feat: add overlays (#34)

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-03-30 09:26:56 +11:00 committed by GitHub
parent 4e15944edb
commit 89431bdfdb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 133 additions and 104 deletions

View file

@ -11,7 +11,7 @@
keys: keys:
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
- &dns01 age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t - &dns01 age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc

View file

@ -41,8 +41,10 @@
forAllSystems = nixpkgs.lib.genAttrs [ forAllSystems = nixpkgs.lib.genAttrs [
"aarch64-linux" "aarch64-linux"
"x86_64-linux" "x86_64-linux"
]; ];
# import overlays, ready for wrapping in nixossystem
in in
rec { rec {
# Use nixpkgs-fmt for 'nix fmt' # Use nixpkgs-fmt for 'nix fmt'
@ -50,6 +52,7 @@
nixosModules = import ./nixos/modules/nixos; nixosModules = import ./nixos/modules/nixos;
nixosConfigurations = nixosConfigurations =
with self.lib; with self.lib;
let let
@ -61,6 +64,7 @@
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
}; };
overlays = import ./nixos/overlays { inherit inputs; };
# generate a base nixos configuration with the # generate a base nixos configuration with the
# specified overlays, hardware modules, and any extraModules applied # specified overlays, hardware modules, and any extraModules applied
@ -81,6 +85,17 @@
inherit system; inherit system;
modules = baseModules ++ hardwareModules ++ profileModules; modules = baseModules ++ hardwareModules ++ profileModules;
specialArgs = { inherit self inputs nixpkgs; }; specialArgs = { inherit self inputs nixpkgs; };
# Add our overlays
pkgs = import nixpkgs {
inherit system;
overlays = builtins.attrValues overlays;
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
};
}; };
in in
{ {

