aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace

Browse source
This commit is contained in:
Aires 2024-12-09 13:30:39 -05:00
parent 69acc20396
commit a78b7f55e1
18 changed files with 194 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -46,7 +46,7 @@ To enable automatic updates for a host, set `config.${namespace}.services.autoUp
```nix ```nix
services.autoUpgrade = { services.autoUpgrade = {
enable = true; enable = true;
configDir = config.secrets.nixConfigFolder; configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily"; onCalendar = "daily";
user = config.users.users.aires.name; user = config.users.users.aires.name;
}; };

219
modules/nixos/secrets/default.nix
View file

@ -1,109 +1,110 @@
U2FsdGVkX1/RQfGVP76sNDrjrnhTIFoeGKoRj1M66ltbkzqEVZrSGke1jDZA9e0Q U2FsdGVkX18iXKqsKcU0KdsAaXFolKsYGVYOIaDjikeRbrTF9bCDtz4v0tWSg7kO
cwUIfzRo+k2bhNi6VbG4OvteEFeABGn6aoL38owyEgKDlGEti2m6/MPfIrTOYpWS SuJihKbDsSJebhu7puHtSJ3Us0b8wSbv5op2ub5G7IFmpcsXrgTEVU5zzncKLHZ8
UArXOKkSCgPi+mzD6ez6ZKXRdaVgn230Iipg4ZacUXkFzUf1YqybTMyp3xVuPaID LIm46CTlOABNZbQUOvB0bIHVnT3xxR83zApgjip541r/1m7NB/KJq2S1ca1XGrRV
AKCdEa9YiL0R5cOMBIKyN3zaj509R9ocauKeJ9w/pVPzgqMoeFNgkeUBh42Z+QFg T+u9WBWBXiDYLjuBLGfLOLauf7jdx/qjZ3fSD50zrDLBH0JdPWKcwiwQTG5CxJ8I
/0vy9jX2yoNQrWlOJNfkq50UeivWF90RJzf30gm1uAPX5102Pt0dvUOdfouunFIE xbFdzw2ijTltXe1xY1I3YSndBxUNukP9TT8J3AXND1xMBcvlyquFlO5JUV/+6CL/
OxYwnBrqJAq2bnoCMCEJkogspVeBVWY/RdJZEhr6Fj6R8Dd/K1rPhvL1UzrrwMo4 1rElfgTmxmjpP2bXJMzz+MxGzlVGbje3ye23+LuD+3wF+sZihDnJOxlgLTurVxug
3vcXy6AcvEGVA+i7nfSj7J4EfDJnNfsQl0hOV8tm2o/rlOqGiRwPLdi3PxUrAm5I KbLBFRtBHC205vSltPH+7eD90O1Auvk5NaBN1QbAoLL/IPPIb5QpUETEvxyxSkNR
jZdcNWeendXtBuXZwZSpVFDvi85taasgE7IaPdYj5VfKMwZmdmm7vpmVe3wKtxJf cAVtJlTDhORwtLhVzvd5vL1+epuMlc5JzcSl9LJ0McN22bqqyzuBThAb1eLQxYhS
D1Z2kW34dtUkAAA5LXAnEYpM0jJo1hLQyOSm8KUcOOmLHHRa3vNHzUxLdSSZluCY N2dWiY0mvZi/X1y0xvkgm7pM7mypuHbfhfIQaIki9gl3C25c23CcsVpFp7xW16jP
DqLfRdx/3Krio8WoypopgG4mW0/nI1jUl5aRVgM2tuBVUjz2meDtTZk4dnTx8ys4 GNeNM8B0gzGd1XX8++Wuu0nXxmQx3agwCHhoFy2AQV8YaJUULq9sKO2KUqtCCDl7
bEmEn+BIzmMHzVK7PlNLAQWBGFj4e2rdLUsy3846YB2tRo/IUxQSv32gF/RYW5Py fRF7P857e4FysNGqfNuSZ/zhoIsj5z42V+p3WPxRvyf7ztiGrn8S8v4j2lilvKQC
ToOjRpoaVDSJPT26w25/rwMYoqvtYDakoRXmSFOLg9k1WIlEhCJFSZRts9DuFU23 cee40yDkqVzeJ+UwO1y0YqTbnyIRSyGUHBezezLM3m6IqcdAKfosaTtJQdF/LCG/
XxXmhxC+R0I9InY/+JGBHqkmKcTpILZItjL0jLrIggXwE5wJ3emNBJsh8zwoKlWY 5w46E8NA8AkJbpivnwFmEeulntGNy+8t+QedL/CD8/rOKthsKMKMuweAO7UOQa+Z
6mUhG0xiiVrNWXlOOc9mw8ElRzxqhUDMd5mBiGQoZuBzXt8z05s8DA1ZDbrx9sQZ ZottWsVd58sf5LX+V2+6rwxrB8pJls1QE6Ei/uxtEfWXTQJLRoa+L+NowDc3J0Pb
LVapZlUiYPcO/C29Bk2elK10IeQrzdqSSiF504afudaMPUcHSDWpG7Ew70R9wPHU vILJo2u2o9M+82tZUNe/s+peA+4DkUfExoQOsbxyUOxer6QJ4VQK50Bj0gdxbaQo
h3I/q/YPoyYC2txrC9lJGfnJnylXf6eXoJNNgUIsqFMViTVYDBRbZ/4er1tB8bZl TGLMrQMoaR1J+MKuMJbVmJihWRXU0i3gf7y/p0VWmNLpwYJyNHB+wxbRWMqbtu9I
TjOgyRxgheUT0y/FodKznOEFtGSOsiO+ErQ04G6LAp59iJu5XJr3QVTyj4bvZa/S 1DTVhMASL0w3rGUxTdWn10En/zhfa8Nd/jt+uW429UJcT4vUbJ7teInLfPIhU01l
SjAOh1FMcg79p3ZWIFvfqupsStnKPHkDWawlM/var1xBSKcJ47YfgnPycxCdIm3x A3UG+jRD9dxrPSyagtkAqlhqUcB3K7UdoQu42r1DVwHUtSfZgxcgFxztk/ZmhFae
eSDP4BziKhAIBo0bX/9TGfrcectQedMSxFV+4+EhwKVKR+01rA7SfT9pNcBG+yS8 XAOi0FDwe4RlpdVlZLTgI9PdZNNt3ISHj6WKVEATy7KN5cRpblvE8NZJnR78CfXF
Z6kJ+cNQzGtAveD9TwvajpGAIWQQz3QXtoXJvOYrpxKSl89VWcAhVAZD5f/J0xr3 1yS3JljcSmmE8HBVR5EgOhqI7VTJu/r9YtYaMeTwvp6RizG6FGfAjxORtiCctSXF
nHdJmIiefGCC9uV6ztLolxgjgRw76SydgewgRnuAXS6RF1nR4cgN1/2nVA7okm16 23yrRHJwwVEiMYScU6LhadCj0HOwXPPs68gbasfqsOVSBBTwjhakv+wza6tCe/Y6
JFvE+G7xxqbGgaNJNAzWIGn0JknSbrW+ymI08ig5FN49heOPW3+CNyPhhM/8Z1wM 4Cz0Z2Y4Zz1eHTMQ3GJTHJgWSIEMhp8L6RonW/jcwHO5xKOcoMPUZhaqW51EGpeq
4/vhfUSMFQxx+XZYAImCk3d9u1RW38I6MHMu4S9jwH1tBk4z66l8UfFixxf222n8 00Vqu2r1GtUcLUMw8X7O0uUU/KwE7CHVbtDTe0GBdcs7uKpYqi9DYm5o6D+bAq0s
tMIoXMWVZJPEEFJhRW4uGoebDdmjtkgAASy70T414QKPdWy24sNr8E7bxpIemS5u POBosxL7fJuyFD4PTUHo634zFeXXpMDhwr64TkczUgxtlnexcZ049uNTORmi/DU7
4K8aO7UpKiiroXDdXBJJH3nYXBNeHNq/UASV5Ye2e2tNKGyepaIpFw4xr0qLXvAf q+TMgfKj1cjNWAlN07J5+TDBMXgfMeqp9wGT+9cMdkeqzAIQ0XXHJY9u3YOfbq3v
QHL19XzKhpmeAhbxgvkF/R9N6lnRTAUdk9bmx+02ZVrDHqB0J/TWi6rwPoh7B92F sHIVjc3AniBRrP2u08W+340EXr9AY0wMW3KC7IH+qnfVKLuZrtAEuE0VIfAg5i7O
0tbk3J8BOvdlJg74/96HBy4HQby7BxPKIFMkBVXNY4sACcWOGc+RbJf2KQRDUJ+y mQo+DJqxAgLkhy5UjtZ28/H4JhYLqWWTku9GxMWKsnk82sVA0DMfG8NJGjB0mf2B
2S3UDcc3pIowA8SgRPQiW8HPgwxKNSONQOqN7+EitKT0OBxgD2UiVSL8WPEXyn3O 0SipN7N1lv9KwcvTM+81LxiP69H7aP9nLNuTxk5vmCF62rP66DuVJ0h+5HEcZ/p7
