diff --git a/flake.lock b/flake.lock index cdd1e41..37ee5d5 100755 --- a/flake.lock +++ b/flake.lock @@ -343,6 +343,26 @@ "type": "github" } }, + "nix-secrets": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738161919, + "narHash": "sha256-EKyY5XwFmgkEYElZEpNGEl6UsJO4jYvqtzZYtQPvD18=", + "owner": "tuxdotrs", + "repo": "nix-secrets", + "rev": "5f6314b52859812eb877b54ddf158098cf21c8c0", + "type": "github" + }, + "original": { + "owner": "tuxdotrs", + "repo": "nix-secrets", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_3", @@ -662,6 +682,7 @@ "ghostty": "ghostty", "home-manager": "home-manager", "impermanence": "impermanence", + "nix-secrets": "nix-secrets", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", diff --git a/flake.nix b/flake.nix index dad412c..98dc605 100755 --- a/flake.nix +++ b/flake.nix @@ -86,6 +86,10 @@ url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-secrets = { + url = "github:tuxdotrs/nix-secrets"; + inputs.nixpkgs.follows = "nixpkgs"; + }; ghostty.url = "github:ghostty-org/ghostty"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixpkgs-f2k.url = "github:moni-dz/nixpkgs-f2k"; diff --git a/hosts/alpha/default.nix b/hosts/alpha/default.nix index c663428..ac432db 100644 --- a/hosts/alpha/default.nix +++ b/hosts/alpha/default.nix @@ -3,12 +3,14 @@ username, config, email, + inputs, ... }: { imports = [ ./hardware.nix ../common ../../modules/nixos/uptime-kuma.nix + ../../modules/nixos/upstream-proxy.nix ]; sops.secrets = { @@ -64,6 +66,11 @@ users.users.nginx.extraGroups = ["acme"]; + tux.services.nginxStreamProxy = { + enable = true; + upstreamServers = inputs.nix-secrets.proxy-servers; + }; + services = { nginx = { recommendedGzipSettings = true;