macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor configs

Browse source
This commit is contained in:
Invariantspace 2024-08-31 21:13:43 -07:00
parent 84f7bc915f
commit 9710cae748
No known key found for this signature in database
GPG key ID: EBC4A20067373921
12 changed files with 125 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

7
common/secrets.yaml
View file

@ -1,4 +1,5 @@
aria2: ENC[AES256_GCM,data:wXS/Qgbu3bc9YDwVLCz+EIm8yMl8Un8XPwMv,iv:6j/mRhbA+Ps/8pvfmx0CYH2/iqxcG+roi50Gr6hC3SI=,tag:TK6D/9nmM76ODPH1irbREg==,type:str] aria2: ENC[AES256_GCM,data:wXS/Qgbu3bc9YDwVLCz+EIm8yMl8Un8XPwMv,iv:6j/mRhbA+Ps/8pvfmx0CYH2/iqxcG+roi50Gr6hC3SI=,tag:TK6D/9nmM76ODPH1irbREg==,type:str]
coturn: ENC[AES256_GCM,data:JvywrYxRl9QM4+WXH3xhkl4HZwGZurVYRX+S,iv:x6qmAS+11djd2w6pRr5KZYOy7vNtaC6rIw+XXDuu2aY=,tag:fT202mZDyRknuZK27RzgbA==,type:str]
users: users:
macronova: macronova:
password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str] password: ENC[AES256_GCM,data:b1ct21IrepupexfV5CZV31/HRLRbhPY8EZDAA5rkYisSkke5Z6K8IlFePkbRAEre08qastLPr8FARal+s/co6kfR+aFcqD55hMcLaXvthg4xI6K4NRX0Ifp28JaEy0c515qLbvDLiyMsHQ==,iv:uK96mBa7ewu6SjPWb5aJDPKKASSqWFNGfRt88jWhbP8=,tag:eeVXcr3JOOpqO35y0wcXIQ==,type:str]
@ -35,8 +36,8 @@ sops:
TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5 TG5mYWd3MnI5TlZiNXBjb0JJY3BvN0EKUd0ldQPe0/zdHjsmKEUhH7xkpO4nLfd5
fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ== fnTk1jGonJg+t+TqLLg/YYKlcNkgExWaIZ7wrd0RVKXOeC2BtM/wzQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-23T18:57:00Z" lastmodified: "2024-09-01T04:16:17Z"
mac: ENC[AES256_GCM,data:Oc4Ull2Hk/wU+eSjqIYVuVTLIoHj9PMc+tk4V9lzKBLgkL4mNdvtrWu9Cy1mv+SVVW5l0OXngtvVyo9yAA8kTKdkIDDUHX3R1PDZ8VZQDJuN+XmilH/6EdR3JdkofYNZmFiXzmfiIK376XoLWlSUkOJaIv3cFI9ARtAQSddEwFA=,iv:pzm68rC5VTqC2zfIlqbdcPwBe4ZtE0EwFdxwR8D1FnE=,tag:cDKkcxujot7mv6ZvpcCyRQ==,type:str] mac: ENC[AES256_GCM,data:eGWeRIt35PZ09tYOFwSm5OMC/cehI8Y2W6x2zd4PXLDxZpJi1I7wdvQ1ch/sHabD9Q9SLA4YbisHdCCNEXUc2y0sjfjK9CMvQjsOKhkvtDVPtPvlpK99CthNT2EGER22FxCOr2Ozp95Xji1NQrtxEozZF1IhI2HlZ9a8hZvcue8=,iv:rtnEIZetXDS9QSlOwjWfSFWH56e1C2He0qxQjWjiYxA=,tag:rTQSKM7erUfHscW4dsJJHQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.0

