Set up Atuin server and client

2024-01-10 12:28:37 -06:00
parent 2ca6b54d9e
commit a2508935af
10 changed files with 79 additions and 29 deletions
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@ -3,6 +3,25 @@
  virtualisation.oci-containers = {
    containers = {

+      atuin = {
+        image = "ghcr.io/atuinsh/atuin:latest";
+        ports = [ "8888:8888" ];
+        cmd = [ "server" "start" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/atuin/config:/config"
+        ];
+        environmentFiles =
+          [ config.age.secrets.atuin-env.path ];
+      };
+
+      atuin-sql = {
+        image = "postgres:14";
+        volumes = [ "/home/sezycei/srv/containerdata/atuin/database:/var/lib/postgresql/data/" ];
+        ports = [ "9123:5432" ];
+        environmentFiles =
+          [ config.age.secrets.atuin-env.path ];
+      };
+
      gitlab = {
        image = "gitlab/gitlab-ce:latest";
        ports = [ "26616:80" "26617:22" ];
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@ -44,6 +44,7 @@
        };
      in
      {
+        "atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; };
        "cache.matri.cx" = proxiedLAN {
          target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
        };
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@ -1,6 +1,7 @@
 { ... }: {
  age = {
    secrets = {
+      atuin-env.file = ../../secrets/atuin-env.age;
      cache-key.file = ../../secrets/cache-key.age;
      cridycei.file = ../../secrets/cridycei.age;
      gitlab-runner.file = ../../secrets/gitlab-runner.age;
--- a/nix/system/network.nix
+++ b/nix/system/network.nix
@ -2,7 +2,7 @@
  networking = {
    hostName = "eve-psr-nix0";
    firewall = {
-      allowedTCPPorts = [ 22 80 443 ];
+      allowedTCPPorts = [ 22 80 443 7860 ];
      allowedUDPPorts = [ 22 80 443 53 1194 ];
      trustedInterfaces = [ "tun0" ];
    };
--- a/nix/system/system.nix
+++ b/nix/system/system.nix
@ -7,15 +7,18 @@

  environment.systemPackages = with pkgs; [ git pciutils openvpn vim wget ];

-  programs.ssh.knownHosts = {
-    selbeiskami = {
-      hostNames = [ "192.168.0.57" ];
-      publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
-    };
-    matricx = {
-      hostNames = [ "192.168.0.130" "matri.cx" ];
-      publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
+  programs = {
+    ssh.knownHosts = {
+      selbeiskami = {
+        hostNames = [ "192.168.0.57" ];
+        publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
+      };
+      matricx = {
+        hostNames = [ "192.168.0.130" "matri.cx" ];
+        publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
+      };
    };
+    zsh.enable = true;
  };

  time.timeZone = "America/Chicago";
--- a/nix/user/users.nix
+++ b/nix/user/users.nix
@ -7,7 +7,8 @@
      isNormalUser = true;
      passwordFile = config.age.secrets.sezycei.path;
      extraGroups = [ "wheel" "nginx" ];
-      packages = with pkgs; [ bun byobu purescript stack tmux ];
+      packages = with pkgs; [ atuin bun byobu purescript stack tmux ];
+      shell = pkgs.zsh;
    };

    cridycei = {