diff --git a/configurations/nixos/pureintent/default.nix b/configurations/nixos/pureintent/default.nix index 0568ed2..8b8425a 100644 --- a/configurations/nixos/pureintent/default.nix +++ b/configurations/nixos/pureintent/default.nix @@ -12,6 +12,7 @@ in imports = [ self.nixosModules.default ./configuration.nix + (self + /modules/nixos/linux/beszel.nix) ]; users.users.${flake.config.me.username}.linger = true; @@ -36,6 +37,11 @@ in ]; nix.settings.sandbox = "relaxed"; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; zramSwap.enable = true; swapDevices = [{ @@ -43,6 +49,11 @@ in size = 32 * 1024; # 32GB in megabytes }]; + services.glances = { + enable = true; + openFirewall = true; + }; + services.openssh.enable = true; services.tailscale.enable = true; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos/linux/beszel.nix b/modules/nixos/linux/beszel.nix new file mode 100644 index 0000000..f3edc5c --- /dev/null +++ b/modules/nixos/linux/beszel.nix @@ -0,0 +1,25 @@ +# Beszel monitoring - local-only setup (hub + agent on same machine) +# +# Secret file (beszel-agent-key.age) should contain: +# KEY=ssh-ed25519 AAAA... +# Get the KEY from beszel hub web UI (http://localhost:8090) when adding a system. +{ flake, config, ... }: + +let + inherit (flake.inputs) self; +in +{ + age.secrets."beszel-agent-key.age".file = self + /secrets/beszel-agent-key.age; + + services.beszel = { + hub = { + enable = true; + host = "0.0.0.0"; + port = 8090; + }; + agent = { + enable = true; + environmentFile = config.age.secrets."beszel-agent-key.age".path; + }; + }; +} diff --git a/secrets/beszel-agent-key.age b/secrets/beszel-agent-key.age new file mode 100644 index 0000000..75d32bf Binary files /dev/null and b/secrets/beszel-agent-key.age differ diff --git a/secrets/github-nix-ci/emaletter.token.age b/secrets/github-nix-ci/emaletter.token.age index ed919e2..63a00c2 100644 Binary files a/secrets/github-nix-ci/emaletter.token.age and b/secrets/github-nix-ci/emaletter.token.age differ diff --git a/secrets/github-nix-ci/srid.token.age b/secrets/github-nix-ci/srid.token.age index 27cbc8e..3f97bc9 100644 --- a/secrets/github-nix-ci/srid.token.age +++ b/secrets/github-nix-ci/srid.token.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ V6z62p+pW3kgBssNzyKXgeSkg1Wd8RL6G1UrumXTIWY -Ct4rp8A1Gg9ExzUyE63JgzgHD5aaeqakZ6ROAPm/XRE --> ssh-ed25519 It7HZQ +Hfd+DFL1cxlRFHSfLC2iiEbQ52cir2KgsIAQsgWLj8 -pCD9VDE0GWsr23NRHRCmiZJDrdNN3zKJFY6zNTpzPqg --> ssh-ed25519 Ysxvmg NzAhvPK21VdhfbEAD5Fk9VSqqeKjE8n5T9yurBeGohs -qRZzel60SENc1ewUbubi48zRyhxbpGK85Y2j871YPwY ---- R2HwRQqDwwfnDYltxQsw+s8fhBHhXVY+t93Uwh4PNYw -/ݹ{?b^i#W -as}ȭj -p$'DA@62O<0D2c@Ҧ) 7^?