diff --git a/.sops.yaml b/.sops.yaml index 45672d3..a51654f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,9 +5,11 @@ keys: - &nixos age1rqnmhrrauup2wdhwsahq2ewk39ea9mwhuut2hzpmjfsnhdrxndcsajgj6a - &cobray age195uflh4prg2ysxghpe4h4fvzngc3flheh2yk558fnfrys9c82uvq8xyala + - &magus age1l30vp2udwqguzy82vat7p947fr8ss3cxt2turan3533007q80vss46m9vd creation_rules: - path_regex: secrets/.*\.yaml$ key_groups: - age: - *nixos - *cobray + - *magus diff --git a/flake.lock b/flake.lock index 2834e62..25a8801 100644 --- a/flake.lock +++ b/flake.lock @@ -55,6 +55,27 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773272006, + "narHash": "sha256-YGuXb5p9RCWJ7NrqDh1AUTy2NNfLYn38t6trGMpSkJc=", + "owner": "9001", + "repo": "copyparty", + "rev": "6eb4f0ad9cc266abd5007509a15be93daa887ccf", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -62,11 +83,11 @@ ] }, "locked": { - "lastModified": 1772867152, - "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", + "lastModified": 1773025010, + "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "owner": "nix-community", "repo": "disko", - "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", + "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "type": "github" }, "original": { @@ -82,11 +103,11 @@ ] }, "locked": { - "lastModified": 1772893410, - "narHash": "sha256-S8+Q/LGH9QL5vq8Tfa50OL1gPvIctdF0mcPuZ7uZ39c=", + "lastModified": 1773364473, + "narHash": "sha256-9YAdoHwraLtl6PWEc9IEn813nV5GU1CPkxQPTaLKIac=", "owner": "AvengeMedia", "repo": "dms-plugin-registry", - "rev": "740861847b193c099a2a7aff7300293c99528410", + "rev": "56ebc453b95a640021ab5c3542fc839b5c3506b7", "type": "github" }, "original": { @@ -100,11 +121,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1771242501, - "narHash": "sha256-7azh4I/Qxz9e3liYmslBptv/wcCZfs2mjbLueKgz6PE=", + "lastModified": 1773118123, + "narHash": "sha256-uwU+JTxjzveJgepaA84gyi28cx/akT7RE/qH8s7qMjk=", "owner": "Momoyaan", "repo": "dwproton-flake", - "rev": "4455649c5773abfc22244b36b5c542282dc76112", + "rev": "2279531470e2d98febfe0ad7433bcbd7dc83c9aa", "type": "github" }, "original": { @@ -196,11 +217,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -228,15 +249,12 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems" - }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", "type": "github" }, "original": { @@ -267,18 +285,17 @@ "ghostty": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs_4", "zig": "zig", "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1772901710, - "narHash": "sha256-iHVOdllj/cLEV7SdcvSjPem2pP6K7ISPL+HKnENoWjA=", + "lastModified": 1773361950, + "narHash": "sha256-GfVt1S3QXDxZF8wRZ5lvDJiobvRJSLB3hnOwPs5a/xM=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "472b926a4d7abbacad4deea17aa0a0c69ffc12d3", + "rev": "d4019fa484c821b8d3a1ef73d42357ae8d86f2b7", "type": "github" }, "original": { @@ -297,11 +314,11 @@ ] }, "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -401,11 +418,11 @@ ] }, "locked": { - "lastModified": 1772845525, - "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", + "lastModified": 