noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ingress-proxy+lab-lapha

Browse source
This commit is contained in:
41666 2023-12-28 16:34:48 -05:00
parent b01c406f4a
commit 227c8b14e9
6 changed files with 178 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.sops.yaml
View file

@ -9,6 +9,8 @@ keys: &all
- &m_blueberry age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd
- &m_keylime age14luf58rfmzfg49624x6t67ahc0v3f0q2l0ely0he34y4skvmwg2qxdzdad
- &m_drone age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
- &m_ingress-proxy age1w9rhdgapzww5xepsmquga65wyh3met9kmysayx09gam92upg0d5qnlq9ww
- &m_lab-alpha age1cfl87vkhqe0wpz8yvv7dhgj9w8vydec07f0fr9s2xaggf5r255sstprptl
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -63,3 +65,17 @@ creation_rules:
- *op_noe_2
- *op_noe_3
- *m_drone
- path_regex: secrets/ingress-proxy/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_ingress-proxy
- path_regex: secrets/lab-alpha/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_lab-alpha

4
flake.nix
View file

@ -136,6 +136,10 @@
# HP Spectre
drone = mkNixos [ ./nixos/hosts/drone ];
# Lab
ingress-proxy = mkNixos [ ./nixos/hosts/services/ingress-proxy.nix ];
lab-alpha = mkNixos [ ./nixos/hosts/services/lab-alpha.nix ];
};
darwinConfigurations = {

6
home-manager/noe/common/home-user.nix
View file

@ -11,5 +11,11 @@ in
home = {
inherit homeDirectory;
username = "noe";
packages = with pkgs; [
profanity
gomuks
cinny-desktop
];
};
}

67
nixos/hosts/services/ingress-proxy.nix Normal file
View file

@ -0,0 +1,67 @@
{ lib, ... }: let
tsHost = x: "http://${x}.hoki-porgy.ts.net";
aliases = x: { serverAliases = x; };
routes = [
{
host = "warme.st";
target = tsHost "honeydew";
extra = aliases [ "colde.st" ];
}
{
host = "saerro.ps2.live";
target = tsHost "durian";
extra = aliases [ "agg.ps2.live" "metagame.ps2.live" ];
}
{
host = "mx.sapphic.engineer";
target = tsHost "mango";
extra = aliases [ "i.mx.sapphic.engineer" ];
}
{
host = "static-sites.foxxolay.net";
target = tsHost "juniper";
extra = aliases [
"mekanoe.com"
"foxxolay.com"
"foxxolay.net"
"inaayoka.com"
"kat.cafe"
];
}
{
host = "ml.colde.st";
target = tsHost "lab-alpha";
}
];
proxyConfig = {
forceSSL = true;
useHTTP3 = true;
useHTTP2 = true;
enableACME = true;
};
virtualHosts = map (x:
lib.nameValuePair
x.host
({ locations."/".proxyPass = x.target; } // proxyConfig // x.extra)
) routes;
in {
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/dns-cache.nix
../../features/nginx.nix
];
networking.hostName = "ingress-proxy";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
services.nginx = {
inherit virtualHosts;
recommendedTlsSettings = true;
};
}

17
nixos/hosts/services/lab-alpha.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }: {
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/dns-cache.nix
../../features/nginx.nix
];
networking.hostName = "lab-alpha";
system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
services.mastodon = {
enable = true;
configureNginx = true;
};
}

