From e48d51cbc0b4e3f081d977c5d7e69024e4c4016c Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 17 Jan 2025 22:12:23 +0000 Subject: [PATCH] Add zipline --- flake.lock | 95 +++++++++++++++----------------- hosts/muho/configuration.nix | 1 + hosts/ports.nix | 1 + modules/nixos/server/default.nix | 1 + modules/nixos/server/share.nix | 30 ++++++++++ modules/nixos/sops/default.nix | 7 ++- modules/nixos/sops/secrets.yaml | 5 +- 7 files changed, 86 insertions(+), 54 deletions(-) create mode 100644 modules/nixos/server/share.nix diff --git a/flake.lock b/flake.lock index 7232929..2735a16 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1725860795, - "narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=", + "lastModified": 1736852337, + "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "7f795bf75d38e0eea9fed287264067ca187b88a9", + "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "base16-vim": { "flake": false, "locked": { - "lastModified": 1731949548, - "narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=", + "lastModified": 1735953590, + "narHash": "sha256-YbQwaApLFJobn/0lbpMKcJ8N5axKlW2QIGkDS5+xoSU=", "owner": "tinted-theming", "repo": "base16-vim", - "rev": "61165b1632409bd55e530f3dbdd4477f011cadc6", + "rev": "c2a1232aa2c0ed27dcbf005779bcfe0e0ab5e85d", "type": "github" }, "original": { @@ -69,11 +69,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1734969791, - "narHash": "sha256-A9PxLienMYJ/WUvqFie9qXrNC2MeRRYw7TG/q7DRjZg=", + "lastModified": 1736899990, + "narHash": "sha256-S79Hqn2EtSxU4kp99t8tRschSifWD4p/51++0xNWUxw=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "92f4890bd150fc9d97b61b3583680c0524a8cafe", + "rev": "91ca1f82d717b02ceb03a3f423cbe8082ebbb26d", "type": "github" }, "original": { @@ -116,11 +116,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -212,19 +212,14 @@ "nixpkgs": [ "stylix", "nixpkgs" - ], - "nixpkgs-stable": [ - "stylix", - "git-hooks", - "nixpkgs" ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "type": "github" }, "original": { @@ -279,11 +274,11 @@ ] }, "locked": { - "lastModified": 1736781604, - "narHash": "sha256-nIjcN89nxaI5ZnwU/1gzc3rBVQ/te5sHraYeG4cyJX4=", + "lastModified": 1737120639, + "narHash": "sha256-p5e/45V41YD3tMELuiNIoVCa25/w4nhOTm0B9MtdHFI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9616d81f98032d1ee9bec68ab4b6a8c833add88c", + "rev": "a0046af169ce7b1da503974e1b22c48ef4d71887", "type": "github" }, "original": { @@ -300,11 +295,11 @@ ] }, "locked": { - "lastModified": 1735774425, - "narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f6aa268e419d053c3d5025da740e390b12ac936", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -322,11 +317,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1734239219, - "narHash": "sha256-iKY/OGNANXpd9hXBGfx8vObpHW4IcOH0MrerLCCc7hA=", + "lastModified": 1736952083, + "narHash": "sha256-zLhLqxc2JKvUtr0mSRRvOeKXN5dl5bn1e99z7EOp3bI=", "owner": "thiagokokada", "repo": "nix-alien", - "rev": "a266d0f74dd4a82ec6a72b02fbf3fbc5f7105f15", + "rev": "7e687663d2054fa1708284bd42731c6be62b1667", "type": "github" }, "original": { @@ -358,11 +353,11 @@ ] }, "locked": { - "lastModified": 1734234111, - "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", + "lastModified": 1736652904, + "narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", + "rev": "271e5bd7c57e1f001693799518b10a02d1123b12", "type": "github" }, "original": { @@ -393,11 +388,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733940404, - "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=", + "lastModified": 1736798957, + "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713", + "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", "type": "github" }, "original": { @@ -425,11 +420,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1736701207, - "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", "type": "github" }, "original": { @@ -441,11 +436,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1735648875, - "narHash": "sha256-fQ4k/hyQiH9RRPznztsA9kbcDajvwV1sRm01el6Sr3c=", + "lastModified": 1736798957, + "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47e29c20abef74c45322eca25ca1550cdf5c3b50", + "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3", "type": "github" }, "original": { @@ -472,11 +467,11 @@ ] }, "locked": { - "lastModified": 1736808430, - "narHash": "sha256-wlgdf/n7bJMLBheqt1jmPoxJFrUP6FByKQFXuM9YvIk=", + "lastModified": 