diff --git a/components/hm/ssh.nix b/components/hm/ssh.nix index 111daa0..8fb7ade 100644 --- a/components/hm/ssh.nix +++ b/components/hm/ssh.nix @@ -117,9 +117,14 @@ in user = "luser"; }; # LINODE SERVERS - "l001" = { - identityFile = age.secrets.nix2l001.path; - hostname = "172.105.22.34"; # TODO REMOVE - OFF BOARD + # "l001" = { + # identityFile = age.secrets.nix2linode.path; + # hostname = "10.20.40.##"; TODO + # user = "root"; + # }; + "l001_" = { + identityFile = age.secrets.nix2linode.path; + hostname = "172.234.26.141"; user = "root"; }; "l002_" = { @@ -132,17 +137,6 @@ in hostname = "10.20.40.1"; user = "luser"; }; - "l003_" = { - identityFile = age.secrets.nix2l002.path; - hostname = "172.234.26.141"; - user = "luser"; - }; - # TODO - # "l003" = { - # identityFile = age.secrets.nix2l002.path; - # hostname = "10.20.40.TODO"; - # user = "luser"; - # }; }; }; } diff --git a/hosts/linode/l003/configuration.nix b/hosts/linode/l001/configuration.nix similarity index 100% rename from hosts/linode/l003/configuration.nix rename to hosts/linode/l001/configuration.nix diff --git a/hosts/linode/l003/flake.lock b/hosts/linode/l001/flake.lock similarity index 52% rename from hosts/linode/l003/flake.lock rename to hosts/linode/l001/flake.lock index cc7b75b..a5600a5 100644 --- a/hosts/linode/l003/flake.lock +++ b/hosts/linode/l001/flake.lock @@ -57,6 +57,56 @@ "url": "https://git.joshuabell.xyz/dotfiles" } }, + "mod_nebula": { + "locked": { + "lastModified": 1735839301, + "narHash": "sha256-f2JlNaCrA3BA8fPT0uThiuiIZX5ehDe0lPlSLL/QMgY=", + "ref": "mod_nebula", + "rev": "38c50b65c66740566b39529bbd91624b01b6ea2a", + "revCount": 3, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_nebula", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "mod_ros_stormd": { + "inputs": { + "ringofstorms-stormd": "ringofstorms-stormd" + }, + "locked": { + "lastModified": 1735796563, + "narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", + "ref": "mod_stormd", + "rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", + "revCount": 1, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_stormd", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1702272962, @@ -74,6 +124,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1736200483, "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", @@ -89,11 +155,55 @@ "type": "github" } }, + "ringofstorms-stormd": { + "inputs": { + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1735420577, + "narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=", + "ref": "refs/heads/master", + "rev": "7edf6888a460708889fabea2c762d4dfed4fa64f", + "revCount": 51, + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + }, + "original": { + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + } + }, "root": { "inputs": { "deploy-rs": "deploy-rs", "mod_common": "mod_common", - "nixpkgs": "nixpkgs_2" + "mod_nebula": "mod_nebula", + "mod_ros_stormd": "mod_ros_stormd", + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "mod_ros_stormd", + "ringofstorms-stormd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729218602, + "narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { diff --git a/hosts/linode/l003/flake.nix b/hosts/linode/l001/flake.nix similarity index 84% rename from hosts/linode/l003/flake.nix rename to hosts/linode/l001/flake.nix index 04f93f7..36b790c 100644 --- a/hosts/linode/l003/flake.nix +++ b/hosts/linode/l001/flake.nix @@ -5,6 +5,8 @@ mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; + mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; }; outputs = @@ -15,10 +17,25 @@ ... }@inputs: let - configuration_name = "l003"; + configuration_name = "l002"; lib = nixpkgs.lib; in { + deploy = { + sshUser = "root"; + sshOpts = [ + "-i" + "/run/agenix/nix2linode" + ]; + nodes.${configuration_name} = { + hostname = "172.234.26.141"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; + }; + }; + }; + nixosConfigurations = { nixos = self.nixosConfigurations.${configuration_name}; "${configuration_name}" = @@ -37,11 +54,13 @@ ./configuration.nix ./hardware-configuration.nix ./linode.nix + ./nginx.nix ( { pkgs, ... }: { users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" ]; mods = { common = { @@ -59,6 +78,7 @@ isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" ]; }; }; @@ -72,20 +92,5 @@ }; }); }; - - deploy = { - sshUser = "root"; - sshOpts = [ - "-i" - "/run/agenix/nix2l002" - ]; - nodes.${configuration_name} = { - hostname = "172.234.26.141"; - profiles.system = { - user = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; - }; - }; - }; }; } diff --git a/hosts/linode/l003/hardware-configuration.nix b/hosts/linode/l001/hardware-configuration.nix similarity index 100% rename from hosts/linode/l003/hardware-configuration.nix rename to hosts/linode/l001/hardware-configuration.nix diff --git a/hosts/linode/l003/linode.nix b/hosts/linode/l001/linode.nix similarity index 100% rename from hosts/linode/l003/linode.nix rename to hosts/linode/l001/linode.nix diff --git a/hosts/linode/l001/nginx.nix b/hosts/linode/l001/nginx.nix new file mode 100644 index 0000000..bba42fb --- /dev/null +++ b/hosts/linode/l001/nginx.nix @@ -0,0 +1,134 @@ +{ + config, + ... +}: +{ + + # JUST A TEST TODO remove + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; + # TODO remove test + containers = { + # Example of defining a container from the compose file + "test_nginx" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + }; + }; + + security.acme.acceptTerms = true; + security.acme.