Add random-things server

2021-03-18 13:03:09 +03:00 · 2021-03-18 13:03:09 +03:00 · ae6c4c3343
commit ae6c4c3343
parent 654f707059
5 changed files with 38 additions and 32 deletions
--- a/flake.lock
+++ b/flake.lock
@ -57,11 +57,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1611390584,
-        "narHash": "sha256-KajML9i3j8Hrxv8AfG0NjJWttpgRgeldhWZbwPi5rkU=",
+        "lastModified": 1614654775,
+        "narHash": "sha256-3mLxoxIXSWUuKE8YgIuqM5AZzXFd1aWxkTlplEDeXIA=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "726d758768d7b8071dcffa14560a14f588460406",
+        "rev": "6278b9bef5ad624676a565980417cbbef42d5227",
        "type": "github"
      },
      "original": {
--- a/machines/AMD-Workstation/default.nix
+++ b/machines/AMD-Workstation/default.nix
@ -1,4 +1,4 @@
-{ inputs, ... }: {
+{ config, inputs, ... }: {
  imports = [
    ./hardware-configuration.nix
    inputs.self.nixosProfiles.desktop
@ -20,4 +20,32 @@
  deviceSpecific.isHost = true;
  services.apcupsd.enable = true;
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+
+  secrets.wireguard-serokell = { };
+
+  networking.wireguard.interfaces.serokell = {
+    listenPort = 51820;
+    ips = [
+      "172.20.0.52/32"
+      # "fd73:7272:ed50::52/128"
+    ];
+    privateKeyFile = config.secrets.wireguard-serokell.decrypted;
+    peers = [{
+      allowedIPs = [
+        "0.0.0.0/0"
+        # "::/0"
+      ];
+      # endpoint = "serokell.net:35944";
+      endpoint = "147.75.100.17:35944";
+      publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw=";
+      persistentKeepalive = 24;
+    }];
+  };
+
+  # restart when the service fails to resolve DNS
+  systemd.services.wireguard-serokell.serviceConfig = {
+    Restart = "on-failure";
+    RestartSec = "30s";
+  };
 }
--- a/modules/network.nix
+++ b/modules/network.nix
@ -28,30 +28,4 @@ in {
  systemd.services.ModemManager.wantedBy =
    lib.optional (config.device == "T490s-Laptop") "network.target";

-  secrets.wireguard-serokell = { };
-
-  networking.wireguard.interfaces.serokell = {
-    listenPort = 51820;
-    ips = [
-      "172.20.0.52/32"
-      # "fd73:7272:ed50::52/128"
-    ];
-    privateKeyFile = config.secrets.wireguard-serokell.decrypted;
-    peers = [{
-      allowedIPs = [
-        "0.0.0.0/0"
-        # "::/0"
-      ];
-      # endpoint = "serokell.net:35944";
-      endpoint = "147.75.100.17:35944";
-      publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw=";
-      persistentKeepalive = 24;
-    }];
-  };
-
-  # restart when the service fails to resolve DNS
-  systemd.services.wireguard-serokell.serviceConfig = {
-    Restart = "on-failure";
-    RestartSec = "30s";
-  };
 }
--- a/modules/servers/nginx.nix
+++ b/modules/servers/nginx.nix
@ -37,6 +37,9 @@
      "share.balsoft.ru" = {
        locations."/" = { root = "/var/lib/share"; };
      } // default;
+      "things.balsoft.ru" = {
+        locations."/" = { root = "/nix/var/nix/profiles/per-user/nginx/random-things/www"; };
+      } // default;
    };
  };
  security.acme = {
--- a/modules/workspace/gpg.nix
+++ b/modules/workspace/gpg.nix
@ -1,9 +1,10 @@
-{
+{ pkgs, ... }: {
+  services.dbus.packages = [ pkgs.gcr ];
  home-manager.users.balsoft = {
    services.gpg-agent = {
      enable = true;
      enableSshSupport = true;
-      pinentryFlavor = "gtk2";
+      pinentryFlavor = "gnome3";
    };
    programs.gpg.enable = true;
  };