claude'd better security things

2025-10-17 19:35:58 -04:00
parent 9e35448f04
commit f9515dd160
34 changed files with 327 additions and 144 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -47,6 +47,11 @@
      url = "github:nix-community/impermanence";
    };

+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    senior_project-website = {
      url = "github:Titaniumtown/senior-project-website";
      flake = false;
@@ -76,6 +81,7 @@
      srvos,
      deploy-rs,
      impermanence,
+      agenix,
      ...
    }@inputs:
    let
@@ -97,7 +103,6 @@
          jellyfin = 8096; # no services.jellyfin option for this
          torrent = 6011;
          bitmagnet = 3333;
-          owntracks = 3825;
          gitea = 2283;
          immich = 2284;
          soulseek_web = 5030;
@@ -110,7 +115,6 @@
          certs = services_dir + "/http_certs";
          domain = "gardling.com";
          wg_ip = "192.168.15.1";
-          matrix_hostname = "matrix.${service_configs.https.domain}";
        };

        gitea = {
@@ -142,10 +146,6 @@
          cacheDir = services_dir + "/jellyfin_cache";
        };

-        owntracks = {
-          data_dir = services_dir + "/owntracks";
-        };
-
        slskd = rec {
          base = "/var/lib/slskd";
          downloads = base + "/downloads";
@@ -221,6 +221,8 @@

          lanzaboote.nixosModules.lanzaboote

+          agenix.nixosModules.default
+
          home-manager.nixosModules.home-manager
          (
            {