55
common/users.nix
View file

@ -2,10 +2,9 @@
config, config,
pkgs, pkgs,
... ...
}: let }:
home = config.constants.homeDir; with config.constants; let
usr = config.constants.userName; usrPwdFile = "users/${userName}/password";
usrPwdFile = "users/${usr}/password";
in { in {
console.enable = false; console.enable = false;
@ -25,7 +24,7 @@ in {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.${usr} = { users.${userName} = {
config, config,
osConfig, osConfig,
pkgs, pkgs,
@ -87,8 +86,8 @@ in {
".direnv" ".direnv"
".envrc" ".envrc"
]; ];
userEmail = osConfig.constants.postMaster; userEmail = postMaster;
userName = osConfig.constants.userName; userName = userName;
}; };
helix = { helix = {
enable = true; enable = true;
@ -110,6 +109,7 @@ in {
theme = "Tokyo Night Moon"; theme = "Tokyo Night Moon";
}; };
plasma = { plasma = {
enable = osConfig.services.desktopManager.plasma6.enable;
configFile = { configFile = {
baloofilerc = { baloofilerc = {
"Basic Settings".Indexing-Enabled = true; "Basic Settings".Indexing-Enabled = true;
@ -121,14 +121,16 @@ in {
TerminalService = "kitty.desktop"; TerminalService = "kitty.desktop";
}; };
}; };
input.touchpads = [ desktop.icons = {
{ alignment = "left";
enable = false; arrangement = "leftToRight";
name = "ASUE120A:00 04F3:319B Touchpad"; lockInPlace = true;
productId = "319B"; sorting = {
vendorId = "04F3"; foldersFirst = true;
} mode = "type";
]; };
};
immutableByDefault = true;
kscreenlocker = { kscreenlocker = {
autoLock = true; autoLock = true;
lockOnResume = true; lockOnResume = true;
@ -194,15 +196,6 @@ in {
spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S"; spectacle.shortcuts.captureRectangularRegion = "Meta+Shift+S";
workspace = { workspace = {
colorScheme = "SweetAmbarBlue"; colorScheme = "SweetAmbarBlue";
desktop.icons = {
alignment = "left";
arrangement = "leftToRight";
lockInPlace = true;
sorting = {
foldersFirst = true;
mode = "type";
};
};
iconTheme = "Sweet-Rainbow"; iconTheme = "Sweet-Rainbow";
lookAndFeel = "Sweet-Ambar-Blue"; lookAndFeel = "Sweet-Ambar-Blue";
soundTheme = "yorha"; soundTheme = "yorha";
@ -249,13 +242,13 @@ in {
}; };
resolved.enable = true; resolved.enable = true;
syncthing = { syncthing = {
configDir = "${home}/.config/syncthing"; configDir = "${homeDir}/.config/syncthing";
dataDir = "${home}/.local/share/syncthing"; dataDir = "${homeDir}/.local/share/syncthing";
openDefaultPorts = true; openDefaultPorts = true;
overrideDevices = true; overrideDevices = true;
overrideFolders = true; overrideFolders = true;
settings.devices = config.constants.syncthingDevices; settings.devices = syncthingDevices;
user = usr; user = userName;
}; };
}; };
@ -263,7 +256,7 @@ in {
users = { users = {
mutableUsers = false; mutableUsers = false;
users.${usr} = { users.${userName} = {
description = "Sicheng Pan"; description = "Sicheng Pan";
extraGroups = [ extraGroups = [
"audio" "audio"
@ -273,9 +266,9 @@ in {
"wheel" "wheel"
]; ];
hashedPasswordFile = config.sops.secrets.${usrPwdFile}.path; hashedPasswordFile = config.sops.secrets.${usrPwdFile}.path;
home = config.constants.homeDir; home = homeDir;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = config.constants.publicKeys; openssh.authorizedKeys.keys = publicKeys;
shell = pkgs.fish; shell = pkgs.fish;
}; };
}; };

