From 82a1220a1d603e6f0beab8622da9ae23a882d719 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Fri, 5 Apr 2024 15:08:51 -0600 Subject: make cgit service to host public git repos on bosco --- modules/nixos/cgit.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 modules/nixos/cgit.nix (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix new file mode 100644 index 0000000..fc331ec --- /dev/null +++ b/modules/nixos/cgit.nix @@ -0,0 +1,15 @@ +{ ... } : { # This is for hosting on bosco + services.cgit = { + bosco-git = { + enable = true; + nginx.location = "/git/"; + nginx.virtualHost = "git.myrmexia.xyz"; + repos = { + nixos-flake = { + desc = "A public repo for viewing my nixos config."; + path = "/srv/git/.flake.git"; + }; + }; + }; + }; +} -- cgit v1.2.3 From 6b343997573f932ac3d258f1f8d7606f68ca5602 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Fri, 5 Apr 2024 23:36:44 +0000 Subject: testing change in nginx virtualhost name for port conflict with caddy --- modules/nixos/cgit.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index fc331ec..7be2fdc 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -1,9 +1,13 @@ -{ ... } : { # This is for hosting on bosco +{ config, ... } : { # This is for hosting on bosco services.cgit = { bosco-git = { enable = true; nginx.location = "/git/"; - nginx.virtualHost = "git.myrmexia.xyz"; + nginx.virtualHost = "git.myrmexia.xyz:8081"; + settings = { + enable-commit-graph = 1; + enable-http-clone = 0; + }; repos = { nixos-flake = { desc = "A public repo for viewing my nixos config."; @@ -11,5 +15,11 @@ }; }; }; + # caddy = { + # enable = true; + # email = "devin.finlinson@pm.me"; + # virtualhosts."git.myrmexia.xyz".extraConfig = '' + # reverse_proxy http://localhost:${toString config.services.cgit.port} '' + # }; }; } -- cgit v1.2.3 From 70fa9682c8c6357733b646950405458b154dc675 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Fri, 5 Apr 2024 23:49:56 +0000 Subject: trying to change port for cgit nginx --- modules/nixos/cgit.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index 7be2fdc..f3a793f 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -3,7 +3,7 @@ bosco-git = { enable = true; nginx.location = "/git/"; - nginx.virtualHost = "git.myrmexia.xyz:8081"; + nginx.virtualHost = "git.myrmexia.xyz"; settings = { enable-commit-graph = 1; enable-http-clone = 0; @@ -15,11 +15,14 @@ }; }; }; + }; + services.nginx.virtualHosts."git.myrmexia.xyz" = { + listen.*.port = 8081; + }; # caddy = { # enable = true; # email = "devin.finlinson@pm.me"; # virtualhosts."git.myrmexia.xyz".extraConfig = '' # reverse_proxy http://localhost:${toString config.services.cgit.port} '' # }; - }; } -- cgit v1.2.3 From bc0454ced069ffa5713dd62c92b11554981dd8ed Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Fri, 5 Apr 2024 23:56:00 +0000 Subject: test format change for listen port --- modules/nixos/cgit.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index f3a793f..0cf6a09 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -17,8 +17,9 @@ }; }; services.nginx.virtualHosts."git.myrmexia.xyz" = { - listen.*.port = 8081; + listen.port = 8081; }; + # services.nginx.defaultHTTPListenPort # caddy = { # enable = true; # email = "devin.finlinson@pm.me"; -- cgit v1.2.3 From 368fc550688241d0dfabdf9510424263bd47ff7b Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Fri, 5 Apr 2024 23:59:07 +0000 Subject: runnning bad fix for now --- modules/nixos/cgit.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index 0cf6a09..402200c 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -16,10 +16,13 @@ }; }; }; - services.nginx.virtualHosts."git.myrmexia.xyz" = { - listen.port = 8081; - }; - # services.nginx.defaultHTTPListenPort + # services.nginx.virtualHosts."git.myrmexia.xyz" = { + # listen.port = 8081; + # }; + + # this solution is extremely hacky as it changes nginx system defaults instead of virtual host default + #TODO: fix + services.nginx.defaultHTTPListenPort = 8081; # caddy = { # enable = true; # email = "devin.finlinson@pm.me"; -- cgit v1.2.3 From d72eeae5b42165ab97e2f12cee6aeab008b898c1 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 01:24:41 +0000 Subject: more failed cgit experiments --- modules/nixos/cgit.