blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

Browse Source
This commit is contained in:
blake
2025-10-07 16:20:46 -05:00
parent 9c27c4049d
commit ccf136c79f
4 changed files with 40 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@@ -1,6 +1,6 @@
# flake for blakes nixos config # flake for blakes nixos config
# define new devices in outputs # define new devices in outputs
# generation: 28 current 2025-10-07 15:30:08 25.05.20251001.5b5be50 6.12.49 * # generation: 29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *
{ {
description = "blakes nix config"; description = "blakes nix config";
inputs = { inputs = {

12
modules/homelab/nginx-proxy.nix
View File

@@ -20,5 +20,17 @@ in
acceptTerms = true; acceptTerms = true;
defaults.email = "me@blakedheld.xyz"; defaults.email = "me@blakedheld.xyz";
}; };
# nginx secrets
sops.secrets = {
"ssl_blakedheld_crt" = {
owner = "nginx";
group = "nginx";
};
"ssl_blakedheld_key" = {
owner = "nginx";
group = "nginx";
};
};
}; };
} }

1
modules/homelab/services/default.nix.template
View File

@@ -20,6 +20,7 @@ in
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for <service_name>";
}; };
}; };

47
modules/system/sops.nix
View File

@@ -18,36 +18,39 @@ in
age.keyFile = "/home/blake/.config/sops/age/keys.txt"; age.keyFile = "/home/blake/.config/sops/age/keys.txt";
secrets = { secrets = {
# define secrets with the following syntax # blake user secrets
# secret path is the nesting of headings in the yaml file lib.mkIf config.users.blake.enable {
# the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed "blake_passwd" = {
# "<secret_name/path>" = { owner = "root";
# owner = "<user>"; group = "root";
# group = "<group>"; neededForUsers = true;
# path = "<path on system to place flile>" };
# }; }
"tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { # backups secrets
owner = "root";
};
"borg_passwd" = lib.mkIf config.modules.system.backups.enable { "borg_passwd" = lib.mkIf config.modules.system.backups.enable {
owner = "root"; owner = "root";
group = "root"; group = "root";
}; };
"blake_passwd" = lib.mkIf config.users.blake.enable {
# tailscale secrets
"tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable {
owner = "root"; owner = "root";
group = "root";
neededForUsers = true;
};
"ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
owner = "nginx";
group = "nginx";
};
"ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
owner = "nginx";
group = "nginx";
}; };
# nginx secrets
# lib.mkIf config.modules.homelab.nginx-proxy.enable {
# "ssl_blakedheld_crt" = {
# owner = "nginx";
# group = "nginx";
# };
#
# "ssl_blakedheld_key" = {
# owner = "nginx";
# group = "nginx";
# };
# }
}; };
}; };
}; };