andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore(global): prepare for agenix setup

TODO: Do pubkey setup chores so agenix can do the do via Firebase Studio.

Also not signed commit for now due to pinentry related headaches.

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.dev>

Andrei Jiroh Halili b2f1de75 ce06bfa5

+58
+4
flake.nix
··· 307 307 nix-ld.nixosModules.nix-ld 308 308 determinate.nixosModules.default 309 309 home-manager.nixosModules.home-manager 310 + agenix.nixosModules.default 311 + agenix-rekey.nixosModules.default 310 312 vscode-server.nixosModules.default 311 313 chaotic.nixosModules.default 312 314 ··· 334 336 nix-ld.nixosModules.nix-ld 335 337 determinate.nixosModules.default 336 338 home-manager.nixosModules.home-manager 339 + agenix.nixosModules.default 340 + agenix-rekey.nixosModules.default 337 341 vscode-server.nixosModules.default 338 342 chaotic.nixosModules.default 339 343 ./shared/meta.nix
+36
hosts/lairland/cloudflared.nix
··· 1 + { 2 + pkgs, 3 + config, 4 + lib, 5 + ... 6 + }: 7 + 8 + { 9 + systemd.services.cloudflared-remote = { 10 + description = "Cloudflare Tunnel (Remote Managed) for Lairland HQ"; 11 + wantedBy = [ "multi-user.target" ]; 12 + after = [ "network-online.target" ]; 13 + serviceConfig = { 14 + # Use an EnvironmentFile to securely load the TUNNEL_TOKEN generated by agenix 15 + EnvironmentFile = "/run/agenix/cftunnels-rtdev-secrets"; 16 + # The run command automatically picks up the TUNNEL_TOKEN environment variable 17 + ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run"; 18 + Restart = "always"; 19 + RestartSec = "5s"; 20 + }; 21 + }; 22 + 23 + systemd.services.cloudflared-remote-recaptime-dev = { 24 + description = "Cloudflare Tunnel (Remote Managed) for Recap Time Squad"; 25 + wantedBy = [ "multi-user.target" ]; 26 + after = [ "network-online.target" ]; 27 + serviceConfig = { 28 + # Use an EnvironmentFile to securely load the TUNNEL_TOKEN generated by agenix 29 + EnvironmentFile = "/run/agenix/cftunnels-rtdev-secrets"; 30 + # The run command automatically picks up the TUNNEL_TOKEN environment variable 31 + ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run"; 32 + Restart = "always"; 33 + RestartSec = "5s"; 34 + }; 35 + }; 36 + }
+18
secrets/agenix.nix
··· 1 + # This is my agenix setup for all things SecretOps on my NixOS and home-manager 2 + # configurations. 3 + { lib, pkgs, config, ... }: 4 + 5 + let 6 + pubkeys = import ../shared/ssh-keys.nix; 7 + 8 + # start with the host keys 9 + hosts = pubkeys.hosts; 10 + 11 + # the you do you part 12 + main = pubkeys.personal.y2022; 13 + work = pubkeys.work.recaptime-dev.crew; 14 + hardwareKeys = pubkeys.fido2Keys; 15 + in 16 + { 17 + 18 + }