feat: add overlays (#34)
Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
parent
4e15944edb
commit
89431bdfdb
14 changed files with 133 additions and 104 deletions
|
@ -11,7 +11,7 @@
|
|||
keys:
|
||||
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||
- &dns01 age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t
|
||||
- &dns01 age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
||||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
|
||||
|
|
17
flake.nix
17
flake.nix
|
@ -41,8 +41,10 @@
|
|||
forAllSystems = nixpkgs.lib.genAttrs [
|
||||
"aarch64-linux"
|
||||
"x86_64-linux"
|
||||
|
||||
];
|
||||
|
||||
# import overlays, ready for wrapping in nixossystem
|
||||
|
||||
in
|
||||
rec {
|
||||
# Use nixpkgs-fmt for 'nix fmt'
|
||||
|
@ -50,6 +52,7 @@
|
|||
|
||||
nixosModules = import ./nixos/modules/nixos;
|
||||
|
||||
|
||||
nixosConfigurations =
|
||||
with self.lib;
|
||||
let
|
||||
|
@ -61,6 +64,7 @@
|
|||
specialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
overlays = import ./nixos/overlays { inherit inputs; };
|
||||
|
||||
# generate a base nixos configuration with the
|
||||
# specified overlays, hardware modules, and any extraModules applied
|
||||
|
@ -81,6 +85,17 @@
|
|||
inherit system;
|
||||
modules = baseModules ++ hardwareModules ++ profileModules;
|
||||
specialArgs = { inherit self inputs nixpkgs; };
|
||||
# Add our overlays
|
||||
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = builtins.attrValues overlays;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
allowUnfreePredicate = _: true;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
in
|
||||
{
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
networking:
|
||||
#ENC[AES256_GCM,data:h8SY+XsXfzixGkqLuVnQBikWXNUuu/98WcrkQ8KneR1ubCIBURXgThZBV1z3EoR9YzpbUdoP0vgC35h+4G+QyzsReVewvqnIVK1biQ==,iv:zXrpHY5OTcZrGflL8bSwxBqejU+NrJjN4cI2F/39su4=,tag:/j3qmOUslX2m/tnPKc3szw==,type:comment]
|
||||
#ENC[AES256_GCM,data:WxRtq7uNi6m6b4GMGqvt+qkj1X4BZaynNDeEWMOH2u09x+IuYMiXXTJEGeKkf70eKjLZo0cD3HIzXNUr54SPP8jPmLqyRoS3Z+ggJg==,iv:EJPZQ9YSgs1JTKsZG1P6oMgxqNp2T7yha7UZwqAwzB4=,tag:toctJWuRe2viNF2crW1n4w==,type:comment]
|
||||
cloudflare-dyndns:
|
||||
apiTokenFile: ENC[AES256_GCM,data:apI38KT46dnwf3padK8d/NbGve4KIHZ1EFZD8t3XbKkMSFsYayb1zBowl4e0/A2wlkx4QMD1NYC2wPcQCHBk6mSZ1ILRwsXtzSm7TdPn7hCWn9+cp9T7qc7MRtuPoIvD+reNR/IgTysvfmDQtIaJxweLGQ==,iv:9+E6bqXlapDgi+zQr3Y4bAzrRR3/hltFb8vlA9Vs6Sg=,tag:kN+M9tXOALkqKBdNNtG7SA==,type:str]
|
||||