118
secrets/default.yaml
View file

@ -13,92 +13,110 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UWhMTG8wVnBRZW1JbUlR
YzZTWm1JenpzQ3lHRU9IaVhZVGlLUlZJTDA0CmFOc1JDVk1uc0xrMnpZTzJpOE9U
Tm4xUS9wQ2tWQ3BwU1Q0NjZWVGVJTVEKLS0tIFIzdDF0SWNMNXkxOFJJY1UzdXJ3
SC9xM0l4R2wzZEl3WG16ckZneWl4NE0KNNwCU/Gq8GIQs5PxcchH66hr/YAzjdXD
vEGmamjpPEczdSZPZHjvQ8gtBkbYgsZQCRKq0KRj+n6bVJFl9izb2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNT2NWd0h4K3BsZDBXYlU2
WDVmWEpyQmRGNmwzY25QYk10c1dqV05JS0JBCjBKbklpKzVzNi9kRVVJQkJ6SXJW
R1ZCZWdXM2RMVVUrR0JLK1gvSS9CSmsKLS0tIHljd2FhdDJUSUFjcFFGL3hmaGcz
Tzczdm5BRk02NlhOMUErUUIwZWczcnMKFNNC3v9y5x41QRyxsl9eq62GT2rXwo12
v2/3L68ecKl4LYdSI7D862UMIaBqAxVWjE60GZj7tmENZ68t7vGs8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VFZERmp6RldqT1VtSDBN
bDRLbkcyTDlGSzdUV2xqbGY0eWEvaWEzdHk4CkttQ3BJcmhhdTN3NmplZU5RLzdv
WGFzMHhIYlQvdnlyZTA1cDNudVdKYncKLS0tIHZDc1c3T1Brb2FOL1VKaVd5OU03
ejRheDJCcW11ck1wRGhRVHFLbGw4Y28KOMNAJ3cNMHjqm+DMTqzy6dTmZ7wgZPFn
QjBXAg/7LHV3FGCABJWp24YQxass2SHylMWbjl7soYdQzw/xp9KLkQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtN0lvdUVtZHBtNTU5MklR
dHFGVVh5MHNYVUFRblpMeUxoZDJGUlpSSHpzCjV2blFuMXRTM2E0NlBpcEduUDlj
aUt6ZUJmb2tqTFdYOVppNHZOdXA5eDQKLS0tIDZ3MGEvdWVmOFpMVUl2OTRvMnE1
OGlNOTBMTUFtdysxTVBUc3pzOFQ1WWMKgWrWGstN6frbCY6/UkpSyHohAXX2vXkx
HybIZrT8WV7OiVK2yW1ahQpwX9Y8d9kdTJLetOM0ij3iH+LvfrvCdg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWmdyek1LcTVEbmhURXNu
V0hObVRkZmVoSmdaV2tQdGlVelJsYWJ4alV3CmwzWjREWXZuRzFCWFpicTZtV3JM
ODNzZ1NZNXV4aTVlVFlTREo0RzlzQm8KLS0tIHdySUNoK0s2Zng0aWNaNkdjVFdJ
b3BBaWdhYWYrQmtQK0ZublFhN01FQ0kKS/VjKfbtJmN42Lt2BToOrURwUIEf0o6k
X+hPl5KvMygX0GB6NXRBm6046jV/e5AEa/Nm9bq9AWSR+tuxuIHc0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMzJGUW5rWFgyVnluWERD
YTBrUE1KeHkxV1QxNnJ2b3F5Ry9PQ3BZalg0CkJocXFuU2QxZ2FQdGViSmdaczJC
dEFLOFlDRFRUazdyUE8wbVVlMGlZMzgKLS0tIHpiSGR4QU9ha29KaXJWR2dhVnV4
ZUdGVzRObkgxV3lvamVjTnFvUHFQS00KZYnCYnIqG/TFoAZon57c0qirGubqmX6K
Ua90TmhVykin+EZbKOOhCLxccDjSynmsCv1cdTLh31XZNcPIAA7FKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NjFNa00xT0xGdVA2TGhC
c0k2Z0tMMVM4UFB0TE1WWUFuVk1Za3NmaVN3CloreWkxMW1leGdXK3ZORmxCUWZV
eWE2c1YydU9KdjZoa25FQjc2MjZBQUEKLS0tIDNXY1k5OGh6aGY4N3MyZVd1emZM
VXRmanhQNFkzN1RodzY1OEtSVmVyK28KzivElRG3uKE5LdlQFTJVmPv2n+y//blZ
YwUW13UnG8M6LVT1v5gqQlgVjFvr7Mco3mxiMeLjWzAWIYIuP3+brg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Mit6TE9uUThkbUEwMkM1
Y013UUpoQUNwcjZrL3ltN3Y1c21IL09BdlVvCjUycWc4NUxKWEQ2Wnc5RjM3bFpQ
aXhvNkpRLytFRmhzbHU2WEpXaTh5OGcKLS0tIE53ZnRucndqbDhMNjZESUpMNWpn
clJjSWN0azIySC9tZkEvUTh3andBREEKexehvMrQD6zsrDcxS4BJyocRYzcJeBvi
