diff --git a/common/icons/guacamole.png b/common/icons/guacamole.png new file mode 100644 index 0000000..2fb3f9d Binary files /dev/null and b/common/icons/guacamole.png differ diff --git a/common/icons/jupyter.png b/common/icons/jupyter.png new file mode 100644 index 0000000..45902ed Binary files /dev/null and b/common/icons/jupyter.png differ diff --git a/docs/ports.md b/docs/ports.md deleted file mode 100644 index a412faa..0000000 --- a/docs/ports.md +++ /dev/null @@ -1,26 +0,0 @@ -# Ports - -The idea is to always use consecutive ports, but never go back and try to recycle older no longer used ports (for the sake of keeping things clean). - -| Port | Description | -| ---- | --------------------------------------------------------------------------- | -| 8401 | [whoogle](../hosts/nixos/lapetus/services/whoogle.nix) | -| 8402 | [intray api](../hosts/nixos/lapetus/services/intray.nix) | -| 8403 | [intray](../hosts/nixos/lapetus/services/intray.nix) | -| 8404 | [smos](../hosts/nixos/lapetus/services/smos.nix) | -| 8405 | [smos docs](../hosts/nixos/lapetus/services/smos.nix) | -| 8406 | [smos api](../hosts/nixos/lapetus/services/smos.nix) | -| 8407 | [whoogle](../hosts/nixos/lapetus/services/whoogle.nix) | -| 8408 | [vaultwarden](../hosts/nixos/lapetus/services/vaultwarden.nix) | -| 8409 | [grafana](../hosts/nixos/lapetus/services/grafana.nix) | -| 8410 | [prometheus](../hosts/nixos/lapetus/services/prometheus.nix) | -| 8411 | [prometheus node exporter](../hosts/nixos/lapetus/services/prometheus.nix) | -| 8412 | [prometheus nginx exporter](../hosts/nixos/lapetus/services/prometheus.nix) | -| 8413 | [commafeed](../hosts/nixos/lapetus/services/commafeed.nix) | -| 8414 | [invidious](../hosts/nixos/lapetus/services/invidious.nix) | -| 8415 | [radicale](../hosts/nixos/lapetus/services/radicale.nix) | -| 8416 | [redlib](../hosts/nixos/lapetus/services/redlib.nix) | -| 8417 | [qbittorrent](../hosts/nixos/lapetus/services/qbittorrent.nix) | -| 8418 | [microbin](../hosts/nixos/lapetus/services/microbin.nix) | -| 8419 | [forgejo](../hosts/nixos/lapetus/services/forgejo.nix) | -| 8420 | [jupyterjub](../hosts/nixos/lapetus/services/jupyter.nix) | diff --git a/hosts/nixos/common/global/default.nix b/hosts/nixos/common/global/default.nix index f484391..0f5a2c5 100644 --- a/hosts/nixos/common/global/default.nix +++ b/hosts/nixos/common/global/default.nix @@ -16,6 +16,7 @@ let ./nix.nix ./locale.nix ./persistence.nix + ./ports.nix ./wireless ../../../../common diff --git a/hosts/nixos/common/global/ports.nix b/hosts/nixos/common/global/ports.nix new file mode 100644 index 0000000..6af19e6 --- /dev/null +++ b/hosts/nixos/common/global/ports.nix @@ -0,0 +1,26 @@ +# The idea is to always use consecutive ports, but never go back and try to +# recycle older no longer used ports (for the sake of keeping things clean). +{ + satellite.ports = { + whoogle = 8401; + intray-api = 8402; + intray-client = 8403; + smos-docs = 8404; + smos-api = 8405; + smos-client = 8406; + vaultwarden = 8407; + actual = 8408; + grafana = 8409; + prometheus = 8410; + prometheus-node-exporter = 8411; + prometheus-nginx-exporter = 8412; + commafeed = 8413; + invidious = 8414; + radicale = 8415; + redlib = 8416; + qbittorrent = 8417; + microbin = 8418; + forgejo = 8419; + jupyterhub = 8420; + }; +} diff --git a/hosts/nixos/common/optional/services/nginx.nix b/hosts/nixos/common/optional/services/nginx.nix index 3e6b801..723a441 100644 --- a/hosts/nixos/common/optional/services/nginx.nix +++ b/hosts/nixos/common/optional/services/nginx.nix @@ -1,5 +1,6 @@ { imports = [ ./acme.nix ]; + satellite.nginx.domain = "moonythm.dev"; # Root domain used throughout my config services.nginx = { enable = true; recommendedGzipSettings = true; diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix index 55658cc..0d6eefd 100644 --- a/hosts/nixos/lapetus/default.nix +++ b/hosts/nixos/lapetus/default.nix @@ -2,31 +2,39 @@ imports = [ ../common/global ../common/users/pilot.nix + ../common/optional/oci.nix + ../common/optional/services/acme.nix ../common/optional/services/kanata.nix + ../common/optional/services/nginx.nix + ../common/optional/services/postgres.nix ../common/optional/services/restic - ./services/syncthing.nix - ./services/whoogle.nix - ./services/pounce.nix - ./services/intray.nix - ./services/smos.nix - ./services/vaultwarden.nix + # ./services/commafeed.nix + # ./services/ddclient.nix ./services/actual.nix - ./services/homer.nix - ./services/zfs.nix - ./services/prometheus.nix - ./services/grafana.nix - ./services/commafeed.nix - ./services/invidious.nix + ./services/cloudflared.nix ./services/diptime.nix + ./services/forgejo.nix + ./services/grafana.nix + ./services/guacamole + ./services/homer.nix + ./services/intray.nix + ./services/invidious.nix + ./services/jellyfin.nix + ./services/jupyter.nix + ./services/microbin.nix + ./services/pounce.nix + ./services/prometheus.nix + ./services/prometheus.nix + ./services/qbittorrent.nix # turned on/off depending on whether my vpn is paid for ./services/radicale.nix ./services/redlib.nix - ./services/jellyfin.nix - ./services/qbittorrent.nix # turned on/off depending on whether my vpn is paid for - ./services/microbin.nix - ./services/forgejo.nix - ./services/jupyter.nix - # ./services/ddclient.nix + ./services/smos.nix + ./services/syncthing.nix + ./services/vaultwarden.nix + ./services/whoogle.nix + ./services/zfs.nix + ./filesystems ./hardware ]; diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 0eae1bb..c45c1d4 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -8,6 +8,7 @@ microbin_env: ENC[AES256_GCM,data:nxiE9GIvEb0xgqomDdMyy2UtG25pt7h+6JUZkAgIejZbJf forgejo_mail_password: ENC[AES256_GCM,data:linrpmA8b+8e1+tWNl0=,iv:Mk7suPq0Jt960Zl9s2jj3SSAKt4t8Lv4eKdIo0o8JbE=,tag:TZ0qGJIVSFSUt/0cqamvdw==,type:str] javi_password: ENC[AES256_GCM,data:5Ifh/DclUz0/AL69Th/GckolrjerLOnDW77SOf+/L3v39T+EOYgK2GDNKtWGGWYX5sdxZ9JwLS3ZVsIOnN4zjFhgV+GChJWkkzjdpJEtpHlmmBKlyS31Fw7SixVkL3y3VJhw72aVv3bMKQ==,iv:FzAmvIlrhna5InsQCRrWVdrKZGmHMb0njWdvgBurdYs=,tag:/Iguu2FbdV/4RSGTnFdyYA==,type:str] vpn_env: ENC[AES256_GCM,data:+61Ft1xj1WnaGH6SdUj3sQunDeTWTQ/G2GVQr1KxXVmLehAdO3W2qwqPRsq0qaad3E6eXd7kMU78w1/9fXM34mJXArmXNPW1X+0549+NX4t3QVP83cIRw6B5vwlWMIA8ixEk46a+t7/C6A10hqpyhqHmeyQEOwJvG+Pou61lBmhSkMQy5gjH4ZNsHHZV0/6ZxSk0yAPQq76cPz4dFvyDzdonLnb+2s1KhHC3D7P6SfuWnfJ1EglrDT8R+A==,iv:mw26zTyFnq9CjN06eRmBTWNjh6SRDY7WOCyhBCmyglg=,tag:cPJvzgtruQNLSg7B+br6xQ==,type:str] +guacamole_users: ENC[AES256_GCM,data:owqflMMpGLUWPcab8JDlQ12zOuCrfkohxims8we9gKuFX28hrjN1wCmgFDGgX5VqWp07SOKdQVI05xMMO2e9pYgUpeKx5FIa/S/4Q/RNelwWPLmhxqGyEt59L5IBgTfgW5qQMvsl1Q7Xgf8X5bFFUSRmzAx0RFamMPqr71vwPphT7XNnPT8QWQo/2bEUqH0Tb5ITkb1FRSMQzIempuKe4K+awISIDAMwLf87esnoHx+dzQQQObSkKGNDpZ39+IUmeyvTIgN7uWQ349jIzkjNTVMzMUWdpDM6Mn9NwQA8m9BXns9vAe03Ama5cQ0ei64eZSb5uYki0BIV2pYccmIBn4Y/QgfMi5F/L9khr94iiVfH6EWtrDIpVwFt9TNZA/gHbOkQVPyHUMGOpCn2tK5ifFDK0URH5E7WM66BiL3yKd7B9SvQuEN8bnFn64QgiYxSp5NxxGx1ZLE7pzSCEtXkWkCYDHe0xDpOUd+zEfOIeQo7Cdn7y5QaXFyrcwryprYb5Hx/5TtTkCm/+r9nl7BbMKnPLblJvsA77/7pws8xcLgNSAR0ROWqB88vauI1uvwdWN5U5VxsEJmoNQXQKOLOtiQ2mFfIY3DYdHtw1L26ISIYOU6XR7jI/MwOBPO94izEW/j1SwGNgMN5Aydu0RRUhyK9RojjR5CEYjyuqclcD0asJ4faYQn8GvnXJPKF/+U7C6O1g6/ejl3fjwyWRb4kreIATdRfZH+m3nVHgSMvPNk8aPlIs51+SIYMtzf32lKp/AVn2hFKF5g+r2rhWH13Lt9poUg2l//l3jPDY1hpc6dm/5H9ZIGKIqcBlYxqnQngUu51lGO0r6z7u/EsIbInnd5TLK5JrTfnuLuwbyo1yetT2J0MNumy9FcrTsDK4+7DEdAJUxPBRrzllgi+hrnDlVLgLH+7y/gc8lB0cE53GBBXp1N7SfJ1,iv:RFuPux63nSefW3+F08jb94q/NwIKE9g/DGjN++oMdXc=,tag:tCCUIttbK5wfbNpjzY0Bgw==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +33,8 @@ sops: RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-31T23:18:45Z" - mac: ENC[AES256_GCM,data:IUiFsu7+ANxUSr5hR6L3lwK+hP2LpGQFPliGOC3XyhxjLsEkbdCi/CqkaJH7tWZTSUoxMPtdn8JC8mGsnW0puhB6YWA26dbXjlvKGWO+02wcMONy3+prW8v7KLXWe513wsLx1fHOjHMchZj/p8gagOGw19aoGdsTNXnQczwPumo=,iv:hH5R9KFTWvps0JC8iKOkDJMeOfdatFHkz6LedeyY9WE=,tag:2pLvEplrGHpBHbtVfFxCfQ==,type:str] + lastmodified: "2024-06-13T13:36:09Z" + mac: ENC[AES256_GCM,data:3YUMJJaAeU6S7BwB5FzUuke3SKMZ0naRtRQoAnSRMMj39dQmg20rQy8F5cWsPvQAbDhOnY/1t3IxGbc8LGQkapcJJhbLiWuQmnPylZuMIgXhsnEzSyZ195FJcTGP5JTfmUb0GZ29MSBAlqRcZb0IDZjbOpVigp5BbD+s64HpdFE=,iv:p1pg4A1JEX3YlvoG6ncaavbJvURPlkAQM/jKbE+9sgE=,tag:WvULhegnyz/HXRfCEP6DiQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nixos/lapetus/services/actual.nix b/hosts/nixos/lapetus/services/actual.nix index 269cf06..3a05634 100644 --- a/hosts/nixos/lapetus/services/actual.nix +++ b/hosts/nixos/lapetus/services/actual.nix @@ -1,23 +1,15 @@ { config, ... }: -let - port = 8408; - host = "actual.moonythm.dev"; - dataDir = "/persist/state/var/lib/actual"; +let dataDir = "/persist/state/var/lib/actual"; in { - imports = [ - ../../common/optional/services/nginx.nix - ../../common/optional/oci.nix - ]; - - services.nginx.virtualHosts.${host} = config.satellite.proxy port { }; + satellite.nginx.at.actual.port = config.satellite.ports.actual; systemd.tmpfiles.rules = [ "d ${dataDir}" ]; virtualisation.oci-containers.containers.actual = { image = "actualbudget/actual-server:latest"; autoStart = true; - ports = [ "${toString port}:5006" ]; # server:docker + ports = [ "${toString config.satellite.nginx.at.actual.port}:5006" ]; # server:docker volumes = [ "${dataDir}:/data" ]; # server:docker }; } diff --git a/hosts/nixos/lapetus/services/commafeed.nix b/hosts/nixos/lapetus/services/commafeed.nix index e792a87..156cfcd 100644 --- a/hosts/nixos/lapetus/services/commafeed.nix +++ b/hosts/nixos/lapetus/services/commafeed.nix @@ -1,18 +1,11 @@ { config, ... }: let - port = 8413; - host = "rss.moonythm.dev"; + port = config.satellite.ports.commafeed; dataDir = "/persist/state/var/lib/commafeed"; in { - imports = [ - ../../common/optional/services/nginx.nix - ../../common/optional/oci.nix - ]; - systemd.tmpfiles.rules = [ "d ${dataDir}" ]; - services.nginx.virtualHosts.