View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
#ENC[AES256_GCM,data:h8SY+XsXfzixGkqLuVnQBikWXNUuu/98WcrkQ8KneR1ubCIBURXgThZBV1z3EoR9YzpbUdoP0vgC35h+4G+QyzsReVewvqnIVK1biQ==,iv:zXrpHY5OTcZrGflL8bSwxBqejU+NrJjN4cI2F/39su4=,tag:/j3qmOUslX2m/tnPKc3szw==,type:comment] #ENC[AES256_GCM,data:WxRtq7uNi6m6b4GMGqvt+qkj1X4BZaynNDeEWMOH2u09x+IuYMiXXTJEGeKkf70eKjLZo0cD3HIzXNUr54SPP8jPmLqyRoS3Z+ggJg==,iv:EJPZQ9YSgs1JTKsZG1P6oMgxqNp2T7yha7UZwqAwzB4=,tag:toctJWuRe2viNF2crW1n4w==,type:comment]
cloudflare-dyndns: cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:apI38KT46dnwf3padK8d/NbGve4KIHZ1EFZD8t3XbKkMSFsYayb1zBowl4e0/A2wlkx4QMD1NYC2wPcQCHBk6mSZ1ILRwsXtzSm7TdPn7hCWn9+cp9T7qc7MRtuPoIvD+reNR/IgTysvfmDQtIaJxweLGQ==,iv:9+E6bqXlapDgi+zQr3Y4bAzrRR3/hltFb8vlA9Vs6Sg=,tag:kN+M9tXOALkqKBdNNtG7SA==,type:str] apiTokenFile: ENC[AES256_GCM,data:yTuSA7Zteaq4ufbLq0Ri+JDosNtVHudtRGSnLXzX2IFtGlzPNfrU0shIHpbicFZ+JS9x71a37sNt7gab1AZ5dJLxe2YVNVeJ3GFCFf7QNSI4GjOjzIUFSdHHhV+xGhtrL6h4SZTnh6iKqdU2iY1pAGT9Kw==,iv:gns8r/UhIXRIO+x08ZcrpuCFtwcUcC8HWjPfdJbkfRg=,tag:FAhAsUXzNOhEix+VBSu0Dg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,50 +12,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnd1YyVEhwOWJPWGVxcEFv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YlEvN1JNa01odlZTeDhB
WXRnU1RKK1JTblRkQW9ZekYyOGRNc3RrVFRnCmNFL3M5K1RHRXROdmVlekM4ZUhL Y3ZEdlIvbUlFZm96NDZBeWc2MnRMMzlRYmxvCkh0L2NsNUdFbnM2OW8xSUlpQmwz
b1dYaEcvVXFocDV4MTMrbVdqbWJKWUUKLS0tIG5YcDZsZXRjSkVoN1RSdWw3NHNw NjAyRnRLV1JRRkhyL2xLNXExS25MUGsKLS0tIDVwYmhkNXp3WVhNVkhkaTk1UDZn
aWZPalNwWkF0ZGR1SGNqTHVOalFrVzgKLdfR3P7xXfv091K/fQ1kotEVjL7lubKO UFNhQXJ5akZIY0ZiRmdDMUJGZXdCMlkKf3zA9MkZ/J2CUURvzZdtn4vSeYwiIAR9
S24E1Z0q48mXozZ4hfH3k1+ZKLkEJE6emuOZNfIf66/gRQ0WWwovSQ== SLWB6O7ykkjZyhe40lJMdVb7OVqXUnAf4Ic0VpYVwLeAXjPEi2anBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZzJSZ0l0MTFpYklFd2tp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSXBZZzBkdWFVT2tYZTZh
M2xoNndjWHNCVGVMM1hsdkpiOTM2aHAwNmtRClMrWTVVZWF3SjVEUWNaTHluNkdr cVhIOUgzeUZ5QWQ4d0oxMGdxb2c0ZGpITVFBCkdRV00zSU1QYy9heHk2VlA1YjZI
QTlzN1lNem1ZVndYOUZrL2ZEd2UwaEUKLS0tIEhmVS9NWStpeGVLNHRjK2ZzcCt4 VEFlTHhZN3VKTExEQmRJYmJleDNIY28KLS0tIFpjM0lIdDdIaTJoemNvUlEyWjFI
V285bFUwdXgzUy9Ndi8yTCtsYlRHVGsKzSx+eyIrJKgZCL2VoS4fEcp6iVpDiqF6 cDNuaXc0QXgrNGpaV1kvWXpBL2pwZWcKkde/Ka84e6AVbzxr9zY0zVIYotZEofei
7czaNhQhT0doqRm3QddMlD+o/7t7xOGhQEraq4q+i/JD4iYkSQp4zw== rPzQMsJ8x2+PLKRnOtny+He18E3AXN4G2KdbkkAaulFtPnodaXCWvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnR0JCdUJubzRLRFY1ZGdp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN1l4MWE3Wm9qZzN5TWNJ
SWl0Q3JHRU1tZ2ExRWVTYXlQTHN4TXFwYWk0Cm9ONVh1TjlMTzk3M21HYncyMmNy MG9QN1J6SW1GNHFxSW4rdHFTWG40emthL1RRCmFiaGU3dVJTNzhaL0dabExRWVB2
aWNqMERxN3FGREQ2cUdVQ1pHakdXMEEKLS0tIFZKdHRWemUvQXUxSmJHSFlqalhp V0tLd1kzZjVIWDFrdURtRTJDck41SVEKLS0tIHJvRmg3Uk1BWmRMcnFMTDRoM0Fq
