diff --git a/hosts/cyper-node-2/configuration.nix b/hosts/cyper-node-2/configuration.nix index b42e89a..560957b 100644 --- a/hosts/cyper-node-2/configuration.nix +++ b/hosts/cyper-node-2/configuration.nix @@ -2,6 +2,8 @@ imports = [ ./hardware-configuration.nix ../../nixos/roles/searxng.nix + ../../nixos/roles/frontpage + ../../nixos/roles/vaultwarden.nix ]; networking = { diff --git a/nixos/roles/frontpage/default.nix b/nixos/roles/frontpage/default.nix index e69de29..f995680 100644 --- a/nixos/roles/frontpage/default.nix +++ b/nixos/roles/frontpage/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + imports = [ ./frontpage.nix ]; +} diff --git a/nixos/roles/frontpage/frontpage-calvin.nix b/nixos/roles/frontpage/frontpage-calvin.nix deleted file mode 100644 index 8efd1ec..0000000 --- a/nixos/roles/frontpage/frontpage-calvin.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - address = config.systemd.network.networks."10-ethernet".networkConfig.Address; - ip = builtins.elemAt (lib.splitString "/" address) 0; - port = 15006; - - calvinConfig = pkgs.writeText "config.yml" '' - title: "Calvin's Dashboard" - subtitle: "" - header: true - footer: false - defaults: - colorTheme: dark - services: - - name: "Services" - items: [] - ''; - - calvinRoot = pkgs.runCommand "homer-calvin" { } '' - cp -r ${pkgs.homer}/. $out - chmod -R u+w $out - cp ${calvinConfig} $out/config.yml - ''; -in -{ - services.nginx.virtualHosts."homer-calvin" = { - listen = [ - { - inherit port; - addr = "0.0.0.0"; - } - ]; - root = "${calvinRoot}"; - locations."/" = { - index = "index.html"; - tryFiles = "$uri $uri/ /index.html"; - }; - }; - - networking.firewall.allowedTCPPorts = [ port ]; -} diff --git a/nixos/roles/frontpage/frontpage.nix b/nixos/roles/frontpage/frontpage.nix index 6919ccc..c4b6406 100644 --- a/nixos/roles/frontpage/frontpage.nix +++ b/nixos/roles/frontpage/frontpage.nix @@ -1,78 +1,40 @@ -# frontpage/frontpage.nix -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let address = config.systemd.network.networks."10-ethernet".networkConfig.Address; ip = builtins.elemAt (lib.splitString "/" address) 0; - port = 15005; - - catppuccinFlavor = "mocha"; - logo = if catppuccinFlavor == "latte" then "assets/light_circle.png" else "assets/dark_circle.png"; - faviconZip = if catppuccinFlavor == "latte" then "light_favicon.zip" else "dark_favicon.zip"; - - catppuccinHomer = pkgs.fetchFromGitHub { - owner = "mrpbennett"; - repo = "catppuccin-homer"; - rev = "main"; - sha256 = "1a4fchqffgxj4xpgfsv26pwg7a0dr4qgqz6f7rxnqlvz3mj63faw"; - }; - - mainConfig = pkgs.writeText "config.yml" '' - title: "Dashboard" - subtitle: "" - header: true - footer: false - logo: "${logo}" - stylesheet: - - "assets/catppuccin-${catppuccinFlavor}.css" - defaults: - colorTheme: dark - services: - - name: "Services" - items: - - name: "Vaultwarden" - url: "https://${ip}:8222" - - name: "SearXNG" - url: "http://${ip}:11080" - ''; - - mainRoot = - pkgs.runCommand "homer-main" - { - nativeBuildInputs = [ pkgs.unzip ]; - } - '' - cp -r ${pkgs.homer}/. $out - chmod -R u+w $out - cp ${mainConfig} $out/config.yml - mkdir -p $out/assets/icons - cp ${catppuccinHomer}/flavours/catppuccin-${catppuccinFlavor}.css $out/assets/catppuccin-${catppuccinFlavor}.css - cp ${catppuccinHomer}/assets/logos/dark_circle.png $out/assets/dark_circle.png - cp ${catppuccinHomer}/assets/logos/light_circle.png $out/assets/light_circle.png - unzip ${catppuccinHomer}/assets/favicons/${faviconZip} -d $out/assets/icons/ - ''; in { - services.nginx = { - enable = true; - virtualHosts."homer-main" = { - listen = [ - { - inherit port; - addr = "0.0.0.0"; - } - ]; - root = "${mainRoot}"; - locations."