diff --git a/flake.lock b/flake.lock index 08a02e2..07d05f9 100644 --- a/flake.lock +++ b/flake.lock @@ -36,35 +36,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", - "type": "github" - }, - "original": { - "id": "flake-compat", - "type": "indirect" - } - }, - "flake-utils": { - "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, "home-manager": { "inputs": { "nixpkgs": "nixpkgs_2" @@ -83,40 +54,6 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1632468475, - "narHash": "sha256-NNOm9CbdA8cuwbvaBHslGbPTiU6bh1Ao+MpEPx4rSGo=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "6bd668af3fd098bdd07a1bedd399564141e275da", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1633098935, - "narHash": "sha256-UtuBczommNLwUNEnfRI7822z4vPA7OoRKsgAZ8zsHQI=", - "owner": "nixos", - "repo": "nix", - "rev": "4f496150eb4e0012914c11f0a3ff4df2412b1d09", - "type": "github" - }, - "original": { - "id": "nix", - "type": "indirect" - } - }, "nixpkgs": { "locked": { "lastModified": 1632086102, @@ -163,41 +100,11 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1632864508, - "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.05-small", - "type": "indirect" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1632495107, - "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=", - "owner": "serokell", - "repo": "nixpkgs", - "rev": "be220b2dc47092c1e739bf6aaf630f29e71fe1c4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "root": { "inputs": { "deploy-rs": "deploy-rs", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_3", - "vault-secrets": "vault-secrets" + "nixpkgs": "nixpkgs_3" } }, "utils": { @@ -214,27 +121,6 @@ "repo": "flake-utils", "type": "github" } - }, - "vault-secrets": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", - "nix": "nix", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1633626134, - "narHash": "sha256-fvd+l1iuH+ufwNIt6ppZnIfMs+BEj5dtIAKmGKTbaCQ=", - "owner": "serokell", - "repo": "vault-secrets", - "rev": "1bf4a02eea83d3042bd3d1e2f2266b15077b48b4", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "vault-secrets", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c8f0870..1e82589 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager"; deploy-rs.url = "github:serokell/deploy-rs"; - vault-secrets.url = "github:serokell/vault-secrets"; }; outputs = { ... }@inputs: import ./outputs.nix inputs; diff --git a/home/base/zsh.nix b/home/base/zsh.nix index 034969c..14d3ed1 100644 --- a/home/base/zsh.nix +++ b/home/base/zsh.nix @@ -27,7 +27,6 @@ log = "journalctl"; dmesg = "dmesg -HP"; hg = "history 0 | rg"; - vaulttest = "echo nothing"; }; }; programs.direnv = { diff --git a/home/dev/vcs.nix b/home/dev/vcs.nix index 3ff0b78..ac63db7 100644 --- a/home/dev/vcs.nix +++ b/home/dev/vcs.nix @@ -1,3 +1,3 @@ { pkgs, ... }: { - home.packages = with pkgs; [ gitAndTools.gitFull darcs subversion ]; + home.packages = with pkgs; [ gitAndTools.gitFull ]; } diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index 0aa6505..258cb25 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -3,9 +3,15 @@ { imports = with tree; [ users.chaoticryptidz + profiles.tailscale profiles.sshd + + hosts.hetzner-vm.services.nginx hosts.hetzner-vm.services.invidious + hosts.hetzner-vm.services.vault + hosts.hetzner-vm.services.jitsi + (modulesPath + "/profiles/qemu-guest.nix") ]; diff --git a/hosts/hetzner-vm/services/invidious.nix b/hosts/hetzner-vm/services/invidious.nix index d4cdbb9..2ecd747 100644 --- a/hosts/hetzner-vm/services/invidious.nix +++ b/hosts/hetzner-vm/services/invidious.nix @@ -1,35 +1,42 @@ -{...}: { - services.invidious = { - enable = true; - port = 3000; - settings = { - full_refresh = true; - https_only = true; - popular_enabled = false; - statistics_enabled = true; - registration_enabled = true; - channel_threads = 2; - feed_threads = 2; - default_user_preferences = { - locale = "en-US"; - region = "GB"; - captions = ["English (auto-generated)" "English" ""]; - dark_mode = true; - feed_menu = ["Subscriptions" "Popular"]; - default_home = "Subscriptions"; - max_results = 30; - annotations = true; - annotations_subscribed = true; - comments = []; - player_style = "invidious"; - related_videos = true; - autoplay = true; - continue = false; - continue_autoplay = true; - quality = "hd720"; - local = false; - }; - }; +{ ... }: { + services.invidious = { + enable = true; + port = 3000; + settings = { + full_refresh = true; + https_only = true; + popular_enabled = false; + statistics_enabled = true; + registration_enabled = true; + channel_threads = 2; + feed_threads = 2; + default_user_preferences = { + locale = "en-US"; + region = "GB"; + captions = [ "English (auto-generated)" "English" "" ]; + dark_mode = true; + feed_menu = [ "Subscriptions" "Popular" ]; + default_home = "Subscriptions"; + max_results = 30; + annotations = true; + annotations_subscribed = true; + comments = [ ]; + player_style = "invidious"; + related_videos = true; + autoplay = true; + continue = false; + continue_autoplay = true; + quality = "hd720"; + local = false; + }; }; - networking.firewall.allowedTCPPorts = [ 3000 ]; -} \ No newline at end of file + }; + + services.nginx.virtualHosts."invidious-unproxied.owo.monster" = { + forceSSL = true; + enableACME = true; + locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; + }; + + #networking.firewall.allowedTCPPorts = [ 3000 ]; +} diff --git a/hosts/hetzner-vm/services/jitsi.nix b/hosts/hetzner-vm/services/jitsi.nix new file mode 100644 index 0000000..af4b028 --- /dev/null +++ b/hosts/hetzner-vm/services/jitsi.nix @@ -0,0 +1,9 @@ +{ ... }: { + services.jitsi-meet.enable = true; + services.jitsi-meet.hostName = "jitsi.owo.monster"; + services.jitsi-meet.nginx.enable = true; + services.nginx.virtualHosts."jitsi.owo.monster" = { + forceSSL = true; + enableACME = true; + }; +} \ No newline at end of file diff --git a/hosts/hetzner-vm/services/nginx.nix b/hosts/hetzner-vm/services/nginx.nix new file mode 100644 index 0000000..0f9d1a9 --- /dev/null +++ b/hosts/hetzner-vm/services/nginx.nix @@ -0,0 +1,16 @@ +{...}: { + security.acme = { + email = "chaoticryptidz@owo.monster"; + acceptTerms = true; + }; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = ""; + clientMaxBodySize = "512m"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hosts/hetzner-vm/services/vault.nix b/hosts/hetzner-vm/services/vault.nix new file mode 100644 index 0000000..313cc3b --- /dev/null +++ b/hosts/hetzner-vm/services/vault.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: { + services.vault = { + enable = true; + package = pkgs.vault-bin; + address = "127.0.0.1:8200"; + storageBackend = "file"; + extraConfig = '' + ui = true + ''; + }; + services.nginx.virtualHosts."vault.owo.monster" = { + forceSSL = true; + enableACME = true; + locations = { "/".proxyPass = "http://127.0.0.1:8200"; }; + }; + #networking.firewall.allowedTCPPorts = [ 8200 ]; +} diff --git a/hosts/lappy/lappy.nix b/hosts/lappy/lappy.nix index 47efb60..7c09e51 100644 --- a/hosts/lappy/lappy.nix +++ b/hosts/lappy/lappy.nix @@ -12,9 +12,6 @@ profiles.sway profiles.dnscrypt #profiles.gaming - # so i can build nixos mobile - - profiles.vault-secrets # for sci-hub and whenever websites break profiles.tor diff --git a/modules/home/keep.nix b/modules/home/keep.nix new file mode 100644 index 0000000..35ef2a5 --- /dev/null +++ b/modules/home/keep.nix @@ -0,0 +1 @@ +{...}: {} \ No newline at end of file diff --git a/outputs.nix b/outputs.nix index 8522cff..8f63093 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,4 +1,4 @@ -{ self, nixpkgs, home-manager, vault-secrets, deploy-rs, ... }@inputs: +{ self, nixpkgs, home-manager, deploy-rs, ... }@inputs: let mkTree = import ./tree.nix { inherit (nixpkgs) lib; }; tree = mkTree { @@ -15,7 +15,13 @@ let functor = { enable = true; external = [ - (import (inputs.vault-secrets + "/modules/vault-secrets.nix")) + ]; + }; + }; + "modules/home" = { + functor = { + enable = true; + external = [ ]; }; }; diff --git a/profiles/vault-secrets/vault.nix b/profiles/vault-secrets/vault.nix deleted file mode 100644 index 5f092b5..0000000 --- a/profiles/vault-secrets/vault.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: -let - vs = config.vault-secrets.secrets; -in { - - vault-secrets = { - # This applies to all secrets - vaultPrefix = "nixos/servers/${config.networking.hostName}"; - vaultAddress = "https://vault.cryptidz.qcx.io"; - - # Define a secret called `something`, with default options. - secrets.example = {}; - }; -} \ No newline at end of file