Home

infra @main - refs - log -
- 
https://git.jolheiser.com/infra.git
dragonwell flake
tree log patch
migrate some tailscale services to shinchi Moves: - cfg - tclip - golink Adds: - MAZANOKE - beszel (agent and hub) Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQDd2D2ISBz703ug3rOmRVFnk3jd5C38C/2S61m3wUvqQdn/eHY/zn9XaGWUXI6gDc4 gkXroPj1DdgaD5l1dbogA= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
1 month ago
11 changed files, 136 additions(+), 25 deletions(-)
shincha/cfg.nixdragonwell/default.nixshincha/golink.nixshincha/tclip.nixflake.lockflake.nixsecrets/beszel-shincha.agesecrets/secrets.nixshincha/beszel.nixshincha/default.nixshincha/mazanoke.nix
M dragonwell/cfg.nixshincha/cfg.nix
1
2
3

diff --git a/dragonwell/cfg.nix b/shincha/cfg.nix
rename from dragonwell/cfg.nix
rename to shincha/cfg.nix
M dragonwell/default.nixdragonwell/default.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff --git a/dragonwell/default.nix b/dragonwell/default.nix
index 797b691424f46ca879c857eb0bba1393e1f3ad47..d2ce5cdd8083b4028064ad97ba291e4cfb335c1d 100644
--- a/dragonwell/default.nix
+++ b/dragonwell/default.nix
@@ -5,19 +5,16 @@ in
 {
   imports = [
     ./caddy.nix
-    ./cfg.nix
     ./dex.nix
     ./forge-lines.nix
     ./foundry.nix
     ./git-pr.nix
-    ./golink.nix
     ./miniserve.nix
     ./pocket-id.nix
     ./pubserve.nix
     ./restic.nix
     ./soju.nix
     ./tandoor.nix
-    ./tclip.nix
     ./ugit.nix
     ./hardware.nix
   ];
M dragonwell/golink.nixshincha/golink.nix
1
2
3

diff --git a/dragonwell/golink.nix b/shincha/golink.nix
rename from dragonwell/golink.nix
rename to shincha/golink.nix
M dragonwell/tclip.nixshincha/tclip.nix
1
2
3

diff --git a/dragonwell/tclip.nix b/shincha/tclip.nix
rename from dragonwell/tclip.nix
rename to shincha/tclip.nix
M flake.lockflake.lock
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

