From f9cd612c37e3139acbd502118f41909d05f779e1 Mon Sep 17 00:00:00 2001 From: cnst Date: Sat, 19 Jul 2025 14:50:54 +0200 Subject: [PATCH] homepage tinkering --- flake.lock | 120 +++++++++++----------- modules/nixos/services/agenix/default.nix | 1 + modules/server/caddy/default.nix | 20 +++- modules/server/homepage/default.nix | 2 +- secrets/homepage-env.age | 11 ++ secrets/secrets.nix | 1 + 6 files changed, 89 insertions(+), 66 deletions(-) create mode 100644 secrets/homepage-env.age diff --git a/flake.lock b/flake.lock index 2b114f63..4aada094 100644 --- a/flake.lock +++ b/flake.lock @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1751740947, - "narHash": "sha256-35040CHH7P3JGmhGVfEb2oJHL/A5mI2IXumhkxrBnao=", + "lastModified": 1752743471, + "narHash": "sha256-4izhj1j7J4mE8LgljCXSIUDculqOsxxhdoC81VhqizM=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "dfc1db15a08c4cd234288f66e1199c653495301f", + "rev": "e31b575d19e7cf8a8f4398e2f9cffe27a1332506", "type": "github" }, "original": { @@ -144,11 +144,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1752764457, - "narHash": "sha256-1vE4SqVcS5eoALVPQHaOK1fxUYTKB8xYlPnkmp68NSQ=", + "lastModified": 1752873674, + "narHash": "sha256-utY0HoUO68Z5H/yeg6SPA9AI35vi4+Y0zZB9Vj3UKzc=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "bf072abdae6fb8149dd7fdc715ca51e8e411e586", + "rev": "6fe26ca464e361b390713abc31c46f4811c4f29b", "type": "github" }, "original": { @@ -203,11 +203,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1752734526, - "narHash": "sha256-OIg7NwrqyYJVpXJdDgaagIzM0dtc4GghdncUrUsCgT8=", + "lastModified": 1752907304, + "narHash": "sha256-rSw0b/ahoZebcp+AZG7uoScB5Q59TYEE5Kx8k0pZp9E=", "owner": "nix-community", "repo": "fenix", - "rev": "f1526533e3a59a666dbae99594c9d29b201f302d", + "rev": "e91719882d0e4366202cc9058eb21df74c0bdb92", "type": "github" }, "original": { @@ -465,11 +465,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1752781573, - "narHash": "sha256-lciLQos2xk62PrLi/RbD12V8Da5xAysPnhP4KvI3Jho=", + "lastModified": 1752875735, + "narHash": "sha256-ie+Qr1L2LXdWOMPjaU+Iw1w9lsrh57QgQ+BVN+hSjec=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "155ddc3f8f0e99731d30f15653c62ac7e2476c46", + "rev": "39f4cf3d19d49eecdb03cf963ec5818fd83d2fe7", "type": "github" }, "original": { @@ -576,11 +576,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1752674572, - "narHash": "sha256-rCAwXmLQJQVHRpquWTQV1fDurHhf4beUzqDi6FVkdEo=", + "lastModified": 1752851830, + "narHash": "sha256-6MHI6FRiui4MR/Ek3s5yO84UVL7d1bPYdzF5LF0ZyCY=", "owner": "helix-editor", "repo": "helix", - "rev": "2ee11a0a9d9b9951b5b64b54be05379cc030230b", + "rev": "4418e338e8ea055663c6029080768572d159dba1", "type": "github" }, "original": { @@ -596,11 +596,11 @@ ] }, "locked": { - "lastModified": 1752783339, - "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=", + "lastModified": 1752814804, + "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e", + "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", "type": "github" }, "original": { @@ -638,11 +638,11 @@ ] }, "locked": { - "lastModified": 1752402455, - "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=", + "lastModified": 1752783339, + "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df", + "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e", "type": "github" }, "original": { @@ -696,11 +696,11 @@ ] }, "locked": { - "lastModified": 1751808145, - "narHash": "sha256-OXgL0XaKMmfX2rRQkt9SkJw+QNfv0jExlySt1D6O72g=", + "lastModified": 