commit 0e96829d6cc04aa42f4911cd6fc5ba6c596473d0 · wiro.world/dotfiles

+21 -2

nixos/profiles/server.nix

···

       5
       5
        
       }:

     

       6
       6
        
       

     

       7
       7
        
       let

     

       8
       8
       -
         inherit (self.inputs) srvos nixpkgs-unstable agenix;

     

       8
       8
       +
         inherit (self.inputs) srvos nixpkgs-unstable agenix tangled;

     

       9
       9
        
       

     

       10
       10
        
         all-secrets = import ../../secrets;

     

       11
       11
        
       

     
···

       22
       22
        
       

     

       23
       23
        
         pds-port = 3001;

     

       24
       24
        
         pds-hostname = "pds.wiro.world";

     

       25
       25
       +
       

     

       26
       26
       +
         tangled-port = 3002;

     

       27
       27
       +
         tangled-hostname = "knot.wiro.world";

     

       25
       28
        
       in

     

       26
       29
        
       {

     

       27
       30
        
         imports = [

     
···

       30
       33
        
           srvos.nixosModules.mixins-terminfo

     

       31
       34
        
       

     

       32
       35
        
           agenix.nixosModules.default

     

       36
       36
       +
       

     

       37
       37
       +
           tangled.nixosModules.knotserver

     

       33
       38
        
       

     

       34
       39
        
           pds-patched-module

     

       35
       40
        
         ];

     
···

       108
       113
        
               	respond "Hello, World! (from `weird-row-server`)"

     

       109
       114
        
             '';

     

       110
       115
        
       

     

       111
       111
       -
             virtualHosts."${pds-hostname}" = {

     

       116
       116
       +
             virtualHosts.${pds-hostname} = {

     

       112
       117
        
               serverAliases = [ "*.${pds-hostname}" ];

     

       113
       118
        
               extraConfig = ''

     

       114
       119
        
                 	tls { on_demand }

     

       115
       120
        
                   reverse_proxy http://localhost:${toString pds-port}

     

       116
       121
        
               '';

     

       117
       122
        
             };

     

       123
       123
       +
       

     

       124
       124
       +
             virtualHosts.${tangled-hostname}.extraConfig = ''

     

       125
       125
       +
                 reverse_proxy http://localhost:${toString tangled-port}

     

       126
       126
       +
             '';

     

       118
       127
        
           };

     

       119
       128
        
       

     

       120
       129
        
           security.sudo.wheelNeedsPassword = false;

     
···

       122
       131
        
           local.fragment.nix.enable = true;

     

       123
       132
        
       

     

       124
       133
        
           programs.fish.enable = true;

     

       134
       134
       +
       

     

       135
       135
       +
           services.tangled-knotserver = {

     

       136
       136
       +
             enable = true;

     

       137
       137
       +
       

     

       138
       138
       +
             server = {

     

       139
       139
       +
               listenAddr = "0.0.0.0:${toString tangled-port}";

     

       140
       140
       +
               secretFile = config.age.secrets.tangled-config.path;

     

       141
       141
       +
               hostname = tangled-hostname;

     

       142
       142
       +
             };

     

       143
       143
       +
           };

     

       125
       144
        
         };

     

       126
       145
        
       }

+2

secrets/default.nix

···

       16
       16
        
           # `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL` and

     

       17
       17
        
           # `PDS_EMAIL_FROM_ADDRESS`

     

       18
       18
        
           pds-config.file = ./pds-env.age;

     

       19
       19
       +
           # Defines `KNOT_SERVER_SECRET`

     

       20
       20
       +
           tangled-config.file = ./tangled-env.age;

     

       19
       21
        
         };

     

       20
       22
        
       

     

       21
       23
        
         none = {

+1

secrets/secrets.nix

···

       17
       17
        
         "api-wakatime.age".publicKeys = home-manager;

     

       18
       18
        
       

     

       19
       19
        
         "pds-env.age".publicKeys = deploy;

     

       20
       20
       +
         "tangled-env.age".publicKeys = deploy;

     

       20
       21
        
       

     

       21
       22
        
         # Not used in config but useful

     

       22
       23
        
         "pgp-ca5e.age".publicKeys = users;

+9

secrets/tangled-env.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 sMF1bg GTb/AWdaekNL0Zk4RAD3TNbhnzmNNSYWMu75ddPQV24

     

       3
       3
       +
       zUCmnoEhJCAL3HgZ8T2ijTWvwrSdpIIXJcj2I+SoIhY

     

       4
       4
       +
       -> ssh-ed25519 SmMcWg EKdXu9V1GrLq+BV2/8/Wbzeiunkb0Et48JTJSXsmECE

     

       5
       5
       +
       y5MWRpACrjQlHFB87gMTnyJXdozD8eFkuVeCCw+SzMw

     

       6
       6
       +
       -> ssh-ed25519 Q8rMFA nDPMvJK+oq1olH4ICJZEInRs5D2D/LrxlvQGoyAe5iE

     

       7
       7
       +
       UGKpurfmrwNPyEkbOmrdLIMqTlgceqSpz4MnDbMe6WY

     

       8
       8
       +
       --- uHEprFXsZMFHHR7Ad3vHNSofGwB/mMqB9JQ7/658NtM

     

       9
       9
       +
       h�:�4`�lG����r�9����n��CYK��}�et���Z2F@Yn���T" �l���̢�
h��\�Nr2=�q�!~4�b VOQ��4=3@�[��7����N\��Y.n����.