Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace
This commit is contained in:
parent
69acc20396
commit
a78b7f55e1
|
|
@ -46,7 +46,7 @@ To enable automatic updates for a host, set `config.${namespace}.services.autoUp
|
|||
```nix
|
||||
services.autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
configDir = config.${namespace}.secrets.nixConfigFolder;
|
||||
onCalendar = "daily";
|
||||
user = config.users.users.aires.name;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,109 +1,110 @@
|
|||
U2FsdGVkX1/RQfGVP76sNDrjrnhTIFoeGKoRj1M66ltbkzqEVZrSGke1jDZA9e0Q
|
||||
cwUIfzRo+k2bhNi6VbG4OvteEFeABGn6aoL38owyEgKDlGEti2m6/MPfIrTOYpWS
|
||||
UArXOKkSCgPi+mzD6ez6ZKXRdaVgn230Iipg4ZacUXkFzUf1YqybTMyp3xVuPaID
|
||||
AKCdEa9YiL0R5cOMBIKyN3zaj509R9ocauKeJ9w/pVPzgqMoeFNgkeUBh42Z+QFg
|
||||
/0vy9jX2yoNQrWlOJNfkq50UeivWF90RJzf30gm1uAPX5102Pt0dvUOdfouunFIE
|
||||
OxYwnBrqJAq2bnoCMCEJkogspVeBVWY/RdJZEhr6Fj6R8Dd/K1rPhvL1UzrrwMo4
|
||||
3vcXy6AcvEGVA+i7nfSj7J4EfDJnNfsQl0hOV8tm2o/rlOqGiRwPLdi3PxUrAm5I
|
||||
jZdcNWeendXtBuXZwZSpVFDvi85taasgE7IaPdYj5VfKMwZmdmm7vpmVe3wKtxJf
|
||||
D1Z2kW34dtUkAAA5LXAnEYpM0jJo1hLQyOSm8KUcOOmLHHRa3vNHzUxLdSSZluCY
|
||||
DqLfRdx/3Krio8WoypopgG4mW0/nI1jUl5aRVgM2tuBVUjz2meDtTZk4dnTx8ys4
|
||||
bEmEn+BIzmMHzVK7PlNLAQWBGFj4e2rdLUsy3846YB2tRo/IUxQSv32gF/RYW5Py
|
||||
ToOjRpoaVDSJPT26w25/rwMYoqvtYDakoRXmSFOLg9k1WIlEhCJFSZRts9DuFU23
|
||||
XxXmhxC+R0I9InY/+JGBHqkmKcTpILZItjL0jLrIggXwE5wJ3emNBJsh8zwoKlWY
|
||||
6mUhG0xiiVrNWXlOOc9mw8ElRzxqhUDMd5mBiGQoZuBzXt8z05s8DA1ZDbrx9sQZ
|
||||
LVapZlUiYPcO/C29Bk2elK10IeQrzdqSSiF504afudaMPUcHSDWpG7Ew70R9wPHU
|
||||
h3I/q/YPoyYC2txrC9lJGfnJnylXf6eXoJNNgUIsqFMViTVYDBRbZ/4er1tB8bZl
|
||||
TjOgyRxgheUT0y/FodKznOEFtGSOsiO+ErQ04G6LAp59iJu5XJr3QVTyj4bvZa/S
|
||||
SjAOh1FMcg79p3ZWIFvfqupsStnKPHkDWawlM/var1xBSKcJ47YfgnPycxCdIm3x
|
||||
eSDP4BziKhAIBo0bX/9TGfrcectQedMSxFV+4+EhwKVKR+01rA7SfT9pNcBG+yS8
|
||||
Z6kJ+cNQzGtAveD9TwvajpGAIWQQz3QXtoXJvOYrpxKSl89VWcAhVAZD5f/J0xr3
|
||||
nHdJmIiefGCC9uV6ztLolxgjgRw76SydgewgRnuAXS6RF1nR4cgN1/2nVA7okm16
|
||||
JFvE+G7xxqbGgaNJNAzWIGn0JknSbrW+ymI08ig5FN49heOPW3+CNyPhhM/8Z1wM
|
||||
4/vhfUSMFQxx+XZYAImCk3d9u1RW38I6MHMu4S9jwH1tBk4z66l8UfFixxf222n8
|
||||
tMIoXMWVZJPEEFJhRW4uGoebDdmjtkgAASy70T414QKPdWy24sNr8E7bxpIemS5u
|
||||
4K8aO7UpKiiroXDdXBJJH3nYXBNeHNq/UASV5Ye2e2tNKGyepaIpFw4xr0qLXvAf
|
||||
QHL19XzKhpmeAhbxgvkF/R9N6lnRTAUdk9bmx+02ZVrDHqB0J/TWi6rwPoh7B92F
|
||||
0tbk3J8BOvdlJg74/96HBy4HQby7BxPKIFMkBVXNY4sACcWOGc+RbJf2KQRDUJ+y
|
||||
2S3UDcc3pIowA8SgRPQiW8HPgwxKNSONQOqN7+EitKT0OBxgD2UiVSL8WPEXyn3O
|
||||
IARI5N99Go9h29NkDxl0RH1rZpZMTtpJfW/0VKb2KIT1ctO57mYMBDrZsTYD8OLZ
|
||||
KQY57J5E6n+j60aowVxRpIXDQBaiMb0gOSVg1VASLkIforfJ7Du+8mS7vtatyO/G
|
||||
W02ddqdjqOBtYWsbN7Qo/pjSwWRbzKyhML7QRimG076p4jM0Md/oQMrzvGzZ5TXR
|
||||
MkqeK5la0425VwOeoLETmoaohzEwQ3Pdj4wum2bmHJnUUwDWSUI/HWVTSEiIyiih
|
||||
7XgHYHxfJZO774FaFBuXDNP1fSXdQMVF/eJomqKAPXdkMsj2Z8fo8dDDEGiVP6s0
|
||||
DY5Imp5foGQIXxo0OqwX60dlgAWNjs27sd6j2qD+IRHDooOvseqMP1t+Ap7Cie19
|
||||
duFEkBk7mthWwqjQb+i2GN+Cp3d+kRaN3fL4xFkEeE0ozn32dr07U0ZaZPLUoO5N
|
||||
JtpqpQ/m+F2OEGHmIQblyXzcgvBVVfewhABzdLdWFv5aG9MGL7hVDM73kbB6119G
|
||||
7YcvS1nRxsVZXGpS24814tmgJfTAhMJxD5e6lK1892NgFqfYMF8srtywZ6DJHL7N
|
||||
X4FvjLZFQAhTCLUzHutYT2xmvqwVvwfdsIAd58F7LWJuhQuJkQS4i7yISvBqG0t2
|
||||
tSEjJQ44hPhxGqvWgVaG9AHOQuZSYfRCQWBcfmBfq9T+I0qINkrnwLUgAGgKMsZG
|
||||
9qf1pEpyBjdV86nBK8JTmsIZGxPh+D3Y07E3g6bV99eZDjSuPMMN+Dv2ABB6ZZLN
|
||||
gglFVktPINZ27TY7k20sGBHfv9C70+tkYBkp2YwmxRMOsLVv+3fxUKQwf7SH9zYr
|
||||
Y9Aojrn6xtddP9PbxQUukc7H/jxDmgYeq6fQJ67T1SaFARO+qmf2dKESUCaf+JhV
|
||||
S7Bjbqut+FxqS4S1ru6UqOXCZc6pwTpZsopqgwrBczGKQ8g7f5xLZN0+g9N+Dy3R
|
||||
sLdOVofOeEhvFE6NGY5K50aXsMRaR2bJAVg6+ppqAE1BJWvsuqQ6TqYjefrhb3Az
|
||||
wGI/Cr51x8ncVapKw2Fsu/XjPuefaaT+7rWOBGLr1NKxWGT9Jyj9f2PhphPMLbT9
|
||||
f9B0Gn63tY6tyPJIJjelCTkkE13euGDnTfkJ6FcNs7C4QWj6PwD1QL4rbgmmSAuk
|
||||
6ThnwDhvPICgVnfLwl8B5YqQsC/TqOOwECitJgltehjKPA2BqWQ4mXqt6AT0VMNd
|
||||
cC/lxYq6YRPtsFlHE5py/4pBXaAXtYFq7Ow15Dp4BF5C1ahQc5JoIw2eedzl3gy3
|
||||
sViHBA4O1tk3VJSNX7OPf8+N9wA4XTlYt3he58mdh0X6+3ppIVOwdcTKiBLXm5WR
|
||||
UEdMfQUgwYLGBoYbK2sLxSH2Wff+fWVJadMSHM1HaNv1vbkJBF5qi4BzxuRb3fw2
|
||||
T7Uo3fdy7atYq0Fp2hbWhbdN7/JVa+ZxM/HscORlPv2GiB6IVnfjrhuFXKZJ7uxw
|
||||
ZVSGkEVDZWTWZkLlO+rGS6QwR8MHIBqhsnVWG830XkdWt+BtRN9XO2wpV8Wig1H8
