flake update

Signed-off-by: cy <cy@cy7.sh>
make justfile better and cleanup zsh
2025-01-27 20:26:02 -05:00 · 2025-01-27 20:23:15 -05:00 · 2025-01-27 20:07:41 -05:00 · 2025-01-27 05:50:25 -05:00 · 2025-01-27 04:02:11 -05:00 · 2025-01-27 02:28:39 -05:00
24 changed files with 154 additions and 130 deletions
--- a/flake.lock
+++ b/flake.lock
@ -562,11 +562,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737762889,
-        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
+        "lastModified": 1737968762,
+        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
+        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
        "type": "github"
      },
      "original": {
@ -710,11 +710,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737675503,
-        "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=",
+        "lastModified": 1738009885,
+        "narHash": "sha256-zPch36LSTs8dZJZlIiufXuY7wut06xp4CMdf/oqXoq0=",
        "ref": "refs/heads/main",
-        "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09",
-        "revCount": 131,
+        "rev": "cf43eeb6b376cc36f70b0632bc39dc949b9f3b59",
+        "revCount": 132,
        "type": "git",
        "url": "https://git.lix.systems/lix-project/nixos-module"
      },
@ -737,11 +737,11 @@
        "xwayland-satellite-unstable": "xwayland-satellite-unstable"
      },
      "locked": {
-        "lastModified": 1737924584,
-        "narHash": "sha256-8XAz2IFUdSN7IblSWgQQVjivlZ0uWn3Y5jN3G6+/jss=",
+        "lastModified": 1737961005,
+        "narHash": "sha256-b4hqJNgyx8lnngz7NFcJ1W+59xQnMQYF0EK5g0IOy7c=",
        "owner": "sodiboo",
        "repo": "niri-flake",
-        "rev": "d3682c753abbbc8d41578aa12e6f10508d801f4b",
+        "rev": "e98ae62893568dd31e7a7e4e75e1dbbf23f759a0",
        "type": "github"
      },
      "original": {
@ -770,11 +770,11 @@
    "niri-unstable": {
      "flake": false,
      "locked": {
-        "lastModified": 1737918541,
-        "narHash": "sha256-NKartmApYTAjteTg78OAIAYGvtl9QCDcKp8tPk3KCuI=",
+        "lastModified": 1737956052,
+        "narHash": "sha256-Gr+tkCSuhQ5NT04hv/PoHExCgbuqRA/GZQv+le40LNY=",
        "owner": "YaLTeR",
        "repo": "niri",
-        "rev": "baa051891237054f2d4db86d7bcfe0f17440c35f",
+        "rev": "9b4d73f13a6906537faf01b5c5e5e2fee9dd602e",
        "type": "github"
      },
      "original": {
@ -832,11 +832,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737504076,
-        "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=",
+        "lastModified": 1737926801,
+        "narHash": "sha256-un7IETRNjUm83jM5Gd/7BO4rCzzkom46O0FDMo5toaI=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3",
+        "rev": "62ba0a22426721c94e08f0779ed8235d5672869b",
        "type": "github"
      },
      "original": {
@ -1045,11 +1045,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1737917096,
-        "narHash": "sha256-wOo5jWu88VRbm0TTNl9KxE4nIkfnXVKxLvZwpTn75wk=",
+        "lastModified": 1738003704,
+        "narHash": "sha256-9VC5icfSf0tI8HSRjzsvOjrJZcLvNy/LKkQYsd14tSY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a47cb26bbe26d63321cbb96de6d1981d790d9748",
+        "rev": "24cc55b1d2d585dd57ce24f26ad96dd7fd73af39",
        "type": "github"
      },
      "original": {
@ -1082,11 +1082,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737914312,
-        "narHash": "sha256-PBF4R+yQt5Sls7CsA9Miwx28XtOP/yqaqejZ3RKSes0=",
+        "lastModified": 1737995534,
+        "narHash": "sha256-in2EtlH84FJ5+7l2vBWhUiknmDFAHTuHIPSBiMhICyw=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "8e5422bf3e76f410b97d2da640d0829e87657de9",
+        "rev": "af4483c025ecf02ba36b2013eed0062ccd629809",
        "type": "github"
      },
      "original": {
@ -1105,11 +1105,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737823349,
-        "narHash": "sha256-LAppb+sftyvJbPdrBG1uN9GYWHz6q7bUpkpDjljcSRo=",
+        "lastModified": 1737924095,
+        "narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=",
        "owner": "NuschtOS",
        "repo": "search",
-        "rev": "f91a0ac0f4ecf0ad1d1d88140f66520dae6ce4bd",
+        "rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18",
        "type": "github"
      },
      "original": {
--- a/home/zsh/default.nix
+++ b/home/zsh/default.nix
@ -39,11 +39,6 @@
    initExtra = ''
      # disable control+s to pause terminal
      unsetopt FLOW_CONTROL
-      # manually integrate fzf cause we need to make sure zsh-vi-mode
-      # won't override C-r
-      function zvm_after_init() {
-        eval "$(${pkgs.fzf}/bin/fzf --zsh)"
-      }

