cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:8d68a5a65dfb73b5c714faec17cdfe8803dddddf
Branches Tags
cy:main
cy:update
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:7367b2d1a5f6ec8df5a1d61e4d5552abc10aca74
Branches Tags
cy:update
cy:main
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence

No commits in common. "8d68a5a65dfb73b5c714faec17cdfe8803dddddf" and "7367b2d1a5f6ec8df5a1d61e4d5552abc10aca74" have entirely different histories.
8d68a5a65d ... 7367b2d1a5

24 changed files with 130 additions and 154 deletions
Show stats Expand all files Collapse all files

50
flake.lock generated
View file

@ -562,11 +562,11 @@
]
},
"locked": {
"lastModified": 1737968762,
"narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github"
},
"original": {
@ -710,11 +710,11 @@
]
},
"locked": {
"lastModified": 1738009885,
"narHash": "sha256-zPch36LSTs8dZJZlIiufXuY7wut06xp4CMdf/oqXoq0=",
"lastModified": 1737675503,
"narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=",
"ref": "refs/heads/main",
"rev": "cf43eeb6b376cc36f70b0632bc39dc949b9f3b59",
"revCount": 132,
"rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09",
"revCount": 131,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
@ -737,11 +737,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1737961005,
"narHash": "sha256-b4hqJNgyx8lnngz7NFcJ1W+59xQnMQYF0EK5g0IOy7c=",
"lastModified": 1737924584,
"narHash": "sha256-8XAz2IFUdSN7IblSWgQQVjivlZ0uWn3Y5jN3G6+/jss=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "e98ae62893568dd31e7a7e4e75e1dbbf23f759a0",
"rev": "d3682c753abbbc8d41578aa12e6f10508d801f4b",
"type": "github"
},
"original": {
@ -770,11 +770,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1737956052,
"narHash": "sha256-Gr+tkCSuhQ5NT04hv/PoHExCgbuqRA/GZQv+le40LNY=",
"lastModified": 1737918541,
"narHash": "sha256-NKartmApYTAjteTg78OAIAYGvtl9QCDcKp8tPk3KCuI=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "9b4d73f13a6906537faf01b5c5e5e2fee9dd602e",
"rev": "baa051891237054f2d4db86d7bcfe0f17440c35f",
"type": "github"
},
"original": {
@ -832,11 +832,11 @@
]
},
"locked": {
"lastModified": 1737926801,
"narHash": "sha256-un7IETRNjUm83jM5Gd/7BO4rCzzkom46O0FDMo5toaI=",
"lastModified": 1737504076,
"narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "62ba0a22426721c94e08f0779ed8235d5672869b",
"rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3",
"type": "github"
},
"original": {
@ -1045,11 +1045,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1738003704,
"narHash": "sha256-9VC5icfSf0tI8HSRjzsvOjrJZcLvNy/LKkQYsd14tSY=",
"lastModified": 1737917096,
"narHash": "sha256-wOo5jWu88VRbm0TTNl9KxE4nIkfnXVKxLvZwpTn75wk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "24cc55b1d2d585dd57ce24f26ad96dd7fd73af39",
"rev": "a47cb26bbe26d63321cbb96de6d1981d790d9748",
"type": "github"
},
"original": {
@ -1082,11 +1082,11 @@
]
},
"locked": {
"lastModified": 1737995534,
"narHash": "sha256-in2EtlH84FJ5+7l2vBWhUiknmDFAHTuHIPSBiMhICyw=",
"lastModified": 1737914312,
"narHash": "sha256-PBF4R+yQt5Sls7CsA9Miwx28XtOP/yqaqejZ3RKSes0=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "af4483c025ecf02ba36b2013eed0062ccd629809",
"rev": "8e5422bf3e76f410b97d2da640d0829e87657de9",
"type": "github"
},
"original": {
@ -1105,11 +1105,11 @@
]
},
"locked": {
"lastModified": 1737924095,
"narHash": "sha256-9RO/IlxiE7bpY7GYsdDMNB533PnDOBo9UvYyXXqlN4c=",
"lastModified": 1737823349,
"narHash": "sha256-LAppb+sftyvJbPdrBG1uN9GYWHz6q7bUpkpDjljcSRo=",
"owner": "NuschtOS",
"repo": "search",
"rev": "5efc9c966bb9bdad07a3c28667eac38b758c6f18",
"rev": "f91a0ac0f4ecf0ad1d1d88140f66520dae6ce4bd",
"type": "github"
},
"original": {

5
home/zsh/default.nix
View file

@ -39,6 +39,11 @@
initExtra = ''
# disable control+s to pause terminal
unsetopt FLOW_CONTROL
# manually integrate fzf cause we need to make sure zsh-vi-mode
# won't override C-r
function zvm_after_init() {
eval "$(${pkgs.fzf}/bin/fzf --zsh)"
}
# useful emacs mode bindings
bindkey -M viins "^E" end-of-line