|
||||
vLiFcoeftauk7alz3GU7C+/6j0tnjWTEG21tuuq7N2nflgCHcFxQWl4S/+s07/cS
|
||||
INpyi3eDvuadd2JB1jFRXssI8kss1OEVdJHUXwx64nKsKAX01AA/Li2scjzqq7h6
|
||||
zntoISGSD1XuDuxu9rZmF57w9kO+EAxJnXLZRbHDMwWllaTzWK+/KJt7iBE59cuj
|
||||
9Tr/DF6uji/ggGvrjUfXQ+MT1JMeEGYI9RPE2p1qQNYR7MBfrdkiu3ZnPEqPD7cy
|
||||
YLPeBLwPuAG73Td5fBROJmNFiC/KGa11/35xKL44XE9tNiGfVrWOyn5qXkSmEHSA
|
||||
2dpbRrKfaOWTufFfd5Ssfq+3bM47Nvmg0NmoY91iLwuuhc1NHHHevibPwniprjx1
|
||||
DrAHiJ2iYifl0P8MLRZixYEoexmJ/Wr8wzw74k2F3YY0UeD5tCGX4HsF/ojoqS2q
|
||||
9JZhh4o/OaO9JioZA6FUDWDzUOHw8xi4OpELlr5+k+4jBXZDwKycz30/xemfObx/
|
||||
wngRA7yJY3rJ7l1ED6sjVNPGgv8u0yzRE8m6/jCQwXKJVQi659q/iVDoU3IkEdc1
|
||||
5PsGHTMpCBQyZxFfCzehfvfVPAkPI8Xl+GSNB4Y0kAXnM6Xb6Axd/utjE3Hcrvvu
|
||||
D/yG+F+8q58OMxU5QBpr/HEyKLPBSXHCv37cJzG1M9qPbfwpANZ4zKWisbvEAO5z
|
||||
pz6Ddk7rhxZ+xTWiB/iXwya3JSp+Vr/HT8n27GAGuKuRqwkhWI8Qh7n1rA1s8y/N
|
||||
ozgA3FAAUS5ztb8UR8yLLRRNPpzR/j6hoYR2l4nrrFjv+hEpBXomBLXOkO03b9v/
|
||||
3QQMFTj2AXWiykafqzCXQ0Kj64g8U3D6AtCiABDCSPjUdSxzUK+H7YXoyAZai6cX
|
||||
fTKbQl4oX2JCw0yic2J1umFnTdlnLaHVc/PzeZP8w8MLXlvlGEvQx7m7mOLCkcQB
|
||||
nIDn9tMOkiZ5hyzMS5PvWWsPQM1kx0vE4fym1JJZNbZ2YMirus8t/PgC7IV1bu8b
|
||||
3XIO3GorcQk4VuaeWsNYMvm9zHawpBwnR1zECeAppp5/52ivQqfsGiC/HQ3baYSI
|
||||
PqEOxAprd1sYNEjVlg1T/fD89Uhi2QZdzR0wuvikchOnSXtqwOXYxdOOwwkANnaO
|
||||
wLhqB+VLBLpiM0juL4FYTrk1wKThhy87wG1kRgWClfVRYNp7kpT4MF6J9VDMh0B8
|
||||
pxRE5ODMq8hjIEF+7h0W2RkWUdAfrupFRnvpTJP7uelNVr73ue83BfYCpV/uPxu5
|
||||
pxSIPDP+nEGqwGCp9pjhxuRGr/Dc5g+lgSOj+8PehEqdGEKfmn+xFXuaVFq2fucG
|
||||
Myx2Fu05LVSAfDsbprzUz5vM1GJ2PEo9XcMvAo7CaLrxgukA63hg3i7Mwjd6lmQl
|
||||
EvkvTMkcZvojxqHJh/rfGon2nmXMep6YgKGKdKZpzRgZ6twj22NrchzDxw3RQk4X
|
||||
pM0SjT49ZyhJmtoREN669Htyy40mvNck0CrqVY8OUka/qsJ/f7r7HaNt53eed1rj
|
||||
osGjUtUPOlqmi7e1TV3v+H6WPGq+uW6hNWbZwifiNkTH6AJCjDw5kutfQr8oBU/P
|
||||
5BGNWMvy+f1YCikZNW6chOI+08E24O/Ny1PscUirDR6adVNBjO3Xjqq0y2tfPvN5
|
||||
8d1PSyoh5f6qlRH4ky6SjL4BbLCzzHwQ6ke/IAHmm/s8Ge4XEroznOQXW3qKDqYy
|
||||
mTok86TkezZb9NfCB/4X0Tndfxk/x1T+00r2eLortyAO5YOwEo/HvANbdsRM9JJ0
|
||||
0p0JCZWFEcArwthaUGDkLHVtBbT+wPYmWtyhMgSiTJrx9EpeqB6FWIZJlUts1W4G
|
||||
r/srbRe2h5OTPN43//NS/7p6OYDuJcVbAVGGxy4PES8WrhujFfSmBw8BL188sjx/
|
||||
Kh43guhzTC8moAp+a9IM0kGXtAajHppZ7BUyncTAXsRUdOhlS7Q2fdLPOV48MyWT
|
||||
11UhvH2fuXKJhaXequ1PE2CePSXI2x5S4anJFNoUWEw5TgRF3rkQ3p/cZm1VAy2y
|
||||
Z+VxQud0iVE15J9jGkGGa89D4m8ng16oGrSMKZAr1Gt4ZFJ5L1dP+WyPzecvzJMY
|
||||
xq75CrFXuWXdpGrYRGhjGa7B2fhzylSpVfLUyWA+HZq64ZNJOqzeioyamG1OkF6e
|
||||
6dHgjPmQUZeYckFEimIkXP9zHQPJfB8gX6gSyC+GSFIsitu9A3HEX5zS1uFDasdI
|
||||
CZ5Upc20BZiybfGcwd8+allHYScidzpWei78LfcpuPfnMOf6hVdhlsfuvwV9F/ua
|
||||
Gv0kw0+zxoDNxWhN4SqKHgYX0A1CyW/Olwb5l3s69PyUlLHTBKwf2Kth8ZCxoKpY
|
||||
kiiEKQQLHEa7mRX8d0U2bDmkx9EKJc7Cfz3JoDHB5aRZ4sbbJO447Fhn9fnuzaTi
|
||||
j7bDticnZymvjG13foBAJi16Pf431NsFdDYAfnmYYBFEJj/oIa5DtvidrRb+fRZv
|
||||
rkQuJ59tvEGD5hymQPEe3zqiUktPl1G6Q2jYctBjmFSM9m1eIJrfD8qNCrDlKd4Y
|
||||
uZJwt7XRWXirURBRk+aw0P0ZCLaWmWAKmfr+rZ8Dm8V9dO2PgjLxHRI0aEDSh/Jm
|
||||
Noc2ba8YhjNwQbLTMWe3WjacbyUC9m9YqhMx5ZV6EUK+jPR7FEw158wCaV2+qFNY
|
||||
ZKvILBoZywEqZkkeGp6zy7UJFzlVNzh7U0YyE6l0GxNFJ2fp2ViQ930TZt28wuTT
|
||||
If34N/+h1TGc4MqWcI9/4HeXZ5UV5v+gLa/sb6i0RuTrhNM50JinC1Bkqy5GrQLK
|
||||
wUOFb9PNNTNz3M6pl1HEmwbiAUAhrbUhcVQPcmneLQYpzW5/sv+s+vfx8xRujZtv
|
||||
kknt2ftLE7YedA1KvfjRis0d9J/EbzhLdIBg3mA0OBA1cIy7GKq9EIyg2FFiok3y
|
||||
T7taZPr0BuaZqFq4UaL1Se5okrBO/gwHcNj6isnQBlIDV/m858dMMYedajIHLnWb
|
||||
bgsNOXjj+FxdmappOqUJKjLseFx91NBuix5d92oUM8LvWQ9iHXVk9y7KVgFxFpc/
|
||||
lCw+UTzzBPnC0GcmJzOT8AaWkMYrnikoL4lYn9mr8wwLpJFkUOmyF/EUSiCj72Gb
|
||||
v1GmsjbgAECIjEgIMXRAC5Vx1L9zjzHhxyHOk2f6/kfbsjSl0kKUIWTlNz9JWi4/
|
||||
MuzXdleauhHYjE5zjaJ9Mp3KNhYNH2y8xUliSPLeX0TXyAJVKSYTtxq1JVyKTHBL
|
||||
yVEBUFcOtAkF5Mo7nTyjUGMcHVq7+3udXz8PSmxwDUSsWbwcOAvhqyW4d/tnCHk7
|
||||
wc3pMAIJUrsG/mAjy9Jc4jUsHOlzNu09w6YpDk7PyJBdm6pibyKdFbWhHxspZCwx
|
||||
Ikg5iH751ka7WzT7Bnthy2Ekj7d/0R8ZeOozFZFeGscy86SiPBxT+UyhvCgwGyNQ
|
||||
9YQnrKuIzxKV76nrbD/29yBzBTQAeeYJ9IgosIdqlWXqaJJNWvVeglSYdcEFpLNV
|
||||
hKbHj0pS6OtGopX4RAl2Gybi7ZXBPR2af1HywMp4FkRi4AVYcP0CWtp6TcnkBoPy
|
||||
603JF3Jfoyhg1vGhCipoGx6pCa+RD2gw5VSefhZtOeukDf3BhooMQB+ya1DUCp/T
|
||||
U2FsdGVkX18iXKqsKcU0KdsAaXFolKsYGVYOIaDjikeRbrTF9bCDtz4v0tWSg7kO
|
||||
