aottr.dev / otterden
❄️ Nix configurations
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

update caddy config

A.Ottr aea82d55 b72f8361

+121 -10
+83 -1
flake.lock
··· 1 1 { 2 2 "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": [ 8 + "nixpkgs" 9 + ], 10 + "systems": "systems" 11 + }, 12 + "locked": { 13 + "lastModified": 1723293904, 14 + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", 15 + "owner": "ryantm", 16 + "repo": "agenix", 17 + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", 18 + "type": "github" 19 + }, 20 + "original": { 21 + "owner": "ryantm", 22 + "repo": "agenix", 23 + "type": "github" 24 + } 25 + }, 3 26 "catppuccin": { 4 27 "locked": { 5 28 "lastModified": 1723691425, ··· 15 38 "type": "github" 16 39 } 17 40 }, 41 + "darwin": { 42 + "inputs": { 43 + "nixpkgs": [ 44 + "agenix", 45 + "nixpkgs" 46 + ] 47 + }, 48 + "locked": { 49 + "lastModified": 1700795494, 50 + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", 51 + "owner": "lnl7", 52 + "repo": "nix-darwin", 53 + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", 54 + "type": "github" 55 + }, 56 + "original": { 57 + "owner": "lnl7", 58 + "ref": "master", 59 + "repo": "nix-darwin", 60 + "type": "github" 61 + } 62 + }, 18 63 "home-manager": { 19 64 "inputs": { 20 65 "nixpkgs": [ 66 + "agenix", 67 + "nixpkgs" 68 + ] 69 + }, 70 + "locked": { 71 + "lastModified": 1703113217, 72 + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", 73 + "owner": "nix-community", 74 + "repo": "home-manager", 75 + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", 76 + "type": "github" 77 + }, 78 + "original": { 79 + "owner": "nix-community", 80 + "repo": "home-manager", 81 + "type": "github" 82 + } 83 + }, 84 + "home-manager_2": { 85 + "inputs": { 86 + "nixpkgs": [ 21 87 "nixpkgs" 22 88 ] 23 89 }, ··· 53 119 }, 54 120 "root": { 55 121 "inputs": { 122 + "agenix": "agenix", 56 123 "catppuccin": "catppuccin", 57 - "home-manager": "home-manager", 124 + "home-manager": "home-manager_2", 58 125 "nixpkgs": "nixpkgs" 126 + } 127 + }, 128 + "systems": { 129 + "locked": { 130 + "lastModified": 1681028828, 131 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 132 + "owner": "nix-systems", 133 + "repo": "default", 134 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 135 + "type": "github" 136 + }, 137 + "original": { 138 + "owner": "nix-systems", 139 + "repo": "default", 140 + "type": "github" 59 141 } 60 142 } 61 143 },
+5 -1
flake.nix
··· 9 9 url = "github:nix-community/home-manager"; 10 10 inputs.nixpkgs.follows = "nixpkgs"; 11 11 }; 12 + agenix = { 13 + url = "github:ryantm/agenix"; 14 + inputs.nixpkgs.follows = "nixpkgs"; 15 + }; 12 16 }; 13 17 14 - outputs = inputs @ { nixpkgs, catppuccin, home-manager, ... }: 18 + outputs = inputs @ { nixpkgs, catppuccin, home-manager, agenix, ... }: 15 19 let 16 20 system = "x86_64-linux"; 17 21 pkgs = nixpkgs.legacyPackages.${system};
+1
lib/nixosSystem.nix
··· 31 31 }; 32 32 }) 33 33 nixos-modules 34 + inputs.agenix.nixosModules.default 34 35 home-manager.nixosModules.home-manager 35 36 { 36 37 home-manager.useGlobalPkgs = true;
+13 -7
nixos/ferret/caddy.nix
··· 1 - { pkgs, ... }: 1 + { pkgs, config, ... }: 2 2 3 3 { 4 4 networking.firewall.allowedTCPPorts = [ ··· 6 6 443 7 7 ]; 8 8 9 + age.secrets.caddy = { 10 + file = ../../secrets/caddy.age; 11 + owner = config.services.caddy.user; 12 + group = config.services.caddy.group; 13 + }; 14 + 9 15 security.acme = { 10 16 acceptTerms = true; 11 17 defaults.email = "alex@otter.foo"; 12 18 13 19 certs."ferret.otter.place" = { 20 + 21 + group = config.services.caddy.group; 22 + 23 + domain = "ferret.otter.place"; 14 24 extraDomainNames = [ "*.ferret.otter.place" ]; 15 25 dnsProvider = "cloudflare"; 26 + dnsResolver = "1.1.1.1:53"; 16 27 dnsPropagationCheck = true; 17 - # Supplying password files like this will make your credentials world-readable 18 - # in the Nix store. This is for demonstration purpose only, do not use this in production. 19 - environmentFile = "${pkgs.writeText "cloudflare-creds" '' 20 - CLOUDFLARE_EMAIL=xxxxxxxxxx 21 - CLOUDFLARE_API_KEY=yyyyyyyyyy 22 - ''}"; 28 + environmentFile = config.age.secrets.caddy.path; 23 29 }; 24 30 }; 25 31
+2 -1
nixos/ferret/configuration.nix
··· 1 - { pkgs, ... }: 1 + { pkgs, inputs, config, ... }: 2 2 3 3 { 4 4 imports = [ ··· 60 60 nixpkgs.config.allowUnfree = true; 61 61 environment.systemPackages = [ 62 62 pkgs.tailscale 63 + inputs.agenix.packages."x86_64-linux".default 63 64 ]; 64 65 services.tailscale = { 65 66 enable = true;
+7
secrets/caddy.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 eJaLeQ R1ubPbKtfn8P3t0/ijT/eg8L7r+I1fLE6LtuklZfCTc 3 + f8khf1us+b42LvDzjwmyzCAiAvTt+GsMtovfJUjCOBk 4 + -> ssh-ed25519 PCx17Q YJ+hf3dYx7UoYdN/V9pUvrHL/0fGWpaE6Q10RcDL/TI 5 + MfMz6D9hSw1FykZucFbjYE/b2URqJvlHP+qdycD4VjA 6 + --- NQthQysGOomli1LZUcsDR/8dhZPRuCXYzfvqsCI+s4Q 7 + ������S�Y�:-�rɝ��g��{C�eަYbã��t1�C��E"�r��5TL�m��ltr��,mk�S�������]⤢����f�{��iN����)�
+10
secrets/secrets.nix
··· 1 + let 2 + alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIB2KyeFk+PFSBQ2c9fZSP/3kngks5qzfJJb6PRgTmhb alex@otter.foo"; 3 + users = [ alex ]; 4 + 5 + ferret = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrRb1KbZH7OtuHi9VOONdofjm5vZ80S+9aOufbGXXK9"; # scanned from host 6 + systems = [ ferret ]; 7 + in 8 + { 9 + "caddy.age".publicKeys = [ alex ferret ]; 10 + }