IARI5N99Go9h29NkDxl0RH1rZpZMTtpJfW/0VKb2KIT1ctO57mYMBDrZsTYD8OLZ DCEq7hlB8CZRUu70ZfC4k67gWabyE1LXSg5OKtmIM/NMGbe3MmPGN2Y+yLwXPAhW
KQY57J5E6n+j60aowVxRpIXDQBaiMb0gOSVg1VASLkIforfJ7Du+8mS7vtatyO/G ckwqnS/y32Ig4UjGls92TvR2hs8T77NoBAzyivvJ45cMcVYisUGNu76VWEPx6F3+
W02ddqdjqOBtYWsbN7Qo/pjSwWRbzKyhML7QRimG076p4jM0Md/oQMrzvGzZ5TXR buDsPurzVoueEMIFGyEkW3UA0gvgGBIqMJvC7uJCvUkHEh7dAhoz+5hsk+RAsIX8
MkqeK5la0425VwOeoLETmoaohzEwQ3Pdj4wum2bmHJnUUwDWSUI/HWVTSEiIyiih 8L6mqbUT+hhfAKlTl4T95Ia+e4ZjhtNOGPF2sXKzOXwUnrq9Obp6KlGpsYOeRHKa
7XgHYHxfJZO774FaFBuXDNP1fSXdQMVF/eJomqKAPXdkMsj2Z8fo8dDDEGiVP6s0 wpmCWSBSZa7gBAh2vI3e4KSwwOupYAau3NcJYBdFcRVdavte619aH6gJ3nbSvd+B
DY5Imp5foGQIXxo0OqwX60dlgAWNjs27sd6j2qD+IRHDooOvseqMP1t+Ap7Cie19 9gy24pQQSdpqKd6LpDoHLwTvv1K5aLe+26yeDVP3Aw9VfzXmDjv3obUouK7H9paF
duFEkBk7mthWwqjQb+i2GN+Cp3d+kRaN3fL4xFkEeE0ozn32dr07U0ZaZPLUoO5N MTlgxprc9SKmoBScVb22LLhuMLvocErgfKeq8R5ATVnsnYcfVLGbu1YdF4jLjNpQ
JtpqpQ/m+F2OEGHmIQblyXzcgvBVVfewhABzdLdWFv5aG9MGL7hVDM73kbB6119G 5uk85LsMxEIhlq2ldO4Y0D3RsJ+i7e+9k6CHkovSNTlqPnQ1U/ILoRXS4kQDAi3+
7YcvS1nRxsVZXGpS24814tmgJfTAhMJxD5e6lK1892NgFqfYMF8srtywZ6DJHL7N 2uf12V7yKhAJ7pRLMIClIeTflyUO3+Y0f8KAXPx3ECeFSsRbjvSkiC/JKi5efiOx
X4FvjLZFQAhTCLUzHutYT2xmvqwVvwfdsIAd58F7LWJuhQuJkQS4i7yISvBqG0t2 7kVXvH1dlgu3WScZVbtVzy0M9moVa5ne+vuZW2E3tZ3xuTZYihkq3dQs7EXkTC1S
tSEjJQ44hPhxGqvWgVaG9AHOQuZSYfRCQWBcfmBfq9T+I0qINkrnwLUgAGgKMsZG sF0Df9WiuTWG971OXtrYH/5kK5Z1vSi5oGjignHe92JyRd075D0UiULuyTb3gt7l
9qf1pEpyBjdV86nBK8JTmsIZGxPh+D3Y07E3g6bV99eZDjSuPMMN+Dv2ABB6ZZLN CBsHvuobEka5UuYdT5YTHKU+Co3YhybjZu/ncp9ho4e1HZe+tTRHunxl2k/idpjE
gglFVktPINZ27TY7k20sGBHfv9C70+tkYBkp2YwmxRMOsLVv+3fxUKQwf7SH9zYr dnA2DQiPQTO34MbkvxxJ6LcetrMeH6ZSXhq0col/ftqQ/Iw9P8H0ZbBvYOgBQTi0
Y9Aojrn6xtddP9PbxQUukc7H/jxDmgYeq6fQJ67T1SaFARO+qmf2dKESUCaf+JhV OIxnZ7qwxu3Qe7vbZ5TBHxXURFt0yCsa6pmM+s0wWMXsyD5IOq2x740/HUOQiGqd
S7Bjbqut+FxqS4S1ru6UqOXCZc6pwTpZsopqgwrBczGKQ8g7f5xLZN0+g9N+Dy3R 0dQ3f3gm8mYvE3a/o9R1exZz3kHsAhwJS6wG4GnkKHiSQlVRkgDMLBKrensSepHg
sLdOVofOeEhvFE6NGY5K50aXsMRaR2bJAVg6+ppqAE1BJWvsuqQ6TqYjefrhb3Az rfReoFnN6TyU58F6vviUdTi52E8j1H+34HtIGmE/H+q8U4DfMttOAYY0+pC+ZGjJ
wGI/Cr51x8ncVapKw2Fsu/XjPuefaaT+7rWOBGLr1NKxWGT9Jyj9f2PhphPMLbT9 wi501ylCJdp7vlsAFC4rXvaVjlo0B9fwlG7iFx7jWeqwZ7zdnJmkwVKiY9tcPH7f
f9B0Gn63tY6tyPJIJjelCTkkE13euGDnTfkJ6FcNs7C4QWj6PwD1QL4rbgmmSAuk qOXob2uFCgGVWgDk7zKh0P0a2AqJ+oYN2zeGMDWwtB5pOqVxAQ29QqEFMixY1EFt
6ThnwDhvPICgVnfLwl8B5YqQsC/TqOOwECitJgltehjKPA2BqWQ4mXqt6AT0VMNd ryFyy4HPxk/1C/iBuUOIUVuUv8ZXigeZ0nbuFI5qWmaV5wrtnciG4vqxwpMeQtgc
cC/lxYq6YRPtsFlHE5py/4pBXaAXtYFq7Ow15Dp4BF5C1ahQc5JoIw2eedzl3gy3 16URcuwKg1AKOVWnGkgAqqXxifp8MBYscHV4eVZ1XIzgbPalv8JAG15u9aeFdCup
sViHBA4O1tk3VJSNX7OPf8+N9wA4XTlYt3he58mdh0X6+3ppIVOwdcTKiBLXm5WR GzpmzAqb0IlqpHdRjusZeMK1lWEygg4YQHAaXxxJeDUViFWbbROyz2+MsbMc679v
UEdMfQUgwYLGBoYbK2sLxSH2Wff+fWVJadMSHM1HaNv1vbkJBF5qi4BzxuRb3fw2 QZmP/zCwsCAhv8Uj/WNNNywUqlIekhXYYKRYh3s/N053OBWPKblVT3erKQ8YcybV
T7Uo3fdy7atYq0Fp2hbWhbdN7/JVa+ZxM/HscORlPv2GiB6IVnfjrhuFXKZJ7uxw VoAvLfdaJflsVhps/+6ac3Zxhq8mGOjTA76PL+6dsAJ5tE5RMAhJnxVPR01PfjyB
ZVSGkEVDZWTWZkLlO+rGS6QwR8MHIBqhsnVWG830XkdWt+BtRN9XO2wpV8Wig1H8 Sv/xJb7wxfuWlMNtpgCOeLrQJPuXACJj/3IQo+jteuEUEvfdBstIIrhWzjDmt3uy
vLiFcoeftauk7alz3GU7C+/6j0tnjWTEG21tuuq7N2nflgCHcFxQWl4S/+s07/cS irsFPa2Z2mcJd7h8o6nRPDS8nlVgB9gfM3qlV+4JaU3HhaC9OHv/IiGuwuI5D7o2
INpyi3eDvuadd2JB1jFRXssI8kss1OEVdJHUXwx64nKsKAX01AA/Li2scjzqq7h6 Lk76Ac4zB24A6DGvoiMb0T+Qy5hDwFd81yyjxPHlfx11x02re1qft6J0a1JSmwLt
zntoISGSD1XuDuxu9rZmF57w9kO+EAxJnXLZRbHDMwWllaTzWK+/KJt7iBE59cuj EFYuPhcvGNPfSqH67dqt2COYnas9tMnjJTgdNhVgyFT23MG63Z/lP05yuq40DwK4
9Tr/DF6uji/ggGvrjUfXQ+MT1JMeEGYI9RPE2p1qQNYR7MBfrdkiu3ZnPEqPD7cy 8QSC+10ByT10f4z+NLPHetK03XZ/teCblv80FmofIHkDX1Z37KDydezrE9vIW781
YLPeBLwPuAG73Td5fBROJmNFiC/KGa11/35xKL44XE9tNiGfVrWOyn5qXkSmEHSA +oaYYe888lS5EWl/qLyA2LUCr9P/hhqVFhAkAt8L79RJrUK3oyVrjPoBabDjjUIT
2dpbRrKfaOWTufFfd5Ssfq+3bM47Nvmg0NmoY91iLwuuhc1NHHHevibPwniprjx1 iY2tzAZFRbvHUoYqa3pmQf8YXy6V1XV9D1tWO+d/kOT4nhqA2s3EcHxRafU7xZio
DrAHiJ2iYifl0P8MLRZixYEoexmJ/Wr8wzw74k2F3YY0UeD5tCGX4HsF/ojoqS2q HVXpZdw3nw+sKoDIv879fwIsADmaK7GJps+xgQ3AO7ZHDonOdZKOSwOVn2OdwKuy
9JZhh4o/OaO9JioZA6FUDWDzUOHw8xi4OpELlr5+k+4jBXZDwKycz30/xemfObx/ DdxqfCbvDJT4JCC5TEzk0jNmNmLi84eYv83RakCi2TUPpxD7deggPXiifocaWuZ+
wngRA7yJY3rJ7l1ED6sjVNPGgv8u0yzRE8m6/jCQwXKJVQi659q/iVDoU3IkEdc1 c8L7f8roEMTpMyTVdvIvEK8jJNqOUKPjYtGhMU7eXEOhry3XONVJ+k4ow2HLOJ7n
5PsGHTMpCBQyZxFfCzehfvfVPAkPI8Xl+GSNB4Y0kAXnM6Xb6Axd/utjE3Hcrvvu 1Lx2dvWRJY/jUusZhbKgwjkGfprV9JgMJ73eFWEaeBctB5JwYll63pUb3JW+3I75
