lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

Compare commits

base: lelgenio:4065f0146b9725c5911237f28bc249049f559d78
Branches Tags
lelgenio:main
lelgenio:niri
lelgenio:nixos-25.11
lelgenio:wipg
lelgenio:caffeinated
lelgenio:try-fix-firefox
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:gnome
lelgenio:hyprland
...
compare: lelgenio:5ccec30fae480eb833b470db38bcc487752175c3
Branches Tags
lelgenio:niri
lelgenio:main
lelgenio:nixos-25.11
lelgenio:wipg
lelgenio:caffeinated
lelgenio:try-fix-firefox
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:gnome
lelgenio:hyprland

5 commits
4065f0146b ... 5ccec30fae

Author SHA1 Message Date
Leonardo Eugênio
5ccec30fae monolith: disable some nebula lighthouses 2026-02-22 09:43:39 -03:00
Leonardo Eugênio
e1c81e5347 containers: install libvirt 2026-02-22 09:43:39 -03:00
Leonardo Eugênio
030853eef1 fish: set TERM when running ssh 2026-02-22 09:43:39 -03:00
Leonardo Eugênio
c70164709e phantom: set default syncthing password 2026-02-22 09:43:39 -03:00
Leonardo Eugênio
5b01cf9169 flake: remove agenix 2026-02-22 09:43:39 -03:00
12 changed files with 34 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

75
flake.lock generated
View file

@ -16,31 +16,6 @@
"type": "github" "type": "github"
} }
}, },
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -155,28 +130,6 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"demoji": { "demoji": {
"inputs": { "inputs": {
"advisory-db": "advisory-db", "advisory-db": "advisory-db",
@ -312,7 +265,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -330,7 +283,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -363,7 +316,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -381,7 +334,7 @@
}, },
"flake-utils_5": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -399,7 +352,7 @@
}, },
"flake-utils_6": { "flake-utils_6": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -417,7 +370,7 @@
}, },
"flake-utils_7": { "flake-utils_7": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -791,7 +744,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"catboy-spinner": "catboy-spinner", "catboy-spinner": "catboy-spinner",
"contador-da-viagem": "contador-da-viagem", "contador-da-viagem": "contador-da-viagem",
"demoji": "demoji", "demoji": "demoji",
@ -973,21 +925,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tlauncher": { "tlauncher": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_5",

8
flake.nix
View file

@ -22,12 +22,6 @@
plymouth-themes.url = "github:adi1090x/plymouth-themes"; plymouth-themes.url = "github:adi1090x/plymouth-themes";
plymouth-themes.flake = false; plymouth-themes.flake = false;
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -111,12 +105,10 @@
common_modules = [ common_modules = [
{ nixpkgs.pkgs = pkgs; } { nixpkgs.pkgs = pkgs; }
./system/configuration.nix ./system/configuration.nix
./system/secrets.nix
./system/sops.nix ./system/sops.nix
./system/greetd.nix ./system/greetd.nix
{ login-manager.greetd.enable = desktop == "sway"; } { login-manager.greetd.enable = desktop == "sway"; }
inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.default inputs.sops-nix.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko

8
hosts/monolith/nebula-vpn.nix
View file

@ -16,8 +16,6 @@ in
enable = true; enable = true;
isLighthouse = false; isLighthouse = false;
lighthouses = [ lighthouses = [
"192.168.88.1"
"192.168.88.2"
"192.168.88.3" "192.168.88.3"
]; ];
settings = { settings = {
@ -27,12 +25,6 @@ in
key = s."nebula-wopus-vpn/monolith-key".path; key = s."nebula-wopus-vpn/monolith-key".path;
ca = s."nebula-wopus-vpn/ca-crt".path; ca = s."nebula-wopus-vpn/ca-crt".path;
staticHostMap = { staticHostMap = {
"192.168.88.1" = [
"neubla-vpn.wopus.dev:4242"
];
"192.168.88.2" = [
"82.25.77.78:4242"
];
"192.168.88.3" = [ "192.168.88.3" = [
"72.60.60.221:4242" "72.60.60.221:4242"
]; ];

5
hosts/phantom/default.nix
View file

@ -8,7 +8,6 @@
{ {
imports = [ imports = [
inputs.vpsadminos.nixosConfigurations.container inputs.vpsadminos.nixosConfigurations.container
inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.default inputs.sops-nix.nixosModules.default
../../system/sops.nix ../../system/sops.nix
@ -57,10 +56,6 @@
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576; boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
age = {
identityPaths = [ "/root/.ssh/id_rsa" ];
};
sops = { sops = {
secrets.hello = { }; secrets.hello = { };
defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml; defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;

10
hosts/phantom/syncthing.nix
View file

@ -11,6 +11,10 @@
dataDir = "/var/lib/syncthing-data"; dataDir = "/var/lib/syncthing-data";
guiAddress = "0.0.0.0:8384"; guiAddress = "0.0.0.0:8384";
openDefaultPorts = true; openDefaultPorts = true;
guiPasswordFile = config.sops.secrets."syncthing/password".path;
settings.gui = {
user = "lelgenio";
};
}; };
services.nginx.virtualHosts."syncthing.lelgenio.com" = { services.nginx.virtualHosts."syncthing.lelgenio.com" = {
@ -26,4 +30,10 @@
"proxy_pass_header Authorization;"; "proxy_pass_header Authorization;";
}; };
}; };
sops.secrets."syncthing/password" = {
mode = "400";
owner = "syncthing";
group = "syncthing";
};
} }

