ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

l002 nixos mode

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-01-10 11:22:13 -06:00
parent e067fb9f54
commit 2e6720e6e7
12 changed files with 362 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

22
components/hm/ssh.nix
View file

@ -117,9 +117,14 @@ in
user = "luser"; user = "luser";
}; };
# LINODE SERVERS # LINODE SERVERS
"l001" = { # "l001" = {
identityFile = age.secrets.nix2l001.path; # identityFile = age.secrets.nix2linode.path;
hostname = "172.105.22.34"; # TODO REMOVE - OFF BOARD # hostname = "10.20.40.##"; TODO
# user = "root";
# };
"l001_" = {
identityFile = age.secrets.nix2linode.path;
hostname = "172.234.26.141";
user = "root"; user = "root";
}; };
"l002_" = { "l002_" = {
@ -132,17 +137,6 @@ in
hostname = "10.20.40.1"; hostname = "10.20.40.1";
user = "luser"; user = "luser";
}; };
"l003_" = {
identityFile = age.secrets.nix2l002.path;
hostname = "172.234.26.141";
user = "luser";
};
# TODO
# "l003" = {
# identityFile = age.secrets.nix2l002.path;
# hostname = "10.20.40.TODO";
# user = "luser";
# };
}; };
}; };
} }

0
hosts/linode/l003/configuration.nix → hosts/linode/l001/configuration.nix
View file

112
hosts/linode/l003/flake.lock → hosts/linode/l001/flake.lock generated
View file

@ -57,6 +57,56 @@
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
} }
}, },
"mod_nebula": {
"locked": {
"lastModified": 1735839301,
"narHash": "sha256-f2JlNaCrA3BA8fPT0uThiuiIZX5ehDe0lPlSLL/QMgY=",
"ref": "mod_nebula",
"rev": "38c50b65c66740566b39529bbd91624b01b6ea2a",
"revCount": 3,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_nebula",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"mod_ros_stormd": {
"inputs": {
"ringofstorms-stormd": "ringofstorms-stormd"
},
"locked": {
"lastModified": 1735796563,
"narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=",
"ref": "mod_stormd",
"rev": "a184895fd3f32051499dfad8eb2cb18faaec4188",
"revCount": 1,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_stormd",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1702272962,
@ -74,6 +124,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1728888510,
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1736200483, "lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
@ -89,11 +155,55 @@
"type": "github" "type": "github"
} }
}, },
"ringofstorms-stormd": {
"inputs": {
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1735420577,
"narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=",
"ref": "refs/heads/master",
"rev": "7edf6888a460708889fabea2c762d4dfed4fa64f",
"revCount": 51,
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
},
"original": {
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
}
},
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"mod_common": "mod_common", "mod_common": "mod_common",
"nixpkgs": "nixpkgs_2" "mod_nebula": "mod_nebula",
"mod_ros_stormd": "mod_ros_stormd",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"mod_ros_stormd",
"ringofstorms-stormd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729218602,
"narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
} }
}, },
"systems": { "systems": {

37
hosts/linode/l003/flake.nix → hosts/linode/l001/flake.nix
View file

@ -5,6 +5,8 @@
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd";
mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula";
}; };
outputs = outputs =
@ -15,10 +17,25 @@
... ...
}@inputs: }@inputs:
let let
configuration_name = "l003"; configuration_name = "l002";
lib = nixpkgs.lib; lib = nixpkgs.lib;
in in
{ {
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2linode"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = { nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name}; nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" = "${configuration_name}" =
@ -37,11 +54,13 @@
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./linode.nix ./linode.nix
./nginx.nix
( (
{ pkgs, ... }: { pkgs, ... }:
{ {
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
mods = { mods = {
common = { common = {
@ -59,6 +78,7 @@
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
}; };
}; };
@ -72,20 +92,5 @@
}; };
}); });
}; };
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
}; };
} }

