diff --git a/flake.lock b/flake.lock index e3013e9..9fda96d 100644 --- a/flake.lock +++ b/flake.lock @@ -169,11 +169,11 @@ "cachyos-kernel": { "flake": false, "locked": { - "lastModified": 1769435645, - "narHash": "sha256-xxIqw5x8U+13ya2BUcwmAW6BdpCpMhrMTn6Pd0bzocE=", + "lastModified": 1769780135, + "narHash": "sha256-4U/BvhiP1PJcI3bRYkIeNVio71BnkzVrUdTUqzBxjXo=", "owner": "CachyOS", "repo": "linux-cachyos", - "rev": "e8675eeb9b48a23167b3e43f84e3be76e321935e", + "rev": "1acd46cdeb2598f0300b6d7141d47edbf63772cc", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "cachyos-kernel-patches": { "flake": false, "locked": { - "lastModified": 1769587384, - "narHash": "sha256-fPOlnH9arzQLmkbaZ6p+otwLuH9YEf/t8Q2o9/Yq/YA=", + "lastModified": 1769777717, + "narHash": "sha256-+9N64QIaxCEfsA/CtqQjrjV8pmlm8Wcgb+4JWARp3Lc=", "owner": "CachyOS", "repo": "kernel-patches", - "rev": "5f061ab9733ad15eccf6b9995e9d56f572e67266", + "rev": "23d3863f8e3b1f96c1b12042096cc525b6a68738", "type": "github" }, "original": { @@ -285,11 +285,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1769765113, - "narHash": "sha256-XwTDilFuTxc+2TaOKDlSxL+XjbokJNrzm7fW+ZVC6jc=", + "lastModified": 1769852053, + "narHash": "sha256-vWIDVl7JRI3z4nSSVjGVQJwpU4buhXUM9ibTi/G+bDk=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d4cbce95a61e14274512f6f83f06c15beb4e6a00", + "rev": "64978459ab46ee2aa8d6db02b7c3dc3cb53cc055", "type": "github" }, "original": { @@ -952,11 +952,11 @@ ] }, "locked": { - "lastModified": 1769776025, - "narHash": "sha256-70a1kVC08AMTvPc7iqQsJbbD4Y1fukakMVudz4oY9SM=", + "lastModified": 1769813945, + "narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "0fba737f8d5571d41467f3d99a878e11b8c0f0f0", + "rev": "475921375def3eb930e1f8883f619ff8609accb6", "type": "github" }, "original": { @@ -1090,11 +1090,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1769782457, - "narHash": "sha256-ZXyT+qjqELGZWipc/P727hd1weTRQnv9pM+YilNy8Go=", + "lastModified": 1769802121, + "narHash": "sha256-P2KVccrXznyha83gPQeVJ3k+3+/hYXIPQ91DwuRmFF4=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "b8fc0def97a5b6279b8d0e8e13972575a84c310a", + "rev": "ec120d57328e5ae4bfc93a7e809ace47d98f2dc3", "type": "github" }, "original": { @@ -1551,11 +1551,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1769709954, - "narHash": "sha256-giMeVSEYM80pRrpB95wwgvcGODbkKT3LKVnTpVTj8TA=", + "lastModified": 1769796227, + "narHash": "sha256-v4GMU24wyowYBEUoVTyNq4mIlz+fpyNJhrmd/8HrSdU=", "owner": "xddxdd", "repo": "nix-cachyos-kernel", - "rev": "856b12c3db3cb7a2531d4f26eac6f2129284f7e1", + "rev": "0ebc34bb07ad7025fe0167a97115344f0c895474", "type": "github" }, "original": { @@ -1863,11 +1863,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1769694244, - "narHash": "sha256-y9iLxICVcfG0IS7neuCS+K/qtM1DexpRi4Dd5naIc5g=", + "lastModified": 