6
secrets/phantom/default.yaml
View file

@ -18,6 +18,8 @@ nextcloud:
default-password: ENC[AES256_GCM,data:mR0KRCheXh6NBVn+odK9Kx0e4njJDuZ6OS37Iw==,iv:PAb/sCt7hq5WKZwr4FMfiMqf7mGvpXQEnZcbzmDz9oI=,tag:ukBDHbFKrStXckzuE1TwJA==,type:str] default-password: ENC[AES256_GCM,data:mR0KRCheXh6NBVn+odK9Kx0e4njJDuZ6OS37Iw==,iv:PAb/sCt7hq5WKZwr4FMfiMqf7mGvpXQEnZcbzmDz9oI=,tag:ukBDHbFKrStXckzuE1TwJA==,type:str]
writefreely: writefreely:
password: ENC[AES256_GCM,data:5hzvM8Aitvj4Hb/RgViV1QjsnpQqln0k1nZvEz8Y7vdZvcHo,iv:Wi+pKcGqi09050sitgxt/+hYGF2mlmYC0SDjmqSWPr4=,tag:V0KSBgIV4fgMbxuADVTxrA==,type:str] password: ENC[AES256_GCM,data:5hzvM8Aitvj4Hb/RgViV1QjsnpQqln0k1nZvEz8Y7vdZvcHo,iv:Wi+pKcGqi09050sitgxt/+hYGF2mlmYC0SDjmqSWPr4=,tag:V0KSBgIV4fgMbxuADVTxrA==,type:str]
syncthing:
password: ENC[AES256_GCM,data:s3EMaGJGSwGxgajdHfWpblAU1Ows/h5JzS6PB9jU/BfmSMvG,iv:E2Exhs2f2v16iovexQGm9HUMxpLrY2uQ8OS/rOawj08=,tag:QXesaGB9v+yPnokZh6DMWA==,type:str]
sops: sops:
age: age:
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
@ -38,8 +40,8 @@ sops:
RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ== o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-15T06:46:07Z" lastmodified: "2026-02-22T12:00:25Z"
mac: ENC[AES256_GCM,data:lnvq80oOH2pO6AxBbnjNxvz0xcukTFowcxKf24RKFf/ZouRL6uCJEWJwNCoAKCGOHibrztsGHLDL/cgOffv9CTivIYmzbB+9q2MCQNGxrSL7CkWr/mK9xb5Yz1ASvvZxcGB7WmZNVZXvjIr6mdZy50UweHJoit+oDvE03cmG9Bw=,iv:CikhhcnCE9SXpRasZEImUR6vU5cauD4YIplxPYsPo4A=,tag:+QaBv8Nrk40UCYhUskepyw==,type:str] mac: ENC[AES256_GCM,data:AZm1yDw8whCTufBYbiug3i1e1YQRVprOMFTSR6GvvPDXD8ouvwSqoqYbmL7Cm1GxEG5WME1Z/tRzBzN2rU0gleGpXAXb/C+nF3R4PEHdPg25b0vfWAShZHb1YZGpMwkAd3H69y7yJclXeE2sFKx85DUGieYELelrzF9hT8jceHE=,iv:74M+68IAx0Kv7MCAe4Hsj/oTRJP6XOZNc2bxc1Ot5kI=,tag:XfocOwXlpM9WYHVHGs0MWg==,type:str]
pgp: pgp:
- created_at: "2025-03-07T22:49:19Z" - created_at: "2025-03-07T22:49:19Z"
enc: |- enc: |-

5
secrets/secrets.nix
View file

@ -1,5 +0,0 @@
let
main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
in
{
}

4
system/containers.nix
View file

@ -48,5 +48,9 @@
programs.extra-container.enable = true; programs.extra-container.enable = true;
programs.firejail.enable = true; programs.firejail.enable = true;
virtualisation.libvirtd.enable = true;
environment.systemPackages = with pkgs; [ dnsmasq ];
networking.firewall.trustedInterfaces = [ "virbr0" ];
}; };
} }

6
system/secrets.nix
View file

@ -1,6 +0,0 @@
{ pkgs, config, ... }:
{
age = {
identityPaths = [ "/root/.ssh/id_rsa" ];
};
}

2
system/users.nix
View file

@ -20,6 +20,8 @@
"corectrl" "corectrl"
"vboxusers" "vboxusers"
"input" "input"
"libvirtd"
"kvm"
]; ];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

8
user/fish/default.nix
View file

@ -43,6 +43,14 @@ in
echo "Exported key $export[1]" echo "Exported key $export[1]"
end end
end end
function ssh
if test "$TERM" = "alacritty"
env TERM=xterm-256color ssh $argv
else
env ssh $argv
end
end
''; '';
shellAliases = { shellAliases = {
rm = "trash"; rm = "trash";

3
user/home.nix
View file

@ -114,9 +114,6 @@
deluge deluge
nicotine-plus nicotine-plus
## Nix secrets management
inputs.agenix.packages.x86_64-linux.default
## Programming ## Programming
# rustup # rustup