SuJihKbDsSJebhu7puHtSJ3Us0b8wSbv5op2ub5G7IFmpcsXrgTEVU5zzncKLHZ8
|
||||
LIm46CTlOABNZbQUOvB0bIHVnT3xxR83zApgjip541r/1m7NB/KJq2S1ca1XGrRV
|
||||
T+u9WBWBXiDYLjuBLGfLOLauf7jdx/qjZ3fSD50zrDLBH0JdPWKcwiwQTG5CxJ8I
|
||||
xbFdzw2ijTltXe1xY1I3YSndBxUNukP9TT8J3AXND1xMBcvlyquFlO5JUV/+6CL/
|
||||
1rElfgTmxmjpP2bXJMzz+MxGzlVGbje3ye23+LuD+3wF+sZihDnJOxlgLTurVxug
|
||||
KbLBFRtBHC205vSltPH+7eD90O1Auvk5NaBN1QbAoLL/IPPIb5QpUETEvxyxSkNR
|
||||
cAVtJlTDhORwtLhVzvd5vL1+epuMlc5JzcSl9LJ0McN22bqqyzuBThAb1eLQxYhS
|
||||
N2dWiY0mvZi/X1y0xvkgm7pM7mypuHbfhfIQaIki9gl3C25c23CcsVpFp7xW16jP
|
||||
GNeNM8B0gzGd1XX8++Wuu0nXxmQx3agwCHhoFy2AQV8YaJUULq9sKO2KUqtCCDl7
|
||||
fRF7P857e4FysNGqfNuSZ/zhoIsj5z42V+p3WPxRvyf7ztiGrn8S8v4j2lilvKQC
|
||||
cee40yDkqVzeJ+UwO1y0YqTbnyIRSyGUHBezezLM3m6IqcdAKfosaTtJQdF/LCG/
|
||||
5w46E8NA8AkJbpivnwFmEeulntGNy+8t+QedL/CD8/rOKthsKMKMuweAO7UOQa+Z
|
||||
ZottWsVd58sf5LX+V2+6rwxrB8pJls1QE6Ei/uxtEfWXTQJLRoa+L+NowDc3J0Pb
|
||||
vILJo2u2o9M+82tZUNe/s+peA+4DkUfExoQOsbxyUOxer6QJ4VQK50Bj0gdxbaQo
|
||||
TGLMrQMoaR1J+MKuMJbVmJihWRXU0i3gf7y/p0VWmNLpwYJyNHB+wxbRWMqbtu9I
|
||||
1DTVhMASL0w3rGUxTdWn10En/zhfa8Nd/jt+uW429UJcT4vUbJ7teInLfPIhU01l
|
||||
A3UG+jRD9dxrPSyagtkAqlhqUcB3K7UdoQu42r1DVwHUtSfZgxcgFxztk/ZmhFae
|
||||
XAOi0FDwe4RlpdVlZLTgI9PdZNNt3ISHj6WKVEATy7KN5cRpblvE8NZJnR78CfXF
|
||||
1yS3JljcSmmE8HBVR5EgOhqI7VTJu/r9YtYaMeTwvp6RizG6FGfAjxORtiCctSXF
|
||||
23yrRHJwwVEiMYScU6LhadCj0HOwXPPs68gbasfqsOVSBBTwjhakv+wza6tCe/Y6
|
||||
4Cz0Z2Y4Zz1eHTMQ3GJTHJgWSIEMhp8L6RonW/jcwHO5xKOcoMPUZhaqW51EGpeq
|
||||
00Vqu2r1GtUcLUMw8X7O0uUU/KwE7CHVbtDTe0GBdcs7uKpYqi9DYm5o6D+bAq0s
|
||||
POBosxL7fJuyFD4PTUHo634zFeXXpMDhwr64TkczUgxtlnexcZ049uNTORmi/DU7
|
||||
q+TMgfKj1cjNWAlN07J5+TDBMXgfMeqp9wGT+9cMdkeqzAIQ0XXHJY9u3YOfbq3v
|
||||
sHIVjc3AniBRrP2u08W+340EXr9AY0wMW3KC7IH+qnfVKLuZrtAEuE0VIfAg5i7O
|
||||
mQo+DJqxAgLkhy5UjtZ28/H4JhYLqWWTku9GxMWKsnk82sVA0DMfG8NJGjB0mf2B
|
||||
0SipN7N1lv9KwcvTM+81LxiP69H7aP9nLNuTxk5vmCF62rP66DuVJ0h+5HEcZ/p7
|
||||
DCEq7hlB8CZRUu70ZfC4k67gWabyE1LXSg5OKtmIM/NMGbe3MmPGN2Y+yLwXPAhW
|
||||
ckwqnS/y32Ig4UjGls92TvR2hs8T77NoBAzyivvJ45cMcVYisUGNu76VWEPx6F3+
|
||||
buDsPurzVoueEMIFGyEkW3UA0gvgGBIqMJvC7uJCvUkHEh7dAhoz+5hsk+RAsIX8
|
||||
8L6mqbUT+hhfAKlTl4T95Ia+e4ZjhtNOGPF2sXKzOXwUnrq9Obp6KlGpsYOeRHKa
|
||||
wpmCWSBSZa7gBAh2vI3e4KSwwOupYAau3NcJYBdFcRVdavte619aH6gJ3nbSvd+B
|
||||
9gy24pQQSdpqKd6LpDoHLwTvv1K5aLe+26yeDVP3Aw9VfzXmDjv3obUouK7H9paF
|
||||
MTlgxprc9SKmoBScVb22LLhuMLvocErgfKeq8R5ATVnsnYcfVLGbu1YdF4jLjNpQ
|
||||
5uk85LsMxEIhlq2ldO4Y0D3RsJ+i7e+9k6CHkovSNTlqPnQ1U/ILoRXS4kQDAi3+
|
||||
2uf12V7yKhAJ7pRLMIClIeTflyUO3+Y0f8KAXPx3ECeFSsRbjvSkiC/JKi5efiOx
|
||||
7kVXvH1dlgu3WScZVbtVzy0M9moVa5ne+vuZW2E3tZ3xuTZYihkq3dQs7EXkTC1S
|
||||
sF0Df9WiuTWG971OXtrYH/5kK5Z1vSi5oGjignHe92JyRd075D0UiULuyTb3gt7l
|
||||
CBsHvuobEka5UuYdT5YTHKU+Co3YhybjZu/ncp9ho4e1HZe+tTRHunxl2k/idpjE
|
||||
dnA2DQiPQTO34MbkvxxJ6LcetrMeH6ZSXhq0col/ftqQ/Iw9P8H0ZbBvYOgBQTi0
|
||||
OIxnZ7qwxu3Qe7vbZ5TBHxXURFt0yCsa6pmM+s0wWMXsyD5IOq2x740/HUOQiGqd
|
||||
0dQ3f3gm8mYvE3a/o9R1exZz3kHsAhwJS6wG4GnkKHiSQlVRkgDMLBKrensSepHg
|
||||
rfReoFnN6TyU58F6vviUdTi52E8j1H+34HtIGmE/H+q8U4DfMttOAYY0+pC+ZGjJ
|
||||
wi501ylCJdp7vlsAFC4rXvaVjlo0B9fwlG7iFx7jWeqwZ7zdnJmkwVKiY9tcPH7f
|
||||
qOXob2uFCgGVWgDk7zKh0P0a2AqJ+oYN2zeGMDWwtB5pOqVxAQ29QqEFMixY1EFt
|
||||
ryFyy4HPxk/1C/iBuUOIUVuUv8ZXigeZ0nbuFI5qWmaV5wrtnciG4vqxwpMeQtgc
|
||||
16URcuwKg1AKOVWnGkgAqqXxifp8MBYscHV4eVZ1XIzgbPalv8JAG15u9aeFdCup
|
||||
GzpmzAqb0IlqpHdRjusZeMK1lWEygg4YQHAaXxxJeDUViFWbbROyz2+MsbMc679v
|
||||
QZmP/zCwsCAhv8Uj/WNNNywUqlIekhXYYKRYh3s/N053OBWPKblVT3erKQ8YcybV
|
||||
VoAvLfdaJflsVhps/+6ac3Zxhq8mGOjTA76PL+6dsAJ5tE5RMAhJnxVPR01PfjyB
|
||||
Sv/xJb7wxfuWlMNtpgCOeLrQJPuXACJj/3IQo+jteuEUEvfdBstIIrhWzjDmt3uy
|
||||
irsFPa2Z2mcJd7h8o6nRPDS8nlVgB9gfM3qlV+4JaU3HhaC9OHv/IiGuwuI5D7o2
|
||||
Lk76Ac4zB24A6DGvoiMb0T+Qy5hDwFd81yyjxPHlfx11x02re1qft6J0a1JSmwLt
|
||||
EFYuPhcvGNPfSqH67dqt2COYnas9tMnjJTgdNhVgyFT23MG63Z/lP05yuq40DwK4
|
||||
8QSC+10ByT10f4z+NLPHetK03XZ/teCblv80FmofIHkDX1Z37KDydezrE9vIW781
|
||||
+oaYYe888lS5EWl/qLyA2LUCr9P/hhqVFhAkAt8L79RJrUK3oyVrjPoBabDjjUIT
|
||||
iY2tzAZFRbvHUoYqa3pmQf8YXy6V1XV9D1tWO+d/kOT4nhqA2s3EcHxRafU7xZio
|
||||
HVXpZdw3nw+sKoDIv879fwIsADmaK7GJps+xgQ3AO7ZHDonOdZKOSwOVn2OdwKuy
|
||||
DdxqfCbvDJT4JCC5TEzk0jNmNmLi84eYv83RakCi2TUPpxD7deggPXiifocaWuZ+
