gwg313/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add new machines

Browse source 
colmena managed nix server for reverse proxy
This commit is contained in:
gwg313 2025-03-30 22:49:43 -04:00
parent f49789d618
commit 649f32545a
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
15 changed files with 1152 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

389
flake.lock generated
View file

@ -232,7 +232,7 @@
"git-hooks": [ "git-hooks": [
"devenv" "devenv"
], ],
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1737621947, "lastModified": 1737621947,
@ -249,10 +249,32 @@
"type": "github" "type": "github"
} }
}, },
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"stable": "stable"
},
"locked": {
"lastModified": 1739900653,
"narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"devenv": { "devenv": {
"inputs": { "inputs": {
"cachix": "cachix", "cachix": "cachix",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"nix": "nix", "nix": "nix",
"nixpkgs": [ "nixpkgs": [
@ -260,11 +282,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742320965, "lastModified": 1742931579,
"narHash": "sha256-jGAhz2VD/TR8RQS5cUU2Jh8T0yyP50bw75dmHByLZpE=", "narHash": "sha256-FUru0FYrHekRpSQW+QazYIdhcU2pnGOvy+YpYnGt5IE=",
"owner": "cachix", "owner": "cachix",
"repo": "devenv", "repo": "devenv",
"rev": "6bde92766ddd3ee1630029a03d36baddd51934e2", "rev": "d15c0bd7389fe6e49a8dd487c734ed7cf76cb1fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -293,11 +315,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1650374568,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -309,11 +331,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1733328505,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -339,20 +361,6 @@
} }
}, },
"flake-compat_4": { "flake-compat_4": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -368,7 +376,37 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_6": { "flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_7": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@ -383,7 +421,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_7": { "flake-compat_8": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -465,6 +503,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
}, },
@ -482,7 +535,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": [ "systems": [
"stylix", "stylix",
@ -503,7 +556,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_7"
}, },
@ -747,11 +800,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742326330, "lastModified": 1742957044,
"narHash": "sha256-Tumt3tcMXJniSh7tw2gW+WAnVLeB3WWm+E+yYFnLBXo=", "narHash": "sha256-gwW0tBIA77g6qq45y220drTy0DmThF3fJMwVFUtYV9c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "22a36aa709de7dd42b562a433b9cefecf104a6ee", "rev": "ce287a5cd3ef78203bc78021447f937a988d9f6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -914,17 +967,17 @@
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems", "systems": "systems",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1742402960, "lastModified": 1742952129,
"narHash": "sha256-skKoZd9SEXnxNlddPSuPS3J4cUUZ+Pt5ZnAMvimQXoQ=", "narHash": "sha256-A/62kt6kxVvD6PSpZrUDXqZRfN/ScBo1W/KlX2ZMOIo=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a25a214523dbb8fa25862a3f1570665cdb3db6e2", "rev": "3fc3521a97eba0fa67da80f17ae7872b1073f08d",
"revCount": 5909, "revCount": 5932,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@ -1166,7 +1219,7 @@
"hyprlang": "hyprlang_3", "hyprlang": "hyprlang_3",
"hyprutils": "hyprutils_4", "hyprutils": "hyprutils_4",
"hyprwayland-scanner": "hyprwayland-scanner_2", "hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"pre-commit-hooks": "pre-commit-hooks_2", "pre-commit-hooks": "pre-commit-hooks_2",
"systems": [ "systems": [
"hyprspace", "hyprspace",
@ -1280,14 +1333,14 @@
"hyprpanel": { "hyprpanel": {
"inputs": { "inputs": {
"ags": "ags_2", "ags": "ags_2",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1742402033, "lastModified": 1742881618,
"narHash": "sha256-aaBdTUJIAo9LBPpjNX96AoAi0H+O/oW8o+7SCVBAzXI=", "narHash": "sha256-4C5Zzo4S9zD+4ZL7MKLE7FqJEMVkOTvfIV9uEBQ8fDY=",
"owner": "Jas-SinghFSU", "owner": "Jas-SinghFSU",
"repo": "HyprPanel", "repo": "HyprPanel",
"rev": "3a5ad2a1db420f0238895f2cb1ff64acd0d2cc54", "rev": "7b5c339e9363187e249fa2f6eadbb295b0e8c6ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1300,7 +1353,7 @@
"inputs": { "inputs": {
"hyprland-qt-support": "hyprland-qt-support_2", "hyprland-qt-support": "hyprland-qt-support_2",
"hyprutils": "hyprutils_3", "hyprutils": "hyprutils_3",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
@ -1323,11 +1376,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1741933157, "lastModified": 1742767019,
"narHash": "sha256-HEWIQ1SgUTnc964oDsi68rQQug57BqbdUYqZvr3Ep0A=", "narHash": "sha256-FdyHDbf31jl5rIU7IQtBVTbZ1ojGrrp5aFaRrE2819s=",
