diff --git a/flake.lock b/flake.lock index d42abbb..cf59ef6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,24 @@ { "nodes": { + "apis": { + "inputs": { + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1691873908, + "narHash": "sha256-37XNMWtoca8zjNdGq95hbi6idB9pdbv2peqNvFxqfrM=", + "ref": "refs/heads/main", + "rev": "412ca4e53890761467de233cf0ed37bebbc8eeac", + "revCount": 27, + "type": "git", + "url": "https://git.elnu.com/jichan.org/apis.git" + }, + "original": { + "type": "git", + "url": "https://git.elnu.com/jichan.org/apis.git" + } + }, "beautysh": { "inputs": { "nixpkgs": [ @@ -43,6 +62,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1689068808, "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", @@ -57,9 +94,9 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1685518550, @@ -104,11 +141,11 @@ ] }, "locked": { - "lastModified": 1690982105, - "narHash": "sha256-32AzoLuwhtxBItcULRiCnxRfJcbVXbPZSH9TDVg21mU=", + "lastModified": 1691672736, + "narHash": "sha256-HNPA/dKHerA0p4OsToEcW/DtTSXBcK5gFRsy/yPgV/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "b2ac1d2c32ac11b8d231d23622cdc4b2f28d07d2", + "rev": "6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79", "type": "github" }, "original": { @@ -119,15 +156,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1690881714, - "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", - "owner": "nixos", + "lastModified": 1691654369, + "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e1960bc196baf6881340d53dccb203a951745a2", + "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -151,11 +188,43 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1690031011, - "narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=", + "lastModified": 1681358109, + "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12303c652b881435065a98729eb7278313041e49", + "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1691654369, + "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1691186842, + "narHash": "sha256-wxBVCvZUwq+XS4N4t9NqsHV4E64cPVqQ2fdDISpjcw0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "18036c0be90f4e308ae3ebcab0e14aae0336fe42", "type": "github" }, "original": { @@ -168,16 +237,16 @@ "nixvim": { "inputs": { "beautysh": "beautysh", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1690107839, - "narHash": "sha256-ll3j+g3qz239sfLHYhHynKRWhMkxFXsJ9MOAXzSqQMc=", + "lastModified": 1691674049, + "narHash": "sha256-M9SA4MZ3IuFCP4XI2IGAepvEYp3stmTwltUcnGu3Ml8=", "owner": "nix-community", "repo": "nixvim", - "rev": "4c25722d73694245e767839b462026ab2296542b", + "rev": "36a6ab4ba7403dca50b2ca2de5fd5fd57fb19335", "type": "github" }, "original": { @@ -216,7 +285,7 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -225,11 +294,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689668210, - "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=", + "lastModified": 1691256628, + "narHash": "sha256-M0YXHemR3zbyhM7PvJa5lzGhWVf6kM/fpZ4cWe/VIhI=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "eb433bff05b285258be76513add6f6c57b441775", + "rev": "3139c4d1f7732cab89f06492bdd4677b877e3785", "type": "github" }, "original": { @@ -240,11 +309,31 @@ }, "root": { "inputs": { + "apis": "apis", "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_3", "nixvim": "nixvim" } }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1691806075, + "narHash": "sha256-yuq7cNkFOQse4WwLw0rUiXhG58aI6eyXKfcTw5Act/I=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "b87a7db512340dea25e95f444db29e9264ff7a63", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -275,6 +364,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1678901627, diff --git a/flake.nix b/flake.nix index 299fbb2..800babe 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixvim.url = "github:nix-community/nixvim"; + apis.url = "git+https://git.elnu.com/jichan.org/apis.git"; home-manager = { url = github:nix-community/home-manager; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/configuration.nix b/hosts/configuration.nix index d4096ba..16c4b23 100644 --- a/hosts/configuration.nix +++ b/hosts/configuration.nix @@ -22,6 +22,21 @@ extraOptions = "experimental-features = nix-command flakes"; }; + networking = { + networkmanager.enable = true; + # networking.nameservers doesn't apply to resolvconf + #nameservers = [ "9.9.9.9" "1.1.1.1" ]; + resolvconf.extraConfig = "name_servers=\"9.9.9.9 1.1.1.1\""; + # Temporary since MagicDNS is broken + hosts = { + "192.168.0.26" = [ "elnuhub.local" ]; + "24.199.72.8" = [ "elnudrop.local" ]; + "100.64.0.1" = [ "elnu" ]; + "100.64.0.2" = [ "elnuhub" ]; + "100.64.0.3" = [ "elnudrop" ]; + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/default.nix b/hosts/default.nix index 670037b..d46dd51 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -7,6 +7,10 @@ let config.allowUnfree = true; }; lib = nixpkgs.lib; + configImports = [ + inputs.apis.nixosModules.default + ./configuration.nix + ]; hmImports = [ (import ./home.nix) inputs.nixvim.homeManagerModules.nixvim @@ -20,9 +24,8 @@ in desktop = lib.nixosSystem { inherit system; specialArgs = { inherit user; }; - modules = [ + modules = configImports ++ [ ./desktop - ./configuration.nix ./desktop.nix { boot.loader.grub.gfxmodeEfi = "1920x1080"; @@ -46,9 +49,8 @@ in x220 = lib.nixosSystem { inherit system; specialArgs = { inherit user; }; - modules = [ + modules = configImports ++ [ ./thinkpads - ./configuration.nix ./desktop.nix { # 1024x768 is the closest supported resolution to X220's native 1366x768 @@ -74,9 +76,8 @@ in t430 = lib.nixosSystem { inherit system; specialArgs = { inherit user; }; - modules = [ + modules = configImports ++ [ ./thinkpads - ./configuration.nix ./desktop.nix { boot.loader.grub.gfxmodeEfi = "1600x900"; @@ -99,9 +100,8 @@ in virtualbox = lib.nixosSystem { inherit system; specialArgs = { inherit user; }; - modules = [ + modules = configImports ++ [ ./virtualbox - ./configuration.nix ./desktop.nix { networking.hostName = "virtualbox"; @@ -122,10 +122,12 @@ in elnudrop = lib.nixosSystem { inherit system; - specialArgs = { inherit user; }; - modules = [ + specialArgs = { + inherit user; + enableSSL = true; + }; + modules = configImports ++ [ ./elnudrop - ./configuration.nix { networking.hostName = "elnudrop"; } diff --git a/hosts/desktop.nix b/hosts/desktop.nix index 6f5152c..23afc22 100644 --- a/hosts/desktop.nix +++ b/hosts/desktop.nix @@ -32,11 +32,6 @@ in gvfs.enable = true; # For Trash }; - networking = { - networkmanager.enable = true; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - }; - xdg.portal.enable = true; environment.systemPackages = with pkgs; [ yubioath-flutter ]; diff --git a/hosts/elnudrop/default.nix b/hosts/elnudrop/default.nix index 116aede..6f6db61 100644 --- a/hosts/elnudrop/default.nix +++ b/hosts/elnudrop/default.nix @@ -14,9 +14,13 @@ ./hosts/tegakituesday.com ]; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; + networking = { + # May cause some issues + networkmanager.enable = lib.mkForce false; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; }; security.acme = { diff --git a/hosts/elnudrop/hosts/jichan.org/default.nix b/hosts/elnudrop/hosts/jichan.org/default.nix index 372a65a..b222797 100644 --- a/hosts/elnudrop/hosts/jichan.org/default.nix +++ b/hosts/elnudrop/hosts/jichan.org/default.nix @@ -1,12 +1,18 @@ +{ enableSSL, ... }: + let host = "jichan.org"; in { + imports = [ + ./tatoeba.nix + ./images.nix + ]; services.nginx.virtualHosts."www.