localModules -> local

moved keys to their own module updated nix switching pinning method
2025-12-10 00:43:56 -05:00 · 2023-07-02 00:33:46 -04:00 · 2023-07-02 00:33:46 -04:00 · 160a5c3ffe
commit 160a5c3ffe
parent 2057ff5d17
24 changed files with 187 additions and 109 deletions
--- a/hosts/gerg-desktop/containers/website.nix_
+++ b/hosts/gerg-desktop/containers/website.nix_
@ -1,4 +1,4 @@
-_:{
+_: {
  sops.secrets = {
    "website/sql_gitea" = {
      mode = "0444";
@ -63,11 +63,11 @@ _:{
        gitea = {
          enable = true;
          appName = "Powered by NixOS";
-          domain = "git.gerg-l.com";
-          rootUrl = "https://git.gerg-l.com/";
-          httpPort = giteaPort;
          settings = {
            server = {
+              DOMAIN = "git.gerg-l.com";
+              ROOT_URL = "https://git.gerg-l.com/";
+              HTTP_PORT = giteaPort;
              LANDING_PAGE = "/explore/repos";
            };
            ui = {
@ -84,7 +84,7 @@ _:{
        };
        nextcloud = {
          enable = true;
-          package = pkgs.nextcloud26;
+          package = pkgs.nextcloud27;
          hostName = "next.gerg-l.com";
          autoUpdateApps.enable = true;
          enableBrokenCiphersForSSE = false;
--- a/hosts/gerg-desktop/default.nix
+++ b/hosts/gerg-desktop/default.nix
@ -3,7 +3,7 @@
  config,
  ...
 }: {
-  localModules = {
+  local = {
    remoteBuild.isBuilder = true;
    X11Programs = {
      sxhkd.enable = true;
@ -62,6 +62,11 @@
    };
  };

+  services.udev.packages = [
+    pkgs.android-udev-rules
+  ];
+  programs.adb.enable = true;
+
  networking = {
    useDHCP = false;
    hostName = "gerg-desktop";
@ -100,10 +105,10 @@
        useDefaultShell = true;
        uid = 1000;
        isNormalUser = true;
-        extraGroups = ["wheel" "audio"];
+        extraGroups = ["wheel" "audio" "adbusers"];
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
+          config.local.keys.gerg_gerg-phone
+          config.local.keys.gerg_gerg-windows
        ];
        passwordFile = config.sops.secrets.gerg.path;
      };
--- a/hosts/gerg-desktop/secrets.yaml
+++ b/hosts/gerg-desktop/secrets.yaml
@ -1,5 +1,6 @@
 discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str]
 gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
+store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str]
 website:
    nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
    sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
@ -21,8 +22,8 @@ sops:
            dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
            MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-19T00:33:35Z"
-    mac: ENC[AES256_GCM,data:YWGS3fxhEh6Xz/OohJkQdvGzfe9Do7IRN7MiuHo8URbidq6DLsuvN086QNlMQEnopR5BDJ2V+4inKS1xOM+G66e4Ta/uYH7VweamGSk/dGGqAnG5uylljIupSS9WDvI0tpv2PMWrbGV6oEps0SPC2HN7CvhI8EaSQdz3CvEYKgo=,iv:YDKgb90IvwEkfRFMwoy/Y1LREHe2Dzf3Dt97BT/wJuo=,tag:HSmmPdyhF5dr+5IvM+Xo6Q==,type:str]
+    lastmodified: "2023-07-02T03:02:17Z"
+    mac: ENC[AES256_GCM,data:iz4xGDiaMNvmNum2R7Bm5NmRBzUo8clhV60hLcHrIpjGwpbrRuWEnsQL6hvUu2O8zZDx7xH0MApig7dYvdNyPaloWiWob/DPT5AgWx++etr40z0Bbl3GHY+WQQdqU+E6l+x0LMQYGv3GQv4o166VsnFsCm5ParPeMmZa3+kaxBw=,iv:Q4JL2EtXRD3LKWx95q0Jo27UWHCHn2i6cM87Z/GhO28=,tag:rxwjRdK85znMzX6H/rx+9A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/hosts/gerg-desktop/zfs.nix
+++ b/hosts/gerg-desktop/zfs.nix
@ -7,6 +7,7 @@ _: {
  systemd.tmpfiles.rules = [
    "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
    "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
+    "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"
  ];
  #create machine-id for spotify
  environment.etc = {