1737107480, + "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "553c7cb22fed19fd60eb310423fdc93045c51ba8", + "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6", "type": "github" }, "original": { @@ -505,11 +500,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1736779864, - "narHash": "sha256-OgKIMua33t0ZcdcFiUntFKidwhZrRZUTLlVHJ+mAiZQ=", + "lastModified": 1736993991, + "narHash": "sha256-kPDt3QgeIsct9f375LIGmSoZKl7Z4AVzXX+9U0VV5PI=", "owner": "danth", "repo": "stylix", - "rev": "934e2bfe7954d6c94f25d45cb12a8b3547825699", + "rev": "a88c4d264a4379b7fe5a9e75ed51bea96f8dd407", "type": "github" }, "original": { @@ -600,11 +595,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1729501581, - "narHash": "sha256-1ohEFMC23elnl39kxWnjzH1l2DFWWx4DhFNNYDTYt54=", + "lastModified": 1735737224, + "narHash": "sha256-FO2hRBkZsjlIRqzNHCPc/52yxg11kHGA8MEtSun9RwE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "f0e7f7974a6441033eb0a172a0342e96722b4f14", + "rev": "aead506a9930c717ebf81cc83a2126e9ca08fa64", "type": "github" }, "original": { diff --git a/hosts/muho/configuration.nix b/hosts/muho/configuration.nix index bc62377..ea87ebe 100644 --- a/hosts/muho/configuration.nix +++ b/hosts/muho/configuration.nix @@ -36,6 +36,7 @@ in { mods.server.grav.enable = true; mods.server.homebox.enable = true; + mods.server.share.enable = true; mods.tailscale.enable = true; mods.wireguard.id = 3; diff --git a/hosts/ports.nix b/hosts/ports.nix index 0c61806..76f1de9 100644 --- a/hosts/ports.nix +++ b/hosts/ports.nix @@ -3,6 +3,7 @@ photos = 3001; homebox = 3002; git = 3003; + share = 3004; search = 8081; videos = 8082; diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index 8cc9f03..b90beb5 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -14,5 +14,6 @@ ./nginx.nix ./frontends.nix ./homebox.nix + ./share.nix ]; } diff --git a/modules/nixos/server/share.nix b/modules/nixos/server/share.nix new file mode 100644 index 0000000..5d418b0 --- /dev/null +++ b/modules/nixos/server/share.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.mods.server.share; + port = config.mods.server.nginx.ports.share; +in with lib; { + options.mods.server = { + share = { + enable = mkEnableOption { + default = false; + description = "enables zipline server"; + }; + }; + }; + + config = mkIf cfg.enable { + users.groups.zipline = { }; + users.users.zipline = { + isSystemUser = true; + group = "zipline"; + }; + services.zipline = { + enable = true; + settings = { + CORE_HOST = "0.0.0.0"; + CORE_PORT = port; + }; + environmentFiles = [ "/run/secrets/zipline-secret" ]; + }; + }; +} diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix index 019e517..77e6493 100644 --- a/modules/nixos/sops/default.nix +++ b/modules/nixos/sops/default.nix @@ -1,11 +1,14 @@ { pkgs, lib, config, inputs, system, ... }: let cfg = config.mods; - -in { +in with lib; { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { age.keyFile = "/home/muon/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets.muon-password = { }; + secrets.zipline-secret = mkIf cfg.server.share.enable { + owner = "zipline"; + group = "zipline"; + }; }; } diff --git a/modules/nixos/sops/secrets.yaml b/modules/nixos/sops/secrets.yaml index b99b130..c83e7eb 100644 --- a/modules/nixos/sops/secrets.yaml +++ b/modules/nixos/sops/secrets.yaml @@ -1,4 +1,5 @@ muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1XIMJR1Vgn/f1uo62bu4a/bknAR5gEBfd/cSRUTdBBxd7Lec2k3fxQg==,iv:j1JTzyfjcKEqh+PK5tyCWBMV7MpwvIG9MJ9eiajksxM=,tag:ZcSEVBW1UOCvE40yIsaBFQ==,type:str] +zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +24,8 @@ sops: NVBwYnhKTU5NbTAxenJocEF3MnF6VncKVBhPp/nWmdISiozrLM/x4aPv9b+PlqpC XedZ6QF4crOaY+IuURGkw1AnHddpysyC+TBmBWF3oAwE9l9MzExNDg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-17T20:33:28Z" - mac: ENC[AES256_GCM,data:f0BoA4bG64g1WPcLl9Qd2G3VbA5L5+VTK2/+nxcklQZrDzsr2gOQXK8WpiccuZ0CyU1UaLhSTAEfMb9N2sA3MISGikPyWYFQVA/TM+wfaDCnrnEgbuvtBuEMpNp54bwgF4ME2h9k3e3HcJlNze65z52je3tBCxe6siYEKVgB3yg=,iv:VC8BaJLS46yXCZL1gmSrElmqLM/L+sCqTuUkhhvYUBc=,tag:aK164Iq91mUOx8yVyUZN2Q==,type:str] + lastmodified: "2025-01-17T21:33:05Z" + mac: ENC[AES256_GCM,data:1rWVznPbKkLUES4PlHPsfrjGr6/q/RFm3+GUnn2hyixsfYRdTStoRjPglop/ma+6h9Yzwb0kkVYOFQDrGXmPFqtjbTjATqzRMo75bGNy+Ncs6f6zyEcZAnVk/MnPc7U0+PFRwkX6F4VnGQucZBDtE5/wpUYlhl2QB8x1Q3taCBk=,iv:2pRm+LGw+i5PR2I5xBqcmRctZUprWFCRZryuIyIH5rc=,tag:e9lnLyzp4wDHlbMsRNOAmw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2