diff --git a/hosts/sugarcane/default.nix b/hosts/sugarcane/default.nix index b0fa44e..86e991b 100644 --- a/hosts/sugarcane/default.nix +++ b/hosts/sugarcane/default.nix @@ -4,25 +4,30 @@ time.timeZone = "Asia/Singapore"; age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; passwd.file = ../../secrets/passwd.age; wg_sugarcane.file = ../../secrets/wg_sugarcane.age; }; - imports = with modules.system; [ - (modulesPath + "/profiles/qemu-guest.nix") - inputs.home-manager-porcupine.nixosModule + imports = + (with modules.system; [ + (modulesPath + "/profiles/qemu-guest.nix") + inputs.home-manager-porcupine.nixosModule - base - home-manager - input - nix-porcupine - security - wireguard + base + home-manager + input + nix-porcupine + security + wireguard - ./filesystem.nix - ./kernel.nix - ./networking.nix - ./packages.nix + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./packages.nix - ../../users/hana - ]; + ../../users/hana + ]) ++ + (with modules.services; [ + nginx + ]); } diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 4b01c80..cdf6ba8 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,4 +1,5 @@ { config, inputs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; email = "me@lava.moe"; @@ -27,16 +28,16 @@ forceSSL = true; root = inputs.website.outPath; }; - "_" = { - default = true; - addSSL = true; - # TODO generate this somewhere - sslCertificate = "/persist/fakeCerts/fake.crt"; - sslCertificateKey = "/persist/fakeCerts/fake.key"; - extraConfig = '' - return 444; - ''; - }; + # "_" = { + # default = true; + # addSSL = true; + # # TODO generate this somewhere + # sslCertificate = "/persist/fakeCerts/fake.crt"; + # sslCertificateKey = "/persist/fakeCerts/fake.key"; + # extraConfig = '' + # return 444; + # ''; + # }; }; }; } diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index e7d4234..efdc001 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -6,8 +6,8 @@ let serverIp = "51.79.240.130"; forwarding = { - "80" = [ "10.100.0.2" "80" ]; - "443" = [ "10.100.0.2" "443" ]; +# "80" = [ "10.100.0.2" "80" ]; +# "443" = [ "10.100.0.2" "443" ]; "22727" = [ "10.100.0.3" "7777" ]; }; diff --git a/secrets.nix b/secrets.nix index a713b13..bf67798 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,7 +8,7 @@ in { "secrets/passwd.age".publicKeys = [ blossom caramel sugarcane rin ]; "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ]; - "secrets/acme_dns.age".publicKeys = [ caramel rin ]; + "secrets/acme_dns.age".publicKeys = [ caramel sugarcane rin ]; "secrets/warden_admin.age".publicKeys = [ caramel rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ]; "secrets/wg_caramel.age".publicKeys = [ caramel rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index aae2a16..7979174 100644 Binary files a/secrets/acme_dns.age and b/secrets/acme_dns.age differ diff --git a/secrets/passwd.age b/secrets/passwd.age index 0e7d693..e792792 100644 --- a/secrets/passwd.age +++ b/secrets/passwd.