add jitsi, nginx and vault

flake.lock

@@ -36,35 +36,6 @@
         "type": "github"
       }
     },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1627913399,
-        "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
-        "type": "github"
-      },
-      "original": {
-        "id": "flake-compat",
-        "type": "indirect"
-      }
-    },
-    "flake-utils": {
-      "locked": {
-        "lastModified": 1631561581,
-        "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
-        "type": "github"
-      },
-      "original": {
-        "id": "flake-utils",
-        "type": "indirect"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -83,40 +54,6 @@
         "type": "github"
       }
     },
-    "lowdown-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1632468475,
-        "narHash": "sha256-NNOm9CbdA8cuwbvaBHslGbPTiU6bh1Ao+MpEPx4rSGo=",
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "rev": "6bd668af3fd098bdd07a1bedd399564141e275da",
-        "type": "github"
-      },
-      "original": {
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "type": "github"
-      }
-    },
-    "nix": {
-      "inputs": {
-        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_4"
-      },
-      "locked": {
-        "lastModified": 1633098935,
-        "narHash": "sha256-UtuBczommNLwUNEnfRI7822z4vPA7OoRKsgAZ8zsHQI=",
-        "owner": "nixos",
-        "repo": "nix",
-        "rev": "4f496150eb4e0012914c11f0a3ff4df2412b1d09",
-        "type": "github"
-      },
-      "original": {
-        "id": "nix",
-        "type": "indirect"
-      }
-    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1632086102,
@@ -163,41 +100,11 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
-      "locked": {
-        "lastModified": 1632864508,
-        "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-21.05-small",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1632495107,
-        "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
-        "owner": "serokell",
-        "repo": "nixpkgs",
-        "rev": "be220b2dc47092c1e739bf6aaf630f29e71fe1c4",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
-      }
-    },
     "root": {
       "inputs": {
         "deploy-rs": "deploy-rs",
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_3"
-        "vault-secrets": "vault-secrets"
       }
     },
     "utils": {
@@ -214,27 +121,6 @@
         "repo": "flake-utils",
         "type": "github"
       }
-    },
-    "vault-secrets": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils",
-        "nix": "nix",
-        "nixpkgs": "nixpkgs_5"
-      },
-      "locked": {
-        "lastModified": 1633626134,
-        "narHash": "sha256-fvd+l1iuH+ufwNIt6ppZnIfMs+BEj5dtIAKmGKTbaCQ=",
-        "owner": "serokell",
-        "repo": "vault-secrets",
-        "rev": "1bf4a02eea83d3042bd3d1e2f2266b15077b48b4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "serokell",
-        "repo": "vault-secrets",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -5,7 +5,6 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     home-manager.url = "github:nix-community/home-manager";
     deploy-rs.url = "github:serokell/deploy-rs";
-    vault-secrets.url = "github:serokell/vault-secrets";
   };
 
   outputs = { ... }@inputs: import ./outputs.nix inputs;

home/base/zsh.nix

@@ -27,7 +27,6 @@
       log = "journalctl";
       dmesg = "dmesg -HP";
       hg = "history 0 | rg";
-      vaulttest = "echo nothing";
     };
   };
   programs.direnv = {

home/dev/vcs.nix

@@ -1,3 +1,3 @@
 { pkgs, ... }: {
-  home.packages = with pkgs; [ gitAndTools.gitFull darcs subversion ];
+  home.packages = with pkgs; [ gitAndTools.gitFull ];
 }

hosts/hetzner-vm/hetzner-vm.nix

@@ -3,9 +3,15 @@
 {
   imports = with tree; [
     users.chaoticryptidz
+
     profiles.tailscale
     profiles.sshd
+
+    hosts.hetzner-vm.services.nginx
     hosts.hetzner-vm.services.invidious
+    hosts.hetzner-vm.services.vault
+    hosts.hetzner-vm.services.jitsi
+
     (modulesPath + "/profiles/qemu-guest.nix")
   ];
 

