commit b0b57a21eeb79e4f3ecfb471df191116657fccac · sapphic.moe/flake

hosts/dullscythe/default.nix

···

       1
        
       {

     

       2
        
         imports = [

     

       3
        
           ./hardware.nix

     

       0
        
       
     

       4
        
         ];

     

       5
        
       

     

       6
        
         settings = {

···

       1
        
       {

     

       2
        
         imports = [

     

       3
        
           ./hardware.nix

     

       4
       +
           ../../services

     

       5
        
         ];

     

       6
        
       

     

       7
        
         settings = {

+13

secrets/caddy.env.age

···

       1
       +
       -----BEGIN AGE ENCRYPTED FILE-----

     

       2
       +
       YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFDVDk3dyBtdXht

     

       3
       +
       R0xWSE9oS01obUxRL3l6QVhWamNyZDRoZ1ZESEc1V3g4WkZZeDJnCmc0TlhuRlhR

     

       4
       +
       MW83VFNWa3NCZjhyRHpXYlRiS2d0ZGRTMGpyNFlUN3hoRzQKLT4gc3NoLWVkMjU1

     

       5
       +
       MTkgZVAzVHRRIEsvbWk2dFg1MlB0VGRTL2NET2FIWW1MREc1RUVGSEQvUFFoZTdh

     

       6
       +
       Sm9RU1UKY2pTeW9BMnVlcHh0OS92a3ZLSWwrTUtEdm82ajFRdC91YzZiSzdKUnY0

     

       7
       +
       bwotPiBSe3dlTS1ncmVhc2UgT1dyfSByZ2Y8bSA0dFVOLC0KbmEyQk1KaVlGcjdK

     

       8
       +
       bGp1d3JML2Z5WFVsWnlxdzJ1Y3owTHVQNEJwMnMrc0Jvd0FKSm9pNnZnTVVicVdU

     

       9
       +
       UmYyVQp0N2c4Tk1LR2x3cEo0WHNHS2ZCMW9DbEpBL3FOQ3FOakJZcDZ0aGcKLS0t

     

       10
       +
       IHJxOVhmRzhacHF2ZWlRT1FaOHU3Wk4zOUV1NVE5VzgrMEtXbEUzOUpoWFUK0AIu

     

       11
       +
       jL2DKEdBY9fnhsxzAJF3YdYvZp3ZodaO7zeeK23iCaqCB2MTFrMgJ5z420yA+JDH

     

       12
       +
       E8wwcXDVNFfoEyLKcy4v/s4oNpf+aILb5TQMxBESMJ/LusA=

     

       13
       +
       -----END AGE ENCRYPTED FILE-----

+12

secrets/secrets.nix

···

       1
       +
       let

     

       2
       +
         key1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJug+9rnFngnFQpY0lAO0NuVBhDCcJc5imPHazgOSTTx";

     

       3
       +
         key2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICM6XP+CNc2CStEDe/W4LfkcRcG98obQiM2aqnydCRbX";

     

       4
       +
       

     

       5
       +
         keys = [

     

       6
       +
           key1

     

       7
       +
           key2

     

       8
       +
         ];

     

       9
       +
       in

     

       10
       +
       {

     

       11
       +
         "caddy.env.age".publicKeys = keys;

     

       12
       +
       }

+51

services/caddy.nix

···

       1
       +
       { config, pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         age.secrets.caddy_env = {

     

       5
       +
           file = ../secrets/caddy.env.age;

     

       6
       +
           mode = "600";

     

       7
       +
         };

     

       8
       +
       

     

       9
       +
         services.caddy = {

     

       10
       +
           enable = true;

     

       11
       +
           package = pkgs.caddy.withPlugins {

     

       12
       +
             plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];

     

       13
       +
             hash = "sha256-XwZ0Hkeh2FpQL/fInaSq+/3rCLmQRVvwBM0Y1G1FZNU=";

     

       14
       +
           };

     

       15
       +
           environmentFile = config.age.secrets.caddy_env.path;

     

       16
       +
           globalConfig = ''

     

       17
       +
             email chloe@sapphic.moe

     

       18
       +
           '';

     

       19
       +
           extraConfig = ''

     

       20
       +
             (tls_cloudflare) {

     

       21
       +
               tls {

     

       22
       +
                 dns cloudflare {env.CF_API_TOKEN}

     

       23
       +
                 resolvers 8.8.8.8 1.1.1.1

     

       24
       +
               }

     

       25
       +
             }

     

       26
       +
             (common) {

     

       27
       +
               encode zstd gzip

     

       28
       +
             }

     

       29
       +
           '';

     

       30
       +
           virtualHosts."home.sappho.systems" = {

     

