liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 15:00:13 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:6a8c0a82b0915023076c9738da68e2e72ed72800
Branches Tags
liv:master
...
compare: liv:83ea9f4916da22ed86531986be377d55ba21e0e8
Branches Tags
liv:master

21 commits
6a8c0a82b0 ... 83ea9f4916

Author SHA1 Message Date
Ahwx
83ea9f4916 sops: update 2025-07-28 01:21:44 +02:00
Ahwx
33a9ea1771 fix: adds violet as well; work this time(?) 2025-07-28 01:21:38 +02:00
Ahwx
f31937a56d feat: adds violet to sops-nix 2025-07-28 01:11:57 +02:00
Ahwx
cf1dd96367 sops: update (init + mailer password) 2025-07-28 01:03:03 +02:00
Ahwx
e0884ae60d chore: remove secrets folder from ignore 2025-07-28 01:02:29 +02:00
Ahwx
36e14eb6a6 feat: adds module for sops-nix 2025-07-28 01:00:47 +02:00
Ahwx
197ac138e3 feat: only allow @wheel to use nix 2025-07-28 01:00:22 +02:00
Ahwx
4e63e55808 feat: adds macAddress randomization for networkmanager 2025-07-28 00:58:38 +02:00
Ahwx
5073d1b2b1 feat: adds user liv to wheel group; adds sops-nix module to user profile 2025-07-28 00:57:48 +02:00
Ahwx
3401e1d05a feat: enable scrutiny on dandelion, disable otherwise; enable smartd with system mailer 2025-07-28 00:57:04 +02:00
Ahwx
24b6a385d6 feat: set up a system mailer so that errors will be emailed 2025-07-28 00:55:27 +02:00
Ahwx
491419f625 feat: adds sops-nix 2025-07-28 00:55:05 +02:00
Ahwx
1249f617ef flake: install sops-nix 2025-07-27 21:09:16 +02:00
Ahwx
f7b58567af chore: adds a bunch of notifications to various unfuck scripts so that nopasswd sudo access to systemctl can be dropped 2025-07-27 21:08:53 +02:00
Ahwx
66f7aca586 fix: use system level tool instead of a version compiled from source 2025-07-27 21:07:10 +02:00
Ahwx
0ed60a4352 feat: harden sudo configuration a little bit 2025-07-27 21:06:47 +02:00
Ahwx
0cbf189fa5 feat: adds senderEmail as a variable 2025-07-27 15:29:29 +02:00
Ahwx
7210e9f9f2 chore: haha nope we're not doing agenix 2025-07-27 15:28:27 +02:00
Ahwx
4c22af50a4 feat: enable smart-monitoring module for sakura 2025-07-27 12:44:14 +02:00
Ahwx
b6e52ec1e2 fix: set correct package for agenix 2025-07-27 12:43:57 +02:00
Ahwx
ed0b3cd1d9 feat: import agenix to all systems 2025-07-27 12:43:44 +02:00
18 changed files with 220 additions and 232 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
secrets/
modules/services/matrix/default.nix
result

9
.sops.yaml Normal file
View file

@ -0,0 +1,9 @@
keys:
- &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
- &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3
creation_rules:
- path_regex: secrets/secrets.yaml
key_groups:
- age:
- *sakura
- *violet

