQMFTj2AXWiykafqzCXQ0Kj64g8U3D6AtCiABDCSPjUdSxzUK+H7YXoyAZai6cX -fTKbQl4oX2JCw0yic2J1umFnTdlnLaHVc/PzeZP8w8MLXlvlGEvQx7m7mOLCkcQB -nIDn9tMOkiZ5hyzMS5PvWWsPQM1kx0vE4fym1JJZNbZ2YMirus8t/PgC7IV1bu8b -3XIO3GorcQk4VuaeWsNYMvm9zHawpBwnR1zECeAppp5/52ivQqfsGiC/HQ3baYSI -PqEOxAprd1sYNEjVlg1T/fD89Uhi2QZdzR0wuvikchOnSXtqwOXYxdOOwwkANnaO -wLhqB+VLBLpiM0juL4FYTrk1wKThhy87wG1kRgWClfVRYNp7kpT4MF6J9VDMh0B8 -pxRE5ODMq8hjIEF+7h0W2RkWUdAfrupFRnvpTJP7uelNVr73ue83BfYCpV/uPxu5 -pxSIPDP+nEGqwGCp9pjhxuRGr/Dc5g+lgSOj+8PehEqdGEKfmn+xFXuaVFq2fucG -Myx2Fu05LVSAfDsbprzUz5vM1GJ2PEo9XcMvAo7CaLrxgukA63hg3i7Mwjd6lmQl -EvkvTMkcZvojxqHJh/rfGon2nmXMep6YgKGKdKZpzRgZ6twj22NrchzDxw3RQk4X -pM0SjT49ZyhJmtoREN669Htyy40mvNck0CrqVY8OUka/qsJ/f7r7HaNt53eed1rj -osGjUtUPOlqmi7e1TV3v+H6WPGq+uW6hNWbZwifiNkTH6AJCjDw5kutfQr8oBU/P -5BGNWMvy+f1YCikZNW6chOI+08E24O/Ny1PscUirDR6adVNBjO3Xjqq0y2tfPvN5 -8d1PSyoh5f6qlRH4ky6SjL4BbLCzzHwQ6ke/IAHmm/s8Ge4XEroznOQXW3qKDqYy -mTok86TkezZb9NfCB/4X0Tndfxk/x1T+00r2eLortyAO5YOwEo/HvANbdsRM9JJ0 -0p0JCZWFEcArwthaUGDkLHVtBbT+wPYmWtyhMgSiTJrx9EpeqB6FWIZJlUts1W4G -r/srbRe2h5OTPN43//NS/7p6OYDuJcVbAVGGxy4PES8WrhujFfSmBw8BL188sjx/ -Kh43guhzTC8moAp+a9IM0kGXtAajHppZ7BUyncTAXsRUdOhlS7Q2fdLPOV48MyWT -11UhvH2fuXKJhaXequ1PE2CePSXI2x5S4anJFNoUWEw5TgRF3rkQ3p/cZm1VAy2y -Z+VxQud0iVE15J9jGkGGa89D4m8ng16oGrSMKZAr1Gt4ZFJ5L1dP+WyPzecvzJMY -xq75CrFXuWXdpGrYRGhjGa7B2fhzylSpVfLUyWA+HZq64ZNJOqzeioyamG1OkF6e -6dHgjPmQUZeYckFEimIkXP9zHQPJfB8gX6gSyC+GSFIsitu9A3HEX5zS1uFDasdI -CZ5Upc20BZiybfGcwd8+allHYScidzpWei78LfcpuPfnMOf6hVdhlsfuvwV9F/ua -Gv0kw0+zxoDNxWhN4SqKHgYX0A1CyW/Olwb5l3s69PyUlLHTBKwf2Kth8ZCxoKpY -kiiEKQQLHEa7mRX8d0U2bDmkx9EKJc7Cfz3JoDHB5aRZ4sbbJO447Fhn9fnuzaTi -j7bDticnZymvjG13foBAJi16Pf431NsFdDYAfnmYYBFEJj/oIa5DtvidrRb+fRZv -rkQuJ59tvEGD5hymQPEe3zqiUktPl1G6Q2jYctBjmFSM9m1eIJrfD8qNCrDlKd4Y -uZJwt7XRWXirURBRk+aw0P0ZCLaWmWAKmfr+rZ8Dm8V9dO2PgjLxHRI0aEDSh/Jm -Noc2ba8YhjNwQbLTMWe3WjacbyUC9m9YqhMx5ZV6EUK+jPR7FEw158wCaV2+qFNY -ZKvILBoZywEqZkkeGp6zy7UJFzlVNzh7U0YyE6l0GxNFJ2fp2ViQ930TZt28wuTT -If34N/+h1TGc4MqWcI9/4HeXZ5UV5v+gLa/sb6i0RuTrhNM50JinC1Bkqy5GrQLK -wUOFb9PNNTNz3M6pl1HEmwbiAUAhrbUhcVQPcmneLQYpzW5/sv+s+vfx8xRujZtv -kknt2ftLE7YedA1KvfjRis0d9J/EbzhLdIBg3mA0OBA1cIy7GKq9EIyg2FFiok3y -T7taZPr0BuaZqFq4UaL1Se5okrBO/gwHcNj6isnQBlIDV/m858dMMYedajIHLnWb -bgsNOXjj+FxdmappOqUJKjLseFx91NBuix5d92oUM8LvWQ9iHXVk9y7KVgFxFpc/ -lCw+UTzzBPnC0GcmJzOT8AaWkMYrnikoL4lYn9mr8wwLpJFkUOmyF/EUSiCj72Gb -v1GmsjbgAECIjEgIMXRAC5Vx1L9zjzHhxyHOk2f6/kfbsjSl0kKUIWTlNz9JWi4/ -MuzXdleauhHYjE5zjaJ9Mp3KNhYNH2y8xUliSPLeX0TXyAJVKSYTtxq1JVyKTHBL -yVEBUFcOtAkF5Mo7nTyjUGMcHVq7+3udXz8PSmxwDUSsWbwcOAvhqyW4d/tnCHk7 -wc3pMAIJUrsG/mAjy9Jc4jUsHOlzNu09w6YpDk7PyJBdm6pibyKdFbWhHxspZCwx -Ikg5iH751ka7WzT7Bnthy2Ekj7d/0R8ZeOozFZFeGscy86SiPBxT+UyhvCgwGyNQ -9YQnrKuIzxKV76nrbD/29yBzBTQAeeYJ9IgosIdqlWXqaJJNWvVeglSYdcEFpLNV -hKbHj0pS6OtGopX4RAl2Gybi7ZXBPR2af1HywMp4FkRi4AVYcP0CWtp6TcnkBoPy -603JF3Jfoyhg1vGhCipoGx6pCa+RD2gw5VSefhZtOeukDf3BhooMQB+ya1DUCp/T +U2FsdGVkX18iXKqsKcU0KdsAaXFolKsYGVYOIaDjikeRbrTF9bCDtz4v0tWSg7kO +SuJihKbDsSJebhu7puHtSJ3Us0b8wSbv5op2ub5G7IFmpcsXrgTEVU5zzncKLHZ8 +LIm46CTlOABNZbQUOvB0bIHVnT3xxR83zApgjip541r/1m7NB/KJq2S1ca1XGrRV +T+u9WBWBXiDYLjuBLGfLOLauf7jdx/qjZ3fSD50zrDLBH0JdPWKcwiwQTG5CxJ8I +xbFdzw2ijTltXe1xY1I3YSndBxUNukP9TT8J3AXND1xMBcvlyquFlO5JUV/+6CL/ +1rElfgTmxmjpP2bXJMzz+MxGzlVGbje3ye23+LuD+3wF+sZihDnJOxlgLTurVxug +KbLBFRtBHC205vSltPH+7eD90O1Auvk5NaBN1QbAoLL/IPPIb5QpUETEvxyxSkNR +cAVtJlTDhORwtLhVzvd5vL1+epuMlc5JzcSl9LJ0McN22bqqyzuBThAb1eLQxYhS +N2dWiY0mvZi/X1y0xvkgm7pM7mypuHbfhfIQaIki9gl3C25c23CcsVpFp7xW16jP +GNeNM8B0gzGd1XX8++Wuu0nXxmQx3agwCHhoFy2AQV8YaJUULq9sKO2KUqtCCDl7 +fRF7P857e4FysNGqfNuSZ/zhoIsj5z42V+p3WPxRvyf7ztiGrn8S8v4j2lilvKQC +cee40yDkqVzeJ+UwO1y0YqTbnyIRSyGUHBezezLM3m6IqcdAKfosaTtJQdF/LCG/ +5w46E8NA8AkJbpivnwFmEeulntGNy+8t+QedL/CD8/rOKthsKMKMuweAO7UOQa+Z +ZottWsVd58sf5LX+V2+6rwxrB8pJls1QE6Ei/uxtEfWXTQJLRoa+L+NowDc3J0Pb +vILJo2u2o9M+82tZUNe/s+peA+4DkUfExoQOsbxyUOxer6QJ4VQK50Bj0gdxbaQo +TGLMrQMoaR1J+MKuMJbVmJihWRXU0i3gf7y/p0VWmNLpwYJyNHB+wxbRWMqbtu9I +1DTVhMASL0w3rGUxTdWn10En/zhfa8Nd/jt+uW429UJcT4vUbJ7teInLfPIhU01l +A3UG+jRD9dxrPSyagtkAqlhqUcB3K7UdoQu42r1DVwHUtSfZgxcgFxztk/ZmhFae +XAOi0FDwe4RlpdVlZLTgI9PdZNNt3ISHj6WKVEATy7KN5cRpblvE8NZJnR78CfXF +1yS3JljcSmmE8HBVR5EgOhqI7VTJu/r9YtYaMeTwvp6RizG6FGfAjxORtiCctSXF +23yrRHJwwVEiMYScU6LhadCj0HOwXPPs68gbasfqsOVSBBTwjhakv+wza6tCe/Y6 +4Cz0Z2Y4Zz1eHTMQ3GJTHJgWSIEMhp8L6RonW/jcwHO5xKOcoMPUZhaqW51EGpeq +00Vqu2r1GtUcLUMw8X7O0uUU/KwE7CHVbtDTe0GBdcs7uKpYqi9DYm5o6D+bAq0s +POBosxL7fJuyFD4PTUHo634zFeXXpMDhwr64TkczUgxtlnexcZ049uNTORmi/DU7 +q+TMgfKj1cjNWAlN07J5+TDBMXgfMeqp9wGT+9cMdkeqzAIQ0XXHJY9u3YOfbq3v +sHIVjc3AniBRrP2u08W+340EXr9AY0wMW3KC7IH+qnfVKLuZrtAEuE0VIfAg5i7O +mQo+DJqxAgLkhy5UjtZ28/H4JhYLqWWTku9GxMWKsnk82sVA0DMfG8NJGjB0mf2B +0SipN7N1lv9KwcvTM+81LxiP69H7aP9nLNuTxk5vmCF62rP66DuVJ0h+5HEcZ/p7 +DCEq7hlB8CZRUu70ZfC4k67gWabyE1LXSg5OKtmIM/NMGbe3MmPGN2Y+yLwXPAhW +ckwqnS/y32Ig4UjGls92TvR2hs8T77NoBAzyivvJ45cMcVYisUGNu76VWEPx6F3+ +buDsPurzVoueEMIFGyEkW3UA0gvgGBIqMJvC7uJCvUkHEh7dAhoz+5hsk+RAsIX8 +8L6mqbUT+hhfAKlTl4T95Ia+e4ZjhtNOGPF2sXKzOXwUnrq9Obp6KlGpsYOeRHKa +wpmCWSBSZa7gBAh2vI3e4KSwwOupYAau3NcJYBdFcRVdavte619aH6gJ3nbSvd+B +9gy24pQQSdpqKd6LpDoHLwTvv1K5aLe+26yeDVP3Aw9VfzXmDjv3obUouK7H9paF +MTlgxprc9SKmoBScVb22LLhuMLvocErgfKeq8R5ATVnsnYcfVLGbu1YdF4jLjNpQ +5uk85LsMxEIhlq2ldO4Y0D3RsJ+i7e+9k6CHkovSNTlqPnQ1U/ILoRXS4kQDAi3+ +2uf12V7yKhAJ7pRLMIClIeTflyUO3+Y0f8KAXPx3ECeFSsRbjvSkiC/JKi5efiOx +7kVXvH1dlgu3WScZVbtVzy0M9moVa5ne+vuZW2E3tZ3xuTZYihkq3dQs7EXkTC1S +sF0Df9WiuTWG971OXtrYH/5kK5Z1vSi5oGjignHe92JyRd075D0UiULuyTb3gt7l +CBsHvuobEka5UuYdT5YTHKU+Co3YhybjZu/ncp9ho4e1HZe+tTRHunxl2k/idpjE +dnA2DQiPQTO34MbkvxxJ6LcetrMeH6ZSXhq0col/ftqQ/Iw9P8H0ZbBvYOgBQTi0 +OIxnZ7qwxu3Qe7vbZ5TBHxXURFt0yCsa6pmM+s0wWMXsyD5IOq2x740/HUOQiGqd +0dQ3f3gm8mYvE3a/o9R1exZz3kHsAhwJS6wG4GnkKHiSQlVRkgDMLBKrensSepHg +rfReoFnN6TyU58F6vviUdTi52E8j1H+34HtIGmE/H+q8U4DfMttOAYY0+pC+ZGjJ +wi501ylCJdp7vlsAFC4rXvaVjlo0B9fwlG7iFx7jWeqwZ7zdnJmkwVKiY9tcPH7f +qOXob2uFCgGVWgDk7zKh0P0a2AqJ+oYN2zeGMDWwtB5pOqVxAQ29QqEFMixY1EFt +ryFyy4HPxk/1C/iBuUOIUVuUv8ZXigeZ0nbuFI5qWmaV5wrtnciG4vqxwpMeQtgc +16URcuwKg1AKOVWnGkgAqqXxifp8MBYscHV4eVZ1XIzgbPalv8JAG15u9aeFdCup +GzpmzAqb0IlqpHdRjusZeMK1lWEygg4YQHAaXxxJeDUViFWbbROyz2+MsbMc679v +QZmP/zCwsCAhv8Uj/WNNNywUqlIekhXYYKRYh3s/N053OBWPKblVT3erKQ8YcybV +VoAvLfdaJflsVhps/+6ac3Zxhq8mGOjTA76PL+6dsAJ5tE5RMAhJnxVPR01PfjyB +Sv/xJb7wxfuWlMNtpgCOeLrQJPuXACJj/3IQo+jteuEUEvfdBstIIrhWzjDmt3uy +irsFPa2Z2mcJd7h8o6nRPDS8nlVgB9gfM3qlV+4JaU3HhaC9OHv/IiGuwuI5D7o2 +Lk76Ac4zB24A6DGvoiMb0T+Qy5hDwFd81yyjxPHlfx11x02re1qft6J0a1JSmwLt +EFYuPhcvGNPfSqH67dqt2COYnas9tMnjJTgdNhVgyFT23MG63Z/lP05yuq40DwK4 +8QSC+10ByT10f4z+NLPHetK03XZ/teCblv80FmofIHkDX1Z37KDydezrE9vIW781 ++oaYYe888lS5EWl/qLyA2LUCr9P/hhqVFhAkAt8L79RJrUK3oyVrjPoBabDjjUIT +iY2tzAZFRbvHUoYqa3pmQf8YXy6V1XV9D1tWO+d/kOT4nhqA2s3EcHxRafU7xZio +HVXpZdw3nw+sKoDIv879fwIsADmaK7GJps+xgQ3AO7ZHDonOdZKOSwOVn2OdwKuy +DdxqfCbvDJT4JCC5TEzk0jNmNmLi84eYv83RakCi2TUPpxD7deggPXiifocaWuZ+ +c8L7f8roEMTpMyTVdvIvEK8jJNqOUKPjYtGhMU7eXEOhry3XONVJ+k4ow2HLOJ7n +1Lx2dvWRJY/jUusZhbKgwjkGfprV9JgMJ73eFWEaeBctB5JwYll63pUb3JW+3I75 ++frSu1nt6eusGTcAkdUqsoOCXeTBLfeuGKQo1pC6vsLcR8dZXFqkVhlOPPsjyDgw +C0I+afbjpadGhslid4eXgn0et+2WBdBYmURTQI+sNCWXfxzuZN8gP8V7TKldtuss +78nP3DXOwgGQIirx2DoMpoonK30hFrVbessSaK60iTds5wIveRhOXQHilST3v1d9 +UyNgykcrouhN5KKdzgy8JZBm7b8QO36/P+klYQg+a5KqM4sMFTINVbDjE4PxpYCn +S7FQ7zvRBxSt+IPsJdaNoduRT+r2OMDDdmXc5nKfiDutiKZu92p+pKlDaXtNFcvj +J588btpnRxkgVpd3ts3XYe2eoi+j1Reb1FP0KqbyND9DlW0nZILy/G1t4OE0sCbL +A0pcIpPXYVMjd2UKKHNXsm/cG2C5mcg7DWL9gtOa70GfAYCTNiLakxE2SElDyazg +WnjgaXzROzxqIsdN55irfQqSRPhxJ4bOvzY3oC4Lz6zlvQ4Dfoiww6r2u7xyhBSW +so9zedXmUDmANzlW7hBDAbBgD6d5lWu6X3I2/Hmecj/EfhrewC0+8zuHrJ6pqOfB +rk3/+rlxx1ENJBfOQst52DERydiZoE0B07DZKzt2a4lohQIvY/caCpjGDutEejZr +ddTS4P2zh38xqlRXSd+iLqMNJfuCzg0S0EAKP7UtOS5tkmVWVlnOrBPBC0n5yTHR +7ehgiT79SngjyHz32XXUe/1W/ZlbLo4CbXHeLThg0/uipmoure3i9p1CFeumOb5K +qZ5kAdag54mxAmCcmec88RrFVpbxpLHvbOzQSrfwpi3q6srZyFuCwLzJzsOzSYUi +qFdIdtLnEs68x+qu3UubaApquZHuI4hch5nqnYbHrrGZJrEWFUzcU5l+UasFztmq +AkLqBihLTrhEaNA0Qt/NfDwwQeE30K7q+dBuL7tpuQB7vs7VU3Vnugu/XrECDASD ++EF/zIszAHZZk1HX8DXfuwDq4lW2wkemzoFkvcZU8ZyzoCLx2D5Aj/Qlgjlf+1+4 +DY03Ew/DWZHRuuOyAnInFAvPErX75SI/RIGtdS1PRjhrV0Yni+TqcsRW+PRziaFz +WdE0lW/zceuDJUVNqZFCN07vBGxpWOevKOPh7M8tpY73nfoSnZu5GRQw3r41Dpkn +ELsMAzFOZ7L7hy6IVHcVWqSKB1bQsXY46lj7s5KnBen4CFBDzboT4S/S2p3wIpxZ ++Og1mjgywzHXDr5zxWSjeOEYSHXO2w/2p29g4g7UNLGNzLddlDQMZKPHHFlAlx2/ +OZr2FY87o2eAFLe71CqrJTLCdndmgYDpQz4Zr0dyAvYZpPMORsskdWL1CSfz4WmU +KQTnfBkpCzWtuftMBSNzMvE3yzP1H9A5hAgCcRj+MYEIKPqGczXxeWP9sbtHYL+G ++MdfOb4FIdFcNF96hLNFWxYiyqh3qUyGwuFKKOTp+jkDqTg6dZs1vxRWPTkL+zBo +zuvS/Qdi7yZPd3Am0WhERaq8w5OwspOvJqJzq2DZtHTzb7gQP+tiqlMCRMr9cJEp +c+V3xr8+fqVzBJb1L8JYw2GDS5P92zbZnqXcXLpdbEAj5b5zGb2eSLKgyz+X//T1 +qXJphSirbsvf2cZHOrmbi2NQRAiak1yG3DX+YELxAdDWZE81tQdpCMfkP+XAn8Yw +D28QC2wJ29P7fTn8QL9QLlD804Mcmb4YYXJACZaMBtyVgoXrTUc2YjbdqofZibzT +teJ+o8m4OO6P+P/ryhqwxyrGncDIo0qJ7N0VzCeZ5qpYnA37SfU+3Ek6ntQ1XjOe +YJJDPQr3QChFVZes/4H4407CvXKqg9Pcs3GBjtyW0yw1OTNYbauuK8Oc45oV5utG +n12jd6FMV2tLo9IQHa76Zxzl0IUONDh60O58vkB4wy56B0McJeZbwh3eTJ/fuJCW +w7N5X/bodH1wwIB98jr1SCOb81oAbWVIPMCbIuQoUnU38vptH9W7KcLAfqs18vEi +1v4xKmkToDqW27TA337FwYDuiLJUL166BBzqk17hJFKIgbXNNISnWsE/yuTWeuLf +4Wn/V8zISkCML50PG4SwUlpLkcQcMTG6SRU3y5e2j1ABqEic74lkY4GTnjaCLvvJ +MjxFjYD5eWjJPd/xs0kzAcZJrb/iyfLY42lDVtByIOPxS96LPOnKTev1z36E7oy9 +GzZ77JJlfgBQE4j5cT1ZXYymnGcZGlBNzC259dSQOqaW4OwbF7Q2JW3ns46/QJYa +HrKZc8gg3MFoyd6iQ5B8uIuOD0G90lNQAON7Rr3KWzWAJIlf41oyycVAY3/OxiNH +C3vpBZv8Rb8ICNSXcKOP0Xmzj/p3vSTHwdQ8cp7XjZwSKDD0ZsOPPqbsvHW6fYU7 +23n3LbqFecnxgXW0FO976Z4PQdZkjxD7iG4bIk2jF73QewwgRh+C8chlzPcwrQHV +7t4GmTj1Q/hW4Hm/8djmJ30bONw5B8VkdRJeg2Eg48y543Jr9+fq3wFV/r72x61k +0elpDZ1enKbIrSSh+b5yp4r4V+iZKLyA3gR19vLLYWIvO3eDB8aowjZSh4grBVPR +fIVGWXNLzt+8JDvb3nL9BZq2lrfeRlYtETfHGAG9ZaNkWLFLNDcEoiaI381AXE9A +32MSW8K5i6l3l3jv6qLtDjB0BdQfFPDwa2uLaGfn6JRXhk+i6CPt4RUM/UaVk3MO +Wk85ThtpgHzu2OEfWn8qppnOnRHZ03OI+2MVK+LzmqlTNhQoyN0m8iWzAAbUWIW7 +YFx5eamutucjjpy1Cb9VMLMXorrRa0EW/edItt7JDY+skUjXGyCmTST7x497Chcj +FV9VKKyvL0g5BM1N6KGY3dD/Obgt8Ame2VvUcetAgiiiaNqnvlQ2rYdWzi8nDiQ9 +1OlakuZhGqLAnTrpc72PKNHFlQ2t1R+S33sE/Lw6vfhzuT0UJEZYgeSB2IOd72O5 +64nI2BuJZA1mzwK5kETVjGzc1ZJKVnN09Do/RxLGa+G4kBQFRi53PfwPIdweFDos ++oljJOO2Hkr0DBNhVkmfMq4Vbbyl+aJ3Us+lXI1pibLUd2WNgsYrfdxIC8muib72 diff --git a/modules/nixos/services/binary-cache/default.nix b/modules/nixos/services/binary-cache/default.nix index fdc5295..29e9146 100644 --- a/modules/nixos/services/binary-cache/default.nix +++ b/modules/nixos/services/binary-cache/default.nix @@ -49,7 +49,7 @@ in }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; diff --git a/modules/nixos/services/duplicacy-web/default.nix b/modules/nixos/services/duplicacy-web/default.nix index ffb7dd7..50df529 100644 --- a/modules/nixos/services/duplicacy-web/default.nix +++ b/modules/nixos/services/duplicacy-web/default.nix @@ -22,7 +22,7 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = [ pkgs.Sapana.duplicacy-web ]; + environment.systemPackages = [ pkgs.