|
||||
c8L7f8roEMTpMyTVdvIvEK8jJNqOUKPjYtGhMU7eXEOhry3XONVJ+k4ow2HLOJ7n
|
||||
1Lx2dvWRJY/jUusZhbKgwjkGfprV9JgMJ73eFWEaeBctB5JwYll63pUb3JW+3I75
|
||||
+frSu1nt6eusGTcAkdUqsoOCXeTBLfeuGKQo1pC6vsLcR8dZXFqkVhlOPPsjyDgw
|
||||
C0I+afbjpadGhslid4eXgn0et+2WBdBYmURTQI+sNCWXfxzuZN8gP8V7TKldtuss
|
||||
78nP3DXOwgGQIirx2DoMpoonK30hFrVbessSaK60iTds5wIveRhOXQHilST3v1d9
|
||||
UyNgykcrouhN5KKdzgy8JZBm7b8QO36/P+klYQg+a5KqM4sMFTINVbDjE4PxpYCn
|
||||
S7FQ7zvRBxSt+IPsJdaNoduRT+r2OMDDdmXc5nKfiDutiKZu92p+pKlDaXtNFcvj
|
||||
J588btpnRxkgVpd3ts3XYe2eoi+j1Reb1FP0KqbyND9DlW0nZILy/G1t4OE0sCbL
|
||||
A0pcIpPXYVMjd2UKKHNXsm/cG2C5mcg7DWL9gtOa70GfAYCTNiLakxE2SElDyazg
|
||||
WnjgaXzROzxqIsdN55irfQqSRPhxJ4bOvzY3oC4Lz6zlvQ4Dfoiww6r2u7xyhBSW
|
||||
so9zedXmUDmANzlW7hBDAbBgD6d5lWu6X3I2/Hmecj/EfhrewC0+8zuHrJ6pqOfB
|
||||
rk3/+rlxx1ENJBfOQst52DERydiZoE0B07DZKzt2a4lohQIvY/caCpjGDutEejZr
|
||||
ddTS4P2zh38xqlRXSd+iLqMNJfuCzg0S0EAKP7UtOS5tkmVWVlnOrBPBC0n5yTHR
|
||||
7ehgiT79SngjyHz32XXUe/1W/ZlbLo4CbXHeLThg0/uipmoure3i9p1CFeumOb5K
|
||||
qZ5kAdag54mxAmCcmec88RrFVpbxpLHvbOzQSrfwpi3q6srZyFuCwLzJzsOzSYUi
|
||||
qFdIdtLnEs68x+qu3UubaApquZHuI4hch5nqnYbHrrGZJrEWFUzcU5l+UasFztmq
|
||||
AkLqBihLTrhEaNA0Qt/NfDwwQeE30K7q+dBuL7tpuQB7vs7VU3Vnugu/XrECDASD
|
||||
+EF/zIszAHZZk1HX8DXfuwDq4lW2wkemzoFkvcZU8ZyzoCLx2D5Aj/Qlgjlf+1+4
|
||||
DY03Ew/DWZHRuuOyAnInFAvPErX75SI/RIGtdS1PRjhrV0Yni+TqcsRW+PRziaFz
|
||||
WdE0lW/zceuDJUVNqZFCN07vBGxpWOevKOPh7M8tpY73nfoSnZu5GRQw3r41Dpkn
|
||||
ELsMAzFOZ7L7hy6IVHcVWqSKB1bQsXY46lj7s5KnBen4CFBDzboT4S/S2p3wIpxZ
|
||||
+Og1mjgywzHXDr5zxWSjeOEYSHXO2w/2p29g4g7UNLGNzLddlDQMZKPHHFlAlx2/
|
||||
OZr2FY87o2eAFLe71CqrJTLCdndmgYDpQz4Zr0dyAvYZpPMORsskdWL1CSfz4WmU
|
||||
KQTnfBkpCzWtuftMBSNzMvE3yzP1H9A5hAgCcRj+MYEIKPqGczXxeWP9sbtHYL+G
|
||||
+MdfOb4FIdFcNF96hLNFWxYiyqh3qUyGwuFKKOTp+jkDqTg6dZs1vxRWPTkL+zBo
|
||||
zuvS/Qdi7yZPd3Am0WhERaq8w5OwspOvJqJzq2DZtHTzb7gQP+tiqlMCRMr9cJEp
|
||||
c+V3xr8+fqVzBJb1L8JYw2GDS5P92zbZnqXcXLpdbEAj5b5zGb2eSLKgyz+X//T1
|
||||
qXJphSirbsvf2cZHOrmbi2NQRAiak1yG3DX+YELxAdDWZE81tQdpCMfkP+XAn8Yw
|
||||
D28QC2wJ29P7fTn8QL9QLlD804Mcmb4YYXJACZaMBtyVgoXrTUc2YjbdqofZibzT
|
||||
teJ+o8m4OO6P+P/ryhqwxyrGncDIo0qJ7N0VzCeZ5qpYnA37SfU+3Ek6ntQ1XjOe
|
||||
YJJDPQr3QChFVZes/4H4407CvXKqg9Pcs3GBjtyW0yw1OTNYbauuK8Oc45oV5utG
|
||||
n12jd6FMV2tLo9IQHa76Zxzl0IUONDh60O58vkB4wy56B0McJeZbwh3eTJ/fuJCW
|
||||
w7N5X/bodH1wwIB98jr1SCOb81oAbWVIPMCbIuQoUnU38vptH9W7KcLAfqs18vEi
|
||||
1v4xKmkToDqW27TA337FwYDuiLJUL166BBzqk17hJFKIgbXNNISnWsE/yuTWeuLf
|
||||
4Wn/V8zISkCML50PG4SwUlpLkcQcMTG6SRU3y5e2j1ABqEic74lkY4GTnjaCLvvJ
|
||||
MjxFjYD5eWjJPd/xs0kzAcZJrb/iyfLY42lDVtByIOPxS96LPOnKTev1z36E7oy9
|
||||
GzZ77JJlfgBQE4j5cT1ZXYymnGcZGlBNzC259dSQOqaW4OwbF7Q2JW3ns46/QJYa
|
||||
HrKZc8gg3MFoyd6iQ5B8uIuOD0G90lNQAON7Rr3KWzWAJIlf41oyycVAY3/OxiNH
|
||||
C3vpBZv8Rb8ICNSXcKOP0Xmzj/p3vSTHwdQ8cp7XjZwSKDD0ZsOPPqbsvHW6fYU7
|
||||
23n3LbqFecnxgXW0FO976Z4PQdZkjxD7iG4bIk2jF73QewwgRh+C8chlzPcwrQHV
|
||||
7t4GmTj1Q/hW4Hm/8djmJ30bONw5B8VkdRJeg2Eg48y543Jr9+fq3wFV/r72x61k
|
||||
0elpDZ1enKbIrSSh+b5yp4r4V+iZKLyA3gR19vLLYWIvO3eDB8aowjZSh4grBVPR
|
||||
fIVGWXNLzt+8JDvb3nL9BZq2lrfeRlYtETfHGAG9ZaNkWLFLNDcEoiaI381AXE9A
|
||||
32MSW8K5i6l3l3jv6qLtDjB0BdQfFPDwa2uLaGfn6JRXhk+i6CPt4RUM/UaVk3MO
|
||||
Wk85ThtpgHzu2OEfWn8qppnOnRHZ03OI+2MVK+LzmqlTNhQoyN0m8iWzAAbUWIW7
|
||||
YFx5eamutucjjpy1Cb9VMLMXorrRa0EW/edItt7JDY+skUjXGyCmTST7x497Chcj
|
||||
FV9VKKyvL0g5BM1N6KGY3dD/Obgt8Ame2VvUcetAgiiiaNqnvlQ2rYdWzi8nDiQ9
|
||||
1OlakuZhGqLAnTrpc72PKNHFlQ2t1R+S33sE/Lw6vfhzuT0UJEZYgeSB2IOd72O5
|
||||
64nI2BuJZA1mzwK5kETVjGzc1ZJKVnN09Do/RxLGa+G4kBQFRi53PfwPIdweFDos
|
||||
+oljJOO2Hkr0DBNhVkmfMq4Vbbyl+aJ3Us+lXI1pibLUd2WNgsYrfdxIC8muib72
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ in
|
|||
};
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.Sapana.duplicacy-web ];
|
||||
environment.systemPackages = [ pkgs.${namespace}.duplicacy-web ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3875 ];
|
||||
|
||||
|
|
@ -37,7 +37,7 @@ in
|
|||
description = "Start the Duplicacy backup service and web UI";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = ''${pkgs.Sapana.duplicacy-web}/duplicacy-web'';
|
||||
ExecStart = ''${pkgs.${namespace}.duplicacy-web}/duplicacy-web'';
|
||||
Restart = "on-failure";
|
||||
RestartSec = 10;
