diff --git a/flake.lock b/flake.lock index cd70f4b0..6f63c27c 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,25 @@ "type": "github" } }, + "deploy-rs_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_4", + "utils": "utils_3" + }, + "locked": { + "lastModified": 1648475189, + "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3", + "type": "github" + }, + "original": { + "id": "deploy-rs", + "type": "indirect" + } + }, "flake-compat": { "flake": false, "locked": { @@ -37,6 +56,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1627913399, @@ -51,7 +86,7 @@ "type": "indirect" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1627913399, @@ -163,11 +198,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1651799536, - "narHash": "sha256-+y4oD+E3PseG5jRhlfpBCSLOs1TKKtCWL/AsFCPXQYU=", + "lastModified": 1651886476, + "narHash": "sha256-fSPA5BEsoHx6ab5c2sK1apHcFbTs86SjwT63zXSuj/E=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "1d9335ce68b66262a25037c81e81f49363e5cb04", + "rev": "bbd8bc980d45d910f2673d3abfcc6617f2c3d122", "type": "github" }, "original": { @@ -179,7 +214,7 @@ "nix": { "inputs": { "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1633098935, @@ -197,7 +232,7 @@ "nix_2": { "inputs": { "lowdown-src": "lowdown-src_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1633098935, @@ -246,21 +281,37 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1651827164, - "narHash": "sha256-w1niZCq4rhXX+23xLvrA5KR9OqT/72e5Mx/pfz/bZYU=", + "lastModified": 1651934509, + "narHash": "sha256-xofDh2dBoE9s4Lx2h815/qdULHlFRjdDvp0jDk2OHp8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "98000933d72a97632caf0db0027ea3eb2e5e7f29", + "rev": "c7a2979f4cec15b45e6a052b77ae590631426c9f", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "master", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { + "locked": { + "lastModified": 1648219316, + "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1632864508, "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", @@ -275,7 +326,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1632495107, "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=", @@ -289,7 +340,7 @@ "type": "indirect" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1632864508, "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", @@ -304,7 +355,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1632495107, "narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=", @@ -329,18 +380,19 @@ }, "serokell-nix": { "inputs": { - "flake-compat": "flake-compat_2", + "deploy-rs": "deploy-rs_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", "gitignore-nix": "gitignore-nix", "nix": "nix", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1651674183, - "narHash": "sha256-voNo/SzDmjXdk77gq2PRe7E+yJlw/zNuyHij8lNiZDE=", + "lastModified": 1651884062, + "narHash": "sha256-gr3BGy0yJL4Qx2NdbzEUAI3+Hi558AAVUAczaz6423w=", "owner": "serokell", "repo": "serokell.nix", - "rev": "826a2c4c8987766640885f4dc8af344e90abb149", + "rev": "3d533eb5b37142d6a3a8dea5ea3c159ad6595eb7", "type": "github" }, "original": { @@ -382,12 +434,27 @@ "type": "github" } }, + "utils_3": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "vault-secrets": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_3", "nix": "nix_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1633626134, diff --git a/flake.nix b/flake.nix index e0a378d0..ca4f50f6 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ inputs = { deploy-rs.url = "github:serokell/deploy-rs"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:nixos/nixpkgs/master"; serokell-nix.url = "github:serokell/serokell.nix"; vault-secrets.url = "github:serokell/vault-secrets"; minecraft-servers.url = "github:jyooru/nix-minecraft-servers"; @@ -44,40 +44,43 @@ fastConnection = true; profiles.system = { user = "root"; - path = deploy-rs.lib.${system}.activate.nixos - self.nixosConfigurations.