Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Syzygial:55e78faacc987ad6ae9a174efdd3501b9d2a393b
Branches Tags
Syzygial:main
...
compare: Syzygial:676bb8d32d06bb44e181da7891dec26f885fe101
Branches Tags
Syzygial:main

11 Commits
55e78faacc ... 676bb8d32d

Author SHA1 Message Date
David Crompton
676bb8d32d flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/9b53a10f4c91892f5af87cf55d08fba59ca086af' (2024-06-02)
  → 'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09)
• Updated input 'me-emacs':
    'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=048841f5881952e40e601d97ab825b9baac07c63' (2024-05-11)
  → 'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=7fbdd0979f86c01258e9d4fc4bb27c1f6dde7951' (2024-06-05)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29)
  → 'github:LnL7/nix-darwin/315aa649ba307704db0b16c92f097a08a65ec955' (2024-06-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
  → 'github:NixOS/nixpkgs/051f920625ab5aabe37c920346e3e69d7d34400e' (2024-06-07)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ab2a43b0d21d1d37d4d5726a892f714eaeb4b075' (2024-06-02)
  → 'github:Mic92/sops-nix/d071c74a7de1e26d211b69b6fbae37ae2e31a87f' (2024-06-10)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/6132b0f6e344ce2fe34fc051b72fb46e34f668e0' (2024-05-30)
  → 'github:NixOS/nixpkgs/d226935fd75012939397c83f6c385e4d6d832288' (2024-06-07)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/3b1b4895b2c5f9f5544d02132896aeb9ceea77bc' (2024-06-01)
  → 'github:NixOS/nixpkgs/4913a7c3d8b8d00cb9476a6bd730ff57777f740c' (2024-06-08)
 2024-06-10 23:10:10 -04:00
David Crompton
93372839e4 hippocampus: Fix merge 2024-06-10 23:10:04 -04:00
David Crompton
6c6d6f24af hippocampus: Tandoor Time Bb 2024-06-09 17:17:22 -04:00
David Crompton
176263a69c hippocampus: Webdav instance 2024-06-05 15:55:56 -04:00
David Crompton
2f3a77c68b hippocampus: public hass 2024-02-01 21:28:49 -05:00
David Crompton
c19e1229cf Add git(hub|lab): uris) 2024-01-26 11:39:28 -05:00
David Crompton
46916c62f2 Update allowed-uris for Hydra to evaluate jobs 2024-01-26 11:24:53 -05:00
David Crompton
27681b1804 Disable nix-serve (for now) 2024-01-26 11:23:41 -05:00
David Crompton
fe681b9b33 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/0912d26b30332ae6a90e1b321ff88e80492127dd' (2024-01-13)
  → 'github:nix-community/home-manager/e84811035d7c8ec79ed6c687a97e19e2a22123c1' (2024-01-24)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/0dd382b70c351f528561f71a0a7df82c9d2be9a4' (2024-01-03)
  → 'github:LnL7/nix-darwin/1e706ef323de76236eb183d7784f3bd57255ec0b' (2024-01-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/317484b1ead87b9c1b8ac5261a8d2dd748a0492d' (2024-01-08)
  → 'github:NixOS/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c0b3a5af90fae3ba95645bbf85d2b64880addd76' (2024-01-10)
  → 'github:Mic92/sops-nix/4606d9b1595e42ffd9b75b9e69667708c70b1d68' (2024-01-24)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932' (2024-01-02)
  → 'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
  → 'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
 2024-01-24 17:04:47 -05:00
David Crompton
7dc9ff566c hippocampus: update nextcloud 27 -> 28 2024-01-12 21:00:30 -05:00
David Crompton
b5d025be2d hippocampus: Fix anki 2024-01-12 20:21:37 -05:00
9 changed files with 149 additions and 42 deletions
Expand all files Collapse all files