D/yG+F+8q58OMxU5QBpr/HEyKLPBSXHCv37cJzG1M9qPbfwpANZ4zKWisbvEAO5z +frSu1nt6eusGTcAkdUqsoOCXeTBLfeuGKQo1pC6vsLcR8dZXFqkVhlOPPsjyDgw
pz6Ddk7rhxZ+xTWiB/iXwya3JSp+Vr/HT8n27GAGuKuRqwkhWI8Qh7n1rA1s8y/N C0I+afbjpadGhslid4eXgn0et+2WBdBYmURTQI+sNCWXfxzuZN8gP8V7TKldtuss
ozgA3FAAUS5ztb8UR8yLLRRNPpzR/j6hoYR2l4nrrFjv+hEpBXomBLXOkO03b9v/ 78nP3DXOwgGQIirx2DoMpoonK30hFrVbessSaK60iTds5wIveRhOXQHilST3v1d9
3QQMFTj2AXWiykafqzCXQ0Kj64g8U3D6AtCiABDCSPjUdSxzUK+H7YXoyAZai6cX UyNgykcrouhN5KKdzgy8JZBm7b8QO36/P+klYQg+a5KqM4sMFTINVbDjE4PxpYCn
fTKbQl4oX2JCw0yic2J1umFnTdlnLaHVc/PzeZP8w8MLXlvlGEvQx7m7mOLCkcQB S7FQ7zvRBxSt+IPsJdaNoduRT+r2OMDDdmXc5nKfiDutiKZu92p+pKlDaXtNFcvj
nIDn9tMOkiZ5hyzMS5PvWWsPQM1kx0vE4fym1JJZNbZ2YMirus8t/PgC7IV1bu8b J588btpnRxkgVpd3ts3XYe2eoi+j1Reb1FP0KqbyND9DlW0nZILy/G1t4OE0sCbL
3XIO3GorcQk4VuaeWsNYMvm9zHawpBwnR1zECeAppp5/52ivQqfsGiC/HQ3baYSI A0pcIpPXYVMjd2UKKHNXsm/cG2C5mcg7DWL9gtOa70GfAYCTNiLakxE2SElDyazg
PqEOxAprd1sYNEjVlg1T/fD89Uhi2QZdzR0wuvikchOnSXtqwOXYxdOOwwkANnaO WnjgaXzROzxqIsdN55irfQqSRPhxJ4bOvzY3oC4Lz6zlvQ4Dfoiww6r2u7xyhBSW
wLhqB+VLBLpiM0juL4FYTrk1wKThhy87wG1kRgWClfVRYNp7kpT4MF6J9VDMh0B8 so9zedXmUDmANzlW7hBDAbBgD6d5lWu6X3I2/Hmecj/EfhrewC0+8zuHrJ6pqOfB
pxRE5ODMq8hjIEF+7h0W2RkWUdAfrupFRnvpTJP7uelNVr73ue83BfYCpV/uPxu5 rk3/+rlxx1ENJBfOQst52DERydiZoE0B07DZKzt2a4lohQIvY/caCpjGDutEejZr
pxSIPDP+nEGqwGCp9pjhxuRGr/Dc5g+lgSOj+8PehEqdGEKfmn+xFXuaVFq2fucG ddTS4P2zh38xqlRXSd+iLqMNJfuCzg0S0EAKP7UtOS5tkmVWVlnOrBPBC0n5yTHR
Myx2Fu05LVSAfDsbprzUz5vM1GJ2PEo9XcMvAo7CaLrxgukA63hg3i7Mwjd6lmQl 7ehgiT79SngjyHz32XXUe/1W/ZlbLo4CbXHeLThg0/uipmoure3i9p1CFeumOb5K
EvkvTMkcZvojxqHJh/rfGon2nmXMep6YgKGKdKZpzRgZ6twj22NrchzDxw3RQk4X qZ5kAdag54mxAmCcmec88RrFVpbxpLHvbOzQSrfwpi3q6srZyFuCwLzJzsOzSYUi
pM0SjT49ZyhJmtoREN669Htyy40mvNck0CrqVY8OUka/qsJ/f7r7HaNt53eed1rj qFdIdtLnEs68x+qu3UubaApquZHuI4hch5nqnYbHrrGZJrEWFUzcU5l+UasFztmq
osGjUtUPOlqmi7e1TV3v+H6WPGq+uW6hNWbZwifiNkTH6AJCjDw5kutfQr8oBU/P AkLqBihLTrhEaNA0Qt/NfDwwQeE30K7q+dBuL7tpuQB7vs7VU3Vnugu/XrECDASD
5BGNWMvy+f1YCikZNW6chOI+08E24O/Ny1PscUirDR6adVNBjO3Xjqq0y2tfPvN5 +EF/zIszAHZZk1HX8DXfuwDq4lW2wkemzoFkvcZU8ZyzoCLx2D5Aj/Qlgjlf+1+4
8d1PSyoh5f6qlRH4ky6SjL4BbLCzzHwQ6ke/IAHmm/s8Ge4XEroznOQXW3qKDqYy DY03Ew/DWZHRuuOyAnInFAvPErX75SI/RIGtdS1PRjhrV0Yni+TqcsRW+PRziaFz
mTok86TkezZb9NfCB/4X0Tndfxk/x1T+00r2eLortyAO5YOwEo/HvANbdsRM9JJ0 WdE0lW/zceuDJUVNqZFCN07vBGxpWOevKOPh7M8tpY73nfoSnZu5GRQw3r41Dpkn
0p0JCZWFEcArwthaUGDkLHVtBbT+wPYmWtyhMgSiTJrx9EpeqB6FWIZJlUts1W4G ELsMAzFOZ7L7hy6IVHcVWqSKB1bQsXY46lj7s5KnBen4CFBDzboT4S/S2p3wIpxZ
r/srbRe2h5OTPN43//NS/7p6OYDuJcVbAVGGxy4PES8WrhujFfSmBw8BL188sjx/ +Og1mjgywzHXDr5zxWSjeOEYSHXO2w/2p29g4g7UNLGNzLddlDQMZKPHHFlAlx2/
Kh43guhzTC8moAp+a9IM0kGXtAajHppZ7BUyncTAXsRUdOhlS7Q2fdLPOV48MyWT OZr2FY87o2eAFLe71CqrJTLCdndmgYDpQz4Zr0dyAvYZpPMORsskdWL1CSfz4WmU
11UhvH2fuXKJhaXequ1PE2CePSXI2x5S4anJFNoUWEw5TgRF3rkQ3p/cZm1VAy2y KQTnfBkpCzWtuftMBSNzMvE3yzP1H9A5hAgCcRj+MYEIKPqGczXxeWP9sbtHYL+G
Z+VxQud0iVE15J9jGkGGa89D4m8ng16oGrSMKZAr1Gt4ZFJ5L1dP+WyPzecvzJMY +MdfOb4FIdFcNF96hLNFWxYiyqh3qUyGwuFKKOTp+jkDqTg6dZs1vxRWPTkL+zBo
xq75CrFXuWXdpGrYRGhjGa7B2fhzylSpVfLUyWA+HZq64ZNJOqzeioyamG1OkF6e zuvS/Qdi7yZPd3Am0WhERaq8w5OwspOvJqJzq2DZtHTzb7gQP+tiqlMCRMr9cJEp
6dHgjPmQUZeYckFEimIkXP9zHQPJfB8gX6gSyC+GSFIsitu9A3HEX5zS1uFDasdI c+V3xr8+fqVzBJb1L8JYw2GDS5P92zbZnqXcXLpdbEAj5b5zGb2eSLKgyz+X//T1
CZ5Upc20BZiybfGcwd8+allHYScidzpWei78LfcpuPfnMOf6hVdhlsfuvwV9F/ua qXJphSirbsvf2cZHOrmbi2NQRAiak1yG3DX+YELxAdDWZE81tQdpCMfkP+XAn8Yw
Gv0kw0+zxoDNxWhN4SqKHgYX0A1CyW/Olwb5l3s69PyUlLHTBKwf2Kth8ZCxoKpY D28QC2wJ29P7fTn8QL9QLlD804Mcmb4YYXJACZaMBtyVgoXrTUc2YjbdqofZibzT
kiiEKQQLHEa7mRX8d0U2bDmkx9EKJc7Cfz3JoDHB5aRZ4sbbJO447Fhn9fnuzaTi teJ+o8m4OO6P+P/ryhqwxyrGncDIo0qJ7N0VzCeZ5qpYnA37SfU+3Ek6ntQ1XjOe
j7bDticnZymvjG13foBAJi16Pf431NsFdDYAfnmYYBFEJj/oIa5DtvidrRb+fRZv YJJDPQr3QChFVZes/4H4407CvXKqg9Pcs3GBjtyW0yw1OTNYbauuK8Oc45oV5utG
rkQuJ59tvEGD5hymQPEe3zqiUktPl1G6Q2jYctBjmFSM9m1eIJrfD8qNCrDlKd4Y n12jd6FMV2tLo9IQHa76Zxzl0IUONDh60O58vkB4wy56B0McJeZbwh3eTJ/fuJCW
uZJwt7XRWXirURBRk+aw0P0ZCLaWmWAKmfr+rZ8Dm8V9dO2PgjLxHRI0aEDSh/Jm w7N5X/bodH1wwIB98jr1SCOb81oAbWVIPMCbIuQoUnU38vptH9W7KcLAfqs18vEi
Noc2ba8YhjNwQbLTMWe3WjacbyUC9m9YqhMx5ZV6EUK+jPR7FEw158wCaV2+qFNY 1v4xKmkToDqW27TA337FwYDuiLJUL166BBzqk17hJFKIgbXNNISnWsE/yuTWeuLf
ZKvILBoZywEqZkkeGp6zy7UJFzlVNzh7U0YyE6l0GxNFJ2fp2ViQ930TZt28wuTT 4Wn/V8zISkCML50PG4SwUlpLkcQcMTG6SRU3y5e2j1ABqEic74lkY4GTnjaCLvvJ
If34N/+h1TGc4MqWcI9/4HeXZ5UV5v+gLa/sb6i0RuTrhNM50JinC1Bkqy5GrQLK MjxFjYD5eWjJPd/xs0kzAcZJrb/iyfLY42lDVtByIOPxS96LPOnKTev1z36E7oy9