apiTokenFile: ENC[AES256_GCM,data:yTuSA7Zteaq4ufbLq0Ri+JDosNtVHudtRGSnLXzX2IFtGlzPNfrU0shIHpbicFZ+JS9x71a37sNt7gab1AZ5dJLxe2YVNVeJ3GFCFf7QNSI4GjOjzIUFSdHHhV+xGhtrL6h4SZTnh6iKqdU2iY1pAGT9Kw==,iv:gns8r/UhIXRIO+x08ZcrpuCFtwcUcC8HWjPfdJbkfRg=,tag:FAhAsUXzNOhEix+VBSu0Dg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,50 +12,50 @@ sops:
|
|||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnd1YyVEhwOWJPWGVxcEFv
|
||||
WXRnU1RKK1JTblRkQW9ZekYyOGRNc3RrVFRnCmNFL3M5K1RHRXROdmVlekM4ZUhL
|
||||
b1dYaEcvVXFocDV4MTMrbVdqbWJKWUUKLS0tIG5YcDZsZXRjSkVoN1RSdWw3NHNw
|
||||
aWZPalNwWkF0ZGR1SGNqTHVOalFrVzgKLdfR3P7xXfv091K/fQ1kotEVjL7lubKO
|
||||
S24E1Z0q48mXozZ4hfH3k1+ZKLkEJE6emuOZNfIf66/gRQ0WWwovSQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YlEvN1JNa01odlZTeDhB
|
||||
Y3ZEdlIvbUlFZm96NDZBeWc2MnRMMzlRYmxvCkh0L2NsNUdFbnM2OW8xSUlpQmwz
|
||||
NjAyRnRLV1JRRkhyL2xLNXExS25MUGsKLS0tIDVwYmhkNXp3WVhNVkhkaTk1UDZn
|
||||
UFNhQXJ5akZIY0ZiRmdDMUJGZXdCMlkKf3zA9MkZ/J2CUURvzZdtn4vSeYwiIAR9
|
||||
SLWB6O7ykkjZyhe40lJMdVb7OVqXUnAf4Ic0VpYVwLeAXjPEi2anBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZzJSZ0l0MTFpYklFd2tp
|
||||
M2xoNndjWHNCVGVMM1hsdkpiOTM2aHAwNmtRClMrWTVVZWF3SjVEUWNaTHluNkdr
|
||||
QTlzN1lNem1ZVndYOUZrL2ZEd2UwaEUKLS0tIEhmVS9NWStpeGVLNHRjK2ZzcCt4
|
||||
V285bFUwdXgzUy9Ndi8yTCtsYlRHVGsKzSx+eyIrJKgZCL2VoS4fEcp6iVpDiqF6
|
||||
7czaNhQhT0doqRm3QddMlD+o/7t7xOGhQEraq4q+i/JD4iYkSQp4zw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSXBZZzBkdWFVT2tYZTZh
|
||||
cVhIOUgzeUZ5QWQ4d0oxMGdxb2c0ZGpITVFBCkdRV00zSU1QYy9heHk2VlA1YjZI
|
||||
VEFlTHhZN3VKTExEQmRJYmJleDNIY28KLS0tIFpjM0lIdDdIaTJoemNvUlEyWjFI
|
||||
cDNuaXc0QXgrNGpaV1kvWXpBL2pwZWcKkde/Ka84e6AVbzxr9zY0zVIYotZEofei
|
||||
rPzQMsJ8x2+PLKRnOtny+He18E3AXN4G2KdbkkAaulFtPnodaXCWvw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
|
||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnR0JCdUJubzRLRFY1ZGdp
|
||||
SWl0Q3JHRU1tZ2ExRWVTYXlQTHN4TXFwYWk0Cm9ONVh1TjlMTzk3M21HYncyMmNy
|
||||
aWNqMERxN3FGREQ2cUdVQ1pHakdXMEEKLS0tIFZKdHRWemUvQXUxSmJHSFlqalhp
|
||||
bkpHMHEvb1c5d1NrMXNDdllvR3NPRlEK/toh+FUgXJX3FOgECX76vBzMunPOvwC5
|
||||
OXHrNBbr8r+4lraPucGKgDIiYqrb2upUUr2Y1n3+BaiMaRIxLIETww==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN1l4MWE3Wm9qZzN5TWNJ
|
||||
MG9QN1J6SW1GNHFxSW4rdHFTWG40emthL1RRCmFiaGU3dVJTNzhaL0dabExRWVB2
|
||||
V0tLd1kzZjVIWDFrdURtRTJDck41SVEKLS0tIHJvRmg3Uk1BWmRMcnFMTDRoM0Fq
|
||||
aWE3ZVRqczl6NklQMEZpTnpvbzhMYWsKzTdBC6weGhLESyrGZXbaFclG0lo3aqoi
|
||||
NHD2vuWcJexro3FPsBEce8yTCKi6VIBYQqntst0K4rE/7SLuMaqJVg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTjVVdkd0VjlTQ3VqS1pm
|
||||