V1M1w12VJbBiVsNhrd0Dwozu/0Vv16CsnRk/bT5/2mboip22avrm6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPT1VuUEQ4cmtlbmFjdm0r
RGVrVkFkRGRYSmlYL2JTWWtER2NTdGpXY0dVCnlOKzltYytXRVJlS2Zha202UlhZ
N2RTd3NBYnBoSm82Ky9veEZDanVWWm8KLS0tIDF0UFdDWEYybXdtVmFoakZkYjl3
RmJ6cTdKVFN3eVk0djErOXFVQUlad0kKN7xxNJYhgIdb/X5UQLpnivAw9GnvZXd3
NgcNpPhXpav7yMIfD76zNzc+YncUtu1hOLMC7vpH8W8Ltd8kK3ZPlQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjamdLZXVWaWprUWtBSzZO
bTA0Y3UrYVNzcWQ2R1NVTXhPUWdHcy9pR0VnCitYM3NCaUlMS2VRTHdWeE1CQUNm
K2ZabGYrMTR6a0J4YnFSOEVYOTdMQUUKLS0tIDVFaDZib3ZXWUdmaGx4QVdMc0V5
NHltRDE1OUxOMVZQcXlhT2hFYUErc0UKEjrbq4QH1dN1CjOd+gdz+h96Sz/2P0gG
x/2JF0kp9jMcm2PpSzWn+HS524WVGywbe57eyfk7fRt2QJ4wWKUFqQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdmphNzV0cWc1OE44TWVt
K1B5SzVBZFlwVWJuSTRVcXpqU2ROQVh5eEFjCnFRZHBSMGs0UlZ6enZyVUtQYmZi
bzh4aE9hTjc0TmkyVXhMdzFrcWw0VFEKLS0tIFhZSTJsWUhtWG82bjBlTUgxRUM2
M0xDNmZib1Q5NUdsYjdUY0E3S096QjgKG/eCZjzMGz46BYt6k/Q8yKFPYUDSqefD
w1D0/C1mkTFa1w5NLvh3jZmiN88uBP9VzmfEPc9qGqCdm1B7m/8utg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NWRTYXVIQWZYcnBrUTBh
SERieXdTWTlBSFFmVktzTWIyREU1MWhvc0g0CmtBSTM3MjhFTGg4eGE5M3oyaVFN
eWxCYkFBbWtrWFg0Yy9qVXZpRmg0VTQKLS0tICtzaWpGWkhRbkVqY3hxUERDQlU3
aUNsMzIvSlFmOGNRSG44TUFXdDd2cFUKmWYwwgHnm2s0rtNIT2GjsJQMXWphWt2V
/3rSxgXfAaw14yFQvBY/rir4ohyMwJuX5Ww6UtbHSEd4V+WdpP1cDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMlZrZDBsT0UyenRGSlZG
Zjg1aE96K1UvZmlmUmJCM3ZmQWxYRHpuZjAwCjhJUEt6N1gxRktRYytFQ1lQdkxK
dmdEWG93T2d1YkExOUFGcUJjaFVlS1kKLS0tIDNlYmUzWEJrcXgzb25YMEZVb2hy
MVVFZHFGdEdXdjBKTlpyY2lVNWtVV0UKLjh7eWLYGEFxp2dd9GrX3ExYT5YBzKKJ
5Qh0v8F6n6cfXbM7nn4O83EYLB4yiIyNPrq27QtX0EBdPQf9gOLGhA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMzlQbm1ud29DT25UNUVC
NTJhY1BDT05lMGVGMGZ6VUVJeUNqeTVSdWprCnByUGkweGVENTVkUUJjNWhrYVpO
b0diWWNldWV6MG51U01HR0dpSGNsZVUKLS0tIGhGU1l0VW93dXZRWi81THpyaHQw
SEZvUzNrcVdSd1NIdEtsR0Rkb2trS1EKF/aYu3d3I0QewiXANyAe4y9Ox/07fJzY
/zTLkBt1pC8K7Z3J2C4rDBN0EeUZ2KGBO84kATqAVAL3A0UnsMecLQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTGp5OHovaVcreTczR3pk
bUVjSFlZNVJEODQvSnJIMHlZbE1NSXpWZGpNClV3OTZZRm1ZRTFkaVNYazEvcW9l
K2ZkYUJ5c3ZjQTR1T21UMVVqQ1d1YzQKLS0tIGV3aFFUbUFOaGR5Q2w1WC9kNU1F
WDVRVkZsK1JvWURMbFlzRGxDTGlhTW8KVQ9uigkoMDJeQp9Nq0fli1dex7fx/zQl
Jv4PQI8ecm+k/t7OgBMEQ0Dboaxmgzh+4u0km7E9dHP8njq4205BSA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTHJTT3pVbStYZDYxS1Nq
anoraDJrN2ZjK1JKanNJVXBhcmRRS21WTFJNCmU2c2lmclBrWlZzcHVtK1RvV21L
T3Uwa1V3RVZJM2FNeHl5M3RTdm0xZ2cKLS0tIFdQZlZBM3pkbHdIeUdXS0I0NGJY
Vncxekl4eDdFUFphb054RzNQK3lxRVkKe86o7O/jCGmvLN7o1psYixEZwWv8tx5A
