diff --git a/flake.lock b/flake.lock index d4bab49..f794795 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", "type": "github" }, "original": { @@ -21,28 +21,28 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1765809053, - "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1760703920, - "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", "type": "github" }, "original": { @@ -152,11 +152,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764873433, - "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -262,11 +262,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1767737596, - "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "lastModified": 1764524476, + "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", "type": "gitlab" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1767910483, - "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", + "lastModified": 1764536451, + "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=", "owner": "nix-community", "repo": "home-manager", - "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", + "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768492302, - "narHash": "sha256-MJ5zfUO7UZYARxy9EOpSooE961eH3K75CGOn84thbQM=", + "lastModified": 1764405884, + "narHash": "sha256-TnvBRPmcpcyinvLgsitHS7w5soSa6yNBfRYEI2TK1Ts=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "cbf53d0b9c9531d654e7dbcf1f9117a221ad5c58", + "rev": "10aae4855ee275f7d80d85f4328c24265fb20f1f", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768487377, - "narHash": "sha256-+WOpoDSvYJds8zCMlwDHKBivxSViM5n1J1Jo9Lcf19Y=", + "lastModified": 1764399944, + "narHash": "sha256-FC9eYtSmplgxllCX4/3hJq5J3sXWKLSc7at8ZUxycVw=", "owner": "YaLTeR", "repo": "niri", - "rev": "87e2dd0361172a48cb3ac8e5b3f6f701c758700d", + "rev": "b35bcae35b3f9665043c335e55ed5828af77db85", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1768443224, - "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", + "lastModified": 1764381338, + "narHash": "sha256-EBguntbfHsbikHdk9v/2lAyrLzjaZf6tEZeRymXAfJA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", + "rev": "600e16b6baf213d9192a0035ff15618305fcea60", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768323494, - "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", + "lastModified": 1764522689, + "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", + "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", "type": "github" }, "original": { @@ -494,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1768395095, - "narHash": "sha256-ZhuYJbwbZT32QA95tSkXd9zXHcdZj90EzHpEXBMabaw=", + "lastModified": 1764352606, + "narHash": "sha256-ZwPqcETKhoQ+TS40+hFr5CY4wzcNGKhi6l8w2HmmxKc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13868c071cc73a5e9f610c47d7bb08e5da64fdd5", + "rev": "24e915b36ca87d32777d766da3a3f4e3ce22cc98", "type": "github" }, "original": { @@ -525,11 +525,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757545623, - "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", + "lastModified": 1764560356, + "narHash": "sha256-M5aFEFPppI4UhdOxwdmceJ9bDJC4T6C6CzCK1E2FZyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", + "rev": "6c8f0cca84510cc79e09ea99a299c9bc17d03cb6", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1768513652, - "narHash": "sha256-gumQwI3+cmzXJNZQpL8NfjNoi+E+8yv8t0t30I2PQ7U=", + "lastModified": 1764404323, + "narHash": "sha256-lyAJQNdm/ZRfH6mDXLIA8/g2tCuHlHEfthC0UA+BLFs=", "owner": "nix-community", "repo": "NUR", - "rev": "321a80b638edab9533f254070e8cf3acc37c0b8a", + "rev": "5a7ff5a222e1422c4f129f64e10ebecf78ace9f8", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768493544, - "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", + "lastModified": 1764600318, + "narHash": "sha256-PtJfp13TUHZ24Z3ybeb2W3pOr+SEjI3xkcTumgGT28E=", "owner": "nix-community", "repo": "stylix", - "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", + "rev": "c9760a6a2ba532e6d0dcae804b7cb62ec7198f70", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1767817087, - "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", + "lastModified": 1750770351, + "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", "owner": "tinted-theming", "repo": "schemes", - "rev": "bd99656235aab343e3d597bf196df9bc67429507", + "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", "type": "github" }, "original": { @@ -828,11 +828,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1767489635, - "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "lastModified": 1751159871, + "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", "type": "github" }, "original": { @@ -844,11 +844,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1767488740, - "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "lastModified": 1751158968, + "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768106915, - "narHash": "sha256-HlLo9zH4ULRXlmlIK948cHmdVhxyHgTHxGaoCRlW4k8=", + "lastModified": 1764366786, + "narHash": "sha256-yVCJ4Qe/JkdKDu0DddFdAQgDQVeF12nxH7zv3jtooV4=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "72245e108f3b03c3c4474d2de9de2d1830849603", + "rev": "b362a3873710a42f7ac2d8ba03772d8290733934", "type": "github" }, "original": { diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix new file mode 100644 index 0000000..367ef2b --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/blog.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in +{ + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx.virtualHosts = { + "zerforschen.plus" = { + enableACME = true; + forceSSL = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; + }; +} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index 591dc20..cc53cb3 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,6 +2,8 @@ imports = [ ./hardware.nix ./nginx.nix + ./headscale.nix + ./blog.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix new file mode 100644 index 0000000..6eac407 --- /dev/null +++ b/nixosConfigurations/hetzner-vpn2/headscale.nix @@ -0,0 +1,43 @@ +let + headscale-port = 8668; +in +{ + # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER + + services = { + headscale = { + enable = true; + address = "localhost"; + port = headscale-port; + settings = { + server_url = "https://uplink.darkest.space/"; + dns = { + override_local_dns = false; + base_domain = "high-gravity.space"; + }; + derp = { + server = { + enabled = true; + verify_clients = true; + stun_listen_addr = "0.0.0.0:3478"; + ipv4 = "78.46.242.90"; + ipv6 = "2a01:4f8:c013:65dd::1"; + }; + urls = [ ]; + }; + }; + }; + + nginx.virtualHosts."uplink.darkest.space" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString headscale-port}"; + proxyWebsockets = true; + }; + }; + }; + + # for DERP + networking.firewall.allowedUDPPorts = [ 3478 ]; +} diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index aa399aa..7178b0d 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,62 +1,19 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; }; networking.firewall.allowedTCPPorts = [ 80 443 - 5201 ]; }