娨lV05Xe8 \ No newline at end of file +-> ssh-ed25519 96IXNQ mx7/eE4DEfCt9BxsJnthcGnR/OO+25hm4yryO/TZvGc ++TiFwUdsSm5CP9APEDnNZ2m6NSHk87WwpNv1fGrRzP0 +-> ssh-ed25519 It7HZQ TjB6x48XJJJCw0fd/EPLhsgPHSxT27YcoVBcMP7z7TQ +9sMA8uDJlrq0X1Cw/OTQlRGLKCGj9A4BMckCVydoQEU +-> ssh-ed25519 96tIZg BiOqFUjYKDibqjlwZMzno6rWR9Slwjrj761Izu3aIHk +umsE6YUJVagwI6AiOtPQhTuLTdWZHPxIEU3VhDM6f3o +--- rnVRzKjo30T3lQ/4ZUjvV5cTCInwNsFsettECi26aT4 +%O$Txdk\֤lh;_ey lY&,L#.S ӂZAH?=&Q$ dz<~B(grsV 3 \ No newline at end of file diff --git a/secrets/gmail-app-password.age b/secrets/gmail-app-password.age index 1361e70..4a16bda 100644 Binary files a/secrets/gmail-app-password.age and b/secrets/gmail-app-password.age differ diff --git a/secrets/hackage-password.age b/secrets/hackage-password.age index 38baab8..7eae97d 100644 --- a/secrets/hackage-password.age +++ b/secrets/hackage-password.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ nHWK3DGvD5svfKFD/QiyGUyE94MfiIAGvwtowQfB8CE -HKw+5SB99G+BVO1t6dggH+LFfjWSExUXaPA6TgbXkjo --> ssh-ed25519 It7HZQ tN1niOfw1WOTti0NAg9IlBSnAkTGloTE5dZGJ3rdXR0 -xw9DqdaqI3o0JuXslaOWcHwN4eLqz4g/lzQPmqZIpLU --> ssh-ed25519 Ysxvmg K7Taxefo/m7ObS0f62lowOnSNkN4kRO51A68N9tFmGM -sOEEjMpzH2CPwnmk7X5fbLKJ3Yw/Tr2P33UHM676y8A ---- FrVEGbyKNFknaLXq05sb5gD7cZqPv+UZUcuD+sj/SPA -cĊx=wj@[ -y}h8#M .N)D+ \ No newline at end of file +-> ssh-ed25519 96IXNQ HmkQjnB89LYi1B9uuKijjY+2rbasHwwjwCepD13ki1Y +79ieKetZcWLKMB7QpalExQ8JUksNM4TM/UzACoJzL88 +-> ssh-ed25519 It7HZQ CpSuqMO/s9X2gBccHbWD4h40O2WSfaXlXRlZlUum6Uc +TMhDOLjCz/UpOgMAtf0vBih2uEZnBz2VkGqaOD+4Xtk +-> ssh-ed25519 96tIZg Op6i6DAXYghLEBDGR4VXmfPgnDoA7c96jE6jRv9GcWA +s/FbEOowcWHLuH/3mmONgADTsfU7b8gniLgvXkHQ+yg +--- xFxBJUQOZ88Z5f+vIPb0LGWDSyYjUWEk4faoVAob/x0 +p_uR^`lK. +^:.wty۠9i$*!;? \ No newline at end of file diff --git a/secrets/hedgedoc.env.age b/secrets/hedgedoc.env.age index a85ba60..ed0eaf4 100644 Binary files a/secrets/hedgedoc.env.age and b/secrets/hedgedoc.env.age differ diff --git a/secrets/juspay-anthropic-api-key.age b/secrets/juspay-anthropic-api-key.age index 24a4a45..8e38d41 100644 --- a/secrets/juspay-anthropic-api-key.age +++ b/secrets/juspay-anthropic-api-key.