gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix up services

Browse source
This commit is contained in:
Gerg-L 2023-10-23 18:18:13 -04:00
parent 6e5b5f3173
commit 4a13abb197
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
4 changed files with 16 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/gerg-desktop/secrets.yaml
View file

@ -1,4 +1,4 @@
cloudflare: ENC[AES256_GCM,data:yoP4ypD6gD6ZBbuFIzT9nJxgwky1ev1jpaOOyEVMpeShQa3/zR4GCA==,iv:Vx6sHF/k0gkIf8S7hGtHPPM8gOBJKg30QbqZgQ0tvHg=,tag:vh8v8Fu7wMs1Opw7dZvkrg==,type:str] cloudflare: ENC[AES256_GCM,data:RZ+Smjn1nvnkxYAF56fEcBsFvO3YY+FWJ8wb0c72sxQleRjy9tVp7yDr9gRfUg3G,iv:mGaFxKFLrIouNhyqq/nBKaKub1WfekcCeHVLASQpBCs=,tag:xKl5EHR9g7d4pJkt49BLyw==,type:str]
discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str] discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str]
searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str] searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str]
minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str] minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str]
@ -24,8 +24,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-29T03:41:47Z" lastmodified: "2023-10-23T22:08:14Z"
mac: ENC[AES256_GCM,data:l8NkKfp3NCn7zOX4HT56kA2PHAPdaMOCPAw+jsiIFaUMeO80KgpdjOfzluOgL+vrp9xm3FQsbwMyr106WkOU5pSIigi1nvXRKnLeuxpjBI6lppeNl9vj6JhJkECHqAdoy5XWmQmRopu89OP2cdlIiU+eykZ9eXSexEp2zGl16U4=,iv:9dXbt8Qi2gqY6M5ySFuxqZbvjPkls0Gbrzdm1j+IyAA=,tag:bgMXWdIQbYiq6GwJwpxkqA==,type:str] mac: ENC[AES256_GCM,data:DPRroMke8bs2Mvd7tCw+Yh35D5IuZM1IIP/h9sgvx49wadEAQViKXgJksIttZ+HtPO9MrKm+T3Aczg0piC+eDVY0tK+k4qQ0EDVXVddUP89Iw+KxmABqH9u8+293salandcnC1NSPAYs2ojajoU/3ioReeZREFAiN3ohOOS1Nx0=,iv:rhugs11hOqhTVUYO+2H4BS65sIwaarbhv3e2x8mYOm4=,tag:d/2PQ9qplas3+zrzbdAHWw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.1

22
hosts/gerg-desktop/services/ddns.nix
View file

@ -17,7 +17,7 @@ _:
startAt = "*:0/30"; startAt = "*:0/30";
serviceConfig = { serviceConfig = {
LoadCredential = "token:${config.sops.secrets.cloudflare.path}"; EnvironmentFile = config.sops.secrets.cloudflare.path;
DynamicUser = true; DynamicUser = true;
}; };
@ -33,8 +33,6 @@ _:
exit 0 exit 0
fi fi
AUTH="$(cat "$CREDENTIALS_DIRECTORY/token")"
IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//') IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//')
func () { func () {
@ -69,15 +67,15 @@ _:
--url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \ --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \
--header "Authorization: Bearer $AUTH" \ --header "Authorization: Bearer $AUTH" \
--header "Content-Type: application/json" \ --header "Content-Type: application/json" \
--data "{ --data '{
\"content\": \"$IP\", "content": "'"$IP"'",
\"name\": \"$RECORD\", "name": "'"$RECORD"'",
\"proxied\": $PROXY, "proxied": '"$PROXY"',
\"type\": \"AAAA\", "type": "AAAA",
\"comment\": \"\", "comment": "",
\"tags\": [], "tags": [],
\"ttl\": 1 "ttl": 1
}" }'
} }
func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"

2
hosts/gerg-desktop/services/miniflux.nix
View file

@ -6,7 +6,7 @@ _:
... ...
}: }:
{ {
sops.secrets.minifluxenv.owner = "miniflux"; sops.secrets.minifluxenv = { };
systemd.services = { systemd.services = {
miniflux = { miniflux = {

9
hosts/gerg-desktop/services/searxng.nix
View file

@ -1,18 +1,11 @@
_: _:
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
sops.secrets.searxngenv = { sops.secrets.searxngenv = { };
owner = "searx";
group = "searx";
};
users.users.${config.services.nginx.user}.extraGroups = [ "searx" ]; users.users.${config.services.nginx.user}.extraGroups = [ "searx" ];
services.searx = { services.searx = {
enable = true; enable = true;
package = pkgs.searxng; package = pkgs.searxng;
#Later
/* redisCreateLocally = true;
limiterSettings = {};
*/
runInUwsgi = true; runInUwsgi = true;
uwsgiConfig = { uwsgiConfig = {
socket = "/run/searx/searx.sock"; socket = "/run/searx/searx.sock";