Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

traefik ssl and sops-nix

Browse Source
This commit is contained in:
blaknull
2024-11-02 18:17:27 -05:00
parent 98b6f41547
commit 72a8dba440
8 changed files with 170 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
system-config/configuration/homebox/default.nix
View File

@@ -86,9 +86,9 @@
hostName = "homebox";
nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 9080 9443 8080 ];
firewall.allowedTCPPorts = [ 22 80 443 8000 ];
hosts = {
"127.0.0.1" = [ "blunkall.us" "www.blunkall.us" ];
"192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ];
};
nftables = {};
nat = {
@@ -102,7 +102,7 @@
users.users."nathan" = {
isNormalUser = true;
initialPassword = "7567";
hashedPasswordFile = config.sops.secrets.nathan_pass.path;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
@@ -151,7 +151,7 @@
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
{ directory = "/var/lib/sops"; user = "root"; group = "root"; mode = "u=rwx,g=,o="; }
];
files = [
"/etc/machine-id"
@@ -159,10 +159,20 @@
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
nathan_pass = {
neededForUsers = true;
};
};
};
programs.fuse.userAllowOther = true;
home-manager = {
@@ -209,7 +219,7 @@
virtualization = {
traefik.enable = false;
traefik.enable = true;
gitlab.enable = false;
};