Compare commits
2 Commits
update-fla
...
feature/ho
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f8bb999a3 | |||
| f11b0f9e0a |
30
.sops.yaml
30
.sops.yaml
@ -19,39 +19,39 @@ creation_rules:
|
||||
- path_regex: users/alice/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *artemision
|
||||
- *artemision-home
|
||||
- *palatine-hill
|
||||
- *artemision
|
||||
- *artemision-home
|
||||
- path_regex: systems/palatine-hill/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
- path_regex: systems/artemision/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *artemision
|
||||
- *artemision
|
||||
- path_regex: systems/selinunte/secrets.*\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *artemision
|
||||
- *selinunte
|
||||
- *artemision
|
||||
- *selinunte
|
||||
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
- *admin_alice
|
||||
age:
|
||||
- *palatine-hill
|
||||
- *palatine-hill
|
||||
|
||||
23
flake.nix
23
flake.nix
@ -175,6 +175,29 @@
|
||||
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
|
||||
|
||||
nixosConfigurations = genSystems inputs outputs src (src + "/systems");
|
||||
homeConfigurations = {
|
||||
"alice" = inputs.home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
modules = [
|
||||
inputs.stylix.homeModules.stylix
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.nix-index-database.hmModules.nix-index
|
||||
{
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
allowUnfreePredicate = _: true;
|
||||
};
|
||||
}
|
||||
./users/alice/home.nix
|
||||
];
|
||||
extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
machineConfig = {
|
||||
server = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
images = {
|
||||
install-iso = getImages nixosConfigurations "install-iso";
|
||||
iso = getImages nixosConfigurations "iso";
|
||||
|
||||
@ -172,6 +172,7 @@ rec {
|
||||
modules =
|
||||
[
|
||||
inputs.nixos-modules.nixosModule
|
||||
inputs.nix-index-database.nixosModules.nix-index
|
||||
(genHostName hostname)
|
||||
(configPath + "/hardware.nix")
|
||||
(configPath + "/configuration.nix")
|
||||
|
||||
@ -10,7 +10,7 @@ in
|
||||
image = "restic/rest-server:latest";
|
||||
volumes = [ "${restic_path}:/data" ];
|
||||
environment = {
|
||||
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
|
||||
OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
|
||||
};
|
||||
ports = [ "8010:8000" ];
|
||||
extraOptions = [
|
||||
|
||||
@ -72,7 +72,7 @@
|
||||
"sgc" = "sudo git -C /root/dotfiles";
|
||||
## SSH
|
||||
"ssh-init" =
|
||||
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
|
||||
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";
|
||||
|
||||
## Backups
|
||||
"borgmatic-backup-quick" =
|
||||
|
||||
Reference in New Issue
Block a user