modules =
[ ./hosts/these/configuration.nix sops-nix.nixosModules.sops ];
};
+ more = nixpkgs.lib.nixosSystem {
+ specialArgs = attrs;
+ modules =
+ [ ./hosts/more/configuration.nix sops-nix.nixosModules.sops ];
+ };
};
} // flake-utils.lib.eachDefaultSystem (system:
let
'';
init-secrets = pkgs.writeShellScriptBin "init-secrets" ''
mkdir -p ~/.config/sops/age
- cp $1 /tmp/init-secrets-key &&
+ cp "$1" /tmp/init-secrets-key &&
${pkgs.openssh}/bin/ssh-keygen -p -N "" -f /tmp/init-secrets-key &&
${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i /tmp/init-secrets-key > ~/.config/sops/age/keys.txt
rm /tmp/init-secrets-key
echo Your age public key is:
${pkgs.age}/bin/age-keygen -y ~/.config/sops/age/keys.txt
'';
+ rekey-secrets = pkgs.writeShellScriptBin "rekey-secrets" ''
+ ${pkgs.sops}/bin/sops updatekeys "$1"
+ '';
in {
devShells.default = pkgs.mkShell {
buildInputs = [
pkgs.age
(deploy "these" "root@these.awful.systems")
(go "these" "root@these.awful.systems")
+ (deploy "more" "root@more.awful.systems")
+ (go "more" "root@more.awful.systems")
init-secrets
pkgs.bashInteractive
];
};
+ packages.maint-mode =
+ (pkgs.callPackage ./maint-mode/site.nix {});
});
}
let
new-repo = pkgs.writeShellScriptBin "new-repo" ''
-mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
-${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
-chown -R git:git ${config.users.extraUsers.git.home}/repos
-'';
- in
-{
+ mkdir -p ${config.users.extraUsers.git.home}/repos/''${1}.git
+ ${pkgs.git}/bin/git init --bare ${config.users.extraUsers.git.home}/repos/''${1}.git/
+ chown -R git:git ${config.users.extraUsers.git.home}/repos
+ '';
+in {
+ imports = [ ../secrets/keys/git.nix ];
+
users.extraUsers.git = {
uid = 402;
isSystemUser = true;
enable = true;
location = "/git";
group = "git";
- virtualHost = "awful.systems";
+ virtualHost = "awful.systems these.awful.systems these";
};
services.gitweb = {
--- /dev/null
+{ config, lib, pkgs, ... }:
+
+{
+ services.nginx.virtualHosts."awful.systems".locations."/git" = {
+ proxyPass = "http://these/git";
+ };
+}
{ pkgs, ... }:
{
- imports = [
- ../../hardware/hetzner-cloud/cpx31.nix
- ../../secrets
- ../../maint-mode
- ];
+ imports =
+ [ ../../hardware/hetzner-cloud/cpx31.nix ../../secrets ../../maint-mode ];
networking.hostName = "more";
+
+ awful.systems.maint-mode = {
+ enable = true;
+ virtualHost = "awful.systems";
+ };
}
{ pkgs, ... }:
{
imports = [
- ../../hardware/hetzner-cloud.nix
+ ../../hardware/hetzner-cloud/cp21.nix
../../secrets
../../pass
../../lemmy
--- /dev/null
+{ config, lib, pkgs, ... }:
+
+with lib;
+let cfg = config.awful.systems.maint-mode;
+in {
+ options.awful.systems.maint-mode = {
+ enable = mkEnableOption (mdDoc ''
+ Whether to configure nginx to display the maintenance mode route as default.
+ '');
+ virtualHost = mkOption {
+ type = types.str;
+ description = lib.mdDoc
+ "The nginx virtualHost to show the maintenance mode route for.";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.nginx = {
+ enable = true;
+ virtualHosts."${cfg.virtualHost}" = {
+ root = mkForce (pkgs.callPackage ./site.nix { });
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ };
+}
--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <link rel="stylesheet" href="maint-mode.css">
+ <title>awful.systems is down for maintenance</title>
+ </head>
+ <body>
+ <div class="content">
+ <div class="logo-container">
+ <img class="logo" src="sneer-club-logo.svg" alt="a logo indicating things are broken" />
+ </div>
+ <div>
+ awful.systems is down for upgrades! <a href="https://mas.to/@zzt">follow me on mastodon</a> for updates
+ </div>
+ </div>
+ </body>
+</html>
--- /dev/null
+html {
+ background-color: rgb(34, 34, 34);
+ color: white;
+}
+
+.content {
+ display: flex;
+ flex-direction: column;
+ align-items: center;
+ justify-content: center;
+}
+
+.logo-container {
+ width: 50%;
+ height: 50%;
+ padding: 2.5em;
+}
+
+.logo {
+ animation: rotate 600s infinite;
+}
+
+@keyframes rotate {
+ from { transform: rotate(0deg) }
+ to { transform: rotate(360deg) }
+}
--- /dev/null
+{ runCommand, ... }:
+
+runCommand "maint-mode-site" { } ''
+ mkdir -p $out
+ cp ${./index.html} $out/index.html
+ cp ${./maint-mode.css} $out/maint-mode.css
+ cp ${../assets/sneer-club-logo.svg} $out/sneer-club-logo.svg
+''
projects / awful.systems.git / commitdiff