bkpHMHEvb1c5d1NrMXNDdllvR3NPRlEK/toh+FUgXJX3FOgECX76vBzMunPOvwC5 aWE3ZVRqczl6NklQMEZpTnpvbzhMYWsKzTdBC6weGhLESyrGZXbaFclG0lo3aqoi
OXHrNBbr8r+4lraPucGKgDIiYqrb2upUUr2Y1n3+BaiMaRIxLIETww== NHD2vuWcJexro3FPsBEce8yTCKi6VIBYQqntst0K4rE/7SLuMaqJVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTjVVdkd0VjlTQ3VqS1pm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTGxCNmhYRnQ5elRMV0Nt
bXNtUEdlSXl4V2NlT2xxeWVBQUc1dW5ZSVJBClBJeE5JNGs2TE40azJzWUFER3pF bG1aZ255Y0pyYXhXWllVbDR0dWErUmRWWWlFCllRQm1jUU81MkhpdHdSdGhEWWpK
MHdEUTlkcUl3dVFoY2VaTHpCY1B4OXcKLS0tIFpkdnBVYU1Na3p3VFJSb3RBYkdt Zm5JaVE4LzJrRmVRR0ZQR0VuYmpLYlUKLS0tIEVIVVg2WVRnVEFQbXBGZDVLWTY0
NUtxRjZhdWtnTGd1R01oTGdVbHNrblEKikD0L3r1K1GaXOPiu6/sJR8yPJ5j3y9f NXpWZHc1NzVoWEN3cWlPZmRtdW9MWkkKi6DbXhf5+zZH4rdnksT8swUHF9ZHu5Gp
KWnFrx4hKOFlsclwrXchnU4v28BJuPE2yM/n4dgRoVCuJs1R2QKqpA== jWbed3DahkwWAyMFD9SufGlgndRjqxHuyRa5EbBA4kyjYXvF5KjeCQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZEVLdGwvTFZIYlJBMkU2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtajM2QjlyMzlHMDh0WjZP
d0xGZzhjZGVzOEtWL09RQWRTSjVzcVc4ZzF3CjhzelppS3A4YmVmcnNFZDcyNFJh eTBIWGpFVzl1MHpkWUUxMnovaHhGZnNPK3hRCm1NamVabWY0RjZ6Tm5Lbjg3eXBn
eThPazczUG9zUnZEbHFzdUJVaDRqcWsKLS0tIHhvTThHVWF2TnMyOU9GVzQwVDBt ZWVSMVUyRm1kc3dTbDl5YWx6ZnNhVlEKLS0tIFA0UU43ZnBMdDUyYXV1dlZNRVJZ
aWxlcTNjSTVBLzhiblo5WEJCMGRlcDQKb2pymltKgZw4708Hi2oAD+eMQ07BhDWq VE1jekkrU0FEVWVSaHI0OUtMRk9Za0EKZWiqeBmuKDQK4mSUWptPoMIYNQdTtxoy
QRPnTFD/DbScDjfe58UC9izrXKf1Y5/rT36hSe8CI6NNU7uYaFMLcQ== /6Wr7QlnduC9Z+8OQuNNx5EC47DUSLmT8Zt2aP1wuolbEcQQkpNm2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-26T10:54:18Z" lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:v1TqCr38V1oTszNi+xp5chepaGavVn9zIxhsAlS782g+SxfSTLeV+NoYgUHXgMNQbHhLb9NRdyzwcwoc9QlW2yfoysvwG7fR8DAzQSJKoOqeLCcBKSAQqHfmYCvjvhQCjrV2QBCBMCODrYBV/+vszMyEQmvCK8r6baQ+zLNnZzA=,iv:nSJPlPCBsUSyzk9Xmh1sJT+N97Gs0v98aiyCJZqzbs4=,tag:qv0Wn7ZvMB/wl7IKNOQ5Xw==,type:str] mac: ENC[AES256_GCM,data:kPlrDIly/XpIlocuyviHIhtts6GZaslNH5F5Pnm0fiwXm/cDGxDftkpIE1eEEVxkhkOd5Vml5ppfhngMu1pJgoyEgZnW+Ej0yGc7wa1cM3Iu5yqzDy60V/D638S58wiyi4wP+MN/hXbKjC/jh05hh3vDH1b6OH3YRCRIS4R+ZSE=,iv:cy2Hgnww4u/4FqlnoYa/E1vbmx+spIRgkiSfCdIqie4=,tag:iugVVWzxDxbR0tIRnjzD3g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -27,6 +27,11 @@ in
# Restart when secret changes # Restart when secret changes
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ]; sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
networking.firewall = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
# Cloudflare dynamic dns to keep my DNS records pointed at home # Cloudflare dynamic dns to keep my DNS records pointed at home
services.cloudflare-dyndns = { services.cloudflare-dyndns = {
enable = true; enable = true;