${namespace}.duplicacy-web ]; networking.firewall.allowedTCPPorts = [ 3875 ]; @@ -37,7 +37,7 @@ in description = "Start the Duplicacy backup service and web UI"; serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.Sapana.duplicacy-web}/duplicacy-web''; + ExecStart = ''${pkgs.${namespace}.duplicacy-web}/duplicacy-web''; Restart = "on-failure"; RestartSec = 10; KillMode = "process"; diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 79c4823..3dc0534 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -32,7 +32,7 @@ in enable = true; settings = { server = { - DOMAIN = lib.Sapana.getDomainFromURI cfg.url; + DOMAIN = lib.${namespace}.getDomainFromURI cfg.url; ROOT_URL = cfg.url; HTTP_PORT = 3000; }; @@ -42,7 +42,7 @@ in } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 7688957..52886a0 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -35,7 +35,7 @@ in services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8096"; diff --git a/modules/nixos/services/languagetool/default.nix b/modules/nixos/services/languagetool/default.nix index ea01038..fc844f3 100644 --- a/modules/nixos/services/languagetool/default.nix +++ b/modules/nixos/services/languagetool/default.nix @@ -51,11 +51,13 @@ in public = true; allowOrigin = "*"; # Enable Ngrams - settings.languageModel = lib.mkIf cfg.ngrams.enable "${pkgs.Sapana.languagetool-ngrams}/share/languagetool/ngrams"; + settings.languageModel = lib.mkIf cfg.ngrams.enable "${ + pkgs.${namespace}.languagetool-ngrams + }/share/languagetool/ngrams"; }; # Create Nginx virtualhost nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; diff --git a/modules/nixos/services/netdata/default.nix b/modules/nixos/services/netdata/default.nix index 3ba2635..7bf952f 100644 --- a/modules/nixos/services/netdata/default.nix +++ b/modules/nixos/services/netdata/default.nix @@ -51,7 +51,7 @@ in (lib.mkIf (cfg.enable && cfg.type == "parent") { services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; @@ -77,7 +77,7 @@ in configDir = { # Allow incoming streams "stream.conf" = pkgs.writeText "stream.conf" '' - [${config.secrets.services.netdata.apiKey}] + [${config.${namespace}.secrets.services.netdata.apiKey}] enabled = no default history = 3600 default memory mode = dbengine diff --git a/modules/nixos/services/qbittorrent/default.nix b/modules/nixos/services/qbittorrent/default.nix index 319a20a..582f50f 100644 --- a/modules/nixos/services/qbittorrent/default.nix +++ b/modules/nixos/services/qbittorrent/default.nix @@ -59,7 +59,7 @@ in config = lib.mkIf cfg.enable { services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${cfg.port}"; @@ -102,7 +102,7 @@ in environment = { VPN_SERVICE_PROVIDER = "protonvpn"; VPN_TYPE = "wireguard"; - WIREGUARD_PRIVATE_KEY = config.secrets.services.protonvpn.privateKey; + WIREGUARD_PRIVATE_KEY = config.${namespace}.secrets.services.protonvpn.privateKey; SERVER_COUNTRIES = (lib.strings.concatStringsSep "," cfg.vpn.countries); TZ = "America/New_York"; }; diff --git a/modules/nixos/services/rss/default.nix b/modules/nixos/services/rss/default.nix index 4b91102..2b349bb 100644 --- a/modules/nixos/services/rss/default.nix +++ b/modules/nixos/services/rss/default.nix @@ -57,7 +57,7 @@ in }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = lib.Sapana.getDomainFromURI cfg.url; + useACMEHost = lib.