diff --git a/flake.lock b/flake.lock
index 38ce81c6d9b927caf3e300b6546c1bec522f4fa5..3491c18df2df298b9072f6551ea1a33b59d8b5b7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -41,6 +41,22 @@         "type": "git",
         "url": "https://git.jolheiser.com/bennet.git"
       }
     },
+    "beszel": {
+      "locked": {
+        "lastModified": 1742939577,
+        "narHash": "sha256-uia88Accp/sOZk5C0PMBQsImDE6KJ1J/hyM7W/58cnA=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3755166bcb88619f292c885831cfef6485fff014",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3755166bcb88619f292c885831cfef6485fff014",
+        "type": "github"
+      }
+    },
     "blog": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -343,6 +359,24 @@         "type": "git",
         "url": "https://git.jolheiser.com/nixpkgs.git"
       }
     },
+    "mazanoke": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_11"
+      },
+      "locked": {
+        "lastModified": 1746641281,
+        "narHash": "sha256-EU8w6Hq5s175ymaxGZhLo6Exbciq4htbJFYzMZ8Hj6Y=",
+        "owner": "jolheiser",
+        "repo": "mazanoke-nix",
+        "rev": "e0f7ea2066e1166afa8501d640199dc5237705e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "jolheiser",
+        "repo": "mazanoke-nix",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1734352517,
@@ -406,6 +440,22 @@       }
     },
     "nixpkgs_11": {
       "locked": {
+        "lastModified": 1746397377,
+        "narHash": "sha256-5oLdRa3vWSRbuqPIFFmQBGGUqaYZBxX+GGtN9f/n4lU=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ed30f8aba41605e3ab46421e3dcb4510ec560ff8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_12": {
+      "locked": {
         "lastModified": 1746141548,
         "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
         "owner": "nixos",
@@ -420,7 +470,7 @@         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs_12": {
+    "nixpkgs_13": {
       "locked": {
         "lastModified": 1741481966,
         "narHash": "sha256-MrMsXesCo5Y79F5qjlybADozu60Zk91jVBi+FnoEiJU=",
@@ -435,7 +485,7 @@         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs_13": {
+    "nixpkgs_14": {
       "locked": {
         "lastModified": 1741379970,
         "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@@ -451,7 +501,7 @@         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs_14": {
+    "nixpkgs_15": {
       "locked": {
         "lastModified": 1728888510,
         "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
@@ -466,7 +516,7 @@         "ref": "nixos-unstable",
         "type": "indirect"
       }
     },
-    "nixpkgs_15": {
+    "nixpkgs_16": {
       "locked": {
         "lastModified": 1736241350,
         "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
@@ -482,7 +532,7 @@         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs_16": {
+    "nixpkgs_17": {
       "locked": {
         "lastModified": 1741481966,
         "narHash": "sha256-MrMsXesCo5Y79F5qjlybADozu60Zk91jVBi+FnoEiJU=",
@@ -625,7 +675,7 @@     },
     "resume": {
       "inputs": {
         "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_12"
+        "nixpkgs": "nixpkgs_13"
       },
       "locked": {
         "lastModified": 1697473034,
@@ -645,6 +695,7 @@     "root": {
       "inputs": {
         "agenix": "agenix",
         "bennet": "bennet",
+        "beszel": "beszel",
         "blog": "blog",
         "cfg-playground": "cfg-playground",
         "forge-lines": "forge-lines",
@@ -654,8 +705,9 @@         "git-pr": "git-pr",
         "golink": "golink",
         "home-manager": "home-manager",
         "jolheiser": "jolheiser",
+        "mazanoke": "mazanoke",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_11",
+        "nixpkgs": "nixpkgs_12",
         "resume": "resume",
         "tailproxy": "tailproxy",
         "tclip": "tclip",
@@ -755,7 +807,7 @@       }
     },
     "tailproxy": {
       "inputs": {
-        "nixpkgs": "nixpkgs_13"
+        "nixpkgs": "nixpkgs_14"
       },
       "locked": {
         "lastModified": 1729968274,
@@ -857,7 +909,7 @@       }
     },
     "tclip": {
       "inputs": {
-        "nixpkgs": "nixpkgs_14",
+        "nixpkgs": "nixpkgs_15",
         "utils": "utils"
       },
       "locked": {
@@ -876,7 +928,7 @@       }
     },
     "ugit": {
       "inputs": {
-        "nixpkgs": "nixpkgs_15",
+        "nixpkgs": "nixpkgs_16",
         "tailwind-ctp": "tailwind-ctp",
         "tailwind-ctp-lsp": "tailwind-ctp-lsp"
       },
@@ -915,7 +967,7 @@     },
     "website": {
       "inputs": {
         "flake-utils": "flake-utils_4",
-        "nixpkgs": "nixpkgs_16",
+        "nixpkgs": "nixpkgs_17",
         "tailwind-ctp": "tailwind-ctp_2",
         "tailwind-ctp-lsp": "tailwind-ctp-lsp_2"
       },
M flake.nixflake.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

diff --git a/flake.nix b/flake.nix
index 3f6efb44ec9e92f7d8a1c7fc6f9ab293200fa9a7..f627d6db890c98e4322f52fb24d816c7e7f09efd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,11 +26,14 @@     tclip.url = "github:tailscale-dev/tclip";
     foundry.url = "github:reckenrode/nix-foundryvtt";
     tailproxy.url = "git+https://git.jolheiser.com/tailproxy.git";
     forge-lines.url = "git+https://code.winston.sh/winston/forge-lines.git";
+    mazanoke.url = "github:jolheiser/mazanoke-nix";
+    beszel.url = "github:nixos/nixpkgs/3755166bcb88619f292c885831cfef6485fff014";
   };
 
   outputs =
     {
       nixpkgs,
+      beszel,
       home-manager,
       nixos-hardware,
       agenix,
@@ -58,31 +61,37 @@     {
       colmena = {
         meta = {
           nixpkgs = import nixpkgs { inherit overlays system; };
+          nodeNixpkgs.shincha = import beszel { inherit overlays system; };
           specialArgs = {
             inherit inputs;
           };
         };
-        dragonwell =
+        dragonwell.imports = [
+          inputs.agenix.nixosModules.default
+          inputs.ugit.nixosModules.default
+          inputs.git-pr.nixosModules.default
+          inputs.tailproxy.nixosModules.default
+          inputs.foundry.nixosModules.foundryvtt
+          inputs.forge-lines.nixosModules.default
+          ./modules/miniserve
+          ./dragonwell
+        ];
+        jasmine.imports = [ ./jasmine ];
+        gunpowder.imports = [ ./gunpowder ];
+        shincha =
           { pkgs, ... }:
           {
             imports = [
               inputs.agenix.nixosModules.default
               inputs.golink.nixosModules.default
-              inputs.ugit.nixosModules.default
-              inputs.git-pr.nixosModules.default
-              inputs.tailproxy.nixosModules.default
-              inputs.foundry.nixosModules.foundryvtt
               inputs.cfg-playground.nixosModules.default
-              inputs.forge-lines.nixosModules.default
+              inputs.mazanoke.nixosModules.default
+              inputs.tailproxy.nixosModules.default
               ./modules/tclip
-              ./modules/miniserve
-              ./dragonwell
+              ./shincha
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
-        jasmine.imports = [ ./jasmine ];
-        gunpowder.imports = [ ./gunpowder ];
-        shincha.imports = [ ./shincha ];
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];
I secrets/beszel-shincha.age
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

