Read full commit

* disable eidola because it broke lol * move vaultwarden to silver * remove min.rip homepage * swap ssh key
2025-01-20 16:00:10 -05:00 · 2025-01-20 16:00:10 -05:00 · 71db8af1cf
parent 2dc8eb5c47
commit 71db8af1cf
11 changed files with 68 additions and 93 deletions
--- a/flake.lock
+++ b/flake.lock
@ -9,26 +9,27 @@
        ]
      },
      "locked": {
-        "lastModified": 1729402974,
-        "narHash": "sha256-tKKWVI7QQmuc9QGluSpogo90MqIInZZ5gOdEv8YoIs0=",
-        "ref": "refs/heads/main",
-        "rev": "2e65f3744bb745cff0c329e7fbbdbae7d66054ec",
-        "revCount": 62,
+        "lastModified": 1736812363,
+        "narHash": "sha256-vs6tf4F4LVMDw4nsXkVFMSNC8RAbS7mRxbBscfE/mts=",
+        "ref": "jemalloc",
+        "rev": "015aee89b8519ce94a603d5cd58f1c54ec3ac718",
+        "revCount": 67,
        "type": "git",
        "url": "https://git.min.rip/min/breeze.git"
      },
      "original": {
+        "ref": "jemalloc",
        "type": "git",
        "url": "https://git.min.rip/min/breeze.git"
      }
    },
    "crane": {
      "locked": {
-        "lastModified": 1725409566,
-        "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
+        "lastModified": 1734808813,
+        "narHash": "sha256-3aH/0Y6ajIlfy7j52FGZ+s4icVX0oHhqBzRdlOeztqg=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
+        "rev": "72e2d02dbac80c8c86bf6bf3e785536acf8ee926",
        "type": "github"
      },
      "original": {
@ -66,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734088167,
-        "narHash": "sha256-OIitVU+IstPbX/NWn2jLF+/sT9dVKcO2FKeRAzlyX6c=",
+        "lastModified": 1736199437,
+        "narHash": "sha256-TdU0a/x8048rbbJmkKWzSY1CtsbbGKNkIJcMdr8Zf4Q=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "d32f2d1750d61a476a236526b725ec5a32e16342",
+        "rev": "49f8aa791f81ff2402039b3efe0c35b9386c4bcf",
        "type": "github"
      },
      "original": {
@ -100,11 +101,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1736143030,
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
        "type": "github"
      },
      "original": {
@ -118,11 +119,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@ -133,11 +134,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1734200366,
-        "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
+        "lastModified": 1734945620,
+        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
+        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
        "type": "github"
      },
      "original": {
@ -146,48 +147,32 @@
        "type": "github"
      }
    },
-    "min-rip": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1733968933,
-        "narHash": "sha256-sM4W6aZDgoyWkXjgE+UXRwGdfrMFDRPRliZs7CTc4rw=",
-        "ref": "refs/heads/main",
-        "rev": "8b5c3a8ef205e82a5414cac4d9fb6c17276b71ae",
-        "revCount": 36,
-        "type": "git",
-        "url": "ssh://git@git.min.rip/min/min.rip.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "ssh://git@git.min.rip/min/min.rip.git"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734017764,
-        "narHash": "sha256-msOfmyJSjAHgIygI/JD0Ae3JsDv4rT54Nlfr5t6MQMQ=",
+        "lastModified": 1736200483,
+        "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "64e9404f308e0f0a0d8cdd7c358f74e34802494b",
+        "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1733096140,
-        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+        "lastModified": 1735774519,
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      }
    },
    "root": {
@ -197,7 +182,6 @@
        "disko": "disko",
        "flake-parts": "flake-parts",
        "impermanence": "impermanence",
-        "min-rip": "min-rip",
        "nixpkgs": "nixpkgs",
        "sops-nix": "sops-nix"
      }
@ -209,11 +193,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1733965552,
-        "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
+        "lastModified": 1736203741,
+        "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
+        "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "computer systems infrastructure";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";

    flake-parts.url = "github:hercules-ci/flake-parts";

@ -17,10 +17,7 @@

    impermanence.url = "github:nix-community/impermanence";

-    min-rip.url = "git+ssh://git@git.min.rip/min/min.rip.git";
-    min-rip.flake = false;
-
-    breeze.url = "git+https://git.min.rip/min/breeze.git";
+    breeze.url = "git+https://git.min.rip/min/breeze.git?ref=jemalloc";
    breeze.inputs.nixpkgs.follows = "nixpkgs";
  };