242
flake.lock generated
View file

@ -1,52 +1,10 @@
{
"nodes": {
"Hyprspace": {
"inputs": {
"hyprland": [
"hyprland"
],
"systems": "systems"
},
"locked": {
"lastModified": 1752663231,
"narHash": "sha256-rTItuAWpzICMREF8Ww8cK4hYgNMRXJ4wjkN0akLlaWE=",
"owner": "KZDKM",
"repo": "Hyprspace",
"rev": "0a82e3724f929de8ad8fb04d2b7fa128493f24f7",
"type": "github"
},
"original": {
"owner": "KZDKM",
"repo": "Hyprspace",
"type": "github"
}
},
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems_2"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"alejandra": {
"inputs": {
"fenix": "fenix",
"flakeCompat": "flakeCompat",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1660592437,
@ -96,28 +54,6 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@ -219,7 +155,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_6"
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
@ -274,27 +210,6 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -316,7 +231,7 @@
},
"hypr-contrib": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1753252360,
@ -404,7 +319,7 @@
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"systems": "systems",
"xdph": "xdph"
},
"locked": {
@ -603,8 +518,8 @@
"inputs": {
"hyprutils": "hyprutils_2",
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_4",
"systems": "systems_4"
"nixpkgs": "nixpkgs_3",
"systems": "systems_2"
},
"locked": {
"lastModified": 1750371999,
@ -626,8 +541,8 @@
"hyprlang": "hyprlang_2",
"hyprutils": "hyprutils_3",
"hyprwayland-scanner": "hyprwayland-scanner_3",
"nixpkgs": "nixpkgs_5",
"systems": "systems_5"
"nixpkgs": "nixpkgs_4",
"systems": "systems_3"
},
"locked": {
"lastModified": 1753378338,
@ -840,16 +755,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1745391562,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"lastModified": 1657425264,
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@ -871,27 +786,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1657425264,
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
"owner": "nixos",
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
@ -918,22 +833,6 @@
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1753429684,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
@ -949,7 +848,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_6": {
"locked": {
"lastModified": 1743315132,
"narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
@ -965,7 +864,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_7": {
"locked": {
"lastModified": 1742800061,
"narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
@ -981,7 +880,7 @@
"type": "github"
}
},
"nixpkgs_9": {
"nixpkgs_8": {
"locked": {
"lastModified": 1753429684,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
@ -997,10 +896,26 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1753432016,
"narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"nixvim": "nixvim_2"
},
"locked": {
@ -1020,7 +935,7 @@
"nixvim_2": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_7",
"nuschtosSearch": "nuschtosSearch"
},
"locked": {
@ -1040,7 +955,7 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_9"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1753530457,
@ -1105,18 +1020,17 @@
},
"root": {
"inputs": {
"Hyprspace": "Hyprspace",
"agenix": "agenix",
"alejandra": "alejandra",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"hypr-contrib": "hypr-contrib",
"hyprland": "hyprland",
"hyprpicker": "hyprpicker",
"hyprsunset": "hyprsunset",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_5",
"nixvim": "nixvim",
"nur": "nur"
"nur": "nur",
"sops-nix": "sops-nix"
}
},
"rust-analyzer-src": {
@ -1136,6 +1050,24 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1752544651,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
@ -1153,16 +1085,16 @@
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"repo": "default-linux",
"type": "github"
}
},
@ -1182,36 +1114,6 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

35
flake.nix
View file

@ -2,35 +2,26 @@
description = "liv's NixOS configuration";
inputs = {
agenix.url = "github:ryantm/agenix";
alejandra.url = "github:kamadorueda/alejandra/3.0.0";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprland.inputs.nixpkgs.follows = "nixpkgs";
hypr-contrib.url = "github:hyprwm/contrib";
hyprpicker.url = "github:hyprwm/hyprpicker";
hyprsunset.url = "github:hyprwm/hyprsunset";
Hyprspace = {
url = "github:KZDKM/Hyprspace";
inputs.hyprland.follows = "hyprland"; # Hyprspace uses latest Hyprland. We declare this to keep them in sync.
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixvim.url = "github:ahwxorg/nixvim-config";
sops-nix.url = "github:Mic92/sops-nix";
};
outputs =
{
self,
nixpkgs,
agenix,
sops-nix,
...
}@inputs:
let
@ -49,7 +40,7 @@
inherit system;
modules = [
(import ./hosts/sakura)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "sakura";
@ -60,7 +51,7 @@
inherit system;
modules = [
(import ./hosts/yoshino)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "yoshino";
@ -71,7 +62,7 @@
inherit system;
modules = [
(import ./hosts/ichiyo)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "ichiyo";
@ -82,7 +73,7 @@
inherit system;
modules = [
(import ./hosts/violet)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "violet";
@ -93,7 +84,7 @@
inherit system;
modules = [
(import ./hosts/dandelion)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "dandelion";
@ -104,7 +95,7 @@
inherit system;
modules = [
(import ./hosts/lily)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "lily";
@ -115,7 +106,7 @@
inherit system;
modules = [
(import ./hosts/zinnia)
agenix.nixosModules.default
# sops-nix.nixosModules.sops
];
specialArgs = {
host = "zinnia";

1
hosts/sakura/default.nix
View file

@ -12,6 +12,7 @@
./../../modules/core/virtualization.nix
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
./../../modules/services/smart-monitoring.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];

13
modules/core/agenix.nix
View file

@ -1,13 +0,0 @@
{
config,
system,
pkgs,
lib,
inputs,
...
}:
{
environment.systemPackages = [
inputs.agenix.packages."${system}".default
];
}

