diff --git a/hosts/nixedo/modules/nginx/default.nix b/hosts/nixedo/modules/nginx/default.nix index a7ec3e22..b768ed69 100644 --- a/hosts/nixedo/modules/nginx/default.nix +++ b/hosts/nixedo/modules/nginx/default.nix @@ -53,6 +53,5 @@ in imports = [ ./oliverdavies.uk - ./ponthirtaekwondo.co.uk.nix ]; } diff --git a/hosts/nixedo/modules/nginx/ponthirtaekwondo.co.uk.nix b/hosts/nixedo/modules/nginx/ponthirtaekwondo.co.uk.nix deleted file mode 100644 index f16e61b2..00000000 --- a/hosts/nixedo/modules/nginx/ponthirtaekwondo.co.uk.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, ... }: - -let - name = "ponthirtaekwondo.co.uk"; - ports = config.homelab.ports; - port = ports.nginx.ponthir-taekwondo; -in -{ - security.acme.certs = { - "ponthirtaekwondo.co.uk" = { - domain = "ponthirtaekwondo.co.uk"; - dnsProvider = "cloudflare"; - email = "oliver@oliverdavies.uk"; - environmentFile = config.age.secrets.cloudflare.path; - webroot = null; - - extraDomainNames = [ - "www.ponthirtaekwondo.co.uk" - ]; - }; - }; - - services = { - nginx.virtualHosts = { - "www.${name}" = { - root = "/var/www/vhosts/${name}"; - - listen = [ - { - inherit port; - - addr = "localhost"; - } - ]; - - locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; - - extraConfig = '' - port_in_redirect off; - - # Remove trailing slashes. - rewrite ^/(.*)/$ /$1 permanent; - ''; - }; - }; - - cloudflared.tunnels."e1514105-327f-4984-974e-e2fbaca76466".ingress = { - "www.ponthirtaekwondo.co.uk" = "http://localhost:${toString port}"; - }; - }; -} diff --git a/modules/hosts/homelab/home02/configuration.nix b/modules/hosts/homelab/home02/configuration.nix index ce2b11be..5bef0a7a 100644 --- a/modules/hosts/homelab/home02/configuration.nix +++ b/modules/hosts/homelab/home02/configuration.nix @@ -1,5 +1,29 @@ +{ inputs, ... }: + { flake.modules.nixos."nixosConfigurations/home02" = { + imports = with inputs.self.modules.nixos; [ + inputs.agenix.nixosModules.default + + nginx-ponthir-taekwondo + ]; + + nix.settings = { + auto-optimise-store = true; + + experimental-features = [ + "nix-command" + "flakes" + ]; + + warn-dirty = false; + }; + + age.secrets = { + cloudflare.file = ../../../../secrets/cloudflare.age; + cloudflared.file = ../../../../secrets/cloudflared-credentials2.age; + }; + networking.hostName = "home02"; system.stateVersion = "25.05"; diff --git a/modules/hosts/homelab/home02/nginx.nix b/modules/hosts/homelab/home02/nginx.nix deleted file mode 100644 index 7099747d..00000000 --- a/modules/hosts/homelab/home02/nginx.