${namespace}.getDomainFromURI cfg.url; forceSSL = true; }; }; diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index 71f68b9..a2bcd3f 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -69,8 +69,8 @@ in mail = lib.mkIf config.${namespace}.services.msmtp.enable { enable = true; mailer = "/run/wrappers/bin/sendmail"; - sender = "${config.networking.hostName}@${config.secrets.networking.domains.primary}"; - recipient = config.secrets.users.aires.email; + sender = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}"; + recipient = config.${namespace}.secrets.users.aires.email; }; }; }; diff --git a/modules/nixos/system/nix/default.nix b/modules/nixos/system/nix/default.nix index d957848..8773afa 100644 --- a/modules/nixos/system/nix/default.nix +++ b/modules/nixos/system/nix/default.nix @@ -46,16 +46,16 @@ in # Set up secondary binary caches for Lix and Hevana substituters = [ "https://cache.lix.systems" - "https://${config.secrets.services.binary-cache.url}" + "https://${config.${namespace}.secrets.services.binary-cache.url}" ]; trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - config.secrets.services.binary-cache.pubcert + config.${namespace}.secrets.services.binary-cache.pubcert ]; # Authentication for Hevana's binary cache netrc-file = - with config.secrets.services.binary-cache; + with config.${namespace}.secrets.services.binary-cache; pkgs.writeText "netrc" '' machine ${url} login ${auth.username} password ${auth.password} ''; @@ -96,7 +96,7 @@ in (lib.mkIf cfg.nixos-operations-script.enable { # Enable and configure NOS ${namespace}.packages = [ nixos-operations-script ]; - environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder; + environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder; }) ]; } diff --git a/modules/nixos/users/aires/default.nix b/modules/nixos/users/aires/default.nix index d93669d..1109625 100644 --- a/modules/nixos/users/aires/default.nix +++ b/modules/nixos/users/aires/default.nix @@ -24,7 +24,7 @@ in isNormalUser = true; description = "Aires"; uid = 1000; - hashedPassword = config.secrets.users.aires.hashedPassword; + hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword; extraGroups = [ "input" "networkmanager" @@ -64,14 +64,14 @@ in # Set up git git = { enable = true; - userName = config.secrets.users.aires.firstName; - userEmail = config.secrets.users.aires.email; + userName = config.${namespace}.secrets.users.aires.firstName; + userEmail = config.${namespace}.secrets.users.aires.email; extraConfig = { core.editor = config.${namespace}.editor; merge.conflictStyle = "zdiff3"; pull.ff = "only"; push.autoSetupRemote = "true"; - safe.directory = "${config.secrets.nixConfigFolder}/.git"; + safe.directory = "${config.${namespace}.secrets.nixConfigFolder}/.git"; submodule.recurse = true; credential.helper = "/run/current-system/sw/bin/git-credential-libsecret"; }; @@ -80,7 +80,7 @@ in # Set up SSH ssh = { enable = true; - matchBlocks = config.secrets.users.aires.sshConfig; + matchBlocks = config.${namespace}.secrets.users.aires.sshConfig; }; # Set up Zsh diff --git a/modules/nixos/users/gremlin/default.nix b/modules/nixos/users/gremlin/default.nix index d9a10d9..6e34d58 100644 --- a/modules/nixos/users/gremlin/default.nix +++ b/modules/nixos/users/gremlin/default.nix @@ -24,7 +24,7 @@ in isNormalUser = true; description = "Gremlin"; uid = 1001; - hashedPassword = config.secrets.users.gremlin.hashedPassword; + hashedPassword = config.