alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:423ea622162a71825b639e435b815a4540003160
Branches Tags
alex:main
..
compare: alex:1834713f9829ed7a6442aa48b852c9f2a0730952
Branches Tags
alex:main

3 Commits
423ea62216 ... 1834713f98

Author SHA1 Message Date
Alexander Heldt
1834713f98 wip 2025-01-02 15:16:43 +01:00
Alexander Heldt
10613912fc tadpole: Add secrets for whib service 2024-12-22 15:38:37 +01:00
Alexander Heldt
5b9a15f7cf test-vm: Add WHIB backend 2024-12-22 15:38:37 +01:00
11 changed files with 17 additions and 51 deletions
Expand all files Collapse all files

8
flake.lock generated
View File

@@ -267,11 +267,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735841882, "lastModified": 1734875198,
"narHash": "sha256-Fn7mOUV189e/AIzij1n6kvNOROOWA3qRY/8D4bcJRXk=", "narHash": "sha256-nTrmbQjVANsbTJ+uzL95MXZq8nTbJ/Ar4qfeHMfVtlE=",
"ref": "master", "ref": "master",
"rev": "8952e41601f633eee9ec0ab6f8dd0d2783581b8d", "rev": "18225f1644a3fba957ed27d7ec92d03a3eea5579",
"revCount": 364, "revCount": 362,
"type": "git", "type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}, },

3
hosts/pinwheel/home.nix
View File

@@ -3,6 +3,8 @@
imports = [ inputs.home-manager.nixosModules.home-manager ]; imports = [ inputs.home-manager.nixosModules.home-manager ];
config = { config = {
hardware.saleae-logic.enable = true;
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
@@ -25,6 +27,7 @@
pkgs.htop pkgs.htop
pkgs.onlyoffice-bin pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.saleae-logic-2
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

2
hosts/tadpole/modules/certs/default.nix
View File

@@ -18,7 +18,7 @@
group = "nginx"; group = "nginx";
}; };
"api.whib.ppp.pm" = { "whib-api.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
group = "nginx"; group = "nginx";
}; };

1
hosts/tadpole/modules/default.nix
View File

@@ -22,7 +22,6 @@ in
}; };
pppdotpm-site.enable = true; pppdotpm-site.enable = true;
whib-backend.enable = true;
}; };
}; };
} }

8
hosts/tadpole/modules/gitea/default.nix
View File

@@ -7,6 +7,8 @@
let let
conf = config.mod.gitea; conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}"; gitDomain = "git.${conf.baseDomain}";
nginxEnable = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -35,12 +37,8 @@ in
}; };
}; };
config = lib.mkIf conf.enable { config = lib.mkIf (conf.enable && nginxEnable) {
assertions = [ assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
{ {
assertion = conf.baseDomain != ""; assertion = conf.baseDomain != "";
message = "Option 'mod.gitea.baseDomain' cannot be empty"; message = "Option 'mod.gitea.baseDomain' cannot be empty";

11
hosts/tadpole/modules/ppp.pm-site/default.nix
View File

@@ -6,6 +6,8 @@
}: }:
let let
enabled = config.mod.pppdotpm-site.enable; enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
imports = [ inputs.pppdotpm-site.nixosModules.default ]; imports = [ inputs.pppdotpm-site.nixosModules.default ];
@@ -16,14 +18,7 @@ in
}; };
}; };
config = lib.mkIf enabled { config = lib.mkIf (enabled && nginxEnabled) {
assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services.pppdotpm-site = { services.pppdotpm-site = {
enable = true; enable = true;
domain = "ppp.pm"; domain = "ppp.pm";

