From a0e14b8bbb6b0129e88e4b9be5f36427ba01cc48 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Wed, 23 Apr 2025 01:54:59 -0400 Subject: [PATCH] Refactor user configuration to utilize secret-based management and remove deprecated environment files --- home/toph/common/core/git.nix | 8 +++- hosts/common/core/ssh.nix | 2 +- hosts/common/optional/hyprland/greetd.nix | 6 +-- hosts/nixos/cloud/default.nix | 20 ++++----- hosts/nixos/komodo/default.nix | 52 +++++------------------ hosts/nixos/lxc/default.nix | 12 +++--- hosts/nixos/nix/default.nix | 18 +++----- hosts/nixos/proxy/default.nix | 20 ++++----- hosts/nixos/rune/default.nix | 12 +++--- hosts/nixos/vm/default.nix | 12 +++--- modules/common/secret-spec.nix | 8 ++-- pkgs/snapraid-runner/snapraid-runner.conf | 8 ++-- 12 files changed, 68 insertions(+), 110 deletions(-) diff --git a/home/toph/common/core/git.nix b/home/toph/common/core/git.nix index 93bff5c..911c810 100644 --- a/home/toph/common/core/git.nix +++ b/home/toph/common/core/git.nix @@ -6,13 +6,17 @@ inputs, ... }: +let + handle = config.hostSpec.handle; + email = config.hostSpec.email; +in { programs.git = { enable = true; package = pkgs.gitAndTools.gitFull; - userName = "[REDACTED]"; - userEmail = "[REDACTED]"; + userName = handle; + userEmail = email; ignores = [ ".csvignore" diff --git a/hosts/common/core/ssh.nix b/hosts/common/core/ssh.nix index aa44bd2..59211a6 100644 --- a/hosts/common/core/ssh.nix +++ b/hosts/common/core/ssh.nix @@ -18,5 +18,5 @@ }; }; - networking.[REDACTED] 22 ]; + networking.firewall.allowedTCPPorts = [ 22 ]; } diff --git a/hosts/common/optional/hyprland/greetd.nix b/hosts/common/optional/hyprland/greetd.nix index 37769bf..869c9f3 100644 --- a/hosts/common/optional/hyprland/greetd.nix +++ b/hosts/common/optional/hyprland/greetd.nix @@ -11,15 +11,15 @@ }: let - hostSpec = config.hostSpec.username; + user = config.hostSpec.username; default = { command = "${pkgs.greetd.tuigreet}/bin/tuigreet --asterisks --time --time-format '%I:%M %p | %a • %h | %F' --cmd uwsm start default"; - user = "toph"; + user = user; }; initial = { # command = "${pkgs.hyprland}/bin/Hyprland"; command = "uwsm start default"; - user = "toph"; + user = user; }; in { diff --git a/hosts/nixos/cloud/default.nix b/hosts/nixos/cloud/default.nix index ed9d1a6..d15dff5 100644 --- a/hosts/nixos/cloud/default.nix +++ b/hosts/nixos/cloud/default.nix @@ -14,6 +14,8 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; + firewall = config.secretsSpec.firewall.cloud; in { imports = lib.flatten [ @@ -39,22 +41,16 @@ in hostSpec = { hostName = "cloud"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { enableIPv6 = false; - # Container Ports - [REDACTED] - 80 # Caddy - 443 # Caddy - [REDACTED] - ]; + firewall.allowedTCPPorts = firewall.allowedTCPPorts; }; ## System-wide packages ## diff --git a/hosts/nixos/komodo/default.nix b/hosts/nixos/komodo/default.nix index 4f3d1e0..a407a85 100644 --- a/hosts/nixos/komodo/default.nix +++ b/hosts/nixos/komodo/default.nix @@ -14,6 +14,8 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; + firewall = config.secretsSpec.firewall.komodo; in { imports = lib.flatten [ @@ -40,47 +42,19 @@ in hostSpec = { hostName = "komodo"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { enableIPv6 = false; - # Container Ports firewall = { - allowedTCPPorts = [ - [REDACTED] - [REDACTED] - [REDACTED] - 222 # Forgejo SSH - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - 8080 # File Browser - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - ]; - - # Game Server Ports - allowedTCPPortRanges = [ - { - [REDACTED] - [REDACTED] - } - ]; - - allowedUDPPorts = [ - 8089 # Grafana - ]; + allowedTCPPorts = firewall.allowedTCPPorts; + allowedTCPPortRanges = firewall.allowedTCPPortRanges; + allowedUDPPorts = firewall.allowedUDPPorts; }; }; @@ -91,12 +65,6 @@ in compose2nix ]; - # environment.etc = { - # "cloudflared/.keep" = { - # text = "This directory is