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index 402200c..ce08052 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -1,9 +1,9 @@ { config, ... } : { # This is for hosting on bosco services.cgit = { - bosco-git = { + "git.myrmexia.xyz" = { enable = true; nginx.location = "/git/"; - nginx.virtualHost = "git.myrmexia.xyz"; + # nginx.virtualHost = "git.myrmexia.xyz"; settings = { enable-commit-graph = 1; enable-http-clone = 0; @@ -16,8 +16,8 @@ }; }; }; - # services.nginx.virtualHosts."git.myrmexia.xyz" = { - # listen.port = 8081; + # services.nginx.virtualHosts."git.myrmexia.xyz".listen.port = 8081; + # listen.port = 8081; # }; # this solution is extremely hacky as it changes nginx system defaults instead of virtual host default -- cgit v1.2.3 From 1e53f46930b7aa410858c3bc228caaf1726547e7 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 13:11:56 -0600 Subject: man colors should work with this bat theme --- modules/home-manager/bat.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/home-manager/bat.nix b/modules/home-manager/bat.nix index 13e8e6d..b54677f 100644 --- a/modules/home-manager/bat.nix +++ b/modules/home-manager/bat.nix @@ -4,6 +4,7 @@ enable = true; config = { pager = "less -FR"; + theme = "Solarized (dark)"; # theme = "catppuccin-mocha"; }; # themes = { -- cgit v1.2.3 From aa3f255a408ae189ec88b76e7c7313d5d8718cef Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 13:13:22 -0600 Subject: cleaning declarations --- modules/nixos/headscale.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/nixos/headscale.nix b/modules/nixos/headscale.nix index 261dd52..d56785f 100644 --- a/modules/nixos/headscale.nix +++ b/modules/nixos/headscale.nix @@ -1,4 +1,4 @@ -{config, pkgs, ...}: +{config, ...}: let domain = "myrmexia.xyz"; subDomain = "bosco.${domain}"; -- cgit v1.2.3 From a60472b7b010295843a6c0b91305a25624f2edee Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 13:38:30 -0600 Subject: add key for remote build --- modules/users/defin.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index 139845f..eab36bb 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -22,6 +22,8 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrt3+N4+ahtXZCUn11evQsVGsGgAohGwafC29/a4fk defin@Radahn" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" + #unlocked keys for remote build + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook" ]; }; }; -- cgit v1.2.3 From 04275d7faa164d960801548e74d648f89b62ac3c Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 13:57:24 -0600 Subject: trying another key --- modules/users/defin.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index eab36bb..393a718 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -24,6 +24,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" #unlocked keys for remote build "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstzru5ItF3ZhAAR4B8+iTZfGztbbMsKh01Y/K8lg+Q defin@zenbook" ]; }; }; -- cgit v1.2.3 From c34b0520c2cf21f476bbf4a7702648b71561f184 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 14:00:23 -0600 Subject: made a root key --- modules/users/defin.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index 393a718..6f22dcd 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -23,6 +23,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" #unlocked keys for remote build + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUdE8ETBYb9Is4BVekdgC5wStzcnWilSRhDmwp0vSX9 root@zenbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstzru5ItF3ZhAAR4B8+iTZfGztbbMsKh01Y/K8lg+Q defin@zenbook" ]; -- cgit v1.2.3 From 40b26850c3cbafaba54e025be24667dfe20a8288 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 14:06:07 -0600 Subject: testing no root keys --- modules/users/defin.