${host} = config.satellite.proxy port - { proxyWebsockets = true; }; + satellite.nginx.at.rss.port = port; virtualisation.oci-containers.containers.commafeed = { image = "athou/commafeed:latest"; @@ -27,7 +20,7 @@ in # https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example environment = { - CF_APP_PUBLICURL = "https://${host}"; + CF_APP_PUBLICURL = "https://${config.satellite.nginx.at.rss.host}"; CF_APP_ALLOWREGISTRATIONS = "false"; # I already made an account CF_APP_MAXENTRIESAGEDAYS = "0"; # Fetch old entries diff --git a/hosts/nixos/lapetus/services/ddclient.nix b/hosts/nixos/lapetus/services/ddclient.nix index 3c3f16d..aee905f 100644 --- a/hosts/nixos/lapetus/services/ddclient.nix +++ b/hosts/nixos/lapetus/services/ddclient.nix @@ -1,8 +1,6 @@ # DDClient is a dynamic dns service { config, pkgs, ... }: { - imports = [ ../../common/optional/services/acme.nix ]; - services.ddclient = { enable = true; interval = "1m"; diff --git a/hosts/nixos/lapetus/services/diptime.nix b/hosts/nixos/lapetus/services/diptime.nix index 9a345d5..38d998f 100644 --- a/hosts/nixos/lapetus/services/diptime.nix +++ b/hosts/nixos/lapetus/services/diptime.nix @@ -1,12 +1,9 @@ # I couldn't find a hosted version of this { pkgs, config, ... }: { - imports = [ ../../common/optional/services/nginx.nix ]; - - services.nginx.virtualHosts."diptime.moonythm.dev" = - config.satellite.static (pkgs.fetchFromGitHub { - owner = "bhickey"; - repo = "diplomatic-timekeeper"; - rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464"; - sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk"; - }); + satellite.nginx.at.diptime.files = pkgs.fetchFromGitHub { + owner = "bhickey"; + repo = "diplomatic-timekeeper"; + rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464"; + sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk"; + }; } diff --git a/hosts/nixos/lapetus/services/forgejo.nix b/hosts/nixos/lapetus/services/forgejo.nix index 64c0927..7f002c7 100644 --- a/hosts/nixos/lapetus/services/forgejo.nix +++ b/hosts/nixos/lapetus/services/forgejo.nix @@ -1,6 +1,6 @@ { lib, config, ... }: let - port = 8419; + port = config.satellite.ports.forgejo; host = "git.moonythm.dev"; cfg = config.services.forgejo; in diff --git a/hosts/nixos/lapetus/services/grafana.nix b/hosts/nixos/lapetus/services/grafana.nix index f6f4abf..2466323 100644 --- a/hosts/nixos/lapetus/services/grafana.nix +++ b/hosts/nixos/lapetus/services/grafana.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: let + port = config.satellite.ports.grafana; secret = name: "$__file{${config.sops.secrets.${name}.path}}"; sopsSettings = { sopsFile = ../secrets.yaml; @@ -7,11 +8,6 @@ let }; in { - imports = [ - ../../common/optional/services/nginx.nix - ./prometheus.nix - ]; - sops.secrets.grafana_smtp_pass = sopsSettings; sops.secrets.grafana_discord_webhook = sopsSettings; @@ -21,9 +17,9 @@ in settings = { server = rec { - domain = "grafana.moonythm.dev"; + domain = config.satellite.nginx.at.grafana.host; root_url = "https://${domain}"; - http_port = 8409; + http_port = port; }; # {{{ Smtp @@ -90,8 +86,7 @@ in }; # }}} # {{{ Networking & storage - services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = - config.satellite.proxy config.services.grafana.settings.server.http_port { }; + satellite.nginx.at.grafana.port = port; environment.persistence."/persist/state".directories = [{ directory = config.services.grafana.dataDir; diff --git a/hosts/nixos/lapetus/services/guacamole/default.nix b/hosts/nixos/lapetus/services/guacamole/default.nix new file mode 100644 index 0000000..7e8e5ca --- /dev/null +++ b/hosts/nixos/lapetus/services/guacamole/default.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + sops.secrets.guacamoleUsers.sopsFile = ../../secrets.yaml; + satellite.nginx.at.guacamole.port = 8443; # default tomcat port + + services.guacamole-server = { + enable = true; + services.guacamole-server.userMappingXml = config.sops.secrets.guacamoleUsers.path; + }; + + services.guacamole-client = { + enable = true; + }; +} diff --git a/hosts/nixos/lapetus/services/guacamole/ed25519.pub b/hosts/nixos/lapetus/services/guacamole/ed25519.pub new file mode 100644 index 0000000..0f74877 --- /dev/null +++ b/hosts/nixos/lapetus/services/guacamole/ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4xXKQ07lTMuCIg9Grejp2+o50Fo1ptxyK1oGnWt8jA adrielus@tethys diff --git a/hosts/nixos/lapetus/services/homer.nix b/hosts/nixos/lapetus/services/homer.nix index 4d5f93b..523bb91 100644 --- a/hosts/nixos/lapetus/services/homer.nix +++ b/hosts/nixos/lapetus/services/homer.nix @@ -20,184 +20,193 @@ let icon = file: "assets/${iconPath}/${file}"; in { - imports = [ ../../common/optional/services/nginx.nix ]; + satellite.nginx.at.lab.files = pkgs.homer.withAssets { + extraAssets = [ iconPath ]; + config = { + title = "✨ The celestial citadel ✨"; - services.nginx.virtualHosts."lab.moonythm.dev" = - config.satellite.static (pkgs.homer.withAssets { - extraAssets = [ iconPath ]; - config = { - title = "✨ The celestial citadel ✨"; + header = false; + footer = false; + connectivityCheck = true; - header = false; - footer = false; - connectivityCheck = true; + colors.light = colors; + colors.dark = colors; - colors.light = colors; - colors.dark = colors; - - services = [ - # {{{ Infrastructure - { - name = "Infrastructure"; - icon = fa "code"; - items = [ - { - name = "Prometheus"; - type = "Prometheus"; - subtitle = "Monitoring system"; - logo = icon "prometheus.png"; - url = "https://prometheus.moonythm.dev"; - } - { - name = "Grafana"; - subtitle = "Pretty dashboards :3"; - logo = icon "grafana.png"; - url = "https://grafana.moonythm.dev"; - } - { - name = "Syncthing"; - subtitle = "File synchronization"; - logo = icon "syncthing.png"; - url = "https://lapetus.syncthing.moonythm.dev"; - } - ]; - } - # }}} - # {{{ External - { - name = "External"; - icon = fa "arrow-up-right-from-square"; - items = [ - { - name = "Tailscale"; - subtitle = "Access this homelab from anywhere"; - logo = icon "tailscale.png"; - url = "https://tailscale.com/"; - } - { - name = "Dotfiles"; - subtitle = "Configuration for all my machines"; - logo = icon "github.png"; - url = "https://github.com/prescientmoon/everything-nix"; - } - { - name = "Cloudflare"; - subtitle = "Domain management"; - logo = icon "cloudflare.png"; - url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/"; - } - ]; - } - # }}} - # {{{ Productivity - { - name = "Productivity"; - icon = fa "rocket"; - items = [ - { - name = "Intray"; - subtitle = "GTD capture tool"; - icon = fa "inbox"; - url = "https://intray.moonythm.dev"; - } - { - name = "Smos"; - subtitle = "A comprehensive self-management system."; - icon = fa "cubes-stacked"; - url = "https://smos.moonythm.dev"; - } - { - name = "Actual"; - subtitle = "Budgeting tool"; - logo = icon "actual.png"; - url = "https://actual.moonythm.dev"; - } - ]; - } - # }}} - # {{{ Pillars - { - name = "Tooling"; - icon = fa "toolbox"; - items = [ - { - name = "Vaultwarden"; - subtitle = "Password manager"; - logo = icon "bitwarden.png"; - url = "https://warden.moonythm.dev"; - } - { - name = "Whoogle"; - subtitle = "Search engine"; - logo = icon "whoogle.webp"; - url = "https://search.moonythm.dev"; - } - { - name = "Radicale"; - subtitle = "Calendar server"; - logo = icon "radicale.svg"; - url = "https://cal.moonythm.dev"; - } - { - name = "Microbin"; - subtitle = "Code & file sharing"; - logo = icon "microbin.png"; - url = "https://cal.moonythm.dev"; - } - { - name = "Forgejo"; - subtitle = "Git forge"; - logo = icon "forgejo.svg"; - url = "https://git.moonythm.dev"; - } - ]; - } - # }}} - # {{{ Entertainment - { - name = "Entertainment"; - icon = fa "gamepad"; - items = [ - { - name = "Invidious"; - subtitle = "Youtube client"; - logo = icon "invidious.png"; - url = "https://yt.moonythm.dev"; - } - { - name = "Redlib"; - subtitle = "Reddit client"; - logo = icon "libreddit.png"; - url = "https://redlib.moonythm.dev"; - } - { - name = "Diptime"; - subtitle = "Diplomacy timer"; - icon = fa "globe"; - url = "https://diptime.moonythm.dev"; - } - { - name = "Commafeed"; - subtitle = "RSS reader"; - logo = icon "commafeed.png"; - url = "https://rss.moonythm.dev"; - } - { - name = "Qbittorrent"; - subtitle = "Torrent client"; - logo = icon "qbittorrent.png"; - url = "https://qbit.moonythm.dev"; - } - { - name = "Jellyfin"; - subtitle = "Media server"; - logo = icon "jellyfin.png"; - url = "https://media.moonythm.dev"; - } - ]; - } - # }}} - ]; - }; - }); + services = [ + # {{{ Infrastructure + { + name = "Infrastructure"; + icon = fa "code"; + items = [ + { + name = "Prometheus"; + type = "Prometheus"; + subtitle = "Monitoring system"; + logo = icon "prometheus.png"; + url = "https://prometheus.moonythm.dev"; + } + { + name = "Grafana"; + subtitle = "Pretty dashboards :3"; + logo = icon "grafana.png"; + url = "https://grafana.moonythm.dev"; + } + { + name = "Syncthing"; + subtitle = "File synchronization"; + logo = icon "syncthing.png"; + url = "https://lapetus.syncthing.moonythm.dev"; + } + { + name = "Guacamole"; + subtitle = "Server remote access"; + logo = icon "guacamole.png"; + url = "https://guacamole.moonythm.dev"; + } + ]; + } + # }}} + # {{{ External + { + name = "External"; + icon = fa "arrow-up-right-from-square"; + items = [ + { + name = "Tailscale"; + subtitle = "Access this homelab from anywhere"; + logo = icon "tailscale.png"; + url = "https://tailscale.com/"; + } + { + name = "Dotfiles"; + subtitle = "Configuration for all my machines"; + logo = icon "github.png"; + url = "https://github.com/prescientmoon/everything-nix"; + } + { + name = "Cloudflare"; + subtitle = "Domain management"; + logo = icon "cloudflare.png"; + url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/"; + } + ]; + } + # }}} + # {{{ Productivity + { + name = "Productivity"; + icon = fa "rocket"; + items = [ + { + name = "Intray"; + subtitle = "GTD capture tool"; + icon = fa "inbox"; + url = "https://intray.moonythm.dev"; + } + { + name = "Smos"; + subtitle = "A comprehensive self-management system."; + icon = fa "cubes-stacked"; + url = "https://smos.moonythm.dev"; + } + { + name = "Actual"; + subtitle = "Budgeting tool"; + logo = icon "actual.png"; + url = "https://actual.moonythm.dev"; + } + ]; + } + # }}} + # {{{ Tooling + { + name = "Tooling"; + icon = fa "toolbox"; + items = [ + { + name = "Vaultwarden"; + subtitle = "Password manager"; + logo = icon "bitwarden.png"; + url = "https://warden.moonythm.dev"; + } + { + name = "Whoogle"; + subtitle = "Search engine"; + logo = icon "whoogle.webp"; + url = "https://search.moonythm.dev"; + } + { + name = "Radicale"; + subtitle = "Calendar server"; + logo = icon "radicale.svg"; + url = "https://cal.moonythm.dev"; + } + { + name = "Microbin"; + subtitle = "Code & file sharing"; + logo = icon "microbin.png"; + url = "https://bin.moonythm.dev"; + } + { + name = "Forgejo"; + subtitle = "Git forge"; + logo = icon "forgejo.svg"; + url = "https://git.moonythm.dev"; + } + { + name = "Jupyterhub"; + subtitle = "Notebook collaboration suite"; + logo = icon "jupyter.png"; + url = "https://jupyter.moonythm.dev"; + } + ]; + } + # }}} + # {{{ Entertainment + { + name = "Entertainment"; + icon = fa "gamepad"; + items = [ + { + name = "Invidious"; + subtitle = "Youtube client"; + logo = icon "invidious.png"; + url = "https://yt.moonythm.dev"; + } + { + name = "Redlib"; + subtitle = "Reddit client"; + logo = icon "libreddit.png"; + url = "https://redlib.moonythm.dev"; + } + { + name = "Diptime"; + subtitle = "Diplomacy timer"; + icon = fa "globe"; + url = "https://diptime.moonythm.dev"; + } + { + name = "Commafeed"; + subtitle = "RSS reader"; + logo = icon "commafeed.png"; + url = "https://rss.moonythm.dev"; + } + { + name = "Qbittorrent"; + subtitle = "Torrent client"; + logo = icon "qbittorrent.png"; + url = "https://qbit.moonythm.dev"; + } + { + name = "Jellyfin"; + subtitle = "Media server"; + logo = icon "jellyfin.png"; + url = "https://media.moonythm.dev"; + } + ]; + } + # }}} + ]; + }; + }; } diff --git a/hosts/nixos/lapetus/services/intray.nix b/hosts/nixos/lapetus/services/intray.nix index e177150..29163f9 100644 --- a/hosts/nixos/lapetus/services/intray.nix +++ b/hosts/nixos/lapetus/services/intray.nix @@ -1,15 +1,11 @@ { inputs, config, ... }: let username = "prescientmoon"; - apiHost = "api.intray.moonythm.dev"; - apiPort = 8402; - webPort = 8403; + apiPort = config.satellite.ports.intray-api; + webPort = config.satellite.ports.intray-client; in { - imports = [ - ../../common/optional/services/nginx.nix - inputs.intray.nixosModules.x86_64-linux.default - ]; + imports = [ inputs.intray.nixosModules.x86_64-linux.default ]; # {{{ Configure intray services.intray.production = { @@ -22,13 +18,13 @@ in web-server = { enable = true; port = webPort; - api-url = "https://${apiHost}"; + api-url = config.satellite.nginx.at."api.intray".url; }; }; # }}} # {{{ Networking & storage - services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { }; - services.nginx.virtualHosts."intray.moonythm.dev" = config.satellite.proxy webPort { }; + satellite.nginx.at."intray".port = webPort; + satellite.nginx.at."api.intray".port = apiPort; environment.persistence."/persist/state".directories = [ "/www/intray/production/data" diff --git a/hosts/nixos/lapetus/services/invidious.nix b/hosts/nixos/lapetus/services/invidious.nix index 37ba2a1..1542ca8 100644 --- a/hosts/nixos/lapetus/services/invidious.nix +++ b/hosts/nixos/lapetus/services/invidious.nix @@ -1,22 +1,16 @@ { config, pkgs, ... }: { - imports = [ - ../../common/optional/services/nginx.nix - ../../common/optional/services/postgres.nix - ]; - sops.secrets.invidious_hmac_key.sopsFile = ../secrets.yaml; sops.templates."invidious_hmac_key.json" = { content = ''{ "hmac_key": "${config.sops.placeholder.invidious_hmac_key}" }''; mode = "0444"; # I don't care about this key that much, as I'm the only user of this instance }; - services.nginx.virtualHosts.${config.services.invidious.domain} = - config.satellite.proxy config.services.invidious.port { }; + satellite.nginx.at.yt.port = config.satellite.ports.invidious; services.invidious = { enable = true; - domain = "yt.moonythm.dev"; - port = 8414; + domain = config.satellite.nginx.at.yt.host; + port = config.satellite.nginx.at.yt.port; hmacKeyFile = config.sops.templates."invidious_hmac_key.json".path; settings = { diff --git a/hosts/nixos/lapetus/services/jellyfin.nix b/hosts/nixos/lapetus/services/jellyfin.nix index 60bd844..b0c4809 100644 --- a/hosts/nixos/lapetus/services/jellyfin.nix +++ b/hosts/nixos/lapetus/services/jellyfin.nix @@ -1,9 +1,6 @@ { config, pkgs, ... }: { - imports = [ ../../common/optional/services/nginx.nix ]; - - services.nginx.virtualHosts."media.moonythm.dev" = - config.satellite.proxy 8096 { }; # This is the default port, and can only be changed via the GUI - + # This is the default port, and can only be changed via the GUI + satellite.nginx.at.media.port = 8096; services.jellyfin.enable = true; # {{{ Storage diff --git a/hosts/nixos/lapetus/services/jupyter.nix b/hosts/nixos/lapetus/services/jupyter.nix index 38bc882..addfa69 100644 --- a/hosts/nixos/lapetus/services/jupyter.nix +++ b/hosts/nixos/lapetus/services/jupyter.nix @@ -18,7 +18,7 @@ in services.jupyterhub = { enable = true; - port = 8420; + port = config.satellite.ports.jupyterhub; jupyterhubEnv = appEnv; jupyterlabEnv = appEnv; diff --git a/hosts/nixos/lapetus/services/microbin.nix b/hosts/nixos/lapetus/services/microbin.nix index 0b857eb..52da379 100644 --- a/hosts/nixos/lapetus/services/microbin.nix +++ b/hosts/nixos/lapetus/services/microbin.nix @@ -1,11 +1,9 @@ { config, lib, ... }: let - port = 8418; + port = config.satellite.ports.microbin; host = "bin.moonythm.dev"; in { - imports = [ ./cloudflared.nix ]; - sops.secrets.microbin_env.sopsFile = ../secrets.yaml; satellite.cloudflared.targets.