random stuff

2025-01-22 17:07:59 -06:00 · 2025-01-22 17:07:59 -06:00 · 3153fbe49c
commit 3153fbe49c
parent 92f34a8e0c
7 changed files with 249 additions and 28 deletions
--- a/hosts/lio/flake.lock
+++ b/hosts/lio/flake.lock
@ -321,11 +321,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1737482271,
-        "narHash": "sha256-97Ifbrh2mxDqAxwqmSa66hL+0jYZwkFtyEZNj55pN3o=",
+        "lastModified": 1737567054,
+        "narHash": "sha256-LI1z4HET4hgP6iyWehrWRd5luNbUk9zz/GFzqI1iAFo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "eca7c9bba81687dc5bf882015549d95cf21b8bd7",
+        "rev": "bbe8109b528365cf3fd3a93c931dd86d57c3bd5a",
        "type": "github"
      },
      "original": {
@ -481,11 +481,11 @@
    "nvim_plugin-b0o/schemastore.nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1737356906,
-        "narHash": "sha256-tTSFLptUoqB5Z0yhDKwqoz0EpEP5Gr7b/0LFQhenAGc=",
+        "lastModified": 1737490106,
+        "narHash": "sha256-jtZ6cta98Wx4vZHcXq0jKfOfpQtTFRFrH5W+/8jyL5g=",
        "owner": "b0o",
        "repo": "schemastore.nvim",
-        "rev": "f79b4d02f88fc58940f5786ed33af737bc015657",
+        "rev": "5be212138af55d3dcae9d77b5b14f63634243e3d",
        "type": "github"
      },
      "original": {
@ -689,11 +689,11 @@
    "nvim_plugin-lewis6991/gitsigns.nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1737480894,
-        "narHash": "sha256-RCpA9ECnla38cNX9PyxVL+yvdNpfZcIr/kQ/4QY6zBQ=",
+        "lastModified": 1737539715,
+        "narHash": "sha256-Htx06FTru66DPFJUZEe6AaKqVtrD65MMqcerjjEZMR4=",
        "owner": "lewis6991",
        "repo": "gitsigns.nvim",
-        "rev": "2ff0c29f2a6b1247d96cc59535d53e5589fb50b6",
+        "rev": "632fda72df903255dc1683cd739dceaa7338128a",
        "type": "github"
      },
      "original": {
@ -785,11 +785,11 @@
    "nvim_plugin-mfussenegger/nvim-lint": {
      "flake": false,
      "locked": {
-        "lastModified": 1737286954,
-        "narHash": "sha256-E0M+H+l2XSGv+l2meqyt443wFsToc1gtpQKYj4ygVPg=",
+        "lastModified": 1737487916,
+        "narHash": "sha256-DKfivSjBFra/iXIuYQa7Mv5f2LglNbQTr8bQ+sCm8to=",
        "owner": "mfussenegger",
        "repo": "nvim-lint",
-        "rev": "ec9fda13a5254783a80b37563ed5eb97b75c28b7",
+        "rev": "789b7ada1b4f00e08d026dffde410dcfa6a0ba87",
        "type": "github"
      },
      "original": {
@ -817,11 +817,11 @@
    "nvim_plugin-neovim/nvim-lspconfig": {
      "flake": false,
      "locked": {
-        "lastModified": 1737470744,
-        "narHash": "sha256-3tTusoDm8GbKkiBMRdto/BeDHgiU0RBL4pGq+PHqLo8=",
+        "lastModified": 1737559700,
+        "narHash": "sha256-p+hGgy6jGErqVy+pbTrfTNF2FosrQlQnMkDHsCl9/kE=",
        "owner": "neovim",
        "repo": "nvim-lspconfig",
-        "rev": "d9fbdafd80350b38c15521e11e66936032ed90d1",
+        "rev": "513f4f0bde469ecb3abe2e1b606f63cf142e751e",
        "type": "github"
      },
      "original": {
@ -1105,11 +1105,11 @@
    "nvim_plugin-stevearc/conform.nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1737055718,
-        "narHash": "sha256-EjV/EesdZvpvOaeoqUJCkcIejFUdCsQEsbt0dj41jL0=",
+        "lastModified": 1737567375,
+        "narHash": "sha256-tMLkOLANg87wuq6OSkb0iGm00mnZwOF7Xd+gai4mKNg=",
        "owner": "stevearc",
        "repo": "conform.nvim",
-        "rev": "6dc21d4ce050c2e592d9635b7983d67baf216e3d",
+        "rev": "bf94626f32fbc3c9987ce2f4aab60d96866587df",
        "type": "github"
      },
      "original": {
@ -1201,11 +1201,11 @@
    "nvim_plugin-yetone/avante.nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1737417446,
-        "narHash": "sha256-7u6FzuRRyNk7NDO1be7/ptR8qFDZFxseifQadA1+hy4=",
+        "lastModified": 1737518419,
+        "narHash": "sha256-Opp6ACJwnAIkLdCQwbqjahjCErxDGIpsX9Hj/87Wm/I=",
        "owner": "yetone",
        "repo": "avante.nvim",
-        "rev": "15a471b1558cd0c83353aa621405b43f30454f33",
+        "rev": "396840a152be82354984b16f9a22cb425d0840d1",
        "type": "github"
      },
      "original": {
@ -1364,11 +1364,11 @@
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1737483156,
-        "narHash": "sha256-9J2jwkSZOi4oEgFcscUw/E1HiJUHpkenALOeoEosW74=",
+        "lastModified": 1737571139,
+        "narHash": "sha256-e5nK+KmfS+bYmKo4g3zC8lsEND0nYoBmn+qocmVM50o=",
        "ref": "refs/heads/master",
-        "rev": "b6d1f596766f16087b841387af2658f3275d40d7",
-        "revCount": 257,
+        "rev": "a6a34c6eddafe0d838465232c17e0893e909edd0",
+        "revCount": 259,
        "type": "git",
        "url": "https://git.joshuabell.xyz/nvim"
      },
@ -1429,11 +1429,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737426362,
-        "narHash": "sha256-4SavpRWfRw2pLG1qqErWpk/hI1eCzqjKcE1motxHZgo=",
+        "lastModified": 1737512878,
+        "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "2103fcb16359438d42141bac873ed2367a05cbe7",
+        "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c",
        "type": "github"
      },
      "original": {
--- a/hosts/oracle/o001/configuration.nix
+++ b/hosts/oracle/o001/configuration.nix
@ -5,4 +5,20 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  system.stateVersion = "25.05"; # Did you read the comment?
+  # boot.supportedFilesystems = [ "zfs" ];
+
+
+  boot.kernelParams = [ "net.ifnames=0" ];
+  networking.useDHCP = false;  # deprecated flag, set to false until removed
+  networking = {
+    defaultGateway = "10.0.0.1";
+    nameservers = [ "9.9.9.9" ];  
+    interfaces.eth0 = {
+      ipAddress = "149.130.211.142";
+      prefixLength = 24;
+    };
+  };
+
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
 }
--- a/hosts/oracle/o001/containers.nix
+++ b/hosts/oracle/o001/containers.nix
@ -0,0 +1,63 @@
+{
+  config,
+  ...
+}:
+{
+
+  # NOTE some useful links
+  # nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
+  # https://nixos.wiki/wiki/NