Merge branch 'main' of github.com:fwastring/nix

2025-09-19 16:57:08 +02:00 · 2025-09-19 16:57:08 +02:00 · a6e1b359ef
commit a6e1b359ef
parent 3416502f73 8ae96e9f6a
7 changed files with 61 additions and 3 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,6 +2,7 @@ keys:
  - &admin_fw age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
  - &server_desktop age106ml0ssx0p24dvfamp322myzka4wzeze9yhzyvtptp9c6fmmru6slswh2x
  - &server_macmini age1dql5lwetk39a9y8ummfgjx3aym02yn205lxk389k6q0tu9y3ff4s94l66t
+  - &server_legacy age1kf93dpuqhu0a90s49sszgw64mn32hwgrm8suv799ca4ngrkecpqs8ljzk8
 creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
--- a/flake.nix
+++ b/flake.nix
@ -51,7 +51,9 @@
            myhostname = "legacy";
          };
          modules = [
+            stylix.nixosModules.stylix
            ./maskiner/legacy/configuration.nix
+			sops-nix.nixosModules.sops
          ];
        };
        node = nixpkgs.lib.nixosSystem {
--- a/maskiner/legacy/configuration.nix
+++ b/maskiner/legacy/configuration.nix
@ -28,11 +28,27 @@ in
    ../../moduler/sound.nix
  ];

+  sops.defaultSopsFile = ../../secrets/sops.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  stylix = {
+    enable = true;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-latte.yaml";
+  };
+
  home-manager.extraSpecialArgs = { inherit inputs pkgs; };
  home-manager.users.fw = {
    imports = [
      ./../../moduler/home.nix
    ];
+    stylix.targets = {
+      lazygit.enable = false;
+      fish.enable = false;
+      kitty.enable = false;
+      waybar.enable = false;
+      tmux.enable = false;
+      k9s.enable = false;
+    };
  };

  boot.kernelPackages = pkgs.linuxPackages_latest;
--- a/maskiner/node/configuration.nix
+++ b/maskiner/node/configuration.nix
@ -22,6 +22,7 @@
    ../../moduler/services/monitoring
    ../../moduler/services/headscale
    # ../../moduler/wastring.nix
+     ../../moduler/wedding.nix
  ];

  sops.defaultSopsFile = ../../secrets/sops.yaml;
--- a/moduler/programs/k9s/default.nix
+++ b/moduler/programs/k9s/default.nix
@ -9,7 +9,8 @@ let
 in
 {
  programs.k9s = {
-    enable = true;
+    # enable = true;
+    enable = false;
 	settings = {
 		k9s.ui.skin = "catppuccin-latte";
 	};
--- a/moduler/wedding.nix
+++ b/moduler/wedding.nix
@ -0,0 +1,36 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+
+let
+in
+{
+  sops.secrets.github_password = { };
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      wedding = {
+        login = {
+          username = "fwastring";
+          passwordFile = config.sops.secrets.github_password.path;
+          registry = "https://ghcr.io";
+        };
+        image = "ghcr.io/fwastring/wedding:8eed91e3c05fde5f826f25de4c7bccdbc312caef";
+        ports = [ "127.0.0.1:8083:8080" ];
+      };
+    };
+  };
+  services.nginx = {
+    virtualHosts."wedding.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8083";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
--- a/secrets/sops.yaml
+++ b/secrets/sops.yaml
@ -1,6 +1,7 @@
 gandi_key: ENC[AES256_GCM,data:rhsDbf5RyChBWsgyLZoHCr12K1CztsoSitGNJbqqXlGhvYIP47cIXO8gCiEDOxhhC+gKp5Zc5biHUZ6Kf9vkV64X9SHoyw==,iv:WU+tuNpU8tlg6utPfah/EU9PrrO02SgJ1Fi07oxUjZI=,tag:9EYL9qX8DCy5U6IC7gP/eg==,type:str]
 wireguard_private_key: ENC[AES256_GCM,data:Fk3ZYyj51iSC0q7gQKY9kyg+kPHDJJJOYLiKyIuB2aDbI5yy8pggGyRBjtY=,iv:RQa34Irb93NlOCnpH7oEzDjJ30qlzMTAiosUsZYreqQ=,tag:0UFrh55JHSlJvzDtw7A60w==,type:str]
 wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWMCdSOJB6Z5ZA4iNHFKPU0k=,iv:RPKRI6A8sOmn22OdVrgl2RpbKGdfkrDdExlRd2QT/Wg=,tag:68cWti2y7f99GFHVYH1rtQ==,type:str]
+github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
 sops:
    age:
        - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
@ -30,7 +31,7 @@ sops:
            OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
            A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-13T19:07:35Z"
-    mac: ENC[AES256_GCM,data:aQy8wXhipZtFjAGvHd4+M1wj18vIQNOw2gRvjtcCpvsnD35CDHPNPC2taH9p8Dj3zDta+2L+GP7mwsxKyU/jMKQrgVmLb0A2ConBx0IcuAhs1xI6E9lW2zGiQg6eWllQvvFispakc1mT1f763wQRUnsWif/GvNCluBybm0TPjbE=,iv:tFYEFMHear3tI6VTXrvyEJB0jIrmXzK1j7p7R0uRQEo=,tag:uEeJoaaF14YYQSWliZctgw==,type:str]
+    lastmodified: "2025-09-16T20:08:36Z"
+    mac: ENC[AES256_GCM,data:AC+MzlY0cJDoiEeSHyce84vueGabqQH/9dUfykUtlLvZehm7evBKR2YC4CMX3rAEv8zNvq8ZsPe5nTdzgB1WGQczkBQoVTe8Wh9vbH/xUVA7Wjk3AtJMkcy3rL4DYZyx5oBFht30o7ixgwTnOk9gXsdrkDbn5zozoIyWcGApgnQ=,iv:dyIphekRyLsgkreE2H6eCoESMh7vRqULtdNmqoqgLN4=,tag:AqRiy8Cv7CBOhWLkyRaqrg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2