cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

some refactor and fail2ban changes

Browse Source
This commit is contained in:
cnst
2025-08-15 16:26:10 +02:00
parent f8dabd4e18
commit 3ed8196fa6
10 changed files with 49 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
flake.lock generated
View File

@@ -123,11 +123,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1754907869,
"narHash": "sha256-tzshAAjt0xDjCc/aOgii6PSqePIc2rWYSXF8VnqEhIg=",
"lastModified": 1755169038,
"narHash": "sha256-lIAE8ou7ukvoOE0nZ2lNcl/n8mnj6m2cGsx9U7Xhew4=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "b5f83e0d7bce67af178f6aaef95853fedf4c00a0",
"rev": "5efc0389eaca14046e1ee2068bcba6fe64cf6e2e",
"type": "github"
},
"original": {
@@ -182,11 +182,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1755067290,
"narHash": "sha256-M5tvUutzwlbnSExaQKSKS/b/Cl6Kd0lEiLwt6mvD6t0=",
"lastModified": 1755153894,
"narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=",
"owner": "nix-community",
"repo": "fenix",
"rev": "ef180474c4763fc19df569b5af259e2de32b9491",
"rev": "f6874c6e512bc69d881d979a45379b988b80a338",
"type": "github"
},
"original": {
@@ -483,11 +483,11 @@
]
},
"locked": {
"lastModified": 1755107032,
"narHash": "sha256-ckb/RX9rJ/FslBA3K4hYAXgVW/7JdQ50Z+28XZT96zg=",
"lastModified": 1755121891,
"narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4b6dd06c6a92308c06da5e0e55f2c505237725c9",
"rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426",
"type": "github"
},
"original": {
@@ -525,11 +525,11 @@
]
},
"locked": {
"lastModified": 1754886238,
"narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=",
"lastModified": 1755121891,
"narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d492b89d1993579e63b9dbdaed17fd7824834da",
"rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426",
"type": "github"
},
"original": {
@@ -676,11 +676,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1755071134,
"narHash": "sha256-4HK2kvyeAO/6kNKGanvP8mg4nEeDwke+d3eozz3QmOQ=",
"lastModified": 1755184403,
"narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "aa6a78f0a4e17c49ed4aff8b58c3f7ec7ef0408f",
"rev": "60d769a89908c29e19100059985db15a7b6bab6a",
"type": "github"
},
"original": {
@@ -1064,11 +1064,11 @@
]
},
"locked": {
"lastModified": 1754639028,
"narHash": "sha256-w1+XzPBAZPbeGLMAgAlOjIquswo6Q42PMep9KSrRzOA=",
"lastModified": 1755151620,
"narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "d49809278138d17be77ab0ef5506b26dc477fa62",
"rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github"
},
"original": {
@@ -1143,11 +1143,11 @@
]
},
"locked": {
"lastModified": 1755050545,
"narHash": "sha256-DPdNnDwDvGWn/AZ8B3G95o8EIM4/ewIfgTgR+Rlul9o=",
"lastModified": 1755136941,
"narHash": "sha256-tb7d+oBwD6ZBPzAhV/eXQs42YaZuzoNczRSPD3ubuoE=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "064757499f6d48e343552e328eb757a30fa6d17a",
"rev": "09708adbb33a6dbdb9c270131280284ad9e3be9c",
"type": "github"
},
"original": {
@@ -1228,11 +1228,11 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1754800730,
"narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=",
"lastModified": 1755049066,
"narHash": "sha256-ANrc15FSoOAdNbfKHxqEJjZLftIwIsenJGRb/04K41s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "641d909c4a7538f1539da9240dedb1755c907e40",
"rev": "e45f8f193029378d0aaee5431ba098dc80054e9a",
"type": "github"
},
"original": {
@@ -1276,11 +1276,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"lastModified": 1755027561,
"narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github"
},
"original": {
@@ -1379,11 +1379,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1754970647,
"narHash": "sha256-C1SPEfXk5NHa5CxWDOj5ihZdnVQqX1gwg4dV0W1pEf0=",
"lastModified": 1755115677,
"narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=",
"owner": "notashelf",
"repo": "nvf",
"rev": "5619a99e1262a4e7ed285da43dbb229f4882909d",
"rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe",
"type": "github"
},
"original": {
@@ -1493,11 +1493,11 @@
]
},
"locked": {
"lastModified": 1754880555,
"narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=",
"lastModified": 1755139244,
"narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4",
"rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d",
"type": "github"
},
"original": {