wUOFb9PNNTNz3M6pl1HEmwbiAUAhrbUhcVQPcmneLQYpzW5/sv+s+vfx8xRujZtv GzZ77JJlfgBQE4j5cT1ZXYymnGcZGlBNzC259dSQOqaW4OwbF7Q2JW3ns46/QJYa
kknt2ftLE7YedA1KvfjRis0d9J/EbzhLdIBg3mA0OBA1cIy7GKq9EIyg2FFiok3y HrKZc8gg3MFoyd6iQ5B8uIuOD0G90lNQAON7Rr3KWzWAJIlf41oyycVAY3/OxiNH
T7taZPr0BuaZqFq4UaL1Se5okrBO/gwHcNj6isnQBlIDV/m858dMMYedajIHLnWb C3vpBZv8Rb8ICNSXcKOP0Xmzj/p3vSTHwdQ8cp7XjZwSKDD0ZsOPPqbsvHW6fYU7
bgsNOXjj+FxdmappOqUJKjLseFx91NBuix5d92oUM8LvWQ9iHXVk9y7KVgFxFpc/ 23n3LbqFecnxgXW0FO976Z4PQdZkjxD7iG4bIk2jF73QewwgRh+C8chlzPcwrQHV
lCw+UTzzBPnC0GcmJzOT8AaWkMYrnikoL4lYn9mr8wwLpJFkUOmyF/EUSiCj72Gb 7t4GmTj1Q/hW4Hm/8djmJ30bONw5B8VkdRJeg2Eg48y543Jr9+fq3wFV/r72x61k
v1GmsjbgAECIjEgIMXRAC5Vx1L9zjzHhxyHOk2f6/kfbsjSl0kKUIWTlNz9JWi4/ 0elpDZ1enKbIrSSh+b5yp4r4V+iZKLyA3gR19vLLYWIvO3eDB8aowjZSh4grBVPR
MuzXdleauhHYjE5zjaJ9Mp3KNhYNH2y8xUliSPLeX0TXyAJVKSYTtxq1JVyKTHBL fIVGWXNLzt+8JDvb3nL9BZq2lrfeRlYtETfHGAG9ZaNkWLFLNDcEoiaI381AXE9A
yVEBUFcOtAkF5Mo7nTyjUGMcHVq7+3udXz8PSmxwDUSsWbwcOAvhqyW4d/tnCHk7 32MSW8K5i6l3l3jv6qLtDjB0BdQfFPDwa2uLaGfn6JRXhk+i6CPt4RUM/UaVk3MO
wc3pMAIJUrsG/mAjy9Jc4jUsHOlzNu09w6YpDk7PyJBdm6pibyKdFbWhHxspZCwx Wk85ThtpgHzu2OEfWn8qppnOnRHZ03OI+2MVK+LzmqlTNhQoyN0m8iWzAAbUWIW7
Ikg5iH751ka7WzT7Bnthy2Ekj7d/0R8ZeOozFZFeGscy86SiPBxT+UyhvCgwGyNQ YFx5eamutucjjpy1Cb9VMLMXorrRa0EW/edItt7JDY+skUjXGyCmTST7x497Chcj
9YQnrKuIzxKV76nrbD/29yBzBTQAeeYJ9IgosIdqlWXqaJJNWvVeglSYdcEFpLNV FV9VKKyvL0g5BM1N6KGY3dD/Obgt8Ame2VvUcetAgiiiaNqnvlQ2rYdWzi8nDiQ9
hKbHj0pS6OtGopX4RAl2Gybi7ZXBPR2af1HywMp4FkRi4AVYcP0CWtp6TcnkBoPy 1OlakuZhGqLAnTrpc72PKNHFlQ2t1R+S33sE/Lw6vfhzuT0UJEZYgeSB2IOd72O5
603JF3Jfoyhg1vGhCipoGx6pCa+RD2gw5VSefhZtOeukDf3BhooMQB+ya1DUCp/T 64nI2BuJZA1mzwK5kETVjGzc1ZJKVnN09Do/RxLGa+G4kBQFRi53PfwPIdweFDos
+oljJOO2Hkr0DBNhVkmfMq4Vbbyl+aJ3Us+lXI1pibLUd2WNgsYrfdxIC8muib72

2
modules/nixos/services/binary-cache/default.nix
View file

@ -49,7 +49,7 @@ in
}; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;

4
modules/nixos/services/duplicacy-web/default.nix
View file

@ -22,7 +22,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.Sapana.duplicacy-web ]; environment.systemPackages = [ pkgs.${namespace}.duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ]; networking.firewall.allowedTCPPorts = [ 3875 ];
@ -37,7 +37,7 @@ in
description = "Start the Duplicacy backup service and web UI"; description = "Start the Duplicacy backup service and web UI";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = ''${pkgs.Sapana.duplicacy-web}/duplicacy-web''; ExecStart = ''${pkgs.${namespace}.duplicacy-web}/duplicacy-web'';
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 10; RestartSec = 10;
KillMode = "process"; KillMode = "process";

4
modules/nixos/services/forgejo/default.nix
View file

@ -32,7 +32,7 @@ in
enable = true; enable = true;
settings = { settings = {
server = { server = {
DOMAIN = lib.Sapana.getDomainFromURI cfg.url; DOMAIN = lib.${namespace}.getDomainFromURI cfg.url;
ROOT_URL = cfg.url; ROOT_URL = cfg.url;
HTTP_PORT = 3000; HTTP_PORT = 3000;
}; };
@ -42,7 +42,7 @@ in
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";

2
modules/nixos/services/jellyfin/default.nix
View file

@ -35,7 +35,7 @@ in
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8096"; proxyPass = "http://127.0.0.1:8096";

6
modules/nixos/services/languagetool/default.nix
View file

@ -51,11 +51,13 @@ in
public = true; public = true;
allowOrigin = "*"; allowOrigin = "*";
# Enable Ngrams # Enable Ngrams
settings.languageModel = lib.mkIf cfg.ngrams.enable "${pkgs.Sapana.languagetool-ngrams}/share/languagetool/ngrams"; settings.languageModel = lib.mkIf cfg.ngrams.enable "${
pkgs.${namespace}.languagetool-ngrams
}/share/languagetool/ngrams";
}; };
# Create Nginx virtualhost # Create Nginx virtualhost
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;

4
modules/nixos/services/netdata/default.nix
View file

@ -51,7 +51,7 @@ in
(lib.mkIf (cfg.enable && cfg.type == "parent") { (lib.mkIf (cfg.enable && cfg.type == "parent") {
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;
@ -77,7 +77,7 @@ in
configDir = { configDir = {
# Allow incoming streams # Allow incoming streams
"stream.conf" = pkgs.writeText "stream.conf" '' "stream.conf" = pkgs.writeText "stream.conf" ''
[${config.secrets.services.netdata.apiKey}] [${config.${namespace}.secrets.services.netdata.apiKey}]
enabled = no enabled = no
default history = 3600 default history = 3600