44
flake.lock generated
View File

@@ -66,11 +66,11 @@
]
},
"locked": {
"lastModified": 1717316182,
"narHash": "sha256-Xi0EpZcu39N0eW7apLjFfUOR9y80toyjYizez7J1wMI=",
"lastModified": 1717931644,
"narHash": "sha256-Sz8Wh9cAiD5FhL8UWvZxBfnvxETSCVZlqWSYWaCPyu0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9b53a10f4c91892f5af87cf55d08fba59ca086af",
"rev": "3d65009effd77cb0d6e7520b68b039836a7606cf",
"type": "github"
},
"original": {
@@ -88,11 +88,11 @@
]
},
"locked": {
"lastModified": 1715437861,
"narHash": "sha256-GIYYcAEYHaHfCGfKY9Te3e+p+IK9V3tMYidUdas9UKA=",
"lastModified": 1717557583,
"narHash": "sha256-uvdrIyTx93YLSDBlq0E2JXUw5hVPbMVo2/9kAV7wzOU=",
"ref": "refs/heads/master",
"rev": "048841f5881952e40e601d97ab825b9baac07c63",
"revCount": 52,
"rev": "7fbdd0979f86c01258e9d4fc4bb27c1f6dde7951",
"revCount": 53,
"type": "git",
"url": "https://git.syzygial.cc/Syzygial/EmacsConfig.git"
},
@@ -108,11 +108,11 @@
]
},
"locked": {
"lastModified": 1716993688,
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
"lastModified": 1717976995,
"narHash": "sha256-u3HBinyIyUvL1+N816bODpJmSQdgn0Mbb8BprFw7kqo=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
"rev": "315aa649ba307704db0b16c92f097a08a65ec955",
"type": "github"
},
"original": {
@@ -124,11 +124,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"lastModified": 1717786204,
"narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"rev": "051f920625ab5aabe37c920346e3e69d7d34400e",
"type": "github"
},
"original": {
@@ -156,11 +156,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1717265169,
"narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
"lastModified": 1717880976,
"narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
"rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
"type": "github"
},
"original": {
@@ -172,11 +172,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717112898,
"narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=",
"lastModified": 1717774105,
"narHash": "sha256-HV97wqUQv9wvptiHCb3Y0/YH0lJ60uZ8FYfEOIzYEqI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0",
"rev": "d226935fd75012939397c83f6c385e4d6d832288",
"type": "github"
},
"original": {
@@ -201,11 +201,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1717297459,
"narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
"lastModified": 1718058322,
"narHash": "sha256-d5jLlAwVi4NzT9yc5UrPiOpDxTRhu8GGh0IIfeFcdrM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
"rev": "d071c74a7de1e26d211b69b6fbae37ae2e31a87f",
"type": "github"
},
"original": {

8
machines/hippocampus/secrets/pass.yaml
View File

@@ -2,6 +2,10 @@ nextcloud:
adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str]
s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str]
tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str]
tandoor-pass: ENC[AES256_GCM,data:Sjz2FuFm3bmqo9z2xckuIHq4qumQ2o/FA09DP7NQtngi,iv:M8BL8enwzGh4cp2hAtee99dC0VDxBvshNBiUp4QCVPQ=,tag:wMifwdLEMw4+M1EO5iywzw==,type:str]
webdav: ENC[AES256_GCM,data:VLwkAn1Ly36c6E1Qkurz8+mfWiwh3SNOe37R0xKkQqpnUhsnTGDB1fWuf3J6jfhag3dMLemBj5JhQD/IYoP4QKk=,iv:TSpePZuzzv6I3NURNIFL8j6YivTEEJnvorRV/9Nanac=,tag:l2I6RsDsLNdw58L3GjL1Lg==,type:str]
vaultenv: ENC[AES256_GCM,data:oTMhUU23v0SFImzDNjfqo3wn26ghqHGfArQl+K9E3u3YI9qmwdN/Z0dpLvT7TI01cdEIwM8ToKAd2HueymTHMT0wXMNAWMFVNm5lUot6U9kV+Pwfq3W+c8MygqXL/QVeFCzUsEa4ZvAE647+2JIkcI95H8mIWfenL0wA5O+OLiEz1fFykMbGBvWm7GM5oFWU9RXo0d5BAIaqd7D5oL3tgi2EnrtnVMJ8USgYA+d3TNCEatHO8ARwtCRhC8FK+86RowBlwiylIySuJiMScvzstB8TWVps4wo7xK0lZ8PUicFI2q+N+Q7B3x1hUW0Z2f4pmxAwb8qRxXZtA7B99bBjAwSwh1A301LYMAKJqELNiNOZ9xjl5r12fAOqP3ujJ84eacNVmsKFpA5HxIfUQBlkoHYRXfkd+Z8wz9fhzr53PvWHblr4eS+jCpJzSP98uyou4FYfMXoYOT9kzNNHGsWAoxLxQusehIaHyicG6uVE53wEQw/r9xeJeg==,iv:anKhX3TVyEeatnB/qjlce3g7cifrX8QlBJ/9UzWUa8k=,tag:BDccovkJBW8q0URMLBxbcQ==,type:str]
minioRoot: ENC[AES256_GCM,data:z6+VkyRjWRSh8pu5gO58RRyGXT+Lvl+AVr37A5nXh6aj+q6SevNL7wLf9Joao4xmjXexKVavOhs/9OSBJpmbq0R+MRI=,iv:vrow7hvrTacnMi7sFnsuXwMOHrvr6c8YUTYFUry4E4U=,tag:fWfiEvkuSiXHIFqWnLiMiQ==,type:str]
restic:
@@ -23,8 +27,8 @@ sops:
RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-06T18:23:17Z"
mac: ENC[AES256_GCM,data:WRuoG1B+DrhgL/KLUTmwiSOB58T52Ga6nA5K3LFOy4gu/hBCg85kndsVozJzY434PSY5w6Vposow4UvYQE/8xh8Y8lMlKZHZAMXxmnFvVdpL2bWe04qwBnAVXKj0Fru8sTNGPnRzDE6XETLdkRQyl//u5mFGDIDJeh1dV/VHUc0=,iv:W/VFGKabYdrNVY/GfNYMxTvdk/HO0Gh147t+xREU4+g=,tag:uLhXrb9V7wRx9EnaU7NWkQ==,type:str]
lastmodified: "2024-06-09T21:13:43Z"
mac: ENC[AES256_GCM,data:wmHB0pgZODb1RL3CBJqQix4V5nES4XpiGJLy8wuuoq20HMQpuE+Ofh4V+px59kJF4bcGyB71OXGlDbPkf3Crz3WJe0UtQjm9qH+c3hlRZMAYCK+5g11ANPUTznjXdCE1JuNWBCu25wYRprDOuPzpr7UZETEHzKBiu2kGI6FajoU=,iv:mhQGGIiSXaaFHLm5mtIyCxjMeHDhv6Sc5fB6cGml2Bo=,tag:BnKHFPK7bhFEp95+9v9SGw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