Cm/UoSZfCazXKOo08sgVzVIpfj+5T1Z7ZXAcyueJQKkjiqBL8RAjGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age14luf58rfmzfg49624x6t67ahc0v3f0q2l0ely0he34y4skvmwg2qxdzdad
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOVQ5aGhKTVltaHFlVVlu
WHlwMjFYc0txc0RNOC9yOVpkUGRLL3ZaK2lzCmhmR1RnSFc5MzNCMS9NZE5WWlox
OWlEcVVkTlpueG9uV3NNVXhXOFRSVnMKLS0tICtoZnFUL1pIZHB6RjROeXFxeHNy
SnZ6dFo2MVlrMkQxQi95eW1FY0w1UzgKzwESKn2HYZbSNxaokyYpNFDCvjUORTlD
Gtb8NfkJI0wHRMS4ui4smZqIdodloat8oKpaOFx+y1822/JiKI1nvw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQWtydzg1MmZsTWp2c2dh
eldyWHFseXZPUHhJcXZ5TVhyWnJqcHFWWmtvCmI4TEROMFNFMFNEbnJUSm9VektP
VTRReHFKM0hQRGlPWDZGbVhXczZpdEkKLS0tIC9FbzFaSjVJY2wyYy93dkl6TXJt
NG9rNFIrNk4vSXZ1UUVOQTA5Zko5K1kKZQR/UCJ+Km0lKWw04TWqh/fRcV4SJm36
tJS63l7KJ+hSekHIvIbNgzXWPCDUAuJc3WF29+2A669Fz6mwYSlvDw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cnRPTFFuVFJmZmdyODFE
R2p4ek1CWFlrVlRMLzlIK3c0M2tpaW5uQm5FCk1Cc0NyVStXYW55SFYwQUNJdkdN
U0J0RUFpK05TR2hkck5CUmJZZlN1eVkKLS0tIGg4NlVBMExQTXVVVW5iTGpINTI3
ZEo1MWYvb2NEUjdGVFVzaEJuRXJXTHMKfCvyWoI4cYO1JtW9KSJEo+J7kg5s1Bs0
57F+HzAL1GSgchIeNdYNWrswvF1VNt+zXLRik1YZOTkA/jej7LceiA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEelBOZEYwSVhTMXVzZCtq
NjNGS0QxakovYkducG0rV3ZENVVYY0lwTnpnCkZjcDI5WG5zZi9SaTRNVjZ4R1RG
cS9DcWNiQm5LbDVTWTZTc29NVEJYeGsKLS0tIE80NmQ1QXNPb1ZiTjNUbW94WXRL
bTJwVllsN2lUQmNSQ2VwVEgrL2sxVDgKnUGZSfgfry3+SDL13K0nQx3sLZv9i6cn
KllPHbc1hnlgIaadfstWzylgtt7RCZk7Bm34YFiBuxa47KBXf+iO8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w9rhdgapzww5xepsmquga65wyh3met9kmysayx09gam92upg0d5qnlq9ww
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV0RZS2gvY0wvMTRXdmFN
MWVlSlhoc2hZbVI3K050a2Rtb2ZzNE9NVUVRCnBsOFlodm1yTjRqbG5Wcjg2dEQ3
UFRvVkpLZm5uYm55dUFaVCtUTFpTSG8KLS0tIFFXQ1kxR3hFUnduNDA3dWF1WUdu
TEdoZUZYemUyUlZXczl3RHRRNTRrdEEKMtrncjjHyxbs+NLPOq7wkO892vhvPjPC
B2jyc9aFB3LrJsIS/GzItLDhf3b/AnrPuHA25DGBbox43ZJDkpum+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cfl87vkhqe0wpz8yvv7dhgj9w8vydec07f0fr9s2xaggf5r255sstprptl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUmdScWhPMG5PR0hzTWxB
bkhoNnJCc2g3c0ZESEJVNE5RYjR5UmZ3UldzClZtdGk0UE0yTXR6K2hiSVdkNGZ2
cjNxWXJyd3VWNDVqR1Q0WVByalZPOGsKLS0tIGhKQTJyZklXYzZzYkdLamxzWHVZ
UnZia1R3Vmp6Z0V2YmZEeXpmQVkvVU0KvM8eN/PCfT5OOQ4WB3PnnVI9ezPQxuze
lJURRxS5m+yd+ikWIgO+/XsbYdqiai9c01yzcxWvruPm8c/mkjzB3A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-17T20:21:39Z"
mac: ENC[AES256_GCM,data:IbpBloPeCvdYqloShrSvAIUzjCk+/1+Gl4+LbyKGnO9GUadlwJTyA/WDWiCkdmyFqqpMclD4Kq4CDYK341pSjyNdbfO2nIWU7/k+T7MaGoOzCJZhK/ysZjn7uUeNpkRNBJMht7VYGc6V4iEvJ835z4VAfnTb51mBz+Ytjpk6K+c=,iv:+RVwgp3btRyi1fCjPcMPZ5Du+3RlCkwFNqjFGrS+5zE=,tag:fpNwqMS6CH6pgd2QmaWggA==,type:str]