${host}.port = port; diff --git a/hosts/nixos/lapetus/services/prometheus.nix b/hosts/nixos/lapetus/services/prometheus.nix index 593d044..8b8f3d1 100644 --- a/hosts/nixos/lapetus/services/prometheus.nix +++ b/hosts/nixos/lapetus/services/prometheus.nix @@ -1,14 +1,10 @@ { config, pkgs, ... }: -let host = "prometheus.moonythm.dev"; -in { - imports = [ ../../common/optional/services/nginx.nix ]; - # {{{ Main config services.prometheus = { enable = true; - port = 8410; - webExternalUrl = "https://${host}"; + port = config.satellite.ports.prometheus; + webExternalUrl = config.satellite.nginx.at.prometheus.url; # {{{ Base exporters exporters = { @@ -16,12 +12,12 @@ in node = { enable = true; enabledCollectors = [ "systemd" ]; - port = 8411; + port = config.satellite.ports.prometheus-node-exporter; }; nginx = { enable = true; - port = 8412; + port = config.satellite.ports.prometheus-nginx-exporter; }; }; @@ -38,9 +34,7 @@ in }; # }}} # {{{ Networking & storage - services.nginx.virtualHosts.${host} = - config.satellite.proxy config.services.prometheus.port - { proxyWebsockets = true; }; + satellite.nginx.at.prometheus.port = config.services.prometheus.port; environment.persistence."/persist/state".directories = [{ directory = "/var/lib/prometheus2"; diff --git a/hosts/nixos/lapetus/services/qbittorrent.nix b/hosts/nixos/lapetus/services/qbittorrent.nix index b4b606a..c0a6170 100644 --- a/hosts/nixos/lapetus/services/qbittorrent.nix +++ b/hosts/nixos/lapetus/services/qbittorrent.nix @@ -3,27 +3,20 @@ # https://www.reddit.com/r/HomeServer/comments/xapl93/a_minimal_configuration_stepbystep_guide_to_media/ { config, pkgs, ... }: let - port = 8417; + port = config.satellite.ports.qbittorrent; dataDir = "/persist/data/media"; configDir = "/persist/state/var/lib/qbittorrent"; in { - imports = [ - ../../common/optional/services/nginx.nix - ../../common/optional/oci.nix - ]; - + # {{{ Networking & storage + satellite.nginx.at.qbit.port = port; sops.secrets.vpn_env.sopsFile = ../secrets.yaml; - - services.nginx.virtualHosts."qbit.moonythm.dev" = - config.satellite.proxy port { proxyWebsockets = true; }; - systemd.tmpfiles.rules = [ "d ${dataDir} 777 ${config.users.users.pilot.name} users" "d ${configDir}" ]; - - # {{{ qbit + # }}} + # {{{ Qbit virtualisation.oci-containers.containers.qbittorrent = { image = "linuxserver/qbittorrent:latest"; extraOptions = [ "--network=container:gluetun" ]; @@ -37,7 +30,7 @@ in }; }; # }}} - # {{{ vpn + # {{{ Vpn virtualisation.oci-containers.containers.gluetun = { image = "qmcgaw/gluetun"; extraOptions = [ diff --git a/hosts/nixos/lapetus/services/radicale.nix b/hosts/nixos/lapetus/services/radicale.nix index 726cdbb..c7eafad 100644 --- a/hosts/nixos/lapetus/services/radicale.nix +++ b/hosts/nixos/lapetus/services/radicale.nix @@ -1,6 +1,6 @@ { config, ... }: let - port = 8415; + port = config.satellite.ports.radicale; dataDir = "/persist/data/radicale"; in { @@ -14,7 +14,5 @@ in }; systemd.tmpfiles.rules = [ "d ${dataDir} 0700 radicale radicale" ]; - - services.nginx.virtualHosts."cal.moonythm.dev" = - config.satellite.proxy port { }; + satellite.nginx.at.cal.port = port; } diff --git a/hosts/nixos/lapetus/services/redlib.nix b/hosts/nixos/lapetus/services/redlib.nix index 739b5cd..c588024 100644 --- a/hosts/nixos/lapetus/services/redlib.nix +++ b/hosts/nixos/lapetus/services/redlib.nix @@ -1,13 +1,9 @@ { config, lib, upkgs, ... }: -let port = 8416; +let port = config.satellite.ports.redlib; in { - imports = [ ../../common/optional/services/nginx.nix ]; - - services.nginx.virtualHosts."redlib.moonythm.dev" = - config.satellite.proxy port { }; - services.libreddit.enable = true; + satellite.nginx.at.redlib.port = port; systemd.services.libreddit.serviceConfig.ExecStart = lib.mkForce "${upkgs.redlib}/bin/redlib --port ${toString port}"; } diff --git a/hosts/nixos/lapetus/services/smos.nix b/hosts/nixos/lapetus/services/smos.nix index 70122df..d149846 100644 --- a/hosts/nixos/lapetus/services/smos.nix +++ b/hosts/nixos/lapetus/services/smos.nix @@ -1,20 +1,8 @@ { inputs, config, ... }: -let - username = "prescientmoon"; - docsHost = "docs.smos.moonythm.dev"; - apiHost = "api.smos.moonythm.dev"; - webHost = "smos.moonythm.dev"; - docsPort = 8404; - apiPort = 8405; - webPort = 8406; - - https = host: "https://${host}"; +let username = "prescientmoon"; in { - imports = [ - ../../common/optional/services/nginx.nix - inputs.smos.nixosModules.x86_64-linux.default - ]; + imports = [ inputs.smos.nixosModules.x86_64-linux.default ]; # {{{ Configure smos services.smos.production = { @@ -24,16 +12,16 @@ in docs-site = { enable = true; openFirewall = false; - port = docsPort; - api-url = https apiHost; - web-url = https webHost; + port = config.satellite.nginx.at."docs.smos".port; + api-url = config.satellite.nginx.at."api.smos".url; + web-url = config.satellite.nginx.at."smos".url; }; # }}} # {{{ Api server api-server = { enable = true; openFirewall = false; - port = apiPort; + port = config.satellite.nginx.at."api.smos".port; admin = username; max-backups-per-user = 5; @@ -45,25 +33,18 @@ in web-server = { enable = true; openFirewall = false; - port = webPort; - docs-url = https docsHost; - api-url = https apiHost; - web-url = https webHost; + port = config.satellite.nginx.at."smos".port; + docs-url = config.satellite.nginx.at."docs.smos".url; + api-url = config.satellite.nginx.at."api.smos".url; + web-url = config.satellite.nginx.at."smos".url; }; # }}} }; # }}} # {{{ Networking & storage - services.nginx.virtualHosts.