|
||||
KillMode = "process";
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ in
|
|||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = lib.Sapana.getDomainFromURI cfg.url;
|
||||
DOMAIN = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
ROOT_URL = cfg.url;
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
|
|
@ -42,7 +42,7 @@ in
|
|||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ in
|
|||
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8096";
|
||||
|
|
|
|||
|
|
@ -51,11 +51,13 @@ in
|
|||
public = true;
|
||||
allowOrigin = "*";
|
||||
# Enable Ngrams
|
||||
settings.languageModel = lib.mkIf cfg.ngrams.enable "${pkgs.Sapana.languagetool-ngrams}/share/languagetool/ngrams";
|
||||
settings.languageModel = lib.mkIf cfg.ngrams.enable "${
|
||||
pkgs.${namespace}.languagetool-ngrams
|
||||
}/share/languagetool/ngrams";
|
||||
};
|
||||
# Create Nginx virtualhost
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ in
|
|||
(lib.mkIf (cfg.enable && cfg.type == "parent") {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
@ -77,7 +77,7 @@ in
|
|||
configDir = {
|
||||
# Allow incoming streams
|
||||
"stream.conf" = pkgs.writeText "stream.conf" ''
|
||||
[${config.secrets.services.netdata.apiKey}]
|
||||
[${config.${namespace}.secrets.services.netdata.apiKey}]
|
||||
enabled = no
|
||||
default history = 3600
|
||||
default memory mode = dbengine
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${cfg.port}";
|
||||
|
|
@ -102,7 +102,7 @@ in
|
|||
environment = {
|
||||
VPN_SERVICE_PROVIDER = "protonvpn";
|
||||
VPN_TYPE = "wireguard";
|
||||
WIREGUARD_PRIVATE_KEY = config.secrets.services.protonvpn.privateKey;
|
||||
WIREGUARD_PRIVATE_KEY = config.${namespace}.secrets.services.protonvpn.privateKey;
|
||||
SERVER_COUNTRIES = (lib.strings.concatStringsSep "," cfg.vpn.countries);
|
||||
TZ = "America/New_York";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ in
|
|||
};
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = lib.Sapana.getDomainFromURI cfg.url;
|
||||
useACMEHost = lib.${namespace}.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -69,8 +69,8 @@ in
|
|||
mail = lib.mkIf config.${namespace}.services.msmtp.enable {
|
||||
enable = true;
|
||||
mailer = "/run/wrappers/bin/sendmail";
|
||||
sender = "${config.networking.hostName}@${config.secrets.networking.domains.primary}";
|
||||
recipient = config.secrets.users.aires.email;
|
||||
sender = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
|
||||
recipient = config.${namespace}.secrets.users.aires.email;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -46,16 +46,16 @@ in
|
|||
# Set up secondary binary caches for Lix and Hevana
|
||||
substituters = [
|
||||
"https://cache.lix.systems"
|
||||
"https://${config.secrets.services.binary-cache.url}"
|
||||
"https://${config.${namespace}.secrets.services.binary-cache.url}"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
config.secrets.services.binary-cache.pubcert
|
||||
config.${namespace}.secrets.services.binary-cache.pubcert
|
||||
];
|
||||
|
||||
# Authentication for Hevana's binary cache
|
||||
netrc-file =
|
||||
with config.secrets.services.binary-cache;
|
||||
with config.${namespace}.secrets.services.binary-cache;
|
||||
pkgs.writeText "netrc" ''
|
||||
machine ${url} login ${auth.username} password ${auth.password}
|
||||
'';
|
||||
|
|
@ -96,7 +96,7 @@ in
|
|||
(lib.mkIf cfg.nixos-operations-script.enable {
|
||||
# Enable and configure NOS
|
||||
${namespace}.packages = [ nixos-operations-script ];
|
||||
environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder;
|
||||
environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ in
|
|||
isNormalUser = true;
|
||||
description = "Aires";
|
||||
uid = 1000;
|
||||
hashedPassword = config.secrets.users.aires.hashedPassword;
|
||||
hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword;
|
||||
extraGroups = [
|
||||
"input"
|
||||
"networkmanager"
|
||||
|
|
@ -64,14 +64,14 @@ in
|
|||
# Set up git
|
||||
git = {
|
||||
enable = true;
|
||||
userName = config.secrets.users.aires.firstName;
|
||||
userEmail = config.secrets.users.aires.email;
|
||||
userName = config.${namespace}.secrets.users.aires.firstName;
|
||||
