+ what?

oluceps · Oct 1, 2024 · b67deda · b67deda
1 parent 6c41240
commit b67deda
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 80 deletions.
diff --git a/hosts/default.nix b/hosts/default.nix
@@ -14,7 +14,10 @@ let
       (i: i.host)
       (map (i: i.name))
     ]
-    ++ [ "bootstrap" ];
+    ++ [
+      "bootstrap"
+      "livecd"
+    ];
 in
 {
   flake.nixosConfigurations = genAttrs hosts (

diff --git a/hosts/hastur/caddy.nix b/hosts/hastur/caddy.nix
@@ -100,6 +100,33 @@
                   ];
                   match = [ { host = [ "s3.nyaw.xyz" ]; } ];
                 }
+
+                {
+                  match = [
+                    {
+                      host = [ config.networking.fqdn ];
+                      path = [
+                        "/prom"
+                        "/prom/*"
+                      ];
+                    }
+                  ];
+                  handle = [
+                    {
+                      handler = "authentication";
+                      providers.http_basic.accounts = [
+                        {
+                          username = "prometheus";
+                          password = "$2b$05$eZjq0oUqZzxgqdRaCRsKROuE96w9Y0aKSri3uGPccckPivESAinB6";
+                        }
+                      ];
+                    }
+                    {
+                      handler = "reverse_proxy";
+                      upstreams = [ { dial = "127.0.0.1:9090"; } ];
+                    }
+                  ];
+                }
               ];
               tls_connection_policies = [
                 {

diff --git a/hosts/livecd/additions.nix b/hosts/livecd/additions.nix
@@ -36,10 +36,9 @@
 
   systemd.services.nix-daemon = {
     serviceConfig.LimitNOFILE = lib.mkForce 500000000;
-    path = [ pkgs.netcat-openbsd ];
   };
   nix = {
-    package = pkgs.nixVersions.git;
+    package = pkgs.nixVersions.stable;
     registry = {
       nixpkgs.flake = inputs.nixpkgs;
       self.flake = inputs.self;
@@ -117,7 +116,7 @@
         sudo mkdir /mnt/{persist,etc,var,efi,nix}
         sudo mount -o compress=zstd,discard=async,noatime,subvol=nix /dev/$1 /mnt/nix
         sudo mount -o compress=zstd,discard=async,noatime,subvol=persist /dev/$1 /mnt/persist
-        sudo mount /dev/nvme0n1p1 /mnt/efi
+        echo "please manually mount efi system"
         sudo mount -o bind /mnt/persist/etc /mnt/etc
         sudo mount -o bind /mnt/persist/var /mnt/var
         echo "mount finished."

diff --git a/hosts/livecd/default.nix b/hosts/livecd/default.nix
@@ -4,32 +4,32 @@
   inputs,
   ...
 }:
-{
-  flake.nixosConfigurations.livecd = withSystem "x86_64-linux" (
-    _ctx@{
-      config,
-      inputs',
-      system,
-      ...
-    }:
-    let
-      inherit (self) lib;
-    in
-    lib.nixosSystem {
-      specialArgs = {
-        inherit lib inputs;
-        inherit (lib) data;
-        user = "nixos";
-      };
-      modules = [
-        {
-          nixpkgs = {
-            hostPlatform = system;
-          };
-        }
-        ./additions.nix
-        "${self}/modules/sing-box.nix"
-      ];
-    }
-  );
-}
+
+withSystem "x86_64-linux" (
+  _ctx@{
+    config,
+    inputs',
+    system,
+    ...
+  }:
+  let
+    inherit (self) lib;
+  in
+  lib.nixosSystem {
+    specialArgs = {
+      inherit lib inputs;
+      inherit (lib) data;
+      user = "nixos";
+    };
+    modules = [
+      {
+        nixpkgs = {
+          hostPlatform = system;
+        };
+      }
+      ./additions.nix
+      inputs.lix-module.nixosModules.default
+      "${self}/modules/sing-box.nix"
+    ];
+  }
+)
diff --git a/hosts/yidhra/caddy.nix b/hosts/yidhra/caddy.nix
@@ -42,26 +42,5 @@
         match = [ { host = [ "s3.nyaw.xyz" ]; } ];
       }
     ];
-    settings.apps.http.servers.srv0.tls_connection_policies = [
-      {
-        match = {
-          sni = [
-            "s3.nyaw.xyz"
-          ];
-        };
-        certificate_selection = {
-          any_tag = [ "cert0" ];
-        };
-      }
-    ];
-
-    settings.apps.tls.certificates.load_files = [
-      {
-        certificate = "/run/credentials/caddy.service/nyaw.cert";
-        key = "/run/credentials/caddy.service/nyaw.key";
-        tags = [ "cert0" ];
-      }
-    ];
-
   };
 }
diff --git a/repack/caddy.nix b/repack/caddy.nix
@@ -37,32 +37,6 @@ in
           listen = [ ":443" ];
           strict_sni_host = false;
           routes = [
-            {
-              match = [
-                {
-                  host = [ config.networking.fqdn ];
-                  path = [
-                    "/prom"
-                    "/prom/*"
-                  ];
-                }
-              ];
-              handle = [
-                {
-                  handler = "authentication";
-                  providers.http_basic.accounts = [
-                    {
-                      username = "prometheus";
-                      password = "$2b$05$eZjq0oUqZzxgqdRaCRsKROuE96w9Y0aKSri3uGPccckPivESAinB6";
-                    }
-                  ];
-                }
-                {
-                  handler = "reverse_proxy";
-                  upstreams = [ { dial = "10.0.1.2:9090"; } ];
-                }
-              ];
-            }
             {
               match = [
                 {