updating traefik and others

2025-04-03 01:49:35 -04:00 · 2025-04-03 01:49:35 -04:00 · 1b8687a703
commit 1b8687a703
parent 649f32545a
16 changed files with 252 additions and 10 deletions
--- a/common/nixos/common.nix
+++ b/common/nixos/common.nix
@ -12,6 +12,7 @@
    ./packages.nix
    ./users.nix
    ./locale.nix
+    ./documentation.nix
    ../../common/style/stylix.nix
  ];
  #
--- a/common/nixos/documentation.nix
+++ b/common/nixos/documentation.nix
@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    pkgs.man-pages
+    pkgs.man-pages-posix
+  ];
+  documentation = {
+    dev.enable = true;
+    man = {
+      man-db.enable = false;
+      mandoc.enable = true;
+    };
+  };
+
+  environment.sessionVariables = {
+    MANPAGER = "sh -c 'sed -u -e \"s/\\x1B\[[0-9;]*m//g; s/.\\x08//g\" | bat -p -lman'";
+  };
+}
--- a/flake.nix
+++ b/flake.nix
@ -114,6 +114,7 @@
            inherit (self.checks.${system}.pre-commit-check) shellHook;
            buildInputs = with pkgs; [
              alejandra
+              apacheHttpd
            ];
          };
        }
--- a/home-manager/modules/git.nix
+++ b/home-manager/modules/git.nix
@ -17,9 +17,13 @@
      };
      commit = {
        gpgsign = true;
+        verbose = "true";
      };
      diff = {
-        algorithm = "patience";
+        algorithm = "histogram";
+        colorMoved = "plain";
+        mnemonicPrefix = "true";
+        renames = "true";
        compactionHeuristic = "true";
        tool = "nvimdiff";
      };
@ -29,6 +33,7 @@
      merge = {
        tool = "nvimdiff4";
        prompt = "false";
+        conflictstyle = "zdiff3";
      };
      "mergetool \"nvimdiff4\"" = {
        cmd = "nvim -d $LOCAL $BASE $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'";
@ -44,7 +49,7 @@
        editor = "nvim";
      };
      delta = {
-        features = "side-by-side line-numbers decorations";
+        features = "line-numbers decorations";
        navigate = "true";
        whitespace-error-style = "22 reverse";
      };
@ -52,10 +57,37 @@
        diffFilter = "delta --color-only";
      };
      push = {
-        autoSetupRemote = true;
+        default = "simple";
+        autoSetupRemote = "true";
+        followTags = "true";
+
      };
      pull = {
-        rebase = false;
+        rebase = "true";
+      };
+      rebase = {
+        autoSquash = "true";
+        autoStash = "true";
+        updateRefs = "true";
+      };
+      fetch = {
+        prune = "true";
+        pruneTags = "true";
+        all = "true";
+      };
+      tag = {
+        sort = "version:refname";
+      };
+      branch = {
+        sort = "-committerdate";
+      };
+
+      help = {
+        autocorrect = "true";
+      };
+      rerere = {
+        enabled = "true";
+        autoupdate = "true";
      };

      color.ui = "1";
--- a/home-manager/modules/lazygit.nix
+++ b/home-manager/modules/lazygit.nix
@ -8,7 +8,9 @@ in
    enable = true;
    settings = lib.mkForce {

-      git.overrideGpg = true;
+      git = {
+        overrideGpg = true;
+      };
      gui = {
        theme = {
          activeBorderColor = [
--- a/home-manager/modules/ssh.nix
+++ b/home-manager/modules/ssh.nix
@ -52,7 +52,7 @@
        port = 2222;
      };
      "onedev" = {
-        hostname = "git.gwg313.xyz";
+        hostname = "10.1.10.3";
        user = "git";
        identityFile = "/home/gwg313/.ssh/onedev/id_ed25519";
        port = 2222;
--- a/hosts/candlekeep/syncthing.nix
+++ b/hosts/candlekeep/syncthing.nix
@ -50,6 +50,30 @@
            };
          };
        };
+
+        "password-store" = {
+          path = "/home/gwg313/.local/share/password-store";
+          devices = [ "grymforge" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              cleanInterval = "3600";
+              maxAge = "15768000";
+            };
+          };
+        };
+        "ssh-keys" = {
+          path = "/home/gwg313/.ssh";
+          devices = [ "grymforge" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              cleanInterval = "3600";
+              maxAge = "15768000";
+            };
+          };
+        };
+
      };
    };
  };
--- a/hosts/grymforge/syncthing.nix
+++ b/hosts/grymforge/syncthing.nix
@ -51,6 +51,28 @@
            };
          };
        };
+        "password-store" = {
+          path = "/home/gwg313/.local/share/password-store";
+          devices = [ "candlekeep" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              cleanInterval = "3600";
+              maxAge = "15768000";
+            };
+          };
+        };
+        "ssh-keys" = {
+          path = "/home/gwg313/.ssh";
+          devices = [ "candlekeep" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              cleanInterval = "3600";
+              maxAge = "15768000";
+            };
+          };
+        };
      };
    };
  };
--- a/hosts/seikan/routes.nix
+++ b/hosts/seikan/routes.nix
@ -33,6 +33,24 @@
              url = "https://scholarsome.zerotier.gwg313.xyz";
            }
          ];
+
+          pastebin_zt.loadBalancer.servers = [
+            {
+              url = "https://pastebin.zerotier.gwg313.xyz";
+            }
+          ];
+
+          snippets_zt.loadBalancer.servers = [
+            {
+              url = "https://snippets.zerotier.gwg313.xyz";
+            }
+          ];
+
+          git_zt.loadBalancer.servers = [
+            {
+              url = "https://git.zerotier.gwg313.xyz";
+            }
+          ];
        };