default memory mode = dbengine default memory mode = dbengine

4
modules/nixos/services/qbittorrent/default.nix
View file

@ -59,7 +59,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${cfg.port}"; proxyPass = "http://127.0.0.1:${cfg.port}";
@ -102,7 +102,7 @@ in
environment = { environment = {
VPN_SERVICE_PROVIDER = "protonvpn"; VPN_SERVICE_PROVIDER = "protonvpn";
VPN_TYPE = "wireguard"; VPN_TYPE = "wireguard";
WIREGUARD_PRIVATE_KEY = config.secrets.services.protonvpn.privateKey; WIREGUARD_PRIVATE_KEY = config.${namespace}.secrets.services.protonvpn.privateKey;
SERVER_COUNTRIES = (lib.strings.concatStringsSep "," cfg.vpn.countries); SERVER_COUNTRIES = (lib.strings.concatStringsSep "," cfg.vpn.countries);
TZ = "America/New_York"; TZ = "America/New_York";
}; };

2
modules/nixos/services/rss/default.nix
View file

@ -57,7 +57,7 @@ in
}; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = lib.Sapana.getDomainFromURI cfg.url; useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
}; };
}; };

4
modules/nixos/system/default.nix
View file

@ -69,8 +69,8 @@ in
mail = lib.mkIf config.${namespace}.services.msmtp.enable { mail = lib.mkIf config.${namespace}.services.msmtp.enable {
enable = true; enable = true;
mailer = "/run/wrappers/bin/sendmail"; mailer = "/run/wrappers/bin/sendmail";
sender = "${config.networking.hostName}@${config.secrets.networking.domains.primary}"; sender = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
recipient = config.secrets.users.aires.email; recipient = config.${namespace}.secrets.users.aires.email;
}; };
}; };
}; };

8
modules/nixos/system/nix/default.nix
View file

@ -46,16 +46,16 @@ in
# Set up secondary binary caches for Lix and Hevana # Set up secondary binary caches for Lix and Hevana
substituters = [ substituters = [
"https://cache.lix.systems" "https://cache.lix.systems"
"https://${config.secrets.services.binary-cache.url}" "https://${config.${namespace}.secrets.services.binary-cache.url}"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
config.secrets.services.binary-cache.pubcert config.${namespace}.secrets.services.binary-cache.pubcert
]; ];
# Authentication for Hevana's binary cache # Authentication for Hevana's binary cache
netrc-file = netrc-file =
with config.secrets.services.binary-cache; with config.${namespace}.secrets.services.binary-cache;
pkgs.writeText "netrc" '' pkgs.writeText "netrc" ''
machine ${url} login ${auth.username} password ${auth.password} machine ${url} login ${auth.username} password ${auth.password}
''; '';
@ -96,7 +96,7 @@ in
(lib.mkIf cfg.nixos-operations-script.enable { (lib.mkIf cfg.nixos-operations-script.enable {
# Enable and configure NOS # Enable and configure NOS
${namespace}.packages = [ nixos-operations-script ]; ${namespace}.packages = [ nixos-operations-script ];
environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder; environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder;
}) })
]; ];
} }

10
modules/nixos/users/aires/default.nix
View file

@ -24,7 +24,7 @@ in
isNormalUser = true; isNormalUser = true;
description = "Aires"; description = "Aires";
uid = 1000; uid = 1000;
hashedPassword = config.secrets.users.aires.hashedPassword; hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword;
extraGroups = [ extraGroups = [
"input" "input"
"networkmanager" "networkmanager"
@ -64,14 +64,14 @@ in
# Set up git # Set up git
git = { git = {
enable = true; enable = true;
userName = config.secrets.users.aires.firstName; userName = config.${namespace}.secrets.users.aires.firstName;
userEmail = config.secrets.users.aires.email; userEmail = config.${namespace}.secrets.users.aires.email;
extraConfig = { extraConfig = {
core.editor = config.${namespace}.editor; core.editor = config.${namespace}.editor;
merge.conflictStyle = "zdiff3"; merge.conflictStyle = "zdiff3";
pull.ff = "only"; pull.ff = "only";
push.autoSetupRemote = "true"; push.autoSetupRemote = "true";
safe.directory = "${config.secrets.nixConfigFolder}/.git"; safe.directory = "${config.${namespace}.secrets.nixConfigFolder}/.git";
submodule.recurse = true; submodule.recurse = true;
credential.helper = "/run/current-system/sw/bin/git-credential-libsecret"; credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
}; };
@ -80,7 +80,7 @@ in
# Set up SSH # Set up SSH
ssh = { ssh = {
enable = true; enable = true;
