Compare commits

...

6 commits

13 changed files with 81 additions and 100 deletions

View file

@ -6,7 +6,7 @@ keys:
- &host_rico2 age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf
- &host_wynne age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0
- &host_layne age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d
- &host_bifrost age1d2anhmqdewykt3mgz6azsyz0yh7wc9ap6ga46myzwg84c9rpspws9ze3l4
- &host_bifrost age19utpmjh07n2s860s9h2mqmwfh836ne0r2nkdl6444nvsyfrudcss9nvzck
creation_rules:
- path_regex: secrets.yaml
key_groups:

View file

@ -468,15 +468,15 @@
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
@ -489,15 +489,15 @@
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz"
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"neovim-nightly": {

View file

@ -17,7 +17,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
@ -173,6 +173,7 @@
networking.hostName = lib.mkDefault hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
lix-module.nixosModules.default
sops-nix.nixosModules.sops
self.nixosModules.default
./common
@ -195,6 +196,7 @@
networking.hostName = lib.mkDefault hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
lix-module.nixosModules.default
sops-nix.nixosModules.sops
self.nixosModules.default
./common
@ -217,6 +219,7 @@
networking.hostName = lib.mkForce hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
lix-module.nixosModules.default
sops-nix.nixosModules.sops
self.nixosModules.default
./common
@ -290,6 +293,7 @@
statix
sops
age
ssh-to-age
deploy-rs.packages.${pkgs.system}.default
];
};

View file

@ -10,7 +10,6 @@
./files.nix
./git.nix
./gnupg.nix
./helix.nix
./kitty.nix
./mpv.nix
./neovim.nix

View file

@ -1,36 +0,0 @@
{ pkgs, ... }: {
programs.helix = {
enable = true;
settings = {
theme = "dracula";
editor = {
line-number = "relative";
lsp.display-messages = true;
cursor-shape = {
insert = "bar";
select = "underline";
normal = "block";
};
};
};
languages = {
language-server = {
nixd = {
command = "${pkgs.nixd}/bin/nixd";
};
};
language = [
{
name = "nix";
file-types = [ "nix" ];
roots = [ "flake.nix" ];
language-servers = [ "nixd" ];
formatter = {
command = "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt";
};
auto-format = true;
}
];
};
};
}

View file

@ -1,4 +1,5 @@
_: {
systemd.services.nftables.after = [ "wg-quick-Homelab.service" ];
networking = {
nftables = {
enable = true;

View file

@ -1,12 +1,16 @@
{ config, ... }:
let facts = config.nodeconfig.facts; in {
networking.firewall.interfaces.ens3.allowedTCPPorts = [ 22 ];
networking.firewall.interfaces = {
ens3.allowedTCPPorts = [ 2222 ];
ens4.allowedTCPPorts = [ 22 ];
};
services.openssh = {
enable = true;
openFirewall = false;
listenAddresses = [
{ addr = facts.wireguard-ip; port = 22; }
{ addr = facts.external-ip; port = 2222; }
{ addr = facts.local-ip; port = 22; }
{ addr = facts.wireguard-ip; port = 22; }
];
settings = {
KbdInteractiveAuthentication = false;

View file

@ -20,7 +20,10 @@
}
'';
};
systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path;
systemd.services.caddy = {
after = [ "wg-quick-Homelab.service" ];
serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
}

View file

@ -6,7 +6,7 @@
in
{
description = "Dendrite Matrix homeserver";
after = [ "network.target" ];
after = [ "network.target" "wg-quick-Homelab.service" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
unitConfig.RequiresMountsFor = [ "/mnt/data" ];
serviceConfig = {

View file

@ -58,6 +58,7 @@ in
HTTP_ADDR = "10.10.10.13";
HTTP_PORT = 3000;
DOMAIN = domainName;
LANDING_PAGE = "explore";
};
log = {
LEVEL = "Warn";
@ -73,4 +74,5 @@ in
database.createDatabase = true;
};
};
systemd.services.forgejo.after = [ "wg-quick-Homelab.service" "postgresql.service" ];
}