1769770707, + "narHash": "sha256-pZilzGn9G1FCxqow3T6q4XvdH4g3opVqr/l3HhQbOSM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9dd4a0a603081bc77beda88510f873671d38859", + "rev": "e522e49851239164443baaef4432890c831e4e71", "type": "github" }, "original": { @@ -2265,11 +2265,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769782950, - "narHash": "sha256-bMJPPDyG/BV7Qx0r5JuO9oQG/o/VlnEOFnC8zKhJsBQ=", + "lastModified": 1769819994, + "narHash": "sha256-AJB2hcg1OgocLGuVdot9HyCD+Kv+a6znhY2i3XqcZYU=", "owner": "danth", "repo": "stylix", - "rev": "aad90ca763be126c0ed67c29826bbb9b5ca665d8", + "rev": "8b14679c0e1570b0e137f0f7997717be0fdf2cf2", "type": "github" }, "original": { diff --git a/modules/servers/per-server/tyr/secrets.nix b/modules/servers/per-server/tyr/secrets.nix index d8230f9..cac16b2 100644 --- a/modules/servers/per-server/tyr/secrets.nix +++ b/modules/servers/per-server/tyr/secrets.nix @@ -43,6 +43,18 @@ paperless-ngx = { file = ../../../../secrets/paperless-ngx.age; }; + wg-wireproxy = { + file = ../../../../secrets/wg-wireproxy.age; + owner = "wireproxy"; + group = "wireproxy"; + }; + wireproxy = { + file = ../../../../secrets/wireproxy.age; + path = "/etc/wireproxy/wireproxy.conf"; + owner = "wireproxy"; + group = "wireproxy"; + symlink = false; + }; }; }; } diff --git a/modules/servers/per-server/tyr/services/dns.nix b/modules/servers/per-server/tyr/services/dns.nix index dd7eb79..f9b90eb 100644 --- a/modules/servers/per-server/tyr/services/dns.nix +++ b/modules/servers/per-server/tyr/services/dns.nix @@ -85,6 +85,7 @@ ''"linkwarden.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"paperless.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"komga.home.cronyakatsuki.xyz IN A 192.168.0.5"'' + ''"termix.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ]; }; }; diff --git a/modules/servers/per-server/tyr/services/termix.nix b/modules/servers/per-server/tyr/services/termix.nix new file mode 100644 index 0000000..e87f328 --- /dev/null +++ b/modules/servers/per-server/tyr/services/termix.nix @@ -0,0 +1,39 @@ +{ + virtualisation.oci-containers.containers.termix = { + image = "ghcr.io/lukegus/termix:latest"; + autoStart = true; + ports = [ + "8484:8484" + ]; + labels = { + "io.containers.autoupdate" = "registry"; + }; + volumes = [ + "/var/lib/termix:/app/data:U" + ]; + extraOptions = ["--network=host"]; + environment.PORT = "8484"; + }; + + services.restic.backups = { + local.paths = ["/var/lib/termix"]; + server.paths = ["/var/lib/termix"]; + }; + + services.traefik.dynamicConfigOptions.http = { + services.termix.loadBalancer.servers = [ + { + url = "http://localhost:8484"; + } + ]; + + routers.termix = { + rule = "Host(`termix.home.cronyakatsuki.xyz`)"; + tls = { + certResolver = "porkbun"; + }; + service = "termix"; + entrypoints = "websecure"; + }; + }; +} diff --git a/modules/servers/per-server/tyr/services/wireproxy.nix b/modules/servers/per-server/tyr/services/wireproxy.nix new file mode 100644 index 0000000..76e9030 --- /dev/null +++ b/modules/servers/per-server/tyr/services/wireproxy.nix @@ -0,0 +1,34 @@ +{pkgs, ...