From 71db8af1cf7914eb9667a7906131b9b16f9aa976 Mon Sep 17 00:00:00 2001 From: min Date: Mon, 20 Jan 2025 16:00:10 -0500 Subject: [PATCH] Read full commit * disable eidola because it broke lol * move vaultwarden to silver * remove min.rip homepage * swap ssh key --- flake.lock | 80 ++++++++----------- flake.nix | 7 +- nixos/hosts/default.nix | 2 +- nixos/hosts/eidola/services/default.nix | 1 - nixos/hosts/eidola/services/vaultwarden.nix | 18 ----- nixos/hosts/silver/mounts.nix | 1 + nixos/hosts/silver/services/default.nix | 3 +- nixos/hosts/silver/services/min-rip.nix | 6 +- .../silver/services/shim-vaultwarden.nix | 14 ---- nixos/hosts/silver/services/vaultwarden.nix | 27 +++++++ nixos/keys/ssh.nix | 2 +- 11 files changed, 68 insertions(+), 93 deletions(-) delete mode 100644 nixos/hosts/eidola/services/vaultwarden.nix delete mode 100644 nixos/hosts/silver/services/shim-vaultwarden.nix create mode 100644 nixos/hosts/silver/services/vaultwarden.nix diff --git a/flake.lock b/flake.lock index 4d30514..5b04fe4 100644 --- a/flake.lock +++ b/flake.lock @@ -9,26 +9,27 @@ ] }, "locked": { - "lastModified": 1729402974, - "narHash": "sha256-tKKWVI7QQmuc9QGluSpogo90MqIInZZ5gOdEv8YoIs0=", - "ref": "refs/heads/main", - "rev": "2e65f3744bb745cff0c329e7fbbdbae7d66054ec", - "revCount": 62, + "lastModified": 1736812363, + "narHash": "sha256-vs6tf4F4LVMDw4nsXkVFMSNC8RAbS7mRxbBscfE/mts=", + "ref": "jemalloc", + "rev": "015aee89b8519ce94a603d5cd58f1c54ec3ac718", + "revCount": 67, "type": "git", "url": "https://git.min.rip/min/breeze.git" }, "original": { + "ref": "jemalloc", "type": "git", "url": "https://git.min.rip/min/breeze.git" } }, "crane": { "locked": { - "lastModified": 1725409566, - "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", + "lastModified": 1734808813, + "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=", "owner": "ipetkov", "repo": "crane", - "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c", + "rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926", "type": "github" }, "original": { @@ -66,11 +67,11 @@ ] }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-OIitVU+IstPbX/NWn2jLF+/sT9dVKcO2FKeRAzlyX6c=", + "lastModified": 1736199437, + "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=", "owner": "nix-community", "repo": "disko", - "rev": "d32f2d1750d61a476a236526b725ec5a32e16342", + "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf", "type": "github" }, "original": { @@ -100,11 +101,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -118,11 +119,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -133,11 +134,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734200366, - "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -146,48 +147,32 @@ "type": "github" } }, - "min-rip": { - "flake": false, - "locked": { - "lastModified": 1733968933, - "narHash": "sha256-sM4W6aZDgoyWkXjgE+UXRwGdfrMFDRPRliZs7CTc4rw=", - "ref": "refs/heads/main", - "rev": "8b5c3a8ef205e82a5414cac4d9fb6c17276b71ae", - "revCount": 36, - "type": "git", - "url": "ssh://git@git.min.rip/min/min.rip.git" - }, - "original": { - "type": "git", - "url": "ssh://git@git.min.rip/min/min.rip.git" - } - }, "nixpkgs": { "locked": { - "lastModified": 1734017764, - "narHash": "sha256-msOfmyJSjAHgIygI/JD0Ae3JsDv4rT54Nlfr5t6MQMQ=", + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64e9404f308e0f0a0d8cdd7c358f74e34802494b", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1733096140, - "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "root": { @@ -197,7 +182,6 @@ "disko": "disko", "flake-parts": "flake-parts", "impermanence": "impermanence", - "min-rip": "min-rip", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -209,11 +193,11 @@ ] }, "locked": { - "lastModified": 1733965552, - "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=", + "lastModified": 1736203741, + "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004", + "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0c2f041..d8e57dd 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "computer systems infrastructure"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; flake-parts.url = "github:hercules-ci/flake-parts"; @@ -17,10 +17,7 @@ impermanence.url = "github:nix-community/impermanence"; - min-rip.url = "git+ssh://git@git.min.rip/min/min.rip.git"; - min-rip.flake = false; - - breeze.url = "git+https://git.min.rip/min/breeze.git"; + breeze.url = "git+https://git.min.rip/min/breeze.git?ref=jemalloc"; breeze.