Compare commits
3 commits
dc166488f0
...
3b25f74fa1
Author | SHA1 | Date | |
---|---|---|---|
3b25f74fa1 | |||
cf994fa73b | |||
288677bdbd |
6 changed files with 31 additions and 17 deletions
11
home/applications/ssh/default.nix
Normal file
11
home/applications/ssh/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{config, ...}: {
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = let
|
||||||
|
inherit (config.home) homeDirectory;
|
||||||
|
in {
|
||||||
|
"blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
|
||||||
|
"tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -42,6 +42,7 @@
|
||||||
./applications/git
|
./applications/git
|
||||||
./applications/gpg
|
./applications/gpg
|
||||||
./applications/neovim
|
./applications/neovim
|
||||||
|
./applications/ssh
|
||||||
./applications/starship
|
./applications/starship
|
||||||
./applications/tealdeer
|
./applications/tealdeer
|
||||||
./applications/tmux
|
./applications/tmux
|
||||||
|
|
|
@ -30,9 +30,6 @@
|
||||||
localsend
|
localsend
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [53317];
|
|
||||||
networking.firewall.allowedUDPPorts = [53317];
|
|
||||||
|
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
programs.anime-game-launcher.enable = true;
|
programs.anime-game-launcher.enable = true;
|
||||||
programs.seahorse.enable = true;
|
programs.seahorse.enable = true;
|
||||||
|
|
|
@ -40,12 +40,20 @@ http://mastodon.ny4.dev:80 {
|
||||||
|
|
||||||
http://matrix.ny4.dev:80 {
|
http://matrix.ny4.dev:80 {
|
||||||
import default
|
import default
|
||||||
reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock
|
reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock {
|
||||||
reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock
|
header_up X-Forwarded-Proto "https"
|
||||||
reverse_proxy /health unix//run/matrix-synapse/synapse.sock
|
}
|
||||||
|
reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock {
|
||||||
|
header_up X-Forwarded-Proto "https"
|
||||||
|
}
|
||||||
|
reverse_proxy /health unix//run/matrix-synapse/synapse.sock {
|
||||||
|
header_up X-Forwarded-Proto "https"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
http://syncv3.ny4.dev:80 {
|
http://syncv3.ny4.dev:80 {
|
||||||
import default
|
import default
|
||||||
reverse_proxy unix//run/matrix-sliding-sync/sync.sock
|
reverse_proxy unix//run/matrix-sliding-sync/sync.sock {
|
||||||
|
header_up X-Forwarded-Proto "https"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,7 +47,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
######## Services
|
######## Services
|
||||||
environment.systemPackages = with pkgs; [qbittorrent];
|
environment.systemPackages = with pkgs; [qbittorrent-nox];
|
||||||
|
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -60,14 +60,11 @@
|
||||||
"6222a3e0-98da-4325-be19-0f86a7318a41" = {
|
"6222a3e0-98da-4325-be19-0f86a7318a41" = {
|
||||||
credentialsFile = config.sops.secrets."cloudflared/secret".path;
|
credentialsFile = config.sops.secrets."cloudflared/secret".path;
|
||||||
default = "http_status:404";
|
default = "http_status:404";
|
||||||
ingress = {
|
ingress = lib.genAttrs [
|
||||||
# TODO: is this safe?
|
"mastodon.ny4.dev"
|
||||||
# browser <-> cloudflare cdn <-> cloudflared <-> caddy <-> mastodon
|
"matrix.ny4.dev"
|
||||||
# ^ no tls in this part?
|
"syncv3.ny4.dev"
|
||||||
"mastodon.ny4.dev" = "http://localhost:80";
|
] (_: "http://localhost");
|
||||||
"matrix.ny4.dev" = "http://localhost:80";
|
|
||||||
"syncv3.ny4.dev" = "http://localhost:80";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -27,13 +27,13 @@
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
localsend
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [53317];
|
networking.firewall.allowedTCPPorts = [53317];
|
||||||
networking.firewall.allowedUDPPorts = [53317];
|
networking.firewall.allowedUDPPorts = [53317];
|
||||||
|
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
|
programs.localsend.enable = true;
|
||||||
programs.seahorse.enable = true;
|
programs.seahorse.enable = true;
|
||||||
programs.steam.enable = true;
|
programs.steam.enable = true;
|
||||||
programs.kdeconnect = {
|
programs.kdeconnect = {
|
||||||
|
|
Loading…
Reference in a new issue