From 1b8687a703f0f6b4b5d51dcdf7630f5509d88b84 Mon Sep 17 00:00:00 2001 From: gwg313 Date: Thu, 3 Apr 2025 01:49:35 -0400 Subject: [PATCH] updating traefik and others --- common/nixos/common.nix | 1 + common/nixos/documentation.nix | 18 +++++++++++++ flake.nix | 1 + home-manager/modules/git.nix | 40 ++++++++++++++++++++++++++--- home-manager/modules/lazygit.nix | 4 ++- home-manager/modules/ssh.nix | 2 +- hosts/candlekeep/syncthing.nix | 24 +++++++++++++++++ hosts/grymforge/syncthing.nix | 22 ++++++++++++++++ hosts/seikan/routes.nix | 41 ++++++++++++++++++++++++++++++ hosts/seikan/traefik.nix | 15 +++++++++-- hosts/seikan/zerotier.nix | 3 +++ hosts/waypoint/routes.nix | 24 +++++++++++++++++ hosts/waypoint/routes_local.nix | 23 +++++++++++++++++ hosts/waypoint/routes_zerotier.nix | 23 +++++++++++++++++ hosts/waypoint/services.nix | 16 ++++++++++++ secrets/secrets.yaml | 5 ++-- 16 files changed, 252 insertions(+), 10 deletions(-) create mode 100644 common/nixos/documentation.nix diff --git a/common/nixos/common.nix b/common/nixos/common.nix index 0ad4852..acf063a 100644 --- a/common/nixos/common.nix +++ b/common/nixos/common.nix @@ -12,6 +12,7 @@ ./packages.nix ./users.nix ./locale.nix + ./documentation.nix ../../common/style/stylix.nix ]; # diff --git a/common/nixos/documentation.nix b/common/nixos/documentation.nix new file mode 100644 index 0000000..9700df8 --- /dev/null +++ b/common/nixos/documentation.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.man-pages + pkgs.man-pages-posix + ]; + documentation = { + dev.enable = true; + man = { + man-db.enable = false; + mandoc.enable = true; + }; + }; + + environment.sessionVariables = { + MANPAGER = "sh -c 'sed -u -e \"s/\\x1B\[[0-9;]*m//g; s/.\\x08//g\" | bat -p -lman'"; + }; +} diff --git a/flake.nix b/flake.nix index 1125731..d67b5a4 100644 --- a/flake.nix +++ b/flake.nix @@ -114,6 +114,7 @@ inherit (self.checks.${system}.pre-commit-check) shellHook; buildInputs = with pkgs; [ alejandra + apacheHttpd ]; }; } diff --git a/home-manager/modules/git.nix b/home-manager/modules/git.nix index ad089d1..b1e2b82 100644 --- a/home-manager/modules/git.nix +++ b/home-manager/modules/git.nix @@ -17,9 +17,13 @@ }; commit = { gpgsign = true; + verbose = "true"; }; diff = { - algorithm = "patience"; + algorithm = "histogram"; + colorMoved = "plain"; + mnemonicPrefix = "true"; + renames = "true"; compactionHeuristic = "true"; tool = "nvimdiff"; }; @@ -29,6 +33,7 @@ merge = { tool = "nvimdiff4"; prompt = "false"; + conflictstyle = "zdiff3"; }; "mergetool \"nvimdiff4\"" = { cmd = "nvim -d $LOCAL $BASE $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; @@ -44,7 +49,7 @@ editor = "nvim"; }; delta = { - features = "side-by-side line-numbers decorations"; + features = "line-numbers decorations"; navigate = "true"; whitespace-error-style = "22 reverse"; }; @@ -52,10 +57,37 @@ diffFilter = "delta --color-only"; }; push = { - autoSetupRemote = true; + default = "simple"; + autoSetupRemote = "true"; + followTags = "true"; + }; pull = { - rebase = false; + rebase = "true"; + }; + rebase = { + autoSquash = "true"; + autoStash = "true"; + updateRefs = "true"; + }; + fetch = { + prune = "true"; + pruneTags = "true"; + all = "true"; + }; + tag = { + sort = "version:refname"; + }; + branch = { + sort = "-committerdate"; + }; + + help = { + autocorrect = "true"; + }; + rerere = { + enabled = "true"; + autoupdate = "true"; }; color.ui = "1"; diff --git a/home-manager/modules/lazygit.nix b/home-manager/modules/lazygit.nix index d004335..e7845e5 100644 --- a/home-manager/modules/lazygit.nix +++ b/home-manager/modules/lazygit.nix @@ -8,7 +8,9 @@ in enable = true; settings = lib.mkForce { - git.overrideGpg = true; + git = { + overrideGpg = true; + }; gui = { theme = { activeBorderColor = [ diff --git a/home-manager/modules/ssh.nix b/home-manager/modules/ssh.nix index 72b7474..2528f03 100644 --- a/home-manager/modules/ssh.nix +++ b/home-manager/modules/ssh.nix @@ -52,7 +52,7 @@ port = 2222; }; "onedev" = { - hostname = "git.gwg313.xyz"; + hostname = "10.1.10.3"; user = "git"; identityFile = "/home/gwg313/.ssh/onedev/id_ed25519"; port = 2222; diff --git a/hosts/candlekeep/syncthing.nix b/hosts/candlekeep/syncthing.nix index e1eaca3..9854813 100644 --- a/hosts/candlekeep/syncthing.nix +++ b/hosts/candlekeep/syncthing.nix @@ -50,6 +50,30 @@ }; }; }; + + "password-store" = { + path = "/home/gwg313/.local/share/password-store"; + devices = [ "grymforge" ]; + versioning = { + type = "staggered"; + params = { + cleanInterval = "3600"; + maxAge = "15768000"; + }; + }; + }; + "ssh-keys" = { + path = "/home/gwg313/.ssh"; + devices = [ "grymforge" ]; + versioning = { + type = "staggered"; + params = { + cleanInterval = "3600"; + maxAge = "15768000"; + }; + }; + }; + }; }; }; diff --git a/hosts/grymforge/syncthing.nix b/hosts/grymforge/syncthing.nix index def9c86..fc8f3e2 100644 --- a/hosts/grymforge/syncthing.nix +++ b/hosts/grymforge/syncthing.nix @@ -51,6 +51,28 @@ }; }; }; + "password-store" = { + path = "/home/gwg313/.local/share/password-store"; + devices = [ "candlekeep" ]; + versioning = { + type = "staggered"; + params = { + cleanInterval = "3600"; + maxAge = "15768000"; + }; + }; + }; + "ssh-keys" = { + path = "/home/gwg313/.ssh"; + devices = [ "candlekeep" ]; + versioning = { + type = "staggered"; + params = { + cleanInterval = "3600"; + maxAge = "15768000"; + }; + }; + }; }; }; }; diff --git a/hosts/seikan/routes.nix b/hosts/seikan/routes.nix index f673538..79b8821 100644 --- a/hosts/seikan/routes.nix +++ b/hosts/seikan/routes.nix @@ -33,6 +33,24 @@ url = "https://scholarsome.zerotier.gwg313.xyz"; } ]; + + pastebin_zt.loadBalancer.servers = [ + { + url = "https://pastebin.zerotier.gwg313.xyz"; + } + ]; + + snippets_zt.loadBalancer.servers = [ + { + url = "https://snippets.zerotier.gwg313.xyz"; + } + ]; + + git_zt.loadBalancer.servers = [ + { + url = "https://git.zerotier.gwg313.xyz"; + } + ]; }; routers = { @@ -77,6 +95,29 @@ middlewares = [ "headers" ]; }; + pastebin_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`pastebin.gwg313.xyz`)"; + service = "pastebin_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + snippets_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`snippets.gwg313.xyz`)"; + service = "snippets_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + git_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`git.gwg313.xyz`)"; + service = "git_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + }; }; }; diff --git a/hosts/seikan/traefik.nix b/hosts/seikan/traefik.nix index 7619744..594cb9e 100644 --- a/hosts/seikan/traefik.nix +++ b/hosts/seikan/traefik.nix @@ -13,6 +13,12 @@ group = config.users.users.traefik.group; }; + sops.secrets.basic-auth = { + mode = "0440"; + owner = config.users.users.traefik.name; + group = config.users.users.traefik.group; + }; + systemd.services.traefik.environment = { CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}"; }; @@ -69,10 +75,10 @@ http = { routers = { dashboard = { - rule = "Host(`monitor.local.gwg313.xyz`)"; + rule = "Host(`monitor.gwg313.xyz`)"; service = "api@internal"; middlewares = [ - # "auth" + "auth" "headers" ]; entrypoints = [ "websecure" ]; @@ -82,6 +88,11 @@ }; }; middlewares = { + auth = { + basicAuth = { + usersFile = "${config.sops.secrets.basic-auth.path}"; + }; + }; headers = { headers = { browserxssfilter = true; diff --git a/hosts/seikan/zerotier.nix b/hosts/seikan/zerotier.nix index 9cf586e..ec7ba92 100644 --- a/hosts/seikan/zerotier.nix +++ b/hosts/seikan/zerotier.nix @@ -16,5 +16,8 @@ 10.147.17.246 recipes.zerotier.gwg313.xyz 10.147.17.246 scholarsome.zerotier.gwg313.xyz 10.147.17.246 bookmarks.zerotier.gwg313.xyz + 10.147.17.246 pastebin.zerotier.gwg313.xyz + 10.147.17.246 snippets.zerotier.gwg313.xyz + 10.147.17.246 git.zerotier.gwg313.xyz ''; } diff --git a/hosts/waypoint/routes.nix b/hosts/waypoint/routes.nix index 4e6b096..373b84f 100644 --- a/hosts/waypoint/routes.nix +++ b/hosts/waypoint/routes.nix @@ -46,6 +46,30 @@ middlewares = [ "headers" ]; }; + pastebin = { + entryPoints = [ "websecure" ]; + rule = "Host(`pastebin.gwg313.xyz`)"; + service = "pastebin_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + snippets = { + entryPoints = [ "websecure" ]; + rule = "Host(`snippets.gwg313.xyz`)"; + service = "snippets_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + git = { + entryPoints = [ "websecure" ]; + rule = "Host(`git.gwg313.xyz`)"; + service = "git_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + }; }; }; diff --git a/hosts/waypoint/routes_local.nix b/hosts/waypoint/routes_local.nix index ec3304e..c852bd7 100644 --- a/hosts/waypoint/routes_local.nix +++ b/hosts/waypoint/routes_local.nix @@ -61,6 +61,29 @@ middlewares = [ "headers" ]; }; + privatebin_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`pastebin.local.gwg313.xyz`)"; + service = "pastebin_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + snippets_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`snippets.local.gwg313.xyz`)"; + service = "snippets_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + git_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`git.local.gwg313.xyz`)"; + service = "git_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; }; }; }; diff --git a/hosts/waypoint/routes_zerotier.nix b/hosts/waypoint/routes_zerotier.nix index 3ec8f84..ee5d991 