${namespace}.secrets.users.gremlin.hashedPassword; extraGroups = [ "networkmanager" "input" @@ -80,7 +80,7 @@ in # Set up SSH ssh = { enable = true; - matchBlocks = config.secrets.users.gremlin.sshConfig; + matchBlocks = config.${namespace}.secrets.users.gremlin.sshConfig; }; # Set up Zsh diff --git a/systems/aarch64-linux/Pihole/default.nix b/systems/aarch64-linux/Pihole/default.nix index 8bd8a22..52a7a87 100644 --- a/systems/aarch64-linux/Pihole/default.nix +++ b/systems/aarch64-linux/Pihole/default.nix @@ -19,8 +19,8 @@ in # Connect to the network automagically networkmanager.enable = lib.mkForce false; wireless.networks = { - "${config.secrets.networking.networks.home.SSID}" = { - psk = "${config.secrets.networking.networks.home.password}"; + "${config.${namespace}.secrets.networking.networks.home.SSID}" = { + psk = "${config.${namespace}.secrets.networking.networks.home.password}"; }; }; }; @@ -35,7 +35,7 @@ in ]; services.ssh = { enable = true; - ports = [ config.secrets.hosts.hevana.ssh.port ]; + ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ]; }; users.aires.enable = true; }; diff --git a/systems/x86_64-linux/Hevana/default.nix b/systems/x86_64-linux/Hevana/default.nix index 9325a0f..5ce88e6 100644 --- a/systems/x86_64-linux/Hevana/default.nix +++ b/systems/x86_64-linux/Hevana/default.nix @@ -17,10 +17,10 @@ let # Credentials for interacting with the Porkbun API porkbunCredentials = { "PORKBUN_API_KEY_FILE" = "${pkgs.writeText "porkbun-api-key" '' - ${config.secrets.networking.porkbun.api.apiKey} + ${config.${namespace}.secrets.networking.porkbun.api.apiKey} ''}"; "PORKBUN_SECRET_API_KEY_FILE" = "${pkgs.writeText "porkbun-secret-api-key" '' - ${config.secrets.networking.porkbun.api.secretKey} + ${config.${namespace}.secrets.networking.porkbun.api.secretKey} ''}"; }; @@ -34,7 +34,9 @@ let serviceList = lib.attrsets.collect ( x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x) ) config.${namespace}.services; - subdomains = builtins.catAttrs "url" serviceList; + subdomains = (builtins.catAttrs "url" serviceList) ++ [ + config.${namespace}.secrets.services.gremlin-lab.url + ]; in { @@ -52,9 +54,11 @@ in configFile = pkgs.writeText "ddclient.conf" '' use=web, web=checkip.dyndns.com/, web-skip='IP Address' protocol=porkbun - apikey=${config.secrets.networking.porkbun.api.apiKey} - secretapikey=${config.secrets.networking.porkbun.api.secretKey} - *.${config.secrets.networking.domains.primary},*.${config.secrets.networking.domains.blog} + apikey=${config.${namespace}.secrets.networking.porkbun.api.apiKey} + secretapikey=${config.${namespace}.secrets.networking.porkbun.api.secretKey} + *.${config.${namespace}.secrets.networking.domains.primary},*.${ + config.${namespace}.secrets.networking.domains.blog + } cache=/tmp/ddclient.cache pid=/var/run/ddclient.pid ''; @@ -78,7 +82,9 @@ in }; path = config.${namespace}.corePackages; script = '' - /run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${config.secrets.nixConfigFolder} + /run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${ + config.${namespace}.secrets.nixConfigFolder + } ''; }; systemd.timers."build-hosts" = { @@ -110,22 +116,22 @@ in # Enable support for primary RAID array raid.storage = { enable = true; - keyFile = config.secrets.devices.storage.keyFile.path; - mailAddr = config.secrets.users.aires.email; + keyFile = config.${namespace}.secrets.devices.storage.keyFile.path; + mailAddr = config.${namespace}.secrets.users.aires.email; }; services = { acme = { enable = true; - defaultEmail = config.secrets.users.aires.email; + defaultEmail = config.