Merge branch 'tangled' · kitten.sh/system@2924088

+176

flake.lock

··· 277 277 "type": "github" 278 278 } 279 279 }, 280 + "flake-utils_2": { 281 + "inputs": { 282 + "systems": "systems_3" 283 + }, 284 + "locked": { 285 + "lastModified": 1694529238, 286 + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", 287 + "owner": "numtide", 288 + "repo": "flake-utils", 289 + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", 290 + "type": "github" 291 + }, 292 + "original": { 293 + "owner": "numtide", 294 + "repo": "flake-utils", 295 + "type": "github" 296 + } 297 + }, 280 298 "gitignore": { 281 299 "inputs": { 282 300 "nixpkgs": [ ··· 315 333 "type": "github" 316 334 } 317 335 }, 336 + "gomod2nix": { 337 + "inputs": { 338 + "flake-utils": "flake-utils_2", 339 + "nixpkgs": [ 340 + "tangled", 341 + "nixpkgs" 342 + ] 343 + }, 344 + "locked": { 345 + "lastModified": 1754078208, 346 + "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=", 347 + "owner": "nix-community", 348 + "repo": "gomod2nix", 349 + "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf", 350 + "type": "github" 351 + }, 352 + "original": { 353 + "owner": "nix-community", 354 + "repo": "gomod2nix", 355 + "type": "github" 356 + } 357 + }, 318 358 "hardline-nvim": { 319 359 "flake": false, 320 360 "locked": { ··· 352 392 "type": "github" 353 393 } 354 394 }, 395 + "htmx-src": { 396 + "flake": false, 397 + "locked": { 398 + "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=", 399 + "type": "file", 400 + "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js" 401 + }, 402 + "original": { 403 + "type": "file", 404 + "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js" 405 + } 406 + }, 407 + "htmx-ws-src": { 408 + "flake": false, 409 + "locked": { 410 + "narHash": "sha256-2fg6KyEJoO24q0fQqbz9RMaYNPQrMwpZh29tkSqdqGY=", 411 + "type": "file", 412 + "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2" 413 + }, 414 + "original": { 415 + "type": "file", 416 + "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2" 417 + } 418 + }, 419 + "ibm-plex-mono-src": { 420 + "flake": false, 421 + "locked": { 422 + "lastModified": 1731402384, 423 + "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=", 424 + "type": "tarball", 425 + "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip" 426 + }, 427 + "original": { 428 + "type": "tarball", 429 + "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip" 430 + } 431 + }, 432 + "indigo": { 433 + "flake": false, 434 + "locked": { 435 + "lastModified": 1753693716, 436 + "narHash": "sha256-DMIKnCJRODQXEHUxA+7mLzRALmnZhkkbHlFT2rCQYrE=", 437 + "owner": "oppiliappan", 438 + "repo": "indigo", 439 + "rev": "5f170569da9360f57add450a278d73538092d8ca", 440 + "type": "github" 441 + }, 442 + "original": { 443 + "owner": "oppiliappan", 444 + "repo": "indigo", 445 + "type": "github" 446 + } 447 + }, 448 + "inter-fonts-src": { 449 + "flake": false, 450 + "locked": { 451 + "lastModified": 1731687360, 452 + "narHash": "sha256-5vdKKvHAeZi6igrfpbOdhZlDX2/5+UvzlnCQV6DdqoQ=", 