2
hosts/sobotka/server.nix
View File

@@ -17,7 +17,7 @@
fail2ban = {
enable = true;
apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
zoneId = "0027acdfb8bbe010f55b676ad8698dfb";
zoneId = "9c5bc447b995ef5110ed384dca1d5624";
};
homepage-dashboard = {
enable = true;

6
modules/nixos/services/agenix/default.nix
View File

@@ -62,10 +62,10 @@ in {
cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnv.file = "${self}/secrets/gluetunEnv.age";
gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
homepage-env.file = "${self}/secrets/homepage-env.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};

10
modules/server/homepage-dashboard/default.nix
View File

@@ -3,13 +3,13 @@
lib,
...
}: let
service = "homepage-dashboard";
unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard;
srv = config.server;
in {
options.server.homepage-dashboard = {
enable = lib.mkEnableOption {
description = "Enable ${service}";
description = "Enable ${unit}";
};
misc = lib.mkOption {
default = [];
@@ -37,9 +37,9 @@ in {
};
config = lib.mkIf cfg.enable {
services.glances.enable = true;
services.${service} = {
services.${unit} = {
enable = true;
environmentFile = config.age.secrets.homepage-env.path;
environmentFile = config.age.secrets.homepageEnvironment.path;
# customCSS = ''
# @font-face {
# font-family: "VCR OSD Mono";
@@ -248,7 +248,7 @@ in {
services.caddy.virtualHosts."${srv.domain}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${service}.listenPort}
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
'';
};
};

6
modules/server/podman/default.nix
View File

@@ -157,7 +157,7 @@ in {
];
volumes = ["/var:/gluetun"];
environmentFiles = [
config.age.secrets.gluetunEnv.path
config.age.secrets.gluetunEnvironment.path
];
environment = {
DEV_MODE = "false";
@@ -185,7 +185,7 @@ in {
"/share/downloads:/downloads:rw"
];
environmentFiles = [
config.age.secrets.gluetunEnv.path
config.age.secrets.gluetunEnvironment.path
];
environment = {
PUID = "994";
@@ -214,7 +214,7 @@ in {
"/share/downloads:/downloads:rw"
];
environmentFiles = [
config.age.secrets.gluetunEnv.path
config.age.secrets.gluetunEnvironment.path
config.age.secrets.slskd.path
];
environment = {

0
secrets/cloudflare-env.age → secrets/cloudflareEnvironment.age
View File

0
secrets/gluetunEnv.age → secrets/gluetunEnvironment.age
View File

0
secrets/homepage-env.age → secrets/homepageEnvironment.age
View File

8
secrets/secrets.nix
View File

@@ -10,16 +10,16 @@ in {
"keypem.age".publicKeys = [cnst kima];
"mailpwd.age".publicKeys = [cnst kima];
"gcapi.age".publicKeys = [cnst kima];
"cloudflare-env.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka];
"homepage-env.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwardenEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"homepageEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgSobotkaPrivateKey.age".publicKeys = [cnst kima usobotka rsobotka];
"gluetunEnv.age".publicKeys = [cnst kima usobotka rsobotka];
"gluetunEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"pihole.age".publicKeys = [cnst kima usobotka rsobotka];
"slskd.age".publicKeys = [cnst kima usobotka rsobotka];
}

0
secrets/vaultwarden-env.age → secrets/vaultwardenEnvironment.age
View File