docs: add example of how to add secrets

refactor: update monitoring target labels and jellyfin caddy config
2026-02-02 04:42:32 +05:30 · 2026-02-02 02:34:28 +05:30
5 changed files with 29 additions and 15 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -276,7 +276,19 @@ sessionVariables = {
 - Secrets are managed with SOPS (Secrets OPerationS)
 - Encrypted secrets in `secrets/` directory
 - Configuration in `.sops.yaml`
- Access secrets via `config.sops.secrets."path/to/secret".path`
+- Access secrets via `config.sops.secrets."secret/value".path` which corresponds to following in yaml.
    ```yaml
    foo:
        bar: somesecret
    ```
    The path is the file that contains `somesecret`
 - Add new secrets using `sops set` 
  Example
  ```bash
    openssl rand -hex 32 | tr -d '\n' | jq -sR | sops set --value-stdin secrets/secrets.yaml '["foo"]["bar"]'
  ```
  This will add a randomly generated secret to the sops file
 ## Common Patterns
--- a/home/programs/aichat.nix
+++ b/home/programs/aichat.nix
@@ -33,6 +33,16 @@
              name = "gpt-oss:20b";
              type = "chat";
            }
            # {
            #   name = "gpt-oss:20b-instruct";
            #   type = "chat";
            #   real_name = "gpt-oss:20b";
            #   patch = {
            #     body = {
            #       think = "low";
            #     };
            #   };
            # }
            {
              name = "qwen3:30b-a3b";
              type = "chat";
--- a/nixos/tako/services/monitoring.nix
+++ b/nixos/tako/services/monitoring.nix
@@ -244,9 +244,9 @@ in {
        static_configs = [
          {
            targets = [
-              "tsuba:9100"
+              "tsuba:9100" # node
-              "tsuba:9558"
+              "tsuba:9558" # systemd
-              "tsuba:9256"
+              "tsuba:9256" # process
            ];
            labels = {
              instance = "tsuba";
--- a/nixos/tsuba/services/jellyfin.nix
+++ b/nixos/tsuba/services/jellyfin.nix
@@ -27,20 +27,12 @@
  users.groups.jellyfin = {};
  services = {
    # jellyseerr = {
    #   enable = true;
    #   package = unstablePkgs.jellyseerr;
    # };
    caddy = {
      # virtualHosts."jellyseerr.tsuba.darksailor.dev".extraConfig = ''
      #   import cloudflare
      #   reverse_proxy localhost:${builtins.toString config.services.jellyseerr.port}
      # '';
      virtualHosts."jellyfin.tsuba.darksailor.dev".extraConfig = ''
        import cloudflare
        reverse_proxy localhost:8096
      '';
-      virtualHosts."media.darksailor.dev".extraConfig = ''
+      virtualHosts."jellyfin.darksailor.dev".extraConfig = ''
        import cloudflare
        reverse_proxy localhost:8096
      '';
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -94,7 +94,7 @@ sops:
            VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
            ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-23T07:40:21Z"
+    lastmodified: "2026-02-01T23:10:21Z"
-    mac: ENC[AES256_GCM,data:lmpI0sQJbEz0U8oxJ+gLZTfFBwCyJYdaiCmKcRU1juL7/mqyRYrB4Dh8lMMmW5I+n0Z1P0zZ5+CD/WnRXcqdZ/Yj40ZlaUgIdsH1qMImvdv1wld0OIThDWKxoTSywGcbaMz7PpAsC5FNoRo5v/uBT9y42xBXoxw8urdHCrIi21Y=,iv:KFL4fuyqv1TKg36kHxSZiiHTi4MoGEnRP5JyB6BQq78=,tag:sVbK6UwRC+f0Z3HSCtZ2qQ==,type:str]
+    mac: ENC[AES256_GCM,data:mwhesovdna7rekGUtT2AbM9ihGlX2hv3TjXMd894YyptHe/N5crPne+E2ti3O7yOIZhMIC4j09AeIRxEgi7Ygob0fpoH8LmbYul8JtcTwZYCFhs2f3RIMNcOSW358eZa4HK6UIx8i+nvSKXJEikep3rIYQlmhOwEXwP6Ltsls2s=,iv:mt6ZMfuOxjfg9gGPm4C1sNaXPUbanpdktNBplhiyTLU=,tag:qZMPp3RyLwfcgD9n44o24g==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
Author	SHA1	Message	Date
servius	dd322cb71c	docs: add example of how to add secrets Some checks failed Flake checker / Build Nix targets (push) Has been cancelled Details	2026-02-02 04:42:32 +05:30
servius	23b5917620	refactor: update monitoring target labels and jellyfin caddy config	2026-02-02 02:34:28 +05:30