}: { + systemd.services.wireproxy = { + enable = true; + description = "Wireproxy"; + after = ["network.target"]; + wants = ["network.target"]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = 3; + User = "wireproxy"; + Group = "wireproxy"; + WorkingDirectory = "/var/lib/wireproxy"; + StateDirectory = "wireproxy"; + }; + + script = "${pkgs.wireproxy}/bin/wireproxy"; + + wantedBy = ["multi-user.target"]; + }; + + users = { + users.wireproxy = { + isSystemUser = true; + home = "/var/lib/wireproxy"; + createHome = true; + group = "wireproxy"; + }; + groups.wireproxy = {}; + }; + + networking.firewall.allowedTCPPorts = [25344]; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3226494..39582c4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -48,4 +48,6 @@ in { "paperless-ngx.age".publicKeys = systems ++ users; "forgejo-runner-token.age".publicKeys = systems ++ users; "attic-env.age".publicKeys = systems ++ users; + "wg-wireproxy.age".publicKeys = systems ++ users; + "wireproxy.age".publicKeys = systems ++ users; } diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age index 96b1353..d33d265 100644 Binary files a/secrets/wg-heimdall.age and b/secrets/wg-heimdall.age differ diff --git a/secrets/wg-wireproxy.age b/secrets/wg-wireproxy.age new file mode 100644 index 0000000..adf1cf0 Binary files /dev/null and b/secrets/wg-wireproxy.age differ diff --git a/secrets/wireproxy.age b/secrets/wireproxy.age new file mode 100644 index 0000000..5c70004 --- /dev/null +++ b/secrets/wireproxy.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw NCoqAJ+IdYnRedKv23voGjEeXJ2IKnn1ru8rEegSCmM +RAf5hshay9kyTUBSFhEerpaEdJquufIn61mj4G+2VU8 +-> ssh-ed25519 l/ODWA jZhbqHZpw4UYbmKcVaNLhmXHSkqQhYKDYOV+hiLydlI +mentg+0q55+4gwLFbzveXzPyGEmcFyQhaGdWBHrNPDk +-> ssh-ed25519 7+5K3Q MZA2Dc28X17/JQf01DuONHHttL9mfINFUpi6Ei4osTM +q/vfUr0H1grVFm/7lnwDCAD7athyXZTrwzZ7WLGMlOk +-> ssh-ed25519 Ow0TGw EMNg0QgRrIWtortkoHV5y3W8G2luAszGdJP6J5WFCQI +L8vDx4lkA9KP8wx1ycrmjdiU7cOyJMUzmBhJGJsqg1U +-> ssh-ed25519 cEINMA MxmgQmJQrjuzrpf6U3CCsu/ZHWlnItCs8PiuIt6SQ3k +ina1R2HbexQfWe/zpWGrpVa5dP6ZpTWyjztKtfV8YXw +-> ssh-ed25519 qbMKrQ fMOzVMLvy4tKtITfAiWwnPVnCMCH5Ocv7P7yVK3+0zM +S3MMdVcyL66pTEjTN9iYwW6QBMlZuvzKVa7TlS6Q/kA +-> ssh-ed25519 Z0mAzw y6INKLu8L3pwLdPRk1ukRGIoJksmUJkxXcZsA/h8BWc +p3mItFuMW+t2vQPfvhd6mlalJNad40+0+zVOm6TzJuE +-> ssh-ed25519 GNZYRg pEPVDnyXksxjYfJL/TzwxaMhU6V+/BbzUmhdlNRMHyE +yyZjjlPH5PwHnnnlAW186DwPbvPccQrFHkoN5m/rKn8 +-> ssh-ed25519 fd/ZLQ H5dx53Qv3Vi9d1LBQwrgCVpGDPw67xmq0yVpNyeYY0E +V2XZTH0gzAHvWBtm2njsj2LHu41i0MMv3pvqajgDU1w +-> ssh-ed25519 zQBiZw ejAkmQMJfIHOn04Wd3wB2HE/VvhUnBHhyOrDXlE11ig +cDSDnV2wSMnhIgwMrFnHhfrmL8D38NlCmyJ8QEyBG2E +--- 2jtmzQVCWGlDs+u3BYILcsEs6TSPCuA3A65pb8j8MDA +B^ MW݄[yb@ [p&W:B>$q:HwIFZ,.*gשgVbC0t6݌Z}F߬^`0M7Bi \ No newline at end of file