mirror of
https://github.com/kmein/niveum
synced 2026-03-29 08:41:07 +02:00
Compare commits
4 Commits
e08ffb4d44
...
8ae328ad19
| Author | SHA1 | Date | |
|---|---|---|---|
| 8ae328ad19 | |||
| 9148ab5ba8 | |||
| 17bf958923 | |||
|
7a99500f72 |
19
.github/workflows/niveum.yml
vendored
19
.github/workflows/niveum.yml
vendored
@@ -9,7 +9,7 @@ jobs:
|
||||
matrix:
|
||||
system: [makanek,manakish,kabsa,zaatar,ful]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
- name: Install QEMU (ARM)
|
||||
run: sudo apt-get install -y qemu-user-static
|
||||
if: ${{ matrix.system == 'ful' }}
|
||||
@@ -22,9 +22,16 @@ jobs:
|
||||
- name: Install Nix (x86_64)
|
||||
uses: cachix/install-nix-action@v16
|
||||
if: ${{ matrix.system != 'ful' }}
|
||||
- run: |
|
||||
rm -rf secrets
|
||||
- name: nixos-rebuild dry-build
|
||||
run: |
|
||||
# remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218
|
||||
git submodule deinit -f secrets
|
||||
rm -rf .git/modules/secrets
|
||||
git rm -f secrets
|
||||
|
||||
# recreate secrets
|
||||
mkdir secrets
|
||||
cat secrets.txt | while read -r path; do echo dummy > $path; done
|
||||
find
|
||||
- run: nix run nixpkgs#nixos-rebuild -- dry-build --override-input secrets ./secrets --flake .#${{matrix.system}}
|
||||
cat secrets.txt | while read -r path; do touch $path; done
|
||||
git add secrets
|
||||
|
||||
nix run nixpkgs#nixos-rebuild -- dry-build --flake $GITHUB_WORKSPACE#${{matrix.system}}
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
defaults = {
|
||||
@@ -20,43 +19,43 @@
|
||||
in {
|
||||
age.secrets = {
|
||||
email-password-cock = {
|
||||
file = inputs.secrets + "/email-password-cock.age";
|
||||
file = ../secrets/email-password-cock.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-fysi = {
|
||||
file = inputs.secrets + "/email-password-fysi.age";
|
||||
file = ../secrets/email-password-fysi.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-posteo = {
|
||||
file = inputs.secrets + "/email-password-posteo.age";
|
||||
file = ../secrets/email-password-posteo.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-meinhark = {
|
||||
file = inputs.secrets + "/email-password-meinhark.age";
|
||||
file = ../secrets/email-password-meinhark.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-meinhaki = {
|
||||
file = inputs.secrets + "/email-password-meinhaki.age";
|
||||
file = ../secrets/email-password-meinhaki.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-dslalewa = {
|
||||
file = inputs.secrets + "/email-password-dslalewa.age";
|
||||
file = ../secrets/email-password-dslalewa.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
email-password-fsklassp = {
|
||||
file = inputs.secrets + "/email-password-fsklassp.age";
|
||||
file = ../secrets/email-password-fsklassp.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../lib) tmpfilesConfig;
|
||||
@@ -98,7 +97,7 @@ in {
|
||||
];
|
||||
|
||||
age.secrets.mega-password = {
|
||||
file = inputs.secrets + "/mega-password.age";
|
||||
file = ../secrets/mega-password.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
@@ -37,13 +37,13 @@ in {
|
||||
{
|
||||
age.secrets = {
|
||||
di-fm-key = {
|
||||
file = inputs.secrets + "/di-fm-key.age";
|
||||
file = ../secrets/di-fm-key.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
restic = {
|
||||
file = inputs.secrets + "/restic.age";
|
||||
file = ../secrets/restic.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
@@ -76,7 +76,7 @@ in {
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
kfm-password.file = inputs.secrets + "/kfm-password.age";
|
||||
kfm-password.file = ../secrets/kfm-password.age;
|
||||
};
|
||||
|
||||
home-manager.users.me.xdg.enable = true;
|
||||
|
||||
@@ -1,9 +1,15 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib.strings) fileContents;
|
||||
inherit (import ../lib) sshPort;
|
||||
eduroam = {
|
||||
identity = fileContents <secrets/eduroam/identity>;
|
||||
password = fileContents <secrets/eduroam/password>;
|
||||
};
|
||||
hu-berlin-cifs-options = [
|
||||
"uid=${toString config.users.users.me.uid}"
|
||||
"gid=${toString config.users.groups.users.gid}"
|
||||
@@ -29,7 +35,7 @@ in {
|
||||
options = hu-berlin-cifs-options;
|
||||
};
|
||||
|
||||
age.secrets.cifs-credentials-hu-berlin.file = inputs.secrets + "/cifs-credentials-hu-berlin.age";
|
||||
