diff --git a/flake.lock b/flake.lock index ded5f60..412e03c 100644 --- a/flake.lock +++ b/flake.lock @@ -6,14 +6,15 @@ "home-manager": [], "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1701216516, - "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "owner": "ryantm", "repo": "agenix", - "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", "type": "github" }, "original": { @@ -47,11 +48,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1688488021, - "narHash": "sha256-vn6xkx4g2q/qykU+jdQYyGSPKFmGePuhGujAdmlHx1Y=", + "lastModified": 1702912615, + "narHash": "sha256-qseX+/8drgwxOb1I3LKqBYMkmyeI5d5gmHqbZccR660=", "owner": "aristanetworks", "repo": "nix-serve-ng", - "rev": "f3931b8120b1ca663da280e11659c745e2e9ad1b", + "rev": "21e65cb4c62b5c9e3acc11c3c5e8197248fa46a4", "type": "github" }, "original": { @@ -62,27 +63,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701615100, - "narHash": "sha256-7VI84NGBvlCTduw2aHLVB62NvCiZUlALLqBe5v684Aw=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9f06adb793d1cca5384907b3b8a4071d5d7cb19", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1701253981, - "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -98,11 +99,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", "type": "github" }, "original": { @@ -134,9 +135,24 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1687709756, diff --git a/flake.nix b/flake.nix index 40d7d49..88dbb1d 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "eve-psr-nix0 - Home Server"; inputs = { - nixpkgs.url = "nixpkgs/nixos-23.05"; + nixpkgs.url = "nixpkgs/nixos-23.11"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nix/application/containers.nix b/nix/application/containers.nix index 73664a0..ac2e721 100644 --- a/nix/application/containers.nix +++ b/nix/application/containers.nix @@ -3,6 +3,25 @@ virtualisation.oci-containers = { containers = { + atuin = { + image = "ghcr.io/atuinsh/atuin:latest"; + ports = [ "8888:8888" ]; + cmd = [ "server" "start" ]; + volumes = [ + "/home/sezycei/srv/containerdata/atuin/config:/config" + ]; + environmentFiles = + [ config.age.secrets.atuin-env.path ]; + }; + + atuin-sql = { + image = "postgres:14"; + volumes = [ "/home/sezycei/srv/containerdata/atuin/database:/var/lib/postgresql/data/" ]; + ports = [ "9123:5432" ]; + environmentFiles = + [ config.age.secrets.atuin-env.path ]; + }; + gitlab = { image = "gitlab/gitlab-ce:latest"; ports = [ "26616:80" "26617:22" ]; diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix index 17214b7..e38b50b 100644 --- a/nix/application/nginx.nix +++ b/nix/application/nginx.nix @@ -44,6 +44,7 @@ }; in { + "atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; }; "cache.matri.cx" = proxiedLAN { target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; diff --git a/nix/system/age.nix b/nix/system/age.nix index 6117ae1..52838d3 100644 --- a/nix/system/age.nix +++ b/nix/system/age.nix @@ -1,6 +1,7 @@ { ... }: { age = { secrets = { + atuin-env.file = ../../secrets/atuin-env.age; cache-key.file = ../../secrets/cache-key.age; cridycei.file = ../../secrets/cridycei.age; gitlab-runner.file = ../../secrets/gitlab-runner.age; diff --git a/nix/system/network.nix b/nix/system/network.nix index a4f15f8..8ed9900 100644 --- a/nix/system/network.nix +++ b/nix/system/network.nix @@ -2,7 +2,7 @@ networking = { hostName = "eve-psr-nix0"; firewall = { - allowedTCPPorts = [ 22 80 443 ]; + allowedTCPPorts = [ 22 80 443 7860 ]; allowedUDPPorts = [ 22 80 443 53 1194 ]; trustedInterfaces = [ "tun0" ]; }; diff --git a/nix/system/system.nix b/nix/system/system.nix index 094c696..d92ad3e 100644 --- a/nix/system/system.nix +++ b/nix/system/system.nix @@ -7,15 +7,18 @@ environment.systemPackages = with pkgs; [ git pciutils openvpn vim wget ]; - programs.ssh.knownHosts = { - selbeiskami = { - hostNames = [ "192.168.0.57" ]; - publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ"; - }; - matricx = { - hostNames = [ "192.168.0.130" "matri.cx" ]; - publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp"; + programs = { + ssh.knownHosts = { + selbeiskami = { + hostNames = [ "192.168.0.57" ]; + publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ"; + }; + matricx = { + hostNames = [ "192.168.0.130" "matri.cx" ]; + publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp"; + }; }; + zsh.enable = true; }; time.timeZone = "America/Chicago"; diff --git a/nix/user/users.nix b/nix/user/users.nix index ba7d15a..cfb8949 100644 --- a/nix/user/users.nix +++ b/nix/user/users.nix @@ -7,7 +7,8 @@ isNormalUser = true; passwordFile = config.age.secrets.sezycei.path; extraGroups = [ "wheel" "nginx" ]; - packages = with pkgs; [ bun byobu purescript stack tmux ]; + packages = with pkgs; [ atuin bun byobu purescript stack tmux ]; + shell = pkgs.zsh; }; cridycei = { diff --git a/secrets.nix b/secrets.nix index b4d3fe3..3a8c490 100644 --- a/secrets.nix +++ b/secrets.nix @@ -6,6 +6,7 @@ let all = [ james eve-psr-nix0 ]; in { + "secrets/atuin-env.age" = { publicKeys = all; }; "secrets/cache-key.age" = { publicKeys = all; }; "secrets/cridycei.age" = { publicKeys = all; }; "secrets/gitlab-runner.age" = { publicKeys = all; }; diff --git a/secrets/atuin-env.age b/secrets/atuin-env.age new file mode 100644 index 0000000..735746d --- /dev/null +++ b/secrets/atuin-env.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 dQ70Fw gqzZUWas8EPe62ah8N62PSDnrptPxVfAB2MVTryZzSU +Ne5VK0q91ENJSvNGcbQV+KGhie7e2bdBIjMVmAEJ1vY +-> ssh-ed25519 ZIoeGg SCTW+1NuwgoyS+pj/Qzl8CLiMd5KyZsFGHVu6DTR0w8 +brQqp6KM1M8Qsy2SlznwBuTuNLTu72jLLvfL+Od1BVU +--- Wsvwo0vYDkooWRTRLDn4X+otNef/GJrspM0MzbPR21E +'#Zna ;sa9FQ-'FU+>z4bŗ< NN(и;>\kf6J}lĚ&o_VHʲ eFC^--&7d+ NV33@6_˾^_ãG.= \!I؄ 1F^ +JX|tTgœ \ No newline at end of file