diff --git a/flake.lock b/flake.lock index f794795..d4bab49 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", "type": "github" }, "original": { @@ -21,28 +21,28 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1748408240, - "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", "type": "github" }, "original": { @@ -152,11 +152,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1748383148, - "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -262,11 +262,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", "type": "gitlab" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1764536451, - "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=", + "lastModified": 1767910483, + "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", "owner": "nix-community", "repo": "home-manager", - "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5", + "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", "type": "github" }, "original": { @@ -359,11 +359,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1764405884, - "narHash": "sha256-TnvBRPmcpcyinvLgsitHS7w5soSa6yNBfRYEI2TK1Ts=", + "lastModified": 1768492302, + "narHash": "sha256-MJ5zfUO7UZYARxy9EOpSooE961eH3K75CGOn84thbQM=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "10aae4855ee275f7d80d85f4328c24265fb20f1f", + "rev": "cbf53d0b9c9531d654e7dbcf1f9117a221ad5c58", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1764399944, - "narHash": "sha256-FC9eYtSmplgxllCX4/3hJq5J3sXWKLSc7at8ZUxycVw=", + "lastModified": 1768487377, + "narHash": "sha256-+WOpoDSvYJds8zCMlwDHKBivxSViM5n1J1Jo9Lcf19Y=", "owner": "YaLTeR", "repo": "niri", - "rev": "b35bcae35b3f9665043c335e55ed5828af77db85", + "rev": "87e2dd0361172a48cb3ac8e5b3f6f701c758700d", "type": "github" }, "original": { @@ -427,11 +427,11 @@ ] }, "locked": { - "lastModified": 1764381338, - "narHash": "sha256-EBguntbfHsbikHdk9v/2lAyrLzjaZf6tEZeRymXAfJA=", + "lastModified": 1768443224, + "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "600e16b6baf213d9192a0035ff15618305fcea60", + "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764522689, - "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", + "lastModified": 1768323494, + "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", + "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", "type": "github" }, "original": { @@ -494,11 +494,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -509,11 +509,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764352606, - "narHash": "sha256-ZwPqcETKhoQ+TS40+hFr5CY4wzcNGKhi6l8w2HmmxKc=", + "lastModified": 1768395095, + "narHash": "sha256-ZhuYJbwbZT32QA95tSkXd9zXHcdZj90EzHpEXBMabaw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "24e915b36ca87d32777d766da3a3f4e3ce22cc98", + "rev": "13868c071cc73a5e9f610c47d7bb08e5da64fdd5", "type": "github" }, "original": { @@ -525,11 +525,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764560356, - "narHash": "sha256-M5aFEFPppI4UhdOxwdmceJ9bDJC4T6C6CzCK1E2FZyo=", + "lastModified": 1757545623, + "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c8f0cca84510cc79e09ea99a299c9bc17d03cb6", + "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", "type": "github" }, "original": { @@ -549,11 +549,11 @@ ] }, "locked": { - "lastModified": 1764404323, - "narHash": "sha256-lyAJQNdm/ZRfH6mDXLIA8/g2tCuHlHEfthC0UA+BLFs=", + "lastModified": 1768513652, + "narHash": "sha256-gumQwI3+cmzXJNZQpL8NfjNoi+E+8yv8t0t30I2PQ7U=", "owner": "nix-community", "repo": "NUR", - "rev": "5a7ff5a222e1422c4f129f64e10ebecf78ace9f8", + "rev": "321a80b638edab9533f254070e8cf3acc37c0b8a", "type": "github" }, "original": { @@ -747,11 +747,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764600318, - "narHash": "sha256-PtJfp13TUHZ24Z3ybeb2W3pOr+SEjI3xkcTumgGT28E=", + "lastModified": 1768493544, + "narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=", "owner": "nix-community", "repo": "stylix", - "rev": "c9760a6a2ba532e6d0dcae804b7cb62ec7198f70", + "rev": "362306faaa7459bebf8eabf135879785f3da9bd2", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1750770351, - "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "lastModified": 1767817087, + "narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=", "owner": "tinted-theming", "repo": "schemes", - "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "rev": "bd99656235aab343e3d597bf196df9bc67429507", "type": "github" }, "original": { @@ -828,11 +828,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1751159871, - "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -844,11 +844,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1751158968, - "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -864,11 +864,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -897,11 +897,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1764366786, - "narHash": "sha256-yVCJ4Qe/JkdKDu0DddFdAQgDQVeF12nxH7zv3jtooV4=", + "lastModified": 1768106915, + "narHash": "sha256-HlLo9zH4ULRXlmlIK948cHmdVhxyHgTHxGaoCRlW4k8=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "b362a3873710a42f7ac2d8ba03772d8290733934", + "rev": "72245e108f3b03c3c4474d2de9de2d1830849603", "type": "github" }, "original": { diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix deleted file mode 100644 index 367ef2b..0000000 --- a/nixosConfigurations/hetzner-vpn2/blog.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in -{ - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx.virtualHosts = { - "zerforschen.plus" = { - enableACME = true; - forceSSL = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index cc53cb3..591dc20 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,8 +2,6 @@ imports = [ ./hardware.nix ./nginx.nix - ./headscale.nix - ./blog.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix deleted file mode 100644 index 6eac407..0000000 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ /dev/null @@ -1,43 +0,0 @@ -let - headscale-port = 8668; -in -{ - # sudo tailscale up --reset --force-reauth --login-server https://uplink.darkest.space --operator=$USER - - services = { - headscale = { - enable = true; - address = "localhost"; - port = headscale-port; - settings = { - server_url = "https://uplink.darkest.space/"; - dns = { - override_local_dns = false; - base_domain = "high-gravity.space"; - }; - derp = { - server = { - enabled = true; - verify_clients = true; - stun_listen_addr = "0.0.0.0:3478"; - ipv4 = "78.46.242.90"; - ipv6 = "2a01:4f8:c013:65dd::1"; - }; - urls = [ ]; - }; - }; - }; - - nginx.virtualHosts."uplink.darkest.space" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString headscale-port}"; - proxyWebsockets = true; - }; - }; - }; - - # for DERP - networking.firewall.allowedUDPPorts = [ 3478 ]; -} diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index 7178b0d..aa399aa 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,19 +1,62 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "zerforschen.plus" = { + addSSL = true; + enableACME = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; }; networking.firewall.allowedTCPPorts = [ 80 443 + 5201 ]; }