elnudrop: host images API, refactoring

elnudrop: host tatoeba API
elnudrop: disable networkmanager
2023-08-12 14:05:54 -07:00 · 2023-08-12 12:04:37 -07:00 · 2023-08-12 12:03:40 -07:00 · 2023-08-11 19:29:28 -07:00 · 2023-08-11 12:20:19 -07:00 · 2023-08-11 11:44:06 -07:00
11 changed files with 204 additions and 71 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,24 @@
 {
  "nodes": {
+    "apis": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1691873908,
+        "narHash": "sha256-37XNMWtoca8zjNdGq95hbi6idB9pdbv2peqNvFxqfrM=",
+        "ref": "refs/heads/main",
+        "rev": "412ca4e53890761467de233cf0ed37bebbc8eeac",
+        "revCount": 27,
+        "type": "git",
+        "url": "https://git.elnu.com/jichan.org/apis.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.elnu.com/jichan.org/apis.git"
+      }
+    },
    "beautysh": {
      "inputs": {
        "nixpkgs": [
@ -43,6 +62,24 @@
      "inputs": {
        "systems": "systems"
      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
      "locked": {
        "lastModified": 1689068808,
        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
@ -57,9 +94,9 @@
        "type": "github"
      }
    },
-    "flake-utils_2": {
+    "flake-utils_3": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1685518550,
@ -104,11 +141,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690982105,
-        "narHash": "sha256-32AzoLuwhtxBItcULRiCnxRfJcbVXbPZSH9TDVg21mU=",
+        "lastModified": 1691672736,
+        "narHash": "sha256-HNPA/dKHerA0p4OsToEcW/DtTSXBcK5gFRsy/yPgV/Y=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "b2ac1d2c32ac11b8d231d23622cdc4b2f28d07d2",
+        "rev": "6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79",
        "type": "github"
      },
      "original": {
@ -119,15 +156,15 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1690881714,
-        "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=",
-        "owner": "nixos",
+        "lastModified": 1691654369,
+        "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9e1960bc196baf6881340d53dccb203a951745a2",
+        "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
@ -151,11 +188,43 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1690031011,
-        "narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
+        "lastModified": 1681358109,
+        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "12303c652b881435065a98729eb7278313041e49",
+        "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1691654369,
+        "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1691186842,
+        "narHash": "sha256-wxBVCvZUwq+XS4N4t9NqsHV4E64cPVqQ2fdDISpjcw0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18036c0be90f4e308ae3ebcab0e14aae0336fe42",
        "type": "github"
      },
      "original": {
@ -168,16 +237,16 @@
    "nixvim": {
      "inputs": {
        "beautysh": "beautysh",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2",
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_4",
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1690107839,
-        "narHash": "sha256-ll3j+g3qz239sfLHYhHynKRWhMkxFXsJ9MOAXzSqQMc=",
+        "lastModified": 1691674049,
+        "narHash": "sha256-M9SA4MZ3IuFCP4XI2IGAepvEYp3stmTwltUcnGu3Ml8=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "4c25722d73694245e767839b462026ab2296542b",
+        "rev": "36a6ab4ba7403dca50b2ca2de5fd5fd57fb19335",
        "type": "github"
      },
      "original": {
@ -216,7 +285,7 @@
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
+        "flake-utils": "flake-utils_3",
        "gitignore": "gitignore",
        "nixpkgs": [
          "nixvim",
@ -225,11 +294,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1689668210,
-        "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=",
+        "lastModified": 1691256628,
+        "narHash": "sha256-M0YXHemR3zbyhM7PvJa5lzGhWVf6kM/fpZ4cWe/VIhI=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "eb433bff05b285258be76513add6f6c57b441775",
+        "rev": "3139c4d1f7732cab89f06492bdd4677b877e3785",
        "type": "github"
      },
      "original": {
@ -240,11 +309,31 @@
    },
    "root": {
      "inputs": {
+        "apis": "apis",
        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_3",
        "nixvim": "nixvim"
      }
    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1691806075,
+        "narHash": "sha256-yuq7cNkFOQse4WwLw0rUiXhG58aI6eyXKfcTw5Act/I=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "b87a7db512340dea25e95f444db29e9264ff7a63",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -275,6 +364,21 @@
        "type": "github"
      }
    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "utils": {
      "locked": {
        "lastModified": 1678901627,
--- a/flake.nix
+++ b/flake.nix
@ -4,6 +4,7 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixvim.url = "github:nix-community/nixvim";
+    apis.url = "git+https://git.elnu.com/jichan.org/apis.git";
    home-manager = {
      url = github:nix-community/home-manager;
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@ -22,6 +22,21 @@
    extraOptions = "experimental-features = nix-command flakes";
  };

