diff --git a/flake.lock b/flake.lock index 98a258ac..48c445ba 100644 --- a/flake.lock +++ b/flake.lock @@ -235,7 +235,8 @@ "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", "tasklist": "tasklist", - "utils": "utils_3" + "utils": "utils_3", + "zineshop": "zineshop" } }, "sops-nix": { @@ -334,6 +335,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tasklist": { "inputs": { "nixpkgs": [ @@ -407,6 +423,45 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "zineshop": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_4" + }, + "locked": { + "lastModified": 1744626173, + "narHash": "sha256-DSuLVFGvmMUoStIs5ar4CLE8eD2dlFPUmPC7CODauts=", + "ref": "refs/heads/master", + "rev": "19ce41aca7d92bc8e02f97e7bdbca7ac7ba64090", + "revCount": 103, + "type": "git", + "url": "https://git.dynamicdiscord.de/kalipso/zineshop" + }, + "original": { + "type": "git", + "url": "https://git.dynamicdiscord.de/kalipso/zineshop" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 02dd232e..6ecb2230 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + zineshop = { + url = "git+https://git.dynamicdiscord.de/kalipso/zineshop"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + ep3-bs = { url = "git+https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 1dbc6569..c037a9da 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -73,6 +73,17 @@ in }; }; + + services.nginx.virtualHosts."shop.malobeo.org" = { + forceSSL = true; + enableACME= true; + locations."/" = { + proxyPass = "http://10.0.0.10"; + extraConfig = '' + ''; + }; + }; + services.nginx.virtualHosts."status.malobeo.org" = { forceSSL = true; enableACME= true; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 40faf294..291acf30 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -5,6 +5,7 @@ in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets.wg_private = {}; + sops.secrets.shop_auth = {}; imports = [ # Include the results of the hardware scan. @@ -93,7 +94,13 @@ in }; services.malobeo.microvm.enableHostBridge = true; - services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ]; + services.malobeo.microvm.deployHosts = [ + "overwatch" + "infradocs" + "nextcloud" + "durruti" + "zineshop" + ]; networking = { nat = { @@ -144,6 +151,18 @@ in ''; }; }; + + virtualHosts."shop.malobeo.org" = { + # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo' + # then content of foo.txt put into sops + basicAuthFile = config.sops.secrets.shop_auth.path; + locations."/" = { + proxyPass = "http://10.0.0.15:8080"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; services.tor = { diff --git a/machines/fanny/secrets.yaml b/machines/fanny/secrets.yaml index 37dfc121..fba35acc 100644 --- a/machines/fanny/secrets.yaml +++ b/machines/fanny/secrets.yaml @@ -1,4 +1,6 @@ wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str] +shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str] +shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-14T12:41:07Z" - mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str] + lastmodified: "2025-04-14T10:34:55Z" + mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str] pgp: - created_at: "2025-02-11T18:32:49Z" enc: |- @@ -65,4 +67,4 @@ sops: -----END PGP MESSAGE----- fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/machines/hosts.nix b/machines/hosts.nix index f780fc34..41dee837 100644 --- a/machines/hosts.nix +++ b/machines/hosts.nix @@ -67,6 +67,14 @@ }; }; + zineshop = { + type = "microvm"; + network = { + address = "10.0.0.15"; + mac = "D0:E5:CA:F0:D7:F1"; + }; + }; + testvm = { type = "host"; }; diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix index 62e1b8ae..75ed0169 100644 --- a/machines/overwatch/configuration.nix +++ b/machines/overwatch/configuration.nix @@ -107,6 +107,12 @@ with lib; targets = [ "10.0.0.13:9002" ]; }]; } + { + job_name = "zineshop"; + static_configs = [{ + targets = [ "10.0.0.15:9002" ]; + }]; + } { job_name = "fanny"; static_configs = [{ diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index 6caeed1d..6eb1d22d 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -66,6 +66,15 @@ with lib; ''; }; }; + + virtualHosts."shop.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.100.0.101"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; system.stateVersion = "22.11"; # Did you read the comment? diff --git a/machines/zineshop/configuration.nix b/machines/zineshop/configuration.nix new file mode 100644 index 00000000..aac419e4 --- /dev/null +++ b/machines/zineshop/configuration.nix @@ -0,0 +1,34 @@ +{ self, config, lib, pkgs, inputs, ... }: + +with lib; + +{ + networking = { + hostName = mkDefault "zineshop"; + useDHCP = false; + }; + + imports = [ + inputs.malobeo.nixosModules.malobeo.metrics + inputs.malobeo.nixosModules.malobeo.printing + inputs.zineshop.nixosModules.zineshop + ../modules/malobeo_user.nix + ../modules/sshd.nix + ]; + + malobeo.metrics = { + enable = true; + enablePromtail = true; + logNginx = true; + lokiHost = "10.0.0.14"; + }; + + services.printing.enable = true; + services.malobeo.printing.enable = true; + + services.zineshop.enable = true; + networking.firewall.allowedTCPPorts = [ 8080 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} +