mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add temporary homepage

Browse source
This commit is contained in:
oddlama 2024-04-12 20:28:27 +02:00
parent 36baaef47d
commit c345f4e937
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 27 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/nom/secrets/host.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOdYhY/DnXpizajoeLefH6gsc/RX9x3Y6T3C1a+0sb0 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH64l5nh2ryG+1I2sXvfr7m8kTLP5N3CmnK12MHHKSfr

20
hosts/sentinel/default.nix
View file

@ -1,4 +1,8 @@
{config, ...}: { {
config,
pkgs,
...
}: {
imports = [ imports = [
../../modules/optional/hardware/hetzner-cloud.nix ../../modules/optional/hardware/hetzner-cloud.nix
@ -16,9 +20,23 @@
users.groups.acme.members = ["nginx"]; users.groups.acme.members = ["nginx"];
wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [80 443]; wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [80 443];
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.recommendedSetup = true; services.nginx.recommendedSetup = true;
services.nginx.virtualHosts.${config.repo.secrets.global.domains.me} = {
forceSSL = true;
useACMEWildcardHost = true;
locations."/".root = pkgs.runCommand "index.html" {} ''
mkdir -p $out
cat > $out/index.html <<EOF
<html>
<body>Not empty soon TM. Until then please go here: <a href="https://github.com/oddlama">oddlama</a></body>
</html>
EOF
'';
};
meta.promtail = { meta.promtail = {
enable = true; enable = true;
proxy = "sentinel"; proxy = "sentinel";

4
modules/acme-wildcard.nix
View file

@ -6,6 +6,7 @@
inherit inherit
(lib) (lib)
assertMsg assertMsg
elem
filter filter
genAttrs genAttrs
hasInfix hasInfix
@ -37,6 +38,9 @@ in {
# If no such domain is found then an assertion is triggered. # If no such domain is found then an assertion is triggered.
domain = submod.config._module.args.name; domain = submod.config._module.args.name;
matchingCerts = matchingCerts =
if elem domain config.security.acme.wildcardDomains
then [domain]
else
filter filter
(x: !hasInfix "." (removeSuffix ".${x}" domain)) (x: !hasInfix "." (removeSuffix ".${x}" domain))
config.security.acme.wildcardDomains; config.security.acme.wildcardDomains;

9
secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 grkLKQ wT/F1RZNRPv/nEpRO2K6uaaUgblmQ+Snl0l0oaQ8biQ
l2Spr1bBxZ780TqPyzLu8e+Bu/V7wHGVEOnht6obgm4
-> a-grease ajoj }}yuQ_]d ]\g'
WsHmUGNgl8O1jJaoW2mHzJtxngWIQWUngA0y/Q
--- yG/0WUD+R7eWZv+DNiH24Y8GW3FvYgHDftlFi8ngpdA
oå)8ù!ÛX?r¸€%²ÜJ‘�Ù†R¢q9éò_¤Ÿ]·jr;ÚCå?ï,vLFð‹÷­‰é5DÚx&Ü.1/î½vN;H’�4‡7\øV€›ÿ�£„Ô> Ÿ6ÐLÒ9!à õ�>:þ™*¹Uóßåðíêóî5b­[®„ñéÂh/nSo²
 'ø(iÏ—ÒˆŽy5D.]�èI†c”ç–JFY_-�Z‘à Ÿ›Ô!ÏLÉØ0Vë¢ñê^3ó¯ïÆOÕ)í3QÝèÿ‹ôÔ.åô¶<a“‡ìÓWJ™ÐmnKM$û¿L¬ãAXƒttÍØG�““Í-e.æ­zœ×5¨I,c€OÝ 8\´ù©ŸI,?ƒ{Ë.É !‘¹�ös&cvhº ÏüAP¶5iƒ60v=·Å׎ · Rˆdš9NÇÒ„Á
IµÍ ‚õê¸*p\) s�ceÔ uHfºªþ¬dùK®;]`9}ó½ë®u£¬¢L}V~äÖ…@jÔ,Xà+¬ñ3Áwüª�䔚 ±–x†¢¿‰¢ÞöÜõh¶<&æj&5…¾êŠyT+û=

BIN
secrets/rekeyed/nom/69289feee2d5937fef7af87d9e69ff21-my-gpg-pubkey-yubikey.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/nom/721d8d346921babf7fd06eb73e5636b3-my-gpg-pubkey-yubikey.age
View file

Binary file not shown.

BIN
secrets/rekeyed/nom/d1cb656317c735d7c4c2275747fb21c4-initrd_host_ed25519_key.age Normal file
View file

Binary file not shown.