sid/nix-config
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: sid:934d10580b5e42545be09b5282a20e215d4e77b8
Branches Tags
sid:master
..
compare: sid:00f335023bc30180510478391142920aed529e79
Branches Tags
sid:master

2 commits
934d10580b ... 00f335023b

Author SHA1 Message Date
sid
00f335023b new tailscale api 2026-05-02 19:17:07 +02:00
sid
0b1cfdf457 add ess-helm.de to ssh hosts 2026-04-19 00:44:45 +02:00
7 changed files with 3197 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

3219
flake.lock generated
View file

File diff suppressed because it is too large Load diff

4
flake.nix
View file

@ -12,6 +12,10 @@
# synix.url = "git+file:///home/sid/src/synix";
synix.inputs.nixpkgs.follows = "nixpkgs";
servers.url = "git+https://git.sid.ovh/sid/sid.ovh.git";
# servers.url = "git+file:///home/sid/src/sid.ovh";
servers.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixvim.url = "github:nix-community/nixvim/nixos-25.11";

9
hosts/16ach6/secrets/secrets.yaml
View file

@ -2,7 +2,8 @@ wireguard:
wg0:
private-key: ENC[AES256_GCM,data:6G+VkNsoFK1zyurW/xuaw5ZawpGXYdT3YbYMwiYvpsqNiGhB9CMT/0v2HuE=,iv:vg7OcXghMzbQL0NYdnuAue2MC8l6l++TCoXJjGtpk/g=,tag:urVD9LfMtO5c95tHouX7YQ==,type:str]
tailscale:
auth-key: ENC[AES256_GCM,data:u1TCO6pEKnOemhWSnb9UPCURFoKcR0uuipGzwu5QYVtzm7MLtvd5llhha8/H7WYQ,iv:0rwuQ3b6UOJth7YqaLJGNp0OqRYCb/z/HFK0vOY9ACw=,tag:H79JGEfBYB8hNrGZKAxHzg==,type:str]
personal-key: ENC[AES256_GCM,data:1Udcznd07avzDZgicJ4ZWq15Ly+R2SS3ejjRVTRt2X8Wn7DTkl34AlZ+mU16rRv8,iv:PWa0zDA6589eUsX0ol5dlPf+7mqvXyHBTZVAzkXA4kk=,tag:GXIsHPXn5HFkOJ4DJqZM7g==,type:str]
work-key: ENC[AES256_GCM,data:2UvMVk8R55+srb7y1we8oF5a+Os1hvIYoj03e6c0yQpaK+aFVkr2OMWWtRWOz8so,iv:Ub6vKgvlfzsaFsMfPZKk+B0BFKzW1IGYJrLLM74kiXA=,tag:61SeU4izp/Hu5oWwjL4Mbw==,type:str]
anything-llm-oci:
openrouter-api-key: ENC[AES256_GCM,data:iEi1ZDGnhNaFjuL/cv/XkMH/GtEgW4cmRPc/PrSgCBcJai2uA2NfhpS4ZJfzvzXyhvCEBVK05932N0PFAkYqryFD4PhGPE6N7g==,iv:tWlM8NlzV9/6vpbIEM0lt39ZJQGm/trEwYbnqpTCpro=,tag:OAUbTc4PbJsy7jqLixZOvw==,type:str]
jwt-secret: ENC[AES256_GCM,data:TBgjAwOH8pzRYxSvGaqaY5kFk0vVQjbKu+i2o3xPl4pRILQrzll0R4Sll5Qu7kW8WqyBBEEsEBBvY0sz2YR6aQ==,iv:8/yViXyTpxdRWthJt4D0KhZJ2+uTKXUV8UZUEsy8+kk=,tag:eWkaFZg2rtqziUAcjdcs1g==,type:str]
@ -30,7 +31,7 @@ sops:
T1JDdVlwRVYwLy9ud0EyNldFcXNDaUUKdXq2ulChfK6XBpX/bkP/fz9XCm/YVHkX
QRPemdtP2Sp7VBcAtlWNbXFcr3osRR2nLKxDl+NntEHRCNs3ffnGew==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-13T21:05:39Z"
mac: ENC[AES256_GCM,data:aSOlu1iuSDuUdSt6cZhbzorY37ECHqIkz73iPi2Sn6WyDNCsEwn2rJpQxXSDG/O0+HLoyCgkyR9PwrI0Gn0sDAtcPHhVjOQC8656muNEV3fZWBPIJ+K4++xZDAH66L1UN7Y210EnYtYT6pY61jrFz2NWVjd1V9hTcCmbfpySrAA=,iv:gmPRLuMagjY/Dgc3VvurvLz4qgfTsMp/YIgqHXuG6ag=,tag:I5hKLnEXDvMRXOY2YuFG9g==,type:str]
lastmodified: "2026-05-02T17:03:34Z"
mac: ENC[AES256_GCM,data:jwh1wqEuwvLWz2XFLXppTLchUNbaL1lkG4Zs6bkfJHzV7mOB1Ojh8x5t67rpEjpWuKF5lG2JHj8NUSg8oE+gAmeKxCsL9YzgqLv/j9Kd1T0QULQ4Qb7I0HIqoaXIIdqm0aoUpjY75XurAQ5W90EGgtwlkS2LoYjhFMVLxMxAaSI=,iv:Wzpcg5GmslUc+/KriE7mGDi7z52UtPOJG133CgKx1yw=,tag:diMAJcRBTTnTBtoso9zxOg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