diff --git a/secrets/beszel-shincha.age b/secrets/beszel-shincha.age
new file mode 100644
index 0000000000000000000000000000000000000000..e81d7d4442ba48f270a4fa036e5415983caacbdc
--- /dev/null
+++ b/secrets/beszel-shincha.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 E8j6/g 3hWESZAMXSKnKnUWosMEJwXbSeudiQ40NCoF48kVS24
+JVP/xt+qVIugu+uNS0sg9gW5OdwrXjVhuSDmGZyCVGw
+-> ssh-ed25519 f31uNA bKfpISFkhxXfCLL2SwxWORIEROu+8GLdJUy389SPBGE
+HKuav0FlZZw0Dg9gbTweNr3YIsen0VTGGDgcX0Q82Qc
+--- 2uciEdq5AjFeD0f48YwHOe/MeXFewnijFaquOkEw75c
+��k>��a�F�G}�[��z�2�x�"�O�+_�`
\ No newline at end of file
M secrets/secrets.nixsecrets/secrets.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c22f7fd8f5810299ee5f59f4edf61ec6a928cff1..5fcb8306f95888ca37bfd7cbe307b3048bddba6b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -16,4 +16,5 @@   "dex-tailscale.age".publicKeys = keys;
   "dex-tandoor.age".publicKeys = keys;
   "forge-lines.age".publicKeys = keys;
   "pocket-id.age".publicKeys = keys;
+  "beszel-shincha.age".publicKeys = keys;
 }
I shincha/beszel.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

diff --git a/shincha/beszel.nix b/shincha/beszel.nix
new file mode 100644
index 0000000000000000000000000000000000000000..82e79d033f0522facad298d3151afe16778d1869
--- /dev/null
+++ b/shincha/beszel.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  age.secrets.beszel-shincha.file = ../secrets/beszel-shincha.age;
+  services = {
+    beszel = {
+      agent = {
+        enable = false;
+        environment = {
+          LOG_LEVEL = "info";
+          KEY_FILE = config.age.secrets.beszel-shincha.path;
+        };
+      };
+      hub = {
+        enable = true;
+        environment = {
+          APP_URL = "https://monit";
+          DISABLE_PASSWORD_AUTH = "true";
+        };
+      };
+    };
+    tailproxy.beszel = {
+      enable = true;
+      hostname = "monit";
+      authKey = "tskey-auth-krRJB4JVL321CNTRL-Vfaa8HZwsVXzTU4MUAnBWXsZMCcFbrLVe"; # One-time key
+      port = 8090;
+    };
+  };
+}
M shincha/default.nixshincha/default.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

diff --git a/shincha/default.nix b/shincha/default.nix
index 26a2950a9fd7b3f5e5c9f52da49e44a04496bf07..139321e03fe4372aed7f54f87d0e0572aa17b73b 100644
--- a/shincha/default.nix
+++ b/shincha/default.nix
@@ -4,6 +4,11 @@   key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBxdG9mduIWiQ+egYKMvUKKCyShdeM8O6QsLs6g5aGt";
 in
 {
   imports = [
+    ./beszel.nix
+    ./cfg.nix
+    ./golink.nix
+    ./mazanoke.nix
+    ./tclip.nix
     ./hardware.nix
   ];
I shincha/mazanoke.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

diff --git a/shincha/mazanoke.nix b/shincha/mazanoke.nix
new file mode 100644
index 0000000000000000000000000000000000000000..db0415476f795cba4c8c4a20e7bcba8344248e8b
--- /dev/null
+++ b/shincha/mazanoke.nix
@@ -0,0 +1,12 @@
+{
+  services = {
+    mazanoke.enable = true;
+    tailproxy.mazanoke = {
+      enable = true;
+      hostname = "img";
+      authKey = "tskey-auth-kN76twaVyw11CNTRL-aUgvGLQsBSjuJ94BgsDVSjRhTGCmXAmi"; # One-time key
+      funnel = true;
+      port = 6292;
+    };
+  };
+}