"owner": "KZDKM", "owner": "KZDKM",
"repo": "Hyprspace", "repo": "Hyprspace",
"rev": "c3cf91bdb6a912f9d2c2779deebdf23385fd659a", "rev": "5b62529c2011ede6069445de9b5b3f8a1f10ecfe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1545,7 +1598,7 @@
], ],
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"libgit2": "libgit2", "libgit2": "libgit2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-23-11": [ "nixpkgs-23-11": [
"devenv" "devenv"
], ],
@ -1571,6 +1624,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1578,11 +1652,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742174123, "lastModified": 1742701275,
"narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1593,17 +1667,17 @@
}, },
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_9",
"systems": "systems_4", "systems": "systems_4",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1742251239, "lastModified": 1742915532,
"narHash": "sha256-QH61lUWvO7jkZAzsgBJtyjmX5/UozZcSZQxOl10jVk4=", "narHash": "sha256-LJ9rlcyOyL4RIG5FgOG8FhCnoJrh83Wqu5yOQkGe0Z0=",
"owner": "kaylorben", "owner": "kaylorben",
"repo": "nixcord", "repo": "nixcord",
"rev": "d7f44d000158fa46af9fae1819d8221d1ccb4ca2", "rev": "eb7f65e995720ccde1928fedad335fd468bc152a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1628,13 +1702,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-24_05": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1742288794, "lastModified": 1742669843,
"narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1646,11 +1736,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1742288794, "lastModified": 1742669843,
"narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1662,11 +1752,11 @@
}, },
"nixpkgs_11": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1742272065, "lastModified": 1742800061,
"narHash": "sha256-ud8vcSzJsZ/CK+r8/v0lyf4yUntVmDq6Z0A41ODfWbE=", "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3549532663732bfd89993204d40543e9edaec4f2", "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1678,11 +1768,11 @@
}, },
"nixpkgs_12": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1741865919, "lastModified": 1742578646,
"narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=", "narHash": "sha256-GiQ40ndXRnmmbDZvuv762vS+gew1uDpFwOfgJ8tLiEs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a", "rev": "94c4dbe77c0740ebba36c173672ca15a7926c993",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1710,11 +1800,11 @@
}, },
"nixpkgs_14": { "nixpkgs_14": {
"locked": { "locked": {
"lastModified": 1742288794, "lastModified": 1742422364,
"narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1725,6 +1815,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1733212471, "lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
@ -1740,7 +1846,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1717432640, "lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
@ -1756,13 +1862,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1742069588, "lastModified": 1742669843,
"narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1772,7 +1878,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1736344531, "lastModified": 1736344531,
"narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=",
@ -1788,7 +1894,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1737469691, "lastModified": 1737469691,
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
@ -1804,7 +1910,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1739020877, "lastModified": 1739020877,
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=", "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
@ -1820,33 +1926,17 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": {
"locked": {
"lastModified": 1742169275,
"narHash": "sha256-nkH2Edu9rClcsQp2PYBe8E6fp8LDPi2uDBQ6wyMdeXI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5d9b5431f967007b3952c057fc92af49a4c5f3b2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1735554305, "lastModified": 1742800061,
"narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd", "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -1859,11 +1949,11 @@
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch"
}, },
"locked": { "locked": {
"lastModified": 1742396414, "lastModified": 1742916868,
"narHash": "sha256-e9Uv44rVDAG2ohNejttl9Pq5r4dxIzWxt+1hvKTQK5E=", "narHash": "sha256-2eN75OsaNpL3FzAs3hz9Xm3+htIP3iLdfRP6PGfOoS8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "d79c291d5d80d587d518e0f530cc55adb0638c80", "rev": "6b95b825529aa2d8536f7684fe64382ef4d15d84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1897,7 +1987,7 @@
}, },
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"ixx": "ixx", "ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@ -1905,11 +1995,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741886583, "lastModified": 1742659553,