9
hosts/pc/secrets/secrets.yaml
View file

@ -1,5 +1,6 @@
tailscale:
auth-key: ENC[AES256_GCM,data:ieDjXpk1YJ2+rb5X5dV3NPtr8+FGwcQtdinSbB+SIuyNbLoSogKrutsBqa+v0I5g,iv:0bV4VwRGCf0yIKpR850/CuTvGFUPXOnFaHpWkdyokjk=,tag:vlRo7cZqgYnvSJiCPSutmw==,type:str]
personal-key: ENC[AES256_GCM,data:U2d1IM+P2ocR5pvDvakzeMw0k6nn62IfC0Bpq7VQ/LflWtLs0+Zf2UPpyeTjQCA5,iv:Vqn2c077PMGAvFdldmW9W0SO4sEkMMBN/lyG9UiJr2c=,tag:TKu7p9/bCDAYtBQlq5NdCA==,type:str]
work-key: ENC[AES256_GCM,data:b7V0zdhTJLokuQ22HtKckBo+yRKxceUJBWIDI0w2sNwGlRUZZmgw+DIZLCMtwsgT,iv:lkAVW0oJort23EBi1xZWMxPqX72ZYSqT37HPjdS7QPM=,tag:8ZKVMPjkIryW484OL1mstQ==,type:str]
forgejo-runner:
token: ENC[AES256_GCM,data:rDwc/w9RpL/++VXg+YEYTP0CPz+trQp2OP5rHgWrPU0qODh1VjHjJA==,iv:SEFGOTB4YVnZqaJ2Lg87MSPV++8kAgtYMabvqouLuaw=,tag:NvRQHU8yvc6BdyTsnmIqyg==,type:str]
syncthing:
@ -24,7 +25,7 @@ sops:
OHNTYTFFYTJQeXkzWDN3bE91RFgyMzAKV49+02ik78/chrQ1arlkQZH4G6oeRHCa
Gp/WhuuOUJ7gwERNxhduhl4+IOSGcepgN5EJeTDXppUtiKXvNzmxpA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-01T15:50:59Z"
mac: ENC[AES256_GCM,data:ZZ/zBkla2TYXIjUQ66OL1GzH3YxUi6zXchcMyFsoxeYbaF+gxSWDnHXTtQDgOb72FdWPx18zUz/vO3BTSQqJ9Yyg46hN8xpVbjU7eDgVkXYJ3WfLikz/4v4R9xpxw/ru3LNyGtx+asa/DJu/a/wu4RL2OE1cXWbxqeVtXYll2A4=,iv:2T7gwHuzdjiVCJYQgYVs6PGDpF5pRWARAi+YPIJ77UE=,tag:b+1zPuKxyTjO0G7QgZeLXg==,type:str]
lastmodified: "2026-05-02T16:46:19Z"
mac: ENC[AES256_GCM,data:UoDg5AOIt4iU+vMvyD7WMO89WyXg/5vRKrLzR8minpQ8BZZfL/2X/fXc2cKB6kcgkkDF0HT1HH1R7vT972ZvExstLFJ11ZJ88O1giHLw8r4CjzHiARl+u5SwWfZCV66QbzUZdaEfXlkgdFYUZ42BXXuTbUBgBJJg9/qlpDSrT2M=,iv:rFmQh3srY2MHnfAEM2M4VtjUmuJ8IO+OvOq6aVMnUOk=,tag:4LfFq+qX04p56w/JbAfpmQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