        routers = {
@ -77,6 +95,29 @@
            middlewares = [ "headers" ];
          };

+          pastebin_zt = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`pastebin.gwg313.xyz`)";
+            service = "pastebin_zt";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+          snippets_zt = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`snippets.gwg313.xyz`)";
+            service = "snippets_zt";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          git_zt = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`git.gwg313.xyz`)";
+            service = "git_zt";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
        };
      };
    };
--- a/hosts/seikan/traefik.nix
+++ b/hosts/seikan/traefik.nix
@ -13,6 +13,12 @@
    group = config.users.users.traefik.group;
  };

+  sops.secrets.basic-auth = {
+    mode = "0440";
+    owner = config.users.users.traefik.name;
+    group = config.users.users.traefik.group;
+  };
+
  systemd.services.traefik.environment = {
    CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}";
  };
@ -69,10 +75,10 @@
      http = {
        routers = {
          dashboard = {
-            rule = "Host(`monitor.local.gwg313.xyz`)";
+            rule = "Host(`monitor.gwg313.xyz`)";
            service = "api@internal";
            middlewares = [
-              # "auth"
+              "auth"
              "headers"
            ];
            entrypoints = [ "websecure" ];
@ -82,6 +88,11 @@
          };
        };
        middlewares = {
+          auth = {
+            basicAuth = {
+              usersFile = "${config.sops.secrets.basic-auth.path}";
+            };
+          };
          headers = {
            headers = {
              browserxssfilter = true;
--- a/hosts/seikan/zerotier.nix
+++ b/hosts/seikan/zerotier.nix
@ -16,5 +16,8 @@
    10.147.17.246 recipes.zerotier.gwg313.xyz
    10.147.17.246 scholarsome.zerotier.gwg313.xyz
    10.147.17.246 bookmarks.zerotier.gwg313.xyz
+    10.147.17.246 pastebin.zerotier.gwg313.xyz
+    10.147.17.246 snippets.zerotier.gwg313.xyz
+    10.147.17.246 git.zerotier.gwg313.xyz
  '';
 }
--- a/hosts/waypoint/routes.nix
+++ b/hosts/waypoint/routes.nix
@ -46,6 +46,30 @@
            middlewares = [ "headers" ];
          };

+          pastebin = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`pastebin.gwg313.xyz`)";
+            service = "pastebin_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          snippets = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`snippets.gwg313.xyz`)";
+            service = "snippets_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          git = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`git.gwg313.xyz`)";
+            service = "git_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
        };
      };
    };
--- a/hosts/waypoint/routes_local.nix
+++ b/hosts/waypoint/routes_local.nix
@ -61,6 +61,29 @@
            middlewares = [ "headers" ];
          };

+          privatebin_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`pastebin.local.gwg313.xyz`)";
+            service = "pastebin_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          snippets_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`snippets.local.gwg313.xyz`)";
+            service = "snippets_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          git_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`git.local.gwg313.xyz`)";
+            service = "git_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
        };
      };
    };
--- a/hosts/waypoint/routes_zerotier.nix
+++ b/hosts/waypoint/routes_zerotier.nix
@ -46,6 +46,29 @@
            middlewares = [ "headers" ];
          };