48
flake.lock generated
View file

@ -37,11 +37,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1724163524, "lastModified": 1724895876,
"narHash": "sha256-3A06DYw47oSLYMalkWDLzTMHC0MKgm1mNfaca9sqUnI=", "narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "c7b14da22e302e0f9d7aa4df26b61016bcedf738", "rev": "511388d837178979de66d14ca4a2ebd5f7991cd3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -141,11 +141,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1724067415, "lastModified": 1724878143,
"narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,11 +159,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1723986931, "lastModified": 1724435763,
"narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -199,11 +199,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1724128906, "lastModified": 1725153537,
"narHash": "sha256-junn8oz6yG1akc5R5b8LjcAl1epKJkAzwPlG57bB3E0=", "narHash": "sha256-8+BJdXM1WBAttY+C63pEMUmUtSEWXHEhXOkLK4k1s2E=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "d9947d55383ece6ac396820112d34734cf47e2bb", "rev": "b13488a1f8ab01db6a3d18629f7b22a430f03984",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -285,11 +285,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1723891200, "lastModified": 1724748588,
"narHash": "sha256-uljX21+D/DZgb9uEFFG2dkkQbPZN+ig4Z6+UCLWFVAk=", "narHash": "sha256-NlpGA4+AIf1dKNq76ps90rxowlFXUsV9x7vK/mN37JM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a0d6390cb3e82062a35d0288979c45756e481f60", "rev": "a6292e34000dc93d43bccf78338770c1c5ec8a99",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -411,11 +411,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1723991338, "lastModified": 1724819573,
"narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8a3354191c0d7144db9756a74755672387b702ba", "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -479,11 +479,11 @@
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1724176973, "lastModified": 1724556439,
"narHash": "sha256-k2Y26WXJQvvDf2CRXvN6KSDPWHkhisGAejJvQak+nYk=", "narHash": "sha256-gPR3sxkKxISUvydnqoj54znpUkK8av/HVFuFJuYUw3w=",
"owner": "pjones", "owner": "pjones",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "f13208d6b4cc58458168f5174f4fae463126c074", "rev": "5c97fe8af2a2e561f14195ed357d8c451fdbff4c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -500,11 +500,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1724159077, "lastModified": 1724857454,
"narHash": "sha256-AddE0u6WbA5R7uxumw1Ka0oG5dv3cTtN0ppO/M/e0cg=", "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "1064a45e81a4e19cda98741b71219d9f4f136900", "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View file

@ -53,8 +53,7 @@
# TODO: Remove this when possible # TODO: Remove this when possible
config.permittedInsecurePackages = [ config.permittedInsecurePackages = [
"cinny-4.1.0" "fluffychat-web-1.20.0"
"cinny-unwrapped-4.1.0"
"olm-3.2.16" "olm-3.2.16"
]; ];

6
linux/blitzar/device.nix
View file

@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: let }: let
usr = config.constants.userName; userName = config.constants.userName;
in { in {
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
@ -11,7 +11,7 @@ in {
keyboard.qmk.enable = true; keyboard.qmk.enable = true;
openrazer = { openrazer = {
enable = true; enable = true;
users = [usr]; users = [userName];
}; };
}; };
@ -89,7 +89,7 @@ in {
udev.packages = [pkgs.via]; udev.packages = [pkgs.via];
}; };
users.users.${usr}.extraGroups = ["adbusers" "cdrom"]; users.users.${userName}.extraGroups = ["adbusers" "cdrom"];
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;

19
linux/blitzar/gui.nix
View file

@ -3,9 +3,9 @@
pkgs, pkgs,
... ...
}: let }: let
usr = config.constants.userName; userName = config.constants.userName;
in { in {
home-manager.users.${usr} = { home-manager.users.${userName} = {
config, config,
pkgs, pkgs,
... ...
@ -14,11 +14,8 @@ in {
in { in {
home.packages = with pkgs; [ home.packages = with pkgs; [
feishin feishin
hunspell
hunspellDicts.en-us-large
jellyfin-mpv-shim jellyfin-mpv-shim
joplin-desktop joplin-desktop
libreoffice-qt6-fresh
lutris lutris
nheko nheko
nvtopPackages.amd nvtopPackages.amd
@ -55,7 +52,14 @@ in {
]; ];
}; };
obs-studio.enable = true; obs-studio.enable = true;
plasma.enable = true; plasma.input.touchpads = [
{
enable = false;
name = "ASUE120A:00 04F3:319B Touchpad";
productId = "319B";
vendorId = "04F3";
}
];
zathura = { zathura = {
enable = true; enable = true;
options = { options = {
@ -140,10 +144,9 @@ in {
}; };
services = { services = {
colord.enable = true;
desktopManager.plasma6.enable = true; desktopManager.plasma6.enable = true;
displayManager = { displayManager = {
autoLogin.user = usr; autoLogin.user = userName;
sddm = { sddm = {
enable = true; enable = true;
wayland.enable = true; wayland.enable = true;