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg U5BvNdCURLw3Za/EFnyiwJWE+nR05pw6N/gyCCtejRg -UwW0knEEwdbsNIDF8pCIbwwf4X5hahwZ0Cx8w2+b6i0 --> ssh-ed25519 Hx37cw vO0M5kzkG7BtuNpC5+xtM663HKqj80KQ0qWh+wkSPxM -lbTCCCv+VNuGXPmpC7rzLeTlqZWqAXzc24eZ1gZShBI --> ssh-ed25519 krYeuQ DCsEUqV49Wg4BdWydxKmVQnFZrwxpFd6ZhJ1w9RyC3w -gio9eITeS3kjOW/jtm2ajmKqvBecj+rjlvAqLILuiW4 --> ssh-ed25519 CUCjXQ eGjsQfi+/Habc+KcQZRtVp2T+Vs/QK+VR6tmouxkzWw -y1aAwk8qJ4m0xmIGsQbMnT01+zawmp0B34tUX+mPkSw --> 4"nrU-grease hfIl x e)a -xyMmSA ---- ISCslqpC6CkOA7RcpPOtAC8JA68s3AhMdYdeDlJOW6M -\o$;|*,< -yC YSAuۈU2`DUw,f~S|B2;c+ձa)F$TܸrЫv^sAtdòXP \ No newline at end of file +-> ssh-ed25519 CUCjXQ ZrbLZXETJagm+HHfxYT0a8pyUngDlw6YKNG3xK5W9zQ +L8D/Hr/ir0BFnZrJKtCkfSQkX+/4OzHg0m26RzHCE9U +-> ssh-ed25519 krYeuQ 10ymP+C5ZeRwrnxtErKA9VKHuVPy8+bNHJObzX0Jp0U +OCquEuxRe3xt12IkmkP8RnY8pz9KcRKNVIQVWA52eIE +-> ssh-ed25519 Hx37cw v1nwWHdbSLdk8Wk0RF0nKBGIiANyXBxOEyU8jESA7Wc +an8NMIhDKgNhHBecOzEuXHKdcr3+aAQPXly88+791a0 +-> ssh-ed25519 U9FXlg L/9mBIcwWLDcEZWT32Oo0WzWeoRVoZN2Rah7oNt7Gio +akZ3AdYuKAEfXiNKZk3XHm4IrwSCjCPKe9yk9mfYmVI +-> +-grease Q{/ ++e/clwQ33SN111HEvsNUxjXJl0NRROAK +--- f0/c5YRQjnyZirMkYSA05W0meE1lOMXaDSh9xbwBiR4 +ͅИ_N@rċnv_y,]!nDx񯮴SXBnz~b79bȌeHA֮d!ΌOsJZ}P3W&S\w_gC" \ No newline at end of file diff --git a/secrets/warden_admin.age b/secrets/warden_admin.age index 972ef49..900de0a 100644 Binary files a/secrets/warden_admin.age and b/secrets/warden_admin.age differ diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age index 6b5df62..2d3fdad 100644 --- a/secrets/wg_blossom.age +++ b/secrets/wg_blossom.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg Y/Q29duiKdP+fV11ellTIMtHFyi9saczXfbcnq7iB0s -D9P8MAHlFOLR7P8Ux90CjljnhExARGnuSuw24AXOr5c --> ssh-ed25519 CUCjXQ eGpAJd5fydYBlC7o34CP7091jg4O4NsuLji1/rYtQVg -9/rgYCpe9wcCrLM7fTYI92oa+3+SAEK6ZgJNmBeOtnM --> A-grease xTj~+6%4 aF]RZn tj](JCp -5iDN8bexrr7eNqyFwBNCUefrOqAIS10KppbrdDJH1+fD0TkUifEOjcM2uV/+3tH2 -dYX5eM94zkmwxw ---- QKnJmu6ICTTfadXCKLKii03FXVTBqAFvbAZVHGzGLzE - ssh-ed25519 CUCjXQ Fp3Mrgaw4yRKvdabJJ3dNcnKXJUqRuZP4QO8f3wN3SY +IkH7jnotoXzo8HE42s2pT3MR4JckFbdBWajnsOBJZl8 +-> ssh-ed25519 U9FXlg 89PWDDxlJs2wAx0MpHQ4/nQOYBhDOW3IHbT8ZMNrW1U +5SqO0LRGbnPSaT4Wyskn+TjLROkBlXZj4CZpUdprASw +-> 7.-grease "7|kya +h1PiRYdaZsbG0yfAlNY/jSFOwcKxWi5DhZqn20c8iQ +--- Z76EcD46quTH32YiSgnqhHpDdRcZJu5Q/+jtOutFl6c +xCrwbkgcަqnբͲߒ֜d'ts֝>\nݟTo/~4|֖ \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 2a18202..57604cf 100644 Binary files a/secrets/wg_caramel.age and b/secrets/wg_caramel.age differ diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age index 9c96739..208c846 100644 Binary files a/secrets/wg_sugarcane.age and b/secrets/wg_sugarcane.age differ diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 60be4db..bec6ef1 100644 Binary files a/secrets/wpa_conf.age and b/secrets/wpa_conf.age differ