From 8761abf51cd20773f2e71d46901179b3271ce907 Mon Sep 17 00:00:00 2001
From: Alexander Szczepanski <alexander@szczepan.ski>
Date: Thu, 28 Nov 2024 10:14:18 +0100
Subject: [PATCH] vps-arm-2024-11-28-10-14-18

---
 README.md                         |  8 +-------
 flake.lock                        | 30 +++++++++++++++---------------
 machine/vps-arm/configuration.nix | 30 ++++++++++++++++++++++++++++++
 services/frigate.nix              |  2 +-
 services/headscale.nix            | 10 ++++------
 5 files changed, 51 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index a47b543..47cec9b 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,7 @@
 # Most stuff
 
-## Borg Backup
-it's important to add the ssh host key to known hosts
+###
 
-```
-[u278697.your-storagebox.de]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
-[u278697.your-storagebox.de]:23 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
-[u278697.your-storagebox.de]:23 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==
-```
 ### Commands
 
 
diff --git a/flake.lock b/flake.lock
index dc4f291..5215eed 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1732400024,
-        "narHash": "sha256-uf1QzIl0Jj5dr7+erWjHWiCUEvywLaR7ir1jcqGgjeQ=",
+        "lastModified": 1732715105,
+        "narHash": "sha256-WGf8bzwNEgbWjM9aTFv9ZCGrBQEfg0fYd4FSoVa2gDs=",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "376a2e022a5d8fa21cecb5bb0fef0cb54db5cdfc",
+        "rev": "8f153d013632e6036e8bec6377cc5ed7d2ad14df",
         "type": "github"
       },
       "original": {
@@ -82,11 +82,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732303962,
-        "narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=",
+        "lastModified": 1732482255,
+        "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c",
+        "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
         "type": "github"
       },
       "original": {
@@ -140,11 +140,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1732032028,
-        "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=",
+        "lastModified": 1732648910,
+        "narHash": "sha256-1F83DUfEHnCZpGY4UOlWaamWoDx8eZ9tHaUF51p2hng=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "65dc04371cf914c9af4f073638821e4787303005",
+        "rev": "e86d2ad72094354326887bd6fe156f327d63d491",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1732521221,
+        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
         "type": "github"
       },
       "original": {
@@ -231,11 +231,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1732521221,
+        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
         "type": "github"
       },
       "original": {
diff --git a/machine/vps-arm/configuration.nix b/machine/vps-arm/configuration.nix
index fbd2767..8da6cb1 100644
--- a/machine/vps-arm/configuration.nix
+++ b/machine/vps-arm/configuration.nix
@@ -73,6 +73,28 @@ in {
           ];
           hostKeys = ["/persist/pre_boot_ssh_key"];
         };
+
+        postCommands = let
+          torRc = pkgs.writeText "tor.rc" ''
+            DataDirectory /etc/tor
+            SOCKSPort 127.0.0.1:9050 IsolateDestAddr
+            SOCKSPort 127.0.0.1:9063
+            HiddenServiceDir /etc/tor/onion/bootup
+            HiddenServicePort 22 127.0.0.1:22
+          '';
+        in ''
+          echo "tor: preparing onion folder"
+          # have to do this otherwise tor does not want to start
+          chmod -R 700 /etc/tor
+
+          echo "make sure localhost is up"
+          ip a a 127.0.0.1/8 dev lo
+          ip link set lo up
+
+          echo "tor: starting tor"
+          tor -f ${torRc} --verify-config
+          tor -f ${torRc} &
+        '';
       };
       luks.devices = {
         root = {
@@ -80,6 +102,14 @@ in {
           preLVM = true;
         };
       };
+
+      secrets = {
+        "/etc/tor/onion/bootup" = /home/alex/tor/onion; # maybe find a better spot to store this.
+      };
+
+      extraUtilsCommands = ''
+        copy_bin_and_libs ${pkgs.tor}/bin/tor
+      '';
     };
   };
 
diff --git a/services/frigate.nix b/services/frigate.nix
index fbc7724..1487780 100644
--- a/services/frigate.nix
+++ b/services/frigate.nix
@@ -27,7 +27,7 @@ in {
 
     frigate = {
       enable = true;
-      package = pkgs.unstable.frigate;
+      package = pkgs.frigate;
       hostname = "frigate.szczepan.ski";
 
       settings = {
diff --git a/services/headscale.nix b/services/headscale.nix
index e6f0bcf..6882a36 100644
--- a/services/headscale.nix
+++ b/services/headscale.nix
@@ -6,12 +6,10 @@
 }: {
   environment = {
     systemPackages = with pkgs; [headscale];
-    environment = {
-      persistence."/persist" = {
-        directories = [
-          "/var/lib/headscale"
-        ];
-      };
+    persistence."/persist" = {
+      directories = [
+        "/var/lib/headscale"
+      ];
     };
   };