MORE

newinfra/nix/hive.nix

@@ -32,16 +32,25 @@
           wg = {
             privateIP = "10.0.0.3";
             publicKey = "pdUxG1vhmYraKzIIEFxTRAMhGwGztBL/Ly5icJUV3g0=";
-            peers = [ "vps1" "vps4" ];
+            peers = [ "vps1" "vps4" "vps5" ];
           };
         };
         vps4 = {
           publicIPv4 = "195.201.147.17";
           publicIPv6 = "2a01:4f8:1c1c:cb18::";
           wg = {
-            privateIP = "10.0.0.5";
+            privateIP = "10.0.0.4";
             publicKey = "+n2XKKaSFdCanEGRd41cvnuwJ0URY0HsnpBl6ZrSBRs=";
-            peers = [ "vps1" "vps3" ];
+            peers = [ "vps1" "vps3" "vps5" ];
+          };
+        };
+        vps5 = {
+          publicIPv4 = "45.94.209.30";
+          publicIPv6 = null;
+          wg = {
+            privateIP = "10.0.0.5";
+            publicKey = "r1cwt63fcOR+FTqMTUpZdK4/MxpalkDYRHXyy7osWUk=";
+            peers = [ "vps1" "vps3" "vps4" ];
           };
         };
       };
@@ -71,7 +80,7 @@
 
     # The name and nodes parameters are supported in Colmena,
     # allowing you to reference configurations in other nodes.
-    deployment.tags = [ "dns" "us" "contabo" ];
+    deployment.tags = [ "dns" "us" ];
     system.stateVersion = "23.11";
   };
   dns2 = { name, nodes, modulesPath, lib, ... }: {
@@ -132,7 +141,7 @@
 
     age.secrets.docker_registry_password.file = ./secrets/docker_registry_password.age;
 
-    deployment.tags = [ "ingress" "eu" "apps" "wg" "contabo" ];
+    deployment.tags = [ "ingress" "eu" "apps" "wg" ];
     system.stateVersion = "23.11";
   };
   vps3 = { name, nodes, modulesPath, config, ... }: {
@@ -194,14 +203,15 @@
     
     '';
   };
-  /*vps5 = { name, nodes, modulesPath, config, ... }: {
+  vps5 = { name, nodes, modulesPath, config, ... }: {
     imports = [
       (modulesPath + "/profiles/qemu-guest.nix")
       ./modules/contabo
       ./modules/ingress
+      ./modules/wg-mesh
     ];
 
     deployment.tags = [ "eu" "apps" "wg" ];
     system.stateVersion = "23.11";
-  };*/
+  };
 }

newinfra/nix/modules/contabo/default.nix

@@ -4,4 +4,6 @@
   boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
   boot.initrd.kernelModules = [ "nvme" ];
   fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
+
+  deployment.tags = [ "contabo" ];
 }

newinfra/nix/modules/ingress/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, name, ... }: {
   networking.firewall.allowedTCPPorts = [
     443
   ];
@@ -14,9 +14,14 @@
             file_server
           }
 
-          noratrieb.dev {
-            root * ${./nora}
-            file_server
+          ${
+            if name == "vps1" then
+            ''
+              noratrieb.dev {
+                root * ${./nora}
+                file_server
+              }
+            '' else ""
           }
         ''
       );

newinfra/nix/modules/ingress/nora/index.html

@@ -12,13 +12,7 @@
         <h1>nora's website</h1>
         <div>
         <p>hey, I'm nora (she/her?)! i think. maybe. who knows, really</p>
-        <p>this website is work in progress. just like me fr.</p>
-        <p>all of this is very complicated.</p>
-        <p>it's very empty for now.</p>
-        <p>i hope it will be fuller in the future. worth visiting. for now, it just exists.</p>
-        <p>i expect to visit it quite often.</p>
-        <p>not that i expect anyone to want to do that, but this site is not exactly intended for sharing.</p>
-        <p>..for now. in the future it will be. maybe.</p>
+        <p>this is here because i still havent managed move over <a href="https://nilstrieb.dev">nilstrieb.dev</a>, lol.</p>
         <img width="100%" src="nora.png">
         </div>
       </div>