${namespace}.secrets.users.aires.email; certs = { - "${config.secrets.networking.domains.primary}" = { + "${config.${namespace}.secrets.networking.domains.primary}" = { dnsProvider = "porkbun"; extraDomainNames = subdomains; webroot = null; # Required in order to prevent a failed assertion credentialFiles = porkbunCredentials; }; - "${config.secrets.networking.domains.blog}" = { + "${config.${namespace}.secrets.networking.domains.blog}" = { dnsProvider = "porkbun"; webroot = null; # Required in order to prevent a failed assertion credentialFiles = porkbunCredentials; @@ -139,17 +145,17 @@ in autoUpgrade = { enable = true; pushUpdates = true; # Update automatically and push updates back up to Forgejo - configDir = config.secrets.nixConfigFolder; + configDir = config.${namespace}.secrets.nixConfigFolder; onCalendar = "daily"; user = config.users.users.aires.name; }; binary-cache = { enable = true; secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem"; - url = config.secrets.services.binary-cache.url; + url = config.${namespace}.secrets.services.binary-cache.url; auth = { - user = config.secrets.services.binary-cache.auth.username; - password = config.secrets.services.binary-cache.auth.password; + user = config.${namespace}.secrets.services.binary-cache.auth.username; + password = config.${namespace}.secrets.services.binary-cache.auth.password; }; }; boinc = { @@ -163,36 +169,36 @@ in forgejo = { enable = true; home = "${services-root}/forgejo"; - url = config.secrets.services.forgejo.url; + url = config.${namespace}.secrets.services.forgejo.url; }; jellyfin = { enable = true; home = "${services-root}/jellyfin"; - url = config.secrets.services.jellyfin.url; + url = config.${namespace}.secrets.services.jellyfin.url; }; languagetool = { enable = true; - url = config.secrets.services.languagetool.url; + url = config.${namespace}.secrets.services.languagetool.url; port = 8100; - auth.user = config.secrets.services.languagetool.auth.user; - auth.password = config.secrets.services.languagetool.auth.password; + auth.user = config.${namespace}.secrets.services.languagetool.auth.user; + auth.password = config.${namespace}.secrets.services.languagetool.auth.password; ngrams.enable = true; }; msmtp = { enable = true; accounts.default = { - host = config.secrets.services.msmtp.host; - user = config.secrets.services.msmtp.user; - password = config.secrets.services.msmtp.password; + host = config.${namespace}.secrets.services.msmtp.host; + user = config.${namespace}.secrets.services.msmtp.user; + password = config.${namespace}.secrets.services.msmtp.password; auth = true; tls = true; tls_starttls = true; port = 587; - from = "${config.networking.hostName}@${config.secrets.networking.domains.primary}"; + from = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}"; }; aliases = { text = '' - default: ${config.secrets.users.aires.email} + default: ${config.${namespace}.secrets.users.aires.email} ''; mode = "0644"; }; @@ -200,34 +206,34 @@ in netdata = { enable = true; type = "parent"; - url = config.secrets.services.netdata.url; + url = config.${namespace}.secrets.services.netdata.url; auth = { user = config.users.users.aires.name; - password = config.secrets.services.netdata.password; - apiKey = config.secrets.services.netdata.apiKey; + password = config.${namespace}.secrets.services.netdata.password; + apiKey = config.${namespace}.secrets.services.netdata.apiKey; }; }; nginx = { enable = true; virtualHosts = { - "${config.secrets.networking.domains.primary}" = { + "${config.