diff --git a/flake.lock b/flake.lock index b8bcefe..2b41f45 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1641576265, - "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", + "lastModified": 1640802000, + "narHash": "sha256-ZiI94Zv/IgW64fqKrtVaQqfUCkn9STvAjgfFmvtqcQ8=", "owner": "ryantm", "repo": "agenix", - "rev": "08b9c96878b2f9974fc8bde048273265ad632357", + "rev": "c5558c88b2941bf94886dfdede6926b1ba5f5629", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "emacs": { "locked": { - "lastModified": 1642185505, - "narHash": "sha256-J8eDunoleOw+bXn7kVUOraYKkaYai8BahMOvKmi4XXA=", + "lastModified": 1641149178, + "narHash": "sha256-Mt+oT5YZ6G9zHctDKV5pY+3vIdsMmAg0HMvz6rxsIc0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "0d01d3b11249a471c80ab2c972646c4c809b8237", + "rev": "f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1641205782, - "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=", + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", "type": "github" }, "original": { @@ -115,11 +115,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1642117744, - "narHash": "sha256-/SvxBe/m6JiRSlKIrgD6LQxee9GGewFyq+lsPxoViMY=", + "lastModified": 1641121012, + "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f", + "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6", "type": "github" }, "original": { @@ -171,11 +171,11 @@ }, "master": { "locked": { - "lastModified": 1642192855, - "narHash": "sha256-K3G8uQ03gH23Oy+kTsYRcRYH+UcQN8D+2Ek0/TU2b3E=", + "lastModified": 1641155364, + "narHash": "sha256-7OXbMNAVeO5Yn916tADri1UIzl5bU27PjIDSLZB4G9A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b17f868724f1a6b9d11c515ac122222852979eba", + "rev": "03985162cf0d012b5ebdad5271c26e0cfacd1aa2", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1642128238, - "narHash": "sha256-nqOpS7qxA0iaCWoZ4zbAHCkg8SCuMlmql399hQbZnik=", + "lastModified": 1641106516, + "narHash": "sha256-zx9GDn7rXvqvrQaRiop7Xx8qqSt3FPppVcShmneSqHs=", "owner": "neovim", "repo": "neovim", - "rev": "a88046fe2d0710d1d1132ea544e9dbbbac1af7de", + "rev": "e42c9065972f93e4666fbd8e06fc56333e9e5d24", "type": "github" }, "original": { @@ -232,11 +232,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1641594851, - "narHash": "sha256-aXwbg2PAkmnxmqeh0z+KNwNvJJpzomopmnWtv3qZg9E=", + "lastModified": 1640904492, + "narHash": "sha256-KrFdQl9sRxfkA18OnfY10+wvcRsExEjl0HHUQH2Di8E=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "94834b0e04d27f3eb7e2832639378697441d44a3", + "rev": "57f79e1181805df1ec1c6336dca40aee9671cee0", "type": "github" }, "original": { @@ -306,11 +306,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1642069818, - "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=", + "lastModified": 1641104204, + "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7", + "rev": "28d58b979250ef33f049fe1c74daa50b7515126b", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1642069818, - "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=", + "lastModified": 1641104204, + "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7", + "rev": "28d58b979250ef33f049fe1c74daa50b7515126b", "type": "github" }, "original": { @@ -380,11 +380,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1642069818, - "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=", + "lastModified": 1641104204, + "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7", + "rev": "28d58b979250ef33f049fe1c74daa50b7515126b", "type": "github" }, "original": { @@ -396,11 +396,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1641887635, - "narHash": "sha256-kDGpufwzVaiGe5e1sBUBPo9f1YN+nYHJlYqCaVpZTQQ=", + "lastModified": 