${docsHost} = config.satellite.proxy docsPort { }; - services.nginx.virtualHosts.${apiHost} = config.satellite.proxy apiPort { }; - services.nginx.virtualHosts.${webHost} = config.satellite.proxy webPort { - proxyWebsockets = true; - - # Just to make sure we don't run into 413 errors on big syncs - extraConfig = '' - client_max_body_size 0; - ''; - }; + satellite.nginx.at."docs.smos".port = config.satellite.ports.smos-docs; + satellite.nginx.at."api.smos".port = config.satellite.ports.smos-api; + satellite.nginx.at."smos".port = config.satellite.ports.smos-client; environment.persistence."/persist/state".directories = [ "/www/smos/production" diff --git a/hosts/nixos/lapetus/services/syncthing.nix b/hosts/nixos/lapetus/services/syncthing.nix index 734fc40..6b50103 100644 --- a/hosts/nixos/lapetus/services/syncthing.nix +++ b/hosts/nixos/lapetus/services/syncthing.nix @@ -2,16 +2,11 @@ let port = 8384; in { - imports = [ - ../../common/optional/services/syncthing.nix - ../../common/optional/services/nginx.nix - ]; - services.syncthing = { settings.folders = { }; guiAddress = "127.0.0.1:${toString port}"; settings.gui.insecureSkipHostcheck = true; }; - services.nginx.virtualHosts."lapetus.syncthing.moonythm.dev" = config.satellite.proxy port { }; + satellite.nginx.at."lapetus.syncthing".port = port; } diff --git a/hosts/nixos/lapetus/services/vaultwarden.nix b/hosts/nixos/lapetus/services/vaultwarden.nix index d726e31..41932b9 100644 --- a/hosts/nixos/lapetus/services/vaultwarden.nix +++ b/hosts/nixos/lapetus/services/vaultwarden.nix @@ -1,13 +1,6 @@ { config, ... }: -let - port = 8407; - host = "warden.moonythm.dev"; -in { - imports = [ ../../common/optional/services/nginx.nix ]; - - services.nginx.virtualHosts.${host} = - config.satellite.proxy port { proxyWebsockets = true; }; + satellite.nginx.at.warden.port = config.satellite.ports.vaultwarden; # {{{ Secrets sops.secrets.vaultwarden_env = { @@ -21,11 +14,11 @@ in enable = true; environmentFile = config.sops.secrets.vaultwarden_env.path; config = { - DOMAIN = "https://${host}"; + DOMAIN = "https://${config.satellite.nginx.at.warden.host}"; + ROCKET_PORT = config.satellite.nginx.at.warden.port; ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = port; - SIGNUPS_ALLOWED = true; + SIGNUPS_ALLOWED = false; SHOW_PASSWORD_HINT = false; SMTP_SECURITY = "force_tls"; diff --git a/hosts/nixos/lapetus/services/whoogle.nix b/hosts/nixos/lapetus/services/whoogle.nix index 4346294..f23d6de 100644 --- a/hosts/nixos/lapetus/services/whoogle.nix +++ b/hosts/nixos/lapetus/services/whoogle.nix @@ -1,39 +1,32 @@ { lib, config, ... }: -let - port = 8401; - websiteBlocklist = [ - "www.saashub.com" - "slant.co" - "nix-united.com" - "libhunt.com" - "www.devopsschool.com" - "medevel.com" - "alternativeto.net" - "linuxiac.com" - "www.linuxlinks.com" - "sourceforge.net" - ]; +let websiteBlocklist = [ + "www.saashub.com" + "slant.co" + "nix-united.com" + "libhunt.com" + "www.devopsschool.com" + "medevel.com" + "alternativeto.net" + "linuxiac.com" + "www.linuxlinks.com" + "sourceforge.net" +]; in { - imports = [ - ../../common/optional/services/nginx.nix - ../../common/optional/oci.nix - ]; - virtualisation.oci-containers.containers.whoogle-search = { image = "benbusby/whoogle-search"; autoStart = true; - ports = [ "${toString port}:5000" ]; # server:docker + ports = [ "${toString config.satellite.nginx.at.search.port}:5000" ]; # server:docker environment = { WHOOGLE_UPDATE_CHECK = "0"; WHOOGLE_CONFIG_DISABLE = "0"; WHOOGLE_CONFIG_BLOCK = lib.concatStringsSep "," websiteBlocklist; WHOOGLE_CONFIG_THEME = "system"; WHOOGLE_ALT_WIKI = ""; # disable redirecting wikipedia links - WHOOGLE_ALT_RD = "redlib.moonythm.dev"; - WHOOGLE_ALT_YT = "yt.moonythm.dev"; + WHOOGLE_ALT_RD = config.satellite.nginx.at.redlib.host; + WHOOGLE_ALT_YT = config.satellite.nginx.at.yt.host; }; }; - services.nginx.virtualHosts."search.moonythm.dev" = config.satellite.proxy port { }; + satellite.nginx.at.search.port = config.satellite.ports.whoogle; } diff --git a/modules/README.md b/modules/README.md index b388f86..18e7d21 100644 --- a/modules/README.md +++ b/modules/README.md @@ -26,7 +26,8 @@ This directory contains custom module definitions used throughout my config. | Name | Attribute | Description | | -------------------------------------- | ----------------------- | ------------------------------------------- | | [pounce](./nixos/pounce.nix) | `services.pounce` | Module for pounce & calico configuration | -| [nginx](./nixos/nginx.nix) | `satellite.proxy` | Helpers for nginx configuration | +| [nginx](./nixos/nginx.nix) | `satellite.nginx` | Helpers for nginx configuration | +| [ports](./nixos/ports.nix) | `satellite.ports` | Global port specification | | [cloudflared](./nixos/cloudflared.nix) | `satellite.cloudflared` | Helpers for cloudflare tunnel configuration | | [pilot](./nixos/pilot.nix) | `satellite.pilot` | Defined the concept of a "main user" | diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 950c9f5..4f811fa 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,6 +3,7 @@ { # example = import ./example.nix; cloudflared = import ./cloudflared.nix; + ports = import ./ports.nix; nginx = import ./nginx.nix; pilot = import ./pilot.nix; pounce = import ./pounce.nix; diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index b6c37a0..a507aad 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -1,25 +1,85 @@ -{ lib, ... }: { - options.satellite.proxy = lib.mkOption { - type = lib.types.functionTo (lib.types.functionTo lib.types.anything); - description = "Helper function for generating a quick proxy config"; +{ config, lib, ... }: +let cfg = config.satellite.nginx; +in +{ + options.satellite.nginx = { + domain = lib.mkOption { + description = "Root domain to use as a default for configurations."; + type = lib.types.str; + }; + + at = lib.mkOption { + description = "Per-subdomain nginx configuration"; + type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: { + options.name = lib.mkOption { + description = "Attribute name leading to this submodule"; + type = lib.types.str; + }; + + config.name = name; + + options.host = lib.mkOption { + description = "Host to route requests from"; + type = lib.types.str; + default = "${name}.${cfg.domain}"; + }; + + options.url = lib.mkOption { + description = "External https url used to access this host"; + type = lib.types.str; + }; + + config.url = "https://${config.host}"; + + options.port = lib.mkOption { + description = "Port to proxy requests to"; + type = lib.types.nullOr lib.types.port; + default = null; + }; + + options.files = lib.mkOption { + description = "Path to serve files from"; + type = lib.types.nullOr lib.types.path; + default = null; + }; + })); + default = { }; + }; }; - options.satellite.static = lib.mkOption { - type = lib.types.functionTo lib.types.anything; - description = "Helper function for generating a quick file serving config"; - }; + config = { + assertions = + let assertSingleTarget = config: + { + assertion = (config.port == null) == (config.files != null); + message = '' + Precisely one of the options 'satellite.nginx.at.${config.name}.port' + and 'satellite.nginx.at.${config.name}.files' must be specified. + ''; + }; + in lib.mapAttrsToList (_: assertSingleTarget) cfg.at; - config.satellite.proxy = port: extra: { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations."/" = { proxyPass = "http://localhost:${toString port}"; } // extra; - }; - - config.satellite.static = root: { - inherit root; - enableACME = true; - acmeRoot = null; - forceSSL = true; + services.nginx.virtualHosts = + let mkNginxConfig = { host, port, files }: { + name = host; + value = + let extra = + if port != null then { + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; + } + else { + root = files; + }; + in + { + enableACME = true; + acmeRoot = null; + forceSSL = true; + } // extra; + }; + in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at; }; } diff --git a/modules/nixos/ports.nix b/modules/nixos/ports.nix new file mode 100644 index 0000000..72c8bb4 --- /dev/null +++ b/modules/nixos/ports.nix @@ -0,0 +1,9 @@ +# Generic interface for working specifying a single-source of truth for ports! +{ lib, ... }: +{ + options.satellite.ports = lib.mkOption { + description = "Record of custom app-port mappings to use throughput the config"; + type = lib.types.lazyAttrsOf lib.types.port; + default = { }; + }; +} diff --git a/scripts/dns/dns.txt b/scripts/dns/dns.txt index 16399c8..670816a 100644 --- a/scripts/dns/dns.txt +++ b/scripts/dns/dns.txt @@ -16,6 +16,7 @@ cal IN CNAME lapetus diptime IN CNAME lapetus docs.smos IN CNAME lapetus grafana IN CNAME lapetus +guacamole IN CNAME lapetus intray IN CNAME lapetus irc IN CNAME lapetus jupyter IN CNAME lapetus @@ -37,8 +38,8 @@ tunnel.lapetus IN CNAME 347d9ead-a523-4f8b-bca7-3066e31e2952.cfargotunnel.c ; lapetus services using cloudflare tunnels bin IN CNAME tunnel.lapetus -jupyter IN CNAME tunnel.lapetus git IN CNAME tunnel.lapetus +jupyter IN CNAME tunnel.lapetus ; github pages doffycup IN CNAME prescientmoon.github.io. diff --git a/scripts/rebuild.sh b/scripts/rebuild.sh index 3c9c12d..8b106b2 100755 --- a/scripts/rebuild.sh +++ b/scripts/rebuild.sh @@ -1,2 +1,2 @@ #!/usr/bin/env bash -sudo nixos-rebuild switch --flake .#$hostname --show-trace --fast +sudo nixos-rebuild switch --flake .#$HOSTNAME --show-trace --fast diff --git a/scripts/repl.sh b/scripts/repl.sh new file mode 100755 index 0000000..12ec9e4 --- /dev/null +++ b/scripts/repl.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +nix repl ".#nixosConfigurations.$1.config"