flake.lock

@@ -562,11 +562,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737968762,
+        "lastModified": 1737762889,
-        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
+        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
+        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
         "type": "github"
       },
       "original": {
@@ -710,11 +710,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738009885,
+        "lastModified": 1737675503,
-        "narHash": "sha256-zPch36LSTs8dZJZlIiufXuY7wut06xp4CMdf/oqXoq0=",
+        "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=",
         "ref": "refs/heads/main",
-        "rev": "cf43eeb6b376cc36f70b0632bc39dc949b9f3b59",
+        "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09",
-        "revCount": 132,
+        "revCount": 131,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module"
       },
@@ -737,11 +737,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1737961005,
+        "lastModified": 1737924584,
-        "narHash": "sha256-b4hqJNgyx8lnngz7NFcJ1W+59xQnMQYF0EK5g0IOy7c=",
+        "narHash": "sha256-8XAz2IFUdSN7IblSWgQQVjivlZ0uWn3Y5jN3G6+/jss=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "e98ae62893568dd31e7a7e4e75e1dbbf23f759a0",
+        "rev": "d3682c753abbbc8d41578aa12e6f10508d801f4b",
         "type": "github"
       },
       "original": {
@@ -770,11 +770,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1737956052,
+        "lastModified": 1737918541,
-        "narHash": "sha256-Gr+tkCSuhQ5NT04hv/PoHExCgbuqRA/GZQv+le40LNY=",
+        "narHash": "sha256-NKartmApYTAjteTg78OAIAYGvtl9QCDcKp8tPk3KCuI=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "9b4d73f13a6906537faf01b5c5e5e2fee9dd602e",
+        "rev": "baa051891237054f2d4db86d7bcfe0f17440c35f",
         "type": "github"
       },
       "original": {
@@ -832,11 +832,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737926801,
+        "lastModified": 1737504076,
-        "narHash": "sha256-un7IETRNjUm83jM5Gd/7BO4rCzzkom46O0FDMo5toaI=",
+        "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "62ba0a22426721c94e08f0779ed8235d5672869b",
+        "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3",
         "type": "github"
       },
       "original": {
@@ -1045,11 +1045,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1738003704,
+        "lastModified": 1737917096,
-        "narHash": "sha256-9VC5icfSf0tI8HSRjzsvOjrJZcLvNy/LKkQYsd14tSY=",
+        "narHash": "sha256-wOo5jWu88VRbm0TTNl9KxE4nIkfnXVKxLvZwpTn75wk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "24cc55b1d2d585dd57ce24f26ad96dd7fd73af39",
+        "rev": "a47cb26bbe26d63321cbb96de6d1981d790d9748",
         "type": "github"
       },
       "original": {
@@ -1082,11 +1082,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737995534,
+        "lastModified": 1737914312,
-        "narHash": "sha256-in2EtlH84FJ5+7l2vBWhUiknmDFAHTuHIPSBiMhICyw=",
+        "narHash": "sha256-PBF4R+yQt5Sls7CsA9Miwx28XtOP/yqaqejZ3RKSes0=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "af4483c025ecf02ba36b2013eed0062ccd629809",
+        "rev": "8e5422bf3e76f410b97d2da640d0829e87657de9",
         "type": "github"
       },
       "original": {
@@ -1105,11 +1105,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737924095,
+        "lastModified": 1737823349,
-        "narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=",
+        "narHash": "sha256-LAppb+sftyvJbPdrBG1uN9GYWHz6q7bUpkpDjljcSRo=",
         "owner": "NuschtOS",
         "repo": "search",
-        "rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18",
+        "rev": "f91a0ac0f4ecf0ad1d1d88140f66520dae6ce4bd",
         "type": "github"
       },
       "original": {

home/zsh/default.nix

@@ -39,6 +39,11 @@
     initExtra = ''
       # disable control+s to pause terminal
       unsetopt FLOW_CONTROL
+      # manually integrate fzf cause we need to make sure zsh-vi-mode
+      # won't override C-r
+      function zvm_after_init() {
+        eval "$(${pkgs.fzf}/bin/fzf --zsh)"
+      }
 
       # useful emacs mode bindings
       bindkey -M viins "^E" end-of-line

hosts/chunk/Caddyfile

@@ -0,0 +1,89 @@
+{
+  acme_ca https://acme.zerossl.com/v2/DV90
+  acme_eab {
+    key_id {$EAB_KEY_ID}
+    mac_key {$EAB_MAC_KEY}
+  }
+}
+
+(common) {
+  encode zstd gzip
+  header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+}
+
+git.cything.io {
+  import common
+
+  # wrap in route so things are evaluated in the order written
+  route {
+    # rewrite gitlab URIs to make it work with forgejo
+    uri path_regexp /-/ /
+    uri replace /blob/ /src/
+    redir https://git.cy7.sh{uri} permanent
+  }
+}
+
+git.cy7.sh {
+  import common
+  reverse_proxy localhost:3000
+}
+
+rss.cy7.sh {
+  import common
+  reverse_proxy localhost:8080
+}
+
+photos.cy7.sh {
+  import common
+  reverse_proxy localhost:2283
+}
+
+chat.cything.io {
+  import common
+  reverse_proxy localhost:8448
+}
+
+pass.cy7.sh {
+  import common
+  reverse_proxy localhost:8081
+}
+
+dns.cything.io {
+  import common
+  reverse_proxy localhost:8082
+}
+
+pad.cything.io {
+  import common
+  reverse_proxy localhost:8085
+}
+
+red.cything.io {
+  import common
+  reverse_proxy localhost:8087
+}
+
+grafana.cything.io {
+  import common
+  reverse_proxy localhost:8088
+}
+
+element.cything.io {
+  import common
+  reverse_proxy localhost:8089
+}
+
+cache.cything.io {
+  import common
+  reverse_proxy localhost:8090
+}
+
+s3.cy7.sh {
+  import common
+  reverse_proxy localhost:3900
+}
+
+admin.s3.cy7.sh {
+  import common
+  reverse_proxy localhost:3903
+}