1640959792, + "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b2737d4980a17cc2b7d600d7d0b32fd7333aca88", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", "type": "github" }, "original": { @@ -412,11 +412,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1641887635, - "narHash": "sha256-kDGpufwzVaiGe5e1sBUBPo9f1YN+nYHJlYqCaVpZTQQ=", + "lastModified": 1640871638, + "narHash": "sha256-ty6sGnJUQEkCd43At5U3DRQZD7rPARz5VginSW6hZ3k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b2737d4980a17cc2b7d600d7d0b32fd7333aca88", + "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3", "type": "github" }, "original": { @@ -428,11 +428,11 @@ }, "nur": { "locked": { - "lastModified": 1642189610, - "narHash": "sha256-aRY1+itF7hArY7q5+2WmPzU9GYp2207rpIM6/d4uBkE=", + "lastModified": 1641155785, + "narHash": "sha256-QDnIQ7sfawBaQckDTIQqsSevftrJpxluQUhzX0goWg4=", "owner": "nix-community", "repo": "NUR", - "rev": "8f0e4ae161d56f81e13ddb83ec17cfd702493c3a", + "rev": "9dc87bdd533db31f14bd5fdc4f7fb6aab6a40056", "type": "github" }, "original": { @@ -448,11 +448,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1642148099, - "narHash": "sha256-XKXYI+4xov18J1cB2N3t0fEJUEy+8nLkm/J9AMNdRHY=", + "lastModified": 1641111239, + "narHash": "sha256-w1jUAuVmImMQGhaUY8dNVAxE4SNULI32RqyRX6DXzBo=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "830fc4b7322dce7a0f44b27d057f6823601020a9", + "rev": "5906176ea9464d9a33c229b124fd713584bcfa57", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1642128126, - "narHash": "sha256-av8JUACdrTfQYl/ftZJvKpZEmZfa0avCq7tt5Usdoq0=", + "lastModified": 1641091280, + "narHash": "sha256-atemDjUQXazv/VQvEb7VC6JQ6oe2n7D2r/09qRsbthc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ce4ef6f2d74f2b68f7547df1de22d1b0037ce4ad", + "rev": "13b6bd69cd0ecf985fba18105a23464c5e76b24a", "type": "github" }, "original": { @@ -500,11 +500,11 @@ }, "stable": { "locked": { - "lastModified": 1641870998, - "narHash": "sha256-6HkxR2WZsm37VoQS7jgp6Omd71iw6t1kP8bDbaqCDuI=", + "lastModified": 1641046839, + "narHash": "sha256-9XJgfDKU1hhC0E16FxDJe//Utrm79AQxesPhTltwjQ4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb", + "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8962fa7..ce4e01e 100644 --- a/flake.nix +++ b/flake.nix @@ -110,7 +110,7 @@ Marisa = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ - ./hosts/marisa + ./hosts/servers/marisa.nix #inputs.mailserver.nixosModules.mailserver { nixpkgs.pkgs = self.legacyPackages.aarch64-linux; @@ -124,7 +124,7 @@ Remilia = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./hosts/remilia + ./hosts/servers/remilia.nix inputs.mailserver.nixosModules.mailserver { nixpkgs.pkgs = self.legacyPackages.x86_64-linux; diff --git a/hosts/marisa/networking.nix b/hosts/marisa/networking.nix index c7a6262..3bd1a37 100755 --- a/hosts/marisa/networking.nix +++ b/hosts/marisa/networking.nix @@ -1,9 +1,9 @@ -{config, pkgs, ...}: +{ config, pkgs, ... }: { networking = { hostName = "Marisa"; firewall = { - allowedTCPPorts = [ 22 80 6060 5001 8800 8888 ]; + allowedTCPPorts = [ 22 80 6060 5001 8800 8888 4444 4445 ]; allowedUDPPorts = [ 17840 ]; }; wireless = { @@ -13,10 +13,10 @@ interfaces = { wlan0 = { useDHCP = false; - ipv4.addresses = [ { + ipv4.addresses = [{ prefixLength = 24; address = "192.168.0.159"; - } ]; + }]; }; }; wireguard.interfaces.wg0 = { diff --git a/hosts/marisa/services.nix b/hosts/marisa/services.nix index 6822bd5..d8aa42c 100755 --- a/hosts/marisa/services.nix +++ b/hosts/marisa/services.nix @@ -1,22 +1,68 @@ -{lib, config, pkgs, ...