used to store cloudflared configuration files."; - # }; - # }; - # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.11"; } diff --git a/hosts/nixos/lxc/default.nix b/hosts/nixos/lxc/default.nix index 61b7fcf..b7dadd2 100644 --- a/hosts/nixos/lxc/default.nix +++ b/hosts/nixos/lxc/default.nix @@ -16,6 +16,7 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; in { imports = lib.flatten [ @@ -35,12 +36,11 @@ in hostSpec = { hostName = "lxc"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { diff --git a/hosts/nixos/nix/default.nix b/hosts/nixos/nix/default.nix index 9ad1087..430aa67 100644 --- a/hosts/nixos/nix/default.nix +++ b/hosts/nixos/nix/default.nix @@ -16,6 +16,7 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; in { imports = lib.flatten [ @@ -37,12 +38,11 @@ in hostSpec = { hostName = "nix"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { @@ -54,12 +54,6 @@ in # environment.systemPackages = with pkgs; [ # ]; - # environment.etc = { - # "cloudflared/.keep" = { - # text = "This directory is used to store cloudflared configuration files."; - # }; - # }; - # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.11"; } diff --git a/hosts/nixos/proxy/default.nix b/hosts/nixos/proxy/default.nix index 1cf04d0..28b0354 100644 --- a/hosts/nixos/proxy/default.nix +++ b/hosts/nixos/proxy/default.nix @@ -14,6 +14,8 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; + firewall = config.secretsSpec.firewall.proxy; in { imports = lib.flatten [ @@ -39,22 +41,16 @@ in hostSpec = { hostName = "proxy"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { enableIPv6 = false; - # Container Ports - [REDACTED] - 80 # Caddy - 443 # Caddy - [REDACTED] - ]; + firewall.allowedTCPPorts = firewall.allowedTCPPorts; }; ## System-wide packages ## diff --git a/hosts/nixos/rune/default.nix b/hosts/nixos/rune/default.nix index 72ba531..cc00496 100644 --- a/hosts/nixos/rune/default.nix +++ b/hosts/nixos/rune/default.nix @@ -14,6 +14,7 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; in { imports = lib.flatten [ @@ -53,12 +54,11 @@ in hostSpec = { hostName = "rune"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { diff --git a/hosts/nixos/vm/default.nix b/hosts/nixos/vm/default.nix index 93440ca..524cc47 100644 --- a/hosts/nixos/vm/default.nix +++ b/hosts/nixos/vm/default.nix @@ -14,6 +14,7 @@ }: let username = "toph"; + user = config.secretsSpec.users.${username}; in { imports = lib.flatten [ @@ -45,12 +46,11 @@ in hostSpec = { hostName = "vm"; username = username; - handle = "tophC7"; - password = "[REDACTED]"; - [REDACTED]; - email = "[REDACTED]"; - userFullName = "[REDACTED]"; - isARM = false; + password = user.password; + email = user.email; + handle = user.handle; + userFullName = user.fullName; + isServer = true; }; networking = { diff --git a/modules/common/secret-spec.nix b/modules/common/secret-spec.nix index 8389148..d0285ad 100644 --- a/modules/common/secret-spec.nix +++ b/modules/common/secret-spec.nix @@ -129,8 +129,8 @@ in default = [ ]; # example = [ # { - # [REDACTED] - # [REDACTED] + # from = 25565; + # to = 25570; # } # ]; }; @@ -162,8 +162,8 @@ in default = [ ]; # example = [ # { - # [REDACTED] - # [REDACTED] + # from = 25565; + # to = 25570; # } # ]; }; diff --git a/pkgs/snapraid-runner/snapraid-runner.conf b/pkgs/snapraid-runner/snapraid-runner.conf index ad0e2e8..6c2c0e7 100644 --- a/pkgs/snapraid-runner/snapraid-runner.conf +++ b/pkgs/snapraid-runner/snapraid-runner.conf @@ -20,8 +20,8 @@ sendon = success,error ; set to false to get full programm output via email short = true subject = [SnapRAID] Status Report: -from = [REDACTED] -to = [REDACTED] +from = snapraid@ryot.foo +to = admin@ryot.foo ; maximum email size in KiB maxsize = 500 @@ -32,8 +32,8 @@ port = 587 ; set to "true" to activate ssl = true tls = true -user = [REDACTED] -password = [REDACTED] +user = admin@ryot.foo +password = LNQTHH1CCS5XY3C3 [scrub] ; set to true to run scrub after sync