diff --git a/flake.nix b/flake.nix index 7063ec4b..adb7e927 100644 --- a/flake.nix +++ b/flake.nix @@ -306,6 +306,10 @@ name = device.name; user = device.user; is = name: device.name == name; + home = + if isDarwin + then "/Users/${device.user}" + else "/home/${device.user}"; }; nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices; @@ -373,6 +377,7 @@ overlays = import ./overlays.nix { inherit inputs; }; + config.allowUnfree = true; }; in { packages = rec { diff --git a/home/programs/ssh.nix b/home/programs/ssh.nix index 84721f6e..3d57ca40 100644 --- a/home/programs/ssh.nix +++ b/home/programs/ssh.nix @@ -6,7 +6,6 @@ }: { programs.ssh = { enable = true; - enableDefaultConfig = false; matchBlocks = { tsuba = { user = "servius"; @@ -46,13 +45,13 @@ hostname = "steamdeck"; forwardAgent = true; }; - "*" = { - forwardAgent = false; - addKeysToAgent = "no"; - # compression = true; - # HashKnownHosts = "no"; - serverAliveInterval = 60; - }; + # "*" = { + # forwardAgent = false; + # addKeysToAgent = "no"; + # # compression = true; + # # HashKnownHosts = "no"; + # serverAliveInterval = 60; + # }; }; extraConfig = lib.strings.optionalString (pkgs.stdenv.isDarwin && !device.isServer) @@ -63,4 +62,7 @@ IdentityAgent ~/.1password/agent.sock ''; }; + # // lib.mkIf (!(device.is "tsuba")) { + # enableDefaultConfig = false; + # }; } diff --git a/nixos/default.nix b/nixos/default.nix index 1705ac6d..76994deb 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -20,7 +20,6 @@ inputs.sops-nix.nixosModules.sops inputs.disko.nixosModules.disko {nixpkgs.overlays = overlays;} - ./${device.name}/configuration.nix home-manager.nixosModules.home-manager inputs.arion.nixosModules.arion # inputs.command-runner.nixosModules.command-runner @@ -43,6 +42,8 @@ ]; }; } + ../sops.nix + ./${device.name}/configuration.nix ]; } ) diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix index 1f5039b8..64520764 100644 --- a/nixos/mirai/configuration.nix +++ b/nixos/mirai/configuration.nix @@ -24,9 +24,6 @@ security.sudo.wheelNeedsPassword = false; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - age.keyFile = "/home/fs0c131y/.config/sops/age/keys.txt"; secrets."builder/mirai/cache/private" = {}; secrets.users = { sopsFile = ../../secrets/users.yaml; diff --git a/nixos/mirai/services/flaresolverr.nix b/nixos/mirai/services/flaresolverr.nix index 3372de80..08986daf 100644 --- a/nixos/mirai/services/flaresolverr.nix +++ b/nixos/mirai/services/flaresolverr.nix @@ -1,7 +1,8 @@ -{...}: { +{stablePkgs, ...}: { services = { flaresolverr = { enable = true; + package = stablePkgs.flaresolverr; }; }; } diff --git a/nixos/mirai/services/llama.nix b/nixos/mirai/services/llama.nix index 054ede6b..6f3f0896 100644 --- a/nixos/mirai/services/llama.nix +++ b/nixos/mirai/services/llama.nix @@ -43,7 +43,7 @@ }; }; open-webui = { - enable = true; + enable = false; port = 7070; environment = { SCARF_NO_ANALYTICS = "True"; diff --git a/nixos/mirai/services/lldap.nix b/nixos/mirai/services/lldap.nix index 371977ca..83257232 100644 --- a/nixos/mirai/services/lldap.nix +++ b/nixos/mirai/services/lldap.nix @@ -13,8 +13,8 @@ http_port = 5090; ldap_port = 389; ldap_host = "::"; + ldap_user_pass_file = config.sops.secrets."lldap/admin".path; environmentFile = '' - LLDAP_LDAP_USER_PASS_FILE = ${config.sops.secrets."lldap/admin".path}; LLDAP_JWT_SECRET_FILE = ${config.sops.secrets."lldap/jwt".path}; LLDAP_KEY_SEED_FILE = ${config.sops.secrets."lldap/seed".path}; ''; diff --git a/nixos/ryu/configuration.nix b/nixos/ryu/configuration.nix index 48f970d2..14701132 100644 --- a/nixos/ryu/configuration.nix +++ b/nixos/ryu/configuration.nix @@ -11,11 +11,11 @@ ./containers ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - age.keyFile = "/home/${device.user}/.config/sops/age/keys.txt"; - }; + # sops = { + # defaultSopsFile = ../../secrets/secrets.yaml; + # defaultSopsFormat = "yaml"; + # age.keyFile = "/home/${device.user}/.config/sops/age/keys.txt"; + # }; security.tpm2 = { enable = true; diff --git a/nixos/tsuba/configuration.nix b/nixos/tsuba/configuration.nix index c616873d..d6504944 100644 --- a/nixos/tsuba/configuration.nix +++ b/nixos/tsuba/configuration.nix @@ -13,11 +13,6 @@ nixpkgs.config.allowUnfree = true; security.sudo.wheelNeedsPassword = false; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - age.keyFile = "/home/servius/.config/sops/age/keys.txt"; - }; nix = { settings = { auto-optimise-store = true; diff --git a/nixos/tsuba/default.nix b/nixos/tsuba/default.nix index 4042ba12..c0dfc931 100644 --- a/nixos/tsuba/default.nix +++ b/nixos/tsuba/default.nix @@ -49,6 +49,7 @@ ./services ./disk-config.nix ./${name}.nix + ../../sops.nix ]; } ) diff --git a/nixos/tsuba/services/caddy.nix b/nixos/tsuba/services/caddy.nix index 93debdc4..bf325903 100644 --- a/nixos/tsuba/services/caddy.nix +++ b/nixos/tsuba/services/caddy.nix @@ -31,11 +31,11 @@ } } ''; - # package = pkgs.caddy.withPlugins { - # plugins = ["github.com/caddy-dns/hetzner@v1.0.0"]; - # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="; - # }; - package = pkgs.caddyWithHetzner; + package = pkgs.caddy.withPlugins { + plugins = ["github.com/caddy-dns/hetzner@v1.0.0"]; + hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="; + }; + # package = pkgs.caddyWithHetzner; }; }; systemd.services.caddy = { diff --git a/sops.nix b/sops.nix new file mode 100644 index 00000000..8cda851d --- /dev/null +++ b/sops.nix @@ -0,0 +1,7 @@ +{device, ...}: { + sops = { + defaultSopsFile = secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "${device.home}/.config/sops/age/keys.txt"; + }; +}