Superredstone/nixos
1
0
Fork 0
mirror of https://github.com/Superredstone/nixos.git synced 2026-06-17 15:24:39 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Superredstone/nixos:cfb389024c15a2e25c2c2e8ae40bc8369b02cf08
Branches Tags
Superredstone/nixos:main
..
compare: Superredstone/nixos:06467e4d877b77c488847a3ed15ab9895722a35e
Branches Tags
Superredstone/nixos:main

4 Commits
cfb389024c .. 06467e4d87

Author SHA1 Message Date
Superredstone 06467e4d87 feat(secret): add bomba specific secrets 2026-03-13 09:17:14 +01:00
Superredstone 9d655192ad chore(bomba): replace single port forward with range forward 2026-03-13 08:46:42 +01:00
Superredstone 7c1c0705d0 feat(service): add vaultwarden 2026-03-13 08:45:34 +01:00
Superredstone 4913a2dc65 feat(bomba): open port 80/udp, 443/udp and remove 5900/tcp 2026-03-13 08:03:00 +01:00
7 changed files with 55 additions and 7 deletions
Expand all files Collapse all files
.sops.yaml
+5 -1
View File
@@ -2,8 +2,12 @@ keys:
- &katana age18ujjw92tm6vpcpgqqky7dzg3yvzm9nytgzeptkfhtz5jhdskcdpsgmv0vs
- &bomba age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/default.sops.yaml
key_groups:
- age:
- *katana
- *bomba
- path_regex: secrets/bomba.sops.yaml
key_groups:
- age:
- *bomba
machines/bomba/default.nix
+1
View File
@@ -4,6 +4,7 @@
./configuration.nix
./hardware.nix
./networking.nix
./secrets.nix
./services
./virtualisation.nix
];
machines/bomba/networking.nix
+12 -3
View File
@@ -5,10 +5,19 @@
firewall = {
allowedTCPPorts = [
22
5900
8001
80
443
];
allowedTCPPortRanges = [
{
from = 8001;
to = 8005;
}
];
allowedUDPPorts = [
80
443
];
allowedUDPPorts = [ ];
enable = true;
};
};
machines/bomba/secrets.nix
+6
View File
@@ -0,0 +1,6 @@
{ ... }:
{
sops.secrets = {
nextcloud_password.sopsFile = ../../secrets/bomba.sops.yaml;
};
}
machines/bomba/services/default.nix
+1
View File
@@ -3,6 +3,7 @@
imports = [
./gitea.nix
./octoprint.nix
./vaultwarden.nix
];
services.openssh.enable = true;
machines/bomba/services/vaultwarden.nix
+11
View File
@@ -0,0 +1,11 @@
{ ... }:
{
services.vaultwarden = {
enable = true;
domain = "vaultwarden.patrickcanal.it";
config = {
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8003;
};
};
}
secrets/bomba.sops.yaml
+16
View File
@@ -0,0 +1,16 @@
nextcloud_password: ENC[AES256_GCM,data:lMavQvl4grki9c5AgaKE8Q==,iv:jJ0/Wka5/2TBD4C739HBeiVzxujWC4WL6FDLqov6FVA=,tag:1skCLwSr6VSzZWthtzaxwg==,type:str]
sops:
age:
- recipient: age1ynu6zhhy84rr5xqce0flp25x5tnfgskesxfe39u7ewsk900fvagq9sq0lx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOC9xeExzN2VzT2NmZS9I
TEVxamNYOWZDWUJvYnpjL2JpMHJRbTlOV1Y4CmFGaXhEd0pRWU1tRTBMdDVPU2Fr
RVRrNkpCa3VNUWd0dzFDR004M005d1kKLS0tIDUxSUYzTkJLK3Y0dVNkVGNqTmxT
YjVvSDV1TGExYUJGUk00MTF4bXNFVTQKG/GueSmnuA23L42X6AvAWZgBbJuCGLw1
ZQ17gIIOjhKHlGx8Lo5t/PekzFyQKCKdijS7caq74dVib1vO3tk+uQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-13T07:59:07Z"
mac: ENC[AES256_GCM,data:xJWtKkpQuAPXcToLfWuEshInHIBG59uKoQAh3+SmKu/UAkvMDNywMZbBhrxn/cF/xo8TKkaPxd4luXsdw+Z0YvVezn43jKNyXsIrUNtd5hMlE4hbAuAf/ifb3t2AVg1s/R6GZWMZvc0rmSePTWyowHgceaxTqHPr6vvHEVHt0oM=,iv:UXYUS/sn1+TcUOAWAQC1y+TtDIayNez6ssYh+Qt5AmI=,tag:YgWujpGrzwtjnEsLoKm3ig==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1