diff --git a/flake.lock b/flake.lock index fcd58d6..f5f51ff 100644 --- a/flake.lock +++ b/flake.lock @@ -87,22 +87,6 @@ "type": "github" } }, - "jellyfin-exporter": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "path": "./jellyfin-exporter", - "type": "path" - }, - "original": { - "path": "./jellyfin-exporter", - "type": "path" - }, - "parent": [] - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -144,7 +128,6 @@ "inputs": { "agenix": "agenix", "home-manager": "home-manager_2", - "jellyfin-exporter": "jellyfin-exporter", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs" } diff --git a/flake.nix b/flake.nix index 1667b77..2883726 100644 --- a/flake.nix +++ b/flake.nix @@ -9,8 +9,6 @@ home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; - jellyfin-exporter.url = "path:./jellyfin-exporter"; - jellyfin-exporter.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -20,20 +18,16 @@ home-manager, nixpkgs, agenix, - jellyfin-exporter, }: let macbook = import ./systems/macbook/macbook.nix inputs; selene = import ./systems/selene/system.nix inputs; - - ren = import ./systems/ren/system.nix inputs; in { # Build darwin flake using: # $ darwin-rebuild build --flake .#Maxiems-MacBook-Pro darwinConfigurations."Maxiems-MacBook-Pro" = macbook; nixosConfigurations.selene = selene; - nixosConfigurations.ren = ren; }; } diff --git a/jellyfin-exporter/flake.nix b/jellyfin-exporter/flake.nix deleted file mode 100644 index 307e58b..0000000 --- a/jellyfin-exporter/flake.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; - }; - - outputs = - { self, nixpkgs }: - let - # The set of systems to provide outputs for - allSystems = [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; - - # A function that provides a system-specific Nixpkgs for the desired systems - forAllSystems = - f: - nixpkgs.lib.genAttrs allSystems ( - system: - f { - pkgs = import nixpkgs { inherit system; }; - } - ); - in - { - packages = forAllSystems ( - { pkgs }: - { - default = pkgs.buildGoModule (finalAttrs: { - doCheck = false; - pname = "jellyfin-exporter"; - version = "1.3.8"; - - src = pkgs.fetchFromGitHub { - owner = "rebelcore"; - repo = "jellyfin_exporter"; - tag = "v${finalAttrs.version}"; - hash = "sha256-7fIrjcy6y/Ayj43WeuPNCx3uVJyl5Wf6bWs5ta2PpWc="; - }; - - # Let Nix fetch Go modules and hash them automatically - vendorHash = "sha256-JSOKDbefQyDLNy2y1oW7HUplQw8uhhOGZ+ueWyUYYQ0="; - - meta = { - description = "Jellyfin exporter for Prometheus"; - homepage = "https://github.com/rebelcore/jellyfin_exporter"; - license = pkgs.lib.licenses.asl20; - }; - }); - } - ); - }; -} diff --git a/keys/hetzner.priv b/keys/hetzner.priv deleted file mode 100644 index 3d9659c..0000000 Binary files a/keys/hetzner.priv and /dev/null differ diff --git a/keys/macbook.priv b/keys/macbook.priv index c3935a5..2584baf 100644 Binary files a/keys/macbook.priv and b/keys/macbook.priv differ diff --git a/keys/master.priv b/keys/master.priv index d2ffd90..4c8e0ec 100644 Binary files a/keys/master.priv and b/keys/master.priv differ diff --git a/keys/ren.priv b/keys/ren.priv deleted file mode 100644 index 7b2a0ed..0000000 Binary files a/keys/ren.priv and /dev/null differ diff --git a/keys/ren.pub b/keys/ren.pub deleted file mode 100644 index 3454ee9..0000000 --- a/keys/ren.