split!

2025-11-09 23:28:16 +00:00 · 2025-11-09 23:28:16 +00:00 · b9c6c1da6a
commit b9c6c1da6a
parent 68704bc88e
25 changed files with 87 additions and 6 deletions
--- a/flake.nix
+++ b/flake.nix
@ -25,8 +25,11 @@
    nixosConfigurations = {
      distrust = lib.nixosSystem {
        system = "x86_64-linux";
-        modules = [./system ./services ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default];
+        modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default { networking.hostName = "distrust"; }];
      };
+      distrust-mini = lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix { networking.hostName = "distrust-mini"; }];
    };
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -4,8 +4,9 @@ let
  users = [user];

  # Current host
-  system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVvvjL4XXn6z0fOZnr1v0twoVBINi1FOES15JL/3vU4 root@distrust";
-  systems = [system];
+  distrust = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVvvjL4XXn6z0fOZnr1v0twoVBINi1FOES15JL/3vU4 root@distrust";
+  distrust-mini = "";
+  systems = [distrust distrust-mini];

  all = users ++ systems;
 in {
@ -27,5 +28,6 @@ in {
  "hidden_service/microbin".publicKeys = all;
  "hidden_service/nextcloud".publicKeys = all;
  "hidden_service/site".publicKeys = all;
+  "hidden_service/uptime-kuma".publicKeys = all;
  "hidden_service/vaultwarden".publicKeys = all;
 }
--- a/services/distrust-mini/default.nix
+++ b/services/distrust-mini/default.nix
@ -0,0 +1,10 @@
+{
+    imports = [
+        ../shared
+
+        # TOR bridge
+        ./tor.nix
+        # Status page in diff. data center for redundancy/resilience
+        ./uptime-kuma.nix
+    ]
+}
--- a/services/distrust-mini/tor.nix
+++ b/services/distrust-mini/tor.nix
@ -0,0 +1,16 @@
+{
+  services.tor = {
+    enable = true;
+    relay = {
+      enable = true;
+      role = "bridge";
+    };
+    settings = {
+      Nickname = "Distrust Mini";
+      ContactInfo = "root@distrust.network";
+      ORPort = 8080;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [8080];
+}
--- a/services/distrust-mini/uptime-kuma.nix
+++ b/services/distrust-mini/uptime-kuma.nix
@ -0,0 +1,28 @@
+let
+  kumaPort = 3001;
+in
+{
+  services.uptime-kuma = {
+    enable = true;
+    settings = {
+      PORT = kumaPort;
+    };
+  };
+
+  distrust.services."uptime-kuma" = {
+    url = "http://uptime.distrust.network";
+    onion = {
+      url = "http://uxp5y2l7g3jv2x7f4j5zv3j5x7z5z7z5z5z5z5z5z5z5z5z5z5z5z5z5z5.onion";
+      secretKey = null;
+    };
+    virtualHostConfig = ''
+      reverse_proxy localhost:${toString kumaPort}
+    '';
+    backup = {
+      enable = true;
+      paths = [
+        "/var/lib/uptime-kuma"
+      ];
+    };
+  };
+}
--- a/services/distrust/akkoma.nix
+++ b/services/distrust/akkoma.nix
--- a/services/distrust/caddy.nix
+++ b/services/distrust/caddy.nix
--- a/services/distrust/default.nix
+++ b/services/distrust/default.nix
@ -1,7 +1,8 @@
 {
  imports = [
+    ../shared
+
    # Core System
-    ./borg.nix
    ./caddy.nix

    # Non-stateful services
--- a/services/distrust/forgejo.nix
+++ b/services/distrust/forgejo.nix
--- a/services/distrust/ipfs.nix
+++ b/services/distrust/ipfs.nix
--- a/services/distrust/lldap.nix
+++ b/services/distrust/lldap.nix
--- a/services/distrust/mailserver.nix
+++ b/services/distrust/mailserver.nix
--- a/services/distrust/nextcloud.nix
+++ b/services/distrust/nextcloud.nix
--- a/services/distrust/paste.nix
+++ b/services/distrust/paste.nix
--- a/services/distrust/prosody.nix
+++ b/services/distrust/prosody.nix
--- a/services/distrust/site.nix
+++ b/services/distrust/site.nix
--- a/services/distrust/tor.nix
+++ b/services/distrust/tor.nix
--- a/services/distrust/vaultwarden.nix
+++ b/services/distrust/vaultwarden.nix
--- a/services/shared/borg.nix
+++ b/services/shared/borg.nix
--- a/services/shared/default.nix
+++ b/services/shared/default.nix
@ -0,0 +1,5 @@
+{
+    imports = [
+        ./borg.nix
+    ];
+}
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -16,7 +16,7 @@ in {
  # Necessary for flake support
  nix.settings.experimental-features = ["nix-command" "flakes"];

-  networking.hostName = "distrust";
+  # General / Perf
  zramSwap.enable = true;
  boot.tmp.cleanOnBoot = true;

--- a/system/distrust-mini/default.nix
+++ b/system/distrust-mini/default.nix
@ -4,7 +4,7 @@
  ...
 }: {
  imports = [
-    ./configuration.nix
+    ../configuration.nix

    # Auto generated, do not edit. Replace per host
    ./hardware-configuration.nix
--- a/system/distrust/default.nix
+++ b/system/distrust/default.nix
@ -0,0 +1,16 @@
+{
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    ../configuration.nix
+
+    # Auto generated, do not edit. Replace per host
+    ./hardware-configuration.nix
+    ./networking.nix
+
+    "${modulesPath}/profiles/hardened.nix"
+    {environment.memoryAllocator.provider = lib.mkForce "libc";}
+  ];
+}
--- a/system/distrust/hardware-configuration.nix
+++ b/system/distrust/hardware-configuration.nix
--- a/system/distrust/networking.nix
+++ b/system/distrust/networking.nix