View file

@ -1,7 +1,7 @@
system: system:
networking: networking:
dnscrypt-proxy2: dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:r5q3U7iK6j6r+eydBNeAYzbA1oLHi4B5hTWknp0abBwpCLwnq0DWC5CDEt2Uv4CgkdOkvUXRlJBYexwHQ1Bs9afjsT4KT8Edy+ELu5FvP4kfg7LjjOoOFSdDhYHovhxXDMzd/ftH4HdPwO6JNMoc+n2WqBd9pLHGf9AvVJC+UQQnkv+xrLZyVcgWKNnMSjksknsWdM2L9OzQjnrWxt3aIGkMsCCR42ECX+G4rV4BtK0la3YHx/KQqMtquYiYtTuoPc/4qBGYEnbmlfDPuCPG6qaqvELca1SVmgakgxVvj+ZvxVYWyXsWpmhIJ56JHRJwQwzGTOPObROZMiQzs9Qm4uGwbBF/WgQS7gH016n3+9Mc1nBD1RBBXPsdc7Lygv1OPfdwmqJrDdC1AhK/SzR52V/OT8Pkp+EX2dMqxHYQdoiWQpmg2FxJ4zCrQFK1pPa5sztgLENepNsB2LEABDms3E4=,iv:I5+MsOlT/w4+2Q/x8KJPNCa4AKBCamv9xtDaaLROqbU=,tag:pFVyjd1V7WwKHoENE7E2cA==,type:str] forwarding-rules: ENC[AES256_GCM,data:7TUg3UiXZG25FhvxS8Mkg2ZlvLpMx05u+8yqQ3EyBXwFtXrVUvI3TM3L0NJr8c1MmimslpK7w+Xs9GphJfr4UaNV6m5A2kipA1v85AbL/rrEAvi9xRty3yqX1+vYtN1xa5Il3p0PeWkR3Q/LMW1ZfWXLu7FHyuitJaOIfySwyeK5njcHHsBtjQGNZcyg6oWxs6XdTLhrPwYMQvxrZ/l7mhxFOLIwuq9rlyVTw+SenKaZisW7TjksQtGvi3NmFARCPYSmyCH2/X/1OfPIomoUFTOAXC56mTFXrAf3TytkyOyysJsl/8S2mx6xrgbT+J09SRL9JTtQHi4iZaXS6tPFiCL6JtOzPMBdMrWdqWC/gI4Av8EemNVYu37oP5BUYsCOGOoKFMwuHSxiJCqNmR/im+cnP2tXwYwOhHmDxRNeVA6Wxt/4AktKhTHWkm/TLHshceOm+3liS+D0t+Q2/ybdy28=,iv:ejTYzQ/6qjX77GJmUKz/L/8/66fh0P7ORNqeKK4sgdE=,tag:fWugmMTlzLwdtx0sOrcv5Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,50 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5VzFCVlh5K1YvbmlKQ0R0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWm9iUWwvbWZNSCs2SUVw
NlpOdk4wV05HMFlRVHJZSW9sWTNtQ0p0YVI0ClpXaTFneVUwZyt1eUx2SnpVK2JI ZUxDNFFoQXRPVUg0bmN3dDlnNzBBRUNUNWp3CnhheUloZzFOZzc5S3pmaDQybGlX
MW56S1dmTWpFUmVNWnpiTFFvOTQ4T0kKLS0tIExqcW5DUkxYWWdBSzFHcVozVkV6 TnEyMi9XbGgyRkdpditQVkdMb2RMMk0KLS0tIFpveHp6STZWc0NRK3JlRm01NE8z
eXdhNlRlQ0syR1g5dXRpYy93djBOeDQK9TMoalWZS2fvPrfq+F8RITp9IqEOWG7p R1dRdnNmeDBRVmMwMzNnMHZBNE54T1UKEMjcJFqKoBvw5PA4HkGrhMXDG3RABwNI
jg5H7gsdz5O/w1GMIYif5124gDgyCFkfVRPmAjdJvtN/owqhwaRGXw== S084C00I8qvLn769vsaaSMYm5He31CQ9qDGhDhMXFTIsBbI+jegWKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UVhEVHJoaVAzSiszNDJ5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdUlWK3A5TjhOUW1mbm5X
VGNCOW5UVUMxaTgrQjdQVFoveE5pcVhmL3lvCmFQejUwSzNvK3FDQnFWWjBHdTk0 SVFac2o3eU5NUTVkVVBqcjgvTVdlU2N0U1hBCjRrY1dGNU1UOVpWN2gzdXBUejdR
ZVJrNkk0ZWZxVGtEYXU3eUZsWk41TUUKLS0tIDBYNjFoYU1mbzdtVEdHVW96TDFR VmF6VUIxdnBEODI1dnVVQ0FXaE4rcXMKLS0tIDg0NmVyYTg2bFozcjQvMWoyU0FK
VjhyZ3FqSkhtZHZ3S0xPVXZBNEtZOHMKCW9YMMwPXaDO23WdbW+NMmYVYau6Nw3i QmtYTHUrL3RxOEQ4aE5vNi9IVWRvbmcKZEP7E8756mvvZOdhCstv2DzUsmEeZcp6
I4J+xRLDe8N8Ty8sVql7xPYmA2UtI/Vf12sJxrH+YZA3x7Ip1RnM5A== Ts88FAsQHsF4RZLfFodKx+C1QGfA/O50MGTE5e4c2tpIuMjmCuPRLg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR1h3aDZqMmtWYkE4ZFBo YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1NkWkd0L29WbnNpQTh1
