From 2c90c2dcc0d839ec2838a8d0afabb2dd7fe1bb73 Mon Sep 17 00:00:00 2001 From: Bun Date: Wed, 9 Jul 2025 02:32:31 -0400 Subject: [PATCH] update flake and add ntfy --- flake.lock | 90 +++++++------------ hosts/midas/services/default.nix | 1 + modules/system/services/server/default.nix | 1 + .../services/server/nextcloud/default.nix | 2 + .../system/services/server/ntfy/default.nix | 19 ++++ .../services/server/ntfy/nginx/default.nix | 11 +++ .../settings/security/privilege/default.nix | 5 -- modules/system/users/default.nix | 1 + modules/system/users/main/default.nix | 9 +- modules/system/users/main/pixel9.pub | 1 + modules/system/users/main/warden.pub | 1 + modules/system/users/root/default.nix | 7 ++ 12 files changed, 83 insertions(+), 65 deletions(-) create mode 100644 modules/system/services/server/ntfy/default.nix create mode 100644 modules/system/services/server/ntfy/nginx/default.nix create mode 100644 modules/system/users/main/pixel9.pub create mode 100644 modules/system/users/main/warden.pub create mode 100644 modules/system/users/root/default.nix diff --git a/flake.lock b/flake.lock index 1a7b3ce5..7eaaa204 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ }, "crane": { "locked": { - "lastModified": 1748970125, - "narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=", + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", "owner": "ipetkov", "repo": "crane", - "rev": "323b5746d89e04b22554b061522dfce9e4c49b18", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", "type": "github" }, "original": { @@ -60,11 +60,11 @@ ] }, "locked": { - "lastModified": 1749436314, - "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1751810233, + "narHash": "sha256-kllkNbIqQi3VplgTMeGzuh1t8Gk8TauvkTRt93Km+tQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "9b0873b46c9f9e4b7aa01eb634952c206af53068", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1749495634, - "narHash": "sha256-NPifVq2XZGRCsLBoUt6M5YUTiIh23+ubq57w7mSODt8=", + "lastModified": 1751529406, + "narHash": "sha256-jwKDHyUycp678zDYa5Hyfq3msO73YMXdZPxp96dU7po=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "c40d2f31f92571bf341497884174a132829ef0fc", + "rev": "b2e5ce654e4f5bf8905c2e07a96dcf4966e6277d", "type": "github" }, "original": { @@ -338,11 +338,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1749471908, - "narHash": "sha256-uGfPqd43KTomeIVWUzHu3hGLWFsqYibhWLt2OaRic28=", + "lastModified": 1751381593, + "narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "00292388ad3b497763b81568d6ee5e1c4a2bcf85", + "rev": "f4eb75540307c2b33521322c04b7fea74e48a66f", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1749607590, - "narHash": "sha256-vvu9zoaYuuPIGG9YKRBMNqOELGN+x2qHbEK6PrZ/Ky0=", + "lastModified": 1751854764, + "narHash": "sha256-StA6nw3eYixvv1KKPKKD+L1nCxz65Gyx4zg5Es7V8tQ=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "83aaf9c7e3caa39608992e723cfb997624920a35", + "rev": "d4a00866abd69011e70ac3a5976db9008601fd09", "type": "github" }, "original": { @@ -441,15 +441,14 @@ "flake-parts": "flake-parts_2", "nixpkgs": [ "unstable" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1749614785, - "narHash": "sha256-yn6eDwnUr9vZYpneg+XNh0/tC1KA9a+yXxvFMEzOfco=", + "lastModified": 1752035121, + "narHash": "sha256-rMC8Q0pPtEuNXwMD9pVkudQeGN8mbotoJ8U6lPPqemg=", "owner": "nix-community", "repo": "NUR", - "rev": "14f8439ad1190d3dd09f9fcc6a033d9710d68806", + "rev": "88641e5053c688cc305ea8e47c38ad37895187bb", "type": "github" }, "original": { @@ -471,11 +470,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -508,11 +507,11 @@ ] }, "locked": { - "lastModified": 1749436897, - "narHash": "sha256-OkDtaCGQQVwVFz5HWfbmrMJR99sFIMXHCHEYXzUJEJY=", + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e7876c387e35dc834838aff254d8e74cf5bd4f19", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", "type": "github" }, "original": { @@ -523,11 +522,11 @@ }, "stable": { "locked": { - "lastModified": 1750005367, - "narHash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { @@ -566,34 +565,13 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "unstable": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index 96de5dea..638fa3fc 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -13,6 +13,7 @@ mysql.enable = true; nextcloud.enable = true; nfs.server.enable = true; + ntfy-sh.enable = true; owncast.enable = true; transmission.enable = true; uptime-kuma.enable = true; diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index ce67411b..bdaeb7ff 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -15,6 +15,7 @@ ./nextcloud ./nfs ./nginx + ./ntfy ./owncast ./transmission ./uptime-kuma diff --git a/modules/system/services/server/nextcloud/default.nix b/modules/system/services/server/nextcloud/default.nix index 87bfffda..18ce4878 100644 --- a/modules/system/services/server/nextcloud/default.nix +++ b/modules/system/services/server/nextcloud/default.nix @@ -19,6 +19,8 @@ trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ config.services.nextcloud.hostName ]; overwriteprotocol = "https"; + + # email mail_smtphost = "mx.${config.vars.mailDomain}"; mail_domain = "${config.vars.primeDomain}"; mail_from_address = "noreply"; diff --git a/modules/system/services/server/ntfy/default.nix b/modules/system/services/server/ntfy/default.nix new file mode 100644 index 00000000..85f3b9f6 --- /dev/null +++ b/modules/system/services/server/ntfy/default.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: +{ + imports = [ + ./nginx + ]; + + config = lib.mkIf config.services.ntfy-sh.enable { + services.ntfy-sh.settings = { + base-url = "https://ntfy.${config.vars.primeDomain}"; + behind-proxy = true; + listen-http = ":8811"; + + smtp-sender-addr = "mx.${config.vars.mailDomain}:587"; + smtp-sender-user = "noreply"; + smtp-sender-pass = config.secrets.mailPass.nixfoxNoReply; + smtp-sender-from = "noreply@${config.vars.primeDomain}"; + }; + }; +} diff --git a/modules/system/services/server/ntfy/nginx/default.nix b/modules/system/services/server/ntfy/nginx/default.nix new file mode 100644 index 00000000..272f918e --- /dev/null +++ b/modules/system/services/server/ntfy/nginx/default.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: +{ + services.nginx.virtualHosts."ntfy.${config.vars.primeDomain}" = lib.mkIf config.services.ntfy-sh.enable { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1${config.services.ntfy-sh.settings.listen-http}"; + proxyWebsockets = true; + }; + }; +} diff --git a/modules/system/settings/security/privilege/default.nix b/modules/system/settings/security/privilege/default.nix index 0dd9a19c..a2700af0 100644 --- a/modules/system/settings/security/privilege/default.nix +++ b/modules/system/settings/security/privilege/default.nix @@ -4,9 +4,4 @@ enable = true; execWheelOnly = true; }; - - # Allow root to be accessed via ssh - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3B9Uf3h5JiD2HjF/vQ5Zx9pibMgRrlf7ZoBktev9eB Warden" - ]; } diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix index f882f271..3f518f83 100644 --- a/modules/system/users/default.nix +++ b/modules/system/users/default.nix @@ -4,5 +4,6 @@ ./freecorn ./luna ./main + ./root ]; } diff --git a/modules/system/users/main/default.nix b/modules/system/users/main/default.nix index 6be3f4d5..f310ede1 100644 --- a/modules/system/users/main/default.nix +++ b/modules/system/users/main/default.nix @@ -6,14 +6,15 @@ linger = true; hashedPassword = config.secrets.accPass.main; openssh.authorizedKeys.keyFiles = [ + # Special keys + ./warden.pub + ./pixel9.pub + + # Host keys ../../../../hosts/tower/id_ed25519.pub ../../../../hosts/intuos/id_ed25519.pub ../../../../hosts/jupiter/id_ed25519.pub ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE17CtOBL2xR7xelq2HjAqESJVhNtKQe9ZCECKVx0LSO Warden2" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" - ]; extraGroups = [ # Privilige "wheel" diff --git a/modules/system/users/main/pixel9.pub b/modules/system/users/main/pixel9.pub new file mode 100644 index 00000000..e99394f1 --- /dev/null +++ b/modules/system/users/main/pixel9.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9 diff --git a/modules/system/users/main/warden.pub b/modules/system/users/main/warden.pub new file mode 100644 index 00000000..00a75710 --- /dev/null +++ b/modules/system/users/main/warden.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE17CtOBL2xR7xelq2HjAqESJVhNtKQe9ZCECKVx0LSO Warden diff --git a/modules/system/users/root/default.nix b/modules/system/users/root/default.nix new file mode 100644 index 00000000..259e4050 --- /dev/null +++ b/modules/system/users/root/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + # Allow root to be accessed via ssh + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../main/warden.pub + ]; +}