--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@ -1,6 +1,6 @@
 {inputs, ...}: let
  systems = {
-    eidola = import ./eidola {inherit inputs;};
+    # eidola = import ./eidola {inherit inputs;};
    silver = import ./silver {inherit inputs;};
  };

--- a/nixos/hosts/eidola/services/default.nix
+++ b/nixos/hosts/eidola/services/default.nix
@ -1,6 +1,5 @@
 {...}: {
  imports = [
    ./samba.nix
-    ./vaultwarden.nix
  ];
 }
--- a/nixos/hosts/eidola/services/vaultwarden.nix
+++ b/nixos/hosts/eidola/services/vaultwarden.nix
@ -1,18 +0,0 @@
-{...}: let
-  ipInternal = "10.13.1.1";
-
-  dom = "pw.min.rip";
-in {
-  services.vaultwarden = {
-    enable = true;
-
-    config = {
-      DOMAIN = "https://${dom}";
-      SIGNUPS_ALLOWED = false;
-      SHOW_PASSWORD_HINT = false;
-
-      ROCKET_ADDRESS = ipInternal;
-      ROCKET_PORT = 14210;
-    };
-  };
-}
--- a/nixos/hosts/silver/mounts.nix
+++ b/nixos/hosts/silver/mounts.nix
@ -16,6 +16,7 @@

      "/var/lib/prometheus2"
      "/var/lib/grafana"
+      "/var/lib/bitwarden_rs"

      "/srv"
    ];
--- a/nixos/hosts/silver/services/default.nix
+++ b/nixos/hosts/silver/services/default.nix
@ -8,8 +8,7 @@
    ./nebula.nix
    ./prometheus.nix
    ./grafana.nix
-
-    ./shim-vaultwarden.nix
+    ./vaultwarden.nix
  ];

  security.acme = {
--- a/nixos/hosts/silver/services/min-rip.nix
+++ b/nixos/hosts/silver/services/min-rip.nix
@ -1,17 +1,17 @@
-{inputs, ...}: let
+{...}: let
  dom = "min.rip"; # TODO: hardcoding
 in {
  services.nginx.virtualHosts.${dom} = {
-    root = "${inputs.min-rip}";
    forceSSL = true;
    enableACME = true;

    quic = true;

    locations."/" = {
-      tryFiles = "$uri $uri/ =404";
+      return = ''200 "hi!"'';
      extraConfig = ''
        add_header Cache-Control "max-age=15552000, must-revalidate";
+        add_header Content-type text/plain;
      '';
    };

--- a/nixos/hosts/silver/services/shim-vaultwarden.nix
+++ b/nixos/hosts/silver/services/shim-vaultwarden.nix
@ -1,14 +0,0 @@
-{...}: let
-  httpIntAddr = "10.13.1.1";
-  httpIntPort = 14210;
-  dom = "pw.min.rip";
-in {
-  services.nginx.virtualHosts.${dom} = {
-    forceSSL = true;
-    enableACME = true;
-
-    locations."/" = {
-      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
-    };
-  };
-}
--- a/nixos/hosts/silver/services/vaultwarden.nix
+++ b/nixos/hosts/silver/services/vaultwarden.nix
@ -0,0 +1,27 @@
+{...}: let
+  httpIntAddr = "127.0.0.1";
+  httpIntPort = 14210;
+  dom = "pw.min.rip";
+in {
+  services.nginx.virtualHosts.${dom} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
+    };
+  };
+
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://${dom}";
+      SIGNUPS_ALLOWED = false;
+      SHOW_PASSWORD_HINT = false;
+
+      ROCKET_ADDRESS = httpIntAddr;
+      ROCKET_PORT = 14210;
+    };
+  };
+}
--- a/nixos/keys/ssh.nix
+++ b/nixos/keys/ssh.nix
@ -1,5 +1,5 @@
 [
-  "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBCZ7P/hl8DOMyTm5vGZuMrxBeSr2bmN2tp8zeiK+y/zq/fOi4rMIbfQif8KmaZ2UDTnpWj8DNfrPhfz6li1nzU="
+  "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLM+RmEfAxC6vYelGWhBj5bCkiwWmbrMs1XqyMNALOilSoW+om9tJbulDSYn9l7woc9UOm8lFZ/x08J3AORbQjI="
  "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPci/gIUGWdoiLXS8Nq8T6Fvh2Wtpxv6pnqyvbSWvzyoAAAABHNzaDo="
  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINIysEjWk8jdsnfF2Ki1U1TENkRLu3ig5tGVlVUnBGTj"
 ]