"narHash": "sha256-sScfYKtxp3CYv5fJcHQDvQjqBL+tPNQqS9yf9Putd+s=", "narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "2974bc5fa3441a319fba943f3ca41f7dcd1a1467", "rev": "508752835128a3977985a4d5225ff241f7756181",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1920,7 +2010,7 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
@ -1928,11 +2018,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742058297, "lastModified": 1742649964,
"narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1943,7 +2033,7 @@
}, },
"pre-commit-hooks_2": { "pre-commit-hooks_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"gitignore": "gitignore_3", "gitignore": "gitignore_3",
"nixpkgs": [ "nixpkgs": [
"hyprspace", "hyprspace",
@ -1967,18 +2057,18 @@
}, },
"pre-commit-hooks_3": { "pre-commit-hooks_3": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"gitignore": "gitignore_4", "gitignore": "gitignore_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742300892, "lastModified": 1742649964,
"narHash": "sha256-QmF0proyjXI9YyZO9GZmc7/uEu5KVwCtcdLsKSoxPAI=", "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "ea26a82dda75bee6783baca6894040c8e6599728", "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1990,6 +2080,7 @@
"root": { "root": {
"inputs": { "inputs": {
"ags": "ags", "ags": "ags",
"colmena": "colmena",
"devenv": "devenv", "devenv": "devenv",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
@ -1999,6 +2090,7 @@
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_10",
"nixpkgs-24_05": "nixpkgs-24_05",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"pre-commit-hooks": "pre-commit-hooks_3", "pre-commit-hooks": "pre-commit-hooks_3",
@ -2011,11 +2103,11 @@
}, },
"secrets": { "secrets": {
"locked": { "locked": {
"lastModified": 1742622103, "lastModified": 1743305321,
"narHash": "sha256-eYKgwqm7jkoxzaSuvLSQq78L4ks4gtEQF8BkTt9an7k=", "narHash": "sha256-2H42Qu7PRCeFe/asA5sq4SeD5IM0YXbkYnU51AaUChw=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "13c13466e8aa371bf8cb53f0f36fb0e086294f45", "rev": "7faa37e94383c6846f8a1a0192369e74d787eccb",
"revCount": 2, "revCount": 4,
"type": "git", "type": "git",
"url": "ssh://git@github.com/gwg313/nixos-secrets.git" "url": "ssh://git@github.com/gwg313/nixos-secrets.git"
}, },
@ -2029,11 +2121,11 @@
"nixpkgs": "nixpkgs_12" "nixpkgs": "nixpkgs_12"
}, },
"locked": { "locked": {
"lastModified": 1742406979, "lastModified": 1742700801,
"narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2042,6 +2134,22 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1730883749,
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
@ -2049,8 +2157,8 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"git-hooks": "git-hooks_2", "git-hooks": "git-hooks_2",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
@ -2066,11 +2174,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1742406729, "lastModified": 1742926290,
"narHash": "sha256-k03W8/GTJlCTtf5UaC4PIKSwTVQ3d3farweYvpkb53M=", "narHash": "sha256-63joFDrDekkI8papsDPwObKCCYSZ7t/1t94M398BxLY=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "ccb411c5db16341455d82d955fef4db9985741a6", "rev": "61a5f77f2202f3a79797089752713e16b1ab5b10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2081,17 +2189,17 @@
}, },
"superfile": { "superfile": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_7", "flake-compat": "flake-compat_8",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"gomod2nix": "gomod2nix", "gomod2nix": "gomod2nix",
"nixpkgs": "nixpkgs_13" "nixpkgs": "nixpkgs_13"
}, },
"locked": { "locked": {
"lastModified": 1742229245, "lastModified": 1742951573,
"narHash": "sha256-Mno0aoVkURC3mSfsEVbPxNS0c8PAObYvdHBq4yUPxq4=", "narHash": "sha256-Sbe2mWbThDwFk6qIq3TiXZZj8GpQCHxPD1UL+Kkj70o=",
"owner": "MHNightCat", "owner": "MHNightCat",
"repo": "superfile", "repo": "superfile",
"rev": "1f0ab010c8e4c6f7d472a9a9c18e0747e3ccd654", "rev": "74c1cc6129e78440b9c9a7ea7d40d03bc28e0533",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2288,14 +2396,17 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": [
"nixcord",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1739829690, "lastModified": 1742370146,
"narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "3d0579f5cc93436052d94b73925b48973a104204", "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2419,11 +2530,11 @@
"nixpkgs": "nixpkgs_14" "nixpkgs": "nixpkgs_14"
}, },
"locked": { "locked": {
"lastModified": 1742375121, "lastModified": 1742602442,
"narHash": "sha256-wIRU5K0TdEKr7RMNNIjtYYebcO4isaoYLctaftdurQs=", "narHash": "sha256-jwOKx/hQZONnlRvCRmV0KUj/98S8okScWRgWNGsV3yQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "bb095cab6c476742d60602eac636057e32073f2e", "rev": "1d0b9424a10f78d2bcf056f36ad21cd11a01ed3e",
"revCount": 80, "revCount": 81,
"type": "git", "type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake/" "url": "https://git.sr.ht/~canasta/zen-browser-flake/"
}, },

