diff --git a/flake.lock b/flake.lock index 7376d52..db076f0 100755 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,98 @@ "type": "github" } }, + "elm-spa": { + "inputs": { + "nixpkgs": [ + "linkpage", + "mkElmDerivation", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706301604, + "narHash": "sha256-n6LDjnPCTLbKTrRgeZhlLTfY6V45xNYcb4NYEMuO4jg=", + "owner": "jeslie0", + "repo": "elm-spa", + "rev": "4c82e18d5fcf9d4c027f0ef0e89204dd87584f7f", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "elm-spa", + "type": "github" + } + }, + "elm-spa_2": { + "inputs": { + "nixpkgs": [ + "upRootNutrition", + "mkElmDerivation", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706301604, + "narHash": "sha256-n6LDjnPCTLbKTrRgeZhlLTfY6V45xNYcb4NYEMuO4jg=", + "owner": "jeslie0", + "repo": "elm-spa", + "rev": "4c82e18d5fcf9d4c027f0ef0e89204dd87584f7f", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "elm-spa", + "type": "github" + } + }, + "elm-watch": { + "inputs": { + "nixpkgs": [ + "linkpage", + "mkElmDerivation", + "nixpkgs" + ], + "npm-fix": "npm-fix", + "npmlock2nix": "npmlock2nix" + }, + "locked": { + "lastModified": 1706304401, + "narHash": "sha256-992cypnhoRbsGkDc5/X241rafBML4EP0EuT6cBcaY/8=", + "owner": "jeslie0", + "repo": "elm-watch", + "rev": "2f1c6c0e69b163c15e2ce66f543c38021b2a0ea3", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "elm-watch", + "type": "github" + } + }, + "elm-watch_2": { + "inputs": { + "nixpkgs": [ + "upRootNutrition", + "mkElmDerivation", + "nixpkgs" + ], + "npm-fix": "npm-fix_2", + "npmlock2nix": "npmlock2nix_2" + }, + "locked": { + "lastModified": 1706304401, + "narHash": "sha256-992cypnhoRbsGkDc5/X241rafBML4EP0EuT6cBcaY/8=", + "owner": "jeslie0", + "repo": "elm-watch", + "rev": "2f1c6c0e69b163c15e2ce66f543c38021b2a0ea3", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "elm-watch", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -119,6 +211,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, "locked": { "lastModified": 1754091436, "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", @@ -133,7 +243,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nur", @@ -154,6 +264,24 @@ "type": "github" } }, + "flake-parts_5": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_3" + }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -673,6 +801,28 @@ "type": "github" } }, + "linkpage": { + "inputs": { + "flake-parts": "flake-parts_2", + "mkElmDerivation": "mkElmDerivation", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762929110, + "narHash": "sha256-MZXAaL2gJJhFMk8eg3reeVGXcLucvQrNhwCmxIbGV3U=", + "ref": "refs/heads/main", + "rev": "fc1f9a7ba28370a1fcb63ed2917e9a053f9c1480", + "revCount": 56, + "type": "git", + "url": "ssh://git@gitlab.com/uprootnutrition/linkpage.git" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/uprootnutrition/linkpage.git" + } + }, "lix": { "flake": false, "locked": { @@ -732,6 +882,46 @@ "type": "github" } }, + "mkElmDerivation": { + "inputs": { + "elm-spa": "elm-spa", + "elm-watch": "elm-watch", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1762652710, + "narHash": "sha256-fTprY2KP2IW9SR1+8fWhQecA+CZ3+koNIQg608h+NhY=", + "owner": "jeslie0", + "repo": "mkElmDerivation", + "rev": "2e13a2a1c550d0a30c3672798779a8ce1a989e00", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "mkElmDerivation", + "type": "github" + } + }, + "mkElmDerivation_2": { + "inputs": { + "elm-spa": "elm-spa_2", + "elm-watch": "elm-watch_2", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1759023814, + "narHash": "sha256-uBmxzIRNLyW69/mOkSkbSTmuQG/zu68dNEnt0xTiYzs=", + "owner": "jeslie0", + "repo": "mkElmDerivation", + "rev": "f2b9966af4a7965cd47ac707ab81aeef9a8a3fa6", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "mkElmDerivation", + "type": "github" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -739,7 +929,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, @@ -793,7 +983,7 @@ "nixcord": { "inputs": { "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ] @@ -814,21 +1004,36 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "NixOS", + "lastModified": 1696757521, + "narHash": "sha256-cfgtLNCBLFx2qOzRLI6DHfqTdfWI+UbvsKYa3b3fvaA=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "2646b294a146df2781b1ca49092450e8a32814e1", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1753579242, "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", @@ -843,13 +1048,28 @@ "type": "github" } }, + "nixpkgs-lib_3": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1762756533, + "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d", "type": "github" }, "original": { @@ -875,9 +1095,215 @@ "type": "github" } }, + "nixpkgs-stable_3": { + "locked": { + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1759281824, + "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5b5be50345d4113d04ba58c444348849f5585b4a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1754340878, + "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cab778239e705082fe97bb4990e0d24c50924c04", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1696757521, + "narHash": "sha256-cfgtLNCBLFx2qOzRLI6DHfqTdfWI+UbvsKYa3b3fvaA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2646b294a146df2781b1ca49092450e8a32814e1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1754340878, + "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cab778239e705082fe97bb4990e0d24c50924c04", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "npm-fix": { + "inputs": { + "nixpkgs": [ + "linkpage", + "mkElmDerivation", + "elm-watch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706304213, + "narHash": "sha256-XN9ESRSOANR0iFbEMMY1C1jvgZlYJsXQYVAHxxRmn+c=", + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "rev": "e9851274afa12b04d98e694ed089aa9cde8d7349", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "type": "github" + } + }, + "npm-fix_2": { + "inputs": { + "nixpkgs": [ + "upRootNutrition", + "mkElmDerivation", + "elm-watch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706304213, + "narHash": "sha256-XN9ESRSOANR0iFbEMMY1C1jvgZlYJsXQYVAHxxRmn+c=", + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "rev": "e9851274afa12b04d98e694ed089aa9cde8d7349", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "type": "github" + } + }, + "npmlock2nix": { + "flake": false, + "locked": { + "lastModified": 1673447413, + "narHash": "sha256-sJM82Sj8yfQYs9axEmGZ9Evzdv/kDcI9sddqJ45frrU=", + "owner": "nix-community", + "repo": "npmlock2nix", + "rev": "9197bbf397d76059a76310523d45df10d2e4ca81", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "npmlock2nix", + "type": "github" + } + }, + "npmlock2nix_2": { + "flake": false, + "locked": { + "lastModified": 1673447413, + "narHash": "sha256-sJM82Sj8yfQYs9axEmGZ9Evzdv/kDcI9sddqJ45frrU=", + "owner": "nix-community", + "repo": "npmlock2nix", + "rev": "9197bbf397d76059a76310523d45df10d2e4ca81", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "npmlock2nix", + "type": "github" + } + }, "nur": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ] @@ -971,19 +1397,21 @@ "hyprland": "hyprland", "hyprland-portal": "hyprland-portal", "impermanence": "impermanence", + "linkpage": "linkpage", "lix": "lix", "lix-module": "lix-module", "microvm": "microvm", "niri": "niri", "nixcord": "nixcord", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_3", "nur": "nur", "plasma-manager": "plasma-manager", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "sops-nix": "sops-nix", "systems": "systems_5", - "treefmt-nix": "treefmt-nix", + "treefmt-nix": "treefmt-nix_2", + "upRootNutrition": "upRootNutrition", "waybar": "waybar", "wpaperd": "wpaperd" } @@ -1136,6 +1564,24 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -1155,6 +1601,46 @@ "type": "github" } }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "lastModified": 1758728421, + "narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "upRootNutrition": { + "inputs": { + "flake-parts": "flake-parts_5", + "mkElmDerivation": "mkElmDerivation_2", + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable_4", + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1761538643, + "narHash": "sha256-467x2JQVdMGnCuAn0Ci2MnRMYg7UwGtYywdI4Tyz4A8=", + "ref": "refs/heads/main", + "rev": "ab8a9b6ed63be60c3fd2f49ea2add13a40790c51", + "revCount": 255, + "type": "git", + "url": "ssh://git@gitlab.com/uprootnutrition/website.git" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/uprootnutrition/website.git" + } + }, "waybar": { "inputs": { "flake-compat": "flake-compat_4", diff --git a/flake.nix b/flake.nix index cc4a914..c84010e 100755 --- a/flake.nix +++ b/flake.nix @@ -75,12 +75,12 @@ url = "github:microvm-nix/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - # upRootNutrition = { - # url = "git+ssh://git@gitlab.com/uprootnutrition/website.git"; - # }; - # linkpage = { - # url = "git+ssh://git@gitlab.com/uprootnutrition/linkpage.git"; - # }; + upRootNutrition = { + url = "git+ssh://git@gitlab.com/uprootnutrition/website.git"; + }; + linkpage = { + url = "git+ssh://git@gitlab.com/uprootnutrition/linkpage.git"; + }; # filesorter = { # url = "git+ssh://git@gitlab.com/uprootnutrition/filesorter.git"; # inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/config/instances/config/projectSite.nix b/modules/config/instances/config/projectSite.nix index 4cbc1ad..1697b59 100755 --- a/modules/config/instances/config/projectSite.nix +++ b/modules/config/instances/config/projectSite.nix @@ -1,31 +1,46 @@ { moduleFunctions }: let inherit (moduleFunctions.instancesFunctions) - sslPath - sopsPath + domain0 + varPath + mntPath ; - - label = "projectSite"; + label = "ProjectSite"; name = "projectsite"; + domain = "${name}.${domain0}"; in { label = label; name = name; short = "Project"; - sops = { - path0 = "${sopsPath}/${name}"; + email = { + address0 = "noreply@${domain0}"; + }; + domains = { + url0 = domain; }; tags = [ "project" ]; - paths = { - path0 = "/var/lib/projectsite/dist"; - }; + subdomain = name; ports = { port0 = 1334; }; - ssl = { - cert = sslPath; - key = sslPath; + interface = { + id = "vm-project"; + mac = "02:00:00:00:52:22"; + idUser = "vmuser-project"; + macUser = "02:00:00:00:00:22"; + ip = "192.168.50.212"; + gate = "192.168.50.1"; + ssh = 2299; + }; + varPaths = { + path0 = "${varPath}/${name}"; + path1 = "${varPath}/${name}/dist"; + + }; + mntPaths = { + path0 = "${mntPath}/${name}"; }; } diff --git a/modules/config/instances/config/upRootNutrition.nix b/modules/config/instances/config/upRootNutrition.nix index 2f0785e..e6e9004 100755 --- a/modules/config/instances/config/upRootNutrition.nix +++ b/modules/config/instances/config/upRootNutrition.nix @@ -2,13 +2,15 @@ let inherit (moduleFunctions.instancesFunctions) domain1 + varPath + mntPath sslPath - sopsPath ; - label = "upRootNutrition"; name = "uprootnutrition"; + ssl = "${sslPath}/${domain1}"; in + { label = label; name = name; @@ -16,9 +18,6 @@ in email = { address0 = "nick@${domain1}"; }; - sops = { - path0 = "${sopsPath}/${name}"; - }; domains = { url0 = domain1; }; @@ -26,16 +25,26 @@ in name "blog" ]; - paths = { - path0 = "/var/lib/website/dist"; - path1 = ""; - path2 = ""; - }; - ports = { - port0 = 1234; + interface = { + id = "vm-uproot"; + mac = "02:00:00:00:52:21"; + idUser = "vmuser-uproot"; + macUser = "02:00:00:00:00:21"; + ip = "192.168.50.211"; + gate = "192.168.50.1"; + ssh = 2300; }; ssl = { - cert = "${sslPath}/${domain1}/fullchain.pem"; - key = "${sslPath}/${domain1}/key.pem"; + path = ssl; + cert = "${ssl}/fullchain.pem"; + key = "${ssl}/key.pem"; }; + + varPaths = { + path0 = "${varPath}/${name}"; + }; + mntPaths = { + path0 = "${mntPath}/${name}"; + }; + } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 4afaaac..e34fe50 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -62,12 +62,12 @@ in # minecraft # ollamaCeres # postgresCeres - # projectSite + projectSite # prompter sambaCeres # searx vaultwarden - # website + website # zookeeper ; }; diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix index 0bdba3d..14a6dd3 100755 --- a/modules/nixos/guests/mastodon/default.nix +++ b/modules/nixos/guests/mastodon/default.nix @@ -124,8 +124,9 @@ in caddy = { enable = true; virtualHosts = { - "${serviceCfg.interface.ip}" = { + ":80" = { extraConfig = '' + # Remove the outer http:// block wrapper handle_path /system/* { file_server * { root /var/lib/mastodon/public-system @@ -198,6 +199,27 @@ in systemd = { services = { systemd-networkd.wantedBy = [ "multi-user.target" ]; + mastodon-web.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-1.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-2.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-3.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-4.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-5.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-6.wantedBy = [ "multi-user.target" ]; + mastodon-streaming-7.wantedBy = [ "multi-user.target" ]; + mastodon-sidekiq-all.wantedBy = [ "multi-user.target" ]; + mastodon-sidekiq-default.wantedBy = [ "multi-user.target" ]; + mastodon-sidekiq-ingress.wantedBy = [ "multi-user.target" ]; + mastodon-sidekiq-mailers.wantedBy = [ "multi-user.target" ]; + mastodon-sidekiq-push-pull.wantedBy = [ "multi-user.target" ]; + mastodon-init-db = { + environment = { + DISABLE_BOOTSNAP = "1"; + }; + serviceConfig = { + TimeoutStartSec = "10min"; + }; + }; copy-secrets-to-tmpfs = { description = "Copy secrets from virtiofs to tmpfs"; wantedBy = [ "multi-user.target" ]; diff --git a/modules/nixos/guests/midnight/default.nix b/modules/nixos/guests/midnight/default.nix index 3b38842..3e3ee73 100755 --- a/modules/nixos/guests/midnight/default.nix +++ b/modules/nixos/guests/midnight/default.nix @@ -38,7 +38,7 @@ in config = let macAddress = "02:00:00:00:00:${macOctet}"; - workers = deviceLogic 45 4 16 6; + workers = deviceLogic 45 4 18 6; in { environment.systemPackages = [ diff --git a/modules/nixos/guests/projectSite/default.nix b/modules/nixos/guests/projectSite/default.nix new file mode 100755 index 0000000..237cb61 --- /dev/null +++ b/modules/nixos/guests/projectSite/default.nix @@ -0,0 +1,94 @@ +{ + config, + flake, + pkgs, + ... +}: +let + inherit (flake.config.people) user0; + inherit (flake.config.services) instances; + serviceCfg = instances.projectSite; + host = flake.inputs.linkpage.secrets.domains.projectsite; + websitePkg = flake.inputs.linkpage.packages.${pkgs.system}.websiteFrontend; +in +{ + systemd.tmpfiles.rules = [ + "d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -" + ]; + + microvm.vms.${serviceCfg.name} = { + autostart = true; + config = { + system.stateVersion = "25.05"; + + networking.firewall.allowedTCPPorts = [ + 22 + 8080 + ]; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + environment.etc."website".source = websitePkg; + + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + + systemd = { + network = { + enable = true; + networks."10-enp" = { + matchConfig.Name = "enp0s3"; + addresses = [ { Address = "${serviceCfg.interface.ip}/24"; } ]; + gateway = [ serviceCfg.interface.gate ]; + }; + }; + + services.website = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.miniserve}/bin/miniserve /etc/website --index index.html -p 8080"; + Restart = "always"; + }; + }; + }; + + microvm = { + vcpu = 2; + mem = 3072; + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = serviceCfg.interface.id; + mac = serviceCfg.interface.mac; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + }; + }; + }; + + # Host Caddy + services.caddy = { + enable = true; + virtualHosts.