+  networking = {
+    networkmanager.enable = true;
+    # networking.nameservers doesn't apply to resolvconf
+    #nameservers = [ "9.9.9.9" "1.1.1.1" ];
+    resolvconf.extraConfig = "name_servers=\"9.9.9.9 1.1.1.1\"";
+    # Temporary since MagicDNS is broken
+    hosts = {
+      "192.168.0.26" = [ "elnuhub.local" ];
+      "24.199.72.8" = [ "elnudrop.local" ];
+      "100.64.0.1" = [ "elnu" ];
+      "100.64.0.2" = [ "elnuhub" ];
+      "100.64.0.3" = [ "elnudrop" ];
+    };
+  };
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -7,6 +7,10 @@ let
    config.allowUnfree = true;
  };
  lib = nixpkgs.lib;
+  configImports = [
+    inputs.apis.nixosModules.default
+    ./configuration.nix
+  ];
  hmImports = [
    (import ./home.nix)
    inputs.nixvim.homeManagerModules.nixvim
@ -20,9 +24,8 @@ in
  desktop = lib.nixosSystem {
    inherit system;
    specialArgs = { inherit user; };
-    modules = [
+    modules = configImports ++ [
      ./desktop
-      ./configuration.nix
      ./desktop.nix
      {
        boot.loader.grub.gfxmodeEfi = "1920x1080";
@ -46,9 +49,8 @@ in
  x220 = lib.nixosSystem {
    inherit system;
    specialArgs = { inherit user; };
-    modules = [
+    modules = configImports ++ [
      ./thinkpads
-      ./configuration.nix
      ./desktop.nix
      {
        # 1024x768 is the closest supported resolution to X220's native 1366x768
@ -74,9 +76,8 @@ in
  t430 = lib.nixosSystem {
    inherit system;
    specialArgs = { inherit user; };
-    modules = [
+    modules = configImports ++ [
      ./thinkpads
-      ./configuration.nix
      ./desktop.nix
      {
        boot.loader.grub.gfxmodeEfi = "1600x900";
@ -99,9 +100,8 @@ in
  virtualbox = lib.nixosSystem {
    inherit system;
    specialArgs = { inherit user; };
-    modules = [
+    modules = configImports ++ [
      ./virtualbox
-      ./configuration.nix
      ./desktop.nix
      {
        networking.hostName = "virtualbox";
@ -122,10 +122,12 @@ in

  elnudrop = lib.nixosSystem {
    inherit system;
-    specialArgs = { inherit user; };
-    modules = [
+    specialArgs = {
+      inherit user;
+      enableSSL = true;
+    };
+    modules = configImports ++ [
      ./elnudrop
-      ./configuration.nix
      {
        networking.hostName = "elnudrop";
      }
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@ -32,11 +32,6 @@ in
    gvfs.enable = true; # For Trash
  };

-  networking = {
-    networkmanager.enable = true;
-    nameservers = [ "1.1.1.1" "1.0.0.1" ];
-  };
-
  xdg.portal.enable = true;

  environment.systemPackages = with pkgs; [ yubioath-flutter ];
--- a/hosts/elnudrop/default.nix
+++ b/hosts/elnudrop/default.nix
@ -14,9 +14,13 @@
    ./hosts/tegakituesday.com
  ];

-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 80 443 ];
+  networking = {
+    # May cause some issues
+    networkmanager.enable = lib.mkForce false;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
  };

  security.acme = {
--- a/hosts/elnudrop/hosts/jichan.org/default.nix
+++ b/hosts/elnudrop/hosts/jichan.org/default.nix
@ -1,12 +1,18 @@
+{ enableSSL, ... }:
+
 let host = "jichan.org"; in {
+  imports = [
+    ./tatoeba.nix
+    ./images.nix
+  ];
  services.nginx.virtualHosts."www.${host}" = {
-    forceSSL = true;
-    enableACME = true;
+    forceSSL = enableSSL;
+    enableACME = enableSSL;
    globalRedirect = host;
  };
  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
+    forceSSL = enableSSL;
+    enableACME = enableSSL;
    extraConfig = ''
      error_page 502 /502.html;
    '';
@ -15,24 +21,6 @@ let host = "jichan.org"; in {
      "/502.html".root = "${./502}";
      "/logo.svg".root = "${./502}";
      "/missing.min.css".root = "${../shared/502}";
-
-      # Formerly tatoeba.elnu.com
-      # https://git.elnu.com/ElnuDev/tatoeba-api
-      "/api/tatoeba/" = {
-        proxyPass = "http://elnuhub:3001";
-        extraConfig = ''
-          rewrite ^/api/tatoeba/(.*) /$1 break;
-        '';
-      };
-
-      # Formerly images.elnu.com
-      # https://git.elnu.com/ElnuDev/image-api
-      "/api/images/" = {
-        proxyPass = "http://elnuhub:3002";
-        extraConfig = ''
-          rewrite ^/api/images/(.*) /$1 break;
-        '';
-      };
    };
  };
 }
--- a/hosts/elnudrop/hosts/jichan.org/images.nix
+++ b/hosts/elnudrop/hosts/jichan.org/images.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  services.images.enable = true;
+  services.nginx.virtualHosts."jichan.org".locations."/api/images" = {
+    proxyPass = "http://localhost:${builtins.toString config.services.images.port}";
+    extraConfig = ''
+      rewrite ^/api/images/(.*) /$1 break;
+    '';
+  };
+}
--- a/hosts/elnudrop/hosts/jichan.org/tatoeba.nix
+++ b/hosts/elnudrop/hosts/jichan.org/tatoeba.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  services.tatoeba.enable = true;
+  services.nginx.virtualHosts."jichan.org".locations."/api/tatoeba" = {
+    proxyPass = "http://localhost:${builtins.toString config.services.tatoeba.port}";
+    extraConfig = ''
+      rewrite ^/api/tatoeba/(.*) /$1 break;
+    '';
+  };
+}
--- a/hosts/elnudrop/hosts/tegakituesday.com/default.nix
+++ b/hosts/elnudrop/hosts/tegakituesday.com/default.nix
@ -1,13 +1,15 @@
+{ enableSSL, ... }:
+
 with import ../../../../modules/tailscale/default.nix;
 let host = "tegakituesday.com"; in {
  services.nginx.virtualHosts."www.${host}" = {
-    forceSSL = true;
-    enableACME = true;
+    forceSSL = enableSSL;
+    enableACME = enableSSL;
    globalRedirect = host;
  };
  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
+    forceSSL = enableSSL;
+    enableACME = enableSSL;
    extraConfig = ''
      error_page 502 /502.html;
    '';
--- a/hosts/elnudrop/modules/headscale.nix
+++ b/hosts/elnudrop/modules/headscale.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, enableSSL, ... }:

 let
  baseDomain = "elnu.com";
@ -18,8 +18,8 @@ in {
  };
  environment.systemPackages = [ config.services.headscale.package ];
  services.nginx.virtualHosts.${domain} = {
-    forceSSL = true;
-    enableACME = true;
+    forceSSL = enableSSL;
+    enableACME = enableSSL;
    locations."/" = {
      proxyPass = "http://localhost:${ toString config.services.headscale.port }";
      proxyWebsockets = true;
Author	SHA1	Message	Date
ElnuDev	65ae45eaaf	elnudrop: host images API, refactoring	2023-08-12 14:05:54 -07:00
ElnuDev	c393cbb98f	elnudrop: host tatoeba API	2023-08-12 12:04:37 -07:00
ElnuDev	4bbd00cc9f	elnudrop: disable networkmanager	2023-08-12 12:03:40 -07:00
ElnuDev	2ce25bb218	Explicitly declare hosts and nameservers in general config	2023-08-11 19:29:28 -07:00
ElnuDev	f3849e3eb6	desktop: make nameservers work with resolvconf, switch to quad9	2023-08-11 12:20:19 -07:00
ElnuDev	6176753e71	elnudrop: define enableSSL special argument	2023-08-11 11:44:06 -07:00
ElnuDev	86e8c8c9ec	flake.lock: Update Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/b2ac1d2c32ac11b8d231d23622cdc4b2f28d07d2' (2023-08-02) → 'github:nix-community/home-manager/6e1eff9aac0e8d84bda7f2d60ba6108eea9b7e79' (2023-08-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9e1960bc196baf6881340d53dccb203a951745a2' (2023-08-01) → 'github:nixos/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10) • Updated input 'nixvim': 'github:nix-community/nixvim/4c25722d73694245e767839b462026ab2296542b' (2023-07-23) → 'github:nix-community/nixvim/36a6ab4ba7403dca50b2ca2de5fd5fd57fb19335' (2023-08-10) • Updated input 'nixvim/nixpkgs': 'github:NixOS/nixpkgs/12303c652b881435065a98729eb7278313041e49' (2023-07-22) → 'github:NixOS/nixpkgs/18036c0be90f4e308ae3ebcab0e14aae0336fe42' (2023-08-04) • Updated input 'nixvim/pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/eb433bff05b285258be76513add6f6c57b441775' (2023-07-18) → 'github:cachix/pre-commit-hooks.nix/3139c4d1f7732cab89f06492bdd4677b877e3785' (2023-08-05)	2023-08-10 15:29:06 -07:00