bXNtUEdlSXl4V2NlT2xxeWVBQUc1dW5ZSVJBClBJeE5JNGs2TE40azJzWUFER3pF
|
||||
MHdEUTlkcUl3dVFoY2VaTHpCY1B4OXcKLS0tIFpkdnBVYU1Na3p3VFJSb3RBYkdt
|
||||
NUtxRjZhdWtnTGd1R01oTGdVbHNrblEKikD0L3r1K1GaXOPiu6/sJR8yPJ5j3y9f
|
||||
KWnFrx4hKOFlsclwrXchnU4v28BJuPE2yM/n4dgRoVCuJs1R2QKqpA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTGxCNmhYRnQ5elRMV0Nt
|
||||
bG1aZ255Y0pyYXhXWllVbDR0dWErUmRWWWlFCllRQm1jUU81MkhpdHdSdGhEWWpK
|
||||
Zm5JaVE4LzJrRmVRR0ZQR0VuYmpLYlUKLS0tIEVIVVg2WVRnVEFQbXBGZDVLWTY0
|
||||
NXpWZHc1NzVoWEN3cWlPZmRtdW9MWkkKi6DbXhf5+zZH4rdnksT8swUHF9ZHu5Gp
|
||||
jWbed3DahkwWAyMFD9SufGlgndRjqxHuyRa5EbBA4kyjYXvF5KjeCQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZEVLdGwvTFZIYlJBMkU2
|
||||
d0xGZzhjZGVzOEtWL09RQWRTSjVzcVc4ZzF3CjhzelppS3A4YmVmcnNFZDcyNFJh
|
||||
eThPazczUG9zUnZEbHFzdUJVaDRqcWsKLS0tIHhvTThHVWF2TnMyOU9GVzQwVDBt
|
||||
aWxlcTNjSTVBLzhiblo5WEJCMGRlcDQKb2pymltKgZw4708Hi2oAD+eMQ07BhDWq
|
||||
QRPnTFD/DbScDjfe58UC9izrXKf1Y5/rT36hSe8CI6NNU7uYaFMLcQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtajM2QjlyMzlHMDh0WjZP
|
||||
eTBIWGpFVzl1MHpkWUUxMnovaHhGZnNPK3hRCm1NamVabWY0RjZ6Tm5Lbjg3eXBn
|
||||
ZWVSMVUyRm1kc3dTbDl5YWx6ZnNhVlEKLS0tIFA0UU43ZnBMdDUyYXV1dlZNRVJZ
|
||||
VE1jekkrU0FEVWVSaHI0OUtMRk9Za0EKZWiqeBmuKDQK4mSUWptPoMIYNQdTtxoy
|
||||
/6Wr7QlnduC9Z+8OQuNNx5EC47DUSLmT8Zt2aP1wuolbEcQQkpNm2g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-26T10:54:18Z"
|
||||
mac: ENC[AES256_GCM,data:v1TqCr38V1oTszNi+xp5chepaGavVn9zIxhsAlS782g+SxfSTLeV+NoYgUHXgMNQbHhLb9NRdyzwcwoc9QlW2yfoysvwG7fR8DAzQSJKoOqeLCcBKSAQqHfmYCvjvhQCjrV2QBCBMCODrYBV/+vszMyEQmvCK8r6baQ+zLNnZzA=,iv:nSJPlPCBsUSyzk9Xmh1sJT+N97Gs0v98aiyCJZqzbs4=,tag:qv0Wn7ZvMB/wl7IKNOQ5Xw==,type:str]
|
||||
lastmodified: "2024-03-29T12:22:04Z"
|
||||
mac: ENC[AES256_GCM,data:kPlrDIly/XpIlocuyviHIhtts6GZaslNH5F5Pnm0fiwXm/cDGxDftkpIE1eEEVxkhkOd5Vml5ppfhngMu1pJgoyEgZnW+Ej0yGc7wa1cM3Iu5yqzDy60V/D638S58wiyi4wP+MN/hXbKjC/jh05hh3vDH1b6OH3YRCRIS4R+ZSE=,iv:cy2Hgnww4u/4FqlnoYa/E1vbmx+spIRgkiSfCdIqie4=,tag:iugVVWzxDxbR0tIRnjzD3g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -27,6 +27,11 @@ in
|
|||
# Restart when secret changes
|
||||
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
|
||||
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
# Cloudflare dynamic dns to keep my DNS records pointed at home
|
||||
services.cloudflare-dyndns = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
networking:
|
||||
dnscrypt-proxy2:
|
||||
