Set up Atuin server and client

flake.lock

@@ -6,14 +6,15 @@
         "home-manager": [],
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1701216516,
-        "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
+        "lastModified": 1703433843,
+        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
+        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
         "type": "github"
       },
       "original": {
@@ -47,11 +48,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1688488021,
-        "narHash": "sha256-vn6xkx4g2q/qykU+jdQYyGSPKFmGePuhGujAdmlHx1Y=",
+        "lastModified": 1702912615,
+        "narHash": "sha256-qseX+/8drgwxOb1I3LKqBYMkmyeI5d5gmHqbZccR660=",
         "owner": "aristanetworks",
         "repo": "nix-serve-ng",
-        "rev": "f3931b8120b1ca663da280e11659c745e2e9ad1b",
+        "rev": "21e65cb4c62b5c9e3acc11c3c5e8197248fa46a4",
         "type": "github"
       },
       "original": {
@@ -62,27 +63,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1701615100,
-        "narHash": "sha256-7VI84NGBvlCTduw2aHLVB62NvCiZUlALLqBe5v684Aw=",
+        "lastModified": 1705916986,
+        "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e9f06adb793d1cca5384907b3b8a4071d5d7cb19",
+        "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
         "type": "indirect"
       }
     },
     "nixpkgs-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1701253981,
-        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
+        "lastModified": 1703961334,
+        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
+        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
         "type": "github"
       },
       "original": {
@@ -98,11 +99,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1701473968,
-        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "lastModified": 1704982712,
+        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
         "type": "github"
       },
       "original": {
@@ -134,9 +135,24 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1687709756,

flake.nix

@@ -2,7 +2,7 @@
   description = "eve-psr-nix0 - Home Server";
 
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
     agenix = {
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";

nix/application/containers.nix

@@ -3,6 +3,25 @@
   virtualisation.oci-containers = {
     containers = {
 
+      atuin = {
+        image = "ghcr.io/atuinsh/atuin:latest";
+        ports = [ "8888:8888" ];
+        cmd = [ "server" "start" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/atuin/config:/config"
+        ];
+        environmentFiles =
+          [ config.age.secrets.atuin-env.path ];
+      };
+
+      atuin-sql = {
+        image = "postgres:14";
+        volumes = [ "/home/sezycei/srv/containerdata/atuin/database:/var/lib/postgresql/data/" ];
+        ports = [ "9123:5432" ];
+        environmentFiles =
+          [ config.age.secrets.atuin-env.path ];
+      };
+
       gitlab = {
         image = "gitlab/gitlab-ce:latest";
         ports = [ "26616:80" "26617:22" ];

nix/application/nginx.nix

@@ -44,6 +44,7 @@
         };
       in
       {
+        "atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; };
         "cache.matri.cx" = proxiedLAN {
           target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
         };

nix/system/age.nix

@@ -1,6 +1,7 @@
 { ... }: {
   age = {
     secrets = {
+      atuin-env.file = ../../secrets/atuin-env.age;
       cache-key.file = ../../secrets/cache-key.age;
       cridycei.file = ../../secrets/cridycei.age;
       gitlab-runner.file = ../../secrets/gitlab-runner.age;

nix/system/network.nix

@@ -2,7 +2,7 @@
   networking = {
     hostName = "eve-psr-nix0";
     firewall = {
-      allowedTCPPorts = [ 22 80 443 ];
+      allowedTCPPorts = [ 22 80 443 7860 ];
       allowedUDPPorts = [ 22 80 443 53 1194 ];
       trustedInterfaces = [ "tun0" ];
     };

nix/system/system.nix

@@ -7,15 +7,18 @@
 
   environment.systemPackages = with pkgs; [ git pciutils openvpn vim wget ];
 
-  programs.ssh.knownHosts = {
-    selbeiskami = {
-      hostNames = [ "192.168.0.57" ];
-      publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
-    };
-    matricx = {
-      hostNames = [ "192.168.0.130" "matri.cx" ];
-      publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
+  programs = {
+    ssh.knownHosts = {
+      selbeiskami = {
+        hostNames = [ "192.168.0.57" ];
+        publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
+      };
+      matricx = {
+        hostNames = [ "192.168.0.130" "matri.cx" ];
+        publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
+      };
     };
+    zsh.enable = true;
   };
 
   time.timeZone = "America/Chicago";

nix/user/users.nix

@@ -7,7 +7,8 @@
       isNormalUser = true;
       passwordFile = config.age.secrets.sezycei.path;
       extraGroups = [ "wheel" "nginx" ];
-      packages = with pkgs; [ bun byobu purescript stack tmux ];
+      packages = with pkgs; [ atuin bun byobu purescript stack tmux ];
+      shell = pkgs.zsh;
     };
 
     cridycei = {

secrets.nix

@@ -6,6 +6,7 @@ let
   all = [ james eve-psr-nix0 ];
 in
 {
+  "secrets/atuin-env.age" = { publicKeys = all; };
   "secrets/cache-key.age" = { publicKeys = all; };
   "secrets/cridycei.age" = { publicKeys = all; };
   "secrets/gitlab-runner.age" = { publicKeys = all; };

secrets/atuin-env.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 dQ70Fw gqzZUWas8EPe62ah8N62PSDnrptPxVfAB2MVTryZzSU
+Ne5VK0q91ENJSvNGcbQV+KGhie7e2bdBIjMVmAEJ1vY
+-> ssh-ed25519 ZIoeGg SCTW+1NuwgoyS+pj/Qzl8CLiMd5KyZsFGHVu6DTR0w8
+brQqp6KM1M8Qsy2SlznwBuTuNLTu72jLLvfL+Od1BVU
+--- Wsvwo0vYDkooWRTRLDn4X+otNef/GJrspM0MzbPR21E
+<EFBFBD>'#<23>Z<EFBFBD>n<EFBFBD>a<> <20>;sa<73><0E>9FQ-'FU+<2B><><EFBFBD>>z4<7A>b<EFBFBD><62>ŗ<EFBFBD><C597><EFBFBD><	<09><><EFBFBD>N<EFBFBD><4E>N(и;<16>>\<5C>k<EFBFBD><6B>f<EFBFBD>6<EFBFBD>J}l<><6C>Ě<EFBFBD>&<26>o<EFBFBD><6F><EFBFBD>_<EFBFBD>V<EFBFBD>H<EFBFBD><48>ʲ<EFBFBD><CAB2>
+<EFBFBD><EFBFBD>e<>FC<46><1C><><EFBFBD><EFBFBD>^<5E><>--&<26><>7<>d<EFBFBD><64><EFBFBD>+<15><1E><07>