Read full commit

* disable eidola because it broke lol
* move vaultwarden to silver
* remove min.rip homepage
* swap ssh key

flake.lock

@@ -9,26 +9,27 @@
         ]
       },
       "locked": {
-        "lastModified": 1729402974,
+        "lastModified": 1736812363,
-        "narHash": "sha256-tKKWVI7QQmuc9QGluSpogo90MqIInZZ5gOdEv8YoIs0=",
+        "narHash": "sha256-vs6tf4F4LVMDw4nsXkVFMSNC8RAbS7mRxbBscfE/mts=",
-        "ref": "refs/heads/main",
+        "ref": "jemalloc",
-        "rev": "2e65f3744bb745cff0c329e7fbbdbae7d66054ec",
+        "rev": "015aee89b8519ce94a603d5cd58f1c54ec3ac718",
-        "revCount": 62,
+        "revCount": 67,
         "type": "git",
         "url": "https://git.min.rip/min/breeze.git"
       },
       "original": {
+        "ref": "jemalloc",
         "type": "git",
         "url": "https://git.min.rip/min/breeze.git"
       }
     },
     "crane": {
       "locked": {
-        "lastModified": 1725409566,
+        "lastModified": 1734808813,
-        "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
+        "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
+        "rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926",
         "type": "github"
       },
       "original": {
@@ -66,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1734088167,
+        "lastModified": 1736199437,
-        "narHash": "sha256-OIitVU+IstPbX/NWn2jLF+/sT9dVKcO2FKeRAzlyX6c=",
+        "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "d32f2d1750d61a476a236526b725ec5a32e16342",
+        "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf",
         "type": "github"
       },
       "original": {
@@ -100,11 +101,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1733312601,
+        "lastModified": 1736143030,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
         "type": "github"
       },
       "original": {
@@ -118,11 +119,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1726560853,
+        "lastModified": 1731533236,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
         "type": "github"
       },
       "original": {
@@ -133,11 +134,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1734200366,
+        "lastModified": 1734945620,
-        "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
+        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
+        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
         "type": "github"
       },
       "original": {
@@ -146,48 +147,32 @@
         "type": "github"
       }
     },
-    "min-rip": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1733968933,
-        "narHash": "sha256-sM4W6aZDgoyWkXjgE+UXRwGdfrMFDRPRliZs7CTc4rw=",
-        "ref": "refs/heads/main",
-        "rev": "8b5c3a8ef205e82a5414cac4d9fb6c17276b71ae",
-        "revCount": 36,
-        "type": "git",
-        "url": "ssh://git@git.min.rip/min/min.rip.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "ssh://git@git.min.rip/min/min.rip.git"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1734017764,
+        "lastModified": 1736200483,
-        "narHash": "sha256-msOfmyJSjAHgIygI/JD0Ae3JsDv4rT54Nlfr5t6MQMQ=",
+        "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "64e9404f308e0f0a0d8cdd7c358f74e34802494b",
+        "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1733096140,
+        "lastModified": 1735774519,
-        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
       }
     },
     "root": {
@@ -197,7 +182,6 @@
         "disko": "disko",
         "flake-parts": "flake-parts",
         "impermanence": "impermanence",
-        "min-rip": "min-rip",
         "nixpkgs": "nixpkgs",
         "sops-nix": "sops-nix"
       }
@@ -209,11 +193,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733965552,
+        "lastModified": 1736203741,
-        "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
+        "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
+        "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,7 +2,7 @@
   description = "computer systems infrastructure";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
 
     flake-parts.url = "github:hercules-ci/flake-parts";
 
@@ -17,10 +17,7 @@
 
     impermanence.url = "github:nix-community/impermanence";
 
-    min-rip.url = "git+ssh://git@git.min.rip/min/min.rip.git";
+    breeze.url = "git+https://git.min.rip/min/breeze.git?ref=jemalloc";
-    min-rip.flake = false;
-
-    breeze.url = "git+https://git.min.rip/min/breeze.git";
     breeze.inputs.nixpkgs.follows = "nixpkgs";
   };
 

nixos/hosts/default.nix

@@ -1,6 +1,6 @@
 {inputs, ...}: let
   systems = {
-    eidola = import ./eidola {inherit inputs;};
+    # eidola = import ./eidola {inherit inputs;};
     silver = import ./silver {inherit inputs;};
   };
 

nixos/hosts/eidola/services/default.nix

@@ -1,6 +1,5 @@
 {...}: {
   imports = [
     ./samba.nix
-    ./vaultwarden.nix
   ];
 }

nixos/hosts/eidola/services/vaultwarden.nix

@@ -1,18 +0,0 @@
-{...}: let
-  ipInternal = "10.13.1.1";
-
-  dom = "pw.min.rip";
-in {
-  services.vaultwarden = {
-    enable = true;
-
-    config = {
-      DOMAIN = "https://${dom}";
-      SIGNUPS_ALLOWED = false;
-      SHOW_PASSWORD_HINT = false;
-
-      ROCKET_ADDRESS = ipInternal;
-      ROCKET_PORT = 14210;
-    };
-  };
-}

nixos/hosts/silver/mounts.nix

@@ -16,6 +16,7 @@
 
       "/var/lib/prometheus2"
       "/var/lib/grafana"
+      "/var/lib/bitwarden_rs"
 
       "/srv"
     ];

nixos/hosts/silver/services/default.nix

@@ -8,8 +8,7 @@
     ./nebula.nix
     ./prometheus.nix
     ./grafana.nix
-
+    ./vaultwarden.nix
-    ./shim-vaultwarden.nix
   ];
 
   security.acme = {

nixos/hosts/silver/services/min-rip.nix

@@ -1,17 +1,17 @@
-{inputs, ...}: let
+{...}: let
   dom = "min.rip"; # TODO: hardcoding
 in {
   services.nginx.virtualHosts.${dom} = {
-    root = "${inputs.min-rip}";
     forceSSL = true;
     enableACME = true;
 
     quic = true;
 
     locations."/" = {
-      tryFiles = "$uri $uri/ =404";
+      return = ''200 "hi!"'';
       extraConfig = ''
         add_header Cache-Control "max-age=15552000, must-revalidate";
+        add_header Content-type text/plain;
       '';
     };
 

nixos/hosts/silver/services/shim-vaultwarden.nix

@@ -1,14 +0,0 @@
-{...}: let
-  httpIntAddr = "10.13.1.1";
-  httpIntPort = 14210;
-  dom = "pw.min.rip";
-in {
-  services.nginx.virtualHosts.${dom} = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations."/" = {
-      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
-    };
-  };
-}

nixos/hosts/silver/services/vaultwarden.nix

@@ -0,0 +1,27 @@
+{...}: let
+  httpIntAddr = "127.0.0.1";
+  httpIntPort = 14210;
+  dom = "pw.min.rip";
+in {
+  services.nginx.virtualHosts.${dom} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
+    };
+  };
+
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://${dom}";
+      SIGNUPS_ALLOWED = false;
+      SHOW_PASSWORD_HINT = false;
+
+      ROCKET_ADDRESS = httpIntAddr;
+      ROCKET_PORT = 14210;
+    };
+  };
+}

nixos/keys/ssh.nix

@@ -1,5 +1,5 @@
 [
-  "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBCZ7P/hl8DOMyTm5vGZuMrxBeSr2bmN2tp8zeiK+y/zq/fOi4rMIbfQif8KmaZ2UDTnpWj8DNfrPhfz6li1nzU="
+  "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI="
   "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo="
   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj"
 ]