9
hosts/rv2/secrets/secrets.yaml
View file

@ -1,7 +1,8 @@
wireguard:
private-key: ENC[AES256_GCM,data:xUOZdGM2Wbi3ih6yankUMPqot4gDyj6AA4nMQKkHhM0dlsswyxnDQlEsNrQ=,iv:EtScTgdBYAuQUfa2TOMqCcCyVR5D60B8aA67W7uxnK4=,tag:RMd+ZplQDKaEl7qIIGIkoA==,type:str]
tailscale:
auth-key: ENC[AES256_GCM,data:oR4rdZlsq+gA5SMWXZW/2aOLU589EQGyfXl+u/CnXWPNbYRMDdmiHtZO/13PVOjJ,iv:B9RgTEom8naZxDZR9RPoQo3DNQeY4meyFcqqBqSBblA=,tag:BkCxbt67ErdidrLzjkEYnw==,type:str]
personal-key: ENC[AES256_GCM,data:2E4HSlHvf5qWYpijUnUH9isMIbva7eH6Z6Bo+OZE5lmt3tB9yUbXye3pAbEjJUPB,iv:0Wdtc4nuzjz/oTuU0xnpMRzEA0N1wcqJZWG3lQton+E=,tag:ahhISTYYxUlzfYg1LdmCtg==,type:str]
work-key: ENC[AES256_GCM,data:UKiKnoQrPzK6jc/OiOfTe6rPI9vc2URWbnq/f+3N2InBnsXw2d9Z4P5gj/FyKLz4,iv:U6L2uo7VlP1QcD29TvwbIu92sjoz5/6HNK/KqTJu2P8=,tag:tO/t7EBlTq2WGM0G+Wlu5g==,type:str]
syncthing:
gui-pw: ENC[AES256_GCM,data:yu8e1JCzZxu/VIQ4mmyqPNBkxd0=,iv:X8U91uI5VlOluQmpkcdP2b3uf1rTI3j+RcBmK1gBqKI=,tag:SmMqsW+gfSZS/dA8GObnig==,type:str]
sops:
@ -24,7 +25,7 @@ sops:
MUVCWWVHbmVCRnlnRjI0TUt6cFVnazQKZeDi8y5khMHG2uEIXdxSDAU+Eew0AMv3
jiEUyyClSas7BVaJvAGl56cIg1jfjrNEBb5rQD2mISsuM2rIuRNc/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-02T12:15:13Z"
mac: ENC[AES256_GCM,data:HpbL6uC0wZTSsjGU4DrQE8NTd+DaImXqvRObReF4uDtBgUlKYmn0/UZIThL1QCMiwUYN/SeOwNtGiT5lH/xZeoBdS683AIGfULqXxPx1EZ3NRBkSmQfayt8ltGJwozitJ59Tipv2buDEEcefCw1aG8l3qrQRc0eM09iOIeoZv5o=,iv:wdn0I7YQ4f3IgdjEZP5MdpOO2WL3dKKVF3RryJZ2ODQ=,tag:0Ri3AoYwN9SuzXo92zf6FA==,type:str]
lastmodified: "2026-05-02T17:03:54Z"
mac: ENC[AES256_GCM,data:vC+ibGJl86RftPwrBkz9kr0VkYrtLW3hvXAdMT5fAoOh9i2Rwn+Xqff1albVF+LZv/3HSeZE7+c0ciDwYE0U/9BtBu+i0w9P6IGgK0eIBcQ3zzWe4VzI4sMON8KUj0kCdNgsfPkNQ+srt6uE6YBI8UGeB1w/g0SVmVYw/vFrAGo=,iv:pEs4mzbGSLetfJjn8XJPAvNzLGkbvm2axpPBUpL80ao=,tag:L5Wc2AsQMLVk/qWACqVPcg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

22
modules/nixos/tailscale/default.nix
View file

@ -1,11 +1,27 @@
{ inputs, ... }:
{ inputs, config, ... }:
{
imports = [ inputs.synix.nixosModules.tailscale ];
services.tailscale = {
enable = true;
enableSSH = true;
loginServer = "https://hs.sid.ovh";
tailnets = {
personal = {
default = true;
loginServer = "https://hs.sid.ovh";
authKeyFile = config.sops.secrets."tailscale/personal-key".path;
enableSSH = true;
acceptDNS = false; # use coredns
};
work = {
loginServer = "https://headscale.cryodev.xyz";
enableSSH = true;
acceptDNS = true;
authKeyFile = config.sops.secrets."tailscale/work-key".path;
};
};
};
sops.secrets."tailscale/personal-key" = { };
sops.secrets."tailscale/work-key" = { };
}

6
users/sid/home/hyprland/ssh-hosts.nix
View file

@ -9,6 +9,12 @@
user = "root";
checkHostIP = false;
};
ess-helm = {
host = "e ess ess-helm *.ess-helm.de";
hostname = "ess-helm.de";
port = 2299;
user = "sid";
};
sid = {
host = "s sid *.sid.ovh";
hostname = "sid.ovh";