userEmail = config.${namespace}.secrets.users.aires.email;
|
||||
extraConfig = {
|
||||
core.editor = config.${namespace}.editor;
|
||||
merge.conflictStyle = "zdiff3";
|
||||
pull.ff = "only";
|
||||
push.autoSetupRemote = "true";
|
||||
safe.directory = "${config.secrets.nixConfigFolder}/.git";
|
||||
safe.directory = "${config.${namespace}.secrets.nixConfigFolder}/.git";
|
||||
submodule.recurse = true;
|
||||
credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
|
||||
};
|
||||
|
|
@ -80,7 +80,7 @@ in
|
|||
# Set up SSH
|
||||
ssh = {
|
||||
enable = true;
|
||||
matchBlocks = config.secrets.users.aires.sshConfig;
|
||||
matchBlocks = config.${namespace}.secrets.users.aires.sshConfig;
|
||||
};
|
||||
|
||||
# Set up Zsh
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ in
|
|||
isNormalUser = true;
|
||||
description = "Gremlin";
|
||||
uid = 1001;
|
||||
hashedPassword = config.secrets.users.gremlin.hashedPassword;
|
||||
hashedPassword = config.${namespace}.secrets.users.gremlin.hashedPassword;
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"input"
|
||||
|
|
@ -80,7 +80,7 @@ in
|
|||
# Set up SSH
|
||||
ssh = {
|
||||
enable = true;
|
||||
matchBlocks = config.secrets.users.gremlin.sshConfig;
|
||||
matchBlocks = config.${namespace}.secrets.users.gremlin.sshConfig;
|
||||
};
|
||||
|
||||
# Set up Zsh
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ in
|
|||
# Connect to the network automagically
|
||||
networkmanager.enable = lib.mkForce false;
|
||||
wireless.networks = {
|
||||
"${config.secrets.networking.networks.home.SSID}" = {
|
||||
psk = "${config.secrets.networking.networks.home.password}";
|
||||
"${config.${namespace}.secrets.networking.networks.home.SSID}" = {
|
||||
psk = "${config.${namespace}.secrets.networking.networks.home.password}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -35,7 +35,7 @@ in
|
|||
];
|
||||
services.ssh = {
|
||||
enable = true;
|
||||
ports = [ config.secrets.hosts.hevana.ssh.port ];
|
||||
ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
|
||||
};
|
||||
users.aires.enable = true;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ let
|
|||
# Credentials for interacting with the Porkbun API
|
||||
porkbunCredentials = {
|
||||
"PORKBUN_API_KEY_FILE" = "${pkgs.writeText "porkbun-api-key" ''
|
||||
${config.secrets.networking.porkbun.api.apiKey}
|
||||
${config.${namespace}.secrets.networking.porkbun.api.apiKey}
|
||||
''}";
|
||||
"PORKBUN_SECRET_API_KEY_FILE" = "${pkgs.writeText "porkbun-secret-api-key" ''
|
||||
${config.secrets.networking.porkbun.api.secretKey}
|
||||
${config.${namespace}.secrets.networking.porkbun.api.secretKey}
|
||||
''}";
|
||||
};
|
||||
|
||||
|
|
@ -34,7 +34,9 @@ let
|
|||
serviceList = lib.attrsets.collect (
|
||||
x: x != "acme" && (lib.attrsets.matchAttrs { enable = true; } x)
|
||||
) config.${namespace}.services;
|
||||
subdomains = builtins.catAttrs "url" serviceList;
|
||||
subdomains = (builtins.catAttrs "url" serviceList) ++ [
|
||||
config.${namespace}.secrets.services.gremlin-lab.url
|
||||
];
|
||||
|
||||
in
|
||||
{
|
||||
|
|
@ -52,9 +54,11 @@ in
|
|||
configFile = pkgs.writeText "ddclient.conf" ''
|
||||
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
|
||||
protocol=porkbun
|
||||
apikey=${config.secrets.networking.porkbun.api.apiKey}
|
||||
secretapikey=${config.secrets.networking.porkbun.api.secretKey}
|
||||
*.${config.secrets.networking.domains.primary},*.${config.secrets.networking.domains.blog}
|
||||
apikey=${config.${namespace}.secrets.networking.porkbun.api.apiKey}
|
||||
secretapikey=${config.${namespace}.secrets.networking.porkbun.api.secretKey}
|
||||
*.${config.${namespace}.secrets.networking.domains.primary},*.${
|
||||
config.${namespace}.secrets.networking.domains.blog
|
||||
}
|
||||
cache=/tmp/ddclient.cache
|
||||
pid=/var/run/ddclient.pid
|
||||
'';
|
||||
|
|
@ -78,7 +82,9 @@ in
|
|||
};
|
||||
path = config.${namespace}.corePackages;
|
||||
script = ''
|
||||
/run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${config.secrets.nixConfigFolder}
|
||||
/run/current-system/sw/bin/nixos-operations-script --operation build --hostname Khanda --flake ${
|
||||
config.${namespace}.secrets.nixConfigFolder
