fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of github.com:fwastring/nix

Browse source
This commit is contained in:
fwastring 2025-09-19 16:57:08 +02:00
commit a6e1b359ef
7 changed files with 61 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s - &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
- &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x - &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
- &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t - &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
- &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:

2
flake.nix
View file

@ -51,7 +51,9 @@
myhostname = "legacy"; myhostname = "legacy";
}; };
modules = [ modules = [
stylix.nixosModules.stylix
./maskiner/legacy/configuration.nix ./maskiner/legacy/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
node = nixpkgs.lib.nixosSystem { node = nixpkgs.lib.nixosSystem {

16
maskiner/legacy/configuration.nix
View file

@ -28,11 +28,27 @@ in
../../moduler/sound.nix ../../moduler/sound.nix
]; ];
sops.defaultSopsFile = ../../secrets/sops.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml";
};
home-manager.extraSpecialArgs = { inherit inputs pkgs; }; home-manager.extraSpecialArgs = { inherit inputs pkgs; };
home-manager.users.fw = { home-manager.users.fw = {
imports = [ imports = [
./../../moduler/home.nix ./../../moduler/home.nix
]; ];
stylix.targets = {
lazygit.enable = false;
fish.enable = false;
kitty.enable = false;
waybar.enable = false;
tmux.enable = false;
k9s.enable = false;
};
}; };
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;

1
maskiner/node/configuration.nix
View file

@ -22,6 +22,7 @@
../../moduler/services/monitoring ../../moduler/services/monitoring
../../moduler/services/headscale ../../moduler/services/headscale
# ../../moduler/wastring.nix # ../../moduler/wastring.nix
../../moduler/wedding.nix
]; ];
sops.defaultSopsFile = ../../secrets/sops.yaml; sops.defaultSopsFile = ../../secrets/sops.yaml;

3
moduler/programs/k9s/default.nix
View file

@ -9,7 +9,8 @@ let
in in
{ {
programs.k9s = { programs.k9s = {
enable = true; # enable = true;
enable = false;
settings = { settings = {
k9s.ui.skin = "catppuccin-latte"; k9s.ui.skin = "catppuccin-latte";
}; };

36
moduler/wedding.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
inputs,
pkgs,
...
}:
let
in
{
sops.secrets.github_password = { };
virtualisation.oci-containers = {
backend = "podman";
containers = {
wedding = {
login = {
username = "fwastring";
passwordFile = config.sops.secrets.github_password.path;
registry = "https://ghcr.io";
};
image = "ghcr.io/fwastring/wedding:8eed91e3c05fde5f826f25de4c7bccdbc312caef";
ports = [ "127.0.0.1:8083:8080" ];
};
};
};
services.nginx = {
virtualHosts."wedding.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
proxyWebsockets = true;
};
};
};
}

5
secrets/sops.yaml
View file

@ -1,6 +1,7 @@
gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str] gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str]
wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str] wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str]
wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str] wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str]
github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
sops: sops:
age: age:
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
@ -30,7 +31,7 @@ sops:
OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA== A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-13T19:07:35Z" lastmodified: "2025-09-16T20:08:36Z"
mac: ENC[AES256_GCM,data:aQy8wXhipZtFjAGvHd4+M1wj18vIQNOw2gRvjtcCpvsnD35CDHPNPC2taH9p8Dj3zDta+2L+GP7mwsxKyU/jMKQrgVmLb0A2ConBx0IcuAhs1xI6E9lW2zGiQg6eWllQvvFispakc1mT1f763wQRUnsWif/GvNCluBybm0TPjbE=,iv:tFYEFMHear3tI6VTXrvyEJB0jIrmXzK1j7p7R0uRQEo=,tag:uEeJoaaF14YYQSWliZctgw==,type:str] mac: ENC[AES256_GCM,data:AC+MzlY0cJDoiEeSHyce84vueGabqQH/9dUfykUtlLvZehm7evBKR2YC4CMX3rAEv8zNvq8ZsPe5nTdzgB1WGQczkBQoVTe8Wh9vbH/xUVA7Wjk3AtJMkcy3rL4DYZyx5oBFht30o7ixgwTnOk9gXsdrkDbn5zozoIyWcGApgnQ=,iv:dyIphekRyLsgkreE2H6eCoESMh7vRqULtdNmqoqgLN4=,tag:AqRiy8Cv7CBOhWLkyRaqrg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2