xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

change domain

Browse source
This commit is contained in:
xunuwu 2025-04-21 21:31:29 +02:00
parent d442e69f2f
commit 44f2ab69ba
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
11 changed files with 89 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -679,7 +679,7 @@
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"hercules-ci-effects": "hercules-ci-effects", "hercules-ci-effects": "hercules-ci-effects",
"neovim-src": "neovim-src", "neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
@ -758,7 +758,9 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1745114634, "lastModified": 1745114634,
@ -819,22 +821,6 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1740547748, "lastModified": 1740547748,
"narHash": "sha256-Ly2fBL1LscV+KyCqPRufUBuiw+zmWrlJzpWOWbahplg=", "narHash": "sha256-Ly2fBL1LscV+KyCqPRufUBuiw+zmWrlJzpWOWbahplg=",
@ -934,7 +920,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nvim-config": "nvim-config", "nvim-config": "nvim-config",
"sobercookie": "sobercookie", "sobercookie": "sobercookie",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",

6
flake.nix
View file

@ -9,13 +9,15 @@
systemProfiles = mylib.loadTree2 ./sys/profiles; systemProfiles = mylib.loadTree2 ./sys/profiles;
homeProfiles = mylib.loadTreeInf ./home/profiles; homeProfiles = mylib.loadTreeInf ./home/profiles;
homeSuites = mylib.loadBranch ./home/suites; homeSuites = mylib.loadBranch ./home/suites;
vars = builtins.mapAttrs (_: v: import v) (mylib.loadBranch ./vars);
in in
flake-parts.lib.mkFlake {inherit inputs;} { flake-parts.lib.mkFlake {inherit inputs;} {
systems = ["x86_64-linux"]; systems = ["x86_64-linux"];
flake._mylib = mylib; # for debugging :3 flake._mylib = mylib; # for debugging :3
flake._vars = vars; # for debugging :3
flake.nixosConfigurations = mylib.loadConfigurations ./sys/machines { flake.nixosConfigurations = mylib.loadConfigurations ./sys/machines {
inherit inputs self systemProfiles homeProfiles homeSuites; inherit inputs self systemProfiles homeProfiles homeSuites vars;
}; };
perSystem = {pkgs, ...}: { perSystem = {pkgs, ...}: {
@ -62,7 +64,7 @@
vpn-confinement.url = "github:Maroka-chan/VPN-Confinement"; vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
# nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
sobercookie.url = "github:xunuwu/sobercookie"; sobercookie.url = "github:xunuwu/sobercookie";
sobercookie.inputs.nixpkgs.follows = "nixpkgs"; sobercookie.inputs.nixpkgs.follows = "nixpkgs";

21
sys/machines/hopper/lab/acme.nix
View file

@ -1,14 +1,23 @@
{config, ...}: { {
config,
vars,
...
}: let
inherit (vars.common) domain;
in {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "xunuwu@gmail.com"; defaults.email = "xunuwu@gmail.com";
certs = { certs = {
"xunuwu.xyz" = { "${domain}" = {
domain = "*.xunuwu.xyz"; domain = "${domain}";
dnsProvider = "cloudflare"; extraDomainNames = ["*.${domain}"];
dnsProvider = "porkbun";
reloadServices = ["caddy.service"]; reloadServices = ["caddy.service"];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path; credentialFiles = {
extraDomainNames = ["xunuwu.xyz"]; PORKBUN_API_KEY_FILE = config.sops.secrets.porkbun_api_key.path;
PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets.porkbun_secret_key.path;
};
}; };
}; };
}; };

14
sys/machines/hopper/lab/caddy.nix
View file

@ -1,5 +1,9 @@
{config, ...}: let {
domain = "xunuwu.xyz"; config,
vars,
...
}: let
inherit (vars.common) domain;
caddyPort = 8336; caddyPort = 8336;
in { in {
systemd.services.caddy.vpnConfinement = { systemd.services.caddy.vpnConfinement = {
@ -7,8 +11,14 @@ in {
vpnNamespace = "wg"; vpnNamespace = "wg";
}; };
systemd.services.caddy = {
environment.CADDY_ADMIN = "0.0.0.0:2019";
serviceConfig.RuntimeDirectory = "caddy";
};
services.caddy = { services.caddy = {
enable = true; enable = true;
globalConfig = "metrics";
virtualHosts = { virtualHosts = {
jellyfin = { jellyfin = {
useACMEHost = domain; useACMEHost = domain;

14
sys/machines/hopper/lab/homepage.nix
View file

@ -1,4 +1,10 @@
{config, ...}: { {
config,
vars,
...
}: let
inherit (vars.common) domain;
in {
systemd.services.homepage-dashboard.vpnConfinement = { systemd.services.homepage-dashboard.vpnConfinement = {
enable = true; enable = true;
vpnNamespace = "wg"; vpnNamespace = "wg";
@ -42,13 +48,13 @@
"Services" = [ "Services" = [
{ {
"jellyfin" = { "jellyfin" = {
href = "https://jellyfin.xunuwu.xyz"; href = "https://jellyfin.${domain}";
icon = "jellyfin"; icon = "jellyfin";
}; };
} }
{ {
"navidrome" = { "navidrome" = {
href = "https://navidrome.xunuwu.xyz"; href = "https://navidrome.${domain}";
icon = "navidrome"; icon = "navidrome";
}; };
} }
@ -66,7 +72,7 @@
} }
{ {
"vaultwarden" = { "vaultwarden" = {
href = "https://vw.xunuwu.xyz"; href = "https://vw.${domain}";
icon = "vaultwarden"; icon = "vaultwarden";
}; };
} }

