tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-02-19 19:27:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix merge in sops file

Browse Source
This commit is contained in:
Tyler Starr 2024-05-26 22:21:46 -07:00
commit 6fe93764cc
7 changed files with 57 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
provision/additional-setup.md
View File

@ -15,7 +15,10 @@ settings.
Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated
things to much. The key for github SSH must be transferred manually from Bitwarden things to much. The key for github SSH must be transferred manually from Bitwarden
or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`. or:
- `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
- `/run/secrets/radicale/users` to `~/.config/radicale/users`.
### Sops-nix ### Sops-nix

9
provision/hosts/torus/configuration.nix
View File

@ -5,10 +5,10 @@
./wireguard-server.nix ./wireguard-server.nix
./samba-server.nix ./samba-server.nix
./syncthing.nix ./syncthing.nix
./share.nix
./rss.nix ./rss.nix
./home-assistant ./home-assistant
./gitea.nix ./gitea.nix
./nextcloud.nix
]; ];
nix = { nix = {
@ -126,13 +126,6 @@
"plot.tstarr.us" = (SSL // { "plot.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:8988/"; locations."/".proxyPass = "http://localhost:8988/";
}); });
"share.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:5001/";
extraConfig = ''
auth_pam "Password Required";
auth_pam_service_name "nginx";
'';
});
}; };
}; };

44
provision/hosts/torus/nextcloud.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, user, ... }:
{
environment.systemPackages = with pkgs; [
cron
];
services = {
nginx.virtualHosts = {
"cloud.tstarr.us" = {
forceSSL = true;
enableACME = true;
};
};
nextcloud = {
enable = true;
hostName = "cloud.tstarr.us";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud29;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size to avoid problems uploading videos.
maxUploadSize = "16G";
https = true;
autoUpdateApps.enable = true;
settings = {
overwriteprotocol = "https";
default_phone_region = "US";
};
config = {
dbtype = "mysql";
adminuser = "admin";
adminpassFile = "/run/secrets/nextcloud/password";
};
};
};
}

22
provision/hosts/torus/share.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, user, ... }:
{
networking.firewall.allowedTCPPorts = [ 5001 ];
networking.firewall.allowedUDPPorts = [ 5001 ];
environment.systemPackages = with pkgs; [
dufs # Distinctive utility file server
];
systemd.services.share = {
description = "Start dufs for quick sharing of files";
wantedBy = [ "default.target" ];
restartIfChanged = true;
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = "${pkgs.dufs}/bin/dufs -p 5001 -A /engi/apps/dufs/share";
};
};
}

2
provision/modules/desktop/browser.nix
View File

@ -52,10 +52,10 @@ in {
{ "toplevel_name" = "Bookmarks"; } { "toplevel_name" = "Bookmarks"; }
{ "name" = "Daily"; "children" = [ { "name" = "Daily"; "children" = [
{ "url" = "https://rss.tstarr.us"; name = "Miniflux"; } { "url" = "https://rss.tstarr.us"; name = "Miniflux"; }
{ "url" = "https://cloud.tstarr.us"; name = "Nextcloud"; }
{ "url" = "https://git.tstarr.us"; name = "Gitea"; } { "url" = "https://git.tstarr.us"; name = "Gitea"; }
{ "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; } { "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; }
{ "url" = "https://home.tstarr.us"; name = "Home Assistant"; } { "url" = "https://home.tstarr.us"; name = "Home Assistant"; }
{ "url" = "https://share.tstarr.us"; name = "Share (dufs)"; }
{ "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; } { "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; }
{ "url" = "https://gmail.com/"; name = "Mail"; } { "url" = "https://gmail.com/"; name = "Mail"; }
{ "url" = "https://github.com/"; name = "GitHub"; } { "url" = "https://github.com/"; name = "GitHub"; }

3
provision/modules/system/secrets.nix
View File

@ -13,6 +13,9 @@ in {
# Keys # Keys
secrets."keys/github_personal" = { owner = "${user}"; }; secrets."keys/github_personal" = { owner = "${user}"; };
# Nextcloud password
secrets."nextcloud/password" = { owner = "nextcloud"; };
# Wireguard secrets # Wireguard secrets
secrets."wireguard/kestrel" = { owner = "${user}"; }; secrets."wireguard/kestrel" = { owner = "${user}"; };
secrets."wireguard/bulwark" = { owner = "${user}"; }; secrets."wireguard/bulwark" = { owner = "${user}"; };