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - flake.modules.nixos."nixosConfigurations/home02".services.nginx = { - enable = true; - }; -} diff --git a/modules/nixos-configurations.nix b/modules/nixos-configurations.nix index f84e185b..a645aa0d 100644 --- a/modules/nixos-configurations.nix +++ b/modules/nixos-configurations.nix @@ -32,7 +32,7 @@ ++ ( # TODO: remove once everything has bee moved to modules. if builtins.pathExists "${self}/hosts/${hostname}/configuration.nix" then - "${self}/hosts/${hostname}/configuration.nix" + [ "${self}/hosts/${hostname}/configuration.nix" ] else [ ] ) diff --git a/modules/server/home02/ponthir-taekwondo.nix b/modules/server/home02/ponthir-taekwondo.nix new file mode 100644 index 00000000..384af1bd --- /dev/null +++ b/modules/server/home02/ponthir-taekwondo.nix @@ -0,0 +1,57 @@ +{ + flake.modules.nixos.nginx-ponthir-taekwondo = + { config, ... }: + let + domain = "ponthirtaekwondo.co.uk"; + port = 9099; + in + { + security.acme = { + acceptTerms = true; + + certs.${domain} = { + dnsProvider = "cloudflare"; + domain = "${domain}"; + email = "oliver@oliverdavies.uk"; + environmentFile = config.age.secrets.cloudflare.path; + extraDomainNames = [ "www.${domain}" ]; + webroot = null; + }; + }; + + services.nginx = { + enable = true; + + virtualHosts."www.${domain}" = { + root = "/var/www/vhosts/${domain}"; + + listen = [ + { + inherit port; + + addr = "localhost"; + } + ]; + + locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; + + extraConfig = '' + port_in_redirect off; + + # Remove trailing slashes. + rewrite ^/(.*)/$ /$1 permanent; + ''; + }; + }; + + services.cloudflared = { + enable = true; + + tunnels."c1537889-81ac-4d41-b80d-9657f8db30c7" = { + credentialsFile = config.age.secrets.cloudflared.path; + default = "http_status:404"; + ingress."www.${domain}" = "http://localhost:${toString port}"; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 465ce7ee..2dff46b1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,5 +1,6 @@ let hosts = { + home02 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUdENIYMFFiWzqOylh6/IVa9GGMwCpxPldbbX3wUttaQZ71qy4yoVN069DSDjlg0zbyYPzcfrR1d+DKAlJWH4FCOHXAO/mZtweGYSP1OP3Gdk1P7l8WWBTQqop7SkOQ4IT/dYl6QI7M2Oix1cKJvKSog/d/tp0B2x28me/bcDNzqgz8UtC6Y+gClqbpUeoNZfieovUt0N8vt/Z2LLIeXfhTnWz/PHtQ/Nn8pL5uO6CFOETojSa1JOwCVwvPzmmG2j8t+SdQEGW5bU6dIHZecMrCPDoXid+saC6zhlSPeWwI9Oamy5WxRd2wa3AkKbMqQj91AAxsjdSO93qMhoKeVugoyncT/CD9+bAXbFInegsszUiJNJE6Ua0H8okGxhW/ptLPjvhQXJmAmWyF9gTeiAlENpqQ2Zo5XjaMbkopAXLAd3/dgt0t0K7IRbsMVlb09nQpLU65ADodofUJ2R7GU972IFyvLu8CBkGjVYrVIbbXRNgO4ZI4CN212W8dkB/uRkgrEfAyM4nkcho8CuwCBS5vObQS/DC0TAokHJMAR/7cCSjD4L2dUIkbwa2FOsSRJXW9mU6J/EmYTj9M3OOKlvOsCVBkiSNaH6KOtZk+NY059n9KWPNKeAdqg0bh42BZKueIj3fa2V0rWSuFcVdbG77NiUAIYb8qycfZMiFcRbV5Q=="; nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; t480 