emx6S2tDRVRBK0Y1R1ZrUDFWa1JkSmI1SkRjCkxYbUIvcFFkbWxIYTBEbXdFVy9j Rkp1MmRqTkN4WGNMMHJhR0YvL2Y0eEtIWGgwCmlQZTAxei9aa3FPTWZLTXAvK3VF
UGZaMWtITU5IMzNSSTJTMGZqZnlmWGcKLS0tIFIrdEpKZEs2c0VKdytzcjBoVUIv WXk3NzMzd0hHNlJvd1dmckcvRm5rZGMKLS0tIHQ2bVRrRkJrV2E5MXc5Vm1tVWxj
dzc5eEZ0ZlVQQmVaY2cwM09GcDFURFEKojQ8gD2ZG0WiXEHwKpE+/X0mtS3plSwZ RWhoMkVhVzdyaEtZVk9Ncll4S0VqOVkKwmcv1yi15ZUIUuamKXX9Ye76jGb3UMYY
RGDObWrg1MrlanAnHn/sh2A73uuWhsYiupurUZiFfFe2wqEUtiV7vw== tM0dcX49n4jCzexhU5wu2Fax4EADpiJzGVK0iZ+8+oWedbBHyVudJA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGNaMmRYbEJrUkl3b0o5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU1A0OTFYSUVPV3R3b0N4
aU1SWGpCRGMrQ2s1OTM2ekJaMitmUTh5aFRNCmVubjdTK0xQdUhYTXRhTFBMRUZ2 aE00UEZRTE1wN1NGdzhkdkJEQ2NuYzN3VDNRCldQTEN4Umw1ZnlhV1k3dVBjamxK
dy9YelU0OWhIY09PdUVZTXFmTUphM0kKLS0tIHFkSmRGdDdyRlpXTTNzQW5LNjBZ Qk9qenlsZDQ5dVdjenU0cHVlVXkzTjQKLS0tIDhaMHRuZWhrWlMrMDRuY2xnTDNy
cmFrQ2pxQ1lJRFdCbktyQW52K2Y5b00KCumqPgPDoCw/tPUM14C0D7/O7xUiqkLC M0Z0SHJZTi9tYXU3cEdrc2Y1NUtrY0UKt4y5CrmBbhTqB4Ksdf4fO69aukVUlz19
hujl+o9IRhDf+XvmA3QhyR/4uAJ+1S2EfxnOWpRXJwCmeW3QQDZ2Gw== 9yFqWtsnt97jldYKXG8WH9koyJvW6ZLIX+he89s0JCue518tf00bJA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycjVCakRONzRSbndhVHh1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNXloZlZ6ak40ckdCZjV1
U095TURxSDhpUGNwRzZ0ak5ndXo0TjJFYmtNCmJnZUR2TlFUUzdNWVdBUDlHMFZB OWlhaHp5M2tpMTEyN05DcHJvZGlLbXFBaHdzCnZ4ZHROZkRUMGplNmpQa1ZiUC9w
dmtOcTJnY3pURVJzazBpWEVmb2h0UW8KLS0tIHRZc04zdUVhUEgyQ2hxaTVTbmxV RVNIVWRqSTZFUHNFQ3JDdXd4dStPdDQKLS0tIEhqamZ5cm9aak1OV2lwTW9MMnZw
S29OdkNqTm5acXc2V2d4b1lGbHRITkUKRj7Fttqdf113T1zu+SE2SnA2ya149VU/ dFNyUENxTUQrUWI5ZHZhekp6d1o5T3cKDxaiMjGDb1EbdobP2E9WDn7YfO6J7BMU
0NBQU3DNFX/5SsPUT6N/HAqjkObvzG02Sv6Un/rrzZExnXF9aKh3aA== sFAh+u38crXiEG24wxNl/Ps7z3oMPtmM7KRQ3hM753lBenuL7vXvMA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-26T10:54:18Z" lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:plqgZV6lT1FT/pVt6O2KMXg4sAnJRGpDznyudk9Zmeye7FLEaqfAl696h0FoJoYsw7QnQ5KkWqJMFPerUyCauiNgyPXKgES2Inn15ZkRcT6+qqHWZGwYIBEhw5tKQ7173IW6pyiU9ZajWZnV3FrZGmMxgGSwXU94EwnI2uhxXxY=,iv:j/GMktQDyEoa5/gSmrTvu/WDGCS/etX/IYtun60SgYA=,tag:Ld+uw+RNd6kD93OiZy9flQ==,type:str] mac: ENC[AES256_GCM,data:hsDY1SO1nIe7J3mpMNJsxG2R+3N7AgUxoqqfvs2V4pO8SZnx5SvBqyIdGKcUOFgY66jtvAxwXULkl0J/TFj8A+MG5BkH/IAjDrWD0czYuUogtxik4DstyUXLSSM5zFP9niOmowsvK+1u/VpBrb+OlZNYiEHYKtY7+DhVJqDnQVc=,iv:iBxfpElahoJTXld45hpZXblTStQjm0WQpYmmv5wlpNg=,tag:caPwVlvCmRzm2as7ECbXgA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -24,6 +24,7 @@ in
enable = true; enable = true;
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ]; secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf; config = builtins.readFile ./maddy.conf;
openFirewall = true;
}; };
}; };