matchBlocks = config.secrets.users.aires.sshConfig; matchBlocks = config.${namespace}.secrets.users.aires.sshConfig;
}; };
# Set up Zsh # Set up Zsh

4
modules/nixos/users/gremlin/default.nix
View file

@ -24,7 +24,7 @@ in
isNormalUser = true; isNormalUser = true;
description = "Gremlin"; description = "Gremlin";
uid = 1001; uid = 1001;
hashedPassword = config.secrets.users.gremlin.hashedPassword; hashedPassword = config.${namespace}.secrets.users.gremlin.hashedPassword;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"input" "input"
@ -80,7 +80,7 @@ in
# Set up SSH # Set up SSH
ssh = { ssh = {
enable = true; enable = true;
matchBlocks = config.secrets.users.gremlin.sshConfig; matchBlocks = config.${namespace}.secrets.users.gremlin.sshConfig;
}; };
# Set up Zsh # Set up Zsh

6
systems/aarch64-linux/Pihole/default.nix
View file

@ -19,8 +19,8 @@ in
# Connect to the network automagically # Connect to the network automagically
networkmanager.enable = lib.mkForce false; networkmanager.enable = lib.mkForce false;
wireless.networks = { wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = { "${config.${namespace}.secrets.networking.networks.home.SSID}" = {
psk = "${config.secrets.networking.networks.home.password}"; psk = "${config.${namespace}.secrets.networking.networks.home.password}";
}; };
}; };
}; };
@ -35,7 +35,7 @@ in
]; ];
services.ssh = { services.ssh = {
enable = true; enable = true;
ports = [ config.secrets.hosts.hevana.ssh.port ]; ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
}; };
users.aires.enable = true; users.aires.enable = true;
}; };

90
systems/x86_64-linux/Hevana/default.nix
View file

@ -17,10 +17,10 @@ let
# Credentials for interacting with the Porkbun API # Credentials for interacting with the Porkbun API
porkbunCredentials = { porkbunCredentials = {
"PORKBUN_API_KEY_FILE" = "${pkgs.writeText "porkbun-api-key" '' "PORKBUN_API_KEY_FILE" = "${pkgs.writeText "porkbun-api-key" ''
${config.secrets.networking.porkbun.api.apiKey} ${config.${namespace}.secrets.networking.porkbun.api.apiKey}
''}"; ''}";
"PORKBUN_SECRET_API_KEY_FILE" = "${pkgs.writeText "porkbun-secret-api-key" '' "PORKBUN_SECRET_API_KEY_FILE" = "${pkgs.writeText "porkbun-secret-api-key" ''
${config.secrets.networking.porkbun.api.secretKey} ${config.${namespace}.secrets.networking.porkbun.api.secretKey}
''}"; ''}";
}; };
@ -34,7 +34,9 @@ let
serviceList = lib.attrsets.collect ( serviceList = lib.attrsets.collect (
x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x) x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x)
) config.${namespace}.services; ) config.${namespace}.services;
subdomains = builtins.catAttrs "url" serviceList; subdomains = (builtins.catAttrs "url" serviceList) ++ [
config.${namespace}.secrets.services.gremlin-lab.url
];
in in
{ {
@ -52,9 +54,11 @@ in
configFile = pkgs.writeText "ddclient.conf" '' configFile = pkgs.writeText "ddclient.conf" ''
use=web, web=checkip.dyndns.com/, web-skip='IP Address' use=web, web=checkip.dyndns.com/, web-skip='IP Address'
protocol=porkbun protocol=porkbun
apikey=${config.secrets.networking.porkbun.api.apiKey} apikey=${config.${namespace}.secrets.networking.porkbun.api.apiKey}
secretapikey=${config.secrets.networking.porkbun.api.secretKey} secretapikey=${config.${namespace}.secrets.networking.porkbun.api.secretKey}
*.${config.secrets.networking.domains.primary},*.${config.secrets.networking.domains.blog} *.${config.${namespace}.secrets.networking.domains.primary},*.${
config.${namespace}.secrets.networking.domains.blog
}
cache=/tmp/ddclient.cache cache=/tmp/ddclient.cache
pid=/var/run/ddclient.pid pid=/var/run/ddclient.pid
''; '';
@ -78,7 +82,9 @@ in
}; };
path = config.${namespace}.corePackages; path = config.${namespace}.corePackages;
script = '' script = ''
/run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${config.secrets.nixConfigFolder} /run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${
config.${namespace}.secrets.nixConfigFolder
}
''; '';
}; };
systemd.timers."build-hosts" = { systemd.timers."build-hosts" = {
@ -110,22 +116,22 @@ in
# Enable support for primary RAID array # Enable support for primary RAID array
raid.storage = { raid.storage = {
enable = true; enable = true;
keyFile = config.secrets.devices.storage.keyFile.path; keyFile = config.${namespace}.secrets.devices.storage.keyFile.path;
mailAddr = config.secrets.users.aires.email; mailAddr = config.${namespace}.secrets.users.aires.email;
