diff --git a/flake.lock b/flake.lock index b924875..7144341 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,30 @@ "type": "github" } }, + "api-rs": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1706818243, + "narHash": "sha256-xhUSxZ+JFoVcp86fMESPatNYFl0kAZUKxgwcU8XSBNo=", + "owner": "uku3lig", + "repo": "api-rs", + "rev": "da75616d1686fac75bffd93db095f6f1911afedf", + "type": "github" + }, + "original": { + "owner": "uku3lig", + "repo": "api-rs", + "type": "github" + } + }, "catppuccin": { "locked": { "lastModified": 1705010618, @@ -173,25 +197,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1681202837, @@ -207,6 +213,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_3": { "inputs": { "systems": "systems_5" @@ -225,6 +249,24 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -295,12 +337,12 @@ "flake-parts": [ "flake-parts" ], - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1705918090, @@ -381,6 +423,7 @@ "root": { "inputs": { "agenix": "agenix", + "api-rs": "api-rs", "catppuccin": "catppuccin", "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", @@ -392,6 +435,28 @@ } }, "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "api-rs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699841702, + "narHash": "sha256-EG1Fpw732KmcyFJB0tUNsvreRomwTI/H5ngqlGrfB1Y=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "05c34b45e276a9939d1170b025faafe7a5fab2c8", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "flake-utils": [ "lanzaboote", @@ -491,9 +556,24 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, @@ -512,7 +592,7 @@ "vscode-extensions": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -533,7 +613,7 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 4d6aa06..d0e0aff 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,13 @@ url = "github:nix-community/nixos-vscode-server"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # ==== uku3lig stuff ==== + api-rs = { + url = "github:uku3lig/api-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; }; outputs = {flake-parts, ...} @ inputs: diff --git a/secrets/etna/apiRsEnv.age b/secrets/etna/apiRsEnv.age new file mode 100644 index 0000000..86ebba5 --- /dev/null +++ b/secrets/etna/apiRsEnv.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTKzh3RnpkUGxBZnVuYlRD +UDBXNVZJeTFvQ21scnFjcHhhUUwzaUo5NGg4CkxCMkNNM2haMG5ub0YzT2Zxajhj +YmdhSlhyeDgyeVVMUWhaYVpiNHJVcnMKLT4gWDI1NTE5IEtMczAvWERxbEg1eHkz +dDRNQmhiM0p6QzVrTFpkSjZ0aXo4OUxzaFd3QlUKdVZoSnhWUWl4NWtZSXRNQWhH +YlBUYWNFSjRSUm0wRmViWnFsRk1oc0dDSQotPiBYMjU1MTkgcnc1SVE0ZnplWVhj +cHdNeC96Nk9UZ1B6ZFlKM1YvRjN3VnkwK0dDL0ZnQQoxMFFKeE9ERHJWbjNqV2My +aWFWTmgzbzk2d0FMVHBMOE9hVXJKUHFLOXkwCi0tLSA0RWtDWHBzTmlzUS9aMWdB +cnZISldlNWxKRncwZ0I2VU92NmE0aDlTWi9jCraKbxDaARBL64xUSH1R10zNA5QJ +Ake+50nG72o6eZwuhaTdQJ4P7Lo9PC8m0yJ7m2/HVtvwkNLsKewZ419IL+9ftmGv +og7UdJOdm3QVu5ak+AoOI8gGJlo9sG8G124NjjyTdeAAEzgohuvVingL +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/etna/tunnelCreds.age b/secrets/etna/tunnelCreds.age new file mode 100644 index 0000000..1b854e0 --- /dev/null +++ b/secrets/etna/tunnelCreds.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWt2TVVTQk1zZVRZaW9S +dTI3RHZqdTZiWE5TaUtuTmdwdGU0MDBHbEdFCnN3VXhrM05Oa3lhZTZZZ0tzZjVN +Y3NDRDN6T2VuKzFUS08rKzhEcjhxcGMKLT4gWDI1NTE5IHU3dzlQelNQT1JINnJo +QUFPUVl4UG5lNnNBZnEvejAzSGIyTHJQdzh2U28KN3M3RTZud2p0Yit3VWwyUUth +eDFPaElQemlaL3dQQnJFUzZJU3A4a24zcwotPiBYMjU1MTkgd3pCMnJNQWpyTGRZ +VDFTTkl3QVlsTUQ2eFpHaVVXSXdPMTBTQXludW5CYwptZFBTMFpaNHhqMFUyZFAv +ZTFwd3RmUUFXT3MxYUdNdkRHRlRxNWRON05FCi0tLSBTR1ZRME9rREtYWWNXUDVT +WXV3RkhNV25VUE5xcmFHc3BPRzBjUlVjVzRnChfpiOqANNHsSeDwXTAB2j/m3eQ9 +m28KHq8agBi90IU1fORG6MVPNgKIVHk5CY4thErTOrVpWQhIA0HrruyiS3sLkPv2 +aDPv4c/cYx3jWfzYyb1dovIVkB/4PVPxg8+YX7R7ZNesdLrEEAo+QbTfQ9cr6tYt +8kQfmO4BUI+c8yILTtv/GtufLr+dYaP6pnzgjLM5koU6fUn2TwXqqVIV2Phb385Y +WUBEmI717nhsBr5cYPmRYMfxiF3I01ZQ2bUC9iB3 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7a210ca..31e28f7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,5 +11,8 @@ in { "fuji/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main; + "etna/rootPassword.age".publicKeys = main ++ [etna]; + "etna/tunnelCreds.age".publicKeys = main ++ [etna]; + "etna/apiRsEnv.age".publicKeys = main ++ [etna]; } diff --git a/systems/default.nix b/systems/default.nix index 2c72313..343b6de 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -52,7 +52,11 @@ in { etna = { system = "x86_64-linux"; - modules = server; + modules = + server + ++ (with inputs; [ + api-rs.nixosModules.default + ]); }; }; } diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 2f5433b..5b4c1a6 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -1,3 +1,35 @@ -{ +{config, ...}: { + age.secrets = let + path = ../../secrets/etna; + in { + tunnelCreds = { + file = "${path}/tunnelCreds.age"; + owner = "cloudflared"; + group = "cloudflared"; + }; + + apiRsEnv.file = "${path}/apiRsEnv.age"; + }; + boot.loader.systemd-boot.enable = true; + + services = { + api-rs = { + enable = true; + environmentFile = config.age.secrets.apiRsEnv.path; + }; + + cloudflared = { + enable = true; + tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = { + credentialsFile = config.age.secrets.tunnelCreds.path; + + ingress = { + "api.uku3lig.net" = "http://localhost:5000"; + }; + + default = "http_status:404"; + }; + }; + }; }