diverse changes, add cloudflared

flake.nix

@@ -6,7 +6,7 @@
 #    By: tomoron <tomoron@student.42angouleme.fr>   +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2024/10/17 18:15:24 by tomoron           #+#    #+#              #
-#    Updated: 2025/09/24 02:10:00 by tomoron          ###   ########.fr        #
+#    Updated: 2025/12/16 19:01:21 by tomoron          ###   ########.fr        #
 #                                                                              #
 # **************************************************************************** #
 
@@ -46,7 +46,12 @@
       osConfig = {flakeName, extraModules ? []}: nixpkgs.lib.nixosSystem {
         specialArgs = { inherit inputs; flakeName = flakeName; };
         modules = nixpkgs.lib.concatLists [
-		  [./osConfigs/os.nix ./osConfigs/hosts/${flakeName}.nix catppuccin.nixosModules.catppuccin]
+		  [
+		    ./osConfigs/os.nix
+			./osConfigs/hosts/${flakeName}.nix
+			catppuccin.nixosModules.catppuccin
+			inputs.sops-nix.nixosModules.sops
+		  ]
 		  extraModules
 		];
       };

osConfigs/global/sops.nix

@@ -0,0 +1,8 @@
+{lib, ...}:
+
+{
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    age.keyFile = "/home/tom/.config/sops/age/keys.txt";
+  };
+}

osConfigs/hosts/desktop.nix

@@ -6,7 +6,7 @@
 #    By: tomoron <tomoron@student.42angouleme.fr>   +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2025/09/06 00:57:04 by tomoron           #+#    #+#              #
-#    Updated: 2025/12/01 19:49:12 by tomoron          ###   ########.fr        #
+#    Updated: 2025/12/23 18:41:48 by tomoron          ###   ########.fr        #
 #                                                                              #
 # **************************************************************************** #
 

osConfigs/hosts/server.nix

@@ -6,7 +6,7 @@
 #    By: tomoron <tomoron@student.42angouleme.fr>   +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2025/09/06 00:57:09 by tomoron           #+#    #+#              #
-#    Updated: 2025/09/06 01:26:26 by tomoron          ###   ########.fr        #
+#    Updated: 2025/12/16 20:00:04 by tomoron          ###   ########.fr        #
 #                                                                              #
 # **************************************************************************** #
 
@@ -31,13 +31,32 @@ in
     config.boot.kernelPackages.gasket #driver for google coral edge tpu
   ];
 
+
   services.openssh.enable = true;
   services.openssh.settings.PasswordAuthentication = false;
   services.openssh.ports = [ 1880 ];
 
+  sops.secrets."cloudflared/token" = {};
+  systemd.services.cloudflared = {
+	after = [
+      "network.target"
+      "network-online.target"
+    ];
+	wants = [
+      "network.target"
+      "network-online.target"
+    ];
+	wantedBy = [ "multi-user.target" ];
+	serviceConfig = {
+	  ExecStart = ''${pkgs.bash}/bin/bash -c '${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token "$(cat ${config.sops.secrets."cloudflared/token".path})"' '';
+	  Restart = "on-failure";
+	};
+  };
+
   boot.extraModprobeConfig = ''
     options amdgpu virtual_display=1
-  ''; #create dummy display to be able to start x11
+# create dummy display to be able to start x11
+  ''; 
 
   boot.supportedFilesystems = [ "zfs" ];
 
@@ -68,6 +87,10 @@ in
   services.fail2ban.enable = true;
   services.fail2ban.bantime = "5h";
 
+  mods.nvidia.enable = true;
+  mods.nvidia.beta = true;
+  mods.nvidia.containerToolkit = true;
+
   mods.docker = {
     enable = true;
     boot = true;

osConfigs/modules/nvidia.nix

@@ -6,7 +6,7 @@
 #    By: tomoron <tomoron@student.42angouleme.fr>   +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2025/09/05 23:47:19 by tomoron           #+#    #+#              #
-#    Updated: 2025/10/26 21:12:18 by tomoron          ###   ########.fr        #
+#    Updated: 2025/12/23 18:42:01 by tomoron          ###   ########.fr        #
 #                                                                              #
 # **************************************************************************** #
 