${host}.extraConfig = '' + reverse_proxy ${serviceCfg.interface.ip}:8080 + ''; + }; + + # ACME cert + security.acme.certs.${host} = { + dnsProvider = instances.web.dns.provider1; + environmentFile = config.sops.secrets."dns/${instances.web.dns.provider1}".path; + }; +} diff --git a/modules/nixos/guests/website/default.nix b/modules/nixos/guests/website/default.nix new file mode 100755 index 0000000..40553db --- /dev/null +++ b/modules/nixos/guests/website/default.nix @@ -0,0 +1,97 @@ +{ + config, + flake, + pkgs, + ... +}: +let + inherit (flake.config.people) user0; + inherit (flake.config.services) instances; + serviceCfg = instances.upRootNutrition; + host = serviceCfg.domains.url0; + websitePkg = flake.inputs.upRootNutrition.packages.${pkgs.system}.websiteFrontend; +in +{ + microvm.vms.${serviceCfg.name} = { + autostart = true; + config = { + system.stateVersion = "25.05"; + + networking.firewall.allowedTCPPorts = [ + 22 + 8080 + ]; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + environment.etc."website".source = websitePkg; + + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + + systemd = { + network = { + enable = true; + networks."10-enp" = { + matchConfig.Name = "enp0s3"; + addresses = [ + { Address = "${serviceCfg.interface.ip}/24"; } + ]; + gateway = [ serviceCfg.interface.gate ]; + }; + }; + + services.website = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.miniserve}/bin/miniserve /etc/website --index index.html -p 8080"; + Restart = "always"; + }; + }; + }; + + microvm = { + vcpu = 2; + mem = 3072; + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = serviceCfg.interface.id; + mac = serviceCfg.interface.mac; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + ]; + }; + }; + }; + + services.caddy = { + enable = true; + virtualHosts.${host}.extraConfig = '' + reverse_proxy ${serviceCfg.interface.ip}:8080 + + tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} + ''; + }; + + security.acme.certs.${host} = { + dnsProvider = instances.web.dns.provider0; + environmentFile = config.sops.secrets."dns/${instances.web.dns.provider0}".path; + }; + + systemd.tmpfiles.rules = [ + "d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -" + ]; + +} diff --git a/modules/nixos/services/projectSite/default.nix b/modules/nixos/services/projectSite/default.nix deleted file mode 100755 index 958c5c8..0000000 --- a/modules/nixos/services/projectSite/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ flake, config, ... }: -let - inherit (flake.config.services.instances) - projectSite - ; - service = projectSite; - host = flake.inputs.linkpage.secrets.domains.projectsite; -in -{ - services = { - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - root * ${service.paths.path0} - - file_server - - encode gzip - - try_files {path} /index.html - - tls ${service.ssl.cert}/${host}/fullchain.pem ${service.ssl.key}/${host}/key.pem - ''; - }; - }; - }; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 caddy caddy -" - ]; -} diff --git a/modules/nixos/services/website/default.nix b/modules/nixos/services/website/default.nix deleted file mode 100755 index ef4d490..0000000 --- a/modules/nixos/services/website/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ flake, pkgs, ... }: -let - inherit (flake.config.services.instances) - upRootNutrition - web - ; - service = upRootNutrition; - host = web.domains.url1; - - websitePkg = flake.inputs.upRootNutrition.packages.${pkgs.system}.websiteFrontend; -in -{ - services = { - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - root * ${websitePkg} - - file_server - - encode gzip - - try_files {path} /index.html - - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - }; -}