${profile}; + path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${profile}; }; }; }; # Generates hosts.auto.tfvars.json for Terraform - genTFVars = let - hostToVar = z@{ hostname, mac, ... }: { - "${hostname}" = { inherit mac; }; - }; - hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts; - json = builtins.toJSON { hosts = hostSet; }; - in pkgs.writeScriptBin "gen-tf-vars" '' - echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json; - echo "Generated Terraform Variables"; - ''; + genTFVars = + let + hostToVar = z@{ hostname, mac, ... }: { + "${hostname}" = { inherit mac; }; + }; + hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts; + json = builtins.toJSON { hosts = hostSet; }; + in + pkgs.writeScriptBin "gen-tf-vars" '' + echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json; + echo "Generated Terraform Variables"; + ''; # Import all nixos host definitions that are actual nix machines nixHosts = filter ({ nix ? true, ... }: nix) hosts; - pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} - [ vault-secrets.overlay ]; + pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; - deployChecks = - mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib; + deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib; checks = { }; - in { + in + { # Make the config and deploy sets - nixosConfigurations = - lib.foldr (el: acc: acc // mkConfig el) { } nixHosts; + nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts; deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts; apps.${system} = { + # deploy = { + # type = "app"; + # program = "${deploy-rs.packages.${system}.deploy-rs}/bin/deploy"; + # }; vault-push-approles = { type = "app"; program = "${pkgs.vault-push-approles self}/bin/vault-push-approles"; @@ -97,6 +100,7 @@ devShells.${system}.default = pkgs.mkShell { VAULT_ADDR = "http://vault.olympus:8200/"; # This only support bash so just execute zsh in bash as a workaround :/ + shellHook = "zsh"; buildInputs = with pkgs; [ deploy-rs.packages.${system}.deploy-rs fluxcd diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix index 5a155350..4cfe86ce 100644 --- a/nixos/hosts/nginx/configuration.nix +++ b/nixos/hosts/nginx/configuration.nix @@ -31,6 +31,10 @@ in recommendedProxySettings = true; recommendedTlsSettings = true; + package = pkgs.nginxMainline.override { + modules = with pkgs.nginxModules; [ brotli ]; + }; + # Reverse Proxies virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/"; @@ -43,46 +47,6 @@ in virtualHosts."wooloofan.club" = k8s_proxy; virtualHosts."whoami.wooloofan.club" = k8s_proxy; - # Headscale - virtualHosts."vpn.0x76.dev" = { - enableACME = true; - forceSSL = true; - - locations = { - "/headscale." = { - extraConfig = '' - grpc_pass grpc://headscale.olympus:50443; - ''; - priority = 1; - }; - - # "/metrics" = { - # proxyPass = "http://plausible.olympus:9090"; - # extraConfig = '' - # allow 10.0.0.0/8; - # allow 100.64.0.0/16; - # deny all; - # ''; - # priority = 2; - # }; - - "/" = { - proxyPass = "http://headscale.olympus:8080"; - proxyWebsockets = true; - extraConfig = '' - keepalive_requests 100000; - keepalive_timeout 160s; - proxy_buffering off; - proxy_connect_timeout 75; - proxy_ignore_client_abort on; - proxy_read_timeout 900s; - proxy_send_timeout 600; - send_timeout 600; - ''; - priority = 99; - }; - }; - }; }; security.acme.defaults.email = "victorheld12@gmail.com"; diff --git a/terraform/hosts.auto.tfvars.json b/terraform/hosts.auto.tfvars.json index 6ffa1bf1..2ac54e16 100644 --- a/terraform/hosts.auto.tfvars.json +++ b/terraform/hosts.auto.tfvars.json @@ -24,12 +24,18 @@ "eevee": { "mac": "34:97:f6:93:9A:AA" }, + "gitea": { + "mac": "DE:5F:B0:83:6F:34" + }, "home-assistant": { "mac": "9E:60:78:ED:81:B4" }, "k3s-node1": { "mac": "2E:F8:55:23:D9:9B" }, + "minecraft": { + "mac": "EA:30:73:E4:B6:69" + }, "minio": { "mac": "0A:06:5E:E7:9A:0C" }, @@ -42,6 +48,12 @@ "nuc": { "mac": "1C:69:7A:62:30:88" }, + "plausible": { + "mac": "82:34:70:FA:44:6F" + }, + "unifi": { + "mac": "1A:88:A0:B0:65:B4" + }, "unifi-ap": { "mac": "b4:fb:e4:f3:ff:1b" }, @@ -50,6 +62,12 @@ }, "victoriametrics": { "mac": "9E:91:61:35:84:1F" + }, + "wireguard": { + "mac": "1E:ED:97:2C:C3:9D" + }, + "zmeura": { + "mac": "b8:27:eb:d5:e0:f5" } } }