forwarding-rules: ENC[AES256_GCM,data:r5q3U7iK6j6r+eydBNeAYzbA1oLHi4B5hTWknp0abBwpCLwnq0DWC5CDEt2Uv4CgkdOkvUXRlJBYexwHQ1Bs9afjsT4KT8Edy+ELu5FvP4kfg7LjjOoOFSdDhYHovhxXDMzd/ftH4HdPwO6JNMoc+n2WqBd9pLHGf9AvVJC+UQQnkv+xrLZyVcgWKNnMSjksknsWdM2L9OzQjnrWxt3aIGkMsCCR42ECX+G4rV4BtK0la3YHx/KQqMtquYiYtTuoPc/4qBGYEnbmlfDPuCPG6qaqvELca1SVmgakgxVvj+ZvxVYWyXsWpmhIJ56JHRJwQwzGTOPObROZMiQzs9Qm4uGwbBF/WgQS7gH016n3+9Mc1nBD1RBBXPsdc7Lygv1OPfdwmqJrDdC1AhK/SzR52V/OT8Pkp+EX2dMqxHYQdoiWQpmg2FxJ4zCrQFK1pPa5sztgLENepNsB2LEABDms3E4=,iv:I5+MsOlT/w4+2Q/x8KJPNCa4AKBCamv9xtDaaLROqbU=,tag:pFVyjd1V7WwKHoENE7E2cA==,type:str]
|
||||
forwarding-rules: ENC[AES256_GCM,data:7TUg3UiXZG25FhvxS8Mkg2ZlvLpMx05u+8yqQ3EyBXwFtXrVUvI3TM3L0NJr8c1MmimslpK7w+Xs9GphJfr4UaNV6m5A2kipA1v85AbL/rrEAvi9xRty3yqX1+vYtN1xa5Il3p0PeWkR3Q/LMW1ZfWXLu7FHyuitJaOIfySwyeK5njcHHsBtjQGNZcyg6oWxs6XdTLhrPwYMQvxrZ/l7mhxFOLIwuq9rlyVTw+SenKaZisW7TjksQtGvi3NmFARCPYSmyCH2/X/1OfPIomoUFTOAXC56mTFXrAf3TytkyOyysJsl/8S2mx6xrgbT+J09SRL9JTtQHi4iZaXS6tPFiCL6JtOzPMBdMrWdqWC/gI4Av8EemNVYu37oP5BUYsCOGOoKFMwuHSxiJCqNmR/im+cnP2tXwYwOhHmDxRNeVA6Wxt/4AktKhTHWkm/TLHshceOm+3liS+D0t+Q2/ybdy28=,iv:ejTYzQ/6qjX77GJmUKz/L/8/66fh0P7ORNqeKK4sgdE=,tag:fWugmMTlzLwdtx0sOrcv5Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,50 +11,50 @@ sops:
|
|||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5VzFCVlh5K1YvbmlKQ0R0
|
||||
NlpOdk4wV05HMFlRVHJZSW9sWTNtQ0p0YVI0ClpXaTFneVUwZyt1eUx2SnpVK2JI
|
||||
MW56S1dmTWpFUmVNWnpiTFFvOTQ4T0kKLS0tIExqcW5DUkxYWWdBSzFHcVozVkV6
|
||||
eXdhNlRlQ0syR1g5dXRpYy93djBOeDQK9TMoalWZS2fvPrfq+F8RITp9IqEOWG7p
|
||||
jg5H7gsdz5O/w1GMIYif5124gDgyCFkfVRPmAjdJvtN/owqhwaRGXw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWm9iUWwvbWZNSCs2SUVw
|
||||
ZUxDNFFoQXRPVUg0bmN3dDlnNzBBRUNUNWp3CnhheUloZzFOZzc5S3pmaDQybGlX
|
||||
TnEyMi9XbGgyRkdpditQVkdMb2RMMk0KLS0tIFpveHp6STZWc0NRK3JlRm01NE8z
|
||||
R1dRdnNmeDBRVmMwMzNnMHZBNE54T1UKEMjcJFqKoBvw5PA4HkGrhMXDG3RABwNI
|
||||
S084C00I8qvLn769vsaaSMYm5He31CQ9qDGhDhMXFTIsBbI+jegWKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UVhEVHJoaVAzSiszNDJ5
|
||||
VGNCOW5UVUMxaTgrQjdQVFoveE5pcVhmL3lvCmFQejUwSzNvK3FDQnFWWjBHdTk0
|
||||
ZVJrNkk0ZWZxVGtEYXU3eUZsWk41TUUKLS0tIDBYNjFoYU1mbzdtVEdHVW96TDFR
|
||||
VjhyZ3FqSkhtZHZ3S0xPVXZBNEtZOHMKCW9YMMwPXaDO23WdbW+NMmYVYau6Nw3i
|
||||
I4J+xRLDe8N8Ty8sVql7xPYmA2UtI/Vf12sJxrH+YZA3x7Ip1RnM5A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdUlWK3A5TjhOUW1mbm5X
|
||||
SVFac2o3eU5NUTVkVVBqcjgvTVdlU2N0U1hBCjRrY1dGNU1UOVpWN2gzdXBUejdR
|
||||
VmF6VUIxdnBEODI1dnVVQ0FXaE4rcXMKLS0tIDg0NmVyYTg2bFozcjQvMWoyU0FK
|
||||
QmtYTHUrL3RxOEQ4aE5vNi9IVWRvbmcKZEP7E8756mvvZOdhCstv2DzUsmEeZcp6
|
||||