+          pastebin_zerotier = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`pastebin.zerotier.gwg313.xyz`)";
+            service = "pastebin_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+          snippets_zerotier = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`snippets.zerotier.gwg313.xyz`)";
+            service = "snippets_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          git_zerotier = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`git.zerotier.gwg313.xyz`)";
+            service = "git_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
        };
      };
    };
--- a/hosts/waypoint/services.nix
+++ b/hosts/waypoint/services.nix
@ -50,6 +50,22 @@
              url = "http://10.1.10.3:30099";
            }
          ];
+
+          pastebin_local.loadBalancer.servers = [
+            {
+              url = "http://10.1.10.3:32090";
+            }
+          ];
+          snippets_local.loadBalancer.servers = [
+            {
+              url = "http://10.1.10.3:31111";
+            }
+          ];
+          git_local.loadBalancer.servers = [
+            {
+              url = "http://10.1.10.3:32221";
+            }
+          ];
        };

      };
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -1,6 +1,7 @@
 restic_key: ENC[AES256_GCM,data:DzpWvFP5gyhrnLVIYgu9ouotWqkOAHehihSKf/TqJE+sHTD4vnIScfhzoKzdkoDoWfkcmQ==,iv:q83qNYuP/3mngvg+kUfOVToogL8VTvZ6HiGIztpnP/s=,tag:YNWwbma0HmPKqYCS1L5kQQ==,type:str]
 wireless.env: ENC[AES256_GCM,data:/5i0Kv+VFTtVpaD7tfO2ahePu20eYkUYAqoh39PA2aoMWywLddQEQy4arj2Nvcw8hsRk760Kiq4wz3c23dPDqy7rU980NF2RaP4ODMIiQISfYeQP9coD84JhlnSTW+7EkhV520naqJgIYY0IsA8OxR/5euyFMHOL75FKnBh1ILY2DPSsJNG2m2ldw+US7E+7r4REl8tDqKfCIL5tznmbVTbPrer7cwrXe+ScFaholmqSntaB06yIIO3yr88TmE6EXF6oLCXU,iv:DPOqx7M7E83+DYjGFPZy44cxrta/3953IDjXL40rLAc=,tag:KmYBpQKgshMSgxnC96T1bQ==,type:str]
 cf-api-token: ENC[AES256_GCM,data:7FJtAEOdYnUpGqs5r3pNIkY+lsqn2wtRhyIGXD5G7in3U3Tt8CTn5g==,iv:61kKxSYk54NqvhNn4xZZ2Gec7p/93dAN+VWBqF5OSQQ=,tag:5yzcHjGzhD8KX2FgL+xK/Q==,type:str]
+basic-auth: ENC[AES256_GCM,data:/YSAcTnyvM4sjj3cc46YwkXGeP3yG2MHctza+kDuRaNXb8ABMFofUHU6KuifTpsmUWwPQ4BPdamv+JC9ee8tsWRMxw==,iv:CUE70AISBOdYDLUXGAnIPT4t4tOugHWLlCLE6YxTkjM=,tag:MnyHoQCHaTbYjp/jrbWEcg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -16,8 +17,8 @@ sops:
            US9oa0pORXRVWWlyYlZZTGhXdTdOaWsKClqIK/YNJIIGFqOO0t4oni8dRTTXQniG
            ioIwAOdEgE/n0vcYhHXxLxWlTeqGZF076g7EFfIqiSNqrDtacRnazg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-29T02:27:53Z"
-    mac: ENC[AES256_GCM,data:1oaHYYkeUbXlqsjS+o7LJjrYok7eslNpiDloEgi1R0G8IedRB4yCTWbKCScjIu6IMeFG/9dWA2ovaRCAjXzo1cgXAPOKKvumSBZxxXIY/EpPVWqYXsJVbXK+G5ZFSTJ7HzSFeZz2do3fNGcBL9jAcSykVIUZlZGym+Ap7yjHeeI=,iv:xQmctJshh4Wm8z6lMAvyV0KoQoM0cbesx+IWoyve2LQ=,tag:4VQDzdGpPcGFy6hvq82XZg==,type:str]
+    lastmodified: "2025-03-31T17:31:58Z"
+    mac: ENC[AES256_GCM,data:PGFoJSMR/W3taIMtXbavI/9elQBHrwliZsCdRbAUx++LBow8R86gq2xZN+KmgAhqV7gxa+2vfEAs/WQB7tGD1BAxUNNwb3up7CzzoZjlQG5WaHU9JiAERB5dFSYqS47faAOdkEr+MZWF42nO2DoA4PImtCBAaQLnAgO+AI6eG4I=,iv:b3AWusxwWvZwRFj7F8F00jx7Do/QnnzJpwJtUNmam/8=,tag:drPhuuPdW24AH8bH9y0YNA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4