/" = { - index = "index.html"; - tryFiles = "$uri $uri/ /index.html"; + sops.secrets.flame_password = { }; + sops.secrets.flame_calvin_password = { }; + + virtualisation = { + docker.enable = true; + oci-containers = { + backend = "docker"; + containers = { + flame = { + image = "pawelmalak/flame:latest"; + ports = [ "15005:5005" ]; + volumes = [ + "/var/lib/flame:/app/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environmentFiles = [ config.sops.secrets.flame_password.path ]; + }; + flame-calvin = { + image = "pawelmalak/flame:latest"; + ports = [ "15006:5005" ]; + volumes = [ "/var/lib/flame-calvin:/app/data" ]; + environmentFiles = [ config.sops.secrets.flame_calvin_password.path ]; + }; }; }; }; - networking.firewall.allowedTCPPorts = [ port ]; + + networking.firewall.allowedTCPPorts = [ + 15005 + 15006 + ]; + } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 8c62d89..83debbe 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -4,6 +4,8 @@ grafana_secret_key: ENC[AES256_GCM,data:d6tu4kL7flfbdeOYk21zkSRmVe+NvVwd14jgr9Ds matrix_macaroon_secret: ENC[AES256_GCM,data:a9nMar+p+FXIsxxSqO/to2OJOvD1erfwLwwBeKOcWBu7xykHxqD+pCmrGhg=,iv:rp4ZDVIlZ7SN1RFHB2CfSV5ISPMl9pC4U8Jgqpz48Qs=,tag:LxmWUZE3mG4acagQmlieag==,type:str] matrix_registration_secret: ENC[AES256_GCM,data:KhKkJZqwE8xk4/tuQ7NYTv/Ot1qCAiy8yUbDyVvRa0H5BT4amCBIdATfR4Q=,iv:HBN+GorT1VpWCVkDugk4UxYLEYKJIoDZh2d+oUDLc8g=,tag:hHus458yVnH0qaQ4u37IZg==,type:str] vaultwarden_admin_token: ENC[AES256_GCM,data:yoBs4CaIEJXB5b3PEwTpXFgxpX39hR9A4r9yamwDV7cTSRRp3n3O2VjDKTcI5Vo6RP2QUjcqUqYf98cZ09wDMc+6+oHHJke7+O0FgRgOC0vOQFs4bfZCBJBLxogrGiwtLGkyykR6VYhrT64AN3CbrXflj82OED2Hl8WwEdruBzGIcfnh6FqQowDx6vDR/kXXJHk=,iv:PJQo5V7FaKPQ+GzZNsy3KB+xyjcDKJ1UBHErrqgn/1U=,tag:BRIDJEDOAeToqio/DHMQaA==,type:str] +flame_password: ENC[AES256_GCM,data:1rNB2CskrMV3EYII+0JfZVDvZE8=,iv:pHJtc+1YSPRYrZG97X3r0+x/cPPUlr8jO+0w2HR+VNw=,tag:qQ/1IPxweBt9iIH4Zsh7+A==,type:str] +flame_calvin_password: ENC[AES256_GCM,data:P5ppyqTjAJ1TL4hXtx5WyoS9a+g=,iv:sq98P3Oqud2FXfqsD76YS/p5NEF2xlN0MfG+ukCB9B0=,tag:AeKnu4Hg4xQ3tII0y6oNpQ==,type:str] ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str] ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str] sops: @@ -17,7 +19,7 @@ sops: N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-11T11:56:39Z" - mac: ENC[AES256_GCM,data:PvlzNkTrXA61gXToaB1VhTRE3fP8jWJrCb5Fmk2dpFOv48WB4vO5nUwQM/XnDvk9A3j3HRuCnIOtEs5Fs5N3lrEFh51PBgUBHPGh+vJIumqbemsxc//oEF4e/FrqUpouW0i6P82ZHKs4qAMT9qG53+2m9/wc2pp8IWlQC9Gkg8o=,iv:zAzOdxiwgnKI8yYxTXzXzbDm2fZYEzmXkAjpJXAD0lY=,tag:/p7YAx+FmKVuFOLNbYzBZA==,type:str] + lastmodified: "2026-04-11T20:00:05Z" + mac: ENC[AES256_GCM,data:kF9J980KjKieoXEfTXtt79jZsLTBnYn0r7vczQEXckSDtPJ2/fM8uymuVM4H8QRCa5jnlZFI/gYEe9mv9J6jhiV67guwne4pJZ0zaoLdSXaC6UU+EeAzd+bRyHaOPzCR7Fq7vPID7LdW+w1tYlxXN7yEw2mDLyGdg6Qs/G9rAYE=,iv:dLIZmEb+PPXTChmjMrAN8asK3rpbpLRsKSVhQz3O+Zk=,tag:HpJybqhb/aPfKEo6NNbQag==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2