helvetica/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2025-04-01 19:12:52 +00:00
parent 4c7342110c
commit a85f101876
No known key found for this signature in database
9 changed files with 21 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -16,7 +16,8 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
## port allocation ## port allocation
* 80X0: public HTTP services that are proxied through nginx * 80X0: public HTTP services that are proxied through nginx
* 40X0: private HTTP services that are accessible via tailscale * 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users)
* 60X0: private HTTP services that are accessible via tailscale
* 20XX: Administrative stuff, like prometheus etc. * 20XX: Administrative stuff, like prometheus etc.
* 8000: vaultwarden * 8000: vaultwarden

4
common/users.nix
View file

@ -10,12 +10,12 @@ in {
users = { users = {
mutableUsers = false; mutableUsers = false;
mainUser = "lukas"; mainUser = "helvetica";
users = { users = {
root.hashedPassword = "!"; root.hashedPassword = "!";
${mainUser} = { ${mainUser} = {
description = "Lukas Wurzinger"; description = "Helvetica";
uid = 1000; uid = 1000;
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = config.age.secrets."user-${mainUser}".path; hashedPasswordFile = config.age.secrets."user-${mainUser}".path;

12
hosts/headful/work/users.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
...
}: let
inherit (config.users) mainUser;
in {
users = {
mainUser = lib.mkForce "lukas";
users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
};
}

14
hosts/headless/abacus/domains.nix
View file

@ -1,14 +0,0 @@
{lib, ...}: let
inherit (lib) types;
in {
options.networking.domains = lib.mkOption {
description = "Domains.";
type = types.attrsOf types.str;
default = {};
};
config.networking.domains = {
wrz = "wrz.one";
helvetica = "helveticanonstandard.net";
};
}

30
hosts/headless/abacus/miniflux.nix
View file

@ -1,30 +0,0 @@
# TODO: is this bloat
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "flux.${domain}";
in {
age.secrets = lib.mkSecrets {miniflux = {};};
services.miniflux = {
enable = true;
createDatabaseLocally = true;
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
LISTEN_ADDR = "localhost:8030";
BASE_URL = "https://${virtualHostName}";
CREATE_ADMIN = 1;
WEBAUTHN = 1;
};
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
};
}

8
hosts/headless/vessel/storage.nix
View file

@ -1,25 +1,25 @@
{ {
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-safe"."/srv/safe".d = { "10-safe"."/srv/safe".d = {
user = "lukas"; user = "helvetica";
group = "users"; group = "users";
mode = "0755"; mode = "0755";
}; };
"10-storage"."/srv/storage".d = { "10-storage"."/srv/storage".d = {
user = "lukas"; user = "helvetica";
group = "users"; group = "users";
mode = "0755"; mode = "0755";
}; };
"10-music"."/srv/music".d = { "10-music"."/srv/music".d = {
user = "lukas"; user = "helvetica";
group = "users"; group = "users";
mode = "0755"; mode = "0755";
}; };
"10-compmusic"."/srv/compmusic".d = { "10-compmusic"."/srv/compmusic".d = {
user = "lukas"; user = "helvetica";
group = "users"; group = "users";
mode = "0755"; mode = "0755";
}; };

12
secrets/miniflux.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw VwrDNh+GCy0DmrV3OMYiRbqgGydHmTFAOcZBuan2Vzw
115sdrY2HJ20N54ri9My0xQ8FKtrtVM6Sqj6WhBhRWY
-> ssh-ed25519 S+dwQQ PHAJ+oJTHvPS6mXgh05Jvp1d/xWrQhPQUtbjjOPSmxg
M8Va3tfzOvxKhazTh3ER4nxj/yeg5zsAa3LM83Ig5nc
-> ssh-ed25519 bPbvlw 66Z61RSBu1Nq357Za3ulTQElX/u0lYlH+4URmTvIZnk
gdD4V3XpBSJitOIb/FW3bz/L5tQoEvVjqRdTfpUaYjA
-> ssh-ed25519 ffmsLw 7ViNJzo8R91nAvFLDK7E9uvWZuh06haGYcbTF3gqeys
j0fqQN7qs1Zish6QIp29NM47CEKasROpzHIClTZ2I/E
--- 0DnbkClnlbP1rTM9/o5MYyI6eq8oPT7r+VlORLtcQtw
»YLÏŸÎüˆiP1p†¸JP #]©2—ÑÀƒT•¨ca¿b
ðêïA³ûR¯×8Ç8‰<EFBFBD>î<EFBFBD>ßáá Þð‚¡<C2A1>ºñŠm<C5A0>è¸-Æu^ æóÊsc¨‡¡v

2
secrets/secrets.nix
View file

@ -2,7 +2,7 @@ let
pubkeys = import ../pubkeys.nix; pubkeys = import ../pubkeys.nix;
inherit (pubkeys) users hosts; inherit (pubkeys) users hosts;
in { in {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"])); "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
"user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac]; "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
"miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];

BIN
secrets/user-helvetica.age Normal file
View file

Binary file not shown.