ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

l002 nixos mode

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-01-10 11:22:13 -06:00
parent e067fb9f54
commit 2e6720e6e7
12 changed files with 362 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

22
components/hm/ssh.nix
View file

@ -117,9 +117,14 @@ in
user = "luser";
};
# LINODE SERVERS
"l001" = {
identityFile = age.secrets.nix2l001.path;
hostname = "172.105.22.34"; # TODO REMOVE - OFF BOARD
# "l001" = {
# identityFile = age.secrets.nix2linode.path;
# hostname = "10.20.40.##"; TODO
# user = "root";
# };
"l001_" = {
identityFile = age.secrets.nix2linode.path;
hostname = "172.234.26.141";
user = "root";
};
"l002_" = {
@ -132,17 +137,6 @@ in
hostname = "10.20.40.1";
user = "luser";
};
"l003_" = {
identityFile = age.secrets.nix2l002.path;
hostname = "172.234.26.141";
user = "luser";
};
# TODO
# "l003" = {
# identityFile = age.secrets.nix2l002.path;
# hostname = "10.20.40.TODO";
# user = "luser";
# };
};
};
}

0
hosts/linode/l003/configuration.nix → hosts/linode/l001/configuration.nix
View file

112
hosts/linode/l003/flake.lock → hosts/linode/l001/flake.lock generated
View file

@ -57,6 +57,56 @@
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"mod_nebula": {
"locked": {
"lastModified": 1735839301,
"narHash": "sha256-f2JlNaCrA3BA8fPT0uThiuiIZX5ehDe0lPlSLL/QMgY=",
"ref": "mod_nebula",
"rev": "38c50b65c66740566b39529bbd91624b01b6ea2a",
"revCount": 3,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_nebula",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"mod_ros_stormd": {
"inputs": {
"ringofstorms-stormd": "ringofstorms-stormd"
},
"locked": {
"lastModified": 1735796563,
"narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=",
"ref": "mod_stormd",
"rev": "a184895fd3f32051499dfad8eb2cb18faaec4188",
"revCount": 1,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_stormd",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
@ -74,6 +124,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1728888510,
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
@ -89,11 +155,55 @@
"type": "github"
}
},
"ringofstorms-stormd": {
"inputs": {
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1735420577,
"narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=",
"ref": "refs/heads/master",
"rev": "7edf6888a460708889fabea2c762d4dfed4fa64f",
"revCount": 51,
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
},
"original": {
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"mod_common": "mod_common",
"nixpkgs": "nixpkgs_2"
"mod_nebula": "mod_nebula",
"mod_ros_stormd": "mod_ros_stormd",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"mod_ros_stormd",
"ringofstorms-stormd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729218602,
"narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {

37
hosts/linode/l003/flake.nix → hosts/linode/l001/flake.nix
View file

@ -5,6 +5,8 @@
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd";
mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula";
};
outputs =
@ -15,10 +17,25 @@
...
}@inputs:
let
configuration_name = "l003";
configuration_name = "l002";
lib = nixpkgs.lib;
in
{
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2linode"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" =
@ -37,11 +54,13 @@
./configuration.nix
./hardware-configuration.nix
./linode.nix
./nginx.nix
(
{ pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
mods = {
common = {
@ -59,6 +78,7 @@
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
};
};
@ -72,20 +92,5 @@
};
});
};
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
};
}

0
hosts/linode/l003/hardware-configuration.nix → hosts/linode/l001/hardware-configuration.nix
View file

0
hosts/linode/l003/linode.nix → hosts/linode/l001/linode.nix
View file

134
hosts/linode/l001/nginx.nix Normal file
View file

@ -0,0 +1,134 @@
{
config,
...
}:
{
# JUST A TEST TODO remove
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker";
# TODO remove test
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# PROXY HOSTS
"chat.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.104:3080";
};
};
"gist.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6157";
};
};
"git.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6610";
};
};
"nexus.l002.joshuabell.xyz" = {
locations."/" = {
proxyPass = "http://localhost:42291";
};
};
# Redirect self IP to domain
"172.234.26.141" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"2600:3c06::f03c:95ff:fe2c:2806" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
# NOTE ellalala.com? joshuabell.xyz?
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
};
# STREAMS
# streams = {
# # Adding stream configuration for port 3032
# "3032" = {
# proxyPass = "10.20.40.190:6611";
# };
# };
streamConfig = ''
server {
listen 3032;
proxy_pass 10.20.40.190:6611;
}
'';
};
networking.firewall.allowedTCPPorts = [
80 # web http
443 # web https
3032 # git ssh stream
];
networking.firewall.allowedUDPPorts = [
4242 # nebula
];
}
# TODO
# <html>
# <div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
# In the void you roam,</br>
# A page that cannot be found-</br>
# Turn back, seek anew.
# </div>
# </html>

64
hosts/linode/l004/configuration.nix
View file

@ -1,7 +1,71 @@
{
config,
...
}:
{
boot.loader.grub.enable = true;
system.stateVersion = "24.11";
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker"; # or "podman"
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/wasabi/" = {
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
};
locations."/" = {
# return = "404"; # or 444 for drop
proxyPass = "http://127.0.0.1:8085/";
};
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

32
hosts/linode/l004/flake.nix
View file

@ -19,6 +19,21 @@
lib = nixpkgs.lib;
in
{
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.232.11.143";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" =
@ -42,6 +57,7 @@
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
mods = {
common = {
@ -59,6 +75,7 @@
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
};
};
@ -72,20 +89,5 @@
};
});
};
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2l002"
];
nodes.${configuration_name} = {
hostname = "172.232.20.245";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
};
}

3
hosts/linode/readme.md
View file

@ -53,7 +53,8 @@ shutdown 0
- copy `linode.nix` into remote server and import it into `configuration.nix`
- update ssh key for root user if needed
- `nixos-install`
- `shutdown 0`
- shutdown in linode, delete installer disk
- delete the installer configuration profile in linode, boot into nixos configuration profile
tada, should be able to ssh with root and ssh key defined in earlier in linode.nix

2
hosts/lio/containers_test.nix
View file

@ -178,7 +178,7 @@
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;

8
hosts/lio/flake.lock generated
View file

@ -294,11 +294,11 @@
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1736190878,
"narHash": "sha256-Unmqhmyn4z4a5za2jH0hfedpIDNdY2ndSHFLfDUGQgg=",
"lastModified": 1736491821,
"narHash": "sha256-KGWlfhNd2mGLV4X6R7hZBnij9HjbccIWDN63M3wUZ8g=",
"ref": "mod_secrets",
"rev": "ced4cfd2fa2f18b32e59cfb0df4a964c8c388588",
"revCount": 6,
"rev": "cb240dc1177f44b63e719abac5ea94a198f6dd13",
"revCount": 7,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},