From ae6c4c3343595832e70e914719d2ad2e93cd24ba Mon Sep 17 00:00:00 2001 From: Alexander Bantyev Date: Thu, 18 Mar 2021 13:03:09 +0300 Subject: [PATCH] Add random-things server --- flake.lock | 6 +++--- machines/AMD-Workstation/default.nix | 30 +++++++++++++++++++++++++++- modules/network.nix | 26 ------------------------ modules/servers/nginx.nix | 3 +++ modules/workspace/gpg.nix | 5 +++-- 5 files changed, 38 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 3e94773..6d8805e 100644 --- a/flake.lock +++ b/flake.lock @@ -57,11 +57,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1611390584, - "narHash": "sha256-KajML9i3j8Hrxv8AfG0NjJWttpgRgeldhWZbwPi5rkU=", + "lastModified": 1614654775, + "narHash": "sha256-3mLxoxIXSWUuKE8YgIuqM5AZzXFd1aWxkTlplEDeXIA=", "owner": "serokell", "repo": "deploy-rs", - "rev": "726d758768d7b8071dcffa14560a14f588460406", + "rev": "6278b9bef5ad624676a565980417cbbef42d5227", "type": "github" }, "original": { diff --git a/machines/AMD-Workstation/default.nix b/machines/AMD-Workstation/default.nix index 3ead021..90f6773 100644 --- a/machines/AMD-Workstation/default.nix +++ b/machines/AMD-Workstation/default.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: { +{ config, inputs, ... }: { imports = [ ./hardware-configuration.nix inputs.self.nixosProfiles.desktop @@ -20,4 +20,32 @@ deviceSpecific.isHost = true; services.apcupsd.enable = true; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + + secrets.wireguard-serokell = { }; + + networking.wireguard.interfaces.serokell = { + listenPort = 51820; + ips = [ + "172.20.0.52/32" + # "fd73:7272:ed50::52/128" + ]; + privateKeyFile = config.secrets.wireguard-serokell.decrypted; + peers = [{ + allowedIPs = [ + "0.0.0.0/0" + # "::/0" + ]; + # endpoint = "serokell.net:35944"; + endpoint = "147.75.100.17:35944"; + publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw="; + persistentKeepalive = 24; + }]; + }; + + # restart when the service fails to resolve DNS + systemd.services.wireguard-serokell.serviceConfig = { + Restart = "on-failure"; + RestartSec = "30s"; + }; } diff --git a/modules/network.nix b/modules/network.nix index 763ee95..0f4ee9e 100644 --- a/modules/network.nix +++ b/modules/network.nix @@ -28,30 +28,4 @@ in { systemd.services.ModemManager.wantedBy = lib.optional (config.device == "T490s-Laptop") "network.target"; - secrets.wireguard-serokell = { }; - - networking.wireguard.interfaces.serokell = { - listenPort = 51820; - ips = [ - "172.20.0.52/32" - # "fd73:7272:ed50::52/128" - ]; - privateKeyFile = config.secrets.wireguard-serokell.decrypted; - peers = [{ - allowedIPs = [ - "0.0.0.0/0" - # "::/0" - ]; - # endpoint = "serokell.net:35944"; - endpoint = "147.75.100.17:35944"; - publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw="; - persistentKeepalive = 24; - }]; - }; - - # restart when the service fails to resolve DNS - systemd.services.wireguard-serokell.serviceConfig = { - Restart = "on-failure"; - RestartSec = "30s"; - }; } diff --git a/modules/servers/nginx.nix b/modules/servers/nginx.nix index 99e3e01..eedd458 100644 --- a/modules/servers/nginx.nix +++ b/modules/servers/nginx.nix @@ -37,6 +37,9 @@ "share.balsoft.ru" = { locations."/" = { root = "/var/lib/share"; }; } // default; + "things.balsoft.ru" = { + locations."/" = { root = "/nix/var/nix/profiles/per-user/nginx/random-things/www"; }; + } // default; }; }; security.acme = { diff --git a/modules/workspace/gpg.nix b/modules/workspace/gpg.nix index 707a356..d8cc694 100644 --- a/modules/workspace/gpg.nix +++ b/modules/workspace/gpg.nix @@ -1,9 +1,10 @@ -{ +{ pkgs, ... }: { + services.dbus.packages = [ pkgs.gcr ]; home-manager.users.balsoft = { services.gpg-agent = { enable = true; enableSshSupport = true; - pinentryFlavor = "gtk2"; + pinentryFlavor = "gnome3"; }; programs.gpg.enable = true; };