0
hosts/linode/l003/hardware-configuration.nix → hosts/linode/l001/hardware-configuration.nix
View file

0
hosts/linode/l003/linode.nix → hosts/linode/l001/linode.nix
View file

134
hosts/linode/l001/nginx.nix Normal file
View file

@ -0,0 +1,134 @@
{
config,
...
}:
{
# JUST A TEST TODO remove
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker";
# TODO remove test
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# PROXY HOSTS
"chat.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.104:3080";
};
};
"gist.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6157";
};
};
"git.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6610";
};
};
"nexus.l002.joshuabell.xyz" = {
locations."/" = {
proxyPass = "http://localhost:42291";
};
};
# Redirect self IP to domain
"172.234.26.141" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"2600:3c06::f03c:95ff:fe2c:2806" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
# NOTE ellalala.com? joshuabell.xyz?
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
};
# STREAMS
# streams = {
# # Adding stream configuration for port 3032
# "3032" = {
# proxyPass = "10.20.40.190:6611";
# };
# };
streamConfig = ''
server {
listen 3032;
proxy_pass 10.20.40.190:6611;
}
'';
};
networking.firewall.allowedTCPPorts = [
80 # web http
443 # web https
3032 # git ssh stream
];
networking.firewall.allowedUDPPorts = [
4242 # nebula
];
}
# TODO
# <html>
# <div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
# In the void you roam,</br>
# A page that cannot be found-</br>
# Turn back, seek anew.
# </div>
# </html>

64
hosts/linode/l004/configuration.nix
View file

@ -1,7 +1,71 @@
{ {
config,
... ...
}: }:
{ {
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
system.stateVersion = "24.11"; system.stateVersion = "24.11";
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker"; # or "podman"
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/wasabi/" = {
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
};
locations."/" = {
# return = "404"; # or 444 for drop
proxyPass = "http://127.0.0.1:8085/";
};
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
} }

32
hosts/linode/l004/flake.nix
View file

@ -19,6 +19,21 @@
lib = nixpkgs.lib; lib = nixpkgs.lib;
in in
{ {
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.232.11.143";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = { nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name}; nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" = "${configuration_name}" =
@ -42,6 +57,7 @@
{ {
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
mods = { mods = {
common = { common = {
@ -59,6 +75,7 @@
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
}; };
}; };
@ -72,20 +89,5 @@
}; };
}); });
}; };
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.232.20.245";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
}; };
} }

3
hosts/linode/readme.md
View file

@ -53,7 +53,8 @@ shutdown 0
- copy `linode.nix` into remote server and import it into `configuration.nix` - copy `linode.nix` into remote server and import it into `configuration.nix`
- update ssh key for root user if needed - update ssh key for root user if needed
- `nixos-install` - `nixos-install`
- `shutdown 0` - shutdown in linode, delete installer disk
- delete the installer configuration profile in linode, boot into nixos configuration profile - delete the installer configuration profile in linode, boot into nixos configuration profile
tada, should be able to ssh with root and ssh key defined in earlier in linode.nix tada, should be able to ssh with root and ssh key defined in earlier in linode.nix

2
hosts/lio/containers_test.nix
View file

@ -178,7 +178,7 @@
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz"; security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

8
hosts/lio/flake.lock generated
View file

@ -294,11 +294,11 @@
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1736190878, "lastModified": 1736491821,
"narHash": "sha256-Unmqhmyn4z4a5za2jH0hfedpIDNdY2ndSHFLfDUGQgg=", "narHash": "sha256-KGWlfhNd2mGLV4X6R7hZBnij9HjbccIWDN63M3wUZ8g=",
"ref": "mod_secrets", "ref": "mod_secrets",
"rev": "ced4cfd2fa2f18b32e59cfb0df4a964c8c388588", "rev": "cb240dc1177f44b63e719abac5ea94a198f6dd13",
"revCount": 6, "revCount": 7,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },