noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 05:00:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

more adjustments

Browse Source
This commit is contained in:
Noah Masur
2025-02-15 20:26:14 -05:00
parent 2425c76a84
commit 617fc6cce2
36 changed files with 288 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
View File

@ -13,7 +13,7 @@
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.nmasur.presets.services.calibre-web;
libraryPath = "/data/books";
in
@ -58,7 +58,7 @@ in
services.cloudflare-dyndns.domains = [ hostnames.books ];
# Grant user access to Calibre directories
users.users.${config.user}.extraGroups = [ "calibre-web" ];
users.users.${username}.extraGroups = [ "calibre-web" ];
# Run a backup on a schedule
systemd.timers.calibre-backup = {

5
platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
View File

@ -25,6 +25,7 @@
# Set ca = "<public key>"
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.presets.services.cloudflared;
in
@ -74,7 +75,7 @@ in
# Must match the username portion of the email address in Cloudflare
# Access
"ssh/authorized_principals".text = ''
${config.user}
${username}
'';
};
@ -82,7 +83,7 @@ in
services.openssh.extraConfig = ''
PubkeyAuthentication yes
TrustedUserCAKeys /etc/ssh/ca.pub
Match User '${config.user}'
Match User '${username}'
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
# if there is no existing AuthenticationMethods
AuthenticationMethods publickey

4
platforms/nixos/modules/nmasur/presets/services/gitea.nix
View File

@ -6,7 +6,7 @@
}:
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.nmasur.presets.services.gitea;
giteaPath = "/var/lib/gitea"; # Default service directory
in
@ -59,7 +59,7 @@ in
extraConfig = null;
};
users.users.${config.user}.extraGroups = [ "gitea" ];
users.users.${username}.extraGroups = [ "gitea" ];
caddy.routes = [
# Prevent public access to Prometheus metrics.

6
platforms/nixos/modules/nmasur/presets/services/litestream.nix
View File

@ -14,17 +14,17 @@ in
endpoint = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 endpoint for Litestream backups";
# default = null;
default = "s3.us-west-002.backblazeb2.com";
};
bucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 bucket for Litestream backups";
# default = null;
default = "noahmasur-backup";
};
accessKeyId = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 access key ID for Litestream backups";
# default = null;
default = "0026b0e73b2e2c80000000005";
};
accessKeySecret = lib.mkOption {
type = lib.types.nullOr lib.types.path;

4
platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
View File

@ -6,7 +6,7 @@
}:
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.nmasur.presets.services.nextcloud;
in
{
@ -212,7 +212,7 @@ in
};
# Grant user access to Nextcloud directories
users.users.${config.user}.extraGroups = [ "nextcloud" ];
users.users.${username}.extraGroups = [ "nextcloud" ];
# Open to groups, allowing for backups
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770";

3
platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix
View File

@ -6,6 +6,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.presets.services.nix-autoupgrade;
in
@ -54,7 +55,7 @@ in
systemctl status $SERVICE_ID >> $TEMPFILE
set -e
${lib.getExe pkgs.msmtp} \
--file=${config.home-manager.users.${config.user}.xdg.configDir}/msmtp/config \
--file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \
--account=system \
${address} < $TEMPFILE
'';

3
platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix
View File

@ -6,6 +6,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.presets.services.notes-git-sync;
in
@ -27,7 +28,7 @@ in
Type = "oneshot";
ExecStartPre = "${lib.getExe pkgs.git} -C /data/git/notes reset --hard master";
ExecStart = "${lib.getExe pkgs.git} -C /data/git/notes pull";
WorkingDirectory = config.home-manager.users.${config.user}.home.homeDirectory;
WorkingDirectory = config.home-manager.users.${username}.home.homeDirectory;
Environment = "PATH=${pkgs.openssh}/bin";
};
};

7
platforms/nixos/modules/nmasur/presets/services/openssh.nix
View File

@ -7,6 +7,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.presets.services.openssh;
in
{
@ -16,7 +17,9 @@ in
publicKeys = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.str);
description = "Public SSH keys authorized for this system.";
default = null;
default = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
};
# permitRootLogin = lib.mkOption {
# type = lib.types.str;
@ -38,7 +41,7 @@ in
};
};
users.users.${config.user}.openssh.authorizedKeys.keys = lib.mkIf (
users.users.${username}.openssh.authorizedKeys.keys = lib.mkIf (
cfg.publicKeys != null
) cfg.publicKeys;

4
platforms/nixos/modules/nmasur/presets/services/paperless.nix
View File

@ -3,7 +3,7 @@
{ config, lib, ... }:
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.nmasur.presets.services.paperless;
in
{
@ -28,7 +28,7 @@ in
# Allow Nextcloud and user to see files
users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];
users.users.${config.user}.extraGroups = [ "paperless" ];
users.users.${username}.extraGroups = [ "paperless" ];
caddy.routes = [
{

3
platforms/nixos/modules/nmasur/presets/services/postgresql.nix
View File

@ -6,6 +6,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.presets.services.postgresql;
in
{
@ -23,7 +24,7 @@ in
identMap = ''
root postgres postgres
root root postgres
admin ${config.user} admin
admin ${username} admin
'';
ensureUsers = [
{

2
platforms/nixos/modules/nmasur/presets/services/restic.nix
View File

@ -21,7 +21,7 @@ in
bucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 bucket for Restic backups";
default = null;
default = "noahmasur-restic";
};
accessKeySecretPair = lib.mkOption {
type = lib.types.nullOr lib.types.path;

4
platforms/nixos/modules/nmasur/presets/services/transmission.nix
View File

@ -9,7 +9,7 @@
}:
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.nmasur.presets.services.transmission;
in
{
@ -34,7 +34,7 @@ in
rpc-authentication-required = true;
rpc-port = 9091;
rpc-bind-address = "0.0.0.0";
rpc-username = config.user;
rpc-username = username;
# This is a salted hash of the real password
# https://github.com/tomwijnroks/transmission-pwgen
rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW";

3
platforms/nixos/modules/nmasur/profiles/base.nix
View File

@ -6,6 +6,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.profiles.base;
in
@ -19,7 +20,7 @@ in
users.mutableUsers = lib.mkDefault false;
# Define a user account. Don't forget to set a password with passwd.
users.users.${config.user} = {
users.users.${username} = {
# Create a home directory for human user
isNormalUser = lib.mkDefault true;

3
platforms/nixos/modules/nmasur/profiles/gui.nix
View File

@ -6,6 +6,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.profiles.gui;
in
@ -53,7 +54,7 @@ in
hardware.i2c.enable = lib.mkDefault true;
# Grant main user access to external monitors
users.users.${config.user}.extraGroups = lib.mkDefault [ "i2c" ];
users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
services.xserver.displayManager = {

3
platforms/nixos/modules/nmasur/profiles/shared-media.nix
View File

@ -5,6 +5,7 @@
}:
let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.profiles.shared-media;
in
@ -18,7 +19,7 @@ in
users.groups.shared = { };
# Give the human user access to the shared group
users.users.${config.user}.extraGroups = [ config.users.groups.shared.name ];
users.users.${username}.extraGroups = [ config.users.groups.shared.name ];
};
}

2
platforms/nixos/modules/nmasur/settings.nix
View File

@ -10,7 +10,7 @@
type = lib.types.str;
description = "Human readable name of the user";
};
options.hostnames = lib.mkOption {
hostnames = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Map of service names to FQDNs";
default = { };

4
platforms/nixos/modules/services/filebrowser.nix
View File

@ -5,7 +5,7 @@
...
}:
let
inherit (config.nmasur.settings) hostnames;
inherit (config.nmasur.settings) hostnames username;
cfg = config.services.filebrowser;
dataDir = "/var/lib/filebrowser";
@ -18,7 +18,7 @@ let
database = "${dataDir}/filebrowser.db";
root = "";
"auth.method" = "json";
username = config.user;
username = username;
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
};

1
platforms/nixos/modules/services/identity.nix
View File

@ -9,6 +9,7 @@ in
enable = lib.mkEnableOption "Wait for identity file oneshot";
identityFile = lib.mkOption {
type = lib.types.path;
default = config.identityFile;
};
};