From 1edf1e65b5a0fabe6f5651a6e5f7450a48770d08 Mon Sep 17 00:00:00 2001 From: prescientmoon Date: Mon, 11 Mar 2024 16:08:32 +0100 Subject: [PATCH] Set up diptime and provision invidious hmac key --- hosts/nixos/lapetus/default.nix | 1 + hosts/nixos/lapetus/secrets.yaml | 5 +++-- hosts/nixos/lapetus/services/diptime.nix | 12 ++++++++++++ hosts/nixos/lapetus/services/homer.nix | 16 +++++++++------- hosts/nixos/lapetus/services/invidious.nix | 8 +++++--- modules/nixos/nginx.nix | 12 ++++++++++++ 6 files changed, 42 insertions(+), 12 deletions(-) create mode 100644 hosts/nixos/lapetus/services/diptime.nix diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix index d09754f..a44d6f6 100644 --- a/hosts/nixos/lapetus/default.nix +++ b/hosts/nixos/lapetus/default.nix @@ -17,6 +17,7 @@ ./services/grafana.nix ./services/commafeed.nix ./services/invidious.nix + ./services/diptime.nix ./filesystems ./hardware ]; diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 1ed7f50..0303d5f 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -2,6 +2,7 @@ tilde_irc_pass: ENC[AES256_GCM,data:+pw/g0pffo1zF++1H/+iFXQDCDw=,iv:zTBvaUCwt78d vaultwarden_env: ENC[AES256_GCM,data:39gY2J+AFTwIRar7tbF6D9WadTzw1xiqPE9T204Z,iv:k9m6wQIPh1qScCjgLnULjVxVmDxxmotd/xzVuH6ju/w=,tag:+xIkwguOwYryO4rgsyMOsQ==,type:str] grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQBOW/ay/8w5HrbxRoPGBh/0wST4=,tag:jat8wA3JQlC7WbOwNQ4Ctw==,type:str] grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str] +invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str] sops: kms: [] gcp_kms: [] @@ -26,8 +27,8 @@ sops: RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-24T06:59:54Z" - mac: ENC[AES256_GCM,data:bv5+uXVeYog3sHM4iGe6GFq8mtrqnZGY6eNXdotk8R2Sp2ZR6ZNtxzzUhebsB7gdwcv70+bUQV7qi+FU0T/FvCPJ0J7IRpL//vRWG1jwcblYgkCLtaI3+rfZb4qgWZSRK2xS/I5Nz6mVSG+fvw88gsMTbe5t3aSkaCZB4yiGlHY=,iv:0b6Wo/TYNjTsnhAFwdFH/cWsWbnmbEYmge0ItJ5oIYE=,tag:zgd++po5YFUo4+k5weYrkg==,type:str] + lastmodified: "2024-03-11T15:04:07Z" + mac: ENC[AES256_GCM,data:2J7kixr5PlrPE65grLiYoZCK4x1vIcbGLblVYu0cJ6rR6cUjvigf7xBPx9dgswRjGJxjUs971ZafRdP3sZUBzUWfhgGv0JO1fGuFGytBj3lEnkVIbbWm7lzaG3DJ+orF3SmhN95nVBjJ/oJ9+129T6/y3zrveu6yfjsEELdkcDY=,iv:t/q82qmUZ1g9haGskhcJzNXDngMeJdNQ7il1W9ME5AU=,tag:yRmKCc1nnj4fVlQaEw9oNQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nixos/lapetus/services/diptime.nix b/hosts/nixos/lapetus/services/diptime.nix new file mode 100644 index 0000000..9a345d5 --- /dev/null +++ b/hosts/nixos/lapetus/services/diptime.nix @@ -0,0 +1,12 @@ +# I couldn't find a hosted version of this +{ pkgs, config, ... }: { + imports = [ ../../common/optional/services/nginx.nix ]; + + services.nginx.virtualHosts."diptime.moonythm.dev" = + config.satellite.static (pkgs.fetchFromGitHub { + owner = "bhickey"; + repo = "diplomatic-timekeeper"; + rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464"; + sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk"; + }); +} diff --git a/hosts/nixos/lapetus/services/homer.nix b/hosts/nixos/lapetus/services/homer.nix index cbeb435..ad8294a 100644 --- a/hosts/nixos/lapetus/services/homer.nix +++ b/hosts/nixos/lapetus/services/homer.nix @@ -22,11 +22,8 @@ in { imports = [ ../../common/optional/services/nginx.nix ]; - services.nginx.virtualHosts."lab.moonythm.dev" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - root = pkgs.homer.withAssets { + services.nginx.virtualHosts."lab.moonythm.dev" = + config.satellite.static (pkgs.homer.withAssets { extraAssets = [ iconPath ]; config = { title = "✨ The celestial citadel ✨"; @@ -129,11 +126,16 @@ in logo = icon "invidious.png"; url = "https://yt.moonythm.dev"; } + { + name = "Diptime"; + subtitle = "Diplomacy timer"; + icon = fa "globe"; + url = "https://diptime.moonythm.dev"; + } ]; } # }}} ]; }; - }; - }; + }); } diff --git a/hosts/nixos/lapetus/services/invidious.nix b/hosts/nixos/lapetus/services/invidious.nix index 3f89048..25d48f1 100644 --- a/hosts/nixos/lapetus/services/invidious.nix +++ b/hosts/nixos/lapetus/services/invidious.nix @@ -4,10 +4,15 @@ ../../common/optional/services/postgres.nix ]; + sops.secrets.invidious_hmac_key.sopsFile = ../secrets.yaml; + services.nginx.virtualHosts.${config.services.invidious.domain} = + config.satellite.proxy config.services.invidious.port { }; + services.invidious = { enable = true; domain = "yt.moonythm.dev"; port = 8414; + keyFile = config.sops.secrets.invidious_hmac_key.path; nginx.enable = true; @@ -23,7 +28,4 @@ }; }; }; - - services.nginx.virtualHosts.${config.services.invidious.domain} = - config.satellite.proxy config.services.invidious.port { }; } diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 53f7ebc..a85f731 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -4,10 +4,22 @@ description = "Helper function for generating a quick proxy config"; }; + options.satellite.static = lib.mkOption { + type = lib.types.functionTo (lib.types.functionTo lib.types.anything); + description = "Helper function for generating a quick file serving config"; + }; + config.satellite.proxy = port: extra: { enableACME = true; acmeRoot = null; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; } // extra; }; + + config.satellite.static = root: { + inherit root; + enableACME = true; + acmeRoot = null; + forceSSL = true; + }; }