From 9776145fc444bea2729efe8ee104b41b0ffe3f38 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Mon, 9 Mar 2026 18:51:40 -0700 Subject: add descriptions to everything; checkpoint --- config/nix.org | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) (limited to 'config/nix.org') diff --git a/config/nix.org b/config/nix.org index e131016..a32c14d 100644 --- a/config/nix.org +++ b/config/nix.org @@ -584,6 +584,13 @@ largely self-documenting. description = "Linux timezone"; }; + ntfySecret = lib.mkOption { + type = lib.types.str; + default = "ntfy"; + example = "ntfy-env"; + description = "Name of Ntfy secret for notification handling"; + }; + monitors = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ @@ -708,6 +715,7 @@ to relevant places. content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; }; + "matterbridge" = { owner = "matterbridge"; content = '' @@ -772,15 +780,19 @@ to relevant places. znc = { format = "yaml"; }; + znc_password_salt = { format = "yaml"; }; + znc_password_hash = { format = "yaml"; }; + matrix_bridge = { format = "yaml"; }; + mail_password = { format = "yaml"; owner = "maddy"; @@ -794,12 +806,15 @@ to relevant places. mautrix_env = { format = "yaml"; }; + telegram_token = { format = "yaml"; }; + discord_token = { format = "yaml"; }; + mpd_password = { format = "yaml"; owner = "nginx"; @@ -1585,12 +1600,13 @@ I want to have notifications on my phone, and run my own server to do this. let serverName = "ntfy.${config.monorepo.vars.remoteHost}"; port = 2586; - ntfySecret = "ntfy"; + ntfySecret = config.monorepo.vars.ntfySecret; in { sops.secrets."${ntfySecret}" = lib.mkIf config.services.ntfy-sh.enable { format = "yaml"; owner = "ntfy-sh"; + sopsFile = ../secrets/common_secrets.yaml; }; services.ntfy-sh = { @@ -1673,6 +1689,7 @@ to the outside world under a domain. user = "nginx"; recommendedGzipSettings = true; recommendedOptimisation = true; + recommendedBrotliSettings = true; recommendedTlsSettings = true; recommendedProxySettings = false; virtualHosts = { @@ -1682,6 +1699,18 @@ to the outside world under a domain. root = "${monorepoSelf.packages.${pkgs.system}.website}"; addSSL = true; enableACME = true; + locations."/" = { + extraConfig = '' + add_header Cache-Control "no-cache, must-revalidate"; + expires off; + ''; + }; + locations."~* \\.(?:woff2|ttf|otf|eot|woff|ico|css|js|gif|jpe?g|png|svg|mp3|mp4|iso|webmanifest)$" = { + extraConfig = '' + add_header Cache-Control "public, max-age=31536000, immutable"; + access_log off; + ''; + }; }; # the port comes from ssh tunnelling @@ -3243,6 +3272,12 @@ These are some secrets that I use regularly for my programs in home. format = "yaml"; path = "${config.sops.defaultSymlinkPath}/dn42"; }; + + ntfy = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/${super.monorepo.vars.ntfySecret}"; + sopsFile = ../../secrets/common_secrets.yaml; + }; } else { }; defaultSymlinkPath = "/run/user/1000/secrets"; @@ -4892,8 +4927,6 @@ This contains the installation script I use to install my systems. }; }; - users.extraUsers.root.password = "nixos"; - users.extraUsers.nixos.password = "nixos"; users.users = { root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" -- cgit v1.3