5
modules/core/network.nix
View file

@ -1,7 +1,10 @@
{ pkgs, ... }:
{
networking = {
networkmanager.enable = true;
networkmanager = {
enable = true;
wifi.macAddress = "stable-ssid";
};
nameservers = [ "9.9.9.9" ];
firewall = {
enable = true;

3
modules/core/program.nix
View file

@ -1,4 +1,4 @@
{ pkgs, agenix, ... }:
{ pkgs, ... }:
{
programs = {
dconf.enable = true;
@ -15,6 +15,5 @@
git
dig
traceroute
# agenix.packages.x86_64-linux.default
];
}

10
modules/core/security.nix
View file

@ -8,9 +8,17 @@
security = {
rtkit.enable = true;
pam.services.swaylock = { };
auditd.enable = true;
audit = {
enable = true;
rules = [
"-a exit,always -F arch=b64 -S execve"
];
};
sudo = {
enable = true;
execWheelOnly = true;
extraRules = [
{
groups = [ "wheel" ];
@ -20,7 +28,7 @@
options = [ "NOPASSWD" ];
}
{
command = "/home/liv/.local/src/framework-system/target/debug/framework_tool";
command = "/run/current-system/sw/bin/framework_tool --privacy";
options = [ "NOPASSWD" ];
}
];

22
modules/core/sops.nix Normal file
View file

@ -0,0 +1,22 @@
{
pkgs,
inputs,
username,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = {
"systemMailerPassword" = { };
};
};
environment.systemPackages = with pkgs; [
sops
];
}

3
modules/core/system.nix
View file

@ -8,13 +8,12 @@
{
nix = {
settings = {
allowed-users = [ "@wheel" ];
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
];
# substituters = [ "" ];
# trusted-public-keys = [ "" ];
};
gc = {
automatic = true;

5
modules/core/user.nix
View file

@ -10,6 +10,7 @@
imports =
[ inputs.home-manager.nixosModules.home-manager ]
++ [ ./../../roles/default.nix ]
++ [ ./sops.nix ]
++ [ ./../../variables.nix ];
home-manager = {
useUserPackages = true;
@ -38,8 +39,6 @@
fonts.fontconfig.antialias = false;
users.groups.gay = { };
users.users.${username} = {
isNormalUser = true;
description = "${username}";
@ -48,8 +47,8 @@
"wheel"
"docker"
"input"
"gay"
"dialout"
"wheel"
];
shell = pkgs.zsh;
};

6
modules/home/scripts/scripts/unfuck.sh
View file

@ -26,7 +26,9 @@ unfuck_wallpaper() {
}
unfuck_fingerprint() {
systemctl restart fprintd.service
notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart fprintd.service
}
unfuck_bar() {
@ -37,6 +39,8 @@ unfuck_bar() {
unfuck_networkmanager() {
# sudo modprobe -r iwlwifi
# sudo modprobe iwlwifi
notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds."
sleep 10
sudo systemctl restart NetworkManager
}

4
modules/home/waybar/scripts.nix
View file

@ -187,8 +187,8 @@
LTEXT="󰛧 "
fi
MICROPHONE_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n2 | head -n1)"
CAMERA_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n1)"
MICROPHONE_STATE="$(sudo framework_tool --privacy | tail -n2 | head -n1)"
CAMERA_STATE="$(sudo framework_tool --privacy | tail -n1)"
if [[ "$(echo $MICROPHONE_STATE | grep 'Microphone: Connected')" ]]; then
MIC=1

19
modules/services/email.nix Normal file
View file

@ -0,0 +1,19 @@
{
pkgs,
config,
...
}:
{
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
port = 465;
host = "smtp.migadu.com";
from = config.liv.variables.senderEmail;
user = config.liv.variables.senderEmail;
passwordeval = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.systemMailerPassword.path}";
};
};
}

38
modules/services/smart-monitoring.nix
View file

@ -1,7 +1,15 @@
{ config, ... }:
{ config, host, ... }:
{
imports = [ ./email.nix ];
services.scrutiny = {
enable = true;
# Enable based on name of host
enable =
if (host == "dandelion") then
true
else if (host == "lily") then
true
else
false;
collector.enable = true;
settings.web.listen.port = 8181;
settings.notify.urls = [
@ -10,18 +18,20 @@
];
};
# services.smartd = {
# enable = true;
# autodetect = true;
# notifications = {
# mail = {
# enable = true;
# # mailer = "/path/to/mailer/binary"; # Need to get system emails working first
# sender = "${config.liv.variables.fromEmail}";
# recipient = "${config.liv.variables.toEmail}";
# };
# };
# };
services.smartd = {
enable = true;
autodetect = true;
notifications = {
wall = {
enable = true;
};
mail = {
enable = true;
sender = config.liv.variables.senderEmail;
recipient = config.liv.variables.email;
};
};
};
# services.nginx.virtualHosts."" = {
# locations."/" = {