26
linux/nebula/conduit.nix
View file

@ -1,10 +1,24 @@
{config, ...}: { {config, ...}: {
services.matrix-conduit = { services = with config.constants; {
enable = true; coturn = {
settings.global = with config.constants; { enable = true;
address = wildcard; realm = localhost;
port = port.conduit; static-auth-secret-file = config.sops.secrets.coturn.path;
server_name = domain; use-auth-secret = true;
};
matrix-conduit = {
enable = true;
settings.global = {
address = wildcard;
port = port.conduit;
turn_secret = "TbbL8a4tsv6HkR9esjkPa4$fTKX";
turn_uris = [
"turn:${localhost}?transport=udp"
"turn:${localhost}?transport=tcp"
];
server_name = domain;
};
}; };
}; };
sops.secrets.coturn = {};
} }

19
linux/nebula/jellyfin.nix
View file

@ -2,11 +2,8 @@
config, config,
pkgs, pkgs,
... ...
}: let }:
const = config.constants; with config.constants; {
ports = const.port;
usr = const.userName;
in {
hardware.graphics.enable = true; hardware.graphics.enable = true;
services = { services = {
@ -17,29 +14,29 @@ in {
check-integrity = true; check-integrity = true;
max-concurrent-downloads = 16; max-concurrent-downloads = 16;
rpc-listen-all = true; rpc-listen-all = true;
rpc-listen-port = ports.aria2; rpc-listen-port = port.aria2;
}; };
}; };
jellyfin = { jellyfin = {
enable = true; enable = true;
user = usr; user = userName;
}; };
jellyseerr = { jellyseerr = {
enable = true; enable = true;
port = ports.jellyseerr; port = port.jellyseerr;
}; };
prowlarr.enable = true; prowlarr.enable = true;
radarr = { radarr = {
enable = true; enable = true;
user = usr; user = userName;
}; };
sonarr = { sonarr = {
enable = true; enable = true;
user = usr; user = userName;
}; };
}; };
sops.secrets.aria2 = {}; sops.secrets.aria2 = {};
users.users.${usr}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group]; users.users.${userName}.extraGroups = [config.systemd.services.aria2.serviceConfig.Group];
} }

7
linux/protostar/gui.nix
View file

@ -4,10 +4,10 @@
pkgs, pkgs,
... ...
}: let }: let
usr = config.constants.userName; userName = config.constants.userName;
jovianPkgs = pkgs.extend inputs.jovian.overlays.default; jovianPkgs = pkgs.extend inputs.jovian.overlays.default;
in { in {
home-manager.users.${usr} = { home-manager.users.${userName} = {
home.packages = with jovianPkgs; [ home.packages = with jovianPkgs; [
feishin feishin
lutris lutris
@ -22,7 +22,6 @@ in {
winetricks winetricks
wineWowPackages.stagingFull wineWowPackages.stagingFull
]; ];
programs.plasma.enable = true;
}; };
jovian = { jovian = {
devices.steamdeck = { devices.steamdeck = {
@ -33,7 +32,7 @@ in {
enable = true; enable = true;
autoStart = true; autoStart = true;
desktopSession = "plasma"; desktopSession = "plasma";
user = usr; user = userName;
}; };
}; };

40
linux/singularity/caddy.nix
View file

@ -2,20 +2,20 @@
config, config,
pkgs, pkgs,
... ...
}: { }:
with config.constants; {
services.caddy = { services.caddy = {
enable = true; enable = true;
email = config.constants.postMaster; email = postMaster;
virtualHosts = let virtualHosts = let
dn = config.constants.domain;
homeSrv = s: "nebula:${portStr.${s}}"; homeSrv = s: "nebula:${portStr.${s}}";
localSrv = s: "${config.constants.localhost}:${portStr.${s}}"; localSrv = s: "${localhost}:${portStr.${s}}";
msfqdn = config.mailserver.fqdn; msfqdn = config.mailserver.fqdn;
mtfqdn = "matrix.${dn}"; mtfqdn = "matrix.${domain}";
portStr = builtins.mapAttrs (n: v: toString v) config.constants.port; portStr = builtins.mapAttrs (n: v: toString v) port;
wn = s: "/.well-known/${s}"; wn = s: "/.well-known/${s}";
in { in {
"${dn}".extraConfig = let "${domain}".extraConfig = let
wnm = wn "matrix"; wnm = wn "matrix";
in '' in ''
header ${wnm}/* Content-Type application/json header ${wnm}/* Content-Type application/json
@ -26,22 +26,22 @@
"m.identity_server": { "base_url": "https://${mtfqdn}" } "m.identity_server": { "base_url": "https://${mtfqdn}" }
}` }`
''; '';
"aria2.${dn}".extraConfig = '' "aria2.${domain}".extraConfig = ''
reverse_proxy /jsonrpc ${homeSrv "aria2"} reverse_proxy /jsonrpc ${homeSrv "aria2"}
file_server { file_server {
root ${pkgs.ariang}/share/ariang root ${pkgs.ariang}/share/ariang
} }
''; '';
"forgejo.${dn}".extraConfig = '' "forgejo.${domain}".extraConfig = ''
reverse_proxy ${homeSrv "forgejo"} reverse_proxy ${homeSrv "forgejo"}
''; '';
"headscale.${dn}".extraConfig = '' "headscale.${domain}".extraConfig = ''
reverse_proxy ${localSrv "headscale"} reverse_proxy ${localSrv "headscale"}
''; '';
"jellyfin.${dn}".extraConfig = '' "jellyfin.${domain}".extraConfig = ''
reverse_proxy ${homeSrv "jellyfin"} reverse_proxy ${homeSrv "jellyfin"}
''; '';
"jellyseerr.${dn}".extraConfig = '' "jellyseerr.${domain}".extraConfig = ''
reverse_proxy ${homeSrv "jellyseerr"} reverse_proxy ${homeSrv "jellyseerr"}
''; '';
${msfqdn} = { ${msfqdn} = {
@ -52,24 +52,18 @@
''; '';
useACMEHost = msfqdn; useACMEHost = msfqdn;
}; };
"matrix.${dn}".extraConfig = '' "matrix.${domain}".extraConfig = ''
reverse_proxy /_matrix/* ${homeSrv "conduit"} reverse_proxy /_matrix/* ${homeSrv "conduit"}
file_server { file_server {
root ${pkgs.cinny.override { root ${pkgs.fluffychat-web}
conf = {
defaultHomeserver = 0;
hashRouter.enabled = true;
homeserverList = [dn];
};
}}
} }
''; '';
"vault.${dn}".extraConfig = '' "vault.${domain}".extraConfig = ''
reverse_proxy ${localSrv "vault"} { reverse_proxy ${localSrv "vault"} {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }
''; '';
"writefreely.${dn}".extraConfig = '' "writefreely.${domain}".extraConfig = ''
reverse_proxy ${homeSrv "writefreely"} reverse_proxy ${homeSrv "writefreely"}
''; '';
}; };
@ -78,7 +72,7 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = config.constants.postMaster; email = postMaster;
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
}; };
}; };

15
linux/singularity/mailserver.nix
View file

@ -1,16 +1,15 @@
{config, ...}: let {config, ...}:
dn = config.constants.domain; with config.constants; let
usr = config.constants.userName; mailSecret = "mail/${userName}/password";
mailSecret = "mail/${usr}/password";
in { in {
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.${dn}"; fqdn = "mail.${domain}";
domains = [dn]; domains = [domain];
loginAccounts = { loginAccounts = {
"${usr}@${dn}" = { "${userName}@${domain}" = {
aliases = [config.constants.postMaster]; aliases = [postMaster];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path; hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
}; };
}; };

8
linux/singularity/vaultwarden.nix
View file

@ -1,14 +1,12 @@
{config, ...}: { {config, ...}: {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = let config = with config.constants; {
const = config.constants;
in {
# Disable signup # Disable signup
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
# Specify service port # Specify service port
ROCKET_ADDRESS = const.localhost; ROCKET_ADDRESS = localhost;
ROCKET_PORT = const.port.vault; ROCKET_PORT = port.vault;
}; };
}; };
} }