feat(server): make tangled config · wiro.world/dotfiles@0e96829

wiro.world / dotfiles

fork atom

yep, more dotfiles

fork atom

feat(server): make tangled config

wiro.world 11 months ago 0e96829d d3922f79

+33 -2

4 changed files

expand all

nixos

profiles

server.nix

secrets

default.nix

secrets.nix

tangled-env.age

+21 -2

nixos/profiles/server.nix

··· 5 5 }: 6 6 7 7 let 8 - inherit (self.inputs) srvos nixpkgs-unstable agenix; 8 + inherit (self.inputs) srvos nixpkgs-unstable agenix tangled; 9 9 10 10 all-secrets = import ../../secrets; 11 11 ··· 22 22 23 23 pds-port = 3001; 24 24 pds-hostname = "pds.wiro.world"; 25 + 26 + tangled-port = 3002; 27 + tangled-hostname = "knot.wiro.world"; 25 28 in 26 29 { 27 30 imports = [ ··· 30 33 srvos.nixosModules.mixins-terminfo 31 34 32 35 agenix.nixosModules.default 36 + 37 + tangled.nixosModules.knotserver 33 38 34 39 pds-patched-module 35 40 ]; ··· 108 113 respond "Hello, World! (from `weird-row-server`)" 109 114 ''; 110 115 111 - virtualHosts."${pds-hostname}" = { 116 + virtualHosts.${pds-hostname} = { 112 117 serverAliases = [ "*.${pds-hostname}" ]; 113 118 extraConfig = '' 114 119 tls { on_demand } 115 120 reverse_proxy http://localhost:${toString pds-port} 116 121 ''; 117 122 }; 123 + 124 + virtualHosts.${tangled-hostname}.extraConfig = '' 125 + reverse_proxy http://localhost:${toString tangled-port} 126 + ''; 118 127 }; 119 128 120 129 security.sudo.wheelNeedsPassword = false; ··· 122 131 local.fragment.nix.enable = true; 123 132 124 133 programs.fish.enable = true; 134 + 135 + services.tangled-knotserver = { 136 + enable = true; 137 + 138 + server = { 139 + listenAddr = "0.0.0.0:${toString tangled-port}"; 140 + secretFile = config.age.secrets.tangled-config.path; 141 + hostname = tangled-hostname; 142 + }; 143 + }; 125 144 }; 126 145 }

secrets/default.nix

··· 16 16 # `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL` and 17 17 # `PDS_EMAIL_FROM_ADDRESS` 18 18 pds-config.file = ./pds-env.age; 19 + # Defines `KNOT_SERVER_SECRET` 20 + tangled-config.file = ./tangled-env.age; 19 21 }; 20 22 21 23 none = {

secrets/secrets.nix

··· 17 17 "api-wakatime.age".publicKeys = home-manager; 18 18 19 19 "pds-env.age".publicKeys = deploy; 20 + "tangled-env.age".publicKeys = deploy; 20 21 21 22 # Not used in config but useful 22 23 "pgp-ca5e.age".publicKeys = users;

secrets/tangled-env.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 sMF1bg GTb/AWdaekNL0Zk4RAD3TNbhnzmNNSYWMu75ddPQV24 3 + zUCmnoEhJCAL3HgZ8T2ijTWvwrSdpIIXJcj2I+SoIhY 4 + -> ssh-ed25519 SmMcWg EKdXu9V1GrLq+BV2/8/Wbzeiunkb0Et48JTJSXsmECE 5 + y5MWRpACrjQlHFB87gMTnyJXdozD8eFkuVeCCw+SzMw 6 + -> ssh-ed25519 Q8rMFA nDPMvJK+oq1olH4ICJZEInRs5D2D/LrxlvQGoyAe5iE 7 + UGKpurfmrwNPyEkbOmrdLIMqTlgceqSpz4MnDbMe6WY 8 + --- uHEprFXsZMFHHR7Ad3vHNSofGwB/mMqB9JQ7/658NtM 9 + h�:�4`�lG��r�9��n��CYK��}�et��Z2F@Yn��T" �l��̢� h��\�Nr2=�q�!~4�b VOQ��4=3@�[��7��N\��Y.n��.