Ts88FAsQHsF4RZLfFodKx+C1QGfA/O50MGTE5e4c2tpIuMjmCuPRLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
|
||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR1h3aDZqMmtWYkE4ZFBo
|
||||
emx6S2tDRVRBK0Y1R1ZrUDFWa1JkSmI1SkRjCkxYbUIvcFFkbWxIYTBEbXdFVy9j
|
||||
UGZaMWtITU5IMzNSSTJTMGZqZnlmWGcKLS0tIFIrdEpKZEs2c0VKdytzcjBoVUIv
|
||||
dzc5eEZ0ZlVQQmVaY2cwM09GcDFURFEKojQ8gD2ZG0WiXEHwKpE+/X0mtS3plSwZ
|
||||
RGDObWrg1MrlanAnHn/sh2A73uuWhsYiupurUZiFfFe2wqEUtiV7vw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1NkWkd0L29WbnNpQTh1
|
||||
Rkp1MmRqTkN4WGNMMHJhR0YvL2Y0eEtIWGgwCmlQZTAxei9aa3FPTWZLTXAvK3VF
|
||||
WXk3NzMzd0hHNlJvd1dmckcvRm5rZGMKLS0tIHQ2bVRrRkJrV2E5MXc5Vm1tVWxj
|
||||
RWhoMkVhVzdyaEtZVk9Ncll4S0VqOVkKwmcv1yi15ZUIUuamKXX9Ye76jGb3UMYY
|
||||
tM0dcX49n4jCzexhU5wu2Fax4EADpiJzGVK0iZ+8+oWedbBHyVudJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGNaMmRYbEJrUkl3b0o5
|
||||
aU1SWGpCRGMrQ2s1OTM2ekJaMitmUTh5aFRNCmVubjdTK0xQdUhYTXRhTFBMRUZ2
|
||||
dy9YelU0OWhIY09PdUVZTXFmTUphM0kKLS0tIHFkSmRGdDdyRlpXTTNzQW5LNjBZ
|
||||
cmFrQ2pxQ1lJRFdCbktyQW52K2Y5b00KCumqPgPDoCw/tPUM14C0D7/O7xUiqkLC
|
||||
hujl+o9IRhDf+XvmA3QhyR/4uAJ+1S2EfxnOWpRXJwCmeW3QQDZ2Gw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU1A0OTFYSUVPV3R3b0N4
|
||||
aE00UEZRTE1wN1NGdzhkdkJEQ2NuYzN3VDNRCldQTEN4Umw1ZnlhV1k3dVBjamxK
|
||||
Qk9qenlsZDQ5dVdjenU0cHVlVXkzTjQKLS0tIDhaMHRuZWhrWlMrMDRuY2xnTDNy
|
||||
M0Z0SHJZTi9tYXU3cEdrc2Y1NUtrY0UKt4y5CrmBbhTqB4Ksdf4fO69aukVUlz19
|
||||
9yFqWtsnt97jldYKXG8WH9koyJvW6ZLIX+he89s0JCue518tf00bJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycjVCakRONzRSbndhVHh1
|
||||
U095TURxSDhpUGNwRzZ0ak5ndXo0TjJFYmtNCmJnZUR2TlFUUzdNWVdBUDlHMFZB
|
||||
dmtOcTJnY3pURVJzazBpWEVmb2h0UW8KLS0tIHRZc04zdUVhUEgyQ2hxaTVTbmxV
|
||||
S29OdkNqTm5acXc2V2d4b1lGbHRITkUKRj7Fttqdf113T1zu+SE2SnA2ya149VU/
|
||||
0NBQU3DNFX/5SsPUT6N/HAqjkObvzG02Sv6Un/rrzZExnXF9aKh3aA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXloZlZ6ak40ckdCZjV1
|
||||
OWlhaHp5M2tpMTEyN05DcHJvZGlLbXFBaHdzCnZ4ZHROZkRUMGplNmpQa1ZiUC9w
|
||||
RVNIVWRqSTZFUHNFQ3JDdXd4dStPdDQKLS0tIEhqamZ5cm9aak1OV2lwTW9MMnZw
|
||||
dFNyUENxTUQrUWI5ZHZhekp6d1o5T3cKDxaiMjGDb1EbdobP2E9WDn7YfO6J7BMU
|
||||
sFAh+u38crXiEG24wxNl/Ps7z3oMPtmM7KRQ3hM753lBenuL7vXvMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-26T10:54:18Z"
|
||||
mac: ENC[AES256_GCM,data:plqgZV6lT1FT/pVt6O2KMXg4sAnJRGpDznyudk9Zmeye7FLEaqfAl696h0FoJoYsw7QnQ5KkWqJMFPerUyCauiNgyPXKgES2Inn15ZkRcT6+qqHWZGwYIBEhw5tKQ7173IW6pyiU9ZajWZnV3FrZGmMxgGSwXU94EwnI2uhxXxY=,iv:j/GMktQDyEoa5/gSmrTvu/WDGCS/etX/IYtun60SgYA=,tag:Ld+uw+RNd6kD93OiZy9flQ==,type:str]
|
||||
