uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

host api on etna

Browse source
This commit is contained in:
uku 2024-02-02 15:20:48 +01:00
parent db569e4fda
commit 0a4a2209f1
Signed by: uku
GPG key ID: 7D01D7B105E77166
7 changed files with 178 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
flake.lock
View file

@ -23,6 +23,30 @@
"type": "github" "type": "github"
} }
}, },
"api-rs": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1706818243,
"narHash": "sha256-xhUSxZ+JFoVcp86fMESPatNYFl0kAZUKxgwcU8XSBNo=",
"owner": "uku3lig",
"repo": "api-rs",
"rev": "da75616d1686fac75bffd93db095f6f1911afedf",
"type": "github"
},
"original": {
"owner": "uku3lig",
"repo": "api-rs",
"type": "github"
}
},
"catppuccin": { "catppuccin": {
"locked": { "locked": {
"lastModified": 1705010618, "lastModified": 1705010618,
@ -173,25 +197,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -207,6 +213,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
@ -225,6 +249,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -295,12 +337,12 @@
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1705918090, "lastModified": 1705918090,
@ -381,6 +423,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"api-rs": "api-rs",
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -392,6 +435,28 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"api-rs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699841702,
"narHash": "sha256-EG1Fpw732KmcyFJB0tUNsvreRomwTI/H5ngqlGrfB1Y=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "05c34b45e276a9939d1170b025faafe7a5fab2c8",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
"lanzaboote", "lanzaboote",
@ -491,9 +556,24 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@ -512,7 +592,7 @@
"vscode-extensions": { "vscode-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -533,7 +613,7 @@
}, },
"vscode-server": { "vscode-server": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]

7
flake.nix
View file

@ -48,6 +48,13 @@
url = "github:nix-community/nixos-vscode-server"; url = "github:nix-community/nixos-vscode-server";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# ==== uku3lig stuff ====
api-rs = {
url = "github:uku3lig/api-rs";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
};
}; };
outputs = {flake-parts, ...} @ inputs: outputs = {flake-parts, ...} @ inputs:

12
secrets/etna/apiRsEnv.age Normal file
View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTKzh3RnpkUGxBZnVuYlRD
UDBXNVZJeTFvQ21scnFjcHhhUUwzaUo5NGg4CkxCMkNNM2haMG5ub0YzT2Zxajhj
YmdhSlhyeDgyeVVMUWhaYVpiNHJVcnMKLT4gWDI1NTE5IEtMczAvWERxbEg1eHkz
dDRNQmhiM0p6QzVrTFpkSjZ0aXo4OUxzaFd3QlUKdVZoSnhWUWl4NWtZSXRNQWhH
YlBUYWNFSjRSUm0wRmViWnFsRk1oc0dDSQotPiBYMjU1MTkgcnc1SVE0ZnplWVhj
cHdNeC96Nk9UZ1B6ZFlKM1YvRjN3VnkwK0dDL0ZnQQoxMFFKeE9ERHJWbjNqV2My
aWFWTmgzbzk2d0FMVHBMOE9hVXJKUHFLOXkwCi0tLSA0RWtDWHBzTmlzUS9aMWdB
cnZISldlNWxKRncwZ0I2VU92NmE0aDlTWi9jCraKbxDaARBL64xUSH1R10zNA5QJ
Ake+50nG72o6eZwuhaTdQJ4P7Lo9PC8m0yJ7m2/HVtvwkNLsKewZ419IL+9ftmGv
og7UdJOdm3QVu5ak+AoOI8gGJlo9sG8G124NjjyTdeAAEzgohuvVingL
-----END AGE ENCRYPTED FILE-----

14
secrets/etna/tunnelCreds.age Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWt2TVVTQk1zZVRZaW9S
dTI3RHZqdTZiWE5TaUtuTmdwdGU0MDBHbEdFCnN3VXhrM05Oa3lhZTZZZ0tzZjVN
Y3NDRDN6T2VuKzFUS08rKzhEcjhxcGMKLT4gWDI1NTE5IHU3dzlQelNQT1JINnJo
QUFPUVl4UG5lNnNBZnEvejAzSGIyTHJQdzh2U28KN3M3RTZud2p0Yit3VWwyUUth
eDFPaElQemlaL3dQQnJFUzZJU3A4a24zcwotPiBYMjU1MTkgd3pCMnJNQWpyTGRZ
VDFTTkl3QVlsTUQ2eFpHaVVXSXdPMTBTQXludW5CYwptZFBTMFpaNHhqMFUyZFAv
ZTFwd3RmUUFXT3MxYUdNdkRHRlRxNWRON05FCi0tLSBTR1ZRME9rREtYWWNXUDVT
WXV3RkhNV25VUE5xcmFHc3BPRzBjUlVjVzRnChfpiOqANNHsSeDwXTAB2j/m3eQ9
m28KHq8agBi90IU1fORG6MVPNgKIVHk5CY4thErTOrVpWQhIA0HrruyiS3sLkPv2
aDPv4c/cYx3jWfzYyb1dovIVkB/4PVPxg8+YX7R7ZNesdLrEEAo+QbTfQ9cr6tYt
8kQfmO4BUI+c8yILTtv/GtufLr+dYaP6pnzgjLM5koU6fUn2TwXqqVIV2Phb385Y
WUBEmI717nhsBr5cYPmRYMfxiF3I01ZQ2bUC9iB3
-----END AGE ENCRYPTED FILE-----

3
secrets/secrets.nix
View file

@ -11,5 +11,8 @@ in {
"fuji/rootPassword.age".publicKeys = main; "fuji/rootPassword.age".publicKeys = main;
"kilimandjaro/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main;
"etna/rootPassword.age".publicKeys = main ++ [etna]; "etna/rootPassword.age".publicKeys = main ++ [etna];
"etna/tunnelCreds.age".publicKeys = main ++ [etna];
"etna/apiRsEnv.age".publicKeys = main ++ [etna];
} }

6
systems/default.nix
View file

@ -52,7 +52,11 @@ in {
etna = { etna = {
system = "x86_64-linux"; system = "x86_64-linux";
modules = server; modules =
server
++ (with inputs; [
api-rs.nixosModules.default
]);
}; };
}; };
} }

34
systems/etna/default.nix
View file

@ -1,3 +1,35 @@
{ {config, ...}: {
age.secrets = let
path = ../../secrets/etna;
in {
tunnelCreds = {
file = "${path}/tunnelCreds.age";
owner = "cloudflared";
group = "cloudflared";
};
apiRsEnv.file = "${path}/apiRsEnv.age";
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
services = {
api-rs = {
enable = true;
environmentFile = config.age.secrets.apiRsEnv.path;
};
cloudflared = {
enable = true;
tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = {
credentialsFile = config.age.secrets.tunnelCreds.path;
ingress = {
"api.uku3lig.net" = "http://localhost:5000";
};
default = "http_status:404";
};
};
};
} }