1773332277, + "narHash": "sha256-1V+wRrZD9Sw12AQBUWk9CR+XhDZQ8q6yBE0S3Wjbd1M=", "owner": "nix-community", "repo": "home-manager", - "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", + "rev": "4aeef1941f862fe3a70d1b8264b4e289358c2325", "type": "github" }, "original": { @@ -489,11 +506,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1772907683, - "narHash": "sha256-BD6e/J2oclB0dDyvPJ9hVLNByiXaXn4jQ+CUZu5g4Kk=", + "lastModified": 1773316626, + "narHash": "sha256-BrDGYt2w2tSkCvjMtgcVGIAp3FWsV5Ycl4ongLZ/fLk=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "02f30ea15b349d1ed98b608ed06ec88c834592dd", + "rev": "e8684034525829d58054c32da914d1713398fbb8", "type": "github" }, "original": { @@ -775,11 +792,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1772906589, - "narHash": "sha256-RF6tdst0P1es2yY0w1BjptAzBPYNVUIRbjJ6cKOvefI=", + "lastModified": 1773283055, + "narHash": "sha256-wB/0EYnf7VnZxANC1xANXQtx5pS9riXR3Y4e2/BQ4Lo=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "a2456108efbdb96c0a5c2d5f733bdf8704da8254", + "rev": "021365f15453feab8aafc23fb3f111669a963292", "type": "github" }, "original": { @@ -795,11 +812,11 @@ ] }, "locked": { - "lastModified": 1772341813, - "narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=", + "lastModified": 1772945408, + "narHash": "sha256-PMt48sEQ8cgCeljQ9I/32uoBq/8t8y+7W/nAZhf72TQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f", + "rev": "1c1d8ea87b047788fd7567adf531418c5da321ec", "type": "github" }, "original": { @@ -827,14 +844,15 @@ "inputs": { "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_9", + "nixpkgs-nixcord": "nixpkgs-nixcord" }, "locked": { - "lastModified": 1772891434, - "narHash": "sha256-+MUN+5lOvWS6T4pvIZBGL4AKJkflLXGgVRYTlNeZEiE=", + "lastModified": 1773362752, + "narHash": "sha256-VO4M4+Tt0CgGbIj30abxIxnK0aVHklwhTzeVM2/nj4c=", "owner": "kaylorben", "repo": "nixcord", - "rev": "fc63af2dbc92cdcfeb6c650d986280057b0f135c", + "rev": "5f38b1630b5af54ea7bad2a2308298fe10648a36", "type": "github" }, "original": { @@ -861,11 +879,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -889,13 +907,29 @@ "type": "github" } }, - "nixpkgs_10": { + "nixpkgs-nixcord": { "locked": { - "lastModified": 1772906963, - "narHash": "sha256-jT3m0eiRH9TLqMsMVblze5/DPupInp8Qc8Gop8Zxfho=", + "lastModified": 1773222311, + "narHash": "sha256-BHoB/XpbqoZkVYZCfXJXfkR+GXFqwb/4zbWnOr2cRcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a60c0dff24e7109c0e87fd53e5bbc0032fa0cbd", + "rev": "0590cd39f728e129122770c029970378a79d076a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_10": { + "locked": { + "lastModified": 1773365326, + "narHash": "sha256-hSUZrHUxc1URUB7kvHEtAGiceg53s1wBk9VDCSn0+9A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "84d57a69108bcf1368c30fdfcfec391bea670f59", "type": "github" }, "original": { @@ -906,11 +940,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1772419343, - "narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=", + "lastModified": 1772956932, + "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9", + "rev": "608d0cadfed240589a7eea422407a547ad626a14", "type": "github" }, "original": { @@ -938,11 +972,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772822230, - "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", + "lastModified": 