lastmodified: "2024-03-29T12:22:04Z"
|
||||
mac: ENC[AES256_GCM,data:hsDY1SO1nIe7J3mpMNJsxG2R+3N7AgUxoqqfvs2V4pO8SZnx5SvBqyIdGKcUOFgY66jtvAxwXULkl0J/TFj8A+MG5BkH/IAjDrWD0czYuUogtxik4DstyUXLSSM5zFP9niOmowsvK+1u/VpBrb+OlZNYiEHYKtY7+DhVJqDnQVc=,iv:iBxfpElahoJTXld45hpZXblTStQjm0WQpYmmv5wlpNg=,tag:caPwVlvCmRzm2as7ECbXgA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -24,6 +24,7 @@ in
|
|||
enable = true;
|
||||
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
|
||||
config = builtins.readFile ./maddy.conf;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
mail:
|
||||
maddy:
|
||||
envFile: ENC[AES256_GCM,data:wPYvV1sq7LkeD35JOyzBTVIOo/ZmzO2tODKAR1tzGfO87OZg8soFsFP13yIQyMvFu++wJ+ope6gOC6GtYvqD//JMpwg4FGn8lIE49rLAkUdAu/rWGjHiu4m2DWElVGGM2IjAu63TxhC7WGNSxLMsEVnObOcfV4xVeeVld1ubVS2slM0=,iv:3BCqTSIttd8RHmPZqdIliDn4HX03nHBuGodUaU81Q+8=,tag:Tlh4n5iJZu2RRPl3ASCxag==,type:str]
|
||||
envFile: ENC[AES256_GCM,data:pGs56ZvCfX42FcmOSQvg/hXIWDs/HrLrto50lP8DxWHBBrE1Mm/BJ1GWlz8CHrwTIwDOTZCbxfbZlQhr0ofuusf3AIYdTX3dtckCK+K0FVPIXenc/b0QotKeCWCbQj4mMZJCmlu3Yot2yP+SnxXQsl41yUEQsjiXmUVnbiXGlTnvLg4=,iv:V8sOvvt2lqXRpzbL6UilZE4PdwEOnX+LPJygVy0wmk0=,tag:1EEjTETv7ADYx8H2suxM6Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,50 +11,50 @@ sops:
|
|||
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYVFNWjFKU09MZ3g2UFdj
|
||||
Z3RUMnd5dXozVW5uaGtDYWRGUmFOeW5pNzNVCkI5MVhUc0VvbnVTMXM0WmhrVk10
|
||||
ZzFDVjN4ZzlxaVQvTG4xTkNZalZKcGsKLS0tIEdVL0Z1K1B0OEJVMjhTYTBjenF5
|
||||
LzM4dlJMd3NKS3FBVENMbDhGQzFJOUkKKFW1AOm7StnaAExDzEWmVNrYqr/bDE/e
|
||||
X8EPG5xN9IkkjpjhuHY9WgRAfpemWipDRzdEKH/qHB0oZR7+Pd9IAA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTEx5K29rV2Z3TmFZNG1h
|
||||
NnR5UFJjWnFNMkYzN05WaVhsUmxHZkVwMURZCjVCMFRFcGJyMmlsVDNKL0FhSmFG
|
||||
RHh4NVlNQWJzTGxLTkRrTkZWdll3blUKLS0tIGxqckF0cWlhMGpyanhPM29YMDVr
|
||||
Zi9ZRXZiUVZzOUlwU094eDNTaC80UVUKNovl0feqw/7Yv8TjKdj8tCXkWvUqC76/
|
||||
VX64fgAiC+BGbygPJ5wEVkQKH8OWSmgOIvqfvSYrga8AHsLgYPMm3A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVmlqNzRabC9zOTBFWWRk
|
||||
a2s0ZEF2S2NBam1FeEZFNnpMNjlmd2JMSkZRCkRDcHdzT0I2R3NURTZXQlQrQjFn
|
||||
NzZBeVZncVlqdllOZG4wNDB2YnNkaVUKLS0tIEFRY0FnVEllUW5NNTBMbGxTSlR5
|
||||
bVoxd0FvWjEyeHlKM2IyS1c2ajlhMncKJjDktmjOisjdUecV/bhI00fp6jA2puGD
|
||||
mOuASUhxGGN1c805vLmLnJA0llLtaN8C2iQC/H14IjG1U7QObbnrEA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRURSNjVydlVRdGFEcDFL
|
||||
U2lLWW0xNkhTR3NtRUN0OUE3UjViYW9RNVRnCmo4Tks1NWgzTHV2QXlZVmJESU9i
|
||||
cVZ0ekJCTHdhVWVyTTRFMEJJa080MDAKLS0tIG5CVE84K1dQMTg2WHhnYnBMdDZT
|
||||
