From 6dc0f415d4ebe75d57900add3e75601b28e1e811 Mon Sep 17 00:00:00 2001 From: jasmine Date: Thu, 28 Nov 2024 22:20:11 +0800 Subject: [PATCH 1/4] migrate wezterm to upsteam flake --- flake.lock | 317 +++++++++++++----- flake.nix | 6 + .../features/desktop/wezterm/default.nix | 10 +- 3 files changed, 247 insertions(+), 86 deletions(-) diff --git a/flake.lock b/flake.lock index a99b377..73122dc 100644 --- a/flake.lock +++ b/flake.lock @@ -24,18 +24,19 @@ "agenix-rekey": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks", + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1729172588, - "narHash": "sha256-BLAyMpW3onKZ0tOfXRY26baJL9fZ/OogccFWO0uNyuw=", + "lastModified": 1732704340, + "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "0488a23f882df0de8107e46da88177bd038ab4d2", + "rev": "662522cf89fde332157e527b4322d614598631d9", "type": "github" }, "original": { @@ -46,7 +47,7 @@ }, "crowdsec": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -92,15 +93,14 @@ "nixpkgs": [ "agenix-rekey", "nixpkgs" - ], - "systems": "systems_2" + ] }, "locked": { - "lastModified": 1695195896, - "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -134,11 +134,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -181,6 +181,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, "locked": { "lastModified": 1722555600, "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", @@ -195,7 +213,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -219,25 +237,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1710146030, @@ -252,9 +252,9 @@ "type": "indirect" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { "lastModified": 1681202837, @@ -270,9 +270,9 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "inputs": { - "systems": "systems_6" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -288,6 +288,41 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "freetype2": { + "flake": false, + "locked": { + "lastModified": 1687587065, + "narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=", + "owner": "wez", + "repo": "freetype2", + "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d", + "type": "github" + }, + "original": { + "owner": "wez", + "repo": "freetype2", + "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -330,11 +365,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -366,6 +401,23 @@ "type": "github" } }, + "harfbuzz": { + "flake": false, + "locked": { + "lastModified": 1711722720, + "narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=", + "owner": "harfbuzz", + "repo": "harfbuzz", + "rev": "63973005bc07aba599b47fdd4cf788647b601ccd", + "type": "github" + }, + "original": { + "owner": "harfbuzz", + "ref": "8.4.0", + "repo": "harfbuzz", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -394,11 +446,11 @@ ] }, "locked": { - "lastModified": 1731880681, - "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { @@ -445,6 +497,23 @@ "type": "github" } }, + "libpng": { + "flake": false, + "locked": { + "lastModified": 1549245649, + "narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=", + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + }, + "original": { + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -470,15 +539,15 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1731981116, - "narHash": "sha256-SgnDCrAuX9JxRk7NqGJCXYmt+EUkDF2rfL7QjtNImuk=", + "lastModified": 1732758830, + "narHash": "sha256-bmMRjp4U3RDvLuwOWXMTHitMBMrmmpzP4x0dckJMZD4=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "3b71545aa21e6fe9eb7690be7ee2ee3d633b1990", + "rev": "09c3d43938e7b535ecada974759e9ed84ee91235", "type": "github" }, "original": { @@ -504,6 +573,18 @@ } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1722555339, "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", @@ -517,27 +598,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -565,11 +646,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732350895, + "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", "type": "github" }, "original": { @@ -613,16 +694,16 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_4", "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1730724774, - "narHash": "sha256-wflPLDTH5AdEDOrOog/D9+ZYuz3x3pHtK3gEHdIJ/K0=", + "lastModified": 1732803170, + "narHash": "sha256-xWWIgHYmmKeMGFiySCqqOwv9FLLvXPNz8ZX3yKPoDjw=", "ref": "refs/heads/master", - "rev": "f6df2dd1a24e31d472803a4e1b61be1dab297381", - "revCount": 