1
sys/machines/hopper/lab/navidrome.nix
View file

@ -8,7 +8,6 @@
EnableSharing = true; EnableSharing = true;
}; };
}; };
systemd.services.navidrome.unitConfig.After = ["caddy.service"];
systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path; systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path;
services.restic.backups.hopper = { services.restic.backups.hopper = {

6
sys/machines/hopper/lab/prometheus.nix
View file

@ -20,6 +20,12 @@
targets = ["100.100.100.100"]; targets = ["100.100.100.100"];
}; };
} }
{
job_name = "caddy";
static_configs = lib.singleton {
targets = ["192.168.15.1:2019"];
};
}
]; ];
}; };

1
sys/machines/hopper/lab/vpn-namespace.nix
View file

@ -37,6 +37,7 @@
8336 # caddy 8336 # caddy
80 # caddy 80 # caddy
443 # caddy 443 # caddy
2019 # caddy admin, for prometheus metrics
1900 # jellyfin discovery 1900 # jellyfin discovery
7359 # jellyfin discovery 7359 # jellyfin discovery
]; ];

2
sys/profiles/secrets/hopper/default.nix
View file

@ -5,6 +5,8 @@
format = "binary"; format = "binary";
sopsFile = ./wireguard; sopsFile = ./wireguard;
}; };
porkbun_api_key.sopsFile = ./porkbun.yaml;
porkbun_secret_key.sopsFile = ./porkbun.yaml;
slskd = { slskd = {
format = "binary"; format = "binary";
sopsFile = ./slskd; sopsFile = ./slskd;

31
sys/profiles/secrets/hopper/porkbun.yaml Normal file
View file

@ -0,0 +1,31 @@
porkbun_api_key: ENC[AES256_GCM,data:XJPpQmR/Qif4SHkOgGCPmcWr0RQ3BDLcpmb0PMRjH052WFXoAdXglNjs0I6vMpunQo86WTrS1O2pE8FTuHb/28eDFoU=,iv:+6cqvjSSt8Yioco6AaZnYXBDCbDUyzY755E4Z9v+188=,tag:j1i88gG3dtE0aPojeH1Mjg==,type:str]
porkbun_secret_key: ENC[AES256_GCM,data:UPEfnyl0cjBjCR1/Goljx0jLRH6FUQFrqeYQ5CmoXopp2n/9QYesPg2Zaue1p5HiUm+YUwR1XRxdrupUZhhcDEKYsPY=,iv:Jx1L3hO90DYfhnCdICIDHhT9xMdOZCkOUoOI/cmtbtM=,tag:ADTqd9PNrv5NS/XuUBT9yw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYYkhHSDE1Rk10WUVETkYz
QnRkMTZRaW42dUFqYy93VzZMUTNsWkhBejJnClVpL0UzY0V6aHhtaS9hK3JwR3pX
TmZnZis0MXgyMHFtQXVPYTFpc092amMKLS0tIGM2VCtBQy9BcHkrbkVuU1JnNHlX
b2Q2Vm9JaXovSG01VjBXc0JHVlg4OUEKLu2dgxebe7TcHl8XD9uRWbB6bjToPfdz
Q33TWttTDYnBThM9FCzr3CXk+tpYIwQ75ZDRJsX5K7eo1XhdvKr7KA==
-----END AGE ENCRYPTED FILE-----
- recipient: age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeEJJNVU4dEM3MjdOU0hZ
WlFPZlorSnlDOHNscnhRN3pNMWN1dGRyMlVnClVEeGI4L0RYZzAxcEFmLzYxbWdR
M0lnSE9sTDgwSStvY0J5Wk9ob1hnRjgKLS0tIHpFSHdVYmxCWFRZVk42bTVWaHB2
Yi9kNU5nNTVTbEdSQWxpYzY3OUFhQk0Kh4rW5YIyUo77/q3e+mpOua9LviOodSDo
BFq+GJ55vmTnnsWnNdZ75fA8D3NAGkt90J0vdHTY+S4O3kXK6deGyQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-21T17:52:04Z"
mac: ENC[AES256_GCM,data:FFDYoULGiuxvYbKPshbNAMVQxuSxC9y+UsEh27iXg77tkPm3h9nFD6kkGPn/WhSq22K3e4CPKcdh9OyloNmnj87zQ4U2yMC54L6ecDFv7s/wXx9QIfdjTptwMVHVmj/eWhiT/GNPXmIBQvQdO1WNgt/Phe7avbwMd2v3Z5QjKjM=,iv:T88XSRb1izA2xBidsgZaPkUWyxWeteZ1Lk837ah2dEU=,tag:r0OcLmwQ7SK3FQBpXrVJrA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

3
vars/common.nix Normal file
View file

@ -0,0 +1,3 @@
{
domain = "242114.xyz";
}