31
flake.nix
View file

@ -9,6 +9,7 @@
# at the same time. Here's an working example: # at the same time. Here's an working example:
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Also see the 'unstable-packages' overlay at 'overlays/default.nix'. # Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
nixpkgs-24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
secrets.url = "git+ssh://git@github.com/gwg313/nixos-secrets.git"; secrets.url = "git+ssh://git@github.com/gwg313/nixos-secrets.git";
hyprpolkitagent.url = "github:hyprwm/hyprpolkitagent"; hyprpolkitagent.url = "github:hyprwm/hyprpolkitagent";
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel"; hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
@ -59,6 +60,7 @@
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs"; pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
colmena.url = "github:zhaofengli/colmena";
}; };
outputs = outputs =
@ -66,6 +68,7 @@
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
colmena,
... ...
}@inputs: }@inputs:
let let
@ -82,6 +85,7 @@
# pass to it, with each system as an argument # pass to it, with each system as an argument
forAllSystems = nixpkgs.lib.genAttrs systems; forAllSystems = nixpkgs.lib.genAttrs systems;
user = "gwg313"; user = "gwg313";
in in
{ {
# Your custom packages # Your custom packages
@ -201,5 +205,32 @@
]; ];
}; };
}; };
# colmena managed systems
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
colmena = {
meta = {
specialArgs = {
inherit user inputs outputs;
};
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
};
waypoint = {
deployment = {
targetHost = "waypoint"; # <- defined in ~/.ssh/config
};
imports = [ ./hosts/waypoint/configuration.nix ];
};
seikan = {
deployment = {
targetHost = "seikan"; # <- defined in ~/.ssh/config
};
imports = [ ./hosts/seikan/configuration.nix ];
};
};
}; };
} }