89
hosts/chunk/Caddyfile Normal file
View file

@ -0,0 +1,89 @@
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
git.cything.io {
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
}
git.cy7.sh {
import common
reverse_proxy localhost:3000
}
rss.cy7.sh {
import common
reverse_proxy localhost:8080
}
photos.cy7.sh {
import common
reverse_proxy localhost:2283
}
chat.cything.io {
import common
reverse_proxy localhost:8448
}
pass.cy7.sh {
import common
reverse_proxy localhost:8081
}
dns.cything.io {
import common
reverse_proxy localhost:8082
}
pad.cything.io {
import common
reverse_proxy localhost:8085
}
red.cything.io {
import common
reverse_proxy localhost:8087
}
grafana.cything.io {
import common
reverse_proxy localhost:8088
}
element.cything.io {
import common
reverse_proxy localhost:8089
}
cache.cything.io {
import common
reverse_proxy localhost:8090
}
s3.cy7.sh {
import common
reverse_proxy localhost:3900
}
admin.s3.cy7.sh {
import common
reverse_proxy localhost:3903
}

5
hosts/chunk/adguard.nix
View file

@ -21,9 +21,4 @@
];
};
};
services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8082
'';
}

5
hosts/chunk/attic.nix
View file

@ -31,9 +31,4 @@
};
};
};
services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8090
'';
}

5
hosts/chunk/conduwuit.nix
View file

@ -10,9 +10,4 @@
allow_check_for_updates = true;
};
};
services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8448
'';
}

19
hosts/chunk/default.nix
View file

@ -75,11 +75,8 @@
};
};
boot = {
loader.grub.enable = true;
loader.grub.device = "/dev/vda";
kernelPackages = pkgs.linuxPackages_latest;
};
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
system.stateVersion = "24.05";
@ -183,13 +180,11 @@
programs.gnupg.agent.enable = true;
programs.git.enable = true;
my.caddy.enable = true;
services.caddy.virtualHosts."cy7.sh" = {
serverAliases = [ "www.cy7.sh" ];
extraConfig = ''
import common
redir https://cything.io temporary
'';
services.caddy = {
enable = true;
configFile = ./Caddyfile;
environmentFile = config.sops.secrets."caddy/env".path;
logFormat = lib.mkForce "level INFO";
};
# container stuff

5
hosts/chunk/deluge.nix
View file

@ -7,9 +7,4 @@
port = 8112;
};
};
services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8112
'';
}

5
hosts/chunk/element.nix
View file

@ -25,9 +25,4 @@
${pkgs.podman}/bin/podman network create element-net
'';
};
services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8089
'';
}

16
hosts/chunk/forgejo.nix
View file

@ -30,20 +30,4 @@
name = "git";
};
};
services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3000
'';
services.caddy.virtualHosts."git.cything.io".extraConfig = ''
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
'';
}

5
hosts/chunk/garage.nix
View file

@ -16,9 +16,4 @@
};
environmentFile = config.sops.secrets."garage/env".path;
};
services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3900
'';
}

5
hosts/chunk/grafana.nix
View file

@ -31,9 +31,4 @@
}
];
};
services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8088
'';
}

5
hosts/chunk/hedgedoc.nix
View file

@ -16,9 +16,4 @@
protocolUseSSL = true;
};
};
services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8085
'';
}

5
hosts/chunk/immich.nix
View file

@ -95,9 +95,4 @@ in
${pkgs.podman}/bin/podman network create immich-net
'';
};
services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:2283
'';
}

5
hosts/chunk/miniflux.nix
View file

@ -9,9 +9,4 @@
FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
};
};
services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8080
'';
}

5
hosts/chunk/redlib.nix
View file

@ -10,9 +10,4 @@
REDLIB_ROBOTS_DISABLE_INDEXING = "on";
};
};
services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8087
'';
}

3
hosts/chunk/tailscale.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
{
{ config, ... }: {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;

5
hosts/chunk/vaultwarden.nix
View file

@ -10,9 +10,4 @@
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
};
};
services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8081
'';
}

2
hosts/titan/Caddyfile
View file

@ -13,7 +13,7 @@
cything.io {
import common
redir https://cy7.sh/posts{uri} permanent
reverse_proxy localhost:8084
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *

6
hosts/ytnix/default.nix
View file

@ -324,10 +324,4 @@
services.udev.extraHwdb = ''
SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
'';
programs.ssh = {
askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
startAgent = true;
enableAskPassword = true;
};
}

3
hosts/ytnix/tailscale.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
{
{ config, ... }: {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;

3
justfile
View file

@ -1,10 +1,9 @@
update:
git branch -D update
git switch -c update
nix flake update
git add flake.lock
git commit -s -m "flake update"
git push -f
git push
git switch main
upgrade:

27
modules/caddy.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.my.caddy;
in
{
options.my.caddy = {
enable = lib.mkEnableOption "caddy reverse proxy";
};
config = lib.mkIf cfg.enable {
services.caddy = {
enable = true;
logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
extraConfig = ''
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
'';
};
};
}

1
modules/default.nix
View file

@ -2,6 +2,5 @@
{
imports = [
./backup.nix
./caddy.nix
];
}