1773222311, + "narHash": "sha256-BHoB/XpbqoZkVYZCfXJXfkR+GXFqwb/4zbWnOr2cRcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", + "rev": "0590cd39f728e129122770c029970378a79d076a", "type": "github" }, "original": { @@ -1015,11 +1049,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1772173633, - "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", + "lastModified": 1772736753, + "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", "type": "github" }, "original": { @@ -1031,11 +1065,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1772465433, - "narHash": "sha256-ywy9troNEfpgh0Ee+zaV1UTgU8kYBVKtvPSxh6clYGU=", + "lastModified": 1773222311, + "narHash": "sha256-BHoB/XpbqoZkVYZCfXJXfkR+GXFqwb/4zbWnOr2cRcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c581273b8d5bdf1c6ce7e0a54da9841e6a763913", + "rev": "0590cd39f728e129122770c029970378a79d076a", "type": "github" }, "original": { @@ -1089,11 +1123,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1772470809, - "narHash": "sha256-exjX+6eNT+hxu7+ODK4oag4dcEY2nevXaCO+oqQIhBE=", + "lastModified": 1773110605, + "narHash": "sha256-AnfAO9sLP/0r0e3ycDJ81F3nUmrkHlHmrlaejpwih+I=", "owner": "Arsalan2356", "repo": "proton-cachyos-flake", - "rev": "c419ee36b64a87b175c8c3ce49187c2a992b5be0", + "rev": "55025d0c21884159f7c33ec5887be0ca51974832", "type": "github" }, "original": { @@ -1109,11 +1143,11 @@ ] }, "locked": { - "lastModified": 1772795720, - "narHash": "sha256-jAmJlxVl+dy3OgF9zn0MVmeXSmblRaDMMV1X1hzRN5g=", + "lastModified": 1773313344, + "narHash": "sha256-wH4EkAGRBmmSnn8CeryL82z4648KogtPlxi0med6WEQ=", "ref": "refs/heads/master", - "rev": "6bcd3d9bbf81efdd8620409b268b90310bc1374c", - "revCount": 749, + "rev": "706d6de7b0236cec2c25556e284b91104a4e834b", + "revCount": 754, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1125,6 +1159,7 @@ "root": { "inputs": { "aagl": "aagl", + "copyparty": "copyparty", "disko": "disko", "dms-plugins-registry": "dms-plugins-registry", "dw-proton": "dw-proton", @@ -1172,11 +1207,11 @@ ] }, "locked": { - "lastModified": 1772495394, - "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=", + "lastModified": 1773096132, + "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff", + "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", "type": "github" }, "original": { @@ -1186,6 +1221,7 @@ } }, "systems": { + "flake": false, "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1232,11 +1268,11 @@ }, "unstable": { "locked": { - "lastModified": 1772736753, - "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", + "lastModified": 1773201692, + "narHash": "sha256-NXrKzNMniu4Oam2kAFvqJ3GB2kAvlAFIriTAheaY8hw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "917fec990948658ef1ccd07cef2a1ef060786846", + "rev": "b6067cc0127d4db9c26c79e4de0513e58d0c40c9", "type": "github" }, "original": { @@ -1293,21 +1329,18 @@ "ghostty", "flake-compat" ], - "flake-utils": [ - "ghostty", - "flake-utils" - ], "nixpkgs": [ "ghostty", "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1763295135, - "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=", + "lastModified": 