30
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str]
#
#
#
#ENC[AES256_GCM,data:WflW57V0HPZBinBmThQZxDjILXgY62hOrQLKjp2mElmaHt09pd0SS/qZvYZEyLQ=,iv:1GF427GJB8sZbD4cPYiX6vWXW+g7ITAyXz8dWPqpcvM=,tag:SewPaiwvOXfuYu1boXbEkg==,type:comment]
hello: ENC[AES256_GCM,data:ayluRTSd1xDWGf1K+rMibtj+9fCDy5GMwv0wTDdf1C2hIQeColi6gUdpYTwwZw==,iv:DfG10vFe0HAaCnN8e6ik3QixjhTj2KsDGiwg6XufpBQ=,tag:Y1q3uREa3CXSFZBJMYc6cQ==,type:str]
example_key: ENC[AES256_GCM,data:YdS40bL6x1LmRwg76Q==,iv:5FdtHG3iE50vktShWVdkv9oBrUQoqUesGSvPoaD0j2U=,tag:DDaJXIyozB6N2Cj6Bxk1nA==,type:str]
#ENC[AES256_GCM,data:VMGPI7MXiCSTO9QDlT5DUg==,iv:qkKFWGJKQswSdvetMrn3oD1o3c5nzk1UUDpjlbNnRgY=,tag:ZdP7az9j92eYzfQSqFF5gQ==,type:comment]
example_array:
- ENC[AES256_GCM,data:afMceLch3kcnHzf73Ic=,iv:CQbLPVQVo4QB696Z6J5tgF+1/ZL+9/rKOuGsY8xV1XI=,tag:8yG6JXG9C4KXhiA+AyeSGg==,type:str]
- ENC[AES256_GCM,data:QIa8LkkS1c3AW3T3hbs=,iv:8v20+UPaPnddw8WPJo1tTpf/o7Xi+3cFnwjNOM0UaqQ=,tag:FbWSFLwTcDwBtd+gGeONNg==,type:str]
example_number: ENC[AES256_GCM,data:7ok2x8uHYpAFoQ==,iv:S16WiwAx0OWtuDeuLINJH8xllMGWxzt/3+K5/RNlY5U=,tag:6ytIj66O8rRtTObpmIB/UQ==,type:float]
example_booleans:
- ENC[AES256_GCM,data:Npqj1Q==,iv:uPFu6d24WJVz4N0eOKRSgDgiHYxQoAhPqNRY0dk9rVQ=,tag:V9FEUgx8W707N+q+K63yoA==,type:bool]
- ENC[AES256_GCM,data:J1LcbM8=,iv:TLFH/WyteSCphbR4IlzUr12sUfmCj3mpIeBbBqfNnb4=,tag:YDEJvQB8c8xEeXOupNrYmQ==,type:bool]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cFNzYWRSTTdwMXY1K3hK
MEJ6TEN1YS9XdkJOclhmWVVBWmxJcEsrdWxjCld4NThJdmoyMGRKbFNVZWdWQ1FQ
MmpQMm1TOTZhQlllWlV4Y0tiUGxDNkkKLS0tIFVBcEgzNlBVaHozOTViZG1FcXIx
bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/
JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-27T23:20:55Z"
mac: ENC[AES256_GCM,data:hKxGeDETPmOxbyXm2zd/wNKY8nmlUGjbBQorV2pmUgFSNGXxkZifwzT5b0E4ZWaxWyO0bqqEH/jRkIwrU46SDN+RAqZBm5iDwFfmV9QPOlUOgfPDFi2Ho8yDlouvjB6FkwJwooGF3uvGs1bM2in9WMCcI+GFiEi5+VOHBmKtx8U=,iv:1gKoMdKhujmvMyAi4cU4av5tkSPY2ykJShMTtK+2Dnk=,tag:AhuWcD9+Gi9UsQXJm/6qEQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

6
variables.nix
View file

@ -29,5 +29,11 @@ in
readOnly = true;
description = "My primary email";
};
senderEmail = mkOption {
default = "notifications@liv.town";
type = types.str;
readOnly = true;
description = "Emailaddress used to send mails from the system";
};
};
}