martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: martials:73e6462229bfe2ccbbea1c8c9712c35304fbb1c6
Branches Tags
martials:main
..
compare: martials:55f7a37aaa90745519f109efae4bdd54140a4c71
Branches Tags
martials:main

2 Commits
73e6462229 ... 55f7a37aaa

Author SHA1 Message Date
Martin Berg Alstad
55f7a37aaa [shared] Added ssh config for desktop. Justfile to get pub ssh 2025-05-15 21:14:05 +02:00
Martin Berg Alstad
48ff2cdfd2 💥 [pi4] Caddy redirect from kitchenowl to grocery 2025-05-15 20:48:00 +02:00
5 changed files with 25 additions and 3 deletions
Expand all files Collapse all files

8
hosts/pi4/caddy.nix
View File

@ -8,13 +8,17 @@ in
virtualHosts = virtualHosts =
let let
reverseProxy = port: "reverse_proxy localhost:${builtins.toString port}"; reverseProxy = port: "reverse_proxy localhost:${builtins.toString port}";
redirect = subdomain: "redir https://${subdomain}.${domain}{uri}";
in in
{ {
"beta.${domain}".extraConfig = '' "beta.${domain}".extraConfig = ''
redir https://${domain}{uri} redir https://${domain}{uri}
''; '';
"git.${domain}".extraConfig = '' "git.${domain}".extraConfig = ''
redir https://code.${domain}{uri} ${redirect "code"}
'';
"kitchenowl.${domain}".extraConfig = ''
${redirect "grocery"}
''; '';
# Gitea # Gitea
"code.${domain}".extraConfig = '' "code.${domain}".extraConfig = ''
@ -27,7 +31,7 @@ in
${reverseProxy 11000} ${reverseProxy 11000}
''; '';
# Kitchenowl # Kitchenowl
"kitchenowl.${domain}".extraConfig = '' "grocery.${domain}".extraConfig = ''
${reverseProxy 800} ${reverseProxy 800}
''; '';
# Actual Budget # Actual Budget

4
justfile
View File

@ -69,6 +69,10 @@ generate-age-from-ssh:
get-public-age-key: get-public-age-key:
nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt nix shell nixpkgs#age -c age-keygen -y ~/.config/sops/age/keys.txt
# Get the public ssh key from the current user
get-public-ssh-key:
cat ~/.ssh/id_ed25519.pub
# Edit the SOPS secrets file # Edit the SOPS secrets file
edit-secrets: edit-secrets:
nix run nixpkgs#sops -- shared/secrets/secrets.yaml nix run nixpkgs#sops -- shared/secrets/secrets.yaml

1
shared/modules/security/default.nix
View File

@ -1,6 +1,7 @@
{ {
imports = [ imports = [
./sops.nix ./sops.nix
./ssh.nix
./yubikey.nix ./yubikey.nix
]; ];

13
shared/modules/security/ssh.nix Normal file
View File

@ -0,0 +1,13 @@
# /nix/store/<hash>/etc/ssh/ssh_config
{
programs.ssh.knownHosts =
let
domain = "dns.martials.no";
in
{
desktop = {
extraHostNames = [ "desktop.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
};
};
}

2
shared/modules/users.nix
View File

@ -5,7 +5,7 @@ in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = config.sops.secrets.password.path; hashedPasswordFile = config.sops.secrets.password-hash.path;
description = username; description = username;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"