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index e6ef97f..f7fdbab 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -1,6 +1,6 @@ {inputs, ...}: let systems = { - eidola = import ./eidola {inherit inputs;}; + # eidola = import ./eidola {inherit inputs;}; silver = import ./silver {inherit inputs;}; }; diff --git a/nixos/hosts/eidola/services/default.nix b/nixos/hosts/eidola/services/default.nix index ddfbc90..70956a6 100644 --- a/nixos/hosts/eidola/services/default.nix +++ b/nixos/hosts/eidola/services/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ ./samba.nix - ./vaultwarden.nix ]; } diff --git a/nixos/hosts/eidola/services/vaultwarden.nix b/nixos/hosts/eidola/services/vaultwarden.nix deleted file mode 100644 index 5b03b13..0000000 --- a/nixos/hosts/eidola/services/vaultwarden.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: let - ipInternal = "10.13.1.1"; - - dom = "pw.min.rip"; -in { - services.vaultwarden = { - enable = true; - - config = { - DOMAIN = "https://${dom}"; - SIGNUPS_ALLOWED = false; - SHOW_PASSWORD_HINT = false; - - ROCKET_ADDRESS = ipInternal; - ROCKET_PORT = 14210; - }; - }; -} diff --git a/nixos/hosts/silver/mounts.nix b/nixos/hosts/silver/mounts.nix index 922846e..3992116 100644 --- a/nixos/hosts/silver/mounts.nix +++ b/nixos/hosts/silver/mounts.nix @@ -16,6 +16,7 @@ "/var/lib/prometheus2" "/var/lib/grafana" + "/var/lib/bitwarden_rs" "/srv" ]; diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix index 0002cd9..a0cc096 100644 --- a/nixos/hosts/silver/services/default.nix +++ b/nixos/hosts/silver/services/default.nix @@ -8,8 +8,7 @@ ./nebula.nix ./prometheus.nix ./grafana.nix - - ./shim-vaultwarden.nix + ./vaultwarden.nix ]; security.acme = { diff --git a/nixos/hosts/silver/services/min-rip.nix b/nixos/hosts/silver/services/min-rip.nix index 5146358..9ced5f9 100644 --- a/nixos/hosts/silver/services/min-rip.nix +++ b/nixos/hosts/silver/services/min-rip.nix @@ -1,17 +1,17 @@ -{inputs, ...}: let +{...}: let dom = "min.rip"; # TODO: hardcoding in { services.nginx.virtualHosts.${dom} = { - root = "${inputs.min-rip}"; forceSSL = true; enableACME = true; quic = true; locations."/" = { - tryFiles = "$uri $uri/ =404"; + return = ''200 "hi!"''; extraConfig = '' add_header Cache-Control "max-age=15552000, must-revalidate"; + add_header Content-type text/plain; ''; }; diff --git a/nixos/hosts/silver/services/shim-vaultwarden.nix b/nixos/hosts/silver/services/shim-vaultwarden.nix deleted file mode 100644 index 020822c..0000000 --- a/nixos/hosts/silver/services/shim-vaultwarden.nix +++ /dev/null @@ -1,14 +0,0 @@ -{...}: let - httpIntAddr = "10.13.1.1"; - httpIntPort = 14210; - dom = "pw.min.rip"; -in { - services.nginx.virtualHosts.${dom} = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}"; - }; - }; -} diff --git a/nixos/hosts/silver/services/vaultwarden.nix b/nixos/hosts/silver/services/vaultwarden.nix new file mode 100644 index 0000000..75eaf61 --- /dev/null +++ b/nixos/hosts/silver/services/vaultwarden.nix @@ -0,0 +1,27 @@ +{...}: let + httpIntAddr = "127.0.0.1"; + httpIntPort = 14210; + dom = "pw.min.rip"; +in { + services.nginx.virtualHosts.${dom} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}"; + }; + }; + + services.vaultwarden = { + enable = true; + + config = { + DOMAIN = "https://${dom}"; + SIGNUPS_ALLOWED = false; + SHOW_PASSWORD_HINT = false; + + ROCKET_ADDRESS = httpIntAddr; + ROCKET_PORT = 14210; + }; + }; +} diff --git a/nixos/keys/ssh.nix b/nixos/keys/ssh.nix index ac154b1..31b406f 100644 --- a/nixos/keys/ssh.nix +++ b/nixos/keys/ssh.nix @@ -1,5 +1,5 @@ [ - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBCZ7P/hl8DOMyTm5vGZuMrxBeSr2bmN2tp8zeiK+y/zq/fOi4rMIbfQif8KmaZ2UDTnpWj8DNfrPhfz6li1nzU=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj" ]