      # useful emacs mode bindings
      bindkey -M viins "^E" end-of-line
--- a/hosts/chunk/Caddyfile
+++ b/hosts/chunk/Caddyfile
@ -1,89 +0,0 @@
-{
-  acme_ca https://acme.zerossl.com/v2/DV90
-  acme_eab {
-    key_id {$EAB_KEY_ID}
-    mac_key {$EAB_MAC_KEY}
-  }
-}
-
-(common) {
-  encode zstd gzip
-  header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-}
-
-git.cything.io {
-  import common
-
-  # wrap in route so things are evaluated in the order written
-  route {
-    # rewrite gitlab URIs to make it work with forgejo
-    uri path_regexp /-/ /
-    uri replace /blob/ /src/
-    redir https://git.cy7.sh{uri} permanent
-  }
-}
-
-git.cy7.sh {
-  import common
-  reverse_proxy localhost:3000
-}
-
-rss.cy7.sh {
-  import common
-  reverse_proxy localhost:8080
-}
-
-photos.cy7.sh {
-  import common
-  reverse_proxy localhost:2283
-}
-
-chat.cything.io {
-  import common
-  reverse_proxy localhost:8448
-}
-
-pass.cy7.sh {
-  import common
-  reverse_proxy localhost:8081
-}
-
-dns.cything.io {
-  import common
-  reverse_proxy localhost:8082
-}
-
-pad.cything.io {
-  import common
-  reverse_proxy localhost:8085
-}
-
-red.cything.io {
-  import common
-  reverse_proxy localhost:8087
-}
-
-grafana.cything.io {
-  import common
-  reverse_proxy localhost:8088
-}
-
-element.cything.io {
-  import common
-  reverse_proxy localhost:8089
-}
-
-cache.cything.io {
-  import common
-  reverse_proxy localhost:8090
-}
-
-s3.cy7.sh {
-  import common
-  reverse_proxy localhost:3900
-}
-
-admin.s3.cy7.sh {
-  import common
-  reverse_proxy localhost:3903
-}
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -21,4 +21,9 @@
      ];
    };
  };
+
+  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8082
+  '';
 }
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -31,4 +31,9 @@
      };
    };
  };
+
+  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8090
+  '';
 }
--- a/hosts/chunk/conduwuit.nix
+++ b/hosts/chunk/conduwuit.nix
@ -10,4 +10,9 @@
      allow_check_for_updates = true;
    };
  };
+
+  services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
+    import common
+    reverse_proxy localhost:8448
+  '';
 }
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -75,8 +75,11 @@
    };
  };

-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/vda";
+  boot = {
+    loader.grub.enable = true;
+    loader.grub.device = "/dev/vda";
+    kernelPackages = pkgs.linuxPackages_latest;
+  };

  system.stateVersion = "24.05";

@ -180,11 +183,13 @@
  programs.gnupg.agent.enable = true;
  programs.git.enable = true;

-  services.caddy = {
-    enable = true;
-    configFile = ./Caddyfile;
-    environmentFile = config.sops.secrets."caddy/env".path;
-    logFormat = lib.mkForce "level INFO";
+  my.caddy.enable = true;
+  services.caddy.virtualHosts."cy7.sh" = {
+    serverAliases = [ "www.cy7.sh" ];
+    extraConfig = ''
+      import common
+      redir https://cything.io temporary
+    '';
  };