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ y9xfS/LgeA97ofunk5sm6a9yPMTQXoiqKzhSQ5xFJxM -Jj2xw854u6AsRXHaHl50D40Hpct9mBRD5vusndtWlRU --> ssh-ed25519 It7HZQ Ac3LWqNFln9fK7aYeqmG8yQfDl5nG0H8J4fCfk13xFE -7A9aSpzne7sFYLzQusalxg5d/fyM2/kwEJxZ7rCEJ6c --> ssh-ed25519 Ysxvmg pK+ZzeQpLoA0tvTbcOK4lmU111XN0h0U0/k6n3oj9X0 -ubUmOeCFczTjKgnzxA3ePnWb0WH8YKcI+WCJWUfcmEo ---- cuWCm/u/ZHJxHTvKFujn9RvQM90gCkjnGcWm1azYBGc - ssh-ed25519 96IXNQ htUePAVPstdIelYURI4fLB3p2rbQl/oVgdymtOnikjQ +pnEPOw7C17qEL5GLbSOUzhTS+TQjPKt8yn6DZnW93r0 +-> ssh-ed25519 It7HZQ VhHvmCe0xXx/aINQZZdGyfuQdAowuX6zrh+d6IzNqgQ +wDugkAqRt/Sbej2UTpIpjvitYk1WON4DuVecQqsQMP8 +-> ssh-ed25519 96tIZg LcgBZtB1BCjjWQVOQcCsOkRBTyi5HF88l1vLSdSyRVU +YC+uduqOuAAtlrFlLeSuaNzQC/OL9XW8vcjp8WKOKhY +--- pupMpTgDxQAt6CcB99LwNArx0wyxZGDu/ehh1Mikppk +߱#ؔb)HQ.v%Ef 10@Ga^DIhO/ \ No newline at end of file diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age index 8c4004e..f48eef7 100644 --- a/secrets/pureintent-basic-auth.age +++ b/secrets/pureintent-basic-auth.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ 2fAb4UaMDzIvV6al6FJhaLubphtiSuCpVOaeN+HwGVo -bP/J1UYVBhjV2aquWSsTytU19R76+9Vlof5/V9CUBZU --> ssh-ed25519 It7HZQ /UlpuPliwqF04HPG87ldFPCjxWim6EuCxUUax8h51TQ -rbQBDdCtd1N2IEuCSZeeusVtkogL3MOr0Mxue/Gwiso --> ssh-ed25519 Ysxvmg A81MyiFDefSbX6u7p4bN9vCREgGcp/frzguX1uwXYVM -KiicSyou3NiK9znW2/MEJi3ElLfsqkCLfMuPbqTLoJs ---- ArMgx+hzGLdzksx0CEXhb7N//pSq+ovYS/SPS3mQBcs -bQ A[iz/%VAEx.bZMIsҨ1Teq̦S,Jӭ2S(T6FkD.QR[ \ No newline at end of file +-> ssh-ed25519 96IXNQ d7wXeB4PTqliQUEgQxysva34qimZh8Fw3YimMmmCqkw +taOzZDVk2k7GYUo91uMfgGxU2+aWn8AWDMhnonD9Dy8 +-> ssh-ed25519 It7HZQ 8jeI9aR89Bn5xmypNz2jYsAB/vCjCssh4+TEHEqtDX0 +vmG3sL20z8lpXSM44At/HiBEiMd3FLlZ4rVFFEJu0j4 +-> ssh-ed25519 96tIZg ICbhKedcqc21jBVGnd3MkRFrQ2UaE1VsHAWQnV2+oxc +IkPX7iYYUpt+MMkmOe4DeGy5DXcMzFjylxVliuyzeas +--- XUds2rgdSivHfQmQ30q3Olz4ky9F4KU1gH8S83ooz1w +My59j0|ct9.Jŵa upk#'IQu6XY U j"[)5[Ê8HK$'J \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3d35497..556952e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,7 +6,7 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYQQXPMHYBtRcPzSkjQ3oqyje8T4UlCpbr6XjrlzzlK srid@zest" ]; - pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos"; + pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUzYd7ys2gzx0Zu7yZDjZaRdUHDZIVahyVgaU2w2Ms8 root@nixos"; systems = [ pureintent ]; @@ -19,4 +19,5 @@ in "gmail-app-password.age".publicKeys = users ++ systems; "hackage-password.age".publicKeys = users ++ systems; "juspay-anthropic-api-key.age".publicKeys = users ++ systems; + "beszel-agent-key.age".publicKeys = users ++ systems; }