sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
fork atom

feat: caddy + services

Chloe b0b57a21 b51c435e

options
unified split
Changed files
+232
hosts
dullscythe
default.nix
secrets
caddy.env.age
secrets.nix
services
caddy.nix
default.nix
glance
default.nix
glance.yml
+1
hosts/dullscythe/default.nix
··· 1 1 { 2 2 imports = [ 3 3 ./hardware.nix 4 + ../../services 4 5 ]; 5 6 6 7 settings = {
+13
secrets/caddy.env.age
··· 1 + -----BEGIN AGE ENCRYPTED FILE----- 2 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFDVDk3dyBtdXht 3 + R0xWSE9oS01obUxRL3l6QVhWamNyZDRoZ1ZESEc1V3g4WkZZeDJnCmc0TlhuRlhR 4 + MW83VFNWa3NCZjhyRHpXYlRiS2d0ZGRTMGpyNFlUN3hoRzQKLT4gc3NoLWVkMjU1 5 + MTkgZVAzVHRRIEsvbWk2dFg1MlB0VGRTL2NET2FIWW1MREc1RUVGSEQvUFFoZTdh 6 + Sm9RU1UKY2pTeW9BMnVlcHh0OS92a3ZLSWwrTUtEdm82ajFRdC91YzZiSzdKUnY0 7 + bwotPiBSe3dlTS1ncmVhc2UgT1dyfSByZ2Y8bSA0dFVOLC0KbmEyQk1KaVlGcjdK 8 + bGp1d3JML2Z5WFVsWnlxdzJ1Y3owTHVQNEJwMnMrc0Jvd0FKSm9pNnZnTVVicVdU 9 + UmYyVQp0N2c4Tk1LR2x3cEo0WHNHS2ZCMW9DbEpBL3FOQ3FOakJZcDZ0aGcKLS0t 10 + IHJxOVhmRzhacHF2ZWlRT1FaOHU3Wk4zOUV1NVE5VzgrMEtXbEUzOUpoWFUK0AIu 11 + jL2DKEdBY9fnhsxzAJF3YdYvZp3ZodaO7zeeK23iCaqCB2MTFrMgJ5z420yA+JDH 12 + E8wwcXDVNFfoEyLKcy4v/s4oNpf+aILb5TQMxBESMJ/LusA= 13 + -----END AGE ENCRYPTED FILE-----
+12
secrets/secrets.nix
··· 1 + let 2 + key1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJug+9rnFngnFQpY0lAO0NuVBhDCcJc5imPHazgOSTTx"; 3 + key2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICM6XP+CNc2CStEDe/W4LfkcRcG98obQiM2aqnydCRbX"; 4 + 5 + keys = [ 6 + key1 7 + key2 8 + ]; 9 + in 10 + { 11 + "caddy.env.age".publicKeys = keys; 12 + }
+51
services/caddy.nix
··· 1 + { config, pkgs, ... }: 2 + 3 + { 4 + age.secrets.caddy_env = { 5 + file = ../secrets/caddy.env.age; 6 + mode = "600"; 7 + }; 8 + 9 + services.caddy = { 10 + enable = true; 11 + package = pkgs.caddy.withPlugins { 12 + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; 13 + hash = "sha256-XwZ0Hkeh2FpQL/fInaSq+/3rCLmQRVvwBM0Y1G1FZNU="; 14 + }; 15 + environmentFile = config.age.secrets.caddy_env.path; 16 + globalConfig = '' 17 + email chloe@sapphic.moe 18 + ''; 19 + extraConfig = '' 20 + (tls_cloudflare) { 21 + tls { 22 + dns cloudflare {env.CF_API_TOKEN} 23 + resolvers 8.8.8.8 1.1.1.1 24 + } 25 + } 26 + (common) { 27 + encode zstd gzip 28 + } 29 + ''; 30 + virtualHosts."home.sappho.systems" = { 31 + listenAddresses = [ "::" ]; 32 + extraConfig = '' 33 + import common 34 + import tls_cloudflare 35 + reverse_proxy http://localhost:4040 36 + ''; 37 + }; 38 + }; 39 + 40 + systemd.services.caddy = { 41 + serviceConfig = { 42 + EnvironmentFile = config.age.secrets.caddy_env.path; 43 + }; 44 + }; 45 + 46 + networking.firewall.allowedTCPPorts = [ 47 + 80 48 + 443 49 + ]; 50 + networking.firewall.allowedUDPPorts = [ 443 ]; 51 + }
+6
services/default.nix
··· 1 + { 2 + imports = [ 3 + ./caddy.nix 4 + ./glance/default.nix 5 + ]; 6 + }
+20
services/glance/default.nix
··· 1 + { pkgs, ... }: 2 + 3 + { 4 + systemd.services.glance = { 5 + description = "Glance dashboard"; 6 + after = [ "network.target" ]; 7 + wantedBy = [ "multi-user.target" ]; 8 + reloadTriggers = [ "/etc/glance.yml" ]; 9 + serviceConfig = { 10 + ExecStart = '' 11 + ${pkgs.glance}/bin/glance --config /etc/glance.yml 12 + ''; 13 + Restart = "always"; 14 + RestartSec = 2; 15 + }; 16 + }; 17 + 18 + environment.etc."glance.yml".text = builtins.readFile ./glance.yml; 19 + networking.firewall.allowedTCPPorts = [ 4040 ]; 20 + }
+129
services/glance/glance.yml
