toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor user configuration to utilize secret-based management and remove deprecated environment files

Browse source
This commit is contained in:
Chris Toph 2025-04-23 01:54:59 -04:00
parent 7a288e32e8
commit 64d2f98d17
12 changed files with 68 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
home/toph/common/core/git.nix
View file

@ -6,13 +6,17 @@
inputs,
...
}:
let
handle = config.hostSpec.handle;
email = config.hostSpec.email;
in
{
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "[REDACTED]";
userEmail = "[REDACTED]";
userName = handle;
userEmail = email;
ignores = [
".csvignore"

2
hosts/common/core/ssh.nix
View file

@ -18,5 +18,5 @@
};
};
networking.[REDACTED] 22 ];
networking.firewall.allowedTCPPorts = [ 22 ];
}

6
hosts/common/optional/hyprland/greetd.nix
View file

@ -11,15 +11,15 @@
}:
let
hostSpec = config.hostSpec.username;
user = config.hostSpec.username;
default = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --asterisks --time --time-format '%I:%M %p | %a %h | %F' --cmd uwsm start default";
user = "toph";
user = user;
};
initial = {
# command = "${pkgs.hyprland}/bin/Hyprland";
command = "uwsm start default";
user = "toph";
user = user;
};
in
{

20
hosts/nixos/cloud/default.nix
View file

@ -14,6 +14,8 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.cloud;
in
{
imports = lib.flatten [
@ -39,22 +41,16 @@ in
hostSpec = {
hostName = "cloud";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {
enableIPv6 = false;
# Container Ports
[REDACTED]
80 # Caddy
443 # Caddy
[REDACTED]
];
firewall.allowedTCPPorts = firewall.allowedTCPPorts;
};
## System-wide packages ##

52
hosts/nixos/komodo/default.nix
View file

@ -14,6 +14,8 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.komodo;
in
{
imports = lib.flatten [
@ -40,47 +42,19 @@ in
hostSpec = {
hostName = "komodo";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {
enableIPv6 = false;
# Container Ports
firewall = {
allowedTCPPorts = [
[REDACTED]
[REDACTED]
[REDACTED]
222 # Forgejo SSH
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
8080 # File Browser
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
[REDACTED]
];
# Game Server Ports
allowedTCPPortRanges = [
{
[REDACTED]
[REDACTED]
}
];
allowedUDPPorts = [
8089 # Grafana
];
allowedTCPPorts = firewall.allowedTCPPorts;
allowedTCPPortRanges = firewall.allowedTCPPortRanges;
allowedUDPPorts = firewall.allowedUDPPorts;
};
};
@ -91,12 +65,6 @@ in
compose2nix
];
# environment.etc = {
# "cloudflared/.keep" = {
# text = "This directory is used to store cloudflared configuration files.";
# };
# };
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

12
hosts/nixos/lxc/default.nix
View file

@ -16,6 +16,7 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
in
{
imports = lib.flatten [
@ -35,12 +36,11 @@ in
hostSpec = {
hostName = "lxc";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {

18
hosts/nixos/nix/default.nix
View file

@ -16,6 +16,7 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
in
{
imports = lib.flatten [
@ -37,12 +38,11 @@ in
hostSpec = {
hostName = "nix";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {
@ -54,12 +54,6 @@ in
# environment.systemPackages = with pkgs; [
# ];
# environment.etc = {
# "cloudflared/.keep" = {
# text = "This directory is used to store cloudflared configuration files.";
# };
# };
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

20
hosts/nixos/proxy/default.nix
View file

@ -14,6 +14,8 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.proxy;
in
{
imports = lib.flatten [
@ -39,22 +41,16 @@ in
hostSpec = {
hostName = "proxy";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {
enableIPv6 = false;
# Container Ports
[REDACTED]
80 # Caddy
443 # Caddy
[REDACTED]
];
firewall.allowedTCPPorts = firewall.allowedTCPPorts;
};
## System-wide packages ##

12
hosts/nixos/rune/default.nix
View file

@ -14,6 +14,7 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
in
{
imports = lib.flatten [
@ -53,12 +54,11 @@ in
hostSpec = {
hostName = "rune";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {

12
hosts/nixos/vm/default.nix
View file

@ -14,6 +14,7 @@
}:
let
username = "toph";
user = config.secretsSpec.users.${username};
in
{
imports = lib.flatten [
@ -45,12 +46,11 @@ in
hostSpec = {
hostName = "vm";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
password = user.password;
email = user.email;
handle = user.handle;
userFullName = user.fullName;
isServer = true;
};
networking = {

8
modules/common/secret-spec.nix
View file

@ -129,8 +129,8 @@ in
default = [ ];
# example = [
# {
# [REDACTED]
# [REDACTED]
# from = 25565;
# to = 25570;
# }
# ];
};
@ -162,8 +162,8 @@ in
default = [ ];
# example = [
# {
# [REDACTED]
# [REDACTED]
# from = 25565;
# to = 25570;
# }
# ];
};

8
pkgs/snapraid-runner/snapraid-runner.conf
View file

@ -20,8 +20,8 @@ sendon = success,error
; set to false to get full programm output via email
short = true
subject = [SnapRAID] Status Report:
from = [REDACTED]
to = [REDACTED]
from = snapraid@ryot.foo
to = admin@ryot.foo
; maximum email size in KiB
maxsize = 500
@ -32,8 +32,8 @@ port = 587
; set to "true" to activate
ssl = true
tls = true
user = [REDACTED]
password = [REDACTED]
user = admin@ryot.foo
password = LNQTHH1CCS5XY3C3
[scrub]
; set to true to run scrub after sync