From db8869d0b7338afb9f50b0470c33e5fc8a395b34 Mon Sep 17 00:00:00 2001 From: foehammer127 Date: Tue, 16 Sep 2025 16:58:19 -0400 Subject: [PATCH 01/10] Update nix flake. --- flake.lock | 27 ++++++++++++---------- machines/lebesgue/deploy | 2 +- machines/lebesgue/flake.lock | 45 +++++++++++++++++++----------------- 3 files changed, 40 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 1406691..ba3bf88 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", "type": "github" }, "original": { @@ -36,14 +36,17 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "root": { diff --git a/machines/lebesgue/deploy b/machines/lebesgue/deploy index 5e6d86a..67be563 100755 --- a/machines/lebesgue/deploy +++ b/machines/lebesgue/deploy @@ -4,7 +4,7 @@ function deploy() { nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose } -nix flake lock --update-input common +nix flake common if [[ -n $1 ]]; then deploy $1 diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index 37ed9f3..8265721 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -20,11 +20,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -50,11 +50,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", "type": "github" }, "original": { @@ -66,23 +66,26 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1748889542, - "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=", + "lastModified": 1757810152, + "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922", + "rev": "9a094440e02a699be5c57453a092a8baf569bdad", "type": "github" }, "original": { @@ -94,11 +97,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731763621, - "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", + "lastModified": 1757746433, + "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", + "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d", "type": "github" }, "original": { @@ -121,11 +124,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1738291974, - "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { From b2de27ce910d62043e5de178a704a69eeefd9931 Mon Sep 17 00:00:00 2001 From: foehammer127 Date: Tue, 25 Nov 2025 20:08:26 -0500 Subject: [PATCH 02/10] Nix flake update. --- flake.lock | 18 +++++++++--------- machines/lebesgue/flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ba3bf88..1758c63 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757810152, - "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "lastModified": 1763948260, + "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", "type": "github" }, "original": { @@ -36,11 +36,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index 8265721..e00e5e7 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -20,11 +20,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -50,11 +50,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1757810152, - "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "lastModified": 1763948260, + "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", "type": "github" }, "original": { @@ -66,11 +66,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -81,11 +81,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757810152, - "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "lastModified": 1763948260, + "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", "type": "github" }, "original": { @@ -97,11 +97,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757746433, - "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -124,11 +124,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1758007585, - "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { From ab3cee9bb01a252f3da0235862bdb4f628462fd1 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 14 Dec 2025 17:03:55 -0500 Subject: [PATCH 03/10] Fix deployment script. --- machines/lebesgue/deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/lebesgue/deploy b/machines/lebesgue/deploy