|
||||
}
|
||||
'';
|
||||
};
|
||||
systemd.timers."build-hosts" = {
|
||||
|
|
@ -110,22 +116,22 @@ in
|
|||
# Enable support for primary RAID array
|
||||
raid.storage = {
|
||||
enable = true;
|
||||
keyFile = config.secrets.devices.storage.keyFile.path;
|
||||
mailAddr = config.secrets.users.aires.email;
|
||||
keyFile = config.${namespace}.secrets.devices.storage.keyFile.path;
|
||||
mailAddr = config.${namespace}.secrets.users.aires.email;
|
||||
};
|
||||
|
||||
services = {
|
||||
acme = {
|
||||
enable = true;
|
||||
defaultEmail = config.secrets.users.aires.email;
|
||||
defaultEmail = config.${namespace}.secrets.users.aires.email;
|
||||
certs = {
|
||||
"${config.secrets.networking.domains.primary}" = {
|
||||
"${config.${namespace}.secrets.networking.domains.primary}" = {
|
||||
dnsProvider = "porkbun";
|
||||
extraDomainNames = subdomains;
|
||||
webroot = null; # Required in order to prevent a failed assertion
|
||||
credentialFiles = porkbunCredentials;
|
||||
};
|
||||
"${config.secrets.networking.domains.blog}" = {
|
||||
"${config.${namespace}.secrets.networking.domains.blog}" = {
|
||||
dnsProvider = "porkbun";
|
||||
webroot = null; # Required in order to prevent a failed assertion
|
||||
credentialFiles = porkbunCredentials;
|
||||
|
|
@ -139,17 +145,17 @@ in
|
|||
autoUpgrade = {
|
||||
enable = true;
|
||||
pushUpdates = true; # Update automatically and push updates back up to Forgejo
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
configDir = config.${namespace}.secrets.nixConfigFolder;
|
||||
onCalendar = "daily";
|
||||
user = config.users.users.aires.name;
|
||||
};
|
||||
binary-cache = {
|
||||
enable = true;
|
||||
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
|
||||
url = config.secrets.services.binary-cache.url;
|
||||
url = config.${namespace}.secrets.services.binary-cache.url;
|
||||
auth = {
|
||||
user = config.secrets.services.binary-cache.auth.username;
|
||||
password = config.secrets.services.binary-cache.auth.password;
|
||||
user = config.${namespace}.secrets.services.binary-cache.auth.username;
|
||||
password = config.${namespace}.secrets.services.binary-cache.auth.password;
|
||||
};
|
||||
};
|
||||
boinc = {
|
||||
|
|
@ -163,36 +169,36 @@ in
|
|||
forgejo = {
|
||||
enable = true;
|
||||
home = "${services-root}/forgejo";
|
||||
url = config.secrets.services.forgejo.url;
|
||||
url = config.${namespace}.secrets.services.forgejo.url;
|
||||
};
|
||||
jellyfin = {
|
||||
enable = true;
|
||||
home = "${services-root}/jellyfin";
|
||||
url = config.secrets.services.jellyfin.url;
|
||||
url = config.${namespace}.secrets.services.jellyfin.url;
|
||||
};
|
||||
languagetool = {
|
||||
enable = true;
|
||||
url = config.secrets.services.languagetool.url;
|
||||
url = config.${namespace}.secrets.services.languagetool.url;
|
||||
port = 8100;
|
||||
auth.user = config.secrets.services.languagetool.auth.user;
|
||||
auth.password = config.secrets.services.languagetool.auth.password;
|
||||
auth.user = config.${namespace}.secrets.services.languagetool.auth.user;
|
||||
auth.password = config.${namespace}.secrets.services.languagetool.auth.password;
|
||||
ngrams.enable = true;
|
||||
};
|
||||
msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
host = config.secrets.services.msmtp.host;
|
||||
user = config.secrets.services.msmtp.user;
|
||||
password = config.secrets.services.msmtp.password;
|
||||
host = config.${namespace}.secrets.services.msmtp.host;
|
||||
user = config.${namespace}.secrets.services.msmtp.user;
|
||||
password = config.${namespace}.secrets.services.msmtp.password;
|
||||
auth = true;
|
||||
tls = true;
|
||||
tls_starttls = true;
|
||||
port = 587;
|
||||
from = "${config.networking.hostName}@${config.secrets.networking.domains.primary}";
|
||||
from = "${config.networking.hostName}@${config.${namespace}.secrets.networking.domains.primary}";
|
||||
};
|
||||
aliases = {
|
||||
text = ''
|
||||
default: ${config.secrets.users.aires.email}
|
||||
default: ${config.${namespace}.secrets.users.aires.email}
|
||||
'';
|
||||
mode = "0644";
|
||||
};
|
||||
|
|
@ -200,34 +206,34 @@ in
|
|||
netdata = {
|
||||
enable = true;
|
||||
type = "parent";
|
||||