dloxME9lajd3YW9Bbk9qUzVVa2UrYVEKUMlgxX2REGuvkpXwFhClOllkuUf/8E3v
|
||||
9QpcjUSWmExHTJcxvSUkEYL5C6lODL4172PfnQLt9QkdX7sYQUOFuw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
|
||||
- recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMjkrcHFZTXQ3QjZKWksw
|
||||
ZXNRbmNnSVhpWVdCL1NLQXhabGZVNGMydVE4CjdDVllwTHZyM2JZK1JaWVU0L0Qr
|
||||
NlRyeTFCajJLL0VWcVk1R3R0QTZYc2sKLS0tIG1hSDRkMkdlOTNiS2I2anVjeDZI
|
||||
UkJjTEhQQVdLVE11dmdES1hBYWNTZEUKVfi1F6rehBUrQB2AOHoPnhI16RzUA2T9
|
||||
NZ3b52xZUR3uAvLxqL9auLPxf1HC334zV5kEf0vmFyvD2DFWF9wjeQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMTZRRlRUOVowT01vUVVm
|
||||
aGNUQVllVVNKcVVoVXIyWmRLUEd5bzFVSjEwCm5iUUo3WWtEdHA4Wm1kSk8vcmRM
|
||||
ZzJGSk51UnU5d2pjVzZiZGt3dlZETHMKLS0tIGw3cDdnNWxiZXdtMmhuRUpwV1Y4
|
||||
RXRvL2F0TkxGNm1LejR1bHFCYjkyU2cKn7QMPuwZ8ermG59uK3rHrJkuDZ2US0JG
|
||||
Oj/ts8DXuu71TpTiiCXumThs+IjKQgARyv5P/jP/Souq9LppDtEDnQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqc0RYWGFBWjJjSG5NUG15
|
||||
cVp3MlB6MXp3alZid2hxMksrUG9KU1F1cmtVCnB0YVJtZHYvVG13bUhqWTEwZzhR
|
||||
a2xnSjFMVHIvZHA2TjVBSmQ3TkpKckEKLS0tIEFaZ3RzZFpoQjlqN2NYTkZFRXNi
|
||||
OWpSVVVuTFlMRnNTdEJLakRYdzdENVEKYaMBFCD/pr2UhpczDOS3qKTeI9v6PSNF
|
||||
+m0y3MXomdDy52ozw5NxS9N96l8IVcqaXmr/vXqFGrpm1hNKmznzjQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSlVlMG14cUxUcDRseDBC
|
||||
YXBtRk5oRlJ3dS83TDFicFM4WVZMT1VwelZrCkl5V01BbzRVa3RLWTF4U0ExRmR3
|
||||
cU9XMFZRQ2l6V0k1aFlucjlGL0d3V3cKLS0tIDJGWlE1Y1hhcjhUT1BsTXBtQTFH
|
||||
bEJka0pvUUM0OTV3QWdNWWRhcldTSEkK/yRrMYy2YC7NTzir/LL97PV9LxvW/fm1
|
||||
2YQIlSs6amPT32U46tnpqytVs0iR9Jobd153oAJjfhrAsGGP/msgsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUFZaeEM0Nlc3bjZPcXpH
|
||||
M2VReCswUHhvMDU5LzdLMkJYcHFXdnNQRjJBCjZNS2pmZ1JTTWdFckk2TzA2bmFK
|
||||
NWdVV0tPVVRtZzYwTkcrc2RxdXpjM0UKLS0tIHlrU2ZRdndmWmhTUnVQb3BRSDYy
|
||||
aGEwYmdrWW81eTc4K0ZlTmRyL2dqelkKrecN4dFiuRhBCecPa0oaBnvjy5pbvaXL
|
||||
aaWmkTlSh2ny0BbrotfG2poX2A1x3GqdCd1KNVGRghdTyS1g8GUfNQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUTJvUnE5V3NYNmZ0dERi
|
||||
emh0ell0N0xBMkhjL3kxdkIyRWs4UWpYTVFNCnlqaVhiWUNXa0l1Qk1peHlxdDdQ
|
||||
aEdkdFdFWW5zUlVBT1F0aERVQndheTgKLS0tIE83UXA1V21qbzFiQ3NFRnRiaS9i
|
||||
TXEvWDRXMTZuellnT1BKRWs4a1VkaFkK8Sls0BOhgCj36HhFIlRclBltqXrcR7cU
|
||||
POkvvHVfEXzZ8GzKOx3tyZZ7fnksNM9XFbofZ9/apGR9FP9mepnrdA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-26T10:54:18Z"
|
||||
mac: ENC[AES256_GCM,data:3bRXHo7YE4IlcH+ke1+cxuBU4jPZ/DSZaOHtMN+dmdLuxfwNnEBBgPwFxYPHHmhH86Xyh42pKGNlOtmU/nGsKFeaMJBbB9bW7zmtR8gwij6pKVK7MoFfKQcqI08EozgaFeYvS5xwUnf9t0q7afTTmMCc3k9154a4f/D/nxJdg4Q=,iv:wsAwTClGPR7sKp0agXgBnmRrkjLAcYfEh0Y8dozh3v0=,tag:QbXAYgh5DXqar58nsb71kA==,type:str]
|
||||
lastmodified: "2024-03-29T12:22:04Z"
|
||||
mac: ENC[AES256_GCM,data:XncWerMNxizmY29/ktbk6qyENQ75RJ11x7STemdtds9+0g24pyRpuHV0oocetDRLmUN6Cg6qXwCkJ2cgR5MMzjUYsYRP2VlzGPwQpr+L6dmvYp+j+70X9Qk7bRfj0cRJn+gHhfkWSxpAvows0/9+wJcsFhowS/vihVoz2xjLoZU=,iv:yH0wEYRX0uuJeyf9+5E9qpwr8S5lUXpB9K5aWnHJShY=,tag:6aIhVuQOtfbWggdnF7zw2g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -29,6 +29,7 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
# TODO: Enable this when option becomes available
|
||||
# Don't allow home-directory authorized_keys
|
||||
# authorizedKeysFiles = mkForce ["/etc/ssh/authorized_keys.d/%u"];
|
||||
|
|
9
nixos/overlays/README.md
Normal file
9
nixos/overlays/README.md
Normal file
|
@ -0,0 +1,9 @@
|
|||
### Adding overlays
|
||||
|
||||
Overlays should be added as individual nix files to `./nixos/overlays` with format
|
||||
|
||||
```nix
|
||||
final: prev: {
|
||||
hello = (prev.hello.overrideAttrs (oldAttrs: { doCheck = false; }));
|
||||
}
|
||||
```
|
|
@ -1,4 +1,12 @@
|
|||
{ inputs, ... }: {
|
||||
{ inputs
|
||||
, ...
|
||||
}:
|
||||
{
|
||||
# deploy-rs overlay
|
||||
deploy-rs = inputs.deploy-rs.overlay;
|
||||
|
||||
# The unstable nixpkgs set (declared in the flake inputs) will
|
||||
# be accessible through 'pkgs.unstable'
|
||||
unstable-packages = final: _prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit (final) system;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./nix.nix
|
||||
./nixpkgs.nix
|
||||
./sops.nix
|
||||
./system.nix
|
||||
./users.nix
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
nixpkgs = {
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,6 +10,7 @@ with lib;
|
|||
# Enable monitoring for remote scraiping
|
||||
mySystem.services.promMonitoring.enable = true;
|
||||
mySystem.services.rebootRequiredCheck.enable = true;
|
||||
mySystem.security.wheelNeedsSudoPassword = false;
|
||||
|
||||
nix.settings = {
|
||||
# TODO factor out into mySystem
|
||||
|
@ -32,7 +33,7 @@ with lib;
|
|||
|
||||
services.udisks2.enable = mkDefault false;
|
||||
xdg = {
|
||||
autostart.enable = mkDefault false;
|
||||
autostart.enable = mkDefault true;
|
||||
icons.enable = mkDefault false;
|
||||
mime.enable = mkDefault false;
|
||||
sounds.enable = mkDefault false;
|
||||
|
|
|
@ -38,7 +38,7 @@ with config;
|
|||
jq
|
||||
yq
|
||||
btop
|
||||
vim
|
||||
unstable.vim
|
||||
git
|
||||
dnsutils
|
||||
nix
|
||||
|
|
Reference in a new issue