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index 6f22dcd..393a718 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -23,7 +23,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" #unlocked keys for remote build - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUdE8ETBYb9Is4BVekdgC5wStzcnWilSRhDmwp0vSX9 root@zenbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstzru5ItF3ZhAAR4B8+iTZfGztbbMsKh01Y/K8lg+Q defin@zenbook" ]; -- cgit v1.2.3 From 1fa49f495753b6fa90be67633b9f1ceff121ebad Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 14:07:46 -0600 Subject: root can't user user keys even with no passphrase --- modules/users/defin.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index 393a718..b88fe2e 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -23,8 +23,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" #unlocked keys for remote build - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHslJRD5+7rytlVDzeZh6B/4XW8QWQ5dsWWDBbOXKTrJ defin@zenbook" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstzru5ItF3ZhAAR4B8+iTZfGztbbMsKh01Y/K8lg+Q defin@zenbook" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUdE8ETBYb9Is4BVekdgC5wStzcnWilSRhDmwp0vSX9 root@zenbook" ]; }; }; -- cgit v1.2.3 From 1d378703dae7171ea97e8b981adffc4b64f02ed5 Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 15:12:23 -0600 Subject: add builders group to nix truster users --- modules/users/defin.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index b88fe2e..b52ebe6 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -28,6 +28,7 @@ }; }; + nix.settings.trusted-users = [ "@builders" ]; # I can't think of a better spot to put this rn. services.openssh = { ports = [ 22 2200 ]; # needed because isp blocks ssh over 22 -- cgit v1.2.3 From e458ce87743db6a3d4ae69112deb864542b8edda Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 15:21:56 -0600 Subject: ssh agent auth for all systems test --- modules/users/defin.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index b52ebe6..af7e0cb 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -29,6 +29,7 @@ }; nix.settings.trusted-users = [ "@builders" ]; + security.pam.enableSSHAgentAuth = true; # I can't think of a better spot to put this rn. services.openssh = { ports = [ 22 2200 ]; # needed because isp blocks ssh over 22 -- cgit v1.2.3 From c40e52fffc7202ba86e6c1ab478989d9dd10eabc Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sat, 6 Apr 2024 15:34:30 -0600 Subject: switch to locked key --- modules/users/defin.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/defin.nix b/modules/users/defin.nix index af7e0cb..9d38f7b 100644 --- a/modules/users/defin.nix +++ b/modules/users/defin.nix @@ -22,8 +22,8 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrt3+N4+ahtXZCUn11evQsVGsGgAohGwafC29/a4fk defin@Radahn" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkGcmYIYCe6GHsZZvnXqsedF0wn+AhGSr+RPJtUO/kl defin@khad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaMYXO9ghATyUPzyE7aD/XVVmK9UAexueoGEYAqPT4L defin@kebab" - #unlocked keys for remote build - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUdE8ETBYb9Is4BVekdgC5wStzcnWilSRhDmwp0vSX9 root@zenbook" + # keys for remote build + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLx3RgUgbE7THS7hRZypyudEKffj0ppwQfQuxIpPf8H root@zenbook" ]; }; }; -- cgit v1.2.3 From a94cd3d5a3762e810cbdc629fd1072f669afc3ee Mon Sep 17 00:00:00 2001 From: Devin Finlinson Date: Sun, 7 Apr 2024 00:01:24 +0000 Subject: i just needed to open the port for cgit --- modules/nixos/cgit.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/nixos/cgit.nix b/modules/nixos/cgit.nix index ce08052..177158a 100644 --- a/modules/nixos/cgit.nix +++ b/modules/nixos/cgit.nix @@ -29,4 +29,5 @@ # virtualhosts."git.myrmexia.xyz".extraConfig = '' # reverse_proxy http://localhost:${toString config.services.cgit.port} '' # }; + networking.firewall.allowedTCPPorts = [8081]; } -- cgit v1.2.3