··· 1 + # Example Glance config 2 + # Replace with your actual configuration 3 + 4 + server: 5 + host: 0.0.0.0 6 + port: 4040 7 + 8 + 9 + theme: 10 + background-color: 240 21 15 11 + contrast-multiplier: 1.2 12 + primary-color: 316 72 86 13 + positive-color: 115 54 76 14 + negative-color: 343 81 75 15 + 16 + pages: 17 + - name: Home 18 + columns: 19 + - size: small 20 + widgets: 21 + - type: clock 22 + hour-format: 24h 23 + timezones: 24 + - timezone: Australia/Sydney 25 + label: Sydney 26 + - timezone: Europe/Istanbul 27 + label: Istanbul 28 + - timezone: Europe/Amsterdam 29 + label: Amsterdam 30 + - timezone: Europe/London 31 + label: London 32 + - timezone: America/Menominee 33 + label: Wisconsin 34 + - timezone: America/Vancouver 35 + label: Victoria Island 36 + 37 + - type: rss 38 + limit: 10 39 + collapse-after: 3 40 + cache: 3h 41 + feeds: 42 + - url: https://ovyerus.com/posts/rss.xml 43 + title: Ovyerus (blog) 44 + - url: https://ovyerus.com/weeknotes/rss.xml 45 + title: Ovyerus (weeknotes) 46 + - url: https://adryd.com/feed.xml 47 + title: adryd 48 + - url: https://notnite.com/blog/rss.xml 49 + title: notnite's blog 50 + - url: https://lyra.horse/blog/posts/index.xml 51 + title: Lyra (Rebane2001)'s posts 52 + - url: https://maia.crimew.gay/feed.xml 53 + title: maia blog 54 + - url: https://kibty.town/blog.rss 55 + title: xyzeva's blog 56 + - url: https://char.lt/blog.rss 57 + title: charlotte som's blog 58 + - url: https://mae.wtf/rss.xml 59 + title: vimae's blog 60 + - url: https://cookieplmonster.github.io/feed.xml 61 + title: Silent's blog 62 + - url: https://kittenlabs.de/index.xml 63 + title: KittenLabs 64 + - url: https://www.joshwcomeau.com/rss.xml 65 + title: Josh Comeau's blog 66 + - url: https://astro.build/rss.xml 67 + title: The Astro Blog 68 + - url: https://tailscale.com/blog/index.xml 69 + title: Blog on Tailscale 70 + - url: https://www.bungie.net/en/rss/News 71 + title: Destiny 2 72 + 73 + - type: twitch-channels 74 + channels: 75 + - jerma985 76 + - jollywangcore 77 + - northernlion 78 + - porterrobinson 79 + - rtgame 80 + - schlatt 81 + - vargskelethor 82 + 83 + - size: full 84 + widgets: 85 + - type: search 86 + search-engine: duckduckgo 87 + bangs: 88 + - title: YouTube 89 + shortcut: "!yt" 90 + url: https://www.youtube.com/results?search_query={QUERY} 91 + - type: hacker-news 92 + - type: videos 93 + channels: 94 + - UCQEnQfezywrAwkHWX_Uo_Qg # A Jolly Wangcore 95 + - UCQ6fPy9wr7qnMxAbFOGBaLw # Computer Clan 96 + - UC7Jwj9fkrf1adN4fMmTkpug # DankPods 97 + - UCsBjURrPoezykLs9EqgamOA # Fireship 98 + - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling 99 + - UCRcgy6GzDeccI7dkbbBna3Q # LEMMiNO 100 + - UCS5tt2z_DFvG7-39J3aE-bQ # Life of Boris 101 + - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips 102 + - UCWyrVfwRL-2DOkzsqrbjo5Q # NCommander 103 + - UC0fDG3byEcMtbOqPMymDNbw # Noclip 104 + - UCZB6V9fUov0Mx_us3MWWILg # People Make Games 105 + - UCKKKYE55BVswHgKihx5YXew # Porter Robinson 106 + - UClY084mbGLK_SLlOfgizjow # SalC1 107 + - UCQD3awTLw9i8Xzh85FKsuJA # SovietWomble 108 + - UCBa659QWEk1AI4Tg--mrJ2A # Tom Scott 109 + - UCHC4G4X-OR5WkY-IquRGa3Q # Tom Scott plus 110 + 111 + - size: small 112 + widgets: 113 + - type: weather 114 + hour-format: 24h 115 + location: Almaty, Kazakhstan 116 + 117 + - type: monitor 118 + cache: 1m 119 + title: Services 120 + sites: 121 + - title: Outline 122 + url: https://wiki.sappho.systems 123 + icon: https://gist.githubusercontent.com/SapphicMoe/06893190ae9df097c7a3a87afebaf7c9/raw/9a6df215b442a02d6bd1ea5581533f91cb66c1d0/test.svg 124 + - title: Owncloud 125 + url: https://cloud.sappho.systems 126 + icon: si:owncloud 127 + - title: Umami 128 + url: https://umami.sappho.systems 129 + icon: https://umami.sappho.systems/apple-touch-icon.png