age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age;
|
||||
|
||||
home-manager.users.me.programs.ssh = {
|
||||
matchBlocks = {
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
pkgs,
|
||||
lib,
|
||||
niveumPackages,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../lib) defaultApplications colours;
|
||||
@@ -66,13 +65,13 @@
|
||||
in {
|
||||
age.secrets = {
|
||||
github-token-i3status-rust = {
|
||||
file = inputs.secrets + "/github-token-i3status-rust.age";
|
||||
file = ../secrets/github-token-i3status-rust.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
openweathermap-api-key = {
|
||||
file = inputs.secrets + "/openweathermap-api-key.age";
|
||||
file = ../secrets/openweathermap-api-key.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
davHome = "~/.local/share/dav";
|
||||
@@ -18,13 +18,13 @@
|
||||
in {
|
||||
age.secrets = {
|
||||
nextcloud-password-kieran = {
|
||||
file = inputs.secrets + "/nextcloud-password-kieran.age";
|
||||
file = ../secrets/nextcloud-password-kieran.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
};
|
||||
nextcloud-password-fysi = {
|
||||
file = inputs.secrets + "/nextcloud-password-fysi.age";
|
||||
file = ../secrets/nextcloud-password-fysi.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
niveumPackages,
|
||||
unstablePackages,
|
||||
...
|
||||
}: let
|
||||
worldradio = pkgs.callPackage ../packages/worldradio.nix {};
|
||||
@@ -289,7 +291,7 @@ in {
|
||||
];
|
||||
|
||||
age.secrets.home-assistant-token = {
|
||||
file = inputs.secrets + "/home-assistant-token.age";
|
||||
file = ../secrets/home-assistant-token.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
@@ -22,7 +22,7 @@ in {
|
||||
command = "${autorenkalender}/bin/autorenkalender";
|
||||
};
|
||||
|
||||
age.secrets.telegram-token-kmein.file = inputs.secrets + "/telegram-token-kmein.age";
|
||||
age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
|
||||
|
||||
niveum.passport.services = [
|
||||
{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
@@ -47,9 +48,9 @@ in {
|
||||
];
|
||||
|
||||
age.secrets = {
|
||||
telegram-token-reverse.file = inputs.secrets + "/telegram-token-reverse.age";
|
||||
telegram-token-betacode.file = inputs.secrets + "/telegram-token-betacode.age";
|
||||
telegram-token-proverb.file = inputs.secrets + "/telegram-token-proverb.age";
|
||||
telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age;
|
||||
telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age;
|
||||
telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age;
|
||||
};
|
||||
|
||||
systemd.services.telegram-reverse = {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
nachtischsatan-bot = {tokenFile}:
|
||||
@@ -36,7 +36,7 @@ in {
|
||||
serviceConfig.Restart = "always";
|
||||
};
|
||||
|
||||
age.secrets.telegram-token-nachtischsatan.file = inputs.secrets + "/telegram-token-nachtischsatan.age";
|
||||
age.secrets.telegram-token-nachtischsatan.file = ../../secrets/telegram-token-nachtischsatan.age;
|
||||
|
||||
niveum.passport.services = [
|
||||
{
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../lib) localAddresses;
|
||||
@@ -20,7 +20,7 @@ in {
|
||||
];
|
||||
|
||||
age.secrets.traadfri-key = {
|
||||
file = inputs.secrets + "/traadfri-key.age";
|
||||
file = ../secrets/traadfri-key.age;
|
||||
owner = config.users.users.me.name;
|
||||
group = config.users.users.me.group;
|
||||
mode = "400";
|
||||
|
||||
64
flake.lock
generated
64
flake.lock
generated
@@ -67,11 +67,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687171271,
|
||||
"narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
|
||||
"lastModified": 1687709756,
|
||||
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
|
||||
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -102,11 +102,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687647567,
|
||||
"narHash": "sha256-Ua90LZYJO7/7KW/KK/AqijhIekd+wxPwbVKXuBYzJeQ=",
|
||||
"lastModified": 1687871164,
|
||||
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6ca1e16eb3016c94b7ac16699e1d4158bd4e39a4",
|
||||
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -175,11 +175,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1671116920,
|
||||
"narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=",
|
||||
"lastModified": 1688141737,
|
||||
"narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