100644 --- a/hosts/waypoint/routes_zerotier.nix +++ b/hosts/waypoint/routes_zerotier.nix @@ -46,6 +46,29 @@ middlewares = [ "headers" ]; }; + pastebin_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`pastebin.zerotier.gwg313.xyz`)"; + service = "pastebin_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + snippets_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`snippets.zerotier.gwg313.xyz`)"; + service = "snippets_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + git_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`git.zerotier.gwg313.xyz`)"; + service = "git_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + }; }; }; diff --git a/hosts/waypoint/services.nix b/hosts/waypoint/services.nix index fa5a143..0753e76 100644 --- a/hosts/waypoint/services.nix +++ b/hosts/waypoint/services.nix @@ -50,6 +50,22 @@ url = "http://10.1.10.3:30099"; } ]; + + pastebin_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:32090"; + } + ]; + snippets_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:31111"; + } + ]; + git_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:32221"; + } + ]; }; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index f93f02a..f537ffd 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,7 @@ restic_key: ENC[AES256_GCM,data:DzpWvFP5gyhrnLVIYgu9ouotWqkOAHehihSKf/TqJE+sHTD4vnIScfhzoKzdkoDoWfkcmQ==,iv:q83qNYuP/3mngvg+kUfOVToogL8VTvZ6HiGIztpnP/s=,tag:YNWwbma0HmPKqYCS1L5kQQ==,type:str] wireless.env: ENC[AES256_GCM,data:/5i0Kv+VFTtVpaD7tfO2ahePu20eYkUYAqoh39PA2aoMWywLddQEQy4arj2Nvcw8hsRk760Kiq4wz3c23dPDqy7rU980NF2RaP4ODMIiQISfYeQP9coD84JhlnSTW+7EkhV520naqJgIYY0IsA8OxR/5euyFMHOL75FKnBh1ILY2DPSsJNG2m2ldw+US7E+7r4REl8tDqKfCIL5tznmbVTbPrer7cwrXe+ScFaholmqSntaB06yIIO3yr88TmE6EXF6oLCXU,iv:DPOqx7M7E83+DYjGFPZy44cxrta/3953IDjXL40rLAc=,tag:KmYBpQKgshMSgxnC96T1bQ==,type:str] cf-api-token: ENC[AES256_GCM,data:7FJtAEOdYnUpGqs5r3pNIkY+lsqn2wtRhyIGXD5G7in3U3Tt8CTn5g==,iv:61kKxSYk54NqvhNn4xZZ2Gec7p/93dAN+VWBqF5OSQQ=,tag:5yzcHjGzhD8KX2FgL+xK/Q==,type:str] +basic-auth: ENC[AES256_GCM,data:/YSAcTnyvM4sjj3cc46YwkXGeP3yG2MHctza+kDuRaNXb8ABMFofUHU6KuifTpsmUWwPQ4BPdamv+JC9ee8tsWRMxw==,iv:CUE70AISBOdYDLUXGAnIPT4t4tOugHWLlCLE6YxTkjM=,tag:MnyHoQCHaTbYjp/jrbWEcg==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: US9oa0pORXRVWWlyYlZZTGhXdTdOaWsKClqIK/YNJIIGFqOO0t4oni8dRTTXQniG ioIwAOdEgE/n0vcYhHXxLxWlTeqGZF076g7EFfIqiSNqrDtacRnazg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-29T02:27:53Z" - mac: ENC[AES256_GCM,data:1oaHYYkeUbXlqsjS+o7LJjrYok7eslNpiDloEgi1R0G8IedRB4yCTWbKCScjIu6IMeFG/9dWA2ovaRCAjXzo1cgXAPOKKvumSBZxxXIY/EpPVWqYXsJVbXK+G5ZFSTJ7HzSFeZz2do3fNGcBL9jAcSykVIUZlZGym+Ap7yjHeeI=,iv:xQmctJshh4Wm8z6lMAvyV0KoQoM0cbesx+IWoyve2LQ=,tag:4VQDzdGpPcGFy6hvq82XZg==,type:str] + lastmodified: "2025-03-31T17:31:58Z" + mac: ENC[AES256_GCM,data:PGFoJSMR/W3taIMtXbavI/9elQBHrwliZsCdRbAUx++LBow8R86gq2xZN+KmgAhqV7gxa+2vfEAs/WQB7tGD1BAxUNNwb3up7CzzoZjlQG5WaHU9JiAERB5dFSYqS47faAOdkEr+MZWF42nO2DoA4PImtCBAaQLnAgO+AI6eG4I=,iv:b3AWusxwWvZwRFj7F8F00jx7Do/QnnzJpwJtUNmam/8=,tag:drPhuuPdW24AH8bH9y0YNA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4