toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor user configuration to utilize secret-based management and remove deprecated environment files

Browse source
This commit is contained in:
Chris Toph 2025-04-23 01:54:59 -04:00
parent 7a288e32e8
commit 64d2f98d17
12 changed files with 68 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
home/toph/common/core/git.nix
View file

@ -6,13 +6,17 @@
inputs, inputs,
... ...
}: }:
let
handle = config.hostSpec.handle;
email = config.hostSpec.email;
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
userName = "[REDACTED]"; userName = handle;
userEmail = "[REDACTED]"; userEmail = email;
ignores = [ ignores = [
".csvignore" ".csvignore"

2
hosts/common/core/ssh.nix
View file

@ -18,5 +18,5 @@
}; };
}; };
networking.[REDACTED] 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
} }

6
hosts/common/optional/hyprland/greetd.nix
View file

@ -11,15 +11,15 @@
}: }:
let let
hostSpec = config.hostSpec.username; user = config.hostSpec.username;
default = { default = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --asterisks --time --time-format '%I:%M %p | %a %h | %F' --cmd uwsm start default"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --asterisks --time --time-format '%I:%M %p | %a %h | %F' --cmd uwsm start default";
user = "toph"; user = user;
}; };
initial = { initial = {
# command = "${pkgs.hyprland}/bin/Hyprland"; # command = "${pkgs.hyprland}/bin/Hyprland";
command = "uwsm start default"; command = "uwsm start default";
user = "toph"; user = user;
}; };
in in
{ {

20
hosts/nixos/cloud/default.nix
View file

@ -14,6 +14,8 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.cloud;
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -39,22 +41,16 @@ in
hostSpec = { hostSpec = {
hostName = "cloud"; hostName = "cloud";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {
enableIPv6 = false; enableIPv6 = false;
# Container Ports firewall.allowedTCPPorts = firewall.allowedTCPPorts;
[REDACTED]
80 # Caddy
443 # Caddy
[REDACTED]
];
}; };
## System-wide packages ## ## System-wide packages ##

52
hosts/nixos/komodo/default.nix
View file

@ -14,6 +14,8 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.komodo;
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -40,47 +42,19 @@ in
hostSpec = { hostSpec = {
hostName = "komodo"; hostName = "komodo";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {
enableIPv6 = false; enableIPv6 = false;
# Container Ports
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = firewall.allowedTCPPorts;
[REDACTED] allowedTCPPortRanges = firewall.allowedTCPPortRanges;
[REDACTED] allowedUDPPorts = firewall.allowedUDPPorts;
[REDACTED]
222 # Forgejo SSH
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
8080 # File Browser
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
];
# Game Server Ports
allowedTCPPortRanges = [
{
[REDACTED]
[REDACTED]
}
];
allowedUDPPorts = [
8089 # Grafana
];
}; };
}; };
@ -91,12 +65,6 @@ in
compose2nix compose2nix
]; ];
# environment.etc = {
# "cloudflared/.keep" = {
# text = "This directory is used to store cloudflared configuration files.";
# };
# };
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

12
hosts/nixos/lxc/default.nix
View file

@ -16,6 +16,7 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -35,12 +36,11 @@ in
hostSpec = { hostSpec = {
hostName = "lxc"; hostName = "lxc";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {

18
hosts/nixos/nix/default.nix
View file

@ -16,6 +16,7 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -37,12 +38,11 @@ in
hostSpec = { hostSpec = {
hostName = "nix"; hostName = "nix";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {
@ -54,12 +54,6 @@ in
# environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
# ]; # ];
# environment.etc = {
# "cloudflared/.keep" = {
# text = "This directory is used to store cloudflared configuration files.";
# };
# };
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

20
hosts/nixos/proxy/default.nix
View file

@ -14,6 +14,8 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.proxy;
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -39,22 +41,16 @@ in
hostSpec = { hostSpec = {
hostName = "proxy"; hostName = "proxy";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {
enableIPv6 = false; enableIPv6 = false;
# Container Ports firewall.allowedTCPPorts = firewall.allowedTCPPorts;
[REDACTED]
80 # Caddy
443 # Caddy
[REDACTED]
];
}; };
## System-wide packages ## ## System-wide packages ##

12
hosts/nixos/rune/default.nix
View file

@ -14,6 +14,7 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -53,12 +54,11 @@ in
hostSpec = { hostSpec = {
hostName = "rune"; hostName = "rune";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {

12
hosts/nixos/vm/default.nix
View file

@ -14,6 +14,7 @@
}: }:
let let
username = "toph"; username = "toph";
user = config.secretsSpec.users.${username};
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
@ -45,12 +46,11 @@ in
hostSpec = { hostSpec = {
hostName = "vm"; hostName = "vm";
username = username; username = username;
handle = "tophC7"; password = user.password;
password = "[REDACTED]"; email = user.email;
[REDACTED]; handle = user.handle;
email = "[REDACTED]"; userFullName = user.fullName;
userFullName = "[REDACTED]"; isServer = true;
isARM = false;
}; };
networking = { networking = {

8
modules/common/secret-spec.nix
View file

@ -129,8 +129,8 @@ in
default = [ ]; default = [ ];
# example = [ # example = [
# { # {
# [REDACTED] # from = 25565;
# [REDACTED] # to = 25570;
# } # }
# ]; # ];
}; };
@ -162,8 +162,8 @@ in
default = [ ]; default = [ ];
# example = [ # example = [
# { # {
# [REDACTED] # from = 25565;
# [REDACTED] # to = 25570;
# } # }
# ]; # ];
}; };

8
pkgs/snapraid-runner/snapraid-runner.conf
View file

@ -20,8 +20,8 @@ sendon = success,error
; set to false to get full programm output via email ; set to false to get full programm output via email
short = true short = true
subject = [SnapRAID] Status Report: subject = [SnapRAID] Status Report:
from = [REDACTED] from = snapraid@ryot.foo
to = [REDACTED] to = admin@ryot.foo
; maximum email size in KiB ; maximum email size in KiB
maxsize = 500 maxsize = 500
@ -32,8 +32,8 @@ port = 587
; set to "true" to activate ; set to "true" to activate
ssl = true ssl = true
tls = true tls = true
user = [REDACTED] user = admin@ryot.foo
password = [REDACTED] password = LNQTHH1CCS5XY3C3
[scrub] [scrub]
; set to true to run scrub after sync ; set to true to run scrub after sync