some marisa changes

changed marisa services (consul and vault)

flake.lock

@@ -5,11 +5,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1641576265,
+        "lastModified": 1640802000,
-        "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=",
+        "narHash": "sha256-ZiI94Zv/IgW64fqKrtVaQqfUCkn9STvAjgfFmvtqcQ8=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "08b9c96878b2f9974fc8bde048273265ad632357",
+        "rev": "c5558c88b2941bf94886dfdede6926b1ba5f5629",
         "type": "github"
       },
       "original": {
@@ -36,11 +36,11 @@
     },
     "emacs": {
       "locked": {
-        "lastModified": 1642185505,
+        "lastModified": 1641149178,
-        "narHash": "sha256-J8eDunoleOw+bXn7kVUOraYKkaYai8BahMOvKmi4XXA=",
+        "narHash": "sha256-Mt+oT5YZ6G9zHctDKV5pY+3vIdsMmAg0HMvz6rxsIc0=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "0d01d3b11249a471c80ab2c972646c4c809b8237",
+        "rev": "f3c435a5e5cfa3ce1b2f50ba37b9cacfec4139d9",
         "type": "github"
       },
       "original": {
@@ -52,11 +52,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1641205782,
+        "lastModified": 1627913399,
-        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
+        "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
+        "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
         "type": "github"
       },
       "original": {
@@ -115,11 +115,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1642117744,
+        "lastModified": 1641121012,
-        "narHash": "sha256-/SvxBe/m6JiRSlKIrgD6LQxee9GGewFyq+lsPxoViMY=",
+        "narHash": "sha256-svaOMxNMQgFHjcxdmLojOxTxfqSENtnO+S3kb+npIwY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f",
+        "rev": "8e7a10602d1eb1d242c9d3f9b822203d5751a8c6",
         "type": "github"
       },
       "original": {
@@ -171,11 +171,11 @@
     },
     "master": {
       "locked": {
-        "lastModified": 1642192855,
+        "lastModified": 1641155364,
-        "narHash": "sha256-K3G8uQ03gH23Oy+kTsYRcRYH+UcQN8D+2Ek0/TU2b3E=",
+        "narHash": "sha256-7OXbMNAVeO5Yn916tADri1UIzl5bU27PjIDSLZB4G9A=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b17f868724f1a6b9d11c515ac122222852979eba",
+        "rev": "03985162cf0d012b5ebdad5271c26e0cfacd1aa2",
         "type": "github"
       },
       "original": {
@@ -212,11 +212,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1642128238,
+        "lastModified": 1641106516,
-        "narHash": "sha256-nqOpS7qxA0iaCWoZ4zbAHCkg8SCuMlmql399hQbZnik=",
+        "narHash": "sha256-zx9GDn7rXvqvrQaRiop7Xx8qqSt3FPppVcShmneSqHs=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "a88046fe2d0710d1d1132ea544e9dbbbac1af7de",
+        "rev": "e42c9065972f93e4666fbd8e06fc56333e9e5d24",
         "type": "github"
       },
       "original": {
@@ -232,11 +232,11 @@
         "utils": "utils_3"
       },
       "locked": {
-        "lastModified": 1641594851,
+        "lastModified": 1640904492,
-        "narHash": "sha256-aXwbg2PAkmnxmqeh0z+KNwNvJJpzomopmnWtv3qZg9E=",
+        "narHash": "sha256-KrFdQl9sRxfkA18OnfY10+wvcRsExEjl0HHUQH2Di8E=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "94834b0e04d27f3eb7e2832639378697441d44a3",
+        "rev": "57f79e1181805df1ec1c6336dca40aee9671cee0",
         "type": "github"
       },
       "original": {
@@ -306,11 +306,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1642069818,
+        "lastModified": 1641104204,
-        "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=",
+        "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7",
+        "rev": "28d58b979250ef33f049fe1c74daa50b7515126b",
         "type": "github"
       },
       "original": {
@@ -320,11 +320,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1642069818,
+        "lastModified": 1641104204,
-        "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=",
+        "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7",
+        "rev": "28d58b979250ef33f049fe1c74daa50b7515126b",
         "type": "github"
       },
       "original": {
@@ -380,11 +380,11 @@
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1642069818,
+        "lastModified": 1641104204,
-        "narHash": "sha256-666w6j8wl/bojfgpp0k58/UJ5rbrdYFbI2RFT2BXbSQ=",
+        "narHash": "sha256-mCjEJNKaeS/BhQQFNSxHfA0/XtujbTAAJpustt1hIxI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "46821ea01c8f54d2a20f5a503809abfc605269d7",
+        "rev": "28d58b979250ef33f049fe1c74daa50b7515126b",
         "type": "github"
       },
       "original": {
@@ -396,11 +396,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1641887635,
+        "lastModified": 1640959792,
-        "narHash": "sha256-kDGpufwzVaiGe5e1sBUBPo9f1YN+nYHJlYqCaVpZTQQ=",
+        "narHash": "sha256-zYSR//06FU2TDOpKKj0Hkff6unsxk3NwwNFuB1loU6E=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b2737d4980a17cc2b7d600d7d0b32fd7333aca88",
+        "rev": "59bfda72480496f32787cec8c557182738b1bd3f",
         "type": "github"
       },
       "original": {
@@ -412,11 +412,11 @@
     },
     "nixpkgs_9": {
       "locked": {
-        "lastModified": 1641887635,
+        "lastModified": 1640871638,
-        "narHash": "sha256-kDGpufwzVaiGe5e1sBUBPo9f1YN+nYHJlYqCaVpZTQQ=",
+        "narHash": "sha256-ty6sGnJUQEkCd43At5U3DRQZD7rPARz5VginSW6hZ3k=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b2737d4980a17cc2b7d600d7d0b32fd7333aca88",
+        "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3",
         "type": "github"
       },
       "original": {
@@ -428,11 +428,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1642189610,
+        "lastModified": 1641155785,
-        "narHash": "sha256-aRY1+itF7hArY7q5+2WmPzU9GYp2207rpIM6/d4uBkE=",
+        "narHash": "sha256-QDnIQ7sfawBaQckDTIQqsSevftrJpxluQUhzX0goWg4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "8f0e4ae161d56f81e13ddb83ec17cfd702493c3a",
+        "rev": "9dc87bdd533db31f14bd5fdc4f7fb6aab6a40056",
         "type": "github"
       },
       "original": {
@@ -448,11 +448,11 @@
         "nixpkgs": "nixpkgs_9"
       },
       "locked": {
-        "lastModified": 1642148099,
+        "lastModified": 1641111239,
-        "narHash": "sha256-XKXYI+4xov18J1cB2N3t0fEJUEy+8nLkm/J9AMNdRHY=",
+        "narHash": "sha256-w1jUAuVmImMQGhaUY8dNVAxE4SNULI32RqyRX6DXzBo=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "830fc4b7322dce7a0f44b27d057f6823601020a9",
+        "rev": "5906176ea9464d9a33c229b124fd713584bcfa57",
         "type": "github"
       },
       "original": {
@@ -485,11 +485,11 @@
         "nixpkgs": "nixpkgs_10"
       },
       "locked": {
-        "lastModified": 1642128126,
+        "lastModified": 1641091280,
-        "narHash": "sha256-av8JUACdrTfQYl/ftZJvKpZEmZfa0avCq7tt5Usdoq0=",
+        "narHash": "sha256-atemDjUQXazv/VQvEb7VC6JQ6oe2n7D2r/09qRsbthc=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "ce4ef6f2d74f2b68f7547df1de22d1b0037ce4ad",
+        "rev": "13b6bd69cd0ecf985fba18105a23464c5e76b24a",
         "type": "github"
       },
       "original": {
@@ -500,11 +500,11 @@
     },
     "stable": {
       "locked": {
-        "lastModified": 1641870998,
+        "lastModified": 1641046839,
-        "narHash": "sha256-6HkxR2WZsm37VoQS7jgp6Omd71iw6t1kP8bDbaqCDuI=",
+        "narHash": "sha256-9XJgfDKU1hhC0E16FxDJe//Utrm79AQxesPhTltwjQ4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb",
+        "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff",
         "type": "github"
       },
       "original": {