hosts/hetzner-vm/services/invidious.nix

@@ -1,35 +1,42 @@
-{...}: {
+{ ... }: {
-    services.invidious = {
+  services.invidious = {
-        enable = true;
+    enable = true;
-        port = 3000;
+    port = 3000;
-        settings = {
+    settings = {
-            full_refresh = true;
+      full_refresh = true;
-            https_only = true;
+      https_only = true;
-            popular_enabled = false;
+      popular_enabled = false;
-            statistics_enabled = true;
+      statistics_enabled = true;
-            registration_enabled = true;
+      registration_enabled = true;
-            channel_threads = 2;
+      channel_threads = 2;
-            feed_threads = 2;
+      feed_threads = 2;
-            default_user_preferences = {
+      default_user_preferences = {
-                locale = "en-US";
+        locale = "en-US";
-                region = "GB";
+        region = "GB";
-                captions = ["English (auto-generated)" "English" ""];
+        captions = [ "English (auto-generated)" "English" "" ];
-                dark_mode = true;
+        dark_mode = true;
-                feed_menu = ["Subscriptions" "Popular"];
+        feed_menu = [ "Subscriptions" "Popular" ];
-                default_home = "Subscriptions";
+        default_home = "Subscriptions";
-                max_results = 30;
+        max_results = 30;
-                annotations = true;
+        annotations = true;
-                annotations_subscribed = true;
+        annotations_subscribed = true;
-                comments = [];
+        comments = [ ];
-                player_style = "invidious";
+        player_style = "invidious";
-                related_videos = true;
+        related_videos = true;
-                autoplay = true;
+        autoplay = true;
-                continue = false;
+        continue = false;
-                continue_autoplay = true;
+        continue_autoplay = true;
-                quality = "hd720";
+        quality = "hd720";
-                local = false;
+        local = false;
-            };
+      };
-        };
     };
-    networking.firewall.allowedTCPPorts = [ 3000 ];
+  };
+
+  services.nginx.virtualHosts."invidious-unproxied.owo.monster" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
+  };
+
+  #networking.firewall.allowedTCPPorts = [ 3000 ];
 }

hosts/hetzner-vm/services/jitsi.nix

@@ -0,0 +1,9 @@
+{ ... }: {
+  services.jitsi-meet.enable = true;
+  services.jitsi-meet.hostName = "jitsi.owo.monster";
+  services.jitsi-meet.nginx.enable = true;
+  services.nginx.virtualHosts."jitsi.owo.monster" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+}

hosts/hetzner-vm/services/nginx.nix

@@ -0,0 +1,16 @@
+{...}: {
+  security.acme = {
+    email = "chaoticryptidz@owo.monster";
+    acceptTerms = true;
+  };
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    commonHttpConfig = "";
+    clientMaxBodySize = "512m";
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}

hosts/hetzner-vm/services/vault.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }: {
+  services.vault = {
+    enable = true;
+    package = pkgs.vault-bin;
+    address = "127.0.0.1:8200";
+    storageBackend = "file";
+    extraConfig = ''
+      ui = true
+    '';
+  };
+  services.nginx.virtualHosts."vault.owo.monster" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = { "/".proxyPass = "http://127.0.0.1:8200"; };
+  };
+  #networking.firewall.allowedTCPPorts = [ 8200 ];
+}

hosts/lappy/lappy.nix

@@ -12,9 +12,6 @@
     profiles.sway
     profiles.dnscrypt
     #profiles.gaming
-    # so i can build nixos mobile
-
-    profiles.vault-secrets
 
     # for sci-hub and whenever websites break
     profiles.tor

modules/home/keep.nix

@@ -0,0 +1 @@
+{...}: {}

outputs.nix

@@ -1,4 +1,4 @@
-{ self, nixpkgs, home-manager, vault-secrets, deploy-rs, ... }@inputs:
+{ self, nixpkgs, home-manager, deploy-rs, ... }@inputs:
 let
   mkTree = import ./tree.nix { inherit (nixpkgs) lib; };
   tree = mkTree {
@@ -15,7 +15,13 @@ let
         functor = {
           enable = true;
           external = [
-            (import (inputs.vault-secrets + "/modules/vault-secrets.nix"))
+          ];
+        };
+      };
+      "modules/home" = {
+        functor = {
+          enable = true;
+          external = [
           ];
         };
       };

profiles/vault-secrets/vault.nix

@@ -1,14 +0,0 @@
-{ config, ... }:
-let
-  vs = config.vault-secrets.secrets;
-in {
-
-  vault-secrets = {
-    # This applies to all secrets
-    vaultPrefix = "nixos/servers/${config.networking.hostName}";
-    vaultAddress = "https://vault.cryptidz.qcx.io";
-
-    # Define a secret called `something`, with default options.
-    secrets.example = {};
-  };
-}