newinfra/nix/modules/wg-mesh/default.nix

@@ -44,4 +44,6 @@ in
         wgSettings.peers;
     };
   };
+
+  deployment.tags = [ "wg-mesh" ];
 }

newinfra/nix/secrets/docker_registry_password.age

@@ -1,5 +1,6 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg YI3rrnP9953xk8JnzhJSZR+tKaD6C3sCXJBiX0+KCHE
-CIfSlpyqhS66umh4/nv7v6qH5mqz2xh2AeDW19CGbYs
---- 889zGO43+oX2nau25zROguc37dsi38Bnyzw/shG1x5g
-Ïo]Ì—y§Næ<4E>ød_ÂÆ—ñæ¶+ÀwBiÈå¾s÷ÒE™<45>•	5 yœŠ^`[ƒ5ì
+-> ssh-ed25519 qM6TYg 6TlkoQ0YMB4Cg0VqY8ec1RgRpfiRLh2YQpoc4D49uRg
+BbqDPWQGmGrcDSdNNajm0GJJRlPiazgeF2/MRsyDZkw
+--- OUif9tz9JRMMZEA1LTwPipE/Hezj5nVaN/qgiwoi3ws
+ç"Õ<>7¦àl¹Ç1™<31>ÏÁª0ÀI—¯?²Cjãgé3ªäLè§
+æOŠ8äkIð+ð­îßh<

newinfra/nix/secrets/hugochat_db_password.age

@@ -1,5 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 qM6TYg vcUglH0m/mdME6tSzfZy3orW55ks1wZZAVqPe01ln0I
-Pbei2lMfgS+6N148qggu3DYUTnusItfVDqXGFqD9l8g
---- qnH/lD17esiKbMH5M1wwJiq7cMmXXh4SQneeRNDiMPk
-Ýôt8i<>€~ß !®Þ¬s<C2AC>—‚?µt°ê¥/ªû1ã+¥Ö4:ý07ØR2ïwÝð²oühQB4Â<34>Öptæ÷!9#»ÊGdû#·d)÷3ïňШ¶Zï³¢åÖæ¸HòyKûÃ
+-> ssh-ed25519 qM6TYg AP0dV7U8/42OGcDtBv5eq3jSLdmXP3fMfTnd9o86EVM
+e5ftZHvKL6uqhInQgFSclzvnExxwYnFu0/ANTpa9bBI
+--- Zyyydt+U1p6UR2BP+s3ynm2Q2MmzWWUSrhlBn5kZdCI
+W<>ë‘×{ÅõeÍ8ø,?nr4KžXÌ{'±2Ù­h°
<0A>ìåïÒÌÈÂç9<ݤfÝP¥„á,U_µNgþŠTø¬Dû4€<34>Z‚$¼„óÛKÍz¥Ý¦®&

newinfra/nix/secrets/secrets.nix

@@ -2,6 +2,7 @@ let
   vps1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Xj3TsDPStoHquTfOlyxShbA/kgMfQskKN8jpfiY4R";
   vps3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvupo7d9YMZw56qhjB+tZPijxiG1dKChLpkOWZN0Y7C";
   vps4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpoLgBTWj1BcNxXVdM26jDBZl+BCtUTj20Wv4sZdCHz";
+  vps5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWbIznvWQSqRF1E9Gv9y7JXMy3LZxMAWj6K0Nq91kyZ";
 in
 {
   "widetom_bot_token.age".publicKeys = [ vps1 ];
@@ -12,4 +13,5 @@ in
   "wg_private_vps1.age".publicKeys = [ vps1 ];
   "wg_private_vps3.age".publicKeys = [ vps3 ];
   "wg_private_vps4.age".publicKeys = [ vps4 ];
+  "wg_private_vps5.age".publicKeys = [ vps5 ];
 }