index 67be563..7ed4073 100755 --- a/machines/lebesgue/deploy +++ b/machines/lebesgue/deploy @@ -4,7 +4,7 @@ function deploy() { nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose } -nix flake common +nix flake update common if [[ -n $1 ]]; then deploy $1 From 39626b43eeb621815faefae04554081f66542404 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 14 Dec 2025 17:28:12 -0500 Subject: [PATCH 04/10] Nix flake update. --- flake.lock | 12 ++++++------ machines/lebesgue/flake.lock | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 1758c63..653992c 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765495779, + "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1765363881, + "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0", "type": "github" }, "original": { diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index e00e5e7..11e191d 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -20,11 +20,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765495779, + "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", "type": "github" }, "original": { @@ -50,11 +50,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1765363881, + "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0", "type": "github" }, "original": { From c231e5349e9f2fed7f59a220447cd8091d90877f Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 14 Dec 2025 18:01:30 -0500 Subject: [PATCH 05/10] Add readeck service. --- common/services/readeck.nix | 49 ++++++++++++++++++++++ machines/lebesgue/config/configuration.nix | 6 +++ machines/lebesgue/config/routing.nix | 6 +++ machines/lebesgue/config/secrets.nix | 2 + machines/lebesgue/config/state.nix | 1 + machines/lebesgue/secrets/main.yaml | 7 ++-- 6 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 common/services/readeck.nix diff --git a/common/services/readeck.nix b/common/services/readeck.nix new file mode 100644 index 0000000..be34c9e --- /dev/null +++ b/common/services/readeck.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) types mkEnableOption mkIf mkOption; + + cfg = config.foehammer.services.readeck; +in { + options.foehammer.services.readeck = { + enable = mkEnableOption "Enable readeck server"; + + port = mkOption { + type = lib.types.port; + default = 8224; + description = '' + What external port to serve over. + ''; + }; + + envFile = mkOption { + type = types.nullOr types.path; + }; + + domain = mkOption { + type = types.str; + description = '' + Readeck's domain. + ''; + }; + }; + + config = mkIf cfg.enable { + services.readeck = { + enable = true; + environmentFile = cfg.envFile; + settings = { + server = { + port = cfg.port; + base_url = cfg.domain; + }; + extractor = { + workers = 2; + }; + }; + }; + }; +} diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 0b8e21f..6f6e1d1 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -10,6 +10,12 @@ hashedPasswordFile = config.sops.secrets.admin-password.path; }; + services.readeck = { + enable = true; + domain = "https://bookmarks.foehammer.me"; + envFile = config.sops.secrets.readeck-env.path; + }; + services.goatcounter = { enable = true; }; diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index d33c36c..4e24b00 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -18,6 +18,12 @@ reverse_proxy :${toString config.foehammer.services.goatcounter.port} ''; }; + + "bookmarks.foehammer.me" = { + extraConfig = '' + reverse_proxy :${toString config.foehammer.services.readeck.port} + ''; + }; }; }; } diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index f8538b9..977a673 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -14,6 +14,8 @@ vaultwarden-env = {}; + readeck-env = {}; + restic-env = {owner = "restic";}; restic-password = {owner = "restic";}; restic-repository = {owner = "restic";}; diff --git a/machines/lebesgue/config/state.nix b/machines/lebesgue/config/state.nix index 