chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

changes maybe

Browse source
This commit is contained in:
chaos 2023-09-20 18:04:33 +01:00
parent 9f54e8efa0
commit 5a246be433
No known key found for this signature in database
5 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/vault/profiles/vault.nix
View file

@ -12,6 +12,8 @@
services.nginx.virtualHosts."vault.owo.monster" = { services.nginx.virtualHosts."vault.owo.monster" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = {"/" = {proxyPass = "http://127.0.0.1:8200";};}; locations = {
"/".proxyPass = "http://127.0.0.1:8200";
};
}; };
} }

8
hosts/vault/secrets.nix
View file

@ -1,7 +1,15 @@
{...}: { {...}: {
# Since this is the machine that hosts vault
systemd.services.vault = {
before = "auto-secrets.service";
partOf = "auto-secrets-service";
};
services.secrets = { services.secrets = {
enable = true; enable = true;
vaultURL = "http://127.0.0.1:8200";
vaultLogin = { vaultLogin = {
enable = true; enable = true;
loginUsername = "vault"; loginUsername = "vault";

1
outputs.nix
View file

@ -52,6 +52,7 @@ in
inherit (pkgs) gotosocial; inherit (pkgs) gotosocial;
inherit (pkgs) cockroachdb; inherit (pkgs) cockroachdb;
inherit (pkgs) piped-backend piped-frontend piped-proxy; inherit (pkgs) piped-backend piped-frontend piped-proxy;
inherit (pkgs) kitty-terminfo;
}; };
} }

2
overlay/default.nix
View file

@ -10,7 +10,7 @@ final: prev: rec {
kitty-terminfo = final.runCommand "kitty-terminfo" {} '' kitty-terminfo = final.runCommand "kitty-terminfo" {} ''
mkdir -p $out/share mkdir -p $out/share
cp -r ${./kitty-terminfo/terminfo} $out/share cp -r ${./kitty-terminfo}/* $out/share
''; '';
cockroachdb-bin = final.callPackage ./cockroachdb-bin {}; cockroachdb-bin = final.callPackage ./cockroachdb-bin {};

14
presets/nixos/serverHetzner.nix
View file

@ -11,10 +11,10 @@
system = pkgs.system; system = pkgs.system;
container-ips = import "${self}/data/serverIPs.nix"; serverIPs = import "${self}/data/serverIPs.nix";
hostName = config.networking.hostName; hostName = config.networking.hostName;
serverIPs = container-ips.${hostName}; hostServerIPs = serverIPs.${hostName};
gateway = "172.31.1.1"; gateway = "172.31.1.1";
netmask = "255.255.255.255"; netmask = "255.255.255.255";
@ -43,7 +43,7 @@ in {
boot.kernelParams = boot.kernelParams =
[ [
"console=tty0" "console=tty0"
"ip=${serverIPs.ipv4}::${gateway}:${netmask}:${hostName}:enp1s0:any" "ip=${hostServerIPs.ipv4}::${gateway}:${netmask}:${hostName}:enp1s0:any"
"boot.shell_on_fail" "boot.shell_on_fail"
"nohibernate" "nohibernate"
"loglevel=4" "loglevel=4"
@ -57,22 +57,22 @@ in {
networkConfig.DHCP = "no"; networkConfig.DHCP = "no";
address = [ address = [
# v4 # v4
"${serverIPs.ipv4}/32" "${hostServerIPs.ipv4}/32"
# v6 # v6
"${serverIPs.ipv6}/64" "${hostServerIPs.ipv6}/64"
]; ];
routes = [ routes = [
# v4 # v4
{ {
routeConfig = { routeConfig = {
Destination = "172.31.1.1"; Destination = gateway;
}; };
} }
{ {
routeConfig = { routeConfig = {
Gateway = "172.31.1.1"; Gateway = gateway;
GatewayOnLink = true; GatewayOnLink = true;
}; };
} }