tom/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 56 Wiki Activity

diverse changes, add cloudflared
Some checks failed
Build iso when a new version is pushed / test (push) Failing after 2m27s
Details

Browse Source
This commit is contained in:
tomoron
2025-12-23 17:59:41 +01:00
parent 724f5361e6
commit 05861081ce
6 changed files with 48 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
flake.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2024/10/17 18:15:24 by tomoron #+# #+# #
# Updated: 2025/09/24 02:10:00 by tomoron ### ########.fr #
# Updated: 2025/12/16 19:01:21 by tomoron ### ########.fr #
# #
# **************************************************************************** #
@ -46,7 +46,12 @@
osConfig = {flakeName, extraModules ? []}: nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; flakeName = flakeName; };
modules = nixpkgs.lib.concatLists [
[./osConfigs/os.nix ./osConfigs/hosts/${flakeName}.nix catppuccin.nixosModules.catppuccin]
[
./osConfigs/os.nix
./osConfigs/hosts/${flakeName}.nix
catppuccin.nixosModules.catppuccin
inputs.sops-nix.nixosModules.sops
]
extraModules
];
};

8
osConfigs/global/sops.nix Normal file
View File

@ -0,0 +1,8 @@
{lib, ...}:
{
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
age.keyFile = "/home/tom/.config/sops/age/keys.txt";
};
}

2
osConfigs/hosts/desktop.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:04 by tomoron #+# #+# #
# Updated: 2025/12/01 19:49:12 by tomoron ### ########.fr #
# Updated: 2025/12/23 18:41:48 by tomoron ### ########.fr #
# #
# **************************************************************************** #

27
osConfigs/hosts/server.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:09 by tomoron #+# #+# #
# Updated: 2025/09/06 01:26:26 by tomoron ### ########.fr #
# Updated: 2025/12/16 20:00:04 by tomoron ### ########.fr #
# #
# **************************************************************************** #
@ -31,13 +31,32 @@ in
config.boot.kernelPackages.gasket #driver for google coral edge tpu
];
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
services.openssh.ports = [ 1880 ];
sops.secrets."cloudflared/token" = {};
systemd.services.cloudflared = {
after = [
"network.target"
"network-online.target"
];
wants = [
"network.target"
"network-online.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''${pkgs.bash}/bin/bash -c '${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token "$(cat ${config.sops.secrets."cloudflared/token".path})"' '';
Restart = "on-failure";
};
};
boot.extraModprobeConfig = ''
options amdgpu virtual_display=1
''; #create dummy display to be able to start x11
# create dummy display to be able to start x11
'';
boot.supportedFilesystems = [ "zfs" ];
@ -68,6 +87,10 @@ in
services.fail2ban.enable = true;
services.fail2ban.bantime = "5h";
mods.nvidia.enable = true;
mods.nvidia.beta = true;
mods.nvidia.containerToolkit = true;
mods.docker = {
enable = true;
boot = true;

4
osConfigs/modules/nvidia.nix
View File

@ -6,7 +6,7 @@
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/05 23:47:19 by tomoron #+# #+# #
# Updated: 2025/10/26 21:12:18 by tomoron ### ########.fr #
# Updated: 2025/12/23 18:42:01 by tomoron ### ########.fr #
# #
# **************************************************************************** #
@ -38,7 +38,7 @@
prime = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable nvidia prime offload (saves battery)";
description = "enable nvidia prime offload (saves battery). prime ?";
};
};

8
secrets/secrets.yaml
View File

@ -1,6 +1,8 @@
#ENC[AES256_GCM,data:1NcFm2XqZzmSSlr8wH4aXHDBhf+lOaZ/gUeK2T/U/hIBbqtfKtw=,iv:yS5iogRp6e3We/7wZnGy0XJzqLVfRVKlDhUs+tamcJ0=,tag:+z/qqF9n6/hQfv9aWXkCDQ==,type:comment]
nextcloud_fuse:
password: ENC[AES256_GCM,data:Rlyc9wO3rXJ97AAMzM+vJclEJ+eaSPtHkitqRL0=,iv:yuS2Tyo2HZGVb9tbWmmgOEwkyzLhlvq8iZ2YjGD0u9E=,tag:pf8n4pTvseh1pd12w8w4tw==,type:str]
cloudflared:
token: ENC[AES256_GCM,data:LS1VIwbbVsJxZ90p+kK4xJhzrBRJ51XL2j8mGLDVj5JjYJKXKBDIXtlb0x8A9WDIVyBuLBkE9pfSfQXtvfvZdUeyXswVJFUNW0mX3yC/WaeNQdPYy7UgyGjorqk31aNJ6b9XqtdfV0++qPvXQDvwn44UY0juuiIJ5KcLZEskRcqVTilG5WYi/nInhGbSqtzniRNvrbsynIq0CVQDhi3haCHNpCJMQUIyXM/g6Xsc9b++GYlHjgrtHQ==,iv:DbvJfbMblgr6+dYBJqDSzECKK90Nkq8Eci5dC8fMIXQ=,tag:bjAs8p5dAkh2Adon0JDNqg==,type:str]
sops:
age:
- recipient: age1sjzkhwr8ycdsmuj8xg8y4v2hcpuq9vethnhytxtwzeury692dsxqf80fwv
@ -12,7 +14,7 @@ sops:
clZaazZQdW5wYUhUNmM0QW91K0NLOTAKB6z7cKg54QmJo0U03u6RQkSCfJOAdeJa
DiyPYjm02BNe8YPFbBFRpyT7G++j3h0yG+/Nr2zcQFyMMEpMv5QJvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-05T17:58:05Z"
mac: ENC[AES256_GCM,data:96G7VqaG8A46tQ1L7I2asiYtNZF7K3Wf+SzbwPrNV8zQio2jInawtD4WSzHmLs4Nv7M1TBHug/ho8mfYq6auXgpathiSzvj0Tzs/IEKXiTYa86tM3szwAepavMYWOl6OYJ7S39ku6BOMo3qC2BK/gpT5iy4c84ashn2wFd1n41A=,iv:6TShIsqnhCf/3uoAaz/R+Cwr2HrorROOXodXluTKM8M=,tag:BA9rQ73scKgetW3orV0HdQ==,type:str]
lastmodified: "2025-12-16T16:16:27Z"
mac: ENC[AES256_GCM,data:2Ju1exddd4qcru1UjXKXUBjugUWT9D2HJjKV03JwMCL4Wssb/H6DNNRJcmD0oXqA9DnEp5NpElhwa93LcogcNVsXL+sKGzQpP5m+/vDVfl2NcwdLyBVIvTQ0dASee/JMwBLcgcYBZuvL00Twv07/ImdvYROIs/fQUSualc6Sgcw=,iv:XsJ1MYLwLuFPLYGJoa/RsfAqs88AQwuH+3ItWc681LU=,tag:8pNSPKnv0yLoNrmxb9l2Xg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0