1752149140, + "narHash": "sha256-gbh1HL98Fdqu0jJIWN4OJQN7Kkth7+rbkFpSZLm/62A=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "b841473a0bd4a1a74a0b64f1ec2ab199035c349f", + "rev": "340494a38b5ec453dfc542c6226481f736cc8a9a", "type": "github" }, "original": { @@ -789,11 +789,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1752782660, - "narHash": "sha256-YIT3A+MLvX0EV5BpqyPN+ArLa6VLxO6cNPJeSyjIrdE=", + "lastModified": 1752921521, + "narHash": "sha256-i8dyBuUgm2cOtH0YvFH+SpbCW0fABL52wV7Mn2u+8aM=", "owner": "hyprwm", "repo": "hyprland", - "rev": "a05c797e4a7b32f933569aec6cfba180bc693528", + "rev": "d84699d8e5e984422da37595ee41fc0d8d93fef5", "type": "github" }, "original": { @@ -810,11 +810,11 @@ ] }, "locked": { - "lastModified": 1752069516, - "narHash": "sha256-dyzDJvt8IVgHJVmpnw1mueHHSLYnChW1XMkwz9WUBZ8=", + "lastModified": 1752857088, + "narHash": "sha256-usBNOT/uzFdsKDe5Ik+C36zqL+BfT7Lp2rqKWrpQuqk=", "owner": "hyprwm", "repo": "contrib", - "rev": "34d0c01910552b873a07c96921ef70e32bf369a2", + "rev": "481175e17e155f19a3b31416530b6edf725e7034", "type": "github" }, "original": { @@ -1055,11 +1055,11 @@ ] }, "locked": { - "lastModified": 1751888065, - "narHash": "sha256-F2SV9WGqgtRsXIdUrl3sRe0wXlQD+kRRZcSfbepjPJY=", + "lastModified": 1752252310, + "narHash": "sha256-06i1pIh6wb+sDeDmWlzuPwIdaFMxLlj1J9I5B9XqSeo=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "a8229739cf36d159001cfc203871917b83fdf917", + "rev": "bcabcbada90ed2aacb435dc09b91001819a6dc82", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ ] }, "locked": { - "lastModified": 1751881472, - "narHash": "sha256-meB0SnXbwIe2trD041MLKEv6R7NZ759QwBcVIhlSBfE=", + "lastModified": 1751897909, + "narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "8fb426b3e5452fd9169453fd6c10f8c14ca37120", + "rev": "fcca0c61f988a9d092cbb33e906775014c61579d", "type": "github" }, "original": { @@ -1177,11 +1177,11 @@ ] }, "locked": { - "lastModified": 1752340638, - "narHash": "sha256-9+vBdRt/jg8fAll1VD3NXBibkRq9F8Wq/mW45I5jlvc=", + "lastModified": 1752755091, + "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "1129c951dcc2a269a12cb74d64bd64e44e724ecb", + "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a", "type": "github" }, "original": { @@ -1273,11 +1273,11 @@ ] }, "locked": { - "lastModified": 1752765641, - "narHash": "sha256-2MoYXbaCQCBR066/XOKCZYrWeBCb8CddS97FQ6CZxpk=", + "lastModified": 1752890591, + "narHash": "sha256-zvJs+RxrYWoPt4w3+e4H9PGOvsKVgqGDMpmZjZStLVw=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "5497282068f11f4e9be8eda127a8ce21a25fd3ca", + "rev": "e68cf458c6644ad07a8fc9d762b843e192efe966", "type": "github" }, "original": { @@ -1327,11 +1327,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1752480373, - "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -1391,11 +1391,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1752480373, - "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -1436,11 +1436,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -1490,11 +1490,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1752787341, - "narHash": "sha256-w0ECxf6WCg/T89REElgzw49nVBcHEMqYACHxWWevTBg=", + "lastModified": 1752888521, + "narHash": "sha256-ddjJCgiNwA4AleqxxKr6ZSQjGGpHLFpMQyNQ7wAJADA=", "owner": "notashelf", "repo": "nvf", - "rev": "6b841d4b9725ff30dc87b8f1f8f6cf5d144751b9", + "rev": "b89ed914055ce246493eaf8cc33553ad25b9a64f", "type": "github" }, "original": { @@ -1584,11 +1584,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1752687976, - "narHash": "sha256-juLg/AlXwda5fwewOJq42Q5T49wU131glK55BzKyhvU=", + "lastModified": 