From 4f015ecb455827a787003302ab3a785f2f6b8bd4 Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 29 Jan 2025 21:48:31 -0500 Subject: [PATCH 1/4] vscode: overlay github codespaces extension Signed-off-by: cy --- home/vscode.nix | 6 ++++-- overlay/default.nix | 1 + overlay/vscode.nix | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 overlay/vscode.nix diff --git a/home/vscode.nix b/home/vscode.nix index 0c1bf95..214a060 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -11,6 +11,7 @@ jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme + github.codespaces ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; @@ -18,10 +19,10 @@ "nix.enableLanguageServer" = true; "nix.serverPath" = "nixd"; "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; + "editor.fontSize" = 16; "editor.wordWrap" = "on"; - # vim mode + # vim mode settings "vim.handleKeys" = { "" = false; # file tree toggle }; @@ -32,6 +33,7 @@ "silent" = true; } ]; + "workbench.startupEditor" = "none"; }; }; } diff --git a/overlay/default.nix b/overlay/default.nix index 99fc17b..5b6a9a8 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,6 +2,7 @@ let overlays = [ ./conduwuit ./attic + ./vscode.nix ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/vscode.nix b/overlay/vscode.nix new file mode 100644 index 0000000..4de2d90 --- /dev/null +++ b/overlay/vscode.nix @@ -0,0 +1,14 @@ +final: prev: { + vscode-extensions = prev.vscode-extensions // { + github = prev.vscode-extensions.github // { + codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "github"; + name = "codespaces"; + version = "1.17.3"; + hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; + }; + }; + }; + }; +} From 4e0c1fbbb4e2ee46580e2ce7ac07380e541e2aff Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:33:03 -0500 Subject: [PATCH 2/4] caddy: use acme_dns for wildcard TLS to work use cloudflare dns plugin to update zone --- modules/caddy.nix | 13 +++++++++++++ secrets/services/caddy.yaml | 8 ++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index 6d38b01..03d7a4a 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let @@ -14,6 +15,14 @@ in config = lib.mkIf cfg.enable { services.caddy = { enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ + # error message will tell you the correct version tag to use + # (still need the @ to pass nix config check) + "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + ]; + hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; extraConfig = '' @@ -22,6 +31,10 @@ in header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" } ''; + globalConfig = '' + acme_dns cloudflare {$CLOUDFLARE_KEY} + ''; + environmentFile = config.sops.secrets."caddy/env".path; }; }; } diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 9fea4c0..2ff8b4c 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] + env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:37Z" - mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] + lastmodified: "2025-01-30T17:26:39Z" + mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 From d0ba9ca90b2c5447e018145c3427f221ebfd24fe Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:35:19 -0500 Subject: [PATCH 3/4] make garage better Signed-off-by: cy --- hosts/chunk/default.nix | 2 -- hosts/chunk/garage.nix | 27 +++++++++++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 577e9b5..e149526 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 75730a1..a6f39dd 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -8,6 +8,12 @@ s3_api = { s3_region = "earth"; api_bind_addr = "[::]:3900"; + root_domain = ".s3.cy7.sh"; + }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.s3.cy7.sh"; + index = "index.html"; }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; @@ -17,8 +23,21 @@ environmentFile = config.sops.secrets."garage/env".path; }; - services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3900 - ''; + services.caddy.virtualHosts = { + "s3.cy7.sh" = { + serverAliases = [ "*.s3.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; + }; + "*.web.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + "admin.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3903 + ''; + }; } From 30c82dcb4f92f028437e4645d0f40226d329eff5 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 30 Jan 2025 12:47:19 -0500 Subject: [PATCH 4/4] add sccache, some vscode changes, use kitten ssh --- .sops.yaml | 5 +++++ home/kitty.nix | 2 ++ home/niri/default.nix | 1 + home/vscode.nix | 3 ++- home/yt/ytnix.nix | 17 +++++++++++++++++ hosts/ytnix/default.nix | 8 ++++++++ secrets/yt/aws.yaml | 32 ++++++++++++++++++++++++++++++++ 7 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 secrets/yt/aws.yaml diff --git a/.sops.yaml b/.sops.yaml index 810c6cb..e067ba9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -108,3 +108,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/yt/(.*).yaml$ + key_groups: + - age: + - *yt + - *cy \ No newline at end of file diff --git a/home/kitty.nix b/home/kitty.nix index 7134390..da676cb 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -67,4 +67,6 @@ "kitty_mod+o>l" = "kitten hints --type linenum"; }; }; + + programs.zsh.shellAliases."ssh" = "kitten ssh"; } diff --git a/home/niri/default.nix b/home/niri/default.nix index 67720cb..f1c8172 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -102,6 +102,7 @@ in { app-id = "com.mitchellh.ghostt"; } { app-id = "org.kde.okular"; } { app-id = "kitty"; } + { app-id = "VSCodium"; } ]; default-column-width.proportion = .5; } diff --git a/home/vscode.nix b/home/vscode.nix index 214a060..2680ffe 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -11,7 +11,8 @@ jnoortheen.nix-ide editorconfig.editorconfig github.github-vscode-theme - github.codespaces + github.copilot + rust-lang.rust-analyzer ]; userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e0ed53c..c047e8f 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -108,6 +109,8 @@ hugo ghidra sequoia + sccache + awscli2 ]; programs.waybar.enable = true; @@ -164,5 +167,19 @@ home.sessionVariables = { # to make ghidra work on xwayland _JAVA_AWT_WM_NONREPARENTING = 1; + + # sccache stuff + RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; + SCCACHE_BUCKET = "sccache"; + SCCACHE_REGION = "earth"; + SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; + SCCACHE_ALLOW_CORE_DUMPS = "true"; + SCCACHE_S3_USE_SSL = "true"; + SCCACHE_CACHE_MULTIARCH = "true"; + SCCACHE_LOG_LEVEL = "warn"; + AWS_DEFAULT_REGION = "earth"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; + AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; }; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 6192e43..0bb554d 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -36,6 +36,14 @@ "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; + "aws/key_id" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; + "aws/key_secret" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; }; boot = { diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml new file mode 100644 index 0000000..95bdf7a --- /dev/null +++ b/secrets/yt/aws.yaml @@ -0,0 +1,32 @@ +aws: + key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str] + key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT + T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL + dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R + azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO + HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu + dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv + Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0 + UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe + j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-30T17:45:09Z" + mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4