98db9fa..25b8eaa 100644 --- a/machines/lebesgue/config/state.nix +++ b/machines/lebesgue/config/state.nix @@ -9,6 +9,7 @@ "/var/log" "/var/lib/nixos" "/var/lib/docker" + "/var/lib/private/readeck" "/var/lib/authelia-main" "/var/lib/caddy/.local/share/caddy" "/var/lib/vaultwarden" diff --git a/machines/lebesgue/secrets/main.yaml b/machines/lebesgue/secrets/main.yaml index e7208b5..55b0814 100644 --- a/machines/lebesgue/secrets/main.yaml +++ b/machines/lebesgue/secrets/main.yaml @@ -4,6 +4,7 @@ vaultwarden-env: ENC[AES256_GCM,data:A1iRHxFxgI5P8DtsXQa1KvEKKnF+qZY7LVuJba00CLj restic-password: ENC[AES256_GCM,data:Ympe5/hJxOzJp7IeJy5mZy0fMIrnV+3cWJo1uKwbHHDJ0G4TNivMNrHEdff6CjVnAbkVgjkR90z1FJOpExd+KQ==,iv:CRJaA3fTG8B/qBDkwctgma4DaGDjoyk4eX6/SynIcLE=,tag:pJW45ijV+wVTR+4IRnLcsw==,type:str] restic-repository: ENC[AES256_GCM,data:KkFaam8iltY9nz89sVxk4u0xZ46Sq+7UsOY/9wieASD5A2FRruou7BiudX9X4hRA2RMTctO8aqYkrg==,iv:mIZ9z7BJV9s+wSiVMnzYAWM1/zsa6C+RCK1UhSiJVxI=,tag:S7tedxcfd/UaQ5hMEYfBVQ==,type:str] restic-env: ENC[AES256_GCM,data:KW9ma36zmHJF3xBStpoStDRQqg34wlMJMVSYfbLSnWq26R6e6eGf3+kTVkobhn/bqL6ZYi8ctlyvDS8IOz8VveYogsqxZ7/LK62mA0d9I3xEZMG7eNQ8M1PdeZ9RqAUgFJU=,iv:RxwvZ2vNuwmUc3haK2Ub8vHk9UQhjepLCwsfIcSJg9s=,tag:Tvq2RDh8mJ3jGhmpL1uuCA==,type:str] +readeck-env: ENC[AES256_GCM,data:0wy7B6iL25IBNpHAASa9GzN+Wc/IYPgd4LcSEggzZjBv5AC/JX35lcFOeWWXRrEAtzYw0C68Kk9O0rXhvbEDcvJyKyrTsBP498hgNb68jOqRwaZnlwJLcAA86HxSF4dUyv5Ua7zAPfXzJA4X,iv:MFar2GkvKjGnX6A3Jjy69MNEMF2uOPkrolp3/uQqzTQ=,tag:wNdOAlzsFfl2Dnt9mYVi+Q==,type:str] sops: age: - recipient: age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 @@ -15,8 +16,8 @@ sops: L2VhMXV4WityYUFDZytxVTJHOXZGVVkKgbKR56dsru6U7I4KpnxfxQsswFwJsTM7 8dzAaFl30mdRwFIH9kzdY3XxyYsJ0Yr0x3xwJ8mI4rjgpI8S9ihJFw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-04T21:04:47Z" - mac: ENC[AES256_GCM,data:fGTVTDhqVNLQJaZyBFhBEauW/Cnb/V57aHOcaeODNeA9g1oZiC3IzUkpRVnEC+gPx4KLDrBwuCk7Au/TarVpFVK+nyqcwrDgr2RsWtVDP0UQH/+8G8PkASxnMnTp/oQnvEKGAbySfGelqEQkDhbMiR7GaP99lJcIoIQ/wG87peA=,iv:+NJnPQmh6VYzDu/UoGv1YHVGfMocKMdX5XxZG6FmS90=,tag:vnHzhvOQOw0U7BwNJKA0kw==,type:str] + lastmodified: "2025-12-14T23:03:53Z" + mac: ENC[AES256_GCM,data:cRQBdfI7eQ0rN5HFzYmopLxEiLJah5MX8Bvdj7nR8gjAlnlLdh/AkktzyDRjLeC+NuikHoJV3/IPlNKtbP1WyCiwyFOF/iHo96mUOnUAuaMO8LWTHCm6eHC6oZndwiS0vDyHiar7oBhcffHKCXwIffDkSgMgWwQXxB8q/VjqqQg=,iv:pl99HOK8+XVaffo+K9iHYhOBmGQ6PuVtrcwtgLkACy8=,tag:DZrWtaUXBf6yUvsa2G4nhQ==,type:str] pgp: - created_at: "2025-02-03T18:58:54Z" enc: |- @@ -30,4 +31,4 @@ sops: -----END PGP MESSAGE----- fp: A972C2063F4F2554 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 From 7de84f5bf503e6511d3aabb18f099d19e0f781d0 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 14 Dec 2025 23:39:55 -0500 Subject: [PATCH 06/10] Revert "Add readeck service." This reverts commit c231e5349e9f2fed7f59a220447cd8091d90877f. --- common/services/readeck.nix | 49 ---------------------- machines/lebesgue/config/configuration.nix | 6 --- machines/lebesgue/config/routing.nix | 6 --- machines/lebesgue/config/secrets.nix | 2 - machines/lebesgue/config/state.nix | 1 - machines/lebesgue/secrets/main.yaml | 7 ++-- 6 files changed, 3 insertions(+), 68 deletions(-) delete mode 100644 common/services/readeck.nix diff --git a/common/services/readeck.nix b/common/services/readeck.nix deleted file mode 100644 index be34c9e..0000000 --- a/common/services/readeck.