flake.nix

@@ -110,7 +110,7 @@
       Marisa = nixpkgs.lib.nixosSystem {
         system = "aarch64-linux";
         modules = [
-          ./hosts/marisa
+          ./hosts/servers/marisa.nix
           #inputs.mailserver.nixosModules.mailserver
           {
             nixpkgs.pkgs = self.legacyPackages.aarch64-linux; 
@@ -124,7 +124,7 @@
       Remilia = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [
-          ./hosts/remilia
+          ./hosts/servers/remilia.nix
           inputs.mailserver.nixosModules.mailserver
           {
             nixpkgs.pkgs = self.legacyPackages.x86_64-linux; 

hosts/marisa/networking.nix

@@ -1,9 +1,9 @@
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
 {
   networking = {
     hostName = "Marisa";
     firewall = {
-      allowedTCPPorts = [ 22 80 6060 5001 8800 8888 ];
+      allowedTCPPorts = [ 22 80 6060 5001 8800 8888 4444 4445 ];
       allowedUDPPorts = [ 17840 ];
     };
     wireless = {
@@ -13,10 +13,10 @@
     interfaces = {
       wlan0 = {
         useDHCP = false;
-        ipv4.addresses = [ {
+        ipv4.addresses = [{
           prefixLength = 24;
           address = "192.168.0.159";
-        } ];
+        }];
       };
     };
     wireguard.interfaces.wg0 = {

hosts/marisa/services.nix

@@ -1,22 +1,68 @@
-{lib, config, pkgs, ...}:
+{ lib, config, pkgs, ... }:
 {
   services = {
     openssh = {
       enable = true;
       permitRootLogin = "yes";
     };
+ /*   nomad = {
+      enable = true;
+      enableDocker = true;
+      settings = {
+        data_dir = "/var/lib/nomad";
+        server = {
+          enable = true;
+          bootstrap_expect = 1;
+        };
+        vault = {
+          enabled = true;
+          address = "https://10.55.0.2:6060";
+          ca_path = "../../cert.pem";
+          cert_file = "/var/vault/cert.pem";
+          key_file = "/var/vault/key.pem";
+#          allow_unauthenticated = true;
+          create_from_role = "nomad-cluster";
+        };
+
+      };
+    };*/
     vault = {
-      package = pkgs.vault-bin; enable = true;
+      package = pkgs.vault-bin;
+      enable = true;
       tlsCertFile = "/var/certs/cert.pem";
       tlsKeyFile = "/var/certs/key.pem";
       address = "0.0.0.0:8800";
-      extraSettingsPaths = [ /var/vault/vault.hcl ];
+      storageBackend = "file";
-      storageBackend = "postgresql";
+      storagePath = "/var/lib/vault";
       extraConfig = ''
         api_addr = "https://127.0.0.1:8800"
         ui = true
       '';
     };
+    consul = {
+      enable = true;
+      webUi = true;
+      extraConfig = rec {
+        bootstrap = true;
+        log_level = "DEBUG";
+        enable_syslog = true;
+        datacenter = "d1";
+        bind_addr = "10.55.0.2";
+        client_addr = bind_addr;
+        primary_datacenter = "d1";
+        node_name = "Marisa";
+        server = true;
+        connect = {
+          enabled = true;
+        };
+        encrypt = "zdlcIl2Z4D01SdNQMv6fSfBN6OkQU10LAyPvwdQDwn4=";
+        ca_file = "../../cert.pem";
+        ports = {
+          http = 4444;
+          grpc = 4445;
+        };
+      };
+    };
     vault-agent = {
       enable = true;
       settings = {
@@ -58,10 +104,10 @@
         local gitea all ident map=gitea-map
         host vault all 10.55.0.2/32 md5
         host all all 192.168.0.110/32 md5
-        '';
+      '';
       identMap = ''
         gitea-map gitea gitea
-        '';
+      '';
     };
     gitea = {
       enable = true;
@@ -79,22 +125,26 @@
       };
       settings = {
         oauth2_client = {
-          ENABLE_AUTO_REGISTRATION = true;
+         UPDATE_AVATAR = true;
-          UPDATE_AVATAR = true;
         };
         ui = {
-          DEFAULT_THEME="arc-green";
+          DEFAULT_THEME = "arc-green";
         };
         security = {
           LOGIN_REMEMBER_DAYS = 50;
         };
+        server = {
+          SSH_PORT = lib.mkForce 22001;
+        };
       };
     };
   };
+  #  systemd.services.consul.serviceConfig.Type = "notify";
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK06ZUa9BKmZ6m+xapBjOAm10OCLzxIm8ais20wQC47m"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSQnDNrNP69tIK7U2D7qaMjycfIjpgx0at4U2D5Ufib"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5V/hdkTTQSkDLXaEwY8xb/T8+sWtw5c6UjYOPaTrO8"
   ];
   security.pki.certificateFiles = [ ../../cert.pem ];
 }

hosts/remilia/networking.nix

@@ -11,7 +11,6 @@
             80 81
             443 444
             993 465 143 25 
-            22001
           ];
           allowedUDPPorts = [ 17840 ];
         };

hosts/remilia/services.nix

@@ -1,14 +1,13 @@
 {config, pkgs, ...}:
 {
   services = {
-    openssh = {
+    openssh = { enable = true;
-      enable = true;
       permitRootLogin = "yes";
     };
     nginx = {
       enable = true;
       package = (pkgs.nginx.overrideAttrs(oa: {
-        configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" "--with-stream" ];
+        configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ];
       }));
       virtualHosts = {
         "weirdnatto.in" = {
@@ -28,16 +27,6 @@
           };
         };
       };
-      streamConfig = ''
-      upstream gitea {
-        server 10.55.0.2:22;
-      }
-
-      server {
-        listen 22001;
-        proxy_pass gitea;
-      }
-      '';
     };
     vault-agent = {
       enable = true;

modules/min-pkgs.nix

@@ -7,6 +7,8 @@
     wireguard
     vault
     tree-sitter
+    rnix-lsp
+    nmap
   ];
 
   programs = {