8
provision/secrets/secrets.yaml
View File

@ -1,5 +1,5 @@
tokens: nextcloud:
gitea-runner: ENC[AES256_GCM,data:aIv9cKFkRd3EX9DQenDlL8RbxlrQm52YoQhl4lpfRJVSp+TFFaMjKOw=,iv:r/1wb+bz9JqyF3FsOOq7gvD2+LP7VazfZq2FPuBltzs=,tag:AQQvyutaDoYp1MhnVkmOzA==,type:str] password: ENC[AES256_GCM,data:qI3PV8ybqKQ=,iv:aXQyTUQ9twlmMx3j01cfk6gy/1fAfUxjYXs5QXPUTjU=,tag:kY+lM1qGm+8OCKgDnXZwSw==,type:str]
keys: keys:
github_personal: ENC[AES256_GCM,data:JQ0l0VNKjgf2yq7nZSED+6gf27ILfkvkdJkcsBLcX0K5isogtlF8Y8zI28dqLsSmriHf7L52fy3LjXDVkxXl8XupyPxJF3roeAxtj2rwXhVxMkAAEcWCaFUpa1UI5I2LIV2Ne32Ug6I5CKLlEzWXs7AImYJmmw0B6cn1hPyHJKc0I0My5A2b6LJq5J7mrJJ+PnybDNPW7QvZ0hIcqjNIXv1gcf9XMo6RU0dYnnRJaf6w/D5Nvrj15OG6oCe2C7e7O+JjgjQahUOOTlp1/5bbTW5ZDWEUxIn4llCsrkjjdKkYrCmYhQ45NLk+ZpWgXJZLgbfgc25nUOiLOoGbxO7kXienrY1y+t7/UA5AqKHj6575Iy5wN+P/XqzQ6ARkBh5Jy5gvrGFBtxcHml5J/j8ROJ9CoHmiT0jNycEll2yFcnIqAIbPqPuuu341sErFT33SMRzxKmlmyCCjaJrZB423NHqLiTA8oQ+mmkvOaE3cmuEU5oCT7OhL+RELbMNWjNOz7weNNgbt+fyy/U+VmtobLCllhRFDo0I/OFuFZ/UUqqEAAjv/NPk5V+7yCtBb9CmFROD9cG9xxx0mdkt8GHXYML7mIrCe/8ILKm3oWSVEA5w=,iv:0my7Q3Uog/nu3A3IprXuRAMTYmSv9YV1bo3BSAk2wlk=,tag:u41VgXeMBb2righhXUrPUA==,type:str] github_personal: ENC[AES256_GCM,data:JQ0l0VNKjgf2yq7nZSED+6gf27ILfkvkdJkcsBLcX0K5isogtlF8Y8zI28dqLsSmriHf7L52fy3LjXDVkxXl8XupyPxJF3roeAxtj2rwXhVxMkAAEcWCaFUpa1UI5I2LIV2Ne32Ug6I5CKLlEzWXs7AImYJmmw0B6cn1hPyHJKc0I0My5A2b6LJq5J7mrJJ+PnybDNPW7QvZ0hIcqjNIXv1gcf9XMo6RU0dYnnRJaf6w/D5Nvrj15OG6oCe2C7e7O+JjgjQahUOOTlp1/5bbTW5ZDWEUxIn4llCsrkjjdKkYrCmYhQ45NLk+ZpWgXJZLgbfgc25nUOiLOoGbxO7kXienrY1y+t7/UA5AqKHj6575Iy5wN+P/XqzQ6ARkBh5Jy5gvrGFBtxcHml5J/j8ROJ9CoHmiT0jNycEll2yFcnIqAIbPqPuuu341sErFT33SMRzxKmlmyCCjaJrZB423NHqLiTA8oQ+mmkvOaE3cmuEU5oCT7OhL+RELbMNWjNOz7weNNgbt+fyy/U+VmtobLCllhRFDo0I/OFuFZ/UUqqEAAjv/NPk5V+7yCtBb9CmFROD9cG9xxx0mdkt8GHXYML7mIrCe/8ILKm3oWSVEA5w=,iv:0my7Q3Uog/nu3A3IprXuRAMTYmSv9YV1bo3BSAk2wlk=,tag:u41VgXeMBb2righhXUrPUA==,type:str]
wireguard: wireguard:
@ -22,8 +22,8 @@ sops:
ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw== 3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-27T05:14:56Z" lastmodified: "2024-05-22T04:53:58Z"
mac: ENC[AES256_GCM,data:vfGJ/brE7HFBvxu4HFI532Bm9QP/7xI+Doroq56JAjgT7hd9KNuhMMS+rHuHl+baGZJbPsi9QcTNGSk1dF/vgfunF8ChyCipi5sLrLze7T2xJ/IQ3o5e23gR4X3w45EcOgYRJxiuKvnI5ZzKlbGr/BadE1WjiSCynudQzqP7AeY=,iv:5P2O9VrYPA+Yczk2jpislNGEh5l68lKWJhn2ddL0BPM=,tag:sAmcc/ejokN5xoRKiVWAAw==,type:str] mac: ENC[AES256_GCM,data:kFwTfaMijQWWfNMSkDjeVlPXhfrhxfgCgLZDTS4h2ENuNLhQkkUYfHyRaRFAzl+A74XydmAuHTdvl57yuehSkoXSE1NgmkbNVBbBxKB8p/HtFBV3hK0tuTE6E6ZzryI/9C7yPdKmuRIqIftUmdSaGPIU7CduBM+t1v1rhi8aWNg=,iv:HaQ+YUSRgqQSsyzvHGpDuC/Rw2jHJb4KtpvESzTBc8g=,tag:HVr6X67mIRPq038k/MnNkw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1