From c1d486fffaaa1b522613cf0a89494324ec3915e2 Mon Sep 17 00:00:00 2001 From: Matei Adriel Date: Mon, 12 Feb 2024 19:02:56 +0100 Subject: [PATCH] Fix smos setup conflicting with vaultwarden --- flake.lock | 6 +++--- home/features/cli/productivity/secrets.yaml | 5 +++-- home/features/cli/productivity/smos/default.nix | 9 +++++++++ hosts/nixos/lapetus/services/smos.nix | 12 +++++++++++- hosts/nixos/lapetus/services/vaultwarden.nix | 2 +- 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 9ecd564..aaaf6f9 100644 --- a/flake.lock +++ b/flake.lock @@ -2799,11 +2799,11 @@ "yesod-static-remote": "yesod-static-remote_2" }, "locked": { - "lastModified": 1707756524, - "narHash": "sha256-6A1nR0w+N5nEiVwknUihrqRmplo/63gagSEQZ3ktLVE=", + "lastModified": 1707760469, + "narHash": "sha256-iTCnqUS0WouA4HEXsS7A60fUpgWTFmQiiKox0q9Qa7E=", "owner": "Mateiadrielrafael", "repo": "smos", - "rev": "99ed45b8dc0aa065617361373970497f639799ee", + "rev": "d4f0f17c72d4c12e45f37ad3cb6f5042affc8ee5", "type": "github" }, "original": { diff --git a/home/features/cli/productivity/secrets.yaml b/home/features/cli/productivity/secrets.yaml index b24a714..469f9f8 100644 --- a/home/features/cli/productivity/secrets.yaml +++ b/home/features/cli/productivity/secrets.yaml @@ -1,5 +1,6 @@ smos_github_token: ENC[AES256_GCM,data:kqy5mQf96DoPN1iEt2akJWFfD3IJWdSkvZa0MeAyF0WJ/+V5P5C4iQ==,iv:QwmIdV/vzGTLE89XJVi3prgfmXqRa/OYcp9CA7KJDYc=,tag:+S1EZBcxoOQO2ADjDx9STQ==,type:str] intray_password: ENC[AES256_GCM,data:lTCLWSZIk93LhzHJ/ymc,iv:NcmCK3raatp25cKY6GrlL9hiuJp4HGzVNk/eWqDoobo=,tag:v1dirckcNXJjATvMikfNYw==,type:str] +smos_password: ENC[AES256_GCM,data:s+WuVJpe+bSZ7IPYKqA=,iv:fH4k1VTxkcgBwabX7TwZFu1bdWtinK8vug71xa0PiSo=,tag:epqGvDj5pfh9IVLFQLcifA==,type:str] vaultwarden_env: ENC[AES256_GCM,data:dKAkO1pckFVpuN3srD99aGln8fhT69ZNCO1QbdfyJMHlypyNX3YOReR7BoAeDK5DYGRs//8/PLPynRzKPAICng7+yfNDsHHzaF+QNpY=,iv:oNntDA4cXlg5gbTZwqnpyx5nGkYzmLvds5BsAdpdUdc=,tag:IXYS+CKnVb9ZfBm/zcG3JA==,type:str] sops: kms: [] @@ -16,8 +17,8 @@ sops: Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK 8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-03T13:51:00Z" - mac: ENC[AES256_GCM,data:m1q618alC6N3eImV20vQNQkzt2QX4haAQcD9nM4hG8GZPVxwiC7m3wmspqfquCBgFuwZ/MbD+FJnBaNJedh39LO5jahO6dp/uWxg/Kbm+3xNua47R7Ivolcp8hhU1YBMSPJpC8gdlLq4O3Wedcp0Z6fpzCMXvuaaNkiJ/e5jsxQ=,iv:6Fb4YKE4Td2bbyVNpomEdEEJ21/LXwEzPyTyOGqB76M=,tag:4a/qHFs5sHGaSJPdNbX64g==,type:str] + lastmodified: "2024-02-12T17:57:29Z" + mac: ENC[AES256_GCM,data:Ggc4CJuCxQM6vYR8BvCQsPX0dKOAi0TqiHlRgANFaP++d8er5Qz2JIsggwpmABt2E1ueZVY08DNgtg6GQYJDtC5rYzdj0b2kWrfy3NUMh9UAaqxRhcFi8W1Rhn2tQEEf+JRx1hW2yCkqoBvAzzmb+WOM4yS/Fr3IBpPO2jaerrM=,iv:dUqDjN9KHm9yGXs9dO+FkZBzmaHT1UjFoiUjwuzFz88=,tag:LbSy8jFFp2HjBkq3W0zbfQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/home/features/cli/productivity/smos/default.nix b/home/features/cli/productivity/smos/default.nix index 1a7fdfa..ccf7f94 100644 --- a/home/features/cli/productivity/smos/default.nix +++ b/home/features/cli/productivity/smos/default.nix @@ -2,6 +2,8 @@ let workflowDir = "${config.home.homeDirectory}/productivity/smos"; in { + sops.secrets.smos_password.sopsFile = ./secrets.yaml; + # {{{ Smos config programs.smos = { inherit workflowDir; @@ -9,6 +11,13 @@ in enable = true; notify.enable = true; + sync = { + enable = true; + server-url = "api.smos.moonythm.dev"; + username = "prescientmoon"; + password-file = config.sops.secrets.smos_password.path; + }; + github = { enable = true; oauth-token-file = config.sops.secrets.smos_github_token.path; diff --git a/hosts/nixos/lapetus/services/smos.nix b/hosts/nixos/lapetus/services/smos.nix index 9ef88a1..3673c09 100644 --- a/hosts/nixos/lapetus/services/smos.nix +++ b/hosts/nixos/lapetus/services/smos.nix @@ -23,6 +23,7 @@ in # {{{ Docs server docs-site = { enable = true; + openFirewall = false; port = docsPort; api-url = https apiHost; web-url = https webHost; @@ -31,6 +32,7 @@ in # {{{ Api server api-server = { enable = true; + openFirewall = false; port = apiPort; admin = username; @@ -42,6 +44,7 @@ in # {{{ Web server web-server = { enable = true; + openFirewall = false; port = webPort; docs-url = https docsHost; api-url = https apiHost; @@ -52,8 +55,15 @@ in # }}} # {{{ Networking & storage services.nginx.virtualHosts.${docsHost} = config.satellite.proxy docsPort { }; - services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { }; services.nginx.virtualHosts.${webHost} = config.satellite.proxy webPort { }; + services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { + proxyWebsockets = true; + + # Just to make sure we don't run into 413 errors on big syncs + extraConfig = '' + client_max_body_size 0; + ''; + }; environment.persistence."/persist/state".directories = [ "/www/smos/production" diff --git a/hosts/nixos/lapetus/services/vaultwarden.nix b/hosts/nixos/lapetus/services/vaultwarden.nix index 38abab0..52ade15 100644 --- a/hosts/nixos/lapetus/services/vaultwarden.nix +++ b/hosts/nixos/lapetus/services/vaultwarden.nix @@ -1,6 +1,6 @@ { config, ... }: let - port = 8404; + port = 8406; host = "warden.moonythm.dev"; in {