cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cschmatzler:c75404cd443d74e1b01c8c9d2408ec4c78d3b1b1
Branches Tags
cschmatzler:master
cschmatzler:test
..
compare: cschmatzler:8fb947095ee39d5361a5dac8c74534c1da3f9d52
Branches Tags
cschmatzler:master
cschmatzler:test

2 Commits
c75404cd44 ... 8fb947095e

Author SHA1 Message Date
Christoph Schmatzler
8fb947095e litestream 2025-12-17 16:11:37 +00:00
Christoph Schmatzler
1550dac942 deslop 2025-12-17 16:11:37 +00:00
6 changed files with 104 additions and 9 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -1,9 +1,11 @@
keys:
- &host_tahani age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm
- &host_jason age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2
- &host_michael age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j
creation_rules:
- path_regex: secrets/[^/]+$
key_groups:
- age:
- *host_tahani
- *host_jason
- *host_michael

8
hosts/michael/default.nix
View File

@@ -17,8 +17,16 @@
../../profiles/gitea.nix
../../profiles/nixos.nix
inputs.disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops
];
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets.litestream = {
sopsFile = ../../secrets/michael-litestream;
format = "binary";
};
home-manager.users.${user} = {
pkgs,
lib,

45
profiles/gitea.nix
View File

@@ -1,4 +1,4 @@
{...}: {
{pkgs, ...}: {
networking.firewall.allowedTCPPorts = [80 443];
services.gitea = {
@@ -25,6 +25,49 @@
};
};
users.users.litestream.extraGroups = ["gitea"];
systemd.services.gitea.serviceConfig.ExecStartPost =
"+"
+ pkgs.writeShellScript "grant-gitea-permissions" ''
timeout=10
while [ ! -f /var/lib/gitea/data/gitea.db ];
do
if [ "$timeout" == 0 ]; then
echo "ERROR: Timeout while waiting for /var/lib/gitea/data/gitea.db."
exit 1
fi
sleep 1
((timeout--))
done
find /var/lib/gitea -type d -exec chmod -v 775 {} \;
find /var/lib/gitea -type f -exec chmod -v 660 {} \;
'';
services.litestream = {
enable = true;
environmentFile = "/run/secrets/litestream";
settings = {
dbs = [
{
path = "/var/lib/gitea/data/gitea.db";
replicas = [
{
type = "s3";
bucket = "gitea-litestream";
path = "gitea";
endpoint = "s3.eu-central-003.backblazeb2.com";
}
];
}
];
};
};
services.caddy = {
enable = true;
virtualHosts."git.schmatzler.com".extraConfig = ''

17
profiles/neovim/plugins/jj-diffconflicts.nix
View File

@@ -1,13 +1,14 @@
{pkgs, ...}: {
programs.nixvim.extraPlugins = [
(pkgs.vimUtils.buildVimPlugin {
name = "jj-diffconflicts";
src = pkgs.fetchFromGitHub {
owner = "rafikdraoui";
repo = "jj-diffconflicts";
rev = "main";
hash = "sha256-FXsLSYy+eli8VArUL8ZOiPtyOk4Q8TUYwobEefZPRII=";
};
})
name = "jj-diffconflicts";
src =
pkgs.fetchFromGitHub {
owner = "rafikdraoui";
repo = "jj-diffconflicts";
rev = "main";
hash = "sha256-FXsLSYy+eli8VArUL8ZOiPtyOk4Q8TUYwobEefZPRII=";
};
})
];
}

19
profiles/opencode.nix
View File

@@ -18,6 +18,25 @@
disabled = true;
};
};
command = {
deslop = {
description = "Remove AI code slop";
template = ''
Check the diff against main/master, and remove all AI generated slop introduced in this branch.
Use jj if available, otherwise git.
This includes:
- Extra comments that a human wouldn't add or is inconsistent with the rest of the file
- Extra defensive checks or try/catch blocks that are abnormal for that area of the codebase (especially if called by trusted / validated codepaths)
- Casts to any to get around type issues
- Any other style that is inconsistent with the file
- Unnecessary emoji usage
Report at the end with only a 1-3 sentence summary of what you changed
'';
};
};
};
};
home.sessionVariables = {

22
secrets/michael-litestream Normal file
View File

@@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:YrqKBq2eIlYQcXZJ660/IPDULjudhjuBVYY9y7rIIFLwuL2n7ZxgdyRu/tBuK6RpAjZJKvXLC3dCMzhFfopUUxLXYrG6PTTfdnax2snSD8x7Ph4IRPbOKqM+iyP5nREs4G6hEWe7Pl9VT4oTWQ255g==,iv:sswA9TNXE+8X53xHMwQ6Kq1tl1LAccsyxe22D8sYOUc=,tag:Tu0m6pkn1DFDuDoYfrHxsQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6R0IxNFdXSVBnN3ZXSzhM\nZlN0VmFtWFZTdlkzczYwT3dHbWtXc0RXWHo4CnZHRHpxbktTa3lSSkREaTloeVNG\nSkRVMUVKRFlLbXltUUhkd0phNmovQWsKLS0tIHpGTW1SMFRldC82SWdvcHFGWVJK\nOCtDRTBXWVZINFBXMlBXUDhNSDh6MFEKZ74DWHnvRB9gLyT3fqHNdb2VKdUO8QfF\nVoa0aQCOUdUOYiRtR0SKhWRNU2Z55hqRY3En2AEUIQCt670MNNrMCw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeFFDYUo4MXNBWUFTMkxE\nNEVFdDVOY3dYTW05VzZNcERHMUhQaHdsUmtjCitML2Mwd05KMC9meEhYR1l1NG9H\nUjdjYlhveTVJQ3JNS0p2MUV5OHNqYW8KLS0tIHEweGNyUkRpRldmZ2V5ZU9Dak5q\nV2JpSWNsZzBGRDdNa3lVUG5RcXZPT0UKtrbYWaxinIbQjopdgS9/MFyQn0RZ7XR7\nZPw018jJXySoitrX8nwTT7IovajLgfR5bA8aUlD9aAQN0BPL8qfOCQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1BwRndudWFWVDQ3L29C\nenNlR0JtOTZxK2JLSzl2QUZCemdZZmpnM3ljCjVzZm9nSU5YTmF2OFR2Zk02bEpk\nV2lablBsTzJYbEZHdnE4UDRtd0pScVkKLS0tIHUrNHVYUVpIeEJvZ3hNb0tySitP\nU3U0SldXYURmOUdCVDk0c3NYQmpzcXcKJU/c0Qhx0j8KP0G8YlFzAu7dBmvoQmU8\nAqNNEszD23uB575CxIDK1Bf7fte9DvKU7ZxFX25CyZLR3X2xfcHh7w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-17T16:09:07Z",
"mac": "ENC[AES256_GCM,data:iH1rpteK1WaO1OREm5Ze1Gy00u67KFKIQZwqjIJFhmy8CHOsG45ExltkIb41kM+zPE8ofxy3PGBvrqbMTtAh5rM676VMpRPQtTSt5uRHBJ+5uJBlIY/CRcOPkuT3TZRj2/zoNM0nzBsuOjuM7vpp0FDOlR6OaaB73HopfMemlh4=,iv:Uvw1UQtIHMq4mm5I62p23pt20D9kRfYe8ixBbXYAK0k=,tag:Vpdlr7PZZRPNiLVqGRZQpA==,type:str]",
"version": "3.11.0"
}
}