119
hosts/seikan/configuration.nix Normal file
View file

@ -0,0 +1,119 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
modulesPath,
lib,
inputs,
...
}:
let
## Pin the latest NixOS stable (nixos-24.05) release:
nixpkgs-src = builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/797f7dc49e0bc7fab4b57c021cdf68f595e47841.tar.gz";
sha256 = "sha256:0q96nxw7jg9l9zlpa3wkma5xzmgkdnnajapwhgb2fk2ll224rgs1";
};
in
{
# sops
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/gwg313/.config/sops/age/keys.txt";
};
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
./traefik.nix
./zerotier.nix
../../common/nixos/ssh/default.nix
inputs.sops-nix.nixosModules.sops
];
ssh.enable = true;
ssh_guard.enable = true;
ssh_client.enable = false;
services.openssh.authorizedKeysFiles = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
services.openssh.settings = {
PermitRootLogin = lib.mkForce "yes";
AllowUsers = lib.mkForce [
"gwg313"
"root"
];
};
users.users.gwg313 = {
isNormalUser = true;
description = "gwg313";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [ ];
};
users.users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
};
};
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Toronto";
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Define a user account. Don't forget to set a password with passwd.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

85
hosts/seikan/routes.nix Normal file
View file

@ -0,0 +1,85 @@
{
services.traefik = {
dynamicConfigOptions = {
http = {
services = {
music_zt.loadBalancer.servers = [
{
url = "https://music.zerotier.gwg313.xyz";
}
];
audiobooks_zt.loadBalancer.servers = [
{
url = "https://audiobooks.zerotier.gwg313.xyz";
}
];
recipes_zt.loadBalancer.servers = [
{
url = "https://recipes.zerotier.gwg313.xyz";
}
];
bookmarks_zt.loadBalancer.servers = [
{
url = "https://bookmarks.zerotier.gwg313.xyz";
}
];
scholarsome_zt.loadBalancer.servers = [
{
url = "https://scholarsome.zerotier.gwg313.xyz";
}
];
};
routers = {
music_zt = {
entryPoints = [ "websecure" ];
rule = "Host(`music.gwg313.xyz`)";
service = "music_zt";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
audiobooks_zt = {
entryPoints = [ "websecure" ];
rule = "Host(`audiobooks.gwg313.xyz`)";
service = "audiobooks_zt";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
recipes_zt = {
entryPoints = [ "websecure" ];
rule = "Host(`recipes.gwg313.xyz`)";
service = "recipes_zt";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
bookmarks_zt = {
entryPoints = [ "websecure" ];
rule = "Host(`bookmarks.gwg313.xyz`)";
service = "bookmarks_zt";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
scholarsome_zt = {
entryPoints = [ "websecure" ];
rule = "Host(`scholarsome.gwg313.xyz`)";
service = "scholarsome_zt";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
};
};
};
};
}

115
hosts/seikan/traefik.nix Normal file
View file

@ -0,0 +1,115 @@
# Traefik
{
config,
...
}:
{
imports = [
./routes.nix
];
sops.secrets.cf-api-token = {
mode = "0440";
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
};
systemd.services.traefik.environment = {
CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}";
};
networking.firewall.allowedTCPPorts = [
80
443
];
services.traefik = {
enable = true;
staticConfigOptions = {
serversTransport = {
insecureSkipVerify = true;
};
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
http = {
tls = {
options = "default";
};
};
};
};
api = {
dashboard = true;
};
certificatesResolvers = {
le = {
acme = {
email = "glen.goodwin@protonmail.com";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [ "1.1.1.1:53" ];
};
};
};
};
};
dynamicConfigOptions = {
http = {
routers = {
dashboard = {
rule = "Host(`monitor.local.gwg313.xyz`)";
service = "api@internal";
middlewares = [
# "auth"
"headers"
];
entrypoints = [ "websecure" ];
tls = {
certResolver = "le";
};
};
};
middlewares = {
headers = {
headers = {
browserxssfilter = true;
contenttypenosniff = true;
customframeoptionsvalue = "SAMEORIGIN";
forcestsheader = true;
framedeny = true;
sslhost = "gwg313.xyz";
sslredirect = true;
stsincludesubdomains = true;
stspreload = true;
stsseconds = "315360000";
};
};
};
};
tls = {
options = {
default = {
minVersion = "VersionTLS13";
sniStrict = true;
curvePreferences = [
"CurveP521"
"CurveP384"
];
};
};
};
};
};
}