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) types mkEnableOption mkIf mkOption; - - cfg = config.foehammer.services.readeck; -in { - options.foehammer.services.readeck = { - enable = mkEnableOption "Enable readeck server"; - - port = mkOption { - type = lib.types.port; - default = 8224; - description = '' - What external port to serve over. - ''; - }; - - envFile = mkOption { - type = types.nullOr types.path; - }; - - domain = mkOption { - type = types.str; - description = '' - Readeck's domain. - ''; - }; - }; - - config = mkIf cfg.enable { - services.readeck = { - enable = true; - environmentFile = cfg.envFile; - settings = { - server = { - port = cfg.port; - base_url = cfg.domain; - }; - extractor = { - workers = 2; - }; - }; - }; - }; -} diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 6f6e1d1..0b8e21f 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -10,12 +10,6 @@ hashedPasswordFile = config.sops.secrets.admin-password.path; }; - services.readeck = { - enable = true; - domain = "https://bookmarks.foehammer.me"; - envFile = config.sops.secrets.readeck-env.path; - }; - services.goatcounter = { enable = true; }; diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index 4e24b00..d33c36c 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -18,12 +18,6 @@ reverse_proxy :${toString config.foehammer.services.goatcounter.port} ''; }; - - "bookmarks.foehammer.me" = { - extraConfig = '' - reverse_proxy :${toString config.foehammer.services.readeck.port} - ''; - }; }; }; } diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index 977a673..f8538b9 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -14,8 +14,6 @@ vaultwarden-env = {}; - readeck-env = {}; - restic-env = {owner = "restic";}; restic-password = {owner = "restic";}; restic-repository = {owner = "restic";}; diff --git a/machines/lebesgue/config/state.nix b/machines/lebesgue/config/state.nix index 25b8eaa..98db9fa 100644 --- a/machines/lebesgue/config/state.nix +++ b/machines/lebesgue/config/state.nix @@ -9,7 +9,6 @@ "/var/log" "/var/lib/nixos" "/var/lib/docker" - "/var/lib/private/readeck" "/var/lib/authelia-main" "/var/lib/caddy/.local/share/caddy" "/var/lib/vaultwarden" diff --git a/machines/lebesgue/secrets/main.yaml b/machines/lebesgue/secrets/main.yaml index 55b0814..e7208b5 100644 --- a/machines/lebesgue/secrets/main.yaml +++ b/machines/lebesgue/secrets/main.yaml @@ -4,7 +4,6 @@ vaultwarden-env: ENC[AES256_GCM,data:A1iRHxFxgI5P8DtsXQa1KvEKKnF+qZY7LVuJba00CLj restic-password: ENC[AES256_GCM,data:Ympe5/hJxOzJp7IeJy5mZy0fMIrnV+3cWJo1uKwbHHDJ0G4TNivMNrHEdff6CjVnAbkVgjkR90z1FJOpExd+KQ==,iv:CRJaA3fTG8B/qBDkwctgma4DaGDjoyk4eX6/SynIcLE=,tag:pJW45ijV+wVTR+4IRnLcsw==,type:str] restic-repository: ENC[AES256_GCM,data:KkFaam8iltY9nz89sVxk4u0xZ46Sq+7UsOY/9wieASD5A2FRruou7BiudX9X4hRA2RMTctO8aqYkrg==,iv:mIZ9z7BJV9s+wSiVMnzYAWM1/zsa6C+RCK1UhSiJVxI=,tag:S7tedxcfd/UaQ5hMEYfBVQ==,type:str] restic-env: ENC[AES256_GCM,data:KW9ma36zmHJF3xBStpoStDRQqg34wlMJMVSYfbLSnWq26R6e6eGf3+kTVkobhn/bqL6ZYi8ctlyvDS8IOz8VveYogsqxZ7/LK62mA0d9I3xEZMG7eNQ8M1PdeZ9RqAUgFJU=,iv:RxwvZ2vNuwmUc3haK2Ub8vHk9UQhjepLCwsfIcSJg9s=,tag:Tvq2RDh8mJ3jGhmpL1uuCA==,type:str] -readeck-env: ENC[AES256_GCM,data:0wy7B6iL25IBNpHAASa9GzN+Wc/IYPgd4LcSEggzZjBv5AC/JX35lcFOeWWXRrEAtzYw0C68Kk9O0rXhvbEDcvJyKyrTsBP498hgNb68jOqRwaZnlwJLcAA86HxSF4dUyv5Ua7zAPfXzJA4X,iv:MFar2GkvKjGnX6A3Jjy69MNEMF2uOPkrolp3/uQqzTQ=,tag:wNdOAlzsFfl2Dnt9mYVi+Q==,type:str] sops: age: - recipient: age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 @@ -16,8 +15,8 @@ sops: L2VhMXV4WityYUFDZytxVTJHOXZGVVkKgbKR56dsru6U7I4KpnxfxQsswFwJsTM7 8dzAaFl30mdRwFIH9kzdY3XxyYsJ0Yr0x3xwJ8mI4rjgpI8S9ihJFw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-14T23:03:53Z" - mac: ENC[AES256_GCM,data:cRQBdfI7eQ0rN5HFzYmopLxEiLJah5MX8Bvdj7nR8gjAlnlLdh/AkktzyDRjLeC+NuikHoJV3/IPlNKtbP1WyCiwyFOF/iHo96mUOnUAuaMO8LWTHCm6eHC6oZndwiS0vDyHiar7oBhcffHKCXwIffDkSgMgWwQXxB8q/VjqqQg=,iv:pl99HOK8+XVaffo+K9iHYhOBmGQ6PuVtrcwtgLkACy8=,tag:DZrWtaUXBf6yUvsa2G4nhQ==,type:str] + lastmodified: "2025-06-04T21:04:47Z" + mac: ENC[AES256_GCM,data:fGTVTDhqVNLQJaZyBFhBEauW/Cnb/V57aHOcaeODNeA9g1oZiC3IzUkpRVnEC+gPx4KLDrBwuCk7Au/TarVpFVK+nyqcwrDgr2RsWtVDP0UQH/+8G8PkASxnMnTp/oQnvEKGAbySfGelqEQkDhbMiR7GaP99lJcIoIQ/wG87peA=,iv:+NJnPQmh6VYzDu/UoGv1YHVGfMocKMdX5XxZG6FmS90=,tag:vnHzhvOQOw0U7BwNJKA0kw==,type:str] pgp: - created_at: "2025-02-03T18:58:54Z" enc: |- @@ -31,4 +30,4 @@ sops: -----END PGP MESSAGE----- fp: A972C2063F4F2554 unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.10.2 From d1ab660c43a93f74b35ac080cf7cbfc717404e1f Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 14 Dec 2025 23:43:37 -0500 Subject: [PATCH 07/10] Fix deploy script to call nix develop. --- machines/lebesgue/deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/lebesgue/deploy b/machines/lebesgue/deploy index 7ed4073..18858c1 100755 --- a/machines/lebesgue/deploy +++ b/machines/lebesgue/deploy @@ -1,7 +1,7 @@ #!