1773145353, + "narHash": "sha256-dE8zx8WA54TRmFFQBvA48x/sXGDTP7YaDmY6nNKMAYw=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a", + "rev": "8666155d83bf792956a7c40915508e6d4b2b8716", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 675acb1..1b3fdd9 100644 --- a/flake.nix +++ b/flake.nix @@ -85,6 +85,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + copyparty = { + url = "github:9001/copyparty"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -178,7 +183,6 @@ inherit inputs; hyprlanddots = inputs.hyprland-dots; nvimDots = inputs.nvim-dots; - #dankMaterialShell = inputs.dankMaterialShell.packages.${system}.default; }; sharedModules = [ inputs.nixcord.homeModules.nixcord @@ -198,6 +202,8 @@ modules = [ inputs.disko.nixosModules.disko inputs.nix-index-database.nixosModules.nix-index + inputs.copyparty.nixosModules.default + inputs.sops-nix.nixosModules.sops { nixpkgs = { config = { @@ -206,6 +212,7 @@ }; hostPlatform = system; overlays = [ + inputs.copyparty.overlays.default (final: prev: { inherit (customPkgs) diff --git a/hosts/magus.nix b/hosts/magus.nix index 0ce061a..f7d18fa 100644 --- a/hosts/magus.nix +++ b/hosts/magus.nix @@ -1,8 +1,5 @@ { - config, pkgs, - lib, - inputs, modulesPath, ... }: { @@ -22,8 +19,9 @@ ./modules/rust.nix ./modules/python.nix ./modules/go.nix - ./modules/ld.nix - ./modules/core.nix + ./modules/misc.nix + ./server/forgejo.nix + ./server/copyparty.nix ]; system.stateVersion = "25.11"; @@ -34,20 +32,10 @@ programs.fish.enable = true; - npm.enable = true; - environment.systemPackages = with pkgs; [ xclip direnv ]; - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - settings.auto-optimise-store = true; - }; services = { fstrim.enable = true; xserver.enable = false; diff --git a/hosts/server/copyparty.nix b/hosts/server/copyparty.nix new file mode 100644 index 0000000..8991d1d --- /dev/null +++ b/hosts/server/copyparty.nix @@ -0,0 +1,64 @@ +{config, ...}: { + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + secrets.copyparty = { + owner = "copyparty"; + }; + }; + services.copyparty = { + enable = true; + settings = { + i = "127.0.0.1"; + p = [3923]; + e2dsa = true; + e2ts = true; + xff-src = "127.0.0.1"; + og-ua = "(Discord|Twitter|Slack)bot"; + }; + accounts = { + admin.passwordFile = config.sops.secrets.copyparty.path; + }; + volumes = { + "/" = { + path = "/srv/copyparty"; + access = { + A = "admin"; + g = "*"; + }; + flags = { + e2d = true; + dedup = true; + }; + }; + }; + }; + systemd.tmpfiles.rules = [ + "d /srv/copyparty 0750 copyparty copyparty -" + ]; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."share.monaie.ca" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3923"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 0; + proxy_buffering off; + proxy_request_buffering off; + proxy_buffers 32 8k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 24k; + proxy_set_header Connection "Keep-Alive"; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + ''; + }; + }; + }; +} diff --git a/hosts/server/filebrowser.nix b/hosts/server/filebrowser.nix new file mode 100644 index 0000000..4ddeff7 --- /dev/null +++ b/hosts/server/filebrowser.nix @@ -0,0 +1,34 @@ +{...