  # container stuff
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -7,4 +7,9 @@
      port = 8112;
    };
  };
+
+  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8112
+  '';
 }
--- a/hosts/chunk/element.nix
+++ b/hosts/chunk/element.nix
@ -25,4 +25,9 @@
      ${pkgs.podman}/bin/podman network create element-net
    '';
  };
+
+  services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8089
+  '';
 }
--- a/hosts/chunk/forgejo.nix
+++ b/hosts/chunk/forgejo.nix
@ -30,4 +30,20 @@
      name = "git";
    };
  };
+
+  services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:3000
+  '';
+  services.caddy.virtualHosts."git.cything.io".extraConfig = ''
+    import common
+
+    # wrap in route so things are evaluated in the order written
+    route {
+      # rewrite gitlab URIs to make it work with forgejo
+      uri path_regexp /-/ /
+      uri replace /blob/ /src/
+      redir https://git.cy7.sh{uri} permanent
+    }
+  '';
 }
--- a/hosts/chunk/garage.nix
+++ b/hosts/chunk/garage.nix
@ -16,4 +16,9 @@
    };
    environmentFile = config.sops.secrets."garage/env".path;
  };
+
+  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:3900
+  '';
 }
--- a/hosts/chunk/grafana.nix
+++ b/hosts/chunk/grafana.nix
@ -31,4 +31,9 @@
      }
    ];
  };
+
+  services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8088
+  '';
 }
--- a/hosts/chunk/hedgedoc.nix
+++ b/hosts/chunk/hedgedoc.nix
@ -16,4 +16,9 @@
      protocolUseSSL = true;
    };
  };
+
+  services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8085
+  '';
 }
--- a/hosts/chunk/immich.nix
+++ b/hosts/chunk/immich.nix
@ -95,4 +95,9 @@ in
      ${pkgs.podman}/bin/podman network create immich-net
    '';
  };
+
+  services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:2283
+  '';
 }
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@ -9,4 +9,9 @@
      FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
    };
  };
+
+  services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8080
+  '';
 }
--- a/hosts/chunk/redlib.nix
+++ b/hosts/chunk/redlib.nix
@ -10,4 +10,9 @@
      REDLIB_ROBOTS_DISABLE_INDEXING = "on";
    };
  };
+
+  services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8087
+  '';
 }
--- a/hosts/chunk/tailscale.nix
+++ b/hosts/chunk/tailscale.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
  services.tailscale = {
    enable = true;
    authKeyFile = config.sops.secrets."tailscale/auth".path;
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@ -10,4 +10,9 @@
      DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
    };
  };
+
+  services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
+    import common
+    reverse_proxy localhost:8081
+  '';
 }
--- a/hosts/titan/Caddyfile
+++ b/hosts/titan/Caddyfile
@ -13,7 +13,7 @@

 cything.io {
  import common
-  reverse_proxy localhost:8084
+  redir https://cy7.sh/posts{uri} permanent

  header /.well-known/matrix/* Content-Type application/json
  header /.well-known/matrix/* Access-Control-Allow-Origin *
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -324,4 +324,10 @@
  services.udev.extraHwdb = ''
    SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
  '';
+
+  programs.ssh = {
+    askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
+    startAgent = true;
+    enableAskPassword = true;
+  };
 }
--- a/hosts/ytnix/tailscale.nix
+++ b/hosts/ytnix/tailscale.nix
@ -1,4 +1,5 @@
-{ config, ... }: {
+{ config, ... }:
+{
  services.tailscale = {
    enable = true;
    authKeyFile = config.sops.secrets."tailscale/auth".path;
--- a/3
+++ b/3
@ -1,9 +1,10 @@
 update:
+    git branch -D update
    git switch -c update
    nix flake update
    git add flake.lock
    git commit -s -m "flake update"
-    git push
+    git push -f
    git switch main

 upgrade:
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.caddy;
+in
+{
+  options.my.caddy = {
+    enable = lib.mkEnableOption "caddy reverse proxy";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+      logFormat = lib.mkForce "level INFO";
+      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
+      extraConfig = ''
+        (common) {
+          encode zstd gzip
+          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+        }
+      '';
+    };
+  };
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -2,5 +2,6 @@
 {
  imports = [
    ./backup.nix
+    ./caddy.nix
  ];
 }
Author	SHA1	Message	Date
cy	8d68a5a65d	flake update Signed-off-by: cy <cy@cy7.sh>	2025-01-27 20:26:02 -05:00
cy	f26bbc3b4f	make justfile better and cleanup zsh Signed-off-by: cy <cy@cy7.sh>	2025-01-27 20:23:15 -05:00
cy	da557a7b7e	titan: redirect to new website Signed-off-by: cy <cy@cy7.sh>	2025-01-27 20:07:41 -05:00
cy	cad577b193	migrate chunk to caddy module Signed-off-by: cy <cy@cy7.sh>	2025-01-27 05:50:25 -05:00
cy	a9a3ee8413	init Signed-off-by: cy <cy@cy7.sh>	2025-01-27 04:02:11 -05:00
cy	61b1399131	enable ssh agent Signed-off-by: cy <cy@cy7.sh>	2025-01-27 02:28:39 -05:00