@@ -38,7 +38,7 @@
     prime = lib.mkOption {
       type = lib.types.bool;
       default = false;
-      description = "enable nvidia prime offload (saves battery)";
+      description = "enable nvidia prime offload (saves battery). prime ?";
     };
   };
   

secrets/secrets.yaml

@@ -1,6 +1,8 @@
 #ENC[AES256_GCM,data:1NcFm2XqZzmSSlr8wH4aXHDBhf+lOaZ/gUeK2T/U/hIBbqtfKtw=,iv:yS5iogRp6e3We/7wZnGy0XJzqLVfRVKlDhUs+tamcJ0=,tag:+z/qqF9n6/hQfv9aWXkCDQ==,type:comment]
 nextcloud_fuse:
     password: ENC[AES256_GCM,data:Rlyc9wO3rXJ97AAMzM+vJclEJ+eaSPtHkitqRL0=,iv:yuS2Tyo2HZGVb9tbWmmgOEwkyzLhlvq8iZ2YjGD0u9E=,tag:pf8n4pTvseh1pd12w8w4tw==,type:str]
+cloudflared:
+    token: ENC[AES256_GCM,data:LS1VIwbbVsJxZ90p+kK4xJhzrBRJ51XL2j8mGLDVj5JjYJKXKBDIXtlb0x8A9WDIVyBuLBkE9pfSfQXtvfvZdUeyXswVJFUNW0mX3yC/WaeNQdPYy7UgyGjorqk31aNJ6b9XqtdfV0++qPvXQDvwn44UY0juuiIJ5KcLZEskRcqVTilG5WYi/nInhGbSqtzniRNvrbsynIq0CVQDhi3haCHNpCJMQUIyXM/g6Xsc9b++GYlHjgrtHQ==,iv:DbvJfbMblgr6+dYBJqDSzECKK90Nkq8Eci5dC8fMIXQ=,tag:bjAs8p5dAkh2Adon0JDNqg==,type:str]
 sops:
     age:
         - recipient: age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv
@@ -12,7 +14,7 @@ sops:
             clZaazZQdW5wYUhUNmM0QW91K0NLOTAKB6z7cKg54QmJo0U03u6RQkSCfJOAdeJa
             DiyPYjm02BNe8YPFbBFRpyT7G++j3h0yG+/Nr2zcQFyMMEpMv5QJvg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-05T17:58:05Z"
+    lastmodified: "2025-12-16T16:16:27Z"
-    mac: ENC[AES256_GCM,data:96G7VqaG8A46tQ1L7I2asiYtNZF7K3Wf+SzbwPrNV8zQio2jInawtD4WSzHmLs4Nv7M1TBHug/ho8mfYq6auXgpathiSzvj0Tzs/IEKXiTYa86tM3szwAepavMYWOl6OYJ7S39ku6BOMo3qC2BK/gpT5iy4c84ashn2wFd1n41A=,iv:6TShIsqnhCf/3uoAaz/R+Cwr2HrorROOXodXluTKM8M=,tag:BA9rQ73scKgetW3orV0HdQ==,type:str]
+    mac: ENC[AES256_GCM,data:2Ju1exddd4qcru1UjXKXUBjugUWT9D2HJjKV03JwMCL4Wssb/H6DNNRJcmD0oXqA9DnEp5NpElhwa93LcogcNVsXL+sKGzQpP5m+/vDVfl2NcwdLyBVIvTQ0dASee/JMwBLcgcYBZuvL00Twv07/ImdvYROIs/fQUSualc6Sgcw=,iv:XsJ1MYLwLuFPLYGJoa/RsfAqs88AQwuH+3ItWc681LU=,tag:8pNSPKnv0yLoNrmxb9l2Xg==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0