host api on etna

uku3lig · Feb 2, 2024 · 0a4a220 · 0a4a220
1 parent db569e4
commit 0a4a220
Show file tree

Hide file tree

Showing 7 changed files with 164 additions and 12 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -48,6 +48,13 @@
       url = "github:nix-community/nixos-vscode-server";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # ==== uku3lig stuff ====
+    api-rs = {
+      url = "github:uku3lig/api-rs";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-parts.follows = "flake-parts";
+    };
   };
 
   outputs = {flake-parts, ...} @ inputs:

diff --git a/secrets/etna/apiRsEnv.age b/secrets/etna/apiRsEnv.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTKzh3RnpkUGxBZnVuYlRD
+UDBXNVZJeTFvQ21scnFjcHhhUUwzaUo5NGg4CkxCMkNNM2haMG5ub0YzT2Zxajhj
+YmdhSlhyeDgyeVVMUWhaYVpiNHJVcnMKLT4gWDI1NTE5IEtMczAvWERxbEg1eHkz
+dDRNQmhiM0p6QzVrTFpkSjZ0aXo4OUxzaFd3QlUKdVZoSnhWUWl4NWtZSXRNQWhH
+YlBUYWNFSjRSUm0wRmViWnFsRk1oc0dDSQotPiBYMjU1MTkgcnc1SVE0ZnplWVhj
+cHdNeC96Nk9UZ1B6ZFlKM1YvRjN3VnkwK0dDL0ZnQQoxMFFKeE9ERHJWbjNqV2My
+aWFWTmgzbzk2d0FMVHBMOE9hVXJKUHFLOXkwCi0tLSA0RWtDWHBzTmlzUS9aMWdB
+cnZISldlNWxKRncwZ0I2VU92NmE0aDlTWi9jCraKbxDaARBL64xUSH1R10zNA5QJ
+Ake+50nG72o6eZwuhaTdQJ4P7Lo9PC8m0yJ7m2/HVtvwkNLsKewZ419IL+9ftmGv
+og7UdJOdm3QVu5ak+AoOI8gGJlo9sG8G124NjjyTdeAAEzgohuvVingL
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/tunnelCreds.age b/secrets/etna/tunnelCreds.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWt2TVVTQk1zZVRZaW9S
+dTI3RHZqdTZiWE5TaUtuTmdwdGU0MDBHbEdFCnN3VXhrM05Oa3lhZTZZZ0tzZjVN
+Y3NDRDN6T2VuKzFUS08rKzhEcjhxcGMKLT4gWDI1NTE5IHU3dzlQelNQT1JINnJo
+QUFPUVl4UG5lNnNBZnEvejAzSGIyTHJQdzh2U28KN3M3RTZud2p0Yit3VWwyUUth
+eDFPaElQemlaL3dQQnJFUzZJU3A4a24zcwotPiBYMjU1MTkgd3pCMnJNQWpyTGRZ
+VDFTTkl3QVlsTUQ2eFpHaVVXSXdPMTBTQXludW5CYwptZFBTMFpaNHhqMFUyZFAv
+ZTFwd3RmUUFXT3MxYUdNdkRHRlRxNWRON05FCi0tLSBTR1ZRME9rREtYWWNXUDVT
+WXV3RkhNV25VUE5xcmFHc3BPRzBjUlVjVzRnChfpiOqANNHsSeDwXTAB2j/m3eQ9
+m28KHq8agBi90IU1fORG6MVPNgKIVHk5CY4thErTOrVpWQhIA0HrruyiS3sLkPv2
+aDPv4c/cYx3jWfzYyb1dovIVkB/4PVPxg8+YX7R7ZNesdLrEEAo+QbTfQ9cr6tYt
+8kQfmO4BUI+c8yILTtv/GtufLr+dYaP6pnzgjLM5koU6fUn2TwXqqVIV2Phb385Y
+WUBEmI717nhsBr5cYPmRYMfxiF3I01ZQ2bUC9iB3
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -11,5 +11,8 @@ in {
 
   "fuji/rootPassword.age".publicKeys = main;
   "kilimandjaro/rootPassword.age".publicKeys = main;
+
   "etna/rootPassword.age".publicKeys = main ++ [etna];
+  "etna/tunnelCreds.age".publicKeys = main ++ [etna];
+  "etna/apiRsEnv.age".publicKeys = main ++ [etna];
 }
diff --git a/systems/default.nix b/systems/default.nix
@@ -52,7 +52,11 @@ in {
 
     etna = {
       system = "x86_64-linux";
-      modules = server;
+      modules =
+        server
+        ++ (with inputs; [
+          api-rs.nixosModules.default
+        ]);
     };
   };
 }
diff --git a/systems/etna/default.nix b/systems/etna/default.nix
@@ -1,3 +1,35 @@
-{
+{config, ...}: {
+  age.secrets = let
+    path = ../../secrets/etna;
+  in {
+    tunnelCreds = {
+      file = "${path}/tunnelCreds.age";
+      owner = "cloudflared";
+      group = "cloudflared";
+    };
+
+    apiRsEnv.file = "${path}/apiRsEnv.age";
+  };
+
   boot.loader.systemd-boot.enable = true;
+
+  services = {
+    api-rs = {
+      enable = true;
+      environmentFile = config.age.secrets.apiRsEnv.path;
+    };
+
+    cloudflared = {
+      enable = true;
+      tunnels."57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5" = {
+        credentialsFile = config.age.secrets.tunnelCreds.path;
+
+        ingress = {
+          "api.uku3lig.net" = "http://localhost:5000";
+        };
+
+        default = "http_status:404";
+      };
+    };
+  };
 }