kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

fix: Everything

Browse source
This commit is contained in:
Kat Inskip 2025-07-13 07:09:45 -07:00
parent fb814ed301
commit f6d114ebd0
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
20 changed files with 415 additions and 1514 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/servers/web/acme.nix
View file

@ -1,13 +1,9 @@
_: {
environment.etc."ssl/credentials_template".text = ''
CF_API_EMAIL=!!CLOUDFLARE_EMAIL!!
CLOUDFLARE_API_KEY=!!CLOUDFLARE_API_KEY!!
'';
{ config, ... }: {
security.acme = {
defaults = {
dnsProvider = "cloudflare";
email = "acme@inskip.me";
credentialsFile = config.sops.secrets.acme_credentials.path;
};
acceptTerms = true;
};

12
nixos/servers/web/scalpel.nix
View file

@ -1,12 +0,0 @@
{config, ...}: {
scalpel.trafos."credentials_file" = {
source = "/etc/ssl/credentials_template";
matchers."CLOUDFLARE_EMAIL".secret = config.sops.secrets.cloudflare_email.path;
matchers."CLOUDFLARE_API_KEY".secret = config.sops.secrets.cloudflare_api_key.path;
owner = "acme";
group = "acme";
mode = "0440";
};
security.acme.defaults.credentialsFile = config.scalpel.trafos."credentials_file".destination;
}

7
nixos/servers/web/secrets.nix
View file

@ -4,10 +4,5 @@ _: let
sopsFile = ./secrets.yaml;
};
in {
sops.secrets.cloudflare_email = secretConfig;
sops.secrets.cloudflare_api_key = secretConfig;
scalpels = [
./scalpel.nix
];
sops.secrets.acme_credentials = secretConfig;
}

9
nixos/servers/web/secrets.yaml
View file

@ -1,5 +1,4 @@
cloudflare_email: ENC[AES256_GCM,data:fwcHkWRqH3hEPDbFmA==,iv:He6yJHpD9oXrZSHPJKL7mnkRWm621HRj2cS6qLSn6aI=,tag:lON1D+55zSiJQljTox2JKQ==,type:str]
cloudflare_api_key: ENC[AES256_GCM,data:kCDaXb1BPWoNVFVRjfOw4577BlIbMtsaouRT8dwNiL/JGNWH9w==,iv:rKSpeSfjIiQNFu58qjNnUtdBPIfXhIa6u7G7wqBohSg=,tag:7wnoB1MBj55okWzNISKftA==,type:str]
acme_credentials: ENC[AES256_GCM,data:hYjKLjGWMq9PiCobwo7PCWa/VF0ifJmLOrU4BP+vQMCFn19Ukl1gLnbDrLLzXfg9nAhkMGn5FiQJwl06ZX8E4qELXGkzSuLMvyDioEi6Plev/Wmx9szkCUd5,iv:hplC4l+aVnTLKH+bJZHCU2+NHh6154yPGMyozCUzwjM=,tag:bgOBFauegLvbFWc9sK0rcg==,type:str]
sops:
shamir_threshold: 1
age:
@ -84,8 +83,8 @@ sops:
UjBkbHZQQS9HNkN0b01leDRKVDhNT1EKIUPRptezUIjnW0eYzRIf6qvRq5WIqBNo
OCglfk20EI/r58nuJMiMUwEfKpn9Y9FhaML8eXjZ7sU4aeS82cDICA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-27T01:10:09Z"
mac: ENC[AES256_GCM,data:tsvbspqI3jrwWQ/728g+urvhbDTvYJ70rcW1F3w5hC0YR6n7M4oED+QXOoH437Q85A9168OvfNqoIIIq3zEq7OWhk1dtInW2EWh2j5nHz1aFkiYg7VonfktJN9ylyamuZVKkmarMc87thzZrU+Ntb2VOdYsYd0AdWtlfY1CT++4=,iv:TI7tUjAUNc6DxpPRrrEdrsWxiJP6F+BZLGaOzTyo+3I=,tag:2zbq3/rMWFNjkRoBnYgfEA==,type:str]
lastmodified: "2025-07-13T12:22:35Z"
mac: ENC[AES256_GCM,data:MXKAesYZVdW9N1BOeNqXi8IkBjWLw1VLgXwanaM0cHe63iS17VegEGhZet0WgiMuvcroPKRNzkRSXmv8pgLsaoVMAswgJAEGJjiVDMUKnvuMd7jIs9PYp16k94VRdl/eEmVUhEmXnfpNI4QeASDbxgbRuRFIXUqGYvqYj+FlJcE=,iv:RejxH3dUgj1oxzMnMeYZ5T+XXCbbPzsyAFGyUIKcrz8=,tag:bGaOeEnvqiOAVMLzTIxS5w==,type:str]
pgp:
- created_at: "2025-06-27T20:11:22Z"
enc: |-
@ -108,4 +107,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.10.2

24
nixos/servers/weechat/matrix.nix
View file

@ -1,24 +0,0 @@
{pkgs, ...}: {
home-manager.users.kat.programs.weechat = {
scripts = with pkgs.weechatScripts; [
weechat-matrix
];
plugins = {
python = {
packages = ["weechat-matrix"];
};
};
config.matrix = {
network = {
max_backlog_sync_events = 30;
lazy_load_room_users = true;
autoreconnect_delay_max = 5;
lag_min-show = 1000;
};
look = {
server_buffer = "independent";
redactions = "notice";
};
};
};
}

4
nixos/servers/weechat/perl.nix
View file

@ -1,11 +1,11 @@
{pkgs, ...}: {
{pkgs, inputs, ...}: {
home-manager.users.kat.programs.weechat = {
plugins = {
perl = {
enable = true;
};
};
scripts = with pkgs.weechatScripts; [
scripts = with inputs.arcexprs.legacyPackages.${pkgs.system}.weechatScripts; with pkgs.weechatScripts; [
highmon
parse_relayed_msg
];

2
nixos/servers/weechat/python.nix
View file

@ -15,7 +15,7 @@ in {
enable = true;
};
};
scripts = with pkgs.weechatScripts; [
scripts = with inputs.arcexprs.legacyPackages.${pkgs.system}.weechatScripts; with pkgs.weechatScripts; [
colorize_nicks
title
weechat-go