17
hosts/tadpole/modules/whib/default.nix
View File

@@ -15,18 +15,11 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
assertions = [
{
assertion = config.services.nginx.enable;
message = "Option 'config.services.nginx' must be enabled";
}
];
services.whib-backend = { services.whib-backend = {
enable = true; enable = true;
domain = "api.whib.ppp.pm"; domain = "whib-api.ppp.pm";
useACMEHost = "api.whib.ppp.pm"; useACMEHost = "whib-api.ppp.pm";
backend = { backend = {
signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})"; signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})";
@@ -51,9 +44,6 @@ in
}; };
grafana = { grafana = {
domain = "grafana.whib.ppp.pm";
useACMEHost = "grafana.whib.ppp.pm";
password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})"; password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})";
}; };
}; };
@@ -61,12 +51,11 @@ in
age.secrets = { age.secrets = {
"whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age; "whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age;
"whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age; "whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age;
"whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age;
"whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age; "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age;
"whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age; "whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age;
"whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age; "whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age;
"whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age; "whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age;
"whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age;
}; };
}; };
} }

3
secrets/secrets.nix
View File

@@ -48,9 +48,6 @@ in {
"tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ];
"tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ]; "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ];
"tadpole/whib-signing-key.age".publicKeys = [ tadpole alex ];
"tadpole/whib-postgres-password.age".publicKeys = [ tadpole alex ];
"tadpole/whib-grafana-password.age".publicKeys = [ tadpole alex ];
"tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ]; "tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ];
"tadpole/whib-backblaze-bucket.age".publicKeys = [ tadpole alex ]; "tadpole/whib-backblaze-bucket.age".publicKeys = [ tadpole alex ];
"tadpole/whib-backblaze-key-id.age".publicKeys = [ tadpole alex ]; "tadpole/whib-backblaze-key-id.age".publicKeys = [ tadpole alex ];

BIN
secrets/tadpole/whib-grafana-password.age
View File

Binary file not shown.

7
secrets/tadpole/whib-postgres-password.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A WqkH9G2AGAcQfa9u+w6+QVXYVlozt0JsB/icILH/Jnc
SGhXQ33eRtVtIEKdZCmpyxNUtFgtZhGUs9QX20GbHRg
-> ssh-ed25519 +oNaHQ k66ZToSUzHxDm0yZkI4+Gase/Q5GJrsB7c6+LvmgGSg
6x9dzdloKJT2Tcawn4m2d518KUjdINGi4u+PFvMt9tQ
--- 395jqjDR3lBIIPOUIlnOJW/048qeJPC5CJbMJdpSjTo
<EFBFBD>ϛ<EFBFBD><uI<75>X"<22> <0C>^C<12>j};<3B><><EFBFBD><EFBFBD>Kd<4B><64><06><>ٗX<D997><58>b<EFBFBD> <0C><><EFBFBD>W<>,{7u+x<>L]<5D>ž

8
secrets/tadpole/whib-signing-key.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5R7G9A ncGAywK2O0Geyy5E9HmRdDCmCD7RwmflyyBXFKH4KSc
4Izx8nT/k5yOMOG4InifQw+wzEDe9PqMyeF3LEicOKE
-> ssh-ed25519 +oNaHQ cPf/X971sb4pNKz9t0W318EpY3XJNB/OId7nGZ/ooXc
Vp5x6PZML0jtPEjuaDo7KjtHdKv5SyPAS2+Fvhjbro8
--- 4jGA5763tvEcNDmNnYaoCfw99xROjqpKW0dMG23BqbE
<1F><><EFBFBD>j^t<><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>B%<25><>a<><61><EFBFBD><EFBFBD>$<24><>8m}-LbM<62>n<EFBFBD><6E><18><1C>R<02><>cZ<63><5A><EFBFBD>=<3D> <0C>$ x<18><>}<7D><>)PH<50>{X<>3<EFBFBD><EFBFBD><E18FBB><EFBFBD>V<EFBFBD><15><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><12><><EFBFBD>Օ<EFBFBD>6Rs<52><73><EFBFBD><12><>r<EFBFBD><72>b<EFBFBD>nl<6E>]<5D><>/Ȏe@/<2F>*<2A><><EFBFBD>:<3A>ڸ<EFBFBD><DAB8>V~<7E><>V<EFBFBD>a]`<60><19>
<EFBFBD><EFBFBD><EFBFBD>=ٿv<D9BF>z\<5C>