diff --git a/flake.nix b/flake.nix index 2db59ba..4c69b28 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2024/10/17 18:15:24 by tomoron #+# #+# # -# Updated: 2025/09/24 02:10:00 by tomoron ### ########.fr # +# Updated: 2025/12/16 19:01:21 by tomoron ### ########.fr # # # # **************************************************************************** # @@ -46,7 +46,12 @@ osConfig = {flakeName, extraModules ? []}: nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; flakeName = flakeName; }; modules = nixpkgs.lib.concatLists [ - [./osConfigs/os.nix ./osConfigs/hosts/${flakeName}.nix catppuccin.nixosModules.catppuccin] + [ + ./osConfigs/os.nix + ./osConfigs/hosts/${flakeName}.nix + catppuccin.nixosModules.catppuccin + inputs.sops-nix.nixosModules.sops + ] extraModules ]; }; diff --git a/osConfigs/global/sops.nix b/osConfigs/global/sops.nix new file mode 100644 index 0000000..ab7b941 --- /dev/null +++ b/osConfigs/global/sops.nix @@ -0,0 +1,8 @@ +{lib, ...}: + +{ + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + age.keyFile = "/home/tom/.config/sops/age/keys.txt"; + }; +} diff --git a/osConfigs/hosts/desktop.nix b/osConfigs/hosts/desktop.nix index 0f672dd..b84f9f0 100644 --- a/osConfigs/hosts/desktop.nix +++ b/osConfigs/hosts/desktop.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2025/09/06 00:57:04 by tomoron #+# #+# # -# Updated: 2025/12/01 19:49:12 by tomoron ### ########.fr # +# Updated: 2025/12/23 18:41:48 by tomoron ### ########.fr # # # # **************************************************************************** # diff --git a/osConfigs/hosts/server.nix b/osConfigs/hosts/server.nix index 97b5092..cb1b9d7 100644 --- a/osConfigs/hosts/server.nix +++ b/osConfigs/hosts/server.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2025/09/06 00:57:09 by tomoron #+# #+# # -# Updated: 2025/09/06 01:26:26 by tomoron ### ########.fr # +# Updated: 2025/12/16 20:00:04 by tomoron ### ########.fr # # # # **************************************************************************** # @@ -31,13 +31,32 @@ in config.boot.kernelPackages.gasket #driver for google coral edge tpu ]; + services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; services.openssh.ports = [ 1880 ]; + sops.secrets."cloudflared/token" = {}; + systemd.services.cloudflared = { + after = [ + "network.target" + "network-online.target" + ]; + wants = [ + "network.target" + "network-online.target" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = ''${pkgs.bash}/bin/bash -c '${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token "$(cat ${config.sops.secrets."cloudflared/token".path})"' ''; + Restart = "on-failure"; + }; + }; + boot.extraModprobeConfig = '' options amdgpu virtual_display=1 - ''; #create dummy display to be able to start x11 +# create dummy display to be able to start x11 + ''; boot.supportedFilesystems = [ "zfs" ]; @@ -68,6 +87,10 @@ in services.fail2ban.enable = true; services.fail2ban.bantime = "5h"; + mods.nvidia.enable = true; + mods.nvidia.beta = true; + mods.nvidia.containerToolkit = true; + mods.docker = { enable = true; boot = true; diff --git a/osConfigs/modules/nvidia.nix b/osConfigs/modules/nvidia.nix index 545f217..3a901ac 100644 --- a/osConfigs/modules/nvidia.nix +++ b/osConfigs/modules/nvidia.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2025/09/05 23:47:19 by tomoron #+# #+# # -# Updated: 2025/10/26 21:12:18 by tomoron ### ########.fr # +# Updated: 2025/12/23 18:42:01 by tomoron ### ########.fr # # # # **************************************************************************** # @@ -38,7 +38,7 @@ prime = lib.mkOption { type = lib.types.bool; default = false; - description = "enable nvidia prime offload (saves battery)"; + description = "enable nvidia prime offload (saves battery). prime ?"; }; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 75a816d..41d39b9 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,8 @@ #ENC[AES256_GCM,data:1NcFm2XqZzmSSlr8wH4aXHDBhf+lOaZ/gUeK2T/U/hIBbqtfKtw=,iv:yS5iogRp6e3We/7wZnGy0XJzqLVfRVKlDhUs+tamcJ0=,tag:+z/qqF9n6/hQfv9aWXkCDQ==,type:comment] nextcloud_fuse: password: ENC[AES256_GCM,data:Rlyc9wO3rXJ97AAMzM+vJclEJ+eaSPtHkitqRL0=,iv:yuS2Tyo2HZGVb9tbWmmgOEwkyzLhlvq8iZ2YjGD0u9E=,tag:pf8n4pTvseh1pd12w8w4tw==,type:str] +cloudflared: + token: ENC[AES256_GCM,data:LS1VIwbbVsJxZ90p+kK4xJhzrBRJ51XL2j8mGLDVj5JjYJKXKBDIXtlb0x8A9WDIVyBuLBkE9pfSfQXtvfvZdUeyXswVJFUNW0mX3yC/WaeNQdPYy7UgyGjorqk31aNJ6b9XqtdfV0++qPvXQDvwn44UY0juuiIJ5KcLZEskRcqVTilG5WYi/nInhGbSqtzniRNvrbsynIq0CVQDhi3haCHNpCJMQUIyXM/g6Xsc9b++GYlHjgrtHQ==,iv:DbvJfbMblgr6+dYBJqDSzECKK90Nkq8Eci5dC8fMIXQ=,tag:bjAs8p5dAkh2Adon0JDNqg==,type:str] sops: age: - recipient: age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv @@ -12,7 +14,7 @@ sops: clZaazZQdW5wYUhUNmM0QW91K0NLOTAKB6z7cKg54QmJo0U03u6RQkSCfJOAdeJa DiyPYjm02BNe8YPFbBFRpyT7G++j3h0yG+/Nr2zcQFyMMEpMv5QJvg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-05T17:58:05Z" - mac: ENC[AES256_GCM,data:96G7VqaG8A46tQ1L7I2asiYtNZF7K3Wf+SzbwPrNV8zQio2jInawtD4WSzHmLs4Nv7M1TBHug/ho8mfYq6auXgpathiSzvj0Tzs/IEKXiTYa86tM3szwAepavMYWOl6OYJ7S39ku6BOMo3qC2BK/gpT5iy4c84ashn2wFd1n41A=,iv:6TShIsqnhCf/3uoAaz/R+Cwr2HrorROOXodXluTKM8M=,tag:BA9rQ73scKgetW3orV0HdQ==,type:str] + lastmodified: "2025-12-16T16:16:27Z" + mac: ENC[AES256_GCM,data:2Ju1exddd4qcru1UjXKXUBjugUWT9D2HJjKV03JwMCL4Wssb/H6DNNRJcmD0oXqA9DnEp5NpElhwa93LcogcNVsXL+sKGzQpP5m+/vDVfl2NcwdLyBVIvTQ0dASee/JMwBLcgcYBZuvL00Twv07/ImdvYROIs/fQUSualc6Sgcw=,iv:XsJ1MYLwLuFPLYGJoa/RsfAqs88AQwuH+3ItWc681LU=,tag:8pNSPKnv0yLoNrmxb9l2Xg==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0