repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

freun.dev add snips

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-06 11:40:51 +02:00
committed by Joakim Repomaa
parent f1d5a4b2f2
commit 983e313e11
6 changed files with 84 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock generated
View File

@@ -362,11 +362,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1738471961, "lastModified": 1738816619,
"narHash": "sha256-cgXDFrplNGs7bCVzXhRofjD8oJYqqXGcmUzXjHmip6Y=", "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "537286c3c59b40311e5418a180b38034661d2536", "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -428,11 +428,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1738410390, "lastModified": 1738680400,
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e", "rev": "799ba5bffed04ced7067a91798353d360788b30d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -491,11 +491,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1738435198, "lastModified": 1738702386,
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=", "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3", "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
"type": "github" "type": "github"
}, },
"original": { "original": {

37
flake.nix
View File

@@ -44,25 +44,28 @@
}; };
ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti"; ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti";
}; };
outputs = { nixpkgs, ... }@inputs: { outputs = { nixpkgs, ... }@inputs:
nixosConfigurations = { let
freun-dev = nixpkgs.lib.nixosSystem { bin.sshPort = 2222;
system = "x86_64-linux"; specialArgs = { inherit inputs bin; };
specialArgs = { inherit inputs; }; system = "x86_64-linux";
modules = [ ./modules ./hosts/freun.dev ]; in
}; {
nixosConfigurations = {
freun-dev = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [ ./modules ./hosts/freun.dev ];
};
radish = nixpkgs.lib.nixosSystem { radish = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; inherit system specialArgs;
specialArgs = { inherit inputs; }; modules = [ ./modules ./hosts/radish ];
modules = [ ./modules ./hosts/radish ]; };
};
apu = nixpkgs.lib.nixosSystem { apu = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; inherit system specialArgs;
specialArgs = { inherit inputs; }; modules = [ ./modules ./hosts/apu ];
modules = [ ./modules ./hosts/apu ]; };
}; };
}; };
};
} }

3
home/common/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, bin, ... }:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
imports = [ ../gnome ../custom-programs ./neovim ]; imports = [ ../gnome ../custom-programs ./neovim ];
@@ -236,6 +236,7 @@
hostname = "apu.tempel-vibes.ts.net"; hostname = "apu.tempel-vibes.ts.net";
user = "root"; user = "root";
}; };
"bin.freun.dev".port = bin.sshPort;
}; };
}; };
spotify-player = { spotify-player = {

4
home/default.nix
View File

@@ -1,11 +1,11 @@
{ inputs, ... }: { inputs, bin, ... }:
{ {
home-manager = { home-manager = {
users = { users = {
jokke = import ./jokke; jokke = import ./jokke;
moco = import ./moco; moco = import ./moco;
}; };
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs bin; };
sharedModules = [ (import ./common) ]; sharedModules = [ (import ./common) ];
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;

1
hosts/freun.dev/services.nix
View File

@@ -41,5 +41,6 @@
./tailscale.nix ./tailscale.nix
./workout-tracker.nix ./workout-tracker.nix
./gotosocial.nix ./gotosocial.nix
./snips.nix
]; ];
} }

50
hosts/freun.dev/snips.nix Normal file
View File

@@ -0,0 +1,50 @@
{ pkgs, bin, ... }:
let
fqdn = "bin.freun.dev";
port = 3600;
sshPort = bin.sshPort;
authorizedKeys = pkgs.writeTextFile {
name = "authorized_keys";
text = ''
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=
'';
};
in
{
nixpkgs.config.snips-sh.withTensorflow = true;
systemd.services.snips = {
enable = true;
description = "Snips pastebin";
environment = {
SNIPS_HTTP_INTERNAL = "http://127.0.0.1:${toString port}";
SNIPS_HTTP_EXTERNAL = "https://${fqdn}";
SNIPS_SSH_INTERNAL = "ssh://0.0.0.0:${toString sshPort}";
SNIPS_SSH_EXTERNAL = "ssh://${fqdn}:${toString sshPort}";
SNIPS_HOST_KEY_PATH = "/var/lib/snips/keys/snips";
SNIPS_DB_FILEPATH = "/var/lib/snips/snips.db";
SNIPS_SSH_AUTHORIZEDKEYSPATH = authorizedKeys;
};
serviceConfig = {
EnvironmentFile = "/var/secrets/snips.env";
StateDirectory = "snips";
ExecStart = "${pkgs.snips-sh}/bin/snips.sh";
WorkingDirectory = "/var/lib/snips";
ConfigurationDirectory = "snips";
DynamicUser = true;
};
wantedBy = [ "multi-user.target" ];
confinement = {
enable = true;
packages = [ authorizedKeys ];
};
};
services.caddy.virtualHosts = {
"${fqdn}".extraConfig = ''
reverse_proxy localhost:${toString port}
'';
};
networking.firewall.allowedTCPPorts = [ sshPort ];
}