adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rico1: add deployments

Browse source
This commit is contained in:
Adithya 2024-07-03 17:03:34 +05:30
parent 1f5c569532
commit b167f09b8f
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
9 changed files with 232 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

108
flake.lock
View file

@ -1,5 +1,25 @@
{
"nodes": {
"adtyaxyz": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1719852331,
"narHash": "sha256-KLvim6+CdC2+/Fu0Z5k8Tc/5ugrq0vS9pgFOfidprtM=",
"owner": "adtya",
"repo": "adtya.xyz",
"rev": "1c775c03ad19f6e67591065ab5ff889c158da274",
"type": "github"
},
"original": {
"owner": "adtya",
"ref": "main",
"repo": "adtya.xyz",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
@ -24,7 +44,7 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
@ -171,7 +191,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
@ -183,7 +203,6 @@
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
@ -202,6 +221,7 @@
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
@ -224,6 +244,24 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
@ -374,8 +412,8 @@
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
@ -410,7 +448,7 @@
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
@ -439,7 +477,7 @@
"git-hooks": "git-hooks",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1719858211,
@ -474,11 +512,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"lastModified": 1719468428,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d",
"type": "github"
},
"original": {
@ -521,6 +559,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1718541509,
"narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=",
@ -536,7 +590,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1719468428,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
@ -552,7 +606,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1719690277,
"narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
@ -568,7 +622,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1719468428,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=",
@ -584,7 +638,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1716220750,
"narHash": "sha256-Lhhrd1ZBNXCbUupWGq6gRPIy1qMKEdcAXcjnwgVqe/U=",
@ -629,14 +683,15 @@
},
"root": {
"inputs": {
"adtyaxyz": "adtyaxyz",
"deploy-rs": "deploy-rs",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"lix-module": "lix-module",
"neovim-nightly": "neovim-nightly",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"sops-nix": "sops-nix",
"varnam-nix": "varnam-nix"
}
@ -668,7 +723,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
@ -746,9 +801,24 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
@ -766,7 +836,7 @@
},
"varnam-nix": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1716722955,

2
flake.nix
View file

@ -29,6 +29,7 @@
flake-utils.url = "github:numtide/flake-utils?ref=main";
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay?ref=master";
varnam-nix.url = "github:adtya/varnam-nix?ref=main";
adtyaxyz.url = "github:adtya/adtya.xyz?ref=main";
};
outputs =
@ -43,6 +44,7 @@
, flake-utils
, neovim-nightly
, varnam-nix
, adtyaxyz
,
} @ inputs:
let

31
hosts/rico1/services/apps/adtya.xyz.nix Normal file
View file

@ -0,0 +1,31 @@
{ inputs, pkgs, ... }: {
services = {
caddy.virtualHosts."adtya.xyz" = {
serverAliases = [ "www.adtya.xyz" ];
extraConfig = ''
handle {
root * ${inputs.adtyaxyz.packages.${pkgs.system}.default}/share/web
encode gzip
try_files {path} /index.html
file_server
}
'';
};
frp.settings.proxies = [
{
name = "http.adtya.xyz";
type = "http";
customDomains = [ "adtya.xyz" "www.adtya.xyz" ];
localPort = 80;
transport.useCompression = true;
}
{
name = "https.adtya.xyz";
type = "https";
customDomains = [ "adtya.xyz" "www.adtya.xyz" ];
localPort = 443;
transport.useCompression = true;
}
];
};
}

3
hosts/rico1/services/apps/default.nix Normal file
View file

@ -0,0 +1,3 @@
_: {
imports = [ ./adtya.xyz.nix ./proofs.nix ];
}

28
hosts/rico1/services/apps/proofs.nix Normal file
View file

@ -0,0 +1,28 @@
_: {
services = {
caddy.virtualHosts = {
"proofs.adtya.xyz" = {
extraConfig = ''
redir https://keyoxide.org/hkp/51E4F5AB1B82BE45B4229CC243A5E25AA5A27849
'';
};
};
frp.settings.proxies = [
{
name = "http.proofs.adtya.xyz";
type = "http";
customDomains = [ "proofs.adtya.xyz" ];
localPort = 80;
transport.useCompression = true;
}
{
name = "https.proofs.adtya.xyz";
type = "https";
customDomains = [ "proofs.adtya.xyz" ];
localPort = 443;
transport.useCompression = true;
}
];
};
}