hosts/chunk/adguard.nix

@@ -21,9 +21,4 @@
       ];
     };
   };
-
-  services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
-    import common
-    reverse_proxy localhost:8082
-  '';
 }

hosts/chunk/attic.nix

@@ -31,9 +31,4 @@
       };
     };
   };
-
-  services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
-    import common
-    reverse_proxy localhost:8090
-  '';
 }

hosts/chunk/conduwuit.nix

@@ -10,9 +10,4 @@
       allow_check_for_updates = true;
     };
   };
-
-  services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
-    import common
-    reverse_proxy localhost:8448
-  '';
 }

hosts/chunk/default.nix

@@ -75,11 +75,8 @@
     };
   };
 
-  boot = {
+  boot.loader.grub.enable = true;
-    loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda";
-    loader.grub.device = "/dev/vda";
-    kernelPackages = pkgs.linuxPackages_latest;
-  };
 
   system.stateVersion = "24.05";
 
@@ -183,13 +180,11 @@
   programs.gnupg.agent.enable = true;
   programs.git.enable = true;
 
-  my.caddy.enable = true;
+  services.caddy = {
-  services.caddy.virtualHosts."cy7.sh" = {
+    enable = true;
-    serverAliases = [ "www.cy7.sh" ];
+    configFile = ./Caddyfile;
-    extraConfig = ''
+    environmentFile = config.sops.secrets."caddy/env".path;
-      import common
+    logFormat = lib.mkForce "level INFO";
-      redir https://cything.io temporary
-    '';
   };
 
   # container stuff

hosts/chunk/deluge.nix

@@ -7,9 +7,4 @@
       port = 8112;
     };
   };
-
-  services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8112
-  '';
 }

hosts/chunk/element.nix

@@ -25,9 +25,4 @@
       ${pkgs.podman}/bin/podman network create element-net
     '';
   };
-
-  services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8089
-  '';
 }

hosts/chunk/forgejo.nix

@@ -30,20 +30,4 @@
       name = "git";
     };
   };
-
-  services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:3000
-  '';
-  services.caddy.virtualHosts."git.cything.io".extraConfig = ''
-    import common
-
-    # wrap in route so things are evaluated in the order written
-    route {
-      # rewrite gitlab URIs to make it work with forgejo
-      uri path_regexp /-/ /
-      uri replace /blob/ /src/
-      redir https://git.cy7.sh{uri} permanent
-    }
-  '';
 }

hosts/chunk/garage.nix

@@ -16,9 +16,4 @@
     };
     environmentFile = config.sops.secrets."garage/env".path;
   };
-
-  services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:3900
-  '';
 }

hosts/chunk/grafana.nix

@@ -31,9 +31,4 @@
       }
     ];
   };
-
-  services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8088
-  '';
 }

hosts/chunk/hedgedoc.nix

@@ -16,9 +16,4 @@
       protocolUseSSL = true;
     };
   };
-
-  services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8085
-  '';
 }

hosts/chunk/immich.nix

@@ -95,9 +95,4 @@ in
       ${pkgs.podman}/bin/podman network create immich-net
     '';
   };
-
-  services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:2283
-  '';
 }

hosts/chunk/miniflux.nix

@@ -9,9 +9,4 @@
       FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
     };
   };
-
-  services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8080
-  '';
 }

hosts/chunk/redlib.nix

@@ -10,9 +10,4 @@
       REDLIB_ROBOTS_DISABLE_INDEXING = "on";
     };
   };
-
-  services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8087
-  '';
 }

hosts/chunk/tailscale.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{ config, ... }: {
-{
   services.tailscale = {
     enable = true;
     authKeyFile = config.sops.secrets."tailscale/auth".path;

hosts/chunk/vaultwarden.nix

@@ -10,9 +10,4 @@
       DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
     };
   };
-
-  services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
-    import common
-    reverse_proxy localhost:8081
-  '';
 }

hosts/titan/Caddyfile

@@ -13,7 +13,7 @@
 
 cything.io {
   import common
-  redir https://cy7.sh/posts{uri} permanent
+  reverse_proxy localhost:8084
 
   header /.well-known/matrix/* Content-Type application/json
   header /.well-known/matrix/* Access-Control-Allow-Origin *

hosts/ytnix/default.nix

@@ -324,10 +324,4 @@
   services.udev.extraHwdb = ''
     SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
   '';
-
-  programs.ssh = {
-    askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
-    startAgent = true;
-    enableAskPassword = true;
-  };
 }

hosts/ytnix/tailscale.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{ config, ... }: {
-{
   services.tailscale = {
     enable = true;
     authKeyFile = config.sops.secrets."tailscale/auth".path;

justfile

@@ -1,10 +1,9 @@
 update:
-    git branch -D update
     git switch -c update
     nix flake update
     git add flake.lock
     git commit -s -m "flake update"
-    git push -f
+    git push
     git switch main
 
 upgrade:

modules/caddy.nix

@@ -1,27 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-let
-  cfg = config.my.caddy;
-in
-{
-  options.my.caddy = {
-    enable = lib.mkEnableOption "caddy reverse proxy";
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.caddy = {
-      enable = true;
-      logFormat = lib.mkForce "level INFO";
-      acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
-      extraConfig = ''
-        (common) {
-          encode zstd gzip
-          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-        }
-      '';
-    };
-  };
-}

modules/default.nix

@@ -2,6 +2,5 @@
 {
   imports = [
     ./backup.nix
-    ./caddy.nix
   ];
 }