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIM1gLSFZSVq+5s58+pymRJY+QOWHm6SZvvhY93YDm5k ren@me.com diff --git a/keys/secrets.nix b/keys/secrets.nix index c1ba64d..ad697ad 100644 --- a/keys/secrets.nix +++ b/keys/secrets.nix @@ -2,16 +2,10 @@ let selene = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEiuoUbvgZ2N03MTcWw4z+oUB9SG0jR0fy5AnTTBHym" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcfmaqbtwSEydV2hge/aDWxfwlKOw/JJZZWy8ycjojH" ]; macbook = [ (builtins.readFile ./macbook.pub) ]; master = [ (builtins.readFile ./master.pub) ]; - ren = [ (builtins.readFile ./ren.pub) ]; in { "jellyfin-key".publicKeys = selene; "google-storage-key".publicKeys = selene; "macbook.priv".publicKeys = macbook ++ master; "master.priv".publicKeys = macbook ++ master; - "wg-selene".publicKeys = macbook ++ selene ++ master; - "wg-macbook".publicKeys = macbook ++ master; - "hetzner.priv".publicKeys = macbook ++ selene ++ master ++ ren; - "wg-ren".publicKeys = macbook++master; - "ren.priv".publicKeys = master ++ ren; } \ No newline at end of file diff --git a/keys/wg-macbook b/keys/wg-macbook deleted file mode 100644 index d4487b3..0000000 --- a/keys/wg-macbook +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 M7OTMg f7fgG3DiQpjnDRSEUjSinuqgLATaK7QRN59bSimH1EU -9sKf6eQVwqVBrB553zCHwFs0uyQGRpIJkBZ0AyXPFC4 --> ssh-ed25519 CJLJQg +b+cRU3irwvMnqVBWBIV4GoRyEy+Lg3LHUxZ/httTDo -uBlqCHMXyf1Um+W6y1Bh9pY0osqdeTgFQGuR6eSHQP4 ---- Ft1Ii2eVy0h8X6h7ABOW6ryT4ctxg9jS8utA7s52bBA -z0yWϥ4Ͱ^| -MuRtLA:*Ȃh2Sζk咬F& m1y \ No newline at end of file diff --git a/keys/wg-macbook.pub b/keys/wg-macbook.pub deleted file mode 100644 index d151aae..0000000 --- a/keys/wg-macbook.pub +++ /dev/null @@ -1 +0,0 @@ -uFmbvJBptZsrzYDqpZM7SsibELaIRZIT91dr+lg4UTQ= diff --git a/keys/wg-ren b/keys/wg-ren deleted file mode 100644 index 858a6a6..0000000 --- a/keys/wg-ren +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 M7OTMg QdJds7EpXMyyO9aKmqQg3HWmY6RQbzkQxRQw+K9fn14 -/SlvfJAOmCqYvIOZm/ZSynAIWSC+2dAvPpa+5Me6I8k --> ssh-ed25519 CJLJQg MqNRTuwFcRdZ5VFbcgXQwjRxMAHLJEdUKLuXFPtkRVc -qRaaJzGRPiW2doetErhhUKwUXitvsQ5CGl2QzGK44Ss ---- fCQGYqP7qr+S1tzDeyce5Bn4iWsXq+kIe/ojPNj0LVA -4Zi"՞3W+i98ߞ=unBy]@[X[] XÛ5̜zl@ \ No newline at end of file diff --git a/keys/wg-ren.pub b/keys/wg-ren.pub deleted file mode 100644 index c183803..0000000 --- a/keys/wg-ren.pub +++ /dev/null @@ -1 +0,0 @@ -wvTFERFXOPcgziLtLtfF3LGv5zmBWikCy/yLRwSuxWA= diff --git a/keys/wg-selene b/keys/wg-selene deleted file mode 100644 index 9c5a200..0000000 Binary files a/keys/wg-selene and /dev/null differ diff --git a/keys/wg-selene.pub b/keys/wg-selene.pub deleted file mode 100644 index aa058e5..0000000 --- a/keys/wg-selene.pub +++ /dev/null @@ -1 +0,0 @@ -4N/84YKCDOPpXTkRxBDQOOUzKR2PXOy4/3gJbel1yE4= diff --git a/modules/servermodules/forgejo/forgejo.nix b/modules/servermodules/forgejo/forgejo.nix deleted file mode 100644 index e82db47..0000000 --- a/modules/servermodules/forgejo/forgejo.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -let - cfg = config.services.forgejo; - srv = cfg.settings.server; -in -{ - services.forgejo = { - enable = true; - database.type = "postgres"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "git.maxiemgeldhof.com"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3028; - }; - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act - actions = { - ENABLED = false; - }; - - metrics = { - ENABLED = true; - }; - }; - }; -} diff --git a/modules/servermodules/jellyfin/jellyfin.nix b/modules/servermodules/jellyfin/jellyfin.nix index 15baa37..f976393 100644 --- a/modules/servermodules/jellyfin/jellyfin.nix +++ b/modules/servermodules/jellyfin/jellyfin.nix @@ -18,7 +18,7 @@ }; age.secrets.jellyfin-key = { - file = ../../../keys/jellyfin-key; + file = ./secrets/jellyfin-key; owner = "jellyfin"; }; diff --git a/modules/servermodules/nginx.nix b/modules/servermodules/nginx.nix index 4cd70b6..b114fe6 100644 --- a/modules/servermodules/nginx.nix +++ b/modules/servermodules/nginx.nix @@ -1,37 +1,39 @@ -rootdomain: { +{ rootdomain }: +{ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/logs/nginx" ]; services.nginx.enable = true; services.nginx.commonHttpConfig = '' - log_format myformat '$remote_addr - $remote_user [$time_local] ' - '$host "$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - ''; + log_format myformat '$remote_addr - $remote_user [$time_local] ' + '$host "$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + ''; services.nginx.virtualHosts."default" = { - enableACME = false; - rejectSSL = true; - default = true; + enableACME = false; + rejectSSL = true; + default = true; - locations."/" = { - return = 404; - }; - extraConfig = '' - access_log /logs/nginx/nginx-access.log myformat; - ''; + locations."/" = { + return = 404; + }; + extraConfig = '' + access_log /logs/nginx/nginx-access.log myformat; + ''; }; - services.nginx.virtualHosts."grafana.${rootdomain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - extraConfig = '' - access_log /logs/nginx/nginx-access.log myformat; - ''; + services.nginx.virtualHosts."grafana.${rootdomain}" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + extraConfig = '' + access_log /logs/nginx/nginx-access.log myformat; + ''; }; services.nginx.virtualHosts."jellyfin.${rootdomain}" = { @@ -48,11 +50,11 @@ rootdomain: { proxyPass = "http://127.0.0.1:8096/metrics"; recommendedProxySettings = true; extraConfig = '' - allow 127.0.0.1; - allow 192.168.0.0/16; - allow 10.0.0.0/8; - allow 172.16.0.0/12; - deny all; + allow 127.0.0.1; + allow 192.168.0.0/16; + allow 10.0.0.0/8; + allow 172.16.0.0/12; + deny all; ''; }; @@ -66,34 +68,9 @@ rootdomain: { defaults.email = "admin@${rootdomain}"; }; - services.nginx.virtualHosts."git.${rootdomain}" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:3028"; - recommendedProxySettings = true; - }; - - locations."/metrics" = { - proxyPass = "http://127.0.0.1:3028/metrics"; - recommendedProxySettings = true; - extraConfig = '' - allow 127.0.0.1; - allow 192.168.0.0/16; - allow 10.0.0.0/8; - allow 172.16.0.0/12; - deny all; - ''; - }; - - extraConfig = '' - access_log /logs/nginx/nginx-access.log myformat; - ''; - }; - systemd.tmpfiles.rules = [ - # Type Path Mode User Group Age Argument - "d /logs/nginx 0755 nginx nginx - -" - ]; + # Type Path Mode User Group Age Argument + "d /logs/nginx 0755 nginx nginx - -" + ] } + diff --git a/modules/servermodules/packages.nix b/modules/servermodules/packages.nix index d15c966..4d3f88c 100644 --- a/modules/servermodules/packages.nix +++ b/modules/servermodules/packages.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, ... }: { environment.systemPackages = [ pkgs.git @@ -8,7 +8,7 @@ pkgs.tmux ]; age.secrets.google-storage-key = { - file = ../../keys/google-storage-key; + file = ./secrets/google-storage-key; owner = "root"; }; environment.variables.GOOGLE_APPLICATION_CREDENTIALS = config.age.secrets."google-storage-key".path; diff --git a/modules/servermodules/wireguard/wireguard-server.nix b/modules/servermodules/wireguard/wireguard-server.nix deleted file mode 100644 index 0e9144b..0000000 --- a/modules/servermodules/wireguard/wireguard-server.nix +++ /dev/null @@ -1,72 +0,0 @@ -let - allowedIPs = [ "10.100.0.1/24" ]; - port = 51820; - publicIp = "37.27.207.39"; -in -{ - serverModule = - { - pkgs, - config, - ... - }: - { - # enable NAT - networking.nat.enable = true; - networking.nat.externalInterface = "eth0"; - networking.nat.internalInterfaces = [ "wg0" ]; - networking.firewall = { - allowedUDPPorts = [ port ]; - }; - - age.secrets.wg-selene = { - file = ../../../keys/wg-selene; - owner = "selene"; - }; - networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the server's end of the tunnel interface. - ips = allowedIPs; - - # The port that WireGuard listens to. Must be accessible by the client. - listenPort = port; - - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients - # postSetup = '' - # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE - # ''; - - # # This undoes the above command - # postShutdown = '' - # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE - # ''; - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - - privateKeyFile = config.age.secrets.wg-selene.path; - - peers = [ - # List of allowed peers. - (import ../../../systems/macbook/wireguard.nix).peerConfig - { - publicKey = (builtins.readFile ../../../keys/wg-ren.pub); - allowedIPs = [ "10.100.0.3/32" ]; - } - ]; - }; - }; - }; - - infoForClients = { - endpoint = "${publicIp}:${builtins.toString port}"; - allowedIPs = allowedIPs; - publicKey = builtins.readFile ../../../keys/wg-selene.pub; - persistentKeepalive = 25; - }; -} diff --git a/modules/usermodules/darwinsettings.nix b/modules/usermodules/darwinsettings.nix index 253c4e5..31fecd3 100644 --- a/modules/usermodules/darwinsettings.nix +++ b/modules/usermodules/darwinsettings.nix @@ -2,7 +2,7 @@ self: { pkgs, agenix, ... }: { # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget - environment.systemPackages = [ pkgs.vim pkgs.vscode pkgs.git pkgs.nixfmt-rfc-style agenix.packages.aarch64-darwin.default pkgs.python3 pkgs.wireguard-tools]; + environment.systemPackages = [ pkgs.vim pkgs.vscode pkgs.git pkgs.nixfmt-rfc-style agenix.packages.aarch64-darwin.default pkgs.python3]; # Necessary for using flakes on this system. nix.settings.experimental-features = "nix-command flakes"; diff --git a/systems/macbook/macbook.nix b/systems/macbook/macbook.nix index 8ce6646..97e8b97 100644 --- a/systems/macbook/macbook.nix +++ b/systems/macbook/macbook.nix @@ -1,22 +1,15 @@ -{ - nix-darwin, - home-manager, - agenix, - self, - ... -}: +{ nix-darwin, home-manager, agenix, self, ... }: nix-darwin.lib.darwinSystem { modules = [ - agenix.darwinModules.default { system.primaryUser = "maxiemgeldhof"; } (import ../../modules/usermodules/darwinsettings.nix self) home-manager.darwinModules.home-manager - ./users.nix - (import ./wireguard.nix).systemModule + (import ./users.nix) + agenix.darwinModules.default ]; specialArgs = { - home-manager = home-manager; + home-manager=home-manager; agenix = agenix; }; } diff --git a/systems/macbook/users.nix b/systems/macbook/users.nix index 038f488..da4bb7a 100644 --- a/systems/macbook/users.nix +++ b/systems/macbook/users.nix @@ -13,10 +13,6 @@ let programs.zsh = (import ../../modules/usermodules/zsh.nix).programs.zsh; programs.git = (import ../../modules/usermodules/git.nix).programs.git; - - programs.ssh.matchBlocks.ren = { - - }; }; in { @@ -24,5 +20,4 @@ in home-manager.useUserPackages = true; home-manager.users.maxiemgeldhof = userconfig; users.users.maxiemgeldhof.home = "/Users/maxiemgeldhof"; - age.identityPaths = [ "/Users/maxiemgeldhof/.ssh/id_ed25519" ]; } diff --git a/systems/macbook/wireguard.nix b/systems/macbook/wireguard.nix deleted file mode 100644 index 35e93c8..0000000 --- a/systems/macbook/wireguard.nix +++ /dev/null @@ -1,32 +0,0 @@ -let - ip = "10.100.0.2/32"; - publicKey = (builtins.readFile ../../keys/wg-macbook.pub); -in -{ - systemModule = { config, ... }: { - age.secrets.wg-private.file = ../../keys/wg-macbook; - networking.wg-quick.interfaces.wg-selene = { - privateKeyFile = config.age.secrets.wg-private.path; - - # The internal IP address assigned to this client by the server. - # The /24 subnet mask is important for knowing the VPN's local network. - address = [ ip ]; - - # DNS server(s) to use when the tunnel is active. - # This is critical for resolving hostnames when all traffic is routed. - dns = [ - "1.1.1.1" - "1.0.0.1" - ]; # Cloudflare DNS, or use your preferred one like 8.8.8.8 - - peers = [ - (import ../../modules/servermodules/wireguard/wireguard-server.nix).infoForClients - ]; - }; - }; - - peerConfig = { - publicKey = publicKey; - allowedIPs = [ip]; - }; -} diff --git a/systems/ren/hardware.nix b/systems/ren/hardware.nix deleted file mode 100644 index 2f48c31..0000000 --- a/systems/ren/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0683-2D32"; - fsType = "vfat"; - }; - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "xen_blkfront" - "vmw_pvscsi" - ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - system.stateVersion = "23.11"; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - -} diff --git a/systems/ren/system.nix b/systems/ren/system.nix deleted file mode 100644 index d78fa0d..0000000 --- a/systems/ren/system.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - agenix, - jellyfin-exporter, - nixpkgs, - self, - ... -}: -let - system = "x86_64-linux"; -in -nixpkgs.lib.nixosSystem { - system = system; - specialArgs = { - # This selects the package for the current system and passes it - exporter-pkg = jellyfin-exporter.packages.${system}.default; - system = system; - }; - - modules = [ - { - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "Ren"; - networking.domain = ""; - services.openssh.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - ]; - }; - } - ./users.nix - ./hardware.nix - agenix.nixosModules.default - ]; -} diff --git a/systems/ren/users.nix b/systems/ren/users.nix deleted file mode 100644 index cb5485d..0000000 --- a/systems/ren/users.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - users.users.ren = { - isNormalUser = true; - home = "/home/ren"; - hashedPassword = "$y$j9T$KjOwguW/7P9GvbNg6Yy.k/$8xf3aqnJ909HSjxtpe854RKdiXiPpbOLt.aiuJSfeC0"; - openssh.authorizedKeys.keys = [ - (builtins.readFile ../../keys/hetzner.pub) - (builtins.readFile ../../keys/asus.pub) - (builtins.readFile ../../keys/macbook.pub) - ]; - - extraGroups = [ - "wheel" - "networkmanager" - ]; - }; - - age.secrets.hetzner-key = { - file = ../../keys/hetzner.priv; - owner = "ren"; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - (builtins.readFile ../../keys/hetzner.pub) - ]; - age.identityPaths = [ "/home/ren/.ssh/id_ed25519" ]; - -} diff --git a/systems/selene/basesettings.nix b/systems/selene/basesettings.nix index 448afa3..6ef1b84 100644 --- a/systems/selene/basesettings.nix +++ b/systems/selene/basesettings.nix @@ -1,7 +1,7 @@ { ... }: { imports = [ - ./hardware.nix + ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect ]; diff --git a/systems/selene/system.nix b/systems/selene/system.nix index a48777f..2a7edc4 100644 --- a/systems/selene/system.nix +++ b/systems/selene/system.nix @@ -1,31 +1,19 @@ -{ - agenix, - jellyfin-exporter, - nixpkgs, - self, - ... -}: -let - system = "aarch64-linux"; -in +{ agenix, jellyfin-exporter, nixpkgs, ... }: nixpkgs.lib.nixosSystem { system = system; specialArgs = { # This selects the package for the current system and passes it exporter-pkg = jellyfin-exporter.packages.${system}.default; - system = system; }; modules = [ ./basesettings.nix ./users.nix ../../modules/servermodules/packages.nix - (import ../../modules/servermodules/nginx.nix "maxiemgeldhof.com") - ../../modules/servermodules/grafana/grafana.nix - ../../modules/servermodules/jellyfin/jellyfin.nix - (import ../../modules/servermodules/wireguard/wireguard-server.nix).serverModule + (import ./nginx.nix "maxiemgeldhof.com") + ../../modules/servermodules/grafana.nix + ../../modules/servermodules/jellyfin.nix ./volumes.nix - ../../modules/servermodules/forgejo/forgejo.nix agenix.nixosModules.default ]; } diff --git a/systems/selene/users.nix b/systems/selene/users.nix index 7bf2c37..1885a32 100644 --- a/systems/selene/users.nix +++ b/systems/selene/users.nix @@ -6,7 +6,7 @@ openssh.authorizedKeys.keys = [ (builtins.readFile ../../keys/hetzner.pub) (builtins.readFile ../../keys/asus.pub) - (builtins.readFile ../../keys/macbook.pub) + (builtins.readFile "../../keys/pacbook.pub") ]; extraGroups = [ @@ -14,10 +14,4 @@ "networkmanager" ]; }; - - age.secrets.hetzner-key = { - file = ../../keys/hetzner.priv; - owner = "selene"; - }; - }