8
hosts/rico1/services/caddy.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
services.caddy = {
enable = true;
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
email = "admin@acomputer.lol";
};
}

5
hosts/rico1/services/default.nix
View file

@ -2,6 +2,11 @@ _: {
imports = [
./btrfs.nix
./ssh.nix
./caddy.nix
./frp.nix
./apps
];
}

25
hosts/rico1/services/frp.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }: {
sops.secrets = {
"frp/token_file" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd.services.frp.serviceConfig.EnvironmentFile = config.sops.secrets."frp/token_file".path;
systemd.services.frp.serviceConfig.Restart = lib.mkForce "always";
services.frp = {
enable = true;
role = "client";
settings = {
serverAddr = "10.10.10.1";
serverPort = 7002;
transport.protocol = "quic";
auth.method = "token";
auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}";
};
};
}

68
secrets.yaml
View file

@ -14,6 +14,11 @@ wireguard:
rico2:
pk: ENC[AES256_GCM,data:XyiOlPelFLAhW7Dbko+zGnrxvDAcwxLhBPXye+tBEZ4rs/gcoczjqPhfUJo=,iv:DoMIXLUClnosQPg4VhXBdWV41MJ2sN3C3xgZ9jw2qkY=,tag:m0ZfLdWX8u1h1RgIMfVE9w==,type:str]
psk: ENC[AES256_GCM,data:vKHqJDkpyj05UnnSU0PTG3byrXs9gwJISRmwgG93jaOUCUKfsJuSDeQCfQw=,iv:/v7sEH03zsVfDxY6oCvnRfNQfNvqXi5Bt5ONM7zFxoI=,tag:WzDTlFU7frYwAGHkUHlxEQ==,type:str]
wynne:
pk: ENC[AES256_GCM,data:50L8Rru7pVWa+19qltLynzYwh37HK3IbnjfBtf6REb7KpSTWvmK48JVchxw=,iv:PQylNCEGiyBIk/NxFSAFqrzCu5st9dkshQ6jyRt7yKs=,tag:ddhaCFCBQVxrPaqaHIvg2Q==,type:str]
psk: ENC[AES256_GCM,data:cbO8D/kwhdsiYAqXAbdud0Bhm/tpmwcpdCmKcsvsnUFjy2fO9dYrd0/KbSA=,iv:oByAtlZTY7+taMoniU/dIecZG8XoHWwKVBHGri4xUv0=,tag:8vJm4n/8/jxHtS+E+iVvLw==,type:str]
frp:
token_file: ENC[AES256_GCM,data:y8QgggTJaQ2STMGNGT0RagUhBgA6H20plzEwd9jNhdXl1098URUV0288YoTnQcc=,iv:/BYWC2WYvXrlvNc97RJTfhf1IratSRU0vHcaxLXJ+V4=,tag:PlStSrzm09fW442uBHAiUg==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,50 +28,59 @@ sops:
- recipient: age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVUp3TjUrdlpsemtwR2U0
Nm9XWGg5YjZKL0NUREg2b2dTaGpyNzh0cFdFCkRIT0l3bHpEbFlJNGFTSmE3YWtp
QUZlZVFpOHQ5OHNTVVVXTGxIRUFWMTQKLS0tIEtBWmF2aTV4dUhoSC9zMVNxY2tG
K3NITlJScjdhKzlWUDFrZWl2cVBPaFUKKL25E0qbifEAxtqob2gPxgzZg5GZvs5c
Mg2NEbfMKEbXcucV5o4pIEAJfTJ8mh4FDr0foHgDq0wtpf7Cmy4GGQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSW1zTkFrQVhOdVZkcFBI
OXJCODR6Tm16ZWpqSFYrWGFpZkZudWl4OGp3ClVlb1Iydi82VzEzMUZQSjhrYkh4
aXdHZUVJK3lKbWk1SVRYWEpJUnNOODAKLS0tIHduMStCYVJ0MXZETGtFTEJXZHFm
elpscXhWcTh4OUs4anIxcFNENWNVMUEK6Pq9ayvzMq8kld55Glqu4qTDgEn/lhEk
3OV2VXMw4ipR8J0gYw+z3PvepxJIDbblNG2VGXLQg9AGOiHSKDAPIQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMnZTV0YyOUZYa1FpRjBL
R3V1d1diMGdVR0JTNmR4N0NzYUhWcVh3Y2gwCjhyRi83eE9EWUU5c3p5L3VJa3ZN
ZmdIdEtkV0dHNE9QeW5McEEzY1hVTEUKLS0tIGFMZ0l3amI4UzhibTZDZ3AzTjJW
NGZjMUVzVzQ5S2hKRWFISlJOVlIwdTAKe/+5CXcYnTHX8N+JQHOJbPTPB+yHJPgw
mYRm8X4+UtKsELe5ipsRJNnwfiAAAZWcs9En7na9tYAN3bm3xhhRvw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDaVVFekhVUklrOUxHMzNh
dm9ENENPMWJIUVVxK1UvblVGKzJ1TXZETzJBCnVuRllDMkxOcjliMG1ZZ2VXZEM5
QXRQZGVhai9jcFlYK0RicjZ2UWZQMDgKLS0tIFFPZjlHbjFoUjcrbWoxMFVndWJW
TTJtTVcrZWhYaHNHUUVXRExISWh4QzAKbHhOlpdhsGyFMndkN5UwWvrGiOvl09dp
1xS9ymEq+yTP6DsmF+wDOr4/cRRolX8ynYuieeAUc0mr68aBzcjcxg==
-----END AGE ENCRYPTED FILE-----
- recipient: age106k9u5ns9h7smh3gqc40k9fft5emknvq669qdv8a29ak3ah4j38s5ng2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ0o1Y3FBNFBtQlAzc1RL
ZGgwSkZBOW4rcnRWQmcvOTA0QldSVW9hRnpZCkNwK1R3cEFkZ1VrOWt0Vi9nZ3l4
RzNyYm45OE9helBjZmhOWUtDUkd1eWMKLS0tIGlIazRMK25aTjJhUVpSL3pQU256
SmdMcGlXcGs4WFdobXRiOVdBSkVGb1kKbHtblReRzuxJJ8GDMoT4Vi0aygjNANNU
Ldwnlgctd2YL3HP8Ie8A6tUsoYXO4vZG5T7Jmj7A8X7Syw7SZrQ/zw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdHpRN04vN2V3ZXpvQm9F
cHMzMjlWVVJXeVZBVWxWbXo2ZHcrVE9xOTBNCi9wdTdtY2ZGQ1Z3Y3BXd1IvSWhk
QTlvZWM1Qk1pK0hmYmtRYlkwZGFHVmcKLS0tIEV2djNaN3VjS1pyeE9reTIwWEkx
UEh3c2IyL1pLRXZmaSt4TmZHYi9UWm8KX3iBWz5EpXyJJPOrcrjDqtNe8uTPpvSx
THSITlihwTMuTm/38lO/FlaPn8HnygJD/rb0QPGrqM8Byko8RNXC7g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1829x4l8vdhcn97af0zq898tupll0smrqywxka4pswkt6mtn8qp7qqnnnl4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMmh0SWIwVFlCV25mQ3Qx
eXFQY1F1TTNWOG1iSWVmdkU0SGc1RTNtWm5jClVqVXBTQVBsRVZ1MWI4d3VxRnBK
NGNMckZKT0p6RGxlZkFZZEZhbjh1Yk0KLS0tIC80VmJkK0J3TXhJbktDQUhuSk1t