1752817855, + "narHash": "sha256-YnG3d44oX+g2ooUsNWT+Ii24w6T+b0dj86k0HkIFUj4=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "152087654552a79f85e588da0a8de905436e62d8", + "rev": "330c4ed11c4e1eef0999a2cd629703a601da1436", "type": "github" }, "original": { @@ -1606,11 +1606,11 @@ ] }, "locked": { - "lastModified": 1752374969, - "narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=", + "lastModified": 1752720268, + "narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d", + "rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae", "type": "github" }, "original": { diff --git a/modules/nixos/services/agenix/default.nix b/modules/nixos/services/agenix/default.nix index e7b5c6a6..74f22a64 100644 --- a/modules/nixos/services/agenix/default.nix +++ b/modules/nixos/services/agenix/default.nix @@ -62,6 +62,7 @@ in { cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age"; vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age"; + homepage-env.file = "${self}/secrets/homepage-env.age"; }; }) (mkIf cfg.toothpc.enable { diff --git a/modules/server/caddy/default.nix b/modules/server/caddy/default.nix index 5afa6f6c..4ea4a7db 100644 --- a/modules/server/caddy/default.nix +++ b/modules/server/caddy/default.nix @@ -1,6 +1,4 @@ { - self, - pkgs, config, lib, ... @@ -16,7 +14,6 @@ in { ports = [80 443]; in { allowedTCPPorts = ports; - allowedUDPPorts = ports; }; security.acme = { @@ -36,8 +33,21 @@ in { services.caddy = { enable = true; - # environmentFile = config.age.secrets.cloudflare-env.path; - # package = self.packages.${pkgs.system}.caddy-with-plugins; + globalConfig = '' + auto_https off + ''; + virtualHosts = { + "http://${config.server.domain}" = { + extraConfig = '' + redir https://{host}{uri} + ''; + }; + "http://*.${config.server.domain}" = { + extraConfig = '' + redir https://{host}{uri} + ''; + }; + }; }; }; } diff --git a/modules/server/homepage/default.nix b/modules/server/homepage/default.nix index 5501b5c6..6966e656 100644 --- a/modules/server/homepage/default.nix +++ b/modules/server/homepage/default.nix @@ -39,7 +39,7 @@ in { services.glances.enable = true; services.${service} = { enable = true; - environmentFile = builtins.toFile "homepage.env" "HOMEPAGE_ALLOWED_HOSTS=${server.domain}"; + environmentFile = config.age.secrets.homepage-env.path; customCSS = '' body, html { font-family: SF Pro Display, Helvetica, Arial, sans-serif !important; diff --git a/secrets/homepage-env.age b/secrets/homepage-env.age new file mode 100644 index 00000000..96fa057b --- /dev/null +++ b/secrets/homepage-env.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 t9iOEg vCSlsqpIby3JEYlS59ehnHYT3WtVHIxsdvvIDxSOiVo +vUxjnq5w8r34bhQ3Q11R7CPW841OcOUOyamfNX0lUo8 +-> ssh-ed25519 KUYMFA ywIzT9djU6v0zd3oppYFSDAh+kRSe+ghUs3CINa25lE +wZz1yFDQ1oXFEVfGyuVk3I9bpCLCIR5sKSQ/HRlUcMY +-> ssh-ed25519 76RhUQ nxCmEF/wYFN/PRVKFdnVoGzcDC5tJKlEelfCm6LNFlw +VyOlS1uDALhcRmwoh5xuwTRyIshTUOye+dvkOxUCM04 +-> ssh-ed25519 Jf8sqw 7bugpDkef2Xr+xrlisCQ5lFT4QuRH6ix6q8r4IChGEA +GwJZDlEGXKhDDdQ/vNrA/1xCJH/ImzlcU74dbVEZes4 +--- HzcfRvIKYBkU3SBLml5n1Vw1pxjfPwT1J1C2gGqm5U4 +d:#Ԝ*Rӕ!\L͎b(ҿ(,?e ap0&n+ |ywCS©^["IHjn \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index eef1a776..5f958d3c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,6 +12,7 @@ in { "gcapi.age".publicKeys = [cnst kima]; "cloudflare-env.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka]; + "homepage-env.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];