9
machines/hippocampus/servers/public.nix
View File

@@ -38,5 +38,14 @@
# Anki Sync Server
./public/anki.nix
# Public HASS Access
./public/hass.nix
# Webdav (for things like org-mobile)
./public/webdav.nix
# Recipe Manager
./public/tandoor.nix
];
}

12
machines/hippocampus/servers/public/anki.nix
View File

@@ -4,15 +4,17 @@
sops.secrets.anki = { };
services.anki-sync-server = {
enable = true;
users.david = {
username = "David";
passwordFile = config.sops.secrets.anki.path;
};
users = [
{
username = "David";
passwordFile = config.sops.secrets.anki.path;
}
];
};
services.caddy.virtualHosts = {
"anki.syzygial.cc" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${config.services.anki-sync-server.port}
reverse_proxy 127.0.0.1:${toString config.services.anki-sync-server.port}
'';
};
};

11
machines/hippocampus/servers/public/hass.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
services.caddy.virtualHosts = {
"home.syzygial.cc" = {
extraConfig = ''
reverse_proxy http://u.syzygial.cc:8123
'';
};
};
}

5
machines/hippocampus/servers/public/hydra.nix
View File

@@ -11,7 +11,7 @@
'';
in {
imports = [
./nix-serve.nix
# ./nix-serve.nix
];
services.hydra = {
enable = true;
@@ -26,6 +26,9 @@ in {
</dynamicruncommand>
'';
};
nix.extraOptions = ''
allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab:
'';
systemd.services.hydra = {
serviceConfig = {
RestartSec = "20s";

26
machines/hippocampus/servers/public/nextcloud.nix
View File

@@ -13,29 +13,31 @@ in {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
package = pkgs.nextcloud28;
hostName = "localhost";
extraOptions = {
trusted_domains = [
"cloud.crompton.cc"
"nextcloud.syzygial.cc"
];
trusted_proxies = [
"cloud.crompton.cc"
"nextcloud.syzygial.cc"
];
overwriteprotocol = "https";
};
config = {
adminuser = "CromptonAdmin";
adminpassFile = config.sops.secrets."nextcloud/adminPass".path;
extraTrustedDomains = [
"cloud.crompton.cc"
"nextcloud.syzygial.cc"
];
trustedProxies = [
"cloud.crompton.cc"
"nextcloud.syzygial.cc"
];
dbtype = "pgsql";
dbname = "nextcloud";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
overwriteProtocol = "https";
objectstore.s3 = {
enable = true;

48
machines/hippocampus/servers/public/tandoor.nix Normal file
View File

@@ -0,0 +1,48 @@
{ config, pkgs, lib, ... }: let
tandoor_user = "tandoor";
in {
sops.secrets.tandoor-secret = {};
sops.secrets.tandoor-pass = {};
services.tandoor-recipes = {
enable = true;
port = 7666;
extraConfig = {
SECRET_KEY = config.sops.secrets.tandoor-secret.path;
DB_ENGINE = "django.db.backends.postgresql";
POSTGRES_HOST = "127.0.0.1";
POSTGRES_PORT = config.services.postgresql.port;
POSTGRES_USER = tandoor_user;
POSTGRES_DB = tandoor_user;
ENABLE_SIGNUP = "1";
};
};
systemd.services.tandoor-recipes = {
serviceConfig = {
EnvironmentFile = config.sops.secrets.tandoor-pass.path;
};
};
services.postgresql = {
enable = true;
port = 5432;
ensureDatabases = [
tandoor_user
];
ensureUsers = [{
name = tandoor_user;
ensureDBOwnership = true;
ensureClauses = {
createdb = true;
};
}];
};
services.caddy.virtualHosts = {
"tandoor.syzygial.cc" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${toString config.services.tandoor-recipes.port}
'';
};
};
}

28
machines/hippocampus/servers/public/webdav.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, lib, ... }: {
sops.secrets.webdav = {
owner = config.services.webdav.user;
};
services.webdav = {
enable = true;
settings = {
address = "0.0.0.0";
port = 7350;
scope = "/srv/webdav";
modify = true;
auth = true;
users = [{
username = "{env}ORG_MOBILE_USER";
password = "{env}ORG_MOBILE_PASS";
}];
};
environmentFile = config.sops.secrets.webdav.path;
};
services.caddy.virtualHosts = {
"webdav.syzygial.cc" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${toString config.services.webdav.settings.port}
'';
};
};
}