View file

@ -1,7 +1,7 @@
system: system:
mail: mail:
maddy: maddy:
envFile: ENC[AES256_GCM,data:wPYvV1sq7LkeD35JOyzBTVIOo/ZmzO2tODKAR1tzGfO87OZg8soFsFP13yIQyMvFu++wJ+ope6gOC6GtYvqD//JMpwg4FGn8lIE49rLAkUdAu/rWGjHiu4m2DWElVGGM2IjAu63TxhC7WGNSxLMsEVnObOcfV4xVeeVld1ubVS2slM0=,iv:3BCqTSIttd8RHmPZqdIliDn4HX03nHBuGodUaU81Q+8=,tag:Tlh4n5iJZu2RRPl3ASCxag==,type:str] envFile: ENC[AES256_GCM,data:pGs56ZvCfX42FcmOSQvg/hXIWDs/HrLrto50lP8DxWHBBrE1Mm/BJ1GWlz8CHrwTIwDOTZCbxfbZlQhr0ofuusf3AIYdTX3dtckCK+K0FVPIXenc/b0QotKeCWCbQj4mMZJCmlu3Yot2yP+SnxXQsl41yUEQsjiXmUVnbiXGlTnvLg4=,iv:V8sOvvt2lqXRpzbL6UilZE4PdwEOnX+LPJygVy0wmk0=,tag:1EEjTETv7ADYx8H2suxM6Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,50 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYVFNWjFKU09MZ3g2UFdj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTEx5K29rV2Z3TmFZNG1h
Z3RUMnd5dXozVW5uaGtDYWRGUmFOeW5pNzNVCkI5MVhUc0VvbnVTMXM0WmhrVk10 NnR5UFJjWnFNMkYzN05WaVhsUmxHZkVwMURZCjVCMFRFcGJyMmlsVDNKL0FhSmFG
ZzFDVjN4ZzlxaVQvTG4xTkNZalZKcGsKLS0tIEdVL0Z1K1B0OEJVMjhTYTBjenF5 RHh4NVlNQWJzTGxLTkRrTkZWdll3blUKLS0tIGxqckF0cWlhMGpyanhPM29YMDVr
LzM4dlJMd3NKS3FBVENMbDhGQzFJOUkKKFW1AOm7StnaAExDzEWmVNrYqr/bDE/e Zi9ZRXZiUVZzOUlwU094eDNTaC80UVUKNovl0feqw/7Yv8TjKdj8tCXkWvUqC76/
X8EPG5xN9IkkjpjhuHY9WgRAfpemWipDRzdEKH/qHB0oZR7+Pd9IAA== VX64fgAiC+BGbygPJ5wEVkQKH8OWSmgOIvqfvSYrga8AHsLgYPMm3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVmlqNzRabC9zOTBFWWRk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRURSNjVydlVRdGFEcDFL
a2s0ZEF2S2NBam1FeEZFNnpMNjlmd2JMSkZRCkRDcHdzT0I2R3NURTZXQlQrQjFn U2lLWW0xNkhTR3NtRUN0OUE3UjViYW9RNVRnCmo4Tks1NWgzTHV2QXlZVmJESU9i
NzZBeVZncVlqdllOZG4wNDB2YnNkaVUKLS0tIEFRY0FnVEllUW5NNTBMbGxTSlR5 cVZ0ekJCTHdhVWVyTTRFMEJJa080MDAKLS0tIG5CVE84K1dQMTg2WHhnYnBMdDZT
bVoxd0FvWjEyeHlKM2IyS1c2ajlhMncKJjDktmjOisjdUecV/bhI00fp6jA2puGD dloxME9lajd3YW9Bbk9qUzVVa2UrYVEKUMlgxX2REGuvkpXwFhClOllkuUf/8E3v
mOuASUhxGGN1c805vLmLnJA0llLtaN8C2iQC/H14IjG1U7QObbnrEA== 9QpcjUSWmExHTJcxvSUkEYL5C6lODL4172PfnQLt9QkdX7sYQUOFuw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1k3u3yn3adntn36cpnsqdze7gd029utgkndcw0zwck03ms3wegusshuav6y
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMjkrcHFZTXQ3QjZKWksw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMTZRRlRUOVowT01vUVVm
ZXNRbmNnSVhpWVdCL1NLQXhabGZVNGMydVE4CjdDVllwTHZyM2JZK1JaWVU0L0Qr aGNUQVllVVNKcVVoVXIyWmRLUEd5bzFVSjEwCm5iUUo3WWtEdHA4Wm1kSk8vcmRM
NlRyeTFCajJLL0VWcVk1R3R0QTZYc2sKLS0tIG1hSDRkMkdlOTNiS2I2anVjeDZI ZzJGSk51UnU5d2pjVzZiZGt3dlZETHMKLS0tIGw3cDdnNWxiZXdtMmhuRUpwV1Y4
UkJjTEhQQVdLVE11dmdES1hBYWNTZEUKVfi1F6rehBUrQB2AOHoPnhI16RzUA2T9 RXRvL2F0TkxGNm1LejR1bHFCYjkyU2cKn7QMPuwZ8ermG59uK3rHrJkuDZ2US0JG