url = config.secrets.services.netdata.url;
|
||||
url = config.${namespace}.secrets.services.netdata.url;
|
||||
auth = {
|
||||
user = config.users.users.aires.name;
|
||||
password = config.secrets.services.netdata.password;
|
||||
apiKey = config.secrets.services.netdata.apiKey;
|
||||
password = config.${namespace}.secrets.services.netdata.password;
|
||||
apiKey = config.${namespace}.secrets.services.netdata.apiKey;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${config.secrets.networking.domains.primary}" = {
|
||||
"${config.${namespace}.secrets.networking.domains.primary}" = {
|
||||
default = true;
|
||||
enableACME = true; # Enable Let's Encrypt
|
||||
locations."/" = {
|
||||
# Catchall vhost, will redirect users to Forgejo
|
||||
return = "301 https://${config.secrets.services.forgejo.url}";
|
||||
return = "301 https://${config.${namespace}.secrets.services.forgejo.url}";
|
||||
};
|
||||
};
|
||||
"${config.secrets.networking.domains.blog}" = {
|
||||
useACMEHost = config.secrets.networking.domains.blog;
|
||||
"${config.${namespace}.secrets.networking.domains.blog}" = {
|
||||
useACMEHost = config.${namespace}.secrets.networking.domains.blog;
|
||||
forceSSL = true;
|
||||
root = "${services-root}/nginx/sites/${config.secrets.networking.domains.blog}";
|
||||
root = "${services-root}/nginx/sites/${config.${namespace}.secrets.networking.domains.blog}";
|
||||
};
|
||||
"${config.secrets.services.gremlin-lab.url}" = {
|
||||
useACMEHost = config.secrets.networking.domains.primary;
|
||||
"${config.${namespace}.secrets.services.gremlin-lab.url}" = {
|
||||
useACMEHost = config.${namespace}.secrets.networking.domains.primary;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.secrets.services.gremlin-lab.ip}";
|
||||
proxyPass = "http://${config.${namespace}.secrets.services.gremlin-lab.ip}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;";
|
||||
};
|
||||
|
|
@ -237,11 +243,11 @@ in
|
|||
qbittorrent = {
|
||||
enable = true;
|
||||
home = "${services-root}/qbittorrent";
|
||||
url = config.secrets.services.qbittorrent.url;
|
||||
url = config.${namespace}.secrets.services.qbittorrent.url;
|
||||
port = "8090";
|
||||
vpn = {
|
||||
enable = true;
|
||||
privateKey = config.secrets.services.protonvpn.privateKey;
|
||||
privateKey = config.${namespace}.secrets.services.protonvpn.privateKey;
|
||||
countries = [
|
||||
"Switzerland"
|
||||
"Netherlands"
|
||||
|
|
@ -251,15 +257,15 @@ in
|
|||
rss = {
|
||||
enable = false;
|
||||
home = "${services-root}/freshrss";
|
||||
url = config.secrets.services.rss.url;
|
||||
auth = with config.secrets.services.rss.auth; {
|
||||
url = config.${namespace}.secrets.services.rss.url;
|
||||
auth = with config.${namespace}.secrets.services.rss.auth; {
|
||||
user = user;
|
||||
password = password;
|
||||
};
|
||||
};
|
||||
ssh = {
|
||||
enable = true;
|
||||
ports = [ config.secrets.hosts.hevana.ssh.port ];
|
||||
ports = [ config.${namespace}.secrets.hosts.hevana.ssh.port ];
|
||||
};
|
||||
syncthing = {
|
||||
enable = true;
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ in
|
|||
services = {
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
configDir = config.${namespace}.secrets.nixConfigFolder;
|
||||
extraFlags = "--build-host hevana";
|
||||
onCalendar = "weekly";
|
||||
user = config.users.users.aires.name;
|
||||
|
|
|
|||
|
|
@ -19,8 +19,6 @@ in
|
|||
system.stateVersion = stateVersion;
|
||||
networking.hostName = hostName;
|
||||
|
||||
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
|
||||
|
||||
${namespace} = {
|
||||
apps = {
|
||||
development.enable = true;
|
||||
|
|
@ -42,6 +40,8 @@ in
|
|||
tpm2.enable = true;
|
||||
};
|
||||
|
||||
custom-fonts.Freight-Pro.enable = config.${namespace}.users.gremlin.enable;
|
||||
|
||||
# Change the default text editor. Options are "emacs", "nano", or "vim".
|
||||
editor = "nano";
|
||||
|
||||
|
|
@ -64,7 +64,7 @@ in
|
|||
# Run daily automatic updates.
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
configDir = config.${namespace}.secrets.nixConfigFolder;
|
||||
onCalendar = "daily";
|
||||
operation = "boot";
|
||||
user = config.users.users.aires.name;
|
||||
|
|
|
|||
Loading…
Reference in a new issue