diff --git a/flake.lock b/flake.lock index 5a102b8..a627056 100644 --- a/flake.lock +++ b/flake.lock @@ -232,7 +232,7 @@ "git-hooks": [ "devenv" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1737621947, @@ -249,10 +249,32 @@ "type": "github" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "stable": "stable" + }, + "locked": { + "lastModified": 1739900653, + "narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, "devenv": { "inputs": { "cachix": "cachix", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", "nix": "nix", "nixpkgs": [ @@ -260,11 +282,11 @@ ] }, "locked": { - "lastModified": 1742320965, - "narHash": "sha256-jGAhz2VD/TR8RQS5cUU2Jh8T0yyP50bw75dmHByLZpE=", + "lastModified": 1742931579, + "narHash": "sha256-FUru0FYrHekRpSQW+QazYIdhcU2pnGOvy+YpYnGt5IE=", "owner": "cachix", "repo": "devenv", - "rev": "6bde92766ddd3ee1630029a03d36baddd51934e2", + "rev": "d15c0bd7389fe6e49a8dd487c734ed7cf76cb1fe", "type": "github" }, "original": { @@ -293,11 +315,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -309,11 +331,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -339,20 +361,6 @@ } }, "flake-compat_4": { - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_5": { "flake": false, "locked": { "lastModified": 1696426674, @@ -368,7 +376,37 @@ "type": "github" } }, + "flake-compat_5": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -383,7 +421,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1696426674, @@ -465,6 +503,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_5" }, @@ -482,7 +535,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": [ "stylix", @@ -503,7 +556,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_7" }, @@ -747,11 +800,11 @@ ] }, "locked": { - "lastModified": 1742326330, - "narHash": "sha256-Tumt3tcMXJniSh7tw2gW+WAnVLeB3WWm+E+yYFnLBXo=", + "lastModified": 1742957044, + "narHash": "sha256-gwW0tBIA77g6qq45y220drTy0DmThF3fJMwVFUtYV9c=", "owner": "nix-community", "repo": "home-manager", - "rev": "22a36aa709de7dd42b562a433b9cefecf104a6ee", + "rev": "ce287a5cd3ef78203bc78021447f937a988d9f6f", "type": "github" }, "original": { @@ -914,17 +967,17 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems", "xdph": "xdph" }, "locked": { - "lastModified": 1742402960, - "narHash": "sha256-skKoZd9SEXnxNlddPSuPS3J4cUUZ+Pt5ZnAMvimQXoQ=", + "lastModified": 1742952129, + "narHash": "sha256-A/62kt6kxVvD6PSpZrUDXqZRfN/ScBo1W/KlX2ZMOIo=", "ref": "refs/heads/main", - "rev": "a25a214523dbb8fa25862a3f1570665cdb3db6e2", - "revCount": 5909, + "rev": "3fc3521a97eba0fa67da80f17ae7872b1073f08d", + "revCount": 5932, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -1166,7 +1219,7 @@ "hyprlang": "hyprlang_3", "hyprutils": "hyprutils_4", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "pre-commit-hooks": "pre-commit-hooks_2", "systems": [ "hyprspace", @@ -1280,14 +1333,14 @@ "hyprpanel": { "inputs": { "ags": "ags_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1742402033, - "narHash": "sha256-aaBdTUJIAo9LBPpjNX96AoAi0H+O/oW8o+7SCVBAzXI=", + "lastModified": 1742881618, + "narHash": "sha256-4C5Zzo4S9zD+4ZL7MKLE7FqJEMVkOTvfIV9uEBQ8fDY=", "owner": "Jas-SinghFSU", "repo": "HyprPanel", - "rev": "3a5ad2a1db420f0238895f2cb1ff64acd0d2cc54", + "rev": "7b5c339e9363187e249fa2f6eadbb295b0e8c6ff", "type": "github" }, "original": { @@ -1300,7 +1353,7 @@ "inputs": { "hyprland-qt-support": "hyprland-qt-support_2", "hyprutils": "hyprutils_3", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "systems": "systems_2" }, "locked": { @@ -1323,11 +1376,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1741933157, - "narHash": "sha256-HEWIQ1SgUTnc964oDsi68rQQug57BqbdUYqZvr3Ep0A=", + "lastModified": 1742767019, + "narHash": "sha256-FdyHDbf31jl5rIU7IQtBVTbZ1ojGrrp5aFaRrE2819s=", "owner": "KZDKM", "repo": "Hyprspace", - "rev": "c3cf91bdb6a912f9d2c2779deebdf23385fd659a", + "rev": "5b62529c2011ede6069445de9b5b3f8a1f10ecfe", "type": "github" }, "original": { @@ -1545,7 +1598,7 @@ ], "flake-parts": "flake-parts", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-23-11": [ "devenv" ], @@ -1571,6 +1624,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -1578,11 +1652,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "type": "github" }, "original": { @@ -1593,17 +1667,17 @@ }, "nixcord": { "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_8", + "flake-compat": "flake-compat_5", + "nixpkgs": "nixpkgs_9", "systems": "systems_4", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742251239, - "narHash": "sha256-QH61lUWvO7jkZAzsgBJtyjmX5/UozZcSZQxOl10jVk4=", + "lastModified": 1742915532, + "narHash": "sha256-LJ9rlcyOyL4RIG5FgOG8FhCnoJrh83Wqu5yOQkGe0Z0=", "owner": "kaylorben", "repo": "nixcord", - "rev": "d7f44d000158fa46af9fae1819d8221d1ccb4ca2", + "rev": "eb7f65e995720ccde1928fedad335fd468bc152a", "type": "github" }, "original": { @@ -1628,13 +1702,29 @@ "type": "github" } }, + "nixpkgs-24_05": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -1646,11 +1736,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -1662,11 +1752,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1742272065, - "narHash": "sha256-ud8vcSzJsZ/CK+r8/v0lyf4yUntVmDq6Z0A41ODfWbE=", + "lastModified": 1742800061, + "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3549532663732bfd89993204d40543e9edaec4f2", + "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", "type": "github" }, "original": { @@ -1678,11 +1768,11 @@ }, "nixpkgs_12": { "locked": { - "lastModified": 1741865919, - "narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=", + "lastModified": 1742578646, + "narHash": "sha256-GiQ40ndXRnmmbDZvuv762vS+gew1uDpFwOfgJ8tLiEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a", + "rev": "94c4dbe77c0740ebba36c173672ca15a7926c993", "type": "github" }, "original": { @@ -1710,11 +1800,11 @@ }, "nixpkgs_14": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -1725,6 +1815,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -1740,7 +1846,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -1756,13 +1862,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -1772,7 +1878,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1736344531, "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", @@ -1788,7 +1894,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1737469691, "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", @@ -1804,7 +1910,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1739020877, "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", @@ -1820,33 +1926,17 @@ "type": "github" } }, - "nixpkgs_8": { - "locked": { - "lastModified": 1742169275, - "narHash": "sha256-nkH2Edu9rClcsQp2PYBe8E6fp8LDPi2uDBQ6wyMdeXI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5d9b5431f967007b3952c057fc92af49a4c5f3b2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_9": { "locked": { - "lastModified": 1735554305, - "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", - "owner": "nixos", + "lastModified": 1742800061, + "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd", + "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" @@ -1859,11 +1949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1742396414, - "narHash": "sha256-e9Uv44rVDAG2ohNejttl9Pq5r4dxIzWxt+1hvKTQK5E=", + "lastModified": 1742916868, + "narHash": "sha256-2eN75OsaNpL3FzAs3hz9Xm3+htIP3iLdfRP6PGfOoS8=", "owner": "nix-community", "repo": "nixvim", - "rev": "d79c291d5d80d587d518e0f530cc55adb0638c80", + "rev": "6b95b825529aa2d8536f7684fe64382ef4d15d84", "type": "github" }, "original": { @@ -1897,7 +1987,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -1905,11 +1995,11 @@ ] }, "locked": { - "lastModified": 1741886583, - "narHash": "sha256-sScfYKtxp3CYv5fJcHQDvQjqBL+tPNQqS9yf9Putd+s=", + "lastModified": 1742659553, + "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=", "owner": "NuschtOS", "repo": "search", - "rev": "2974bc5fa3441a319fba943f3ca41f7dcd1a1467", + "rev": "508752835128a3977985a4d5225ff241f7756181", "type": "github" }, "original": { @@ -1920,7 +2010,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "gitignore": "gitignore_2", "nixpkgs": [ "hyprland", @@ -1928,11 +2018,11 @@ ] }, "locked": { - "lastModified": 1742058297, - "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -1943,7 +2033,7 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gitignore": "gitignore_3", "nixpkgs": [ "hyprspace", @@ -1967,18 +2057,18 @@ }, "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1742300892, - "narHash": "sha256-QmF0proyjXI9YyZO9GZmc7/uEu5KVwCtcdLsKSoxPAI=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ea26a82dda75bee6783baca6894040c8e6599728", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -1990,6 +2080,7 @@ "root": { "inputs": { "ags": "ags", + "colmena": "colmena", "devenv": "devenv", "home-manager": "home-manager", "hyprland": "hyprland", @@ -1999,6 +2090,7 @@ "nix-index-database": "nix-index-database", "nixcord": "nixcord", "nixpkgs": "nixpkgs_10", + "nixpkgs-24_05": "nixpkgs-24_05", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "pre-commit-hooks": "pre-commit-hooks_3", @@ -2011,11 +2103,11 @@ }, "secrets": { "locked": { - "lastModified": 1742622103, - "narHash": "sha256-eYKgwqm7jkoxzaSuvLSQq78L4ks4gtEQF8BkTt9an7k=", + "lastModified": 1743305321, + "narHash": "sha256-2H42Qu7PRCeFe/asA5sq4SeD5IM0YXbkYnU51AaUChw=", "ref": "refs/heads/main", - "rev": "13c13466e8aa371bf8cb53f0f36fb0e086294f45", - "revCount": 2, + "rev": "7faa37e94383c6846f8a1a0192369e74d787eccb", + "revCount": 4, "type": "git", "url": "ssh://git@github.com/gwg313/nixos-secrets.git" }, @@ -2029,11 +2121,11 @@ "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1742406979, - "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -2042,6 +2134,22 @@ "type": "github" } }, + "stable": { + "locked": { + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -2049,8 +2157,8 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_6", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_7", + "flake-utils": "flake-utils_3", "git-hooks": "git-hooks_2", "gnome-shell": "gnome-shell", "home-manager": "home-manager_2", @@ -2066,11 +2174,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1742406729, - "narHash": "sha256-k03W8/GTJlCTtf5UaC4PIKSwTVQ3d3farweYvpkb53M=", + "lastModified": 1742926290, + "narHash": "sha256-63joFDrDekkI8papsDPwObKCCYSZ7t/1t94M398BxLY=", "owner": "danth", "repo": "stylix", - "rev": "ccb411c5db16341455d82d955fef4db9985741a6", + "rev": "61a5f77f2202f3a79797089752713e16b1ab5b10", "type": "github" }, "original": { @@ -2081,17 +2189,17 @@ }, "superfile": { "inputs": { - "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_3", + "flake-compat": "flake-compat_8", + "flake-utils": "flake-utils_4", "gomod2nix": "gomod2nix", "nixpkgs": "nixpkgs_13" }, "locked": { - "lastModified": 1742229245, - "narHash": "sha256-Mno0aoVkURC3mSfsEVbPxNS0c8PAObYvdHBq4yUPxq4=", + "lastModified": 1742951573, + "narHash": "sha256-Sbe2mWbThDwFk6qIq3TiXZZj8GpQCHxPD1UL+Kkj70o=", "owner": "MHNightCat", "repo": "superfile", - "rev": "1f0ab010c8e4c6f7d472a9a9c18e0747e3ccd654", + "rev": "74c1cc6129e78440b9c9a7ea7d40d03bc28e0533", "type": "github" }, "original": { @@ -2288,14 +2396,17 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": [ + "nixcord", + "nixpkgs" + ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742370146, + "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808", "type": "github" }, "original": { @@ -2419,11 +2530,11 @@ "nixpkgs": "nixpkgs_14" }, "locked": { - "lastModified": 1742375121, - "narHash": "sha256-wIRU5K0TdEKr7RMNNIjtYYebcO4isaoYLctaftdurQs=", + "lastModified": 1742602442, + "narHash": "sha256-jwOKx/hQZONnlRvCRmV0KUj/98S8okScWRgWNGsV3yQ=", "ref": "refs/heads/main", - "rev": "bb095cab6c476742d60602eac636057e32073f2e", - "revCount": 80, + "rev": "1d0b9424a10f78d2bcf056f36ad21cd11a01ed3e", + "revCount": 81, "type": "git", "url": "https://git.sr.ht/~canasta/zen-browser-flake/" }, diff --git a/flake.nix b/flake.nix index 323ba8f..1125731 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ # at the same time. Here's an working example: nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Also see the 'unstable-packages' overlay at 'overlays/default.nix'. + nixpkgs-24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; secrets.url = "git+ssh://git@github.com/gwg313/nixos-secrets.git"; hyprpolkitagent.url = "github:hyprwm/hyprpolkitagent"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; @@ -59,6 +60,7 @@ pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; + colmena.url = "github:zhaofengli/colmena"; }; outputs = @@ -66,6 +68,7 @@ self, nixpkgs, home-manager, + colmena, ... }@inputs: let @@ -82,6 +85,7 @@ # pass to it, with each system as an argument forAllSystems = nixpkgs.lib.genAttrs systems; user = "gwg313"; + in { # Your custom packages @@ -201,5 +205,32 @@ ]; }; }; + + # colmena managed systems + colmenaHive = colmena.lib.makeHive self.outputs.colmena; + colmena = { + meta = { + specialArgs = { + inherit user inputs outputs; + }; + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + }; + }; + + waypoint = { + deployment = { + targetHost = "waypoint"; # <- defined in ~/.ssh/config + }; + imports = [ ./hosts/waypoint/configuration.nix ]; + }; + + seikan = { + deployment = { + targetHost = "seikan"; # <- defined in ~/.ssh/config + }; + imports = [ ./hosts/seikan/configuration.nix ]; + }; + }; }; } diff --git a/hosts/seikan/configuration.nix b/hosts/seikan/configuration.nix new file mode 100644 index 0000000..66bb616 --- /dev/null +++ b/hosts/seikan/configuration.nix @@ -0,0 +1,119 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + modulesPath, + lib, + inputs, + ... +}: + +let + ## Pin the latest NixOS stable (nixos-24.05) release: + nixpkgs-src = builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/797f7dc49e0bc7fab4b57c021cdf68f595e47841.tar.gz"; + sha256 = "sha256:0q96nxw7jg9l9zlpa3wkma5xzmgkdnnajapwhgb2fk2ll224rgs1"; + }; +in +{ + # sops + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "/home/gwg313/.config/sops/age/keys.txt"; + }; + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + + ./traefik.nix + ./zerotier.nix + ../../common/nixos/ssh/default.nix + inputs.sops-nix.nixosModules.sops + ]; + + ssh.enable = true; + ssh_guard.enable = true; + ssh_client.enable = false; + services.openssh.authorizedKeysFiles = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + services.openssh.settings = { + PermitRootLogin = lib.mkForce "yes"; + + AllowUsers = lib.mkForce [ + "gwg313" + "root" + ]; + }; + + users.users.gwg313 = { + isNormalUser = true; + description = "gwg313"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ ]; + }; + + users.users = { + root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + }; + }; + + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. + time.timeZone = "America/Toronto"; + # Select internationalisation properties. + i18n.defaultLocale = "en_CA.UTF-8"; + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + # Define a user account. Don't forget to set a password with ‘passwd’. + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + # List services that you want to enable: + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/hosts/seikan/routes.nix b/hosts/seikan/routes.nix new file mode 100644 index 0000000..f673538 --- /dev/null +++ b/hosts/seikan/routes.nix @@ -0,0 +1,85 @@ +{ + services.traefik = { + dynamicConfigOptions = { + http = { + services = { + + music_zt.loadBalancer.servers = [ + { + url = "https://music.zerotier.gwg313.xyz"; + } + ]; + + audiobooks_zt.loadBalancer.servers = [ + { + url = "https://audiobooks.zerotier.gwg313.xyz"; + } + ]; + + recipes_zt.loadBalancer.servers = [ + { + url = "https://recipes.zerotier.gwg313.xyz"; + } + ]; + + bookmarks_zt.loadBalancer.servers = [ + { + url = "https://bookmarks.zerotier.gwg313.xyz"; + } + ]; + + scholarsome_zt.loadBalancer.servers = [ + { + url = "https://scholarsome.zerotier.gwg313.xyz"; + } + ]; + }; + + routers = { + + music_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`music.gwg313.xyz`)"; + service = "music_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + audiobooks_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`audiobooks.gwg313.xyz`)"; + service = "audiobooks_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + recipes_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`recipes.gwg313.xyz`)"; + service = "recipes_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + bookmarks_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`bookmarks.gwg313.xyz`)"; + service = "bookmarks_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + scholarsome_zt = { + entryPoints = [ "websecure" ]; + rule = "Host(`scholarsome.gwg313.xyz`)"; + service = "scholarsome_zt"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + }; + }; + }; + }; + +} diff --git a/hosts/seikan/traefik.nix b/hosts/seikan/traefik.nix new file mode 100644 index 0000000..7619744 --- /dev/null +++ b/hosts/seikan/traefik.nix @@ -0,0 +1,115 @@ +# Traefik +{ + config, + ... +}: +{ + imports = [ + ./routes.nix + ]; + sops.secrets.cf-api-token = { + mode = "0440"; + owner = config.users.users.traefik.name; + group = config.users.users.traefik.group; + }; + + systemd.services.traefik.environment = { + CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}"; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + services.traefik = { + enable = true; + staticConfigOptions = { + serversTransport = { + insecureSkipVerify = true; + }; + entryPoints = { + web = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + websecure = { + address = ":443"; + http = { + tls = { + options = "default"; + }; + }; + }; + }; + api = { + dashboard = true; + }; + certificatesResolvers = { + le = { + acme = { + email = "glen.goodwin@protonmail.com"; + storage = "/var/lib/traefik/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ "1.1.1.1:53" ]; + }; + }; + }; + }; + }; + dynamicConfigOptions = { + http = { + routers = { + dashboard = { + rule = "Host(`monitor.local.gwg313.xyz`)"; + service = "api@internal"; + middlewares = [ + # "auth" + "headers" + ]; + entrypoints = [ "websecure" ]; + tls = { + certResolver = "le"; + }; + }; + }; + middlewares = { + headers = { + headers = { + browserxssfilter = true; + contenttypenosniff = true; + customframeoptionsvalue = "SAMEORIGIN"; + forcestsheader = true; + framedeny = true; + sslhost = "gwg313.xyz"; + sslredirect = true; + stsincludesubdomains = true; + stspreload = true; + stsseconds = "315360000"; + }; + }; + }; + }; + tls = { + options = { + default = { + minVersion = "VersionTLS13"; + sniStrict = true; + curvePreferences = [ + "CurveP521" + "CurveP384" + ]; + }; + }; + }; + }; + }; +} diff --git a/hosts/seikan/zerotier.nix b/hosts/seikan/zerotier.nix new file mode 100644 index 0000000..9cf586e --- /dev/null +++ b/hosts/seikan/zerotier.nix @@ -0,0 +1,20 @@ +{ + inputs, + ... +}: +{ + services.zerotierone = { + joinNetworks = [ + inputs.secrets.zerotier.infra + ]; + enable = true; + }; + + networking.extraHosts = '' + 10.147.17.246 audiobooks.zerotier.gwg313.xyz + 10.147.17.246 music.zerotier.gwg313.xyz + 10.147.17.246 recipes.zerotier.gwg313.xyz + 10.147.17.246 scholarsome.zerotier.gwg313.xyz + 10.147.17.246 bookmarks.zerotier.gwg313.xyz + ''; +} diff --git a/hosts/waypoint/cloudflared.nix b/hosts/waypoint/cloudflared.nix new file mode 100644 index 0000000..b42e70e --- /dev/null +++ b/hosts/waypoint/cloudflared.nix @@ -0,0 +1,19 @@ +{ + services = { + cloudflared = { + enable = true; + tunnels = { + "4d40bf21-d8ef-4a71-8fb7-e4f24bb8b0cf" = { + credentialsFile = "/home/gwg313/.cloudflared/4d40bf21-d8ef-4a71-8fb7-e4f24bb8b0cf.json"; + default = "http_status:404"; + ingress = { + "*.gwg313.xyz" = { + service = "http://localhost"; + # path = "/*.(jpg|png|css|js)"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/waypoint/configuration.nix b/hosts/waypoint/configuration.nix new file mode 100644 index 0000000..48d9c80 --- /dev/null +++ b/hosts/waypoint/configuration.nix @@ -0,0 +1,114 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + lib, + inputs, + ... +}: +{ + # sops + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "/home/gwg313/.config/sops/age/keys.txt"; + }; + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./traefik.nix + ./zerotier.nix + ../../common/nixos/ssh/default.nix + inputs.sops-nix.nixosModules.sops + ]; + + ssh.enable = true; + ssh_guard.enable = true; + ssh_client.enable = false; + services.openssh.authorizedKeysFiles = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + services.openssh.settings = { + PermitRootLogin = lib.mkForce "yes"; + + AllowUsers = lib.mkForce [ + "gwg313" + "root" + ]; + }; + + users.users.gwg313 = { + isNormalUser = true; + description = "gwg313"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ ]; + }; + + users.users = { + root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me" + ]; + }; + }; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = true; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. + time.timeZone = "America/Toronto"; + # Select internationalisation properties. + i18n.defaultLocale = "en_CA.UTF-8"; + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + # Define a user account. Don't forget to set a password with ‘passwd’. + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + # List services that you want to enable: + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/hosts/waypoint/hardware-configuration.nix b/hosts/waypoint/hardware-configuration.nix new file mode 100644 index 0000000..677a528 --- /dev/null +++ b/hosts/waypoint/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/disk/by-uuid/0692e3c0-aa34-4a5a-aaa5-c13f55783570"; + fsType = "ext4"; + }; + swapDevices = [ ]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/waypoint/routes.nix b/hosts/waypoint/routes.nix new file mode 100644 index 0000000..4e6b096 --- /dev/null +++ b/hosts/waypoint/routes.nix @@ -0,0 +1,54 @@ +{ + imports = [ + ./services.nix + ]; + services.traefik = { + dynamicConfigOptions = { + http = { + routers = { + + music = { + entryPoints = [ "websecure" ]; + rule = "Host(`music.gwg313.xyz`)"; + service = "music_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + recipes = { + entryPoints = [ "websecure" ]; + rule = "Host(`recipes.gwg313.xyz`)"; + service = "recipes_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + audiobooks = { + entryPoints = [ "websecure" ]; + rule = "Host(`audiobooks.gwg313.xyz`)"; + service = "audiobooks_local"; + tls.certResolver = "le"; + middlewares = [ ]; + }; + scholarsome = { + entryPoints = [ "websecure" ]; + rule = "Host(`scholarsome.gwg313.xyz`)"; + service = "scholarsome_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + bookmarks = { + entryPoints = [ "websecure" ]; + rule = "Host(`bookmarks.gwg313.xyz`)"; + service = "bookmarks_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + }; + }; + }; + }; + +} diff --git a/hosts/waypoint/routes_local.nix b/hosts/waypoint/routes_local.nix new file mode 100644 index 0000000..ec3304e --- /dev/null +++ b/hosts/waypoint/routes_local.nix @@ -0,0 +1,69 @@ +{ + imports = [ + ./services.nix + ]; + services.traefik = { + dynamicConfigOptions = { + http = { + routers = { + + arcocd_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`argocd.local.gwg313.xyz`)"; + service = "argocd_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + music_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`music.local.gwg313.xyz`)"; + service = "music_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + pinchflat_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`pinchflat.local.gwg313.xyz`)"; + service = "pinchflat_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + proxmox_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`proxmox.local.gwg313.xyz`)"; + service = "proxmox_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + recipes_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`recipes.local.gwg313.xyz`)"; + service = "recipes_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + audiobooks_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`audiobooks.local.gwg313.xyz`)"; + service = "audiobooks_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + scholarsome_local = { + entryPoints = [ "websecure" ]; + rule = "Host(`scholarsome.local.gwg313.xyz`)"; + service = "scholarsome_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + }; + }; + }; + }; + +} diff --git a/hosts/waypoint/routes_zerotier.nix b/hosts/waypoint/routes_zerotier.nix new file mode 100644 index 0000000..3ec8f84 --- /dev/null +++ b/hosts/waypoint/routes_zerotier.nix @@ -0,0 +1,54 @@ +{ + imports = [ + ./services.nix + ]; + services.traefik = { + dynamicConfigOptions = { + http = { + routers = { + + music_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`music.zerotier.gwg313.xyz`)"; + service = "music_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + recipes_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`recipes.zerotier.gwg313.xyz`)"; + service = "recipes_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + audiobooks_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`audiobooks.zerotier.gwg313.xyz`)"; + service = "audiobooks_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + scholarsome_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`scholarsome.zerotier.gwg313.xyz`)"; + service = "scholarsome_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + bookmarks_zerotier = { + entryPoints = [ "websecure" ]; + rule = "Host(`bookmarks.zerotier.gwg313.xyz`)"; + service = "bookmarks_local"; + tls.certResolver = "le"; + middlewares = [ "headers" ]; + }; + + }; + }; + }; + }; + +} diff --git a/hosts/waypoint/services.nix b/hosts/waypoint/services.nix new file mode 100644 index 0000000..fa5a143 --- /dev/null +++ b/hosts/waypoint/services.nix @@ -0,0 +1,58 @@ +{ + services.traefik = { + dynamicConfigOptions = { + http = { + services = { + + argocd_local.loadBalancer.servers = [ + { + url = "https://10.1.10.3:30007"; + } + ]; + music_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30033"; + } + ]; + + pinchflat_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30001"; + } + ]; + + proxmox_local.loadBalancer.servers = [ + { + url = "https://10.1.10.2:8006"; + } + ]; + + recipes_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30000"; + } + ]; + + audiobooks_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30080"; + } + ]; + + scholarsome_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30123"; + } + ]; + + bookmarks_local.loadBalancer.servers = [ + { + url = "http://10.1.10.3:30099"; + } + ]; + }; + + }; + }; + }; +} diff --git a/hosts/waypoint/traefik.nix b/hosts/waypoint/traefik.nix new file mode 100644 index 0000000..ff57c67 --- /dev/null +++ b/hosts/waypoint/traefik.nix @@ -0,0 +1,117 @@ +# Traefik +{ + config, + ... +}: +{ + imports = [ + ./routes_local.nix + ./routes_zerotier.nix + ./routes.nix + ]; + sops.secrets.cf-api-token = { + mode = "0440"; + owner = config.users.users.traefik.name; + group = config.users.users.traefik.group; + }; + + systemd.services.traefik.environment = { + CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}"; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + services.traefik = { + enable = true; + staticConfigOptions = { + serversTransport = { + insecureSkipVerify = true; + }; + entryPoints = { + web = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + websecure = { + address = ":443"; + http = { + tls = { + options = "default"; + }; + }; + }; + }; + api = { + dashboard = true; + }; + certificatesResolvers = { + le = { + acme = { + email = "glen.goodwin@protonmail.com"; + storage = "/var/lib/traefik/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ "1.1.1.1:53" ]; + }; + }; + }; + }; + }; + dynamicConfigOptions = { + http = { + routers = { + dashboard = { + rule = "Host(`monitor.local.gwg313.xyz`)"; + service = "api@internal"; + middlewares = [ + # "auth" + "headers" + ]; + entrypoints = [ "websecure" ]; + tls = { + certResolver = "le"; + }; + }; + }; + middlewares = { + headers = { + headers = { + browserxssfilter = true; + contenttypenosniff = true; + customframeoptionsvalue = "SAMEORIGIN"; + forcestsheader = true; + framedeny = true; + sslhost = "gwg313.xyz"; + sslredirect = true; + stsincludesubdomains = true; + stspreload = true; + stsseconds = "315360000"; + }; + }; + }; + }; + tls = { + options = { + default = { + minVersion = "VersionTLS13"; + sniStrict = true; + curvePreferences = [ + "CurveP521" + "CurveP384" + ]; + }; + }; + }; + }; + }; +} diff --git a/hosts/waypoint/zerotier.nix b/hosts/waypoint/zerotier.nix new file mode 100644 index 0000000..061d05d --- /dev/null +++ b/hosts/waypoint/zerotier.nix @@ -0,0 +1,9 @@ +{ inputs, ... }: +{ + services.zerotierone = { + joinNetworks = [ + inputs.secrets.zerotier.infra + ]; + enable = true; + }; +}