${host}" = { - forceSSL = true; - enableACME = true; + forceSSL = enableSSL; + enableACME = enableSSL; globalRedirect = host; }; services.nginx.virtualHosts."${host}" = { - forceSSL = true; - enableACME = true; + forceSSL = enableSSL; + enableACME = enableSSL; extraConfig = '' error_page 502 /502.html; ''; @@ -15,24 +21,6 @@ let host = "jichan.org"; in { "/502.html".root = "${./502}"; "/logo.svg".root = "${./502}"; "/missing.min.css".root = "${../shared/502}"; - - # Formerly tatoeba.elnu.com - # https://git.elnu.com/ElnuDev/tatoeba-api - "/api/tatoeba/" = { - proxyPass = "http://elnuhub:3001"; - extraConfig = '' - rewrite ^/api/tatoeba/(.*) /$1 break; - ''; - }; - - # Formerly images.elnu.com - # https://git.elnu.com/ElnuDev/image-api - "/api/images/" = { - proxyPass = "http://elnuhub:3002"; - extraConfig = '' - rewrite ^/api/images/(.*) /$1 break; - ''; - }; }; }; } \ No newline at end of file diff --git a/hosts/elnudrop/hosts/jichan.org/images.nix b/hosts/elnudrop/hosts/jichan.org/images.nix new file mode 100644 index 0000000..f1c7961 --- /dev/null +++ b/hosts/elnudrop/hosts/jichan.org/images.nix @@ -0,0 +1,11 @@ +{ config, ... }: + +{ + services.images.enable = true; + services.nginx.virtualHosts."jichan.org".locations."/api/images" = { + proxyPass = "http://localhost:${builtins.toString config.services.images.port}"; + extraConfig = '' + rewrite ^/api/images/(.*) /$1 break; + ''; + }; +} \ No newline at end of file diff --git a/hosts/elnudrop/hosts/jichan.org/tatoeba.nix b/hosts/elnudrop/hosts/jichan.org/tatoeba.nix new file mode 100644 index 0000000..8460218 --- /dev/null +++ b/hosts/elnudrop/hosts/jichan.org/tatoeba.nix @@ -0,0 +1,11 @@ +{ config, ... }: + +{ + services.tatoeba.enable = true; + services.nginx.virtualHosts."jichan.org".locations."/api/tatoeba" = { + proxyPass = "http://localhost:${builtins.toString config.services.tatoeba.port}"; + extraConfig = '' + rewrite ^/api/tatoeba/(.*) /$1 break; + ''; + }; +} \ No newline at end of file diff --git a/hosts/elnudrop/hosts/tegakituesday.com/default.nix b/hosts/elnudrop/hosts/tegakituesday.com/default.nix index 64d256c..726af23 100644 --- a/hosts/elnudrop/hosts/tegakituesday.com/default.nix +++ b/hosts/elnudrop/hosts/tegakituesday.com/default.nix @@ -1,13 +1,15 @@ +{ enableSSL, ... }: + with import ../../../../modules/tailscale/default.nix; let host = "tegakituesday.com"; in { services.nginx.virtualHosts."www.${host}" = { - forceSSL = true; - enableACME = true; + forceSSL = enableSSL; + enableACME = enableSSL; globalRedirect = host; }; services.nginx.virtualHosts."${host}" = { - forceSSL = true; - enableACME = true; + forceSSL = enableSSL; + enableACME = enableSSL; extraConfig = '' error_page 502 /502.html; ''; diff --git a/hosts/elnudrop/modules/headscale.nix b/hosts/elnudrop/modules/headscale.nix index 6463a0f..878b638 100644 --- a/hosts/elnudrop/modules/headscale.nix +++ b/hosts/elnudrop/modules/headscale.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, enableSSL, ... }: let baseDomain = "elnu.com"; @@ -18,8 +18,8 @@ in { }; environment.systemPackages = [ config.services.headscale.package ]; services.nginx.virtualHosts.${domain} = { - forceSSL = true; - enableACME = true; + forceSSL = enableSSL; + enableACME = enableSSL; locations."/" = { proxyPass = "http://localhost:${ toString config.services.headscale.port }"; proxyWebsockets = true;