20
hosts/seikan/zerotier.nix Normal file
View file

@ -0,0 +1,20 @@
{
inputs,
...
}:
{
services.zerotierone = {
joinNetworks = [
inputs.secrets.zerotier.infra
];
enable = true;
};
networking.extraHosts = ''
10.147.17.246 audiobooks.zerotier.gwg313.xyz
10.147.17.246 music.zerotier.gwg313.xyz
10.147.17.246 recipes.zerotier.gwg313.xyz
10.147.17.246 scholarsome.zerotier.gwg313.xyz
10.147.17.246 bookmarks.zerotier.gwg313.xyz
'';
}

19
hosts/waypoint/cloudflared.nix Normal file
View file

@ -0,0 +1,19 @@
{
services = {
cloudflared = {
enable = true;
tunnels = {
"4d40bf21-d8ef-4a71-8fb7-e4f24bb8b0cf" = {
credentialsFile = "/home/gwg313/.cloudflared/4d40bf21-d8ef-4a71-8fb7-e4f24bb8b0cf.json";
default = "http_status:404";
ingress = {
"*.gwg313.xyz" = {
service = "http://localhost";
# path = "/*.(jpg|png|css|js)";
};
};
};
};
};
};
}

114
hosts/waypoint/configuration.nix Normal file
View file

@ -0,0 +1,114 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
inputs,
...
}:
{
# sops
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "/home/gwg313/.config/sops/age/keys.txt";
};
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./traefik.nix
./zerotier.nix
../../common/nixos/ssh/default.nix
inputs.sops-nix.nixosModules.sops
];
ssh.enable = true;
ssh_guard.enable = true;
ssh_client.enable = false;
services.openssh.authorizedKeysFiles = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
services.openssh.settings = {
PermitRootLogin = lib.mkForce "yes";
AllowUsers = lib.mkForce [
"gwg313"
"root"
];
};
users.users.gwg313 = {
isNormalUser = true;
description = "gwg313";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [ ];
};
users.users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvOfDSjlvegGqfUS18XwXB7SvS2n9/hGYUpKxRb9vgb gwg313@pm.me"
];
};
};
# Bootloader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Toronto";
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Define a user account. Don't forget to set a password with passwd.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

38
hosts/waypoint/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0692e3c0-aa34-4a5a-aaa5-c13f55783570";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

54
hosts/waypoint/routes.nix Normal file
View file

@ -0,0 +1,54 @@
{
imports = [
./services.nix
];
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
music = {
entryPoints = [ "websecure" ];
rule = "Host(`music.gwg313.xyz`)";
service = "music_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
recipes = {
entryPoints = [ "websecure" ];
rule = "Host(`recipes.gwg313.xyz`)";
service = "recipes_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
audiobooks = {
entryPoints = [ "websecure" ];
rule = "Host(`audiobooks.gwg313.xyz`)";
service = "audiobooks_local";
tls.certResolver = "le";
middlewares = [ ];
};
scholarsome = {
entryPoints = [ "websecure" ];
rule = "Host(`scholarsome.gwg313.xyz`)";
service = "scholarsome_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
bookmarks = {
entryPoints = [ "websecure" ];
rule = "Host(`bookmarks.gwg313.xyz`)";
service = "bookmarks_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
};
};
};
};
}

69
hosts/waypoint/routes_local.nix Normal file
View file

@ -0,0 +1,69 @@
{
imports = [
./services.nix
];
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
arcocd_local = {
entryPoints = [ "websecure" ];
rule = "Host(`argocd.local.gwg313.xyz`)";
service = "argocd_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
music_local = {
entryPoints = [ "websecure" ];
rule = "Host(`music.local.gwg313.xyz`)";
service = "music_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
pinchflat_local = {
entryPoints = [ "websecure" ];
rule = "Host(`pinchflat.local.gwg313.xyz`)";
service = "pinchflat_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
proxmox_local = {
entryPoints = [ "websecure" ];
rule = "Host(`proxmox.local.gwg313.xyz`)";
service = "proxmox_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
recipes_local = {
entryPoints = [ "websecure" ];
rule = "Host(`recipes.local.gwg313.xyz`)";
service = "recipes_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
audiobooks_local = {
entryPoints = [ "websecure" ];
rule = "Host(`audiobooks.local.gwg313.xyz`)";
service = "audiobooks_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
scholarsome_local = {
entryPoints = [ "websecure" ];
rule = "Host(`scholarsome.local.gwg313.xyz`)";
service = "scholarsome_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
};
};
};
};
}