}: { + services.filebrowser = { + enable = true; + settings = { + address = "127.0.0.1"; + port = 6767; + root = "/srv/filebrowser"; + database = "/var/lib/filebrowser/filebrowser.db"; + }; + }; + + systemd.tmpfiles.rules = [ + "d /srv/filebrowser 0750 filebrowser filebrowser -" + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."share.monaie.ca" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:6767"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; +} diff --git a/hosts/server/forgejo.nix b/hosts/server/forgejo.nix new file mode 100644 index 0000000..414f439 --- /dev/null +++ b/hosts/server/forgejo.nix @@ -0,0 +1,79 @@ +{...}: let + domain = "git.monaie.ca"; + port = 3000; +in { + services.postgresql = { + enable = true; + ensureDatabases = ["forgejo"]; + ensureUsers = [ + { + name = "forgejo"; + ensureDBOwnership = true; + } + ]; + }; + + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = port; + SSH_DOMAIN = domain; + }; + service = { + DISABLE_REGISTRATION = true; + REQUIRE_SIGNIN_VIEW = false; + }; + session = { + PROVIDER = "redis"; + PROVIDER_CONFIG = "network=unix,addr=/run/redis-forgejo/redis.sock,db=0,pool_size=100,idle_timeout=180"; + }; + cache = { + ADAPTER = "redis"; + HOST = "network=unix,addr=/run/redis-forgejo/redis.sock,db=1,pool_size=100,idle_timeout=180"; + }; + queue = { + TYPE = "redis"; + CONN_STR = "network=unix,addr=/run/redis-forgejo/redis.sock,db=2"; + }; + log.LEVEL = "Warn"; + security.INSTALL_LOCK = true; + actions.ENABLED = false; + }; + }; + + services.redis.servers.forgejo = { + enable = true; + port = 0; + unixSocket = "/run/redis-forgejo/redis.sock"; + unixSocketPerm = 660; + }; + users.users.forgejo.extraGroups = ["redis-forgejo"]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + extraConfig = "client_max_body_size 0M;"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString port}"; + proxyWebsockets = true; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "riiidge.racer@gmail.com"; + }; +} diff --git a/hosts/server/networking.nix b/hosts/server/networking.nix index 48c50a9..8fb41e1 100644 --- a/hosts/server/networking.nix +++ b/hosts/server/networking.nix @@ -1,8 +1,4 @@ -{ - config, - lib, - ... -}: { +{...}: { networking = { hostName = "magus"; useDHCP = false; diff --git a/hosts/server/redis.nix b/hosts/server/redis.nix index 55a5cd4..40efad2 100644 --- a/hosts/server/redis.nix +++ b/hosts/server/redis.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: { +{...}: { services.redis.servers."" = { enable = true; bind = "127.0.0.1"; diff --git a/hosts/server/security.nix b/hosts/server/security.nix index fbf7c58..3b7057b 100644 --- a/hosts/server/security.nix +++ b/hosts/server/security.nix @@ -1,8 +1,4 @@ -{ - config, - pkgs, - ... -}: { +{pkgs, ...}: { services.openssh = { enable = true; ports = [8123]; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index a04bd6a..2d938c1 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -16,27 +16,37 @@ api: cachix: ENC[AES256_GCM,data:9qtGi/0eJep0vHafCLnJAWJxFBMP0nNiiDkvTYhZDMw+PcwTe2nsWZ/IPpBGfAayv9/vPv60U5vwPYJyzTVuo5UXVBSWTISzydTn6OZNhGbItHPg76TZOAP1Aj14Qk/Q9XMrWCs2AtwmkQlG8R4nRL0I5i+7xnn9PvjBRO3RiduREox+4qZuE6WcIXSg2pm0BA==,iv:B2pVSZXtIhUnUcIyMdYyWVpo58V8oAh+EhKUfhaV7A4=,tag:RLC+SspSqP47sB5sLojx3Q==,type:str] vast: ENC[AES256_GCM,data:sR/Dz8uIzm22gPWUN/mcWpF9UsPQd5x836ohnp+RVw5YS4cTGe0lzpIYvEofNoChijABhzarr7aFcT9Wwas6eQ==,iv:P1BCmKMO3kJU4IZIxfxLyAsMG5Gv2/ceCZsFYFtsRts=,tag:SFXNtEuIswPAoeZp6Vg+Pw==,type:str] hf: ENC[AES256_GCM,data:VRZd9BkraUJzuIzPYaB/+/S4AMJKeRU3hJiBaej+VimfePI9COGnnGItd/YL+Nsh0u6FrPZGuu1HJxJHGw4Ydrbk24s=,iv:DtaVaUNEqgE3tIRBJ+XiO5T8qkf6mEciNGLKRRVfjWc=,tag:tCehxESzfSsdmpezK0bWyg==,type:str] +copyparty: ENC[AES256_GCM,data:mdGOMAxJz7AZufV6aKAE3P6zlsKg,iv:Rn4/opEVreG18Fk6hba2mGG+T7L+isGd9HIUoArFMzw=,tag:zTb46zo59Yr5HweaHJuYyw==,type:str] sops: age: - recipient: age1rqnmhrrauup2wdhwsahq2ewk39ea9mwhuut2hzpmjfsnhdrxndcsajgj6a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUVF5QzJtUG5xWjhxL3JO - dHV0Yjl6eUR0M1FsWS9tOCtKUkhYenVCbUNVCmd0enpVdGZuYnNySE1CVTBzcnZ0 - ckVxSEk4VDRvTzN6SS9IWExtKzlqYkUKLS0tIC9FT1BVdWpISVIySEdwUGMzU21H - aEpXN3BCY2Qxb2I5eUpIUitkaGJxU1kKBWHVxyj529sPs/V4S8TXYeiHU10EphXR - 8H5MCUFywwqDFD6xG3kzthx8yn+sNqsmeoU0rqlDEIQJhBmJLnjeUg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWW4rdWF1cDRDWlIyRGpG + TEl5U3JOS3JvVElLUGZENmFncFdBTVh0dlEwClZRL2cxcDllc0cyR1g4bUJxREFt + Ylp4akJRK01OVTZFZTZJQW9nNzR2ekEKLS0tIHF3STYxUVVhZy9GS1Y2M09xMFlW + REFnSVc2Tk4zYnFpY1hHOE9lVjlMbFUKZpyLFtIcSkaGgT6uCBpPH8i3VQDmJnCQ + r480BWwsLQNZ3jThRPsMRKWwddWgDz1uw/+d3Xq0NXU5XaPwuYpylQ== -----END AGE ENCRYPTED FILE----- - recipient: age195uflh4prg2ysxghpe4h4fvzngc3flheh2yk558fnfrys9c82uvq8xyala enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSkoyVDlmdjliaDhYWnNC - c2pUZjBxMjZKaW40Z2t1aUNRelFmRGlVa3pJCkxRaU5jKytBWk0xbFVLOEJ5a0lw - aHR1N1h6dzd6Z3czWjR1ZFh5aFY4RG8KLS0tIEJGSkdhV1RyRE1rbVAwajlvLzBi - MWloN252SnJPYitMYUN5eTZtbUtTbHMK1wBkjyg/dHbm6Pf9mDh91Ve0m9ZyRvcR - LgEeeWTq6bs8LeslSlv6KNzvEPdNPbhUC0UX1AwYw1Re3/VuXxPHnA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveHQyQXVZaGRLU2E0WGs3 + VmY3QjVrVUVxbGZBVjNOVTVLTFZ4WlE0VXcwCkdCejF4VytSVk9yUmVEcjBNU3k4 + NlhXY3pOYkFjS1lPVjUwaitLSWxHUDgKLS0tIDZ1Ry8xZVBhQjZpM25lQVhDTlE1 + Q1o4Z3VKckRsU0k4S3lGSlRUejRQYzAKsrjzyRFJCfGccxHQvW9m5UpTBLg3vIS4 + OWXeNOIaLJOndJqfJanpjygLYchifbMY2WLYkiuO1vZzuqUh/DASDw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-07T04:53:38Z" - mac: ENC[AES256_GCM,data:hz7qNqFvgB//6OEJb0S5nxE8htYlNihYCHSFaaFSw8vltuvofZ7kJSDgO5WfTGcj+B312wBhPn+TYINmmL2+KSYHsPW1erQsLqS8/hI5buU1ixYKEfnuXdt8/EtWT9zjTYFer8U871e5fYmFnpvlelAweT2x1psOEGI5ERy7/VM=,iv:ktrO/uakTz5o6vR41bDBXMSU//hwfXmurtrXeBz65UU=,tag:itOQIy2m8L9c6qiytyRT7w==,type:str] + - recipient: age1l30vp2udwqguzy82vat7p947fr8ss3cxt2turan3533007q80vss46m9vd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQm1HOG1oOGJWUi8ycXQx + Yzgzem01eWZKdDB4bFpDUy84Q2FpaVJJWEhZCjRKL0tGSDIzUDBvaUFHaE1GNUpM + SXZROENva3FlT05XTk5EOEUvVFR2S00KLS0tIHg1K2Z0MHR2TmRmU1BVVExOQXFy + d29DcTBRdGM4MnBlVlRqNUMyRzZuOUkKynbZibt5vQFeEnfVcO812NbY3jnJNUCp + 9SHgNo0PYlFJGkWx8vZxc4gNYBEXqCwxuHvI7IDqOw2HRD1G+rHrSw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-13T04:13:02Z" + mac: ENC[AES256_GCM,data:VP5Q+ik65yNKLZm8G2f+uv4rU3qCTugZM8xdASI740enurprk6nfCaPiCTKF2CEiINb0ZKOy+0nKntTB3GEQcYOom0wxZUOhoavmkqxuqXNMTkeyXhk5Af9BVz5Kxqlhd5gHXQvDDrZYxCSgFTrt4QoTmLNqg5rHkSRUDCa/MGI=,iv:J046v5FeyIa/wWNZmcL4LSDyu0XfNpqDCyg8kNMREfk=,tag:Qqrg8Azb3GJSsCXe6sQIig==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1