|
||||
"owner": "matthewcroughan",
|
||||
"repo": "nixinate",
|
||||
"rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8",
|
||||
"rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -190,11 +190,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1687466461,
|
||||
"narHash": "sha256-oupXI7g7RPzlpGUfAu1xG4KBK53GrZH8/xeKgKDB4+Q=",
|
||||
"lastModified": 1688109178,
|
||||
"narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ecb441f22067ba1d6312f4932a7c64efa8d19a7b",
|
||||
"rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -222,11 +222,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1687652732,
|
||||
"narHash": "sha256-J5DIQzLejT/9xjSSOxjHJ6r1nc4VawKnLejHtOQKjV4=",
|
||||
"lastModified": 1688258489,
|
||||
"narHash": "sha256-Ve3r2lv3bTJh/0/2IRhF5+4uco3YlqIjFPDd3rs4frw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b154feadb9abd34350360a80cb4b7e6ce8525a75",
|
||||
"rev": "3eb8ccf3b3922be5586a263e7d6f4f98e3acf728",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -254,11 +254,11 @@
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1687654170,
|
||||
"narHash": "sha256-82D7t8R2SoFqt06HLVMbFMPjQy32nTrECJBLZvTt2aI=",
|
||||
"lastModified": 1688258911,
|
||||
"narHash": "sha256-nu6KIfmhQqCMo+tecCMOP13TH8BLrm8hpDqF6ckz8Ik=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "9eed2d0c604236451550cede1095b94bc8897133",
|
||||
"rev": "8993e5d37ab3ec80883751b5d86d48e9b74bed43",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -293,11 +293,11 @@
|
||||
},
|
||||
"retiolum": {
|
||||
"locked": {
|
||||
"lastModified": 1686076643,
|
||||
"narHash": "sha256-midjyNXeGAqXzwXKnHNsTnRwPIbturlq2FcHOh9fivg=",
|
||||
"lastModified": 1688225912,
|
||||
"narHash": "sha256-YXiHX9YmZ1ApZ3g58+nJrJA+H35stAvIAaewUnG1eZg=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "f79b533caf30820d93a79878d871c08faa35b3f4",
|
||||
"revCount": 306,
|
||||
"rev": "5204150c92b7c412a3331337ef73b0eb0f01f6ba",
|
||||
"revCount": 307,
|
||||
"type": "git",
|
||||
"url": "https://git.thalheim.io/Mic92/retiolum"
|
||||
},
|
||||
@@ -322,7 +322,6 @@
|
||||
"retiolum": "retiolum",
|
||||
"rust-overlay": "rust-overlay",
|
||||
"scripts": "scripts",
|
||||
"secrets": "secrets",
|
||||
"telebots": "telebots",
|
||||
"tinc-graph": "tinc-graph",
|
||||
"traadfri": "traadfri",
|
||||
@@ -339,11 +338,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687573996,
|
||||
"narHash": "sha256-F7pDERmi8MomkMhcUW88IW6RRrxAk7QO2PXs+LMpxpI=",
|
||||
"lastModified": 1688178944,
|
||||
"narHash": "sha256-4fef6jlv73WW6FLXssEa88WaTVEU268ipI6fatg9vRE=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "ec002586144fe0f48039dced270c188f0b8213ab",
|
||||
"rev": "ef95001485c25edb43ea236bdb03640b9073abef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -378,19 +377,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1,
|
||||
"narHash": "sha256-D9ZMDdN7FOG+x8Ds2FuBUz/ujRLjJ07rxiV8AFuEqbQ=",
|
||||
"path": "./secrets",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"path": "./secrets",
|
||||
"type": "path"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
||||
@@ -13,7 +13,6 @@
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
|
||||
nur.url = "github:nix-community/NUR";
|
||||
recht.url = "github:kmein/recht";
|
||||
secrets.url = "path:./secrets";
|
||||
scripts.url = "github:kmein/scripts";
|
||||
retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum";
|
||||
rust-overlay.url = "github:oxalica/rust-overlay";
|
||||
@@ -39,7 +38,6 @@
|
||||
scripts.inputs.flake-utils.follows = "flake-utils";
|
||||
scripts.inputs.nixpkgs.follows = "nixpkgs";
|
||||
scripts.inputs.rust-overlay.follows = "rust-overlay";
|
||||
secrets.flake = false;
|
||||
tinc-graph.inputs.flake-utils.follows = "flake-utils";
|
||||
tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
|
||||
tinc-graph.inputs.rust-overlay.follows = "rust-overlay";
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
@@ -36,19 +36,19 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/ful-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/ful-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/ful-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/ful-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
root.file = inputs.secrets + "/ful-root.age";
|
||||
restic.file = inputs.secrets + "/restic.age";