${namespace}.secrets.networking.domains.primary}" = { default = true; enableACME = true; # Enable Let's Encrypt locations."/" = { # Catchall vhost, will redirect users to Forgejo - return = "301 https://${config.secrets.services.forgejo.url}"; + return = "301 https://${config.${namespace}.secrets.services.forgejo.url}"; }; }; - "${config.secrets.networking.domains.blog}" = { - useACMEHost = config.secrets.networking.domains.blog; + "${config.${namespace}.secrets.networking.domains.blog}" = { + useACMEHost = config.${namespace}.secrets.networking.domains.blog; forceSSL = true; - root = "${services-root}/nginx/sites/${config.secrets.networking.domains.blog}"; + root = "${services-root}/nginx/sites/${config.${namespace}.secrets.networking.domains.blog}"; }; - "${config.secrets.services.gremlin-lab.url}" = { - useACMEHost = config.secrets.networking.domains.primary; + "${config.${namespace}.secrets.services.gremlin-lab.url}" = { + useACMEHost = config.${namespace}.secrets.networking.domains.primary; forceSSL = true; locations."/" = { - proxyPass = "http://${config.secrets.services.gremlin-lab.ip}"; + proxyPass = "http://${config.${namespace}.secrets.services.gremlin-lab.ip}"; proxyWebsockets = true; extraConfig = "proxy_ssl_server_name on;"; }; @@ -237,11 +243,11 @@ in qbittorrent = { enable = true; home = "${services-root}/qbittorrent"; - url = config.secrets.services.qbittorrent.url; + url = config.${namespace}.secrets.services.qbittorrent.url; port = "8090"; vpn = { enable = true; - privateKey = config.secrets.services.protonvpn.privateKey; + privateKey = config.${namespace}.secrets.services.protonvpn.privateKey; countries = [ "Switzerland" "Netherlands" @@ -251,15 +257,15 @@ in rss = { enable = false; home = "${services-root}/freshrss"; - url = config.secrets.services.rss.url; - auth = with config.secrets.services.rss.auth; { + url = config.${namespace}.secrets.services.rss.url; + auth = with config.${namespace}.secrets.services.rss.auth; { user = user; password = password; }; }; ssh = { enable = true; - ports = [ config.secrets.hosts.hevana.ssh.port ]; + ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ]; }; syncthing = { enable = true; diff --git a/systems/x86_64-linux/Khanda/default.nix b/systems/x86_64-linux/Khanda/default.nix index fb14d03..bbac147 100644 --- a/systems/x86_64-linux/Khanda/default.nix +++ b/systems/x86_64-linux/Khanda/default.nix @@ -44,7 +44,7 @@ in services = { autoUpgrade = { enable = true; - configDir = config.secrets.nixConfigFolder; + configDir = config.${namespace}.secrets.nixConfigFolder; extraFlags = "--build-host hevana"; onCalendar = "weekly"; user = config.users.users.aires.name; diff --git a/systems/x86_64-linux/Shura/default.nix b/systems/x86_64-linux/Shura/default.nix index 3d9342b..4792095 100644 --- a/systems/x86_64-linux/Shura/default.nix +++ b/systems/x86_64-linux/Shura/default.nix @@ -19,8 +19,6 @@ in system.stateVersion = stateVersion; networking.hostName = hostName; - custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable; - ${namespace} = { apps = { development.enable = true; @@ -42,6 +40,8 @@ in tpm2.enable = true; }; + custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable; + # Change the default text editor. Options are "emacs", "nano", or "vim". editor = "nano"; @@ -64,7 +64,7 @@ in # Run daily automatic updates. autoUpgrade = { enable = true; - configDir = config.secrets.nixConfigFolder; + configDir = config.${namespace}.secrets.nixConfigFolder; onCalendar = "daily"; operation = "boot"; user = config.users.users.aires.name;