NZ3b52xZUR3uAvLxqL9auLPxf1HC334zV5kEf0vmFyvD2DFWF9wjeQ== Oj/ts8DXuu71TpTiiCXumThs+IjKQgARyv5P/jP/Souq9LppDtEDnQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqc0RYWGFBWjJjSG5NUG15 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSlVlMG14cUxUcDRseDBC
cVp3MlB6MXp3alZid2hxMksrUG9KU1F1cmtVCnB0YVJtZHYvVG13bUhqWTEwZzhR YXBtRk5oRlJ3dS83TDFicFM4WVZMT1VwelZrCkl5V01BbzRVa3RLWTF4U0ExRmR3
a2xnSjFMVHIvZHA2TjVBSmQ3TkpKckEKLS0tIEFaZ3RzZFpoQjlqN2NYTkZFRXNi cU9XMFZRQ2l6V0k1aFlucjlGL0d3V3cKLS0tIDJGWlE1Y1hhcjhUT1BsTXBtQTFH
OWpSVVVuTFlMRnNTdEJLakRYdzdENVEKYaMBFCD/pr2UhpczDOS3qKTeI9v6PSNF bEJka0pvUUM0OTV3QWdNWWRhcldTSEkK/yRrMYy2YC7NTzir/LL97PV9LxvW/fm1
+m0y3MXomdDy52ozw5NxS9N96l8IVcqaXmr/vXqFGrpm1hNKmznzjQ== 2YQIlSs6amPT32U46tnpqytVs0iR9Jobd153oAJjfhrAsGGP/msgsQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUFZaeEM0Nlc3bjZPcXpH YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUTJvUnE5V3NYNmZ0dERi
M2VReCswUHhvMDU5LzdLMkJYcHFXdnNQRjJBCjZNS2pmZ1JTTWdFckk2TzA2bmFK emh0ell0N0xBMkhjL3kxdkIyRWs4UWpYTVFNCnlqaVhiWUNXa0l1Qk1peHlxdDdQ
NWdVV0tPVVRtZzYwTkcrc2RxdXpjM0UKLS0tIHlrU2ZRdndmWmhTUnVQb3BRSDYy aEdkdFdFWW5zUlVBT1F0aERVQndheTgKLS0tIE83UXA1V21qbzFiQ3NFRnRiaS9i
aGEwYmdrWW81eTc4K0ZlTmRyL2dqelkKrecN4dFiuRhBCecPa0oaBnvjy5pbvaXL TXEvWDRXMTZuellnT1BKRWs4a1VkaFkK8Sls0BOhgCj36HhFIlRclBltqXrcR7cU
aaWmkTlSh2ny0BbrotfG2poX2A1x3GqdCd1KNVGRghdTyS1g8GUfNQ== POkvvHVfEXzZ8GzKOx3tyZZ7fnksNM9XFbofZ9/apGR9FP9mepnrdA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-26T10:54:18Z" lastmodified: "2024-03-29T12:22:04Z"
mac: ENC[AES256_GCM,data:3bRXHo7YE4IlcH+ke1+cxuBU4jPZ/DSZaOHtMN+dmdLuxfwNnEBBgPwFxYPHHmhH86Xyh42pKGNlOtmU/nGsKFeaMJBbB9bW7zmtR8gwij6pKVK7MoFfKQcqI08EozgaFeYvS5xwUnf9t0q7afTTmMCc3k9154a4f/D/nxJdg4Q=,iv:wsAwTClGPR7sKp0agXgBnmRrkjLAcYfEh0Y8dozh3v0=,tag:QbXAYgh5DXqar58nsb71kA==,type:str] mac: ENC[AES256_GCM,data:XncWerMNxizmY29/ktbk6qyENQ75RJ11x7STemdtds9+0g24pyRpuHV0oocetDRLmUN6Cg6qXwCkJ2cgR5MMzjUYsYRP2VlzGPwQpr+L6dmvYp+j+70X9Qk7bRfj0cRJn+gHhfkWSxpAvows0/9+wJcsFhowS/vihVoz2xjLoZU=,iv:yH0wEYRX0uuJeyf9+5E9qpwr8S5lUXpB9K5aWnHJShY=,tag:6aIhVuQOtfbWggdnF7zw2g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -29,6 +29,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = true;
# TODO: Enable this when option becomes available # TODO: Enable this when option becomes available
# Don't allow home-directory authorized_keys # Don't allow home-directory authorized_keys
# authorizedKeysFiles = mkForce ["/etc/ssh/authorized_keys.d/%u"]; # authorizedKeysFiles = mkForce ["/etc/ssh/authorized_keys.d/%u"];