54
hosts/waypoint/routes_zerotier.nix Normal file
View file

@ -0,0 +1,54 @@
{
imports = [
./services.nix
];
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
music_zerotier = {
entryPoints = [ "websecure" ];
rule = "Host(`music.zerotier.gwg313.xyz`)";
service = "music_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
recipes_zerotier = {
entryPoints = [ "websecure" ];
rule = "Host(`recipes.zerotier.gwg313.xyz`)";
service = "recipes_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
audiobooks_zerotier = {
entryPoints = [ "websecure" ];
rule = "Host(`audiobooks.zerotier.gwg313.xyz`)";
service = "audiobooks_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
scholarsome_zerotier = {
entryPoints = [ "websecure" ];
rule = "Host(`scholarsome.zerotier.gwg313.xyz`)";
service = "scholarsome_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
bookmarks_zerotier = {
entryPoints = [ "websecure" ];
rule = "Host(`bookmarks.zerotier.gwg313.xyz`)";
service = "bookmarks_local";
tls.certResolver = "le";
middlewares = [ "headers" ];
};
};
};
};
};
}

58
hosts/waypoint/services.nix Normal file
View file

@ -0,0 +1,58 @@
{
services.traefik = {
dynamicConfigOptions = {
http = {
services = {
argocd_local.loadBalancer.servers = [
{
url = "https://10.1.10.3:30007";
}
];
music_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30033";
}
];
pinchflat_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30001";
}
];
proxmox_local.loadBalancer.servers = [
{
url = "https://10.1.10.2:8006";
}
];
recipes_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30000";
}
];
audiobooks_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30080";
}
];
scholarsome_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30123";
}
];
bookmarks_local.loadBalancer.servers = [
{
url = "http://10.1.10.3:30099";
}
];
};
};
};
};
}

117
hosts/waypoint/traefik.nix Normal file
View file

@ -0,0 +1,117 @@
# Traefik
{
config,
...
}:
{
imports = [
./routes_local.nix
./routes_zerotier.nix
./routes.nix
];
sops.secrets.cf-api-token = {
mode = "0440";
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
};
systemd.services.traefik.environment = {
CF_DNS_API_TOKEN_FILE = "${config.sops.secrets.cf-api-token.path}";
};
networking.firewall.allowedTCPPorts = [
80
443
];
services.traefik = {
enable = true;
staticConfigOptions = {
serversTransport = {
insecureSkipVerify = true;
};
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
http = {
tls = {
options = "default";
};
};
};
};
api = {
dashboard = true;
};
certificatesResolvers = {
le = {
acme = {
email = "glen.goodwin@protonmail.com";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [ "1.1.1.1:53" ];
};
};
};
};
};
dynamicConfigOptions = {
http = {
routers = {
dashboard = {
rule = "Host(`monitor.local.gwg313.xyz`)";
service = "api@internal";
middlewares = [
# "auth"
"headers"
];
entrypoints = [ "websecure" ];
tls = {
certResolver = "le";
};
};
};
middlewares = {
headers = {
headers = {
browserxssfilter = true;
contenttypenosniff = true;
customframeoptionsvalue = "SAMEORIGIN";
forcestsheader = true;
framedeny = true;
sslhost = "gwg313.xyz";
sslredirect = true;
stsincludesubdomains = true;
stspreload = true;
stsseconds = "315360000";
};
};
};
};
tls = {
options = {
default = {
minVersion = "VersionTLS13";
sniStrict = true;
curvePreferences = [
"CurveP521"
"CurveP384"
];
};
};
};
};
};
}

9
hosts/waypoint/zerotier.nix Normal file
View file

@ -0,0 +1,9 @@
{ inputs, ... }:
{
services.zerotierone = {
joinNetworks = [
inputs.secrets.zerotier.infra
];
enable = true;
};
}