From 88975f00030f8cd4ea719e6ecf4e86952c668825 Mon Sep 17 00:00:00 2001
From: Jacob Hinkle <jacob@jhink.org>
Date: Wed, 27 Mar 2024 07:16:44 -0400
Subject: [PATCH] Bump versions, disable some stuff for vps reverse-proxy setup

---
 flake.nix                                  |  5 +++--
 machines/cj/configuration.nix              | 15 +++++++++------
 machines/cj/firewall.nix                   |  2 +-
 machines/cj/gitea.nix                      | 10 ++++++----
 machines/cj/hardware-configuration-zfs.nix |  7 ++++++-
 machines/cj/pihole.nix                     |  2 +-
 6 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/flake.nix b/flake.nix
index 00f0e07..d5c1334 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,12 +2,13 @@
   description = "NixOS configurations for my machines";
 
   inputs = {
-    nixpkgs.url = github:nixos/nixpkgs;
+    nixpkgs.url = "nixpkgs/23.11";
     nixos-hardware = {
       url = github:nixos/nixos-hardware;
     };
     home-manager = {
-      url = github:nix-community/home-manager;
+      # url = github:nix-community/home-manager;
+      url = github:nix-community/home-manager/6a8444467c83c961e2f5ff64fb4f422e303c98d3;
       inputs.nixpkgs.follows = "nixpkgs";
     };
     sops-nix = {
diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix
index dd074d1..29c42dd 100644
--- a/machines/cj/configuration.nix
+++ b/machines/cj/configuration.nix
@@ -57,9 +57,9 @@
     # Aliases subdomains we serve here. Since we bypass pihole locally to avoid
     # circular lookups, we can set local addresses here instead of using local
     # dns in pihole (or global dns which would resolve to our WAN ips).
-    extraHosts = ''
-      127.0.0.1 git.jhink.org vault.jhink.org home.jhink.org
-      '';
+    #extraHosts = ''
+    #  127.0.0.1 git.jhink.org home.jhink.org
+    #  '';
 
 
     # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour.
@@ -86,7 +86,7 @@
     timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default;
   };
 
-  hardware.video.hidpi.enable = false;
+  #hardware.video.hidpi.enable = false;
   hardware.enableRedistributableFirmware = true;
   #hardware.pulseaudio = {
   #enable = true;
@@ -118,6 +118,8 @@
   #   enable = true; enableSSHSupport = true;
   # };
 
+  programs.zsh.enable = true;
+
   security.rtkit.enable = true; # recommended for pipewire
 
   # enable acme for certbot
@@ -190,9 +192,10 @@
     };
 
     vaultwarden = {
-      enable = true;
+      # We use a docker container for vaultwarden now
+      enable = false;
       config = {  # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template
-        DOMAIN = "http://100.64.0.2:8081";
+        DOMAIN = "https://vault.jhink.org";
         ROCKET_ADDRESS = "0.0.0.0";
         ROCKET_PORT = 8222;
         SIGNUPS_ALLOWED = false;
diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix
index 1b92c1e..0f18bbc 100644
--- a/machines/cj/firewall.nix
+++ b/machines/cj/firewall.nix
@@ -6,7 +6,7 @@
     53 # pihole
     8123  # home-assistant
     3000  # gitea
-    8081  # vaultwarden
+    8022  # vaultwarden
     80 443  # reverse proxy
   ];
   allowedUDPPorts = [
diff --git a/machines/cj/gitea.nix b/machines/cj/gitea.nix
index 454f241..1f79d63 100644
--- a/machines/cj/gitea.nix
+++ b/machines/cj/gitea.nix
@@ -1,9 +1,5 @@
 {
   enable = true;
-  domain = "git.jhink.org";
-  rootUrl = "https://git.jhink.org";
-  httpPort = 3000;
-  httpAddress = "127.0.0.1";
   lfs = {
     enable = true;
     contentDir = "/serverdata/gitea/lfs_content";
@@ -13,5 +9,11 @@
     repository = {
       DEFAULT_BRANCH = "main";
     };
+    server = {
+      DOMAIN = "git.jhink.org";
+      ROOT_URL = "https://git.jhink.org";
+      HTTP_PORT = 3000;
+      HTTP_ADDR = "127.0.0.1";
+    };
   };
 }
diff --git a/machines/cj/hardware-configuration-zfs.nix b/machines/cj/hardware-configuration-zfs.nix
index 72bc231..f2b9584 100644
--- a/machines/cj/hardware-configuration-zfs.nix
+++ b/machines/cj/hardware-configuration-zfs.nix
@@ -20,7 +20,7 @@
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
+  #hardware.video.hidpi.enable = lib.mkDefault true;
 
   fileSystems."/" = {
     device = "none";
@@ -90,6 +90,11 @@
       fsType = "zfs";
       neededForBoot = true;
     };
+  fileSystems."/serverdata/vaultwarden" =
+    { device = "rpool/serverdata/vaultwarden";
+      fsType = "zfs";
+      neededForBoot = true;
+    };
 
   fileSystems."/home" =
     { device = "rpool/userdata/home";
diff --git a/machines/cj/pihole.nix b/machines/cj/pihole.nix
index c12395f..7c145a3 100644
--- a/machines/cj/pihole.nix
+++ b/machines/cj/pihole.nix
@@ -1,5 +1,5 @@
 { serverIP, serverIP6 } : {
-  image = "pihole/pihole:2023.05.2";
+  image = "pihole/pihole:2024.01.0";
   ports = [
     "53:53/tcp"
     "53:53/udp"