diff --git a/.sops.yaml b/.sops.yaml index 356cf9d..d27c351 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s - &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x - &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t + - &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8 creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: diff --git a/flake.lock b/flake.lock index b024ca1..a103fc4 100644 --- a/flake.lock +++ b/flake.lock @@ -253,11 +253,11 @@ ] }, "locked": { - "lastModified": 1757239681, - "narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -356,11 +356,11 @@ ] }, "locked": { - "lastModified": 1757385184, - "narHash": "sha256-LCxtQn9ajvOgGRbQIRUJgfP7clMGGvV1SDW1HcSb0zk=", + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "owner": "nix-community", "repo": "home-manager", - "rev": "26993d87fd0d3b14f7667b74ad82235f120d986e", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "type": "github" }, "original": { @@ -414,11 +414,11 @@ ] }, "locked": { - "lastModified": 1756891319, - "narHash": "sha256-/e6OXxzbAj/o97Z1dZgHre4bNaVjapDGscAujSCQSbI=", + "lastModified": 1757542864, + "narHash": "sha256-8i9tsVoOmLQDHJkNgzJWnmxYFGkJNsSndimYpCoqmoA=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "621e2e00f1736aa18c68f7dfbf2b9cff94b8cc4d", + "rev": "aa9d14963b94186934fd0715d9a7f0f2719e64bb", "type": "github" }, "original": { @@ -443,11 +443,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1757423991, - "narHash": "sha256-tL+b6WC4gJJSo6wjNVIZpQ0DsYg8RmoGHxYuk6jJKbU=", + "lastModified": 1757811161, + "narHash": "sha256-laCB71qgn9Eht7bH1nobIzEiR5r7WRHAB7XHHxLTiLQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "150d693fe794a01aab762a18d2d8a2c8bc54b43c", + "rev": "559024c3314e4b1180b10b80fce4e9f20bad14c8", "type": "github" }, "original": { @@ -536,11 +536,11 @@ ] }, "locked": { - "lastModified": 1753819801, - "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", + "lastModified": 1757508108, + "narHash": "sha256-bTYedtQFqqVBAh42scgX7+S3O6XKLnT6FTC6rpmyCCc=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", + "rev": "119bcb9aa742658107b326c50dcd24ab59b309b7", "type": "github" }, "original": { @@ -659,11 +659,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1757376306, - "narHash": "sha256-xZ9agpXP92762wo6pEZd1gs1jJEjrd4WWGtzlpY3QaA=", + "lastModified": 1757894719, + "narHash": "sha256-sG0DIub/4dB4HK8CahQYm6rTcxT8LHS6QmQNwThIN6M=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "b142f8f6336853ff325fe39c9f658e51e42c781b", + "rev": "2376288a3cf701a272d4b083d2e39a44d087f9e2", "type": "github" }, "original": { @@ -675,11 +675,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1757369388, - "narHash": "sha256-nLc2Oi6N2DfZTVBl8plpSlx13DQGc087ziWymAyjkOI=", + "lastModified": 1757891857, + "narHash": "sha256-GWKvDTB+03uQGx1qzuBQCewPgZiD8HWX2rovynsBbt8=", "owner": "neovim", "repo": "neovim", - "rev": "acb99b8a6572d8ea8d917955a653945550923be0", + "rev": "7b8b9d270f6ede43661f54573d1f4f0ae49d4ff1", "type": "github" }, "original": { @@ -690,11 +690,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { @@ -706,11 +706,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757034884, - "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", + "lastModified": 1757746433, + "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ca77296380960cd497a765102eeb1356eb80fed0", + "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d", "type": "github" }, "original": { @@ -722,11 +722,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757347588, - "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -771,11 +771,11 @@ ] }, "locked": { - "lastModified": 1757239681, - "narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", + "lastModified": 1757588530, + "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", + "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411", "type": "github" }, "original": { @@ -802,11 +802,11 @@ ] }, "locked": { - "lastModified": 1757503115, - "narHash": "sha256-S9F6bHUBh+CFEUalv/qxNImRapCxvSnOzWBUZgK1zDU=", + "lastModified": 1757847158, + "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "0bf793823386187dff101ee2a9d4ed26de8bbf8c", + "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a3186be..5884e1e 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,9 @@ myhostname = "legacy"; }; modules = [ + stylix.nixosModules.stylix ./maskiner/legacy/configuration.nix + sops-nix.nixosModules.sops ]; }; node = nixpkgs.lib.nixosSystem { diff --git a/maskiner/legacy/configuration.nix b/maskiner/legacy/configuration.nix index 02740b5..e101a51 100644 --- a/maskiner/legacy/configuration.nix +++ b/maskiner/legacy/configuration.nix @@ -28,11 +28,27 @@ in ../../moduler/sound.nix ]; + sops.defaultSopsFile = ../../secrets/sops.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml"; + }; + home-manager.extraSpecialArgs = { inherit inputs pkgs; }; home-manager.users.fw = { imports = [ ./../../moduler/home.nix ]; + stylix.targets = { + lazygit.enable = false; + fish.enable = false; + kitty.enable = false; + waybar.enable = false; + tmux.enable = false; + k9s.enable = false; + }; }; boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/maskiner/node/configuration.nix b/maskiner/node/configuration.nix index 8af7c08..004ca46 100644 --- a/maskiner/node/configuration.nix +++ b/maskiner/node/configuration.nix @@ -22,6 +22,7 @@ ../../moduler/services/monitoring ../../moduler/services/headscale # ../../moduler/wastring.nix + ../../moduler/wedding.nix ]; sops.defaultSopsFile = ../../secrets/sops.yaml; diff --git a/moduler/programs/k9s/default.nix b/moduler/programs/k9s/default.nix index 362db7b..65155c8 100644 --- a/moduler/programs/k9s/default.nix +++ b/moduler/programs/k9s/default.nix @@ -9,7 +9,8 @@ let in { programs.k9s = { - enable = true; + # enable = true; + enable = false; settings = { k9s.ui.skin = "catppuccin-latte"; }; diff --git a/moduler/wedding.nix b/moduler/wedding.nix new file mode 100644 index 0000000..6c89be8 --- /dev/null +++ b/moduler/wedding.nix @@ -0,0 +1,36 @@ +{ + config, + inputs, + pkgs, + ... +}: + +let +in +{ + sops.secrets.github_password = { }; + virtualisation.oci-containers = { + backend = "podman"; + containers = { + wedding = { + login = { + username = "fwastring"; + passwordFile = config.sops.secrets.github_password.path; + registry = "https://ghcr.io"; + }; + image = "ghcr.io/fwastring/wedding:8eed91e3c05fde5f826f25de4c7bccdbc312caef"; + ports = [ "127.0.0.1:8083:8080" ]; + }; + }; + }; + services.nginx = { + virtualHosts."wedding.wastring.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8083"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/secrets/sops.yaml b/secrets/sops.yaml index 623737c..cf1f0ce 100644 --- a/secrets/sops.yaml +++ b/secrets/sops.yaml @@ -1,6 +1,7 @@ gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str] wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str] wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str] +github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str] sops: age: - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s @@ -30,7 +31,7 @@ sops: OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-13T19:07:35Z" - mac: ENC[AES256_GCM,data:aQy8wXhipZtFjAGvHd4+M1wj18vIQNOw2gRvjtcCpvsnD35CDHPNPC2taH9p8Dj3zDta+2L+GP7mwsxKyU/jMKQrgVmLb0A2ConBx0IcuAhs1xI6E9lW2zGiQg6eWllQvvFispakc1mT1f763wQRUnsWif/GvNCluBybm0TPjbE=,iv:tFYEFMHear3tI6VTXrvyEJB0jIrmXzK1j7p7R0uRQEo=,tag:uEeJoaaF14YYQSWliZctgw==,type:str] + lastmodified: "2025-09-16T20:08:36Z" + mac: ENC[AES256_GCM,data:AC+MzlY0cJDoiEeSHyce84vueGabqQH/9dUfykUtlLvZehm7evBKR2YC4CMX3rAEv8zNvq8ZsPe5nTdzgB1WGQczkBQoVTe8Wh9vbH/xUVA7Wjk3AtJMkcy3rL4DYZyx5oBFht30o7ixgwTnOk9gXsdrkDbn5zozoIyWcGApgnQ=,iv:dyIphekRyLsgkreE2H6eCoESMh7vRqULtdNmqoqgLN4=,tag:AqRiy8Cv7CBOhWLkyRaqrg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2