/usr/bin/env bash function deploy() { - nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose + nix develop -c nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose } nix flake update common From dfb52f269ce2d78c2dc4a6e3add3f6ae8cc275d2 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Wed, 17 Dec 2025 17:29:11 -0600 Subject: [PATCH 08/10] Update Nixpkgs to 25.11 --- flake.nix | 2 +- machines/lebesgue/flake.lock | 16 ++++++++-------- machines/lebesgue/flake.nix | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 2477894..dbdb0b3 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; flake-parts.url = "github:hercules-ci/flake-parts"; }; diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index 11e191d..a51170c 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -50,16 +50,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765363881, - "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=", + "lastModified": 1765838191, + "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0", + "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -81,16 +81,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1765838191, + "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } diff --git a/machines/lebesgue/flake.nix b/machines/lebesgue/flake.nix index 7392f46..9c6748f 100644 --- a/machines/lebesgue/flake.nix +++ b/machines/lebesgue/flake.nix @@ -2,7 +2,7 @@ inputs = { common.url = "path:../.."; - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; sops-nix = { url = "github:Mic92/sops-nix"; From 7d90587392fe0bd48578a0813de70fb63d5641c0 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 28 Dec 2025 20:49:16 -0600 Subject: [PATCH 09/10] Add forgejo, remove authelia. --- common/services/gitea.nix | 57 ++++++++++++++ flake.lock | 87 +++++++++++++++++++++- flake.nix | 53 ++++++------- machines/lebesgue/config/configuration.nix | 20 ++--- machines/lebesgue/config/routing.nix | 9 +-- machines/lebesgue/config/secrets.nix | 14 ---- machines/lebesgue/config/state.nix | 1 + machines/lebesgue/flake.lock | 6 +- 8 files changed, 179 insertions(+), 68 deletions(-) create mode 100644 common/services/gitea.nix diff --git a/common/services/gitea.nix b/common/services/gitea.nix new file mode 100644 index 0000000..b9a96f4 --- /dev/null +++ b/common/services/gitea.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf mkOption; + + cfg = config.foehammer.services.forgejo; +in { + options.foehammer.services.forgejo = { + enable = mkEnableOption "Enable Gitea Server"; + + port = mkOption { + type = lib.types.port; + default = 8225; + description = '' + What external port to serve over. + ''; + }; + + ssh-port = mkOption { + type = lib.types.port; + default = 2222; + description = '' + What external port to serve over. + ''; + }; + + domain = mkOption { + type = lib.types.str; + }; + }; + + config = mkIf cfg.enable { + services.forgejo = { + enable = true; + lfs.enable = true; + + settings = { + service = { + DISABLE_REGISTRATION = true; + SHOW_REGISTRATION_BUTTON = false; + }; + ui = { + SHOW_USER_EMAIL = false; + }; + server = { + HTTP_PORT = cfg.port; + DOMAIN = cfg.domain; + ROOT_URL = "https://${cfg.domain}"; + SSH_PORT = cfg.ssh-port; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 653992c..518fe62 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,50 @@ { "nodes": { + "alejandra": { + "inputs": { + "fenix": "fenix", + "flakeCompat": "flakeCompat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660592437, + "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "e7eac49074b70814b542fee987af2987dd0520b5", + "type": "github" + }, + "original": { + "owner": "kamadorueda", + "ref": "3.0.0", + "repo": "alejandra", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1657607339, + "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -18,18 +63,34 @@ "type": "github" } }, + "flakeCompat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1765363881, - "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=", + "lastModified": 1766736597, + "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0", + "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -51,9 +112,27 @@ }, "root": { "inputs": { + "alejandra": "alejandra", "flake-parts": "flake-parts", "nixpkgs": "nixpkgs" } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1657557289, + "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "caf23f29144b371035b864a1017dbc32573ad56d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index dbdb0b3..70eae05 100644 --- a/flake.nix +++ b/flake.nix @@ -6,36 +6,37 @@ }; outputs = inputs @ {self, ...}: - inputs.flake-parts.lib.mkFlake {inherit inputs;} (toplevel @ {withSystem, ...}: { - systems = ["aarch64-darwin" "aarch64-linux" "x86_64-linux"]; + inputs.flake-parts.lib.mkFlake {inherit inputs;} (toplevel @ {withSystem, ...}: { + systems = ["aarch64-darwin" "aarch64-linux" "x86_64-linux"]; - perSystem = { - config, - self', - inputs', - pkgs, - system, - ... - }: { - _module.args.pkgs = import inputs.nixpkgs { - localSystem = system; - config = { - allowUnfree = true; - allowAliases = true; - }; - # overlays = [self.overlays.default]; + perSystem = { + config, + self', + inputs', + pkgs, + system, + ... + }: { + _module.args.pkgs = import inputs.nixpkgs { + localSystem = system; + config = { + allowUnfree = true; + allowAliases = true; }; - - # packages = import ./lib/packages.nix pkgs; + # overlays = [self.overlays.default]; }; - flake = { - lib = import ./lib inputs.nixpkgs withSystem; - # overlays.default = final: prev: (import ./lib/packages.nix prev); + # packages = import ./lib/packages.nix pkgs; + }; - nixosModules.default = {...}: { - imports = self.lib.utils.findNixFiles ./common; - }; + flake = { + lib = import ./lib inputs.nixpkgs withSystem; + + # overlays.default = final: prev: (import ./lib/packages.nix prev); + + nixosModules.default = {...}: { + imports = self.lib.utils.findNixFiles ./common; }; - }); + }; + }); } diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 0b8e21f..1e6bb38 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -14,6 +14,11 @@ enable = true; }; + services.forgejo = { + enable = true; + domain = "forge.foehammer.me"; + }; + services.vaultwarden = { enable = true; domain = "https://passwords.foehammer.me"; @@ -21,19 +26,6 @@ envPath = config.sops.secrets.vaultwarden-env.path; }; - services.authelia = { - enable = true; - domain = "foehammer.me"; - url = "https://auth.foehammer.me"; - jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path; - - userDbFile = config.sops.secrets.authelia-users.path; - # oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path; - # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path; - sessionSecretFile = config.sops.secrets.authelia-session-secret.path; - storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path; - }; - backups.restic = { enable = true; @@ -41,7 +33,7 @@ environmentFile = config.sops.secrets.restic-env.path; passwordFile = config.sops.secrets.restic-password.path; - paths = ["/var/lib/vaultwarden" "/var/lib/authelia"]; + paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"]; }; tailscale = { diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index d33c36c..35027d9 