}; };
services = { services = {
acme = { acme = {
enable = true; enable = true;
defaultEmail = config.secrets.users.aires.email; defaultEmail = config.${namespace}.secrets.users.aires.email;
certs = { certs = {
"${config.secrets.networking.domains.primary}" = { "${config.${namespace}.secrets.networking.domains.primary}" = {
dnsProvider = "porkbun"; dnsProvider = "porkbun";
extraDomainNames = subdomains; extraDomainNames = subdomains;
webroot = null; # Required in order to prevent a failed assertion webroot = null; # Required in order to prevent a failed assertion
credentialFiles = porkbunCredentials; credentialFiles = porkbunCredentials;
}; };
"${config.secrets.networking.domains.blog}" = { "${config.${namespace}.secrets.networking.domains.blog}" = {
dnsProvider = "porkbun"; dnsProvider = "porkbun";
webroot = null; # Required in order to prevent a failed assertion webroot = null; # Required in order to prevent a failed assertion
credentialFiles = porkbunCredentials; credentialFiles = porkbunCredentials;
@ -139,17 +145,17 @@ in
autoUpgrade = { autoUpgrade = {
enable = true; enable = true;
pushUpdates = true; # Update automatically and push updates back up to Forgejo pushUpdates = true; # Update automatically and push updates back up to Forgejo
configDir = config.secrets.nixConfigFolder; configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily"; onCalendar = "daily";
user = config.users.users.aires.name; user = config.users.users.aires.name;
}; };
binary-cache = { binary-cache = {
enable = true; enable = true;
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem"; secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
url = config.secrets.services.binary-cache.url; url = config.${namespace}.secrets.services.binary-cache.url;
auth = { auth = {
user = config.secrets.services.binary-cache.auth.username; user = config.${namespace}.secrets.services.binary-cache.auth.username;
password = config.secrets.services.binary-cache.auth.password; password = config.${namespace}.secrets.services.binary-cache.auth.password;
}; };
}; };
boinc = { boinc = {
@ -163,36 +169,36 @@ in
forgejo = { forgejo = {
enable = true; enable = true;
home = "${services-root}/forgejo"; home = "${services-root}/forgejo";
url = config.secrets.services.forgejo.url; url = config.${namespace}.secrets.services.forgejo.url;
}; };
jellyfin = { jellyfin = {
enable = true; enable = true;
home = "${services-root}/jellyfin"; home = "${services-root}/jellyfin";
url = config.secrets.services.jellyfin.url; url = config.${namespace}.secrets.services.jellyfin.url;
}; };
languagetool = { languagetool = {
enable = true; enable = true;
url = config.secrets.services.languagetool.url; url = config.${namespace}.secrets.services.languagetool.url;
port = 8100; port = 8100;
auth.user = config.secrets.services.languagetool.auth.user; auth.user = config.${namespace}.secrets.services.languagetool.auth.user;
auth.password = config.secrets.services.languagetool.auth.password; auth.password = config.${namespace}.secrets.services.languagetool.auth.password;
ngrams.enable = true; ngrams.enable = true;
}; };
msmtp = { msmtp = {
enable = true; enable = true;
accounts.default = { accounts.default = {
host = config.secrets.services.msmtp.host; host = config.${namespace}.secrets.services.msmtp.host;
user = config.secrets.services.msmtp.user; user = config.${namespace}.secrets.services.msmtp.user;
password = config.secrets.services.msmtp.password; password = config.${namespace}.secrets.services.msmtp.password;
auth = true; auth = true;
tls = true; tls = true;
tls_starttls = true; tls_starttls = true;
port = 587; port = 587;
from = "${config.networking.hostName}@${config.secrets.networking.domains.primary}"; from = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
}; };
aliases = { aliases = {
text = '' text = ''
default: ${config.secrets.users.aires.email} default: ${config.${namespace}.secrets.users.aires.email}
''; '';
mode = "0644"; mode = "0644";
}; };
@ -200,34 +206,34 @@ in
netdata = { netdata = {
enable = true; enable = true;
type = "parent"; type = "parent";
url = config.secrets.services.netdata.url; url = config.${namespace}.secrets.services.netdata.url;
auth = { auth = {
user = config.users.users.aires.name; user = config.users.users.aires.name;
password = config.secrets.services.netdata.password; password = config.${namespace}.secrets.services.netdata.password;