       31
       +
             listenAddresses = [ "::" ];

     

       32
       +
             extraConfig = ''

     

       33
       +
               import common

     

       34
       +
               import tls_cloudflare

     

       35
       +
               reverse_proxy http://localhost:4040

     

       36
       +
             '';

     

       37
       +
           };

     

       38
       +
         };

     

       39
       +
       

     

       40
       +
         systemd.services.caddy = {

     

       41
       +
           serviceConfig = {

     

       42
       +
             EnvironmentFile = config.age.secrets.caddy_env.path;

     

       43
       +
           };

     

       44
       +
         };

     

       45
       +
       

     

       46
       +
         networking.firewall.allowedTCPPorts = [

     

       47
       +
           80

     

       48
       +
           443

     

       49
       +
         ];

     

       50
       +
         networking.firewall.allowedUDPPorts = [ 443 ];

     

       51
       +
       }

services/default.nix

···

       1
       +
       {

     

       2
       +
         imports = [

     

       3
       +
           ./caddy.nix

     

       4
       +
           ./glance/default.nix

     

       5
       +
         ];

     

       6
       +
       }

+20

services/glance/default.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         systemd.services.glance = {

     

       5
       +
           description = "Glance dashboard";

     

       6
       +
           after = [ "network.target" ];

     

       7
       +
           wantedBy = [ "multi-user.target" ];

     

       8
       +
           reloadTriggers = [ "/etc/glance.yml" ];

     

       9
       +
           serviceConfig = {

     

       10
       +
             ExecStart = ''

     

       11
       +
               ${pkgs.glance}/bin/glance --config /etc/glance.yml

     

       12
       +
             '';

     

       13
       +
             Restart = "always";

     

       14
       +
             RestartSec = 2;

     

       15
       +
           };

     

       16
       +
         };

     

       17
       +
       

     

       18
       +
         environment.etc."glance.yml".text = builtins.readFile ./glance.yml;

     

       19
       +
         networking.firewall.allowedTCPPorts = [ 4040 ];

     

       20
       +
       }

+129

services/glance/glance.yml

···

       1
       +
       # Example Glance config

     

       2
       +
       # Replace with your actual configuration

     

       3
       +
       

     

       4
       +
       server:

     

       5
       +
         host: 0.0.0.0

     

       6
       +
         port: 4040

     

       7
       +
       

     

       8
       +
       

     

       9
       +
       theme:

     

       10
       +
         background-color: 240 21 15

     

       11
       +
         contrast-multiplier: 1.2

     

       12
       +
         primary-color: 316 72 86

     

       13
       +
         positive-color: 115 54 76

     

       14
       +
         negative-color: 343 81 75

     

       15
       +
       

     

       16
       +
       pages:

     

       17
       +
         - name: Home

     

       18
       +
           columns:

     

       19
       +
             - size: small

     

       20
       +
               widgets:

     

       21
       +
                 - type: clock

     

       22
       +
                   hour-format: 24h

     

       23
       +
                   timezones:

     

       24
       +
                     - timezone: Australia/Sydney

     

       25
       +
                       label: Sydney

     

       26
       +
                     - timezone: Europe/Istanbul

     

       27
       +
                       label: Istanbul

     

       28
       +
                     - timezone: Europe/Amsterdam

     

       29
       +
                       label: Amsterdam

     

       30
       +
                     - timezone: Europe/London

     

       31
       +
                       label: London

     

       32
       +
                     - timezone: America/Menominee

     

       33
       +
                       label: Wisconsin

     

       34
       +
                     - timezone: America/Vancouver

     

       35
       +
                       label: Victoria Island

     

       36
       +
       

     

       37
       +
                 - type: rss

     

       38
       +
                   limit: 10

     

       39
       +
                   collapse-after: 3

     

       40
       +
                   cache: 3h

     

       41
       +
                   feeds:

     

       42
       +
                     - url: https://ovyerus.com/posts/rss.xml

     

       43
       +
                       title: Ovyerus (blog)

     

       44
       +
                     - url: https://ovyerus.com/weeknotes/rss.xml

     

       45
       +
                       title: Ovyerus (weeknotes)

     

       46
       +
                     - url: https://adryd.com/feed.xml

     

       47
       +
                       title: adryd

     

       48
       +
                     - url: https://notnite.com/blog/rss.xml

     

       49
       +
                       title: notnite's blog

     

       50
       +
                     - url: https://lyra.horse/blog/posts/index.xml

     

       51
       +
                       title: Lyra (Rebane2001)'s posts

     

       52
       +
                     - url: https://maia.crimew.gay/feed.xml

     

       53
       +
                       title: maia blog

     

       54
       +
                     - url: https://kibty.town/blog.rss

     