OHZ4VE9NcVNqbXNVZ21lK0MrL29SUDAK/lA/hM6arUhyferhLnzg0D0xdwxzOkbd
cHpudtHguh2dp57wHoE1FOaSceyCt5KCpLlQ+hAiDgu9hU9zEsQ+Sg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMk1iOXc2TWNvUDBJb21G
OGYrUGpiRWhhK2ZkZDB2cTlVYndoOVVrTkZNCkVxejVldUkvelhNK1kzSUNpQ01q
MEdrV210R1c2YUhrbjJGNmxCcStyNDAKLS0tIGthZ0FUdlZMd0xla3dVOEJDbWlw
KzY3MEg2bGd2RzQvdTB2Z21ka3NjakEKDBzzhXsjq3ZSc+P8ukwdgGU5iiA9FZ3l
yH0gaQgliBR5/KUHAoyPf9ksPxn8XVMlTvDMv1OZv2W5X3LkAWe9GA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTDdYanBoL2x1RFI3dWJo
aUE4UEFMNUw5RlZ4OVNiWDRkeDgrL1A1MXo0CjNlV0ZuTjJUZFFVRkFqa3dIa1Ju
ZzNrc0JBQ0QrUFkvd1RVcDAyM1BVaWsKLS0tIHZEL2M1ckFMekhHbGtFblRWeWdK
Yk9BeXR2dmdoYjJycGhFVFY2eU1BM0kKuYnQ88CjewMQ0JAs+H1/abBaWKldtSPm
ZyZ0ibyH0PdTeXwPIyngkl0c2z1ge96ntS1/rH+6NcTdS8z8WvJ0nQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvV2xyNXR4RXRtSU1vMVZG
RWVSdUQvYjlUUi83K0JMUDJZSlE0bDFhaW13CnhKbFlXaGRrOHVTSmV2ZGlNUy9t
akJCZ2E4Z1JsNmNoUjRyQ1BrSjgxUzQKLS0tIFBFdUZQWUtHczd0MjZGblphVG9P
dVN0THNhTmU2cUNESmlKS2NuLzBPcnMKa5C1EBeB9bMgUi+vzZOLi0zA2idZ+516
9lC2DAEI1ZkdeDhiRO5emj3/isrtbs0ODk9zC60lc7nHE4PrpreYCg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-02T17:20:30Z"
mac: ENC[AES256_GCM,data:+3elFjThp7PkfI2kAzMfp6k1bPKgSDmGcEFcKk5LJXIoxt0rPZalwHyYu9GTut7LsiQ2Hm2xvGKsIzNFJ2nLsyFCxRu4bXUv3wYvZeohp1pMnL7LfTrKZYCZP1YJX1nWK8vYnlHbqLZgQy7SgZP/rDdajg3OzK2Rrsd1wx39pno=,iv:pBthbHczEhmRt3yKJeVpnl4KHFUvSHw/9yT+U5lL9M4=,tag:Q2CmXp/AAsVqKydKkqr6TA==,type:str]
- recipient: age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYmdnM2J2eDVkaGJlRnkw
VjlTaHNuOEVmRFpNV2hIbVBoZWFWZ3Era1VnCklOZFRVVGpTUjNuUGVoL3hoZFV6
bFRXS29xNXJSakJ1cVo3ZERvZ0dqR0EKLS0tIHhjS0xOWFpEMTRHSGQ1cGYyYlZX
eWFtWnBOeDd0ZzBkZXU5azR4aGNEVmMKCgMM4bWM/QLrFivkYlPbeQwX1+2mdF8a
JeMYwo6CJSCGQsDmlomYmhE5ezxI+FNoFjTH0+gMcMvgDmNyHJE0Qg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-03T11:30:10Z"
mac: ENC[AES256_GCM,data:9EpPVfpoJGt+3xejSjKxpuKDuiaWMVjK8tpDZPEXXmCfkVb9vuV/YRknu1BrPSTFCLb08JtBIF0Ip9WKcUk/u7gR+NKkdQW3QgilkNdxwUDnp4399GpJ6JfbdFIscDAuf743QDx/iSxuZjNVwjBXGPN/xWlnZ10/hxuWdqcc1eY=,iv:i7YBsoRMLRR3kJgYcbgo0T0GLGPXsA3vVPVEBWZHb3s=,tag:e1bdGlASOSbSm14f6NmfHw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1