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -8,14 +8,9 @@ reverse_proxy :${toString config.foehammer.services.vaultwarden.port} ''; }; - "auth.foehammer.me" = { + "forge.foehammer.me" = { extraConfig = '' - reverse_proxy :${toString config.foehammer.services.authelia.port} - ''; - }; - "goatcounter.foehammer.me" = { - extraConfig = '' - reverse_proxy :${toString config.foehammer.services.goatcounter.port} + reverse_proxy :${toString config.foehammer.services.forgejo.port} ''; }; }; diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index f8538b9..89cbc0e 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -3,10 +3,6 @@ defaultSopsFile = ../secrets/main.yaml; secrets = let - autheliaSecret = { - owner = "authelia-main"; - sopsFile = ../secrets/authelia/secrets.yaml; - }; in { admin-password.neededForUsers = true; @@ -17,16 +13,6 @@ restic-env = {owner = "restic";}; restic-password = {owner = "restic";}; restic-repository = {owner = "restic";}; - - authelia-jwtsecret = autheliaSecret; - authelia-oidc-privkey = autheliaSecret; - authelia-oidc-hmac = autheliaSecret; - authelia-session-secret = autheliaSecret; - authelia-storage-encryption = autheliaSecret; - authelia-users = { - owner = "authelia-main"; - sopsFile = ../secrets/authelia/users.yaml; - }; }; }; } diff --git a/machines/lebesgue/config/state.nix b/machines/lebesgue/config/state.nix index 98db9fa..26efd42 100644 --- a/machines/lebesgue/config/state.nix +++ b/machines/lebesgue/config/state.nix @@ -4,6 +4,7 @@ environment.persistence."/persist" = { directories = [ "/var/cache/restic-backups-s3" + "/var/lib/forgejo" "/var/lib/tailscale" "/var/lib/goatcounter" "/var/log" diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index a51170c..a1eae4a 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -50,11 +50,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765838191, - "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", + "lastModified": 1766736597, + "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", + "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852", "type": "github" }, "original": { From 60424d6ff264b88ee6d3b651de8875cd3d0061cd Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Sun, 28 Dec 2025 21:01:24 -0600 Subject: [PATCH 10/10] Change gitea ssh port. --- common/services/gitea.nix | 10 ++++++++-- machines/lebesgue/config/configuration.nix | 1 + machines/lebesgue/config/routing.nix | 5 +++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/common/services/gitea.nix b/common/services/gitea.nix index b9a96f4..b60a41a 100644 --- a/common/services/gitea.nix +++ b/common/services/gitea.nix @@ -21,15 +21,20 @@ in { ssh-port = mkOption { type = lib.types.port; - default = 2222; + default = 22; description = '' - What external port to serve over. + Where ssh is available. ''; }; domain = mkOption { type = lib.types.str; }; + + ssh-domain = mkOption { + type = lib.types.str; + default = cfg.domain; + }; }; config = mkIf cfg.enable { @@ -49,6 +54,7 @@ in { HTTP_PORT = cfg.port; DOMAIN = cfg.domain; ROOT_URL = "https://${cfg.domain}"; + SSH_DOMAIN = cfg.ssh-domain; SSH_PORT = cfg.ssh-port; }; }; diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 1e6bb38..9df77b6 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -17,6 +17,7 @@ services.forgejo = { enable = true; domain = "forge.foehammer.me"; + ssh-domain = "lebesgue"; }; services.vaultwarden = { diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index 35027d9..6d5c70a 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -8,6 +8,11 @@ reverse_proxy :${toString config.foehammer.services.vaultwarden.port} ''; }; + "goatcounter.foehammer.me" = { + extraConfig = '' + reverse_proxy :${toString config.foehammer.services.goatcounter.port} + ''; + }; "forge.foehammer.me" = { extraConfig = '' reverse_proxy :${toString config.foehammer.services.forgejo.port}