apiKey = config.secrets.services.netdata.apiKey; apiKey = config.${namespace}.secrets.services.netdata.apiKey;
}; };
}; };
nginx = { nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"${config.secrets.networking.domains.primary}" = { "${config.${namespace}.secrets.networking.domains.primary}" = {
default = true; default = true;
enableACME = true; # Enable Let's Encrypt enableACME = true; # Enable Let's Encrypt
locations."/" = { locations."/" = {
# Catchall vhost, will redirect users to Forgejo # Catchall vhost, will redirect users to Forgejo
return = "301 https://${config.secrets.services.forgejo.url}"; return = "301 https://${config.${namespace}.secrets.services.forgejo.url}";
}; };
}; };
"${config.secrets.networking.domains.blog}" = { "${config.${namespace}.secrets.networking.domains.blog}" = {
useACMEHost = config.secrets.networking.domains.blog; useACMEHost = config.${namespace}.secrets.networking.domains.blog;
forceSSL = true; forceSSL = true;
root = "${services-root}/nginx/sites/${config.secrets.networking.domains.blog}"; root = "${services-root}/nginx/sites/${config.${namespace}.secrets.networking.domains.blog}";
}; };
"${config.secrets.services.gremlin-lab.url}" = { "${config.${namespace}.secrets.services.gremlin-lab.url}" = {
useACMEHost = config.secrets.networking.domains.primary; useACMEHost = config.${namespace}.secrets.networking.domains.primary;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${config.secrets.services.gremlin-lab.ip}"; proxyPass = "http://${config.${namespace}.secrets.services.gremlin-lab.ip}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; extraConfig = "proxy_ssl_server_name on;";
}; };
@ -237,11 +243,11 @@ in
qbittorrent = { qbittorrent = {
enable = true; enable = true;
home = "${services-root}/qbittorrent"; home = "${services-root}/qbittorrent";
url = config.secrets.services.qbittorrent.url; url = config.${namespace}.secrets.services.qbittorrent.url;
port = "8090"; port = "8090";
vpn = { vpn = {
enable = true; enable = true;
privateKey = config.secrets.services.protonvpn.privateKey; privateKey = config.${namespace}.secrets.services.protonvpn.privateKey;
countries = [ countries = [
"Switzerland" "Switzerland"
"Netherlands" "Netherlands"
@ -251,15 +257,15 @@ in
rss = { rss = {
enable = false; enable = false;
home = "${services-root}/freshrss"; home = "${services-root}/freshrss";
url = config.secrets.services.rss.url; url = config.${namespace}.secrets.services.rss.url;
auth = with config.secrets.services.rss.auth; { auth = with config.${namespace}.secrets.services.rss.auth; {
user = user; user = user;
password = password; password = password;
}; };
}; };
ssh = { ssh = {
enable = true; enable = true;
ports = [ config.secrets.hosts.hevana.ssh.port ]; ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
}; };
syncthing = { syncthing = {
enable = true; enable = true;

2
systems/x86_64-linux/Khanda/default.nix
View file

@ -44,7 +44,7 @@ in
services = { services = {
autoUpgrade = { autoUpgrade = {
enable = true; enable = true;
configDir = config.secrets.nixConfigFolder; configDir = config.${namespace}.secrets.nixConfigFolder;
extraFlags = "--build-host hevana"; extraFlags = "--build-host hevana";
onCalendar = "weekly"; onCalendar = "weekly";
user = config.users.users.aires.name; user = config.users.users.aires.name;

6
systems/x86_64-linux/Shura/default.nix
View file

@ -19,8 +19,6 @@ in
system.stateVersion = stateVersion; system.stateVersion = stateVersion;
networking.hostName = hostName; networking.hostName = hostName;
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
${namespace} = { ${namespace} = {
apps = { apps = {
development.enable = true; development.enable = true;
@ -42,6 +40,8 @@ in
tpm2.enable = true; tpm2.enable = true;
}; };
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
# Change the default text editor. Options are "emacs", "nano", or "vim". # Change the default text editor. Options are "emacs", "nano", or "vim".
editor = "nano"; editor = "nano";
@ -64,7 +64,7 @@ in
# Run daily automatic updates. # Run daily automatic updates.
autoUpgrade = { autoUpgrade = {
enable = true; enable = true;
configDir = config.secrets.nixConfigFolder; configDir = config.${namespace}.secrets.nixConfigFolder;
onCalendar = "daily"; onCalendar = "daily";
operation = "boot"; operation = "boot";
user = config.users.users.aires.name; user = config.users.users.aires.name;