From dc8b13736b434ce509994f886d753ef4651f443d Mon Sep 17 00:00:00 2001
From: Jermeiah S <owner@arouzing.xyz>
Date: Thu, 19 Jun 2025 14:38:06 -0400
Subject: [PATCH 1/2] init: uptime-kuma

---
 .../nixos/observer-tofu/default.nix           | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 configurations/nixos/observer-tofu/default.nix

diff --git a/configurations/nixos/observer-tofu/default.nix b/configurations/nixos/observer-tofu/default.nix
new file mode 100644
index 0000000..02e7012
--- /dev/null
+++ b/configurations/nixos/observer-tofu/default.nix
@@ -0,0 +1,41 @@
+{
+  flake,
+  modulesPath,
+  # config,
+  ...
+}:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  imports = [
+    self.nixosModules.default
+    "${modulesPath}/virtualisation/lxc-container.nix"
+  ];
+  services = {
+    tty-ips.enable = true;
+    uptime-kuma = {
+      enable = true;
+      settings = {
+        DATA_DIR = "/var/lib/uptime-kuma/";
+        UPTIME_KUMA_HOST = "127.0.0.1";
+        PORT = "3001";
+      };
+    };
+  };
+  networking = {
+    firewall.enable = false;
+    yggdrasil = {
+      enable = true;
+      AllowedPublicKeys = [
+        "d0e265fcf663451ae9bc048dc1297749819ce9d48042a986f2866c15a779a074"
+      ];
+    };
+    hostName = "observer-tofu";
+  };
+  environment.systemPackages = [
+  ];
+  system.stateVersion = "25.05";
+}

From 62c440f78a092b434e7325a8236e2fbb5d9b801c Mon Sep 17 00:00:00 2001
From: Jermeiah S <owner@arouzing.xyz>
Date: Thu, 19 Jun 2025 15:06:00 -0400
Subject: [PATCH 2/2] fix: isolate secret

---
 configurations/nixos/tofu/default.nix | 8 ++++++++
 modules/nixos/common/sops.nix         | 8 +-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/configurations/nixos/tofu/default.nix b/configurations/nixos/tofu/default.nix
index d915261..74ecfbd 100644
--- a/configurations/nixos/tofu/default.nix
+++ b/configurations/nixos/tofu/default.nix
@@ -16,6 +16,14 @@ in
     self.nixosModules.default
     "${modulesPath}/virtualisation/lxc-container.nix"
   ];
+  sops.secrets = {
+    otfenv = {
+      owner = "otf";
+      group = "otf";
+      mode = "0550";
+    };
+  };
+
   services = {
     tty-ips.enable = true;
     otf = {
diff --git a/modules/nixos/common/sops.nix b/modules/nixos/common/sops.nix
index b63d766..b55e309 100644
--- a/modules/nixos/common/sops.nix
+++ b/modules/nixos/common/sops.nix
@@ -11,12 +11,6 @@
   ];
   sops = {
     defaultSopsFile = ../../../secrets.yaml;
-    secrets = {
-      otfenv = {
-        owner = "otf";
-        group = "otf";
-        mode = "0550";
-      };
-    };
+
   };
 }