20, + "rev": "51592e25008460e6598800f3dd1a4efe4b1edff8", + "revCount": 21, "type": "git", "url": "https://git.sajenim.dev/jasmine/nvim.nix.git" }, @@ -635,13 +716,13 @@ "inputs": { "devshell": "devshell_2", "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "home-manager": "home-manager_3", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs_5", "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1722531900, @@ -659,7 +740,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixvim", "nixvim", @@ -683,10 +764,6 @@ "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": [ - "agenix-rekey", - "flake-utils" - ], "gitignore": "gitignore", "nixpkgs": [ "agenix-rekey", @@ -695,11 +772,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1694364351, - "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=", + "lastModified": 1732021966, + "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7", + "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "type": "github" }, "original": { @@ -718,7 +795,29 @@ "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", - "nixvim": "nixvim" + "nixvim": "nixvim", + "wezterm": "wezterm" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "wezterm", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729477859, + "narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { @@ -796,22 +895,28 @@ "type": "github" } }, - "systems_6": { + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "agenix-rekey", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "lastModified": 1732292307, + "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "705df92694af7093dfbb27109ce16d828a79155f", "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, - "treefmt-nix": { + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -832,6 +937,52 @@ "repo": "treefmt-nix", "type": "github" } + }, + "wezterm": { + "inputs": { + "flake-utils": "flake-utils_4", + "freetype2": "freetype2", + "harfbuzz": "harfbuzz", + "libpng": "libpng", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay", + "zlib": "zlib" + }, + "locked": { + "dir": "nix", + "lastModified": 1732036472, + "narHash": "sha256-8lv1bc7Lw5S7UFOduShwSHfBzB4Vl0ex22Cb+q/qLi0=", + "owner": "wez", + "repo": "wezterm", + "rev": "4050072da21cc3106d0985281d75978c07e22abc", + "type": "github" + }, + "original": { + "dir": "nix", + "owner": "wez", + "ref": "main", + "repo": "wezterm", + "type": "github" + } + }, + "zlib": { + "flake": false, + "locked": { + "lastModified": 1484501380, + "narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=", + "owner": "madler", + "repo": "zlib", + "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f", + "type": "github" + }, + "original": { + "owner": "madler", + "ref": "v1.2.11", + "repo": "zlib", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6f4fa3c..524447e 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # Terminal Emulator + wezterm = { + url = "github:wez/wezterm/main?dir=nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # Add any other flake you might need. nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nixvim.url = "git+https://git.sajenim.dev/jasmine/nvim.nix.git"; diff --git a/home-manager/sajenim/features/desktop/wezterm/default.nix b/home-manager/sajenim/features/desktop/wezterm/default.nix index b7ff737..6b9f97b 100644 --- a/home-manager/sajenim/features/desktop/wezterm/default.nix +++ b/home-manager/sajenim/features/desktop/wezterm/default.nix @@ -1,6 +1,10 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - wezterm +{ + inputs, + pkgs, + ... +}: { + home.packages = [ + inputs.wezterm.packages.${pkgs.system}.default ]; xdg.configFile = { From cd7f0eb21d0afb4eee899b40098d87107fa7d73b Mon Sep 17 00:00:00 2001 From: jasmine Date: Thu, 28 Nov 2024 22:21:16 +0800 Subject: [PATCH 2/4] install p7zip --- nixos/common/global/env.