Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-27 06:10:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

update tower firewall

Browse source
This commit is contained in:
Julien Malka 2023-07-26 19:35:08 +02:00
parent d4a2e9cb70
commit 01c52573f0
Signed by: Luj
GPG key ID: 6FC74C847011FD83
2 changed files with 742 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

726
flake.lock generated Normal file
View file

@ -0,0 +1,726 @@
{
"nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"unstable"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1689457600,
"narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"crane": {
"inputs": {
"flake-compat": [
"attic",
"flake-compat"
],
"flake-utils": [
"attic",
"flake-utils"
],
"nixpkgs": [
"attic",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1677892403,
"narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
"owner": "ipetkov",
"repo": "crane",
"rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"unstable"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1685662779,
"narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"unstable"
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"homepage": {
"flake": false,
"locked": {
"lastModified": 1639518131,
"narHash": "sha256-YuwHCXEbrzuEyRy1/2bX4Rux/nqmzRZ8H44+83JQNV8=",
"owner": "JulienMalka",
"repo": "homepage",
"rev": "29e779d8600b1c1e6235570a3614a54f8ec8126e",
"type": "github"
},
"original": {
"owner": "JulienMalka",
"repo": "homepage",
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1690284788,
"narHash": "sha256-6QKfaqw6tU+VF6tLEduxyx+67+FGpsEtl3Rd7riU3uw=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "a9b8e2159c2813a6951d0b0186fbb7f2f8554d3e",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1684265364,
"narHash": "sha256-AxNnWbthsuNx73HDQr0eBxrcE3+yfl/WsaXZqUFmkpQ=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "8c279b9fb0f2b031427dc5ef4eab53f2ed835530",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprpaper": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1690361100,
"narHash": "sha256-e3V2avzF3yY+OBWr5fZ5jTHq6Jm2olnmd95E2jAkyCY=",
"owner": "hyprwm",
"repo": "hyprpaper",
"rev": "9261356bd74fadbc544bec22c16aec62ebba13bd",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprpaper",
"type": "github"
}
},
"linkal": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1688227218,
"narHash": "sha256-hlZlGblw7PDRlC4dBJVC3hwy+HZbXC+Mq4jbXP94ya4=",
"owner": "JulienMalka",
"repo": "Linkal",
"rev": "354b464cd6b6263f41b19ba05ab5163d0e8203db",
"type": "github"
},
"original": {
"owner": "JulienMalka",
"ref": "main",
"repo": "Linkal",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690083300,
"narHash": "sha256-xnUtWO/5TuuHkIpmzMXGvHJqS06FSVADnAZ4bvqO4Zo=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "c1e6fc40dd5c0d16940bc012421268b94e404b0b",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-index-database",
"type": "github"
}
},
"nix-rfc-92": {
"inputs": {
"flake-compat": "flake-compat_3",
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1689947426,
"narHash": "sha256-acY4dEkac3LfE7ukTeJHWqwM0Jc2n5gAi901gOiNKKA=",
"owner": "obsidiansystems",
"repo": "nix",
"rev": "a4e676f1e31182234644fde3e3a823e94d02e163",
"type": "github"
},
"original": {
"owner": "obsidiansystems",
"ref": "dynamic-drvs",
"repo": "nix",
"type": "github"
}
},
"nixd": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"unstable"
]
},
"locked": {
"lastModified": 1690389899,
"narHash": "sha256-IZ8N++v1DMpQ0RGWzo+QFBZKtdPsLrAFlCzpgMqZsrg=",
"owner": "nix-community",
"repo": "nixd",
"rev": "c080d75976bdd77e2ab9cf1fdb003771ac4db4ec",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixd",
"type": "github"
}
},
"nixos-apple-silicon": {
"inputs": {
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1689219568,
"narHash": "sha256-03oq6imX0mOidSmjoLjt/mSE2/6D6d4q0/UQcPn5/Zc=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "07eef29d1214b40da45ff2fae5d7e7498a0dd8ab",
"type": "github"
},
"original": {
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1690179384,
"narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1685564631,
"narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1683014792,
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1670461440,
"narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1689008574,
"narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1690271650,
"narHash": "sha256-qwdsW8DBY1qH+9luliIH7VzgwvL+ZGI3LZWC0LTiDMI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6dc93f0daec55ee2f441da385aaf143863e3d671",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"attic": "attic",
"deploy-rs": "deploy-rs",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"homepage": "homepage",
"hyprland": "hyprland",
"hyprpaper": "hyprpaper",
"linkal": "linkal",
"nix-index-database": "nix-index-database",
"nix-rfc-92": "nix-rfc-92",
"nixd": "nixd",
"nixos-apple-silicon": "nixos-apple-silicon",
"nixpkgs": "nixpkgs_5",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"unstable": "unstable"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"attic",
"crane",
"flake-utils"
],
"nixpkgs": [
"attic",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675391458,
"narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"flake": false,
"locked": {
"lastModified": 1686795910,
"narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"nixpkgs": [
"unstable"
],
"nixpkgs-22_11": [
"nixpkgs"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1671659164,
"narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-22.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"unstable"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1690199016,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1690179384,
"narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1690165843,
"narHash": "sha256-gv5kjss6REeQG0BmvK2gTx7jHLRdCnP25po6It6I6N8=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
"type": "gitlab"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1685385764,
"narHash": "sha256-r+XMyOoRXq+hlfjayb+fyi9kq2JK48TrwuNIAXqlj7U=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "4d9ff0c17716936e0b5ca577a39e263633901ed1",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

22
machines/tower/default.nix
View file

@ -25,7 +25,7 @@
luj.buildbot.enable = true;
luj.nginx.enable = true;
environment.systemPackages = [ pkgs.tailscale ];
environment.systemPackages = with pkgs; [ tailscale attic ];
services.tailscale.enable = true;
@ -102,8 +102,18 @@
services.grafana.enable = true;
services.grafana.settings.server.http_port = 3000;
services.prometheus.enable = true;
services.prometheus.pushgateway.enable = true;
services.prometheus = {
enable = true;
pushgateway.enable = true;
scrapeConfigs = [
{
job_name = "push";
static_configs = [{
targets = [ "127.0.0.1:9091" ];
}];
}
];
};
services.nginx.virtualHosts."data.julienmalka.me" = {
forceSSL = true;
@ -127,14 +137,14 @@
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9090";
proxyPass = "http://localhost:9091";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 1810 ];
networking.firewall.allowedUDPPorts = [ 80 443 1810 ];
networking.firewall.allowedTCPPorts = [ 80 443 1810 9989 ];
networking.firewall.allowedUDPPorts = [ 80 443 1810 9989 ];
system.stateVersion = "22.11"; # Did you read the comment?