}: +{ lib, config, pkgs, ... }: { services = { openssh = { enable = true; permitRootLogin = "yes"; }; + /* nomad = { + enable = true; + enableDocker = true; + settings = { + data_dir = "/var/lib/nomad"; + server = { + enable = true; + bootstrap_expect = 1; + }; + vault = { + enabled = true; + address = "https://10.55.0.2:6060"; + ca_path = "../../cert.pem"; + cert_file = "/var/vault/cert.pem"; + key_file = "/var/vault/key.pem"; +# allow_unauthenticated = true; + create_from_role = "nomad-cluster"; + }; + + }; + };*/ vault = { - package = pkgs.vault-bin; enable = true; + package = pkgs.vault-bin; + enable = true; tlsCertFile = "/var/certs/cert.pem"; tlsKeyFile = "/var/certs/key.pem"; address = "0.0.0.0:8800"; - extraSettingsPaths = [ /var/vault/vault.hcl ]; - storageBackend = "postgresql"; + storageBackend = "file"; + storagePath = "/var/lib/vault"; extraConfig = '' api_addr = "https://127.0.0.1:8800" ui = true ''; }; + consul = { + enable = true; + webUi = true; + extraConfig = rec { + bootstrap = true; + log_level = "DEBUG"; + enable_syslog = true; + datacenter = "d1"; + bind_addr = "10.55.0.2"; + client_addr = bind_addr; + primary_datacenter = "d1"; + node_name = "Marisa"; + server = true; + connect = { + enabled = true; + }; + encrypt = "zdlcIl2Z4D01SdNQMv6fSfBN6OkQU10LAyPvwdQDwn4="; + ca_file = "../../cert.pem"; + ports = { + http = 4444; + grpc = 4445; + }; + }; + }; vault-agent = { enable = true; settings = { @@ -58,10 +104,10 @@ local gitea all ident map=gitea-map host vault all 10.55.0.2/32 md5 host all all 192.168.0.110/32 md5 - ''; + ''; identMap = '' gitea-map gitea gitea - ''; + ''; }; gitea = { enable = true; @@ -79,22 +125,26 @@ }; settings = { oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; + UPDATE_AVATAR = true; }; ui = { - DEFAULT_THEME="arc-green"; + DEFAULT_THEME = "arc-green"; }; security = { LOGIN_REMEMBER_DAYS = 50; }; + server = { + SSH_PORT = lib.mkForce 22001; + }; }; }; }; + # systemd.services.consul.serviceConfig.Type = "notify"; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK06ZUa9BKmZ6m+xapBjOAm10OCLzxIm8ais20wQC47m" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSQnDNrNP69tIK7U2D7qaMjycfIjpgx0at4U2D5Ufib" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5V/hdkTTQSkDLXaEwY8xb/T8+sWtw5c6UjYOPaTrO8" ]; security.pki.certificateFiles = [ ../../cert.pem ]; } diff --git a/hosts/remilia/networking.nix b/hosts/remilia/networking.nix index aa1b270..66ae7b3 100755 --- a/hosts/remilia/networking.nix +++ b/hosts/remilia/networking.nix @@ -11,7 +11,6 @@ 80 81 443 444 993 465 143 25 - 22001 ]; allowedUDPPorts = [ 17840 ]; }; diff --git a/hosts/remilia/services.nix b/hosts/remilia/services.nix index f08cca3..2beea3e 100755 --- a/hosts/remilia/services.nix +++ b/hosts/remilia/services.nix @@ -1,14 +1,13 @@ {config, pkgs, ...}: { services = { - openssh = { - enable = true; + openssh = { enable = true; permitRootLogin = "yes"; }; nginx = { enable = true; package = (pkgs.nginx.overrideAttrs(oa: { - configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" "--with-stream" ]; + configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ]; })); virtualHosts = { "weirdnatto.in" = { @@ -28,16 +27,6 @@ }; }; }; - streamConfig = '' - upstream gitea { - server 10.55.0.2:22; - } - - server { - listen 22001; - proxy_pass gitea; - } - ''; }; vault-agent = { enable = true; diff --git a/modules/min-pkgs.nix b/modules/min-pkgs.nix index af7aada..7b99a15 100755 --- a/modules/min-pkgs.nix +++ b/modules/min-pkgs.nix @@ -7,6 +7,8 @@ wireguard vault tree-sitter + rnix-lsp + nmap ]; programs = {