cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

some refactor and fail2ban changes

Browse Source
This commit is contained in:
cnst
2025-08-15 16:26:10 +02:00
parent f8dabd4e18
commit 3ed8196fa6
10 changed files with 49 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
flake.lock generated
View File

@@ -123,11 +123,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1754907869, "lastModified": 1755169038,
"narHash": "sha256-tzshAAjt0xDjCc/aOgii6PSqePIc2rWYSXF8VnqEhIg=", "narHash": "sha256-lIAE8ou7ukvoOE0nZ2lNcl/n8mnj6m2cGsx9U7Xhew4=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "b5f83e0d7bce67af178f6aaef95853fedf4c00a0", "rev": "5efc0389eaca14046e1ee2068bcba6fe64cf6e2e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -182,11 +182,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1755067290, "lastModified": 1755153894,
"narHash": "sha256-M5tvUutzwlbnSExaQKSKS/b/Cl6Kd0lEiLwt6mvD6t0=", "narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "ef180474c4763fc19df569b5af259e2de32b9491", "rev": "f6874c6e512bc69d881d979a45379b988b80a338",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -483,11 +483,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755107032, "lastModified": 1755121891,
"narHash": "sha256-ckb/RX9rJ/FslBA3K4hYAXgVW/7JdQ50Z+28XZT96zg=", "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4b6dd06c6a92308c06da5e0e55f2c505237725c9", "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -525,11 +525,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754886238, "lastModified": 1755121891,
"narHash": "sha256-LTQomWOwG70lZR+78ZYSZ9sYELWNq3HJ7/tdHzfif/s=", "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0d492b89d1993579e63b9dbdaed17fd7824834da", "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -676,11 +676,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1755071134, "lastModified": 1755184403,
"narHash": "sha256-4HK2kvyeAO/6kNKGanvP8mg4nEeDwke+d3eozz3QmOQ=", "narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland", "repo": "hyprland",
"rev": "aa6a78f0a4e17c49ed4aff8b58c3f7ec7ef0408f", "rev": "60d769a89908c29e19100059985db15a7b6bab6a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1064,11 +1064,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754639028, "lastModified": 1755151620,
"narHash": "sha256-w1+XzPBAZPbeGLMAgAlOjIquswo6Q42PMep9KSrRzOA=", "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "d49809278138d17be77ab0ef5506b26dc477fa62", "rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1143,11 +1143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755050545, "lastModified": 1755136941,
"narHash": "sha256-DPdNnDwDvGWn/AZ8B3G95o8EIM4/ewIfgTgR+Rlul9o=", "narHash": "sha256-tb7d+oBwD6ZBPzAhV/eXQs42YaZuzoNczRSPD3ubuoE=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "064757499f6d48e343552e328eb757a30fa6d17a", "rev": "09708adbb33a6dbdb9c270131280284ad9e3be9c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1228,11 +1228,11 @@
}, },
"nixpkgs_11": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1754800730, "lastModified": 1755049066,
"narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", "narHash": "sha256-ANrc15FSoOAdNbfKHxqEJjZLftIwIsenJGRb/04K41s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "641d909c4a7538f1539da9240dedb1755c907e40", "rev": "e45f8f193029378d0aaee5431ba098dc80054e9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1276,11 +1276,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1754725699, "lastModified": 1755027561,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1379,11 +1379,11 @@
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1754970647, "lastModified": 1755115677,
"narHash": "sha256-C1SPEfXk5NHa5CxWDOj5ihZdnVQqX1gwg4dV0W1pEf0=", "narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "5619a99e1262a4e7ed285da43dbb229f4882909d", "rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1493,11 +1493,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754880555, "lastModified": 1755139244,
"narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", "narHash": "sha256-SN1BFA00m+siVAQiGLtTwjv9LV9TH5n8tQcSziV6Nv4=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", "rev": "aeae248beb2a419e39d483dd9b7fec924aba8d4d",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/sobotka/server.nix
View File

@@ -17,7 +17,7 @@
fail2ban = { fail2ban = {
enable = true; enable = true;
apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path; apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
zoneId = "0027acdfb8bbe010f55b676ad8698dfb"; zoneId = "9c5bc447b995ef5110ed384dca1d5624";
}; };
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;

6
modules/nixos/services/agenix/default.nix
View File

@@ -62,10 +62,10 @@ in {
cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age"; cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
wgCredentials.file = "${self}/secrets/wgCredentials.age"; wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age"; wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnv.file = "${self}/secrets/gluetunEnv.age"; gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age"; vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepage-env.file = "${self}/secrets/homepage-env.age"; homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age"; pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age"; slskd.file = "${self}/secrets/slskd.age";
}; };

10
modules/server/homepage-dashboard/default.nix
View File

@@ -3,13 +3,13 @@
lib, lib,
... ...
}: let }: let
service = "homepage-dashboard"; unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard; cfg = config.server.homepage-dashboard;
srv = config.server; srv = config.server;
in { in {
options.server.homepage-dashboard = { options.server.homepage-dashboard = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${service}"; description = "Enable ${unit}";
}; };
misc = lib.mkOption { misc = lib.mkOption {
default = []; default = [];
@@ -37,9 +37,9 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.glances.enable = true; services.glances.enable = true;
services.${service} = { services.${unit} = {
enable = true; enable = true;
environmentFile = config.age.secrets.homepage-env.path; environmentFile = config.age.secrets.homepageEnvironment.path;
# customCSS = '' # customCSS = ''
# @font-face { # @font-face {
# font-family: "VCR OSD Mono"; # font-family: "VCR OSD Mono";
@@ -248,7 +248,7 @@ in {
services.caddy.virtualHosts."${srv.domain}" = { services.caddy.virtualHosts."${srv.domain}" = {
useACMEHost = srv.domain; useACMEHost = srv.domain;
extraConfig = '' extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${service}.listenPort} reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
''; '';
}; };
}; };

6
modules/server/podman/default.nix
View File

@@ -157,7 +157,7 @@ in {
]; ];
volumes = ["/var:/gluetun"]; volumes = ["/var:/gluetun"];
environmentFiles = [ environmentFiles = [
config.age.secrets.gluetunEnv.path config.age.secrets.gluetunEnvironment.path
]; ];
environment = { environment = {
DEV_MODE = "false"; DEV_MODE = "false";
@@ -185,7 +185,7 @@ in {
"/share/downloads:/downloads:rw" "/share/downloads:/downloads:rw"
]; ];
environmentFiles = [ environmentFiles = [
config.age.secrets.gluetunEnv.path config.age.secrets.gluetunEnvironment.path
]; ];
environment = { environment = {
PUID = "994"; PUID = "994";
@@ -214,7 +214,7 @@ in {
"/share/downloads:/downloads:rw" "/share/downloads:/downloads:rw"
]; ];
environmentFiles = [ environmentFiles = [
config.age.secrets.gluetunEnv.path config.age.secrets.gluetunEnvironment.path
config.age.secrets.slskd.path config.age.secrets.slskd.path
]; ];
environment = { environment = {

0
secrets/cloudflare-env.age → secrets/cloudflareEnvironment.age
View File

0
secrets/gluetunEnv.age → secrets/gluetunEnvironment.age
View File

0
secrets/homepage-env.age → secrets/homepageEnvironment.age
View File

8
secrets/secrets.nix
View File

@@ -10,16 +10,16 @@ in {
"keypem.age".publicKeys = [cnst kima]; "keypem.age".publicKeys = [cnst kima];
"mailpwd.age".publicKeys = [cnst kima]; "mailpwd.age".publicKeys = [cnst kima];
"gcapi.age".publicKeys = [cnst kima]; "gcapi.age".publicKeys = [cnst kima];
"cloudflare-env.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwardenEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"homepage-env.age".publicKeys = [cnst kima usobotka rsobotka]; "homepageEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka]; "wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgSobotkaPrivateKey.age".publicKeys = [cnst kima usobotka rsobotka]; "wgSobotkaPrivateKey.age".publicKeys = [cnst kima usobotka rsobotka];
"gluetunEnv.age".publicKeys = [cnst kima usobotka rsobotka]; "gluetunEnvironment.age".publicKeys = [cnst kima usobotka rsobotka];
"pihole.age".publicKeys = [cnst kima usobotka rsobotka]; "pihole.age".publicKeys = [cnst kima usobotka rsobotka];
"slskd.age".publicKeys = [cnst kima usobotka rsobotka]; "slskd.age".publicKeys = [cnst kima usobotka rsobotka];
} }

0
secrets/vaultwarden-env.age → secrets/vaultwardenEnvironment.age
View File