453 + "type": "tarball", 454 + "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip" 455 + }, 456 + "original": { 457 + "type": "tarball", 458 + "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip" 459 + } 460 + }, 355 461 "language-servers": { 356 462 "inputs": { 357 463 "flake-utils": [ ··· 431 537 "owner": "onsails", 432 538 "repo": "lspkind-nvim", 433 539 "type": "github" 540 + } 541 + }, 542 + "lucide-src": { 543 + "flake": false, 544 + "locked": { 545 + "lastModified": 1754044466, 546 + "narHash": "sha256-+exBR2OToB1iv7ZQI2S4B0lXA/QRvC9n6U99UxGpJGs=", 547 + "type": "tarball", 548 + "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip" 549 + }, 550 + "original": { 551 + "type": "tarball", 552 + "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip" 434 553 } 435 554 }, 436 555 "mini-nvim": { ··· 797 916 "nixpkgs": "nixpkgs", 798 917 "nvim-plugins": "nvim-plugins", 799 918 "system-shell": "system-shell", 919 + "tangled": "tangled", 800 920 "yeetmouse": "yeetmouse", 801 921 "zen-browser": "zen-browser" 802 922 } ··· 820 940 "owner": "oxalica", 821 941 "repo": "rust-overlay", 822 942 "type": "github" 943 + } 944 + }, 945 + "sqlite-lib-src": { 946 + "flake": false, 947 + "locked": { 948 + "lastModified": 1706631843, 949 + "narHash": "sha256-bJoMjirsBjm2Qk9KPiy3yV3+8b/POlYe76/FQbciHro=", 950 + "type": "tarball", 951 + "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip" 952 + }, 953 + "original": { 954 + "type": "tarball", 955 + "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip" 823 956 } 824 957 }, 825 958 "system-shell": { ··· 874 1007 "owner": "nix-systems", 875 1008 "repo": "default", 876 1009 "type": "github" 1010 + } 1011 + }, 1012 + "systems_3": { 1013 + "locked": { 1014 + "lastModified": 1681028828, 1015 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 1016 + "owner": "nix-systems", 1017 + "repo": "default", 1018 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 1019 + "type": "github" 1020 + }, 1021 + "original": { 1022 + "owner": "nix-systems", 1023 + "repo": "default", 1024 + "type": "github" 1025 + } 1026 + }, 1027 + "tangled": { 1028 + "inputs": { 1029 + "gomod2nix": "gomod2nix", 1030 + "htmx-src": "htmx-src", 1031 + "htmx-ws-src": "htmx-ws-src", 1032 + "ibm-plex-mono-src": "ibm-plex-mono-src", 1033 + "indigo": "indigo", 1034 + "inter-fonts-src": "inter-fonts-src", 1035 + "lucide-src": "lucide-src", 1036 + "nixpkgs": [ 1037 + "nixpkgs" 1038 + ], 1039 + "sqlite-lib-src": "sqlite-lib-src" 1040 + }, 1041 + "locked": { 1042 + "lastModified": 1755122974, 1043 + "narHash": "sha256-QVBmpoPzw9F3RbwlzptiiM4vOKSOwZ/pDmQH0nudjbg=", 1044 + "ref": "refs/heads/master", 1045 + "rev": "9200ee979f28fcf5b724768cc4042bf93f1f1c77", 1046 + "revCount": 1131, 1047 + "type": "git", 1048 + "url": "ssh://git@tangled.sh/tangled.sh/core" 1049 + }, 1050 + "original": { 1051 + "type": "git", 1052 + "url": "ssh://git@tangled.sh/tangled.sh/core" 877 1053 } 878 1054 }, 879 1055 "telescope-nvim": {