9
nixos/overlays/README.md Normal file
View file

@ -0,0 +1,9 @@
### Adding overlays
Overlays should be added as individual nix files to `./nixos/overlays` with format
```nix
final: prev: {
hello = (prev.hello.overrideAttrs (oldAttrs: { doCheck = false; }));
}
```

View file

@ -1,4 +1,12 @@
{ inputs, ... }: { { inputs
, ...
}:
{
# deploy-rs overlay
deploy-rs = inputs.deploy-rs.overlay;
# The unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: { unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable { unstable = import inputs.nixpkgs-unstable {
inherit (final) system; inherit (final) system;

View file

@ -1,7 +1,6 @@
{ {
imports = [ imports = [
./nix.nix ./nix.nix
./nixpkgs.nix
./sops.nix ./sops.nix
./system.nix ./system.nix
./users.nix ./users.nix

View file

@ -1,10 +0,0 @@
{ config, ... }:
{
nixpkgs = {
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
}

View file

@ -10,6 +10,7 @@ with lib;
# Enable monitoring for remote scraiping # Enable monitoring for remote scraiping
mySystem.services.promMonitoring.enable = true; mySystem.services.promMonitoring.enable = true;
mySystem.services.rebootRequiredCheck.enable = true; mySystem.services.rebootRequiredCheck.enable = true;
mySystem.security.wheelNeedsSudoPassword = false;
nix.settings = { nix.settings = {
# TODO factor out into mySystem # TODO factor out into mySystem
@ -32,7 +33,7 @@ with lib;
services.udisks2.enable = mkDefault false; services.udisks2.enable = mkDefault false;
xdg = { xdg = {
autostart.enable = mkDefault false; autostart.enable = mkDefault true;
icons.enable = mkDefault false; icons.enable = mkDefault false;
mime.enable = mkDefault false; mime.enable = mkDefault false;
sounds.enable = mkDefault false; sounds.enable = mkDefault false;

View file

@ -38,7 +38,7 @@ with config;
jq jq
yq yq
btop btop
vim unstable.vim
git git
dnsutils dnsutils
nix nix