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + # PROXY HOSTS + "chat.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.20.40.104:3080"; + }; + }; + "gist.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.20.40.190:6157"; + }; + }; + "git.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.20.40.190:6610"; + }; + }; + "nexus.l002.joshuabell.xyz" = { + locations."/" = { + proxyPass = "http://localhost:42291"; + }; + }; + + # Redirect self IP to domain + "172.234.26.141" = { + locations."/" = { + return = "301 https://joshuabell.xyz"; + }; + }; + "2600:3c06::f03c:95ff:fe2c:2806" = { + locations."/" = { + return = "301 https://joshuabell.xyz"; + }; + }; + + # NOTE ellalala.com? joshuabell.xyz? + + "_" = { + default = true; + locations."/" = { + return = "404"; # or 444 for drop + }; + }; + }; + + # STREAMS + # streams = { + # # Adding stream configuration for port 3032 + # "3032" = { + # proxyPass = "10.20.40.190:6611"; + # }; + # }; + streamConfig = '' + server { + listen 3032; + proxy_pass 10.20.40.190:6611; + } + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 # web http + 443 # web https + 3032 # git ssh stream + ]; + + networking.firewall.allowedUDPPorts = [ + 4242 # nebula + ]; +} + +# TODO +# +#
+# In the void you roam,
+# A page that cannot be found-
+# Turn back, seek anew. +#
+# diff --git a/hosts/linode/l004/configuration.nix b/hosts/linode/l004/configuration.nix index 016d4ad..e9e0b9d 100644 --- a/hosts/linode/l004/configuration.nix +++ b/hosts/linode/l004/configuration.nix @@ -1,7 +1,71 @@ { + config, ... }: { boot.loader.grub.enable = true; system.stateVersion = "24.11"; + + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; # or "podman" + containers = { + # Example of defining a container from the compose file + "test_nginx" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + }; + }; + + security.acme.acceptTerms = true; + security.acme.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/wasabi/" = { + extraConfig = '' + rewrite ^/wasabi/(.*) /$1 break; + ''; + proxyPass = "http://${config.containers.wasabi.localAddress}:80/"; + }; + locations."/" = { + # return = "404"; # or 444 for drop + proxyPass = "http://127.0.0.1:8085/"; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/hosts/linode/l004/flake.nix b/hosts/linode/l004/flake.nix index d44cbe5..614eefe 100644 --- a/hosts/linode/l004/flake.nix +++ b/hosts/linode/l004/flake.nix @@ -19,6 +19,21 @@ lib = nixpkgs.lib; in { + deploy = { + sshUser = "root"; + sshOpts = [ + "-i" + "/run/agenix/nix2l002" + ]; + nodes.${configuration_name} = { + hostname = "172.232.11.143"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; + }; + }; + }; + nixosConfigurations = { nixos = self.nixosConfigurations.${configuration_name}; "${configuration_name}" = @@ -42,6 +57,7 @@ { users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" ]; mods = { common = { @@ -59,6 +75,7 @@ isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" ]; }; }; @@ -72,20 +89,5 @@ }; }); }; - - deploy = { - sshUser = "root"; - sshOpts = [ - "-i" - "/run/agenix/nix2l002" - ]; - nodes.${configuration_name} = { - hostname = "172.232.20.245"; - profiles.system = { - user = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; - }; - }; - }; }; } diff --git a/hosts/linode/readme.md b/hosts/linode/readme.md index 95c9186..d8772e0 100644 --- a/hosts/linode/readme.md +++ b/hosts/linode/readme.md @@ -53,7 +53,8 @@ shutdown 0 - copy `linode.nix` into remote server and import it into `configuration.nix` - update ssh key for root user if needed - `nixos-install` - - `shutdown 0` +- shutdown in linode, delete installer disk - delete the installer configuration profile in linode, boot into nixos configuration profile + tada, should be able to ssh with root and ssh key defined in earlier in linode.nix diff --git a/hosts/lio/containers_test.nix b/hosts/lio/containers_test.nix index badfb16..67fdc3d 100644 --- a/hosts/lio/containers_test.nix +++ b/hosts/lio/containers_test.nix @@ -178,7 +178,7 @@ }; security.acme.acceptTerms = true; - security.acme.email = "admin@joshuabell.xyz"; + security.acme.defaults.email = "admin@joshuabell.xyz"; services.nginx = { enable = true; recommendedGzipSettings = true; diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index f075fd0..7139eaa 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -294,11 +294,11 @@ "ragenix": "ragenix" }, "locked": { - "lastModified": 1736190878, - "narHash": "sha256-Unmqhmyn4z4a5za2jH0hfedpIDNdY2ndSHFLfDUGQgg=", + "lastModified": 1736491821, + "narHash": "sha256-KGWlfhNd2mGLV4X6R7hZBnij9HjbccIWDN63M3wUZ8g=", "ref": "mod_secrets", - "rev": "ced4cfd2fa2f18b32e59cfb0df4a964c8c388588", - "revCount": 6, + "rev": "cb240dc1177f44b63e719abac5ea94a198f6dd13", + "revCount": 7, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" },