       55
       +
                       title: xyzeva's blog

     

       56
       +
                     - url: https://char.lt/blog.rss

     

       57
       +
                       title: charlotte som's blog

     

       58
       +
                     - url: https://mae.wtf/rss.xml

     

       59
       +
                       title: vimae's blog

     

       60
       +
                     - url: https://cookieplmonster.github.io/feed.xml

     

       61
       +
                       title: Silent's blog

     

       62
       +
                     - url: https://kittenlabs.de/index.xml

     

       63
       +
                       title: KittenLabs

     

       64
       +
                     - url: https://www.joshwcomeau.com/rss.xml

     

       65
       +
                       title: Josh Comeau's blog

     

       66
       +
                     - url: https://astro.build/rss.xml

     

       67
       +
                       title: The Astro Blog

     

       68
       +
                     - url: https://tailscale.com/blog/index.xml

     

       69
       +
                       title: Blog on Tailscale

     

       70
       +
                     - url: https://www.bungie.net/en/rss/News

     

       71
       +
                       title: Destiny 2

     

       72
       +
       

     

       73
       +
                 - type: twitch-channels

     

       74
       +
                   channels:

     

       75
       +
                     - jerma985

     

       76
       +
                     - jollywangcore

     

       77
       +
                     - northernlion

     

       78
       +
                     - porterrobinson

     

       79
       +
                     - rtgame

     

       80
       +
                     - schlatt

     

       81
       +
                     - vargskelethor

     

       82
       +
       

     

       83
       +
             - size: full

     

       84
       +
               widgets:

     

       85
       +
                 - type: search

     

       86
       +
                   search-engine: duckduckgo

     

       87
       +
                   bangs:

     

       88
       +
                     - title: YouTube

     

       89
       +
                       shortcut: "!yt"

     

       90
       +
                       url: https://www.youtube.com/results?search_query={QUERY}

     

       91
       +
                 - type: hacker-news

     

       92
       +
                 - type: videos

     

       93
       +
                   channels:

     

       94
       +
                     - UCQEnQfezywrAwkHWX_Uo_Qg # A Jolly Wangcore

     

       95
       +
                     - UCQ6fPy9wr7qnMxAbFOGBaLw # Computer Clan

     

       96
       +
                     - UC7Jwj9fkrf1adN4fMmTkpug # DankPods

     

       97
       +
                     - UCsBjURrPoezykLs9EqgamOA # Fireship

     

       98
       +
                     - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling

     

       99
       +
                     - UCRcgy6GzDeccI7dkbbBna3Q # LEMMiNO

     

       100
       +
                     - UCS5tt2z_DFvG7-39J3aE-bQ # Life of Boris

     

       101
       +
                     - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips

     

       102
       +
                     - UCWyrVfwRL-2DOkzsqrbjo5Q # NCommander

     

       103
       +
                     - UC0fDG3byEcMtbOqPMymDNbw # Noclip

     

       104
       +
                     - UCZB6V9fUov0Mx_us3MWWILg # People Make Games

     

       105
       +
                     - UCKKKYE55BVswHgKihx5YXew # Porter Robinson

     

       106
       +
                     - UClY084mbGLK_SLlOfgizjow # SalC1

     

       107
       +
                     - UCQD3awTLw9i8Xzh85FKsuJA # SovietWomble

     

       108
       +
                     - UCBa659QWEk1AI4Tg--mrJ2A # Tom Scott

     

       109
       +
                     - UCHC4G4X-OR5WkY-IquRGa3Q # Tom Scott plus

     

       110
       +
       

     

       111
       +
             - size: small

     

       112
       +
               widgets:

     

       113
       +
                 - type: weather

     

       114
       +
                   hour-format: 24h

     

       115
       +
                   location: Almaty, Kazakhstan

     

       116
       +
                   

     

       117
       +
                 - type: monitor

     

       118
       +
                   cache: 1m

     

       119
       +
                   title: Services

     

       120
       +
                   sites:

     

       121
       +
                     - title: Outline

     

       122
       +
                       url: https://wiki.sappho.systems

     

       123
       +
                       icon: https://gist.githubusercontent.com/SapphicMoe/06893190ae9df097c7a3a87afebaf7c9/raw/9a6df215b442a02d6bd1ea5581533f91cb66c1d0/test.svg

     

       124
       +
                     - title: Owncloud

     

       125
       +
                       url: https://cloud.sappho.systems

     

       126
       +
                       icon: si:owncloud

     

       127
       +
                     - title: Umami

     

       128
       +
                       url: https://umami.sappho.systems

     

       129
       +
                       icon: https://umami.sappho.systems/apple-touch-icon.png