+6

flake.nix

··· 82 82 home-manager.follows = "home-manager"; 83 83 }; 84 84 }; 85 + 86 + tangled = { 87 + url = "git+ssh://git@tangled.sh/tangled.sh/core"; 88 + inputs.nixpkgs.follows = "nixpkgs"; 89 + }; 85 90 }; 86 91 87 92 outputs = inputs @ { self, ... }: let ··· 140 145 inherit overlays; 141 146 system = "aarch64-linux"; 142 147 hostname = "ramune"; 148 + modules = [ inputs.tangled.nixosModules.knot ]; 143 149 }; 144 150 145 151 overlays = {

+1

machines/ramune/configuration.nix

··· 52 52 tailscale.enable = true; 53 53 caddy.enable = true; 54 54 vaultwarden.enable = true; 55 + tangled.enable = true; 55 56 }; 56 57 }; 57 58

+11

modules/server/caddy.nix

··· 5 5 cfg = config.modules.server; 6 6 7 7 domain = config.networking.domain; 8 + knotEnabled = cfg.tangled.enable; 8 9 tailscaleEnabled = cfg.tailscale.enable; 9 10 vaultwardenEnabled = cfg.vaultwarden.enable; 10 11 jellyfinEnabled = cfg.jellyfin.enable; ··· 46 47 } 47 48 '' else ""; 48 49 50 + knotConfig = if knotEnabled then '' 51 + ${cfg.tangled.hostname} { 52 + reverse_proxy localhost:5555 53 + } 54 + '' else ""; 55 + 49 56 exposeConfig = let 50 57 configs = attrsets.mapAttrsToList (name: root: '' 51 58 handle_path /${name} { ··· 101 108 } 102 109 103 110 ${tailscaleConfig} 111 + ${knotConfig} 104 112 105 113 :80 { 106 114 import network_paths ··· 111 119 } 112 120 ''; 113 121 }; 122 + 123 + networking.firewall.allowedTCPPorts = [ 80 443 ]; 124 + networking.firewall.allowedUDPPorts = [ 443 ]; 114 125 }; 115 126 }

+1

modules/server/default.nix

··· 20 20 ./home-assistant.nix 21 21 ./podman.nix 22 22 ./macos.nix 23 + ./tangled.nix 23 24 ]; 24 25 }

+5

modules/server/encrypt/tangled-knot-secret.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 QwbpPw 33WczOs4JEiVVA8CzFii7hWMA+N2FxeMj0ya1JHim1A 3 + kfxuJo5DLQJ0vZ6P3ubiadIb0nO3YFFdiMGsTCG00N4 4 + --- M5dUQ19fOQdclRb1kt0DbAv8BrFMih+Uy2dlxskeVzg 5 + �S*ɀ�!Q]�T��^�C��-X��Tҕ�r�^��D�m�잫�aD��;k�t@��/��i��A��A��A@I��Ù�8��E=^��>��B^۰�):�

+42

modules/server/tangled.nix

··· 1 + { lib, config, hostname, helpers, ... }: 2 + 3 + with lib; 4 + let 5 + address = config.modules.router.adress; 6 + cfg = config.modules.server; 7 + in helpers.linuxAttrs { 8 + options.modules.server.tangled = { 9 + enable = mkOption { 10 + default = false; 11 + example = true; 12 + description = "Whether to enable Tangled Knot."; 13 + type = types.bool; 14 + }; 15 + 16 + hostname = mkOption { 17 + default = "knot.kitten.sh"; 18 + type = types.str; 19 + }; 20 + }; 21 + 22 + config = mkIf (cfg.enable && cfg.tangled.enable) { 23 + age.secrets."tangled-knot" = let 24 + inherit (config.services.tangled-knot) gitUser; 25 + in { 26 + file = ./encrypt/tangled-knot-secret.age; 27 + owner = gitUser; 28 + group = gitUser; 29 + mode = "0440"; 30 + }; 31 + 32 + services.tangled-knot = { 33 + enable = true; 34 + openFirewall = true; 35 + server = { 36 + hostname = cfg.tangled.hostname; 37 + listenAddr = "127.0.0.1:5555"; 38 + secretFile = config.age.secrets."tangled-knot".path; 39 + }; 40 + }; 41 + }; 42 + }

+1

secrets.nix

··· 8 8 9 9 "./modules/server/encrypt/tailscale.age".publicKeys = keys; 10 10 "./modules/server/encrypt/rclone.conf.age".publicKeys = keys; 11 + "./modules/server/encrypt/tangled-knot-secret.age".publicKeys = keys; 11 12 12 13 "./home/fonts/encrypt/DankMono-Regular.otf.age".publicKeys = keys; 13 14 "./home/fonts/encrypt/DankMono-Bold.otf.age".publicKeys = keys;

Configure Feed

Configure Feed