|
||||
root.file = ../../secrets/ful-root.age;
|
||||
restic.file = ../../secrets/restic.age;
|
||||
};
|
||||
|
||||
services.restic.backups.niveum = {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../../lib) retiolumAddresses;
|
||||
@@ -25,20 +26,20 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/kabsa-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/kabsa-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/kabsa-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/kabsa-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
restic.file = inputs.secrets + "/restic.age";
|
||||
syncthing-cert.file = inputs.secrets + "/kabsa-syncthing-cert.age";
|
||||
syncthing-key.file = inputs.secrets + "/kabsa-syncthing-key.age";
|
||||
restic.file = ../../secrets/restic.age;
|
||||
syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
|
||||
syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
|
||||
};
|
||||
|
||||
environment.systemPackages = [pkgs.minecraft pkgs.zeroad];
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
@@ -84,18 +84,18 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/makanek-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/makanek-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/makanek-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/makanek-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
restic.file = inputs.secrets + "/restic.age";
|
||||
restic.file = ../../secrets/restic.age;
|
||||
};
|
||||
|
||||
system.stateVersion = "20.03";
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
@@ -46,7 +47,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets.telegram-token-menstruation.file = inputs.secrets + "/telegram-token-menstruation.age";
|
||||
age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;
|
||||
|
||||
systemd.services.menstruation-backend = {
|
||||
wants = ["network-online.target"];
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
lokiConfig = import ./loki.nix;
|
||||
@@ -242,19 +241,19 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
email-password-cock = {
|
||||
file = inputs.secrets + "/email-password-cock.age";
|
||||
file = ../../../secrets/email-password-cock.age;
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
mode = "440";
|
||||
};
|
||||
grafana-password-admin = {
|
||||
file = inputs.secrets + "/grafana-password-admin.age";
|
||||
file = ../../../secrets/grafana-password-admin.age;
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
mode = "440";
|
||||
};
|
||||
alertmanager-token-reporters = {
|
||||
file = inputs.secrets + "/alertmanager-token-reporters.age";
|
||||
file = ../../../secrets/alertmanager-token-reporters.age;
|
||||
owner = "prometheus";
|
||||
group = "prometheus";
|
||||
mode = "440";
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
@@ -9,13 +8,13 @@
|
||||
in {
|
||||
age.secrets = {
|
||||
nextcloud-password-database = {
|
||||
file = inputs.secrets + "/nextcloud-password-database.age";
|
||||
file = ../../secrets/nextcloud-password-database.age;
|
||||
owner = "nextcloud";
|
||||
group = "nextcloud";
|
||||
mode = "440";
|
||||
};
|
||||
nextcloud-password-admin = {
|
||||
file = inputs.secrets + "/nextcloud-password-admin.age";
|
||||
file = ../../secrets/nextcloud-password-admin.age;
|
||||
owner = "nextcloud";
|
||||
group = "nextcloud";
|
||||
mode = "440";
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
@@ -11,7 +11,7 @@
|
||||
};
|
||||
|
||||
age.secrets.onlyoffice-key = {
|
||||
file = inputs.secrets + "/onlyoffice-jwt-key.age";
|
||||
file = ../../secrets/onlyoffice-jwt-key.age;
|
||||
owner = "onlyoffice";
|
||||
};
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets.maxmind-license-key.file = inputs.secrets + "/maxmind-license-key.age";
|
||||
age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;
|
||||
|
||||
niveum.passport.services = [
|
||||
{
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
@@ -18,7 +19,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets.miniflux-credentials.file = inputs.secrets + "/miniflux-credentials.age";
|
||||
age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age;
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../../lib) kieran;
|
||||
@@ -205,7 +205,7 @@ in {
|
||||
};
|
||||
|
||||
age.secrets.weechat-sec = {
|
||||
file = inputs.secrets + "/weechat-sec.conf.age";
|
||||
file = ../../secrets/weechat-sec.conf.age;
|
||||
path = "/var/lib/weechat/sec.conf";
|
||||
owner = "weechat";
|
||||
group = "weechat";
|
||||
|
||||
@@ -1,4 +1,8 @@
|
||||
{inputs, ...}: let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../../lib) retiolumAddresses;
|
||||
in {
|
||||
imports = [
|
||||
@@ -12,19 +16,19 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/manakish-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/manakish-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/manakish-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/manakish-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
syncthing-cert.file = inputs.secrets + "/manakish-syncthing-cert.age";
|
||||
syncthing-key.file = inputs.secrets + "/manakish-syncthing-key.age";
|
||||
syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
|
||||
syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
|
||||
};
|
||||
|
||||
niveum = {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
@@ -15,13 +15,13 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/tabula-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/tabula-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/tabula-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/tabula-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
@@ -15,13 +15,13 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/tahina-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/tahina-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/tahina-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/tahina-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (import ../../lib) retiolumAddresses restic;
|
||||
@@ -31,18 +31,18 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
retiolum-rsa = {
|
||||
file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age";
|
||||
file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
retiolum-ed25519 = {
|
||||
file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age";
|
||||
file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age;
|
||||
mode = "400";
|
||||
owner = "tinc.retiolum";
|
||||
group = "tinc.retiolum";
|
||||
};
|
||||
restic.file = inputs.secrets + "/restic.age";
|
||||
restic.file = ../../secrets/restic.age;
|
||||
};
|
||||
|
||||
services.restic.backups.moodle-dl = {
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
|
||||
@@ -14,14 +13,14 @@ in {
|
||||
age.secrets = {
|
||||
/*
|
||||
moodle-dl-tokens = {
|
||||
file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age";
|
||||
file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
|
||||
owner = "moodle-dl";
|
||||
group = "moodle-dl";
|
||||
mode = "400";
|
||||
};
|
||||
*/
|
||||
moodle-dl-basicAuth = {
|
||||
file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age";
|
||||
file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
mode = "400";
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
firewall = (import ../../lib).firewall lib;
|
||||
@@ -103,14 +102,14 @@ in {
|
||||
|
||||
age.secrets = {
|
||||
ympd-basicAuth = {
|
||||
file = inputs.secrets + "/zaatar-ympd-basicAuth.age";
|
||||
file = ../../secrets/zaatar-ympd-basicAuth.age;
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
mode = "400";
|
||||
};
|
||||
syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age";
|
||||
syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age";
|
||||
di-fm-key.file = inputs.secrets + "/di-fm-key.age";
|
||||
syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
|
||||
syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
|
||||
di-fm-key.file = ../../secrets/di-fm-key.age;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
|
||||
@@ -1,8 +1,4 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
{config, ...}: {
|
||||
services.spotifyd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
@@ -25,8 +21,8 @@
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
spotify-username.file = inputs.secrets + "/spotify-username.age";
|
||||
spotify-password.file = inputs.secrets + "/spotify-password.age";
|
||||
spotify-username.file = ../../secrets/spotify-username.age;
|
||||
spotify-password.file = ../../secrets/spotify-password.age;
|
||||
};
|
||||
|
||||
# ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502
|
||||
|
||||
Reference in New Issue
Block a user