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; }; @@ -10,6 +11,7 @@ let in { "secrets/cloudflare.age".publicKeys = [ + hosts.home02 hosts.nixedo hosts.t480 ] @@ -20,6 +22,11 @@ in ] ++ [ users.opdavies ]; + "secrets/cloudflared-credentials2.age".publicKeys = [ + hosts.home02 + ] + ++ [ users.opdavies ]; + "secrets/forgejo-runner-token.age".publicKeys = [ hosts.nixedo ] diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 4c092f31..45b84bfd 100644 Binary files a/secrets/cloudflare.age and b/secrets/cloudflare.age differ diff --git a/secrets/cloudflared-credentials.age b/secrets/cloudflared-credentials.age index dc592620..d14cb201 100644 Binary files a/secrets/cloudflared-credentials.age and b/secrets/cloudflared-credentials.age differ diff --git a/secrets/cloudflared-credentials2.age b/secrets/cloudflared-credentials2.age new file mode 100644 index 00000000..e7180114 Binary files /dev/null and b/secrets/cloudflared-credentials2.age differ diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age index 78f0fe94..25dd2542 100644 --- a/secrets/forgejo-runner-token.age +++ b/secrets/forgejo-runner-token.age @@ -1,17 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 IsVD3g VZRQKGdeV/lghsgN7xSWAuxOsThIU4cpBPEA5jRU/Ro -rlVrONsaGdSAW7jk04RbmxqBRr1nIpZi/QYJdhZNF8A +-> ssh-ed25519 IsVD3g sjknkZ8QTfjiEJyjZvB119raHM09HrSLiio4jjztHRs +erSXR3WzpvxUgY2VUJ89bl62BtW/71JbUCGD6SOfy/s -> ssh-rsa +vTWQw -igGVvcUh30WG4jDQcXL906pmEk6NCDt0Fl0XC6q3ZuAeJHK1wZ70XKPTehb1JM4U -YSb5vsVW0J6Fv9kWbpfuSGo/eDoLwm45bP5OT+L3hThG8VRYlt4GuPt+BTdxBfcA -sLiQNBo/c+NeozLwsx39uwGZlBPXEiCWy2GR0tBpl97mpQgyLIvRleRMxzTtfN7Y -vreEbsOqo4kHMsAykGoOwMDVJpGArJBLNlm5cd9I0iHOvk9ugu919tNeiZ4vHyye -QKuoeAE24wqW/QXj98sFxz9SHi9UHJpqLMsgh2tCfvG6J65DItBzhWi7OKlgTUjy -7nhNOGMHtc4XBR/kjdt4z55ryb7t5DPdy6VIurJ3YAcZRm44o4LusHLw7llcNa20 -bXTiwZaICwK6Zi3deAASK4+DgbvThuKa6Ir0vaEK7Mik39ZanrIXDoFBv80ufBiq -tsFZex7Z/ZqqDR/WPnQKF92tz+Kqs7Jkka60ajYwkDdS6WnkOFPpKPJKayfutdF1 -9r6jzBUZEZ1E9avShow8ccw/FVhSnDzl9851TXZRyDrqFJ26s7484zHV9KpHPflh -qveux0fqB65vGl2ZvcsRawGVOw8G567s2HED6tuArdU98eEGC5Z/UdXPUYGpUSCK -zB9AQNtdS5IHY9CNKb7YqJFtvyaA7wlrd9Csp0UWVSY ---- i4UTmANM0HP3f9MKXDJZKyP2lod+E2dK8sNzHcm3y/o -ZpBl@Dp('u.X TO"Rrr=|ޮ:SQCDCb~V2 \ No newline at end of file +LM8id7bb+4010W3AssFgxCB9j6Xth1LDGieMp52ywAACQPothIeyB1BwXdYMyYzp +UVVguRJUN6AjFuIhXBe5+gtK7xvS0ToIpeZmTQlgfehzQWIbwCTzs3Py/XYyRUth +x6LT6Qru0pNP/zPVWh4EOPwpi12BfNB7tDxPI3vQCR5mL1zw/Uciufu+ku91c/Rr +s2wXjinDSqHgKOjNxvP6RpzjhkpvrV7cnir7JxRC2gFpyTHeDVishjqu3D4WbAPy +Qgk10DNv86nQvPdexdWF8C44GBc69DBXnaQQSsgcUs4awG4zNz6IJFMG0FdUA2lR +ac5zcaUl76SrwvXPHyiFNs6f0wkFZQt3Cu6/QiHWWXNuuIGMv6mouBW4lQqiZQRC +2pMS1IxuyHPHx2Bun8m1CPAuFCUt+ur9vYbofpJrWoXz1zg6tIL+KnUWkN29cd07 +OppiaOrk50fVqJvodS5HhPqJnKGAzNpji0a72OWQtIHvcNYwAKv+P3Copg5jWt6z +9QKay17p1v2YuPYpxzqI6VzB76UxG2T0mm/C10+xedPDo1NyXDT2b3c/uFm3bR6K +Lc5sM/togbA23YJNDRGQpgQNtZi2ovSMdU5ZDBq1txsGB5sP3ITUSv7bbAWHTv6K +E2uckvASLlAlFgCePDPyM2StMwcK7xGuG49jtdY85Hw +--- pjoGZ9rZfhR6fBIshg2pYfELHCmYewf1LvNAvyXm9Do +V ? yV2CקX05s(A&=0]74Ja]@Ub8lJ=, \ No newline at end of file diff --git a/secrets/freshrss-password-file.age b/secrets/freshrss-password-file.age index 16e7baba..883fa6a5 100644 Binary files a/secrets/freshrss-password-file.age and b/secrets/freshrss-password-file.age differ diff --git a/secrets/peertube-env.age b/secrets/peertube-env.age index 0b03f08f..c190b8ca 100644 --- a/secrets/peertube-env.age +++ b/secrets/peertube-env.age @@ -1,18 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 IsVD3g kyLYyMMYENXy2F1cnjVyptUhci5xfC8yrhvBtH8THUw -Q8sXfg7Wm4UMZ6jWGiBLgEKOqVvlCrHy8IthdpjRS/8 +-> ssh-ed25519 IsVD3g 5GyBUVIjEFXXSaKHdMJz+VQrzFQbGjI1rN9v+tEw9Ro +3TPH9ELgR7KIZT/3qUQ74dtP00Iki3VqwIv5CHV4HnY -> ssh-rsa +vTWQw -i0sLs+iG1P7pvUAHCn1StChdaMlT+ze4qkI0beSzTbWm6+qoC7X9tBoJoBJbNGmQ -vIaJpYncYUn04r4WrYcjhBaYKYoECPGR0z/i9EtPT67DG6zuNEJLTclMStdudv4P -Y5uHDku3CoEF6l1nBabQmYtA6/7RT/wqQf+yYICp8pJX9fPtgkjbUtwx/EBOTz29 -t1Y6USjHI45IW9Od3G7XcZGuNkLkeV3clBEqWiFeck7+x3/SU8f8sv63M++Bitqb -F/ZXiLd/JDrlRhcgO0XsfKX+M6eodUg3ZQ7/0GFAjfYyiQp6uA5p/srIuTq40W1f -i7zzs0dewz75GjSKIWyivcYvQQzeobxDd6/1nhgtdjHCYyL5HV3QnE7Ew/ZoQPss -kIr25ftZ/sA87wg77J0c7koZneycSV1PioB2RyuW7cXP4ptMUOEaM0KjkLABBWNF -+WxIdGVd8d8E/zBbVnNNPNuKZYHEb6+eCo61Z8x7VAZhz61ziXOdOzeaN1Obgv+2 -Banoulrje4oF1L4KgO64NckVpYi6Od0Cl9W0hOxSt1BafokHYi4yxYiB2rmv/cdO -Q2IR10fKCd1BNYKvMPFia8j3Uv+OYJnilSNUi0bs+42UfFGcURZEgsSGluSIWP3W -ag1ENk3Y0tLR1WMj2mjbybk9JpEAWJ0oxT+oBOV2g9Q ---- iraOjJc4e+c1tH/YoiRIoEyyLVPgRx2xWaM5BUO1Fes -%Uck !XEw+1긑;+ -w& &m^us_nL<^,U \ No newline at end of file +Cg5+HmQdohbndJi0gMs+LV6KnNiLWjPJB1MOD/bG+Oa3n9tdyLBHFe/m3rHtXz02 +bLDYt/YgKMieuC8AGZsOD/d+KV7dfJ5dLzVDDHZYawuxWUEX/jk3etozlqcWWqLr +/uLJ0TPp56hL0zDqTPJfmKzxvSBTKYtbhEEF00UlfYte7DOeQGa6zF/R2mbWJAzV +xNXLB+l1Cng+zR9zO/0GEbHaEZBBtvJn4uDVmMBTRtqyPV2U3H40HxOg0Jg66R3e +D2Bs3VBqXK1Pdg5MPbu5Exjrmr1HiH/SodJ8tZfQuVRSQO/2Vb+J7KanOYIwAxN1 +DlmNV5wBxoibapViiZrRGOgKOM2Nd7kCeNLnpzl4kVQSHo7jWABBl/GPIlN59zNA +qu1cluK8txoJu4xXJsbNFBqmfdUPVrvJobNG9hyH4zu81rBfoEoHZRQaH0/ZHh03 +PSWw6Vv1wmHVp9yij3PrMGkF/kEF5Z1MYBP1j4mDSqIsvww0yEeC0RRp8Ud0UMmi +v55O5ImOMUrhUiXFZbk7miv7wi+9LWZwtqCMbflOBklC6SGcHt0Xt76gQVVQCsMv +eVpPBwY8tGz+cYT8zmO77/bRmz2eGuCfiAdMN3AkNDelS5LXz2ydmGYyCmOlKabV +VfYWsHJcYtlpbDzpa2sCrl71b3PTC7LnjDDIQopIPDM +--- 4zZpdSkiIb11Fo7yHZYhFoQRt+iANwW5LURpE61JMac +-`'kB?