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/common/global/env.nix b/nixos/common/global/env.nix index 30a9f2c..306c743 100644 --- a/nixos/common/global/env.nix +++ b/nixos/common/global/env.nix @@ -28,6 +28,7 @@ # Archive unrar # extract roshal archive unzip # extract zip archive + p7zip # extract 7z archive ]; pathsToLink = ["/share/zsh"]; }; From 205f85271b9747278427b766077f8fce22510d4e Mon Sep 17 00:00:00 2001 From: jasmine Date: Thu, 28 Nov 2024 22:23:04 +0800 Subject: [PATCH 3/4] enable whitelist for ipv4 ranges --- nixos/viridian/services/crowdsec/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/nixos/viridian/services/crowdsec/default.nix b/nixos/viridian/services/crowdsec/default.nix index 691c394..3df8bd5 100644 --- a/nixos/viridian/services/crowdsec/default.nix +++ b/nixos/viridian/services/crowdsec/default.nix @@ -95,6 +95,24 @@ in { ]; }; + environment.etc = { + "/crowdsec/parsers/s02-enrich/whitelist.yaml" = { + text = '' + name: "sajenim/whitelist" + description: "Whitelist events from my ipv4 addresses" + whitelist: + reason: "my ipv4 ranges" + ip: + - "127.0.0.1" + cidr: + - "192.168.0.0/16" + - "10.0.0.0/8" + - "172.16.0.0/12" + ''; + mode = "0755"; + }; + }; + environment.persistence."/persist" = { directories = [ { From 579bf1a5dba2e6424586dc6ba5a5d16d5ffde04a Mon Sep 17 00:00:00 2001 From: jasmine Date: Thu, 28 Nov 2024 22:24:27 +0800 Subject: [PATCH 4/4] migrate middlewares to entrypoint + refactor --- .../viridian/multimedia/jellyfin/default.nix | 3 -- nixos/viridian/multimedia/lidarr/default.nix | 3 -- .../viridian/multimedia/prowlarr/default.nix | 3 -- .../multimedia/qbittorrent/default.nix | 3 -- nixos/viridian/multimedia/radarr/default.nix | 3 -- nixos/viridian/multimedia/sonarr/default.nix | 3 -- nixos/viridian/services/forgejo/default.nix | 4 --- nixos/viridian/services/lighttpd/default.nix | 4 --- nixos/viridian/services/minecraft/default.nix | 3 -- .../services/paperless-ngx/default.nix | 3 -- nixos/viridian/services/traefik/default.nix | 21 ++++++++--- .../viridian/services/traefik/middlewares.nix | 36 +++++++++++++++---- nixos/viridian/services/wiki-js/default.nix | 4 --- 13 files changed, 45 insertions(+), 48 deletions(-) diff --git a/nixos/viridian/multimedia/jellyfin/default.nix b/nixos/viridian/multimedia/jellyfin/default.nix index 9258775..c118e40 100644 --- a/nixos/viridian/multimedia/jellyfin/default.nix +++ b/nixos/viridian/multimedia/jellyfin/default.nix @@ -37,9 +37,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "jellyfin"; }; }; diff --git a/nixos/viridian/multimedia/lidarr/default.nix b/nixos/viridian/multimedia/lidarr/default.nix index 12c8001..b7d28e3 100644 --- a/nixos/viridian/multimedia/lidarr/default.nix +++ b/nixos/viridian/multimedia/lidarr/default.nix @@ -31,9 +31,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "lidarr"; }; }; diff --git a/nixos/viridian/multimedia/prowlarr/default.nix b/nixos/viridian/multimedia/prowlarr/default.nix index 821b817..1c44653 100644 --- a/nixos/viridian/multimedia/prowlarr/default.nix +++ b/nixos/viridian/multimedia/prowlarr/default.nix @@ -28,9 +28,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "prowlarr"; }; }; diff --git a/nixos/viridian/multimedia/qbittorrent/default.nix b/nixos/viridian/multimedia/qbittorrent/default.nix index e2573c2..81a3ed8 100644 --- a/nixos/viridian/multimedia/qbittorrent/default.nix +++ b/nixos/viridian/multimedia/qbittorrent/default.nix @@ -31,9 +31,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "qbittorrent"; }; }; diff --git a/nixos/viridian/multimedia/radarr/default.nix b/nixos/viridian/multimedia/radarr/default.nix index 3232d14..6c3531c 100644 --- a/nixos/viridian/multimedia/radarr/default.nix +++ b/nixos/viridian/multimedia/radarr/default.nix @@ -30,9 +30,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "radarr"; }; }; diff --git a/nixos/viridian/multimedia/sonarr/default.nix b/nixos/viridian/multimedia/sonarr/default.nix index 84368f8..2e4d51f 100644 --- a/nixos/viridian/multimedia/sonarr/default.nix +++ b/nixos/viridian/multimedia/sonarr/default.nix @@ -31,9 +31,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "sonarr"; }; }; diff --git a/nixos/viridian/services/forgejo/default.nix b/nixos/viridian/services/forgejo/default.nix index 119d348..bc53a56 100644 --- a/nixos/viridian/services/forgejo/default.nix +++ b/nixos/viridian/services/forgejo/default.nix @@ -22,10 +22,6 @@ entryPoints = [ "websecure" ]; - middlewares = [ - "crowdsec" - "geoblock" - ]; service = "forgejo"; }; }; diff --git a/nixos/viridian/services/lighttpd/default.nix b/nixos/viridian/services/lighttpd/default.nix index b5ef007..0aed61b 100644 --- a/nixos/viridian/services/lighttpd/default.nix +++ b/nixos/viridian/services/lighttpd/default.nix @@ -11,10 +11,6 @@ entryPoints = [ "websecure" ]; - middlewares = [ - "crowdsec" - "geoblock" - ]; service = "lighttpd"; }; }; diff --git a/nixos/viridian/services/minecraft/default.nix b/nixos/viridian/services/minecraft/default.nix index d5d1070..749f983 100644 --- a/nixos/viridian/services/minecraft/default.nix +++ b/nixos/viridian/services/minecraft/default.nix @@ -85,9 +85,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "minecraft"; }; }; diff --git a/nixos/viridian/services/paperless-ngx/default.nix b/nixos/viridian/services/paperless-ngx/default.nix index 64f9faf..9235f07 100644 --- a/nixos/viridian/services/paperless-ngx/default.nix +++ b/nixos/viridian/services/paperless-ngx/default.nix @@ -22,9 +22,6 @@ in { entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "paperless-ngx"; }; }; diff --git a/nixos/viridian/services/traefik/default.nix b/nixos/viridian/services/traefik/default.nix index 8014440..ec33a17 100644 --- a/nixos/viridian/services/traefik/default.nix +++ b/nixos/viridian/services/traefik/default.nix @@ -18,6 +18,7 @@ group = "traefik"; }; + # Ensure our log directory has correct permission to be accesible by crowdsec systemd.services.traefik.serviceConfig = { User = "traefik"; Group = "traefik"; @@ -43,10 +44,13 @@ dashboard = true; }; + # Everything that happens to Traefik itself log = { filePath = "/var/log/traefik/traefik.log"; level = "ERROR"; }; + + # Who Calls Whom? accessLog = { filePath = "/var/log/traefik/access.log"; format = "json"; @@ -88,21 +92,29 @@ scheme = "https"; }; }; + # Hypertext Transfer Protocol Secure websecure = { address = ":443"; + + # Enable some middlewares on all routers that use this entrypoint + http.middlewares = [ + "geoblock@file" + "crowdsec@file" + ]; + # Requests wildcard SSL certs for our services http.tls = { certResolver = "lets-encrypt"; # List of domains in our network domains = [ - # Public services { + # DevOps main = "sajenim.dev"; sans = ["*.sajenim.dev"]; } - # Keyboards { + # Keyboards main = "sajkbd.io"; sans = ["*.sajkbd.io"]; } @@ -131,21 +143,20 @@ }; }; }; + # Disables SSL certificate verification between our traefik instance and our backend serversTransport = { insecureSkipVerify = true; }; }; + # Setup our dashboard dynamicConfigOptions.http.routers = { traefik-dashboard = { rule = "Host(`traefik.home.arpa`)"; entryPoints = [ "websecure" ]; - middlewares = [ - "internal" - ]; service = "api@internal"; }; }; diff --git a/nixos/viridian/services/traefik/middlewares.nix b/nixos/viridian/services/traefik/middlewares.nix index 6cbdc43..0f2f474 100644 --- a/nixos/viridian/services/traefik/middlewares.nix +++ b/nixos/viridian/services/traefik/middlewares.nix @@ -1,12 +1,6 @@ {...}: { # Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service services.traefik.dynamicConfigOptions.http.middlewares = { - # Restrict access to internal networks - internal.ipwhitelist.sourcerange = [ - "127.0.0.1/32" # localhost - "192.168.50.1/24" # lan - ]; - # Restrict access based on geo-location geoblock.plugin.geoblock = { silentStartUp = "false"; @@ -20,9 +14,37 @@ apiTimeoutMs = "750"; # Max size of least recently used cache cacheSize = "25"; - # List of countries to block access + # OFAC (US) sanctions list countries = [ + "AF" # Afghanistan + "AL" # Albania + "BA" # Bosnia and Herzegovina + "BY" # Belarus + "CF" # Central African Republic (the) + "CN" # China + "CD" # Congo (the Democratic Republic of the) + "CU" # Cuba + "ET" # Ethiopia + "HK" # Hong Kong + "IR" # Iran (Islamic Republic of) + "IQ" # Iraq + "KP" # Korea (the Democratic People's Republic of) + "LB" # Lebanon + "LY" # Libya + "ML" # Mali + "ME" # Montenegro + "MM" # Myanmar + "MK" # Republic of North Macedonia + "NI" # Nicaragua "RU" # Russian Federation (the) + "RS" # Serbia + "SO" # Somalia + "SS" # South Sudan + "SD" # Sudan (the) + "SY" # Syrian Arab Republic + "UA" # Ukraine + "VE" # Venezuela (Bolivarian Republic of) + "YE" # Yemen ]; # Inverts filter logic blackListMode = "true"; diff --git a/nixos/viridian/services/wiki-js/default.nix b/nixos/viridian/services/wiki-js/default.nix index f6453f6..6ba23f0 100644 --- a/nixos/viridian/services/wiki-js/default.nix +++ b/nixos/viridian/services/wiki-js/default.nix @@ -30,10 +30,6 @@ entryPoints = [ "websecure" ]; - middlewares = [ - "crowdsec" - "geoblock" - ]; service = "wiki-js"; }; };