View file

@ -16,11 +16,16 @@ let domainName = "ntfy.acomputer.lol"; in {
};
};
};
systemd.services.ntfy-sh.unitConfig.RequiresMountsFor = [ "/mnt/data" ];
systemd.services.ntfy-sh.serviceConfig.WorkingDirectory = "/mnt/data/ntfy-sh";
systemd.services.ntfy-sh.serviceConfig.User = "ntfy-sh";
systemd.services.ntfy-sh.serviceConfig.Group = "ntfy-sh";
systemd.services.ntfy-sh.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.ntfy-sh = {
after = [ "wg-quick-Homelab.service" ];
unitConfig.RequiresMountsFor = [ "/mnt/data" ];
serviceConfig = {
WorkingDirectory = "/mnt/data/ntfy-sh";
User = "ntfy-sh";
Group = "ntfy-sh";
DynamicUser = lib.mkForce false;
};
};
users.users.ntfy-sh.home = "/mnt/data/ntfy-sh";
users.users.ntfy-sh.createHome = true;

View file

@ -14,7 +14,6 @@
host all all 127.0.0.1/8 trust
host all all ::1/128 trust
host all all 10.10.10.0/24 trust
host all all fd7c:585c:c4ae::0/64 trust
'';
ensureDatabases = [ "dendrite" "forgejo" ];
ensureUsers = [

View file

@ -29,74 +29,74 @@ sops:
- recipient: age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMHVtdzBwTFZ1Wk0vZnJ6
aDVTcTFTaElaWW1BcVlwa0FBUlBtVERjbnhBClJ0c3F1S0NwM2lqSlRyd3JWcnpt
dWlOV3VaWEFiN0I3U0dmcmtCTkdQOTQKLS0tICtoczZvN1NFaDBqTS9vQzNuVk44
aHlwWlZYSElMeVZCbXdoWkxjMGZ3MFUKYSqnaxaJzeDXsWPmo8hocgIyKvFLR0+O
A1Axsokssk7qkx3k/5sHOl/HGJ9gQ8yamBiuIJxAJPYuhzIO7hMhhg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETGhsZ21zUXBKUDdEdmxm
THRlYngzTFFZQlllb1pER1k0NjhUYTVRdVFvClNiTzBvb1ViVkhXZC82RkZPTk5j
cHY2bTZJd2RJZVE5aFhSdG1wWXorYVkKLS0tIEFFTEh4eUNBTmFzQWVpRG1aVlNF
M0psZGIzVGp6S0xWejA4REtRVVRFSHcK4/aIxW5G+IkNQwg6vyCFP/6X1WkSnS61
fgPWrEQjJS+vuVA+o2Lt9+xl4EhD7unDABHgXLEELEZBEPvD4j9OTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYmZCMENwNVFHeFNkUlBs
bG53UmRsMzBvN1cvNE0xNVpHUU94K0thKzJnCjIrN3g5eENXcnNsYUZjUUFxclp2
VS9zT05HSFBrR3Bmb2lGbmJRemVGQU0KLS0tIFVLSlVsS1lSQVpTcEZNbllDeE9Q
dGN2cUpHWFErb0FNWjlRZGZmaW1QYXcKeAe2bsynzdtlKzXDplmbY1WYSZjIJtQ6
Vz1iUUFdAol3qs8VbUdrc6vASxZT5MAWGbe+cSl/D3XWizspVyGblw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUThUSlY0RlYrOU45TjFI
ZU9vd25pendWY1VuVkZ6SWp4aHMyUzlVY1dFCnkxRjhOVzdNWTdCVm9ZeGZuSlBt
WHI1YjlSWkxJRHBzeVdhWlNieWIrNE0KLS0tIGlCNE9DWEh5OS9ETlBmdEV3NHJH
ZkZnUmdtbC8vNnF2S2s0aDl0anEwVlUK+wVMT1PRYJKgOArgtC/joZuXAdsMo9GL
JiJLBD+qElsUaw7ua3m6XhogAt81LgDanAVyttW5otO+qD1/Gu/SEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age106k9u5ns9h7smh3gqc40k9fft5emknvq669qdv8a29ak3ah4j38s5ng2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGT3VRcUpRWmxSZDYvMnBQ
cCtheTNiempOT0ZOdzZmcE5vcEk2Z0dVMFRzCktmODRFamRGbWgrLzNCTFlRNHdn
cjNuOThPV0xuYUIzbVMyUHhwUitOblEKLS0tIDV6d2lhcHR1UmRrZGYrdGxrREhY
TktweVg3KzlITmJYS1drZG94TDNycVUKliVvdGzIWfQFglMF7OgfvE77PT8cXnWq
+lOBhJZV57EFxNUaQ7B4HEzTSrs7cXxpoTfww4xELgVGsXidRdP9zA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQd1lqc0Z2RWNsWXBwQy9D
ZTFvSm1VWGdYSlgrdjFQbFlXeXRET2NyTmhnCmVLV2doMWpyZG8xeCtlc3RsT3h1
UGZWSG1HTGJwRnljME56WHZXWnZQdzQKLS0tIHkzMnpKQnF1SU03UUh0WUYxRUtw
dXFhY05vMzN3MDgxeXgwdzBZTUFTejAKGehTsUSM1IQ7DMxrsl2tAv1xTqVnV5Vo
BzTY7+ZPScj3fyd5q0NmoYm/aF+rEzZ9mvgIc1uu9uV7ibgLO3h7cA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1829x4l8vdhcn97af0zq898tupll0smrqywxka4pswkt6mtn8qp7qqnnnl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTXc5VDJyTVlvYzRpTjFm
M2svWVVmVlE0bkJGS0NtWGpKckoxTnJxWGl3CjZlZXNJSFJtb0ZBY3dobll3UDJG
RERlaTF4RTU3U0oreGgwNVhVMkcreTAKLS0tIGpCN2lLUFozaC9tSWZZK1lhaHBh
aU5Qc3NQcEl4NUJTQVZwTFd0a2pxc3MKmDqrWH8QcJoSmco+Wv6sFvAABxb4BEqV
0zYwJvu8WJfyZM9fjXwbiSThX3AmheHYmvu8D4N4TDPXh1vPduK9SQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTDRUZjJpcVQzN01meWZH
TWJwdll1N1FrRy8rbzQ1cXg3cldFc20xeURNCk9aSjVNczJHelU2SHpvR0paMzFa
d0hMd1BQNzNaTms5NXJVSFlQcW9sOFUKLS0tIFlodkU2Y29qVGNZeUd2b1RlQlJt
alZtWlZ3TktiZE5WNGFrdzA0dS93eDAKKpvVzsSwqJURad7yl5l/YoRJdluF2q8G
nlgvIoPAQvdtWiUh4/ux/eMR4ApryUwGk/m5zlyEYzp11lTQfpCz+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaDdHUmlxT0hBazduNi9Q
ZXlhNkMzcEE3bFFIUXhieVMwRGFRczJOY1VVCnhKV3RDTG9yRjIrNEl4UHpQSDd0
OFk4NXpuNmVWQjZjZHVINjUxMG1NYzgKLS0tIGt4RGJudENhTE5zMnVlWG9yaHd3
R1JtRWR2cXh2RjZWeXFOWXI4ZVRJYjQKcxj4IYW0N67chn3nvkVD4fpaPLG4pIsA
NSHHuUJVkyWzagfr7KwlTNy732Pmo+Z0/tsPgU6tujEJ6UZHCV990w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4REtVSHRjUFF2ejd5YmEy
eUc3WE9FbmRHQ2w2dHN5bWJ0Q1FDeE5HNVI4ClJ0SjEvY1NkMUdSckFQQW5oTGli
OUJtQlVjMlNaemJ2RFpuUklITTE1ZUkKLS0tIGZwLzFvMk0vU1lyZlkyNE5Tek5Z
d1pUK2VuRlZ2K0VYUG9SN2VtYmtQMmMKdqe1ym86lCWEeGQszr7ZW0+8mgelaWfi
mwrRGQ9cAOSklkK5V5W+vbtEol6mAiQwy2TJ4rDlx1Gs0p/GTF5l6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIckk3VVNWcWFtRG1NSHlu
bWR2MTRCM1hBM0ZFNk9UL1h0OWRJQVFlU0RjCmNKcmdIZWhEeVlySkF1dDZUSUpM
bHlVOW1SMUNZcXVJa2QrOFdyc053djgKLS0tIDYxSVI5MGhLQ3N6NSs5empjSFRK
bitpYzl1cUxrb3pSelFDT1h6RDlWL0EKjXmQt08XgxJ6JBjjXmrtEqFqFQH9HG1j
d1uWcoKE1lYJifBtGUL1/U26RelucSYpBf09czN1DcOqGziyhlRg0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJbTIvUmladGZsYU5jaGd1
ekdhUU1UMVUvMjFrbTBVNXpzNUJjaVdWbVJrClpDZmZQWnM5RE9FT0cyRG5NWHlu
ajNyaVBOS211T2N6U09yRnBGVW9aWWsKLS0tIFMxR09IYzUyYzZCTURoaE1XNVh4
YXVzUHQvNUlXaVhYbm91SHNGcElFSmMKalYPKFclH/u+07KlCPwkwf/acTWNeOdn
ufqMJNuNB0u1Ah734pU8jBJvXX3omiL3yxfREGjGaf4Ook8BshK73w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUHgvZHcyVkIxc2NIWCtk
OEZkMFE5VFdKQ0NuSjBzdndsTit4YWpHdzE0Cjl5a09KRDA4aUtXTGpDTkJZRnJn
RXhLSXhoTVFwa2NRU3hUTjdQYW4vN28KLS0tIE5XRSsxN3FqbGZmTkFlY0N5NkdJ
OXJsTUkzeFpCd1NkWkNnaUZRKzFkeVEKhPv18blHw8cJpF63eo1yulMB5QFLRfZB
bsWMe8pVgM/9uuYb8cpDNulYL8caIcbLoAiIg1xMBqlsiSBgIlF7Zw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYOS9zOVk5a0Z3RTc5bmVj
WEswTm4yV1hBRlVvak1XS3hnV3RUajB6aGh3CnFjZEFKUE1PcU1YODlaenQrT2Ji
T2RSV01UdEhEWFg0YlZmTXNqTC8ycW8KLS0tIGtWblU4cDh0SjlhRE1wVmgxTjNU
M1NEVVZGMGlCQ1FzQkpDTTJCd3lyOU0KDs5SZeeJvJ9q6IdvGbRUtw6fo03urXQ3
DTpD1+SSxYunUhQ7nZSaHfoJ+XB2ixhD48mx9LwRs+YJkWBvvrVwag==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d2anhmqdewykt3mgz6azsyz0yh7wc9ap6ga46myzwg84c9rpspws9ze3l4
- recipient: age19utpmjh07n2s860s9h2mqmwfh836ne0r2nkdl6444nvsyfrudcss9nvzck
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT3NKclcwaERiM3gzV2o1
SGw5MVY0SjhNZ1Yyc0dFbm9DMFdseGU0UUVFCkVXd1IvU3ZPWm5pVnFOb21kbWVr
emFFVGg0MXFienlHd3ZmY2p2Yyt2SjQKLS0tIFpZWGNINnFRdUJZQW9YeGxrUnN4
WUc1Tm4wMkxUM2xybjFKK2VqWU9GSFEKVhMLzPF5CT/W0PC5jsNzpIE8wtRrUdfH
QHKId9QbaEaz8c85iXppJwONJJ2eTWUElj4ZVLUacgiqyS+rBiyuFw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQ093TmtqTWc1Y016dHdv
T1J2empYcUhUUEMyZE1VbFE2Z2ZQeEhGNzI4ClY2UHZNVzEvNms3ellvZkRkNGM1
RVlMMVVSbkpEREFaQ3JNQ256bnBKeWMKLS0tIGR4TytxQW4zUkdhWU1rZjY3Z085
Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh
sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-22T05:40:29Z"
mac: ENC[AES256_GCM,data:dialk5LEy/M+zx839s9YKU1DxPOPkBadMAcXqkvyDE20dr0EoXjeNa9oQMuA++RsCUJfUKAOskyqjCFhLjDD4VHNr1htE4uBpfRS196p16Cgp4Qp12uj51D/7JCgQeAwGAwc1K7R0z1lXfrqDE2I6xrGcTWxlJcN7PN6IT2X6tA=,iv:Y5alGY//VAXd3yiHR//5BbZumLU3IyBJNvWweVKUDeM=,tag:rfn/6RLQlGU+nXZPlIQjfg==,type:str]