dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update: system update & refactor

Browse source 
# Breaking Changes
- sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix"
- flake devices declaration changes
- whole flake update
This commit is contained in:
danny 2025-10-14 16:49:03 +08:00
parent 321f740af0
commit 6a71b601f5
116 changed files with 2576 additions and 3634 deletions
Download patch file Download diff file Expand all files Collapse all files

70
system/dev/dn-pre7780/sops/sops-conf.nix Normal file
View file

@ -0,0 +1,70 @@
{ config, lib, ... }:
let
inherit (lib) optionalAttrs mkIf hasAttr;
in
{
sops = {
secrets = {
"wireguard/wg0.conf" = { };
"nextcloud/adminPassword" = mkIf config.services.nextcloud.enable {
owner = "nextcloud";
group = "nextcloud";
};
"lam/env" = { };
"netbird/oidc/secret" = mkIf config.services.netbird.server.dashboard.enable {
owner = "netbird";
};
"netbird/coturn/password" = mkIf config.services.netbird.server.coturn.enable {
owner = "turnserver";
key = "netbird/oidc/secret";
};
"netbird/dataStoreKey" = mkIf config.services.netbird.server.management.enable {
owner = "netbird";
};
"acme/pdns" = mkIf (hasAttr "acme" config.users.users) {
owner = "acme";
};
"crowdsec/lapi.yaml" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
"crowdsec/capi.yaml" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
"crowdsec/consoleToken" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
}
// (optionalAttrs config.services.stalwart-mail.enable (
let
inherit (config.users.users.stalwart-mail) name group;
owner = name;
in
{
"stalwart/adminPassword" = {
inherit group owner;
};
"stalwart/tsig" = {
inherit group owner;
};
"stalwart/db" = {
inherit group owner;
};
"stalwart/dkimKey" = {
inherit group owner;
};
"cloudflare/secret" = {
inherit group owner;
};
"stalwart/ldap" = {
inherit group owner;
};
}
));
};
}