[͛ l#4|db>X tQnoFs3hW4嬎i$ \ No newline at end of file diff --git a/secrets/tubearchivist-env.age b/secrets/tubearchivist-env.age index 8e8fd5c1..309df683 100644 --- a/secrets/tubearchivist-env.age +++ b/secrets/tubearchivist-env.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 IsVD3g JcpSuBgBp3nnPscb55121KL2XeCkBnwRwr57rFYE+nE -o0nLbL0tQWZIwOECYb+/zQsGo9/uoEpuaPqdxoZqY/Y --> ssh-ed25519 IsVD3g fYyG89/0d3WO+aG9SaZ5+QMGrayd0y6EdnpjEx7mOTM -nbP/TlK5goWZe6ObIvqaRYTa7XPKprVoOeOZBPARON4 +-> ssh-ed25519 IsVD3g jadSxkPYEHq3Eft9cjnjSpZCOYPIv4iUL5UZ2oZBF3A +9c5RlPpzZChKsPA3CYVH/QQDQgztkaawbzj/urxog5M +-> ssh-ed25519 IsVD3g MHiWFQh6775rJh0JObOSWP3LqyIi6SvYcQ1FhIZtZRI +G5Y+jenOV7RdL05owbQYp0zzu7/6X+q/KzWCECST0Lk -> ssh-rsa +vTWQw -mrS2MJwu/XgQd0y+bE9pa4iCZk8m1l6WQrnLb7tOaPXiVBObh03k6y9uWsfVSgmh -gnXHBQIAGXtdJ6qabt5jLDQrDxMZw1jxAr5QONR8Y+zmcw3BTvKYmVQRfsRlOM0O -qC4VG7CXcq7tcOEHKi3VliyUZW3R1SzXVhr72VXsug2IbWsNp/plusiA8MmLR3Mf -0N6z8ye1ZKRFHs4Q9ShyLad5JcJtkjrNmhbhQdZlNUQfOf+jrTEFrgKII96pCWqI -2eqpUbA1ameSUXgRknaZjIYQBmJd5ejvClGV5cojlD+DdX0W85mRW/Xj1CinUsGk -QZ+RFQ9GWGLLV8Uba707nbS1yMlnc2afJyG8dWGaH9m2E/9NnsFxCIbcQTrK28Yu -yabdui1sXG8stVWGK4FqCTuxNLv/bWC37IcFQQai9wgZhziyO07QR1jQ2xiMXLBZ -cw3KT8y8yYROzhZCuKoW/FAIrlsQv3ePBv+YEpnLF++2Pa25d1jmJXryAooDpBLd -5gi/hKvBeDPwtgStS0BjPYRM37tQ0UlHkcCqq8v2xeTX7VZpqWrzUcGX4DXCgxxX -Qrj5eDdomUfFH5NE8LWWNfpAlP1SOkM3ebCoa9e1sfEdJUzubIbSuRL/VFTm0SJe -WaUbIuTPOo7Sda6ZgM7lPFylqJNC8bHI5Ch6AH7UWX0 ---- GcN2m5Td0aMEWTrH6ZOyjplhvkHsHrCJfoyyfsbJHZo -xL}va1(t1$Cn߇;ftO@]ycvd -VQ XS;.Oס?HɊJD|'!w9gvRuNSú9 \ No newline at end of file +Q84pQ3wLcYpAYpSIuAb5cGxpfVPuYN7EwY5pd825/kigYRVaPEO4uBF9OVCZ4MiG +V2ejWOCpKyC3Xmx6zBkGgpHw98YMngPZJtKfkqs8hZVLAYuKBIEbCEyWKPCBErmX +u8hdZdR9IiY2X2kjvK+/QctpPnHv5Y+VXOIagiu3a1y2VUqG7wZa5MZvC7WF6gtH +JUoDAzg2zpvL9TngNi9gapnisr1JDSoYkgQCXgiczfqcO5Xb1OtSh1ofHy+zjlfe +46ByskSWW+Zc5rdDFeZaKOPraxUMbqEXYM8XpL70vbe65vEa7foiMSRgyvtasOSn +xSzxBQgBVkh/1aHGGg1I2NYPx3NHogwDFSedZKuocYMEVYtcEICDgr00yFr29w0k +m1jac5fA1qQrt8bAIiHVCHhXXFiREFGqAUBJKPhlgCYlhYrIxIzv8M5B0cAYbtsY +HL9oXAq9+WFkx+QqCzvN+NSEXNzSgSuecPgvWnz+f/d+st2f/QaxtT/tHk3thDsS +pC7wGq8IwvzNYOD8WUfIkI+BiFxqMb8sQprBBDLeOpeVgWoKf1TYyxsNjiuCuIIM +1BGnD0A6SUPt+QDnPgb1ZP5bHLTr0Mzkh3m8jRFkqBk4bVvacW44SqBBYOfog1nf +mbbv8GxRNuZwqY83vloV3EMa27ziCXTKeX8ZephgUqg +--- mH7HBWGpojAv8p68tUk86c6ri2P2PxZi+fWxl5QC8qE +?}Ĥ`LGt:G]PIāh&