diff --git a/flake.lock b/flake.lock index 98a258a..48c445b 100644 --- a/flake.lock +++ b/flake.lock @@ -235,7 +235,8 @@ "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", "tasklist": "tasklist", - "utils": "utils_3" + "utils": "utils_3", + "zineshop": "zineshop" } }, "sops-nix": { @@ -334,6 +335,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tasklist": { "inputs": { "nixpkgs": [ @@ -407,6 +423,45 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "zineshop": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_4" + }, + "locked": { + "lastModified": 1744626173, + "narHash": "sha256-DSuLVFGvmMUoStIs5ar4CLE8eD2dlFPUmPC7CODauts=", + "ref": "refs/heads/master", + "rev": "19ce41aca7d92bc8e02f97e7bdbca7ac7ba64090", + "revCount": 103, + "type": "git", + "url": "https://git.dynamicdiscord.de/kalipso/zineshop" + }, + "original": { + "type": "git", + "url": "https://git.dynamicdiscord.de/kalipso/zineshop" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 02dd232..6ecb223 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + zineshop = { + url = "git+https://git.dynamicdiscord.de/kalipso/zineshop"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + ep3-bs = { url = "git+https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 1dbc656..c037a9d 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -73,6 +73,17 @@ in }; }; + + services.nginx.virtualHosts."shop.malobeo.org" = { + forceSSL = true; + enableACME= true; + locations."/" = { + proxyPass = "http://10.0.0.10"; + extraConfig = '' + ''; + }; + }; + services.nginx.virtualHosts."status.malobeo.org" = { forceSSL = true; enableACME= true; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 40faf29..291acf3 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -5,6 +5,7 @@ in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets.wg_private = {}; + sops.secrets.shop_auth = {}; imports = [ # Include the results of the hardware scan. @@ -93,7 +94,13 @@ in }; services.malobeo.microvm.enableHostBridge = true; - services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ]; + services.malobeo.microvm.deployHosts = [ + "overwatch" + "infradocs" + "nextcloud" + "durruti" + "zineshop" + ]; networking = { nat = { @@ -144,6 +151,18 @@ in ''; }; }; + + virtualHosts."shop.malobeo.org" = { + # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo' + # then content of foo.txt put into sops + basicAuthFile = config.sops.secrets.shop_auth.path; + locations."/" = { + proxyPass = "http://10.0.0.15:8080"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; services.tor = { diff --git a/machines/fanny/secrets.yaml b/machines/fanny/secrets.yaml index 37dfc12..fba35ac 100644 --- a/machines/fanny/secrets.yaml +++ b/machines/fanny/secrets.yaml @@ -1,4 +1,6 @@ wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str] +shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str] +shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-14T12:41:07Z" - mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str] + lastmodified: "2025-04-14T10:34:55Z" + mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str] pgp: - created_at: "2025-02-11T18:32:49Z" enc: |- @@ -65,4 +67,4 @@ sops: -----END PGP MESSAGE----- fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/machines/hosts.nix b/machines/hosts.nix index f780fc3..41dee83 100644 --- a/machines/hosts.nix +++ b/machines/hosts.nix @@ -67,6 +67,14 @@ }; }; + zineshop = { + type = "microvm"; + network = { + address = "10.0.0.15"; + mac = "D0:E5:CA:F0:D7:F1"; + }; + }; + testvm = { type = "host"; }; diff --git a/machines/louise/configuration.nix b/machines/louise/configuration.nix index d3bffc0..bf1272f 100644 --- a/machines/louise/configuration.nix +++ b/machines/louise/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, inputs, ... }: { imports = @@ -9,6 +9,7 @@ ../modules/sshd.nix ../modules/minimal_tools.nix ../modules/autoupdate.nix + inputs.self.nixosModules.malobeo.printing ]; malobeo.autoUpdate = { @@ -50,9 +51,10 @@ }; services.printing.enable = true; + services.malobeo.printing.enable = true; + services.printing.drivers = [ (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd)) - (pkgs.writeTextDir "share/cups/model/konicaminoltac258.ppd" (builtins.readFile ../modules/KOC658UX.ppd)) pkgs.gutenprint pkgs.gutenprintBin pkgs.brlaser diff --git a/machines/modules/malobeo/printing.nix b/machines/modules/malobeo/printing.nix new file mode 100644 index 0000000..ad28215 --- /dev/null +++ b/machines/modules/malobeo/printing.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.malobeo.printing; + driverFile = pkgs.writeTextDir "share/cups/model/konicaminoltac258.ppd" (builtins.readFile ../KOC658UX.ppd); + + defaultPpdOptions = { + PageSize = "A4"; + SelectColor = "Grayscale"; + Finisher = "FS534"; + SaddleUnit = "SD511"; + Model = "C258"; + InputSlot = "Tray1"; + }; + +in +{ + options.services.malobeo.printing = { + enable = mkOption { + type = types.bool; + default = false; + description = "Setup malobeo printers"; + }; + }; + + config = mkIf (cfg.enable) { + services.printing.enable = true; + services.printing.drivers = [ + driverFile + ]; + + hardware.printers.ensurePrinters = [ { + name = "KonicaDefault"; + model = "konicaminoltac258.ppd"; + location = "Zine Workshop"; + deviceUri = "ipp://192.168.1.42/ipp"; + ppdOptions = defaultPpdOptions; + } + { + name = "KonicaBooklet"; + model = "konicaminoltac258.ppd"; + location = "Zine Workshop"; + deviceUri = "ipp://192.168.1.42/ipp"; + ppdOptions = defaultPpdOptions // { + Fold = "Stitch"; + Staple = "None"; + }; + } + ]; + }; +} diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix index 62e1b8a..75ed016 100644 --- a/machines/overwatch/configuration.nix +++ b/machines/overwatch/configuration.nix @@ -107,6 +107,12 @@ with lib; targets = [ "10.0.0.13:9002" ]; }]; } + { + job_name = "zineshop"; + static_configs = [{ + targets = [ "10.0.0.15:9002" ]; + }]; + } { job_name = "fanny"; static_configs = [{ diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index 6caeed1..6eb1d22 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -66,6 +66,15 @@ with lib; ''; }; }; + + virtualHosts."shop.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.100.0.101"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; system.stateVersion = "22.11"; # Did you read the comment? diff --git a/machines/zineshop/configuration.nix b/machines/zineshop/configuration.nix new file mode 100644 index 0000000..aac419e --- /dev/null +++ b/machines/zineshop/configuration.nix @@ -0,0 +1,34 @@ +{ self, config, lib, pkgs, inputs, ... }: + +with lib; + +{ + networking = { + hostName = mkDefault "zineshop"; + useDHCP = false; + }; + + imports = [ + inputs.malobeo.nixosModules.malobeo.metrics + inputs.malobeo.nixosModules.malobeo.printing + inputs.zineshop.nixosModules.zineshop + ../modules/malobeo_user.nix + ../modules/sshd.nix + ]; + + malobeo.metrics = { + enable = true; + enablePromtail = true; + logNginx = true; + lokiHost = "10.0.0.14"; + }; + + services.printing.enable = true; + services.malobeo.printing.enable = true; + + services.zineshop.enable = true; + networking.firewall.allowedTCPPorts = [ 8080 ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/outputs.nix b/outputs.nix index b7c2db6..60d04c1 100644 --- a/outputs.nix +++ b/outputs.nix @@ -117,6 +117,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems disko.imports = [ ./machines/modules/disko ]; users.imports = [ ./machines/modules/malobeo/users.nix ]; backup.imports = [ ./machines/modules/malobeo/backup.nix ]; + printing.imports = [ ./machines/modules/malobeo/printing.nix ]; }; hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (