Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Compare commits

base: Toast:8d1b7584f3346be030f5654ecf81104317adcbfb
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05
...
compare: Toast:436c1785a8a03316d19d7b2118b0fbf60d31330c
Branches Tags
Toast:main
Toast:plasma-refactor
Toast:headscale
Toast:plasma6
Toast:catppuccin
Toast:kde-stuff
Toast:firefox
Toast:upgrade-to-23.05

4 commits
8d1b7584f3 ... 436c1785a8

Author SHA1 Message Date
Toast
436c1785a8 Common/syncthing: use key and cert from secrets 2024-02-19 14:02:34 +01:00
Toast
2f0230c401 Common: set up secrets 2024-02-19 14:02:34 +01:00
Toast
a1f41b6295 WinMax2: mount persist subvolume 2024-02-19 14:02:34 +01:00
Toast
8a8b69b79b Flake: add secrets repo 2024-02-19 14:02:28 +01:00
5 changed files with 39 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -411,9 +411,26 @@
"nixpkgs-unstable-raw": "nixpkgs-unstable-raw", "nixpkgs-unstable-raw": "nixpkgs-unstable-raw",
"nur": "nur", "nur": "nur",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"secrets": "secrets",
"vscode-extensions": "vscode-extensions" "vscode-extensions": "vscode-extensions"
} }
}, },
"secrets": {
"flake": false,
"locked": {
"lastModified": 1708347322,
"narHash": "sha256-30rLLNMGvVz8xbklqRpA3uE6UDneAUGFz7dCmH9YbA8=",
"ref": "refs/heads/main",
"rev": "409536f1d2b8ffe741fe47b8701ba28137f9de38",
"revCount": 3,
"type": "git",
"url": "http://git.everest.sable-pancake.ts.net/Toast/nix-secrets"
},
"original": {
"type": "git",
"url": "http://git.everest.sable-pancake.ts.net/Toast/nix-secrets"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

4
flake.nix
View file

@ -2,6 +2,10 @@
description = "Configuration for Everest"; description = "Configuration for Everest";
inputs = { inputs = {
secrets = {
url = "git+http://git.everest.sable-pancake.ts.net/Toast/nix-secrets";
flake = false;
};
nixpkgs-raw.url = "nixpkgs/nixos-23.11"; nixpkgs-raw.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable";

8
machines/WinMax2/hardware-configuration.nix
View file

@ -43,12 +43,12 @@ in
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = [ "subvol=@" ];
}; };
/*"btrfs_boot" = { "btrfs_persist" = {
mountPoint = "/boot"; mountPoint = "/persist";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@boot" ]; options = [ "subvol=@persist" ];
};*/ };
"btrfs_home" = { "btrfs_home" = {
mountPoint = "/home"; mountPoint = "/home";
label = ssdLabel; label = ssdLabel;

6
roles/common/configuration.nix
View file

@ -105,11 +105,7 @@
# Set up secrets # Set up secrets
age = { age = {
identityPaths = [ identityPaths = [
"/etc/ssh/ssh_host_rsa_key" "/persist/id_host"
"/etc/ssh/ssh_host_ed25519_key"
# This key has a passcode, so if you need to use it you'll have to
# enter the password A LOT of times. Only on the first setup tho
"/tmp/id_ed25519_bootstrap"
]; ];
}; };

14
roles/common/services/syncthing.nix
View file

@ -1,7 +1,19 @@
{ config, ... }: { config, flakeSelf, ... }:
let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in
{ {
# Get secrets
age.secrets = {
syncthingKey.file = hostSecrets + "/syncthingKey.age";
syncthingCert.file = hostSecrets + "/syncthingCert.age";
};
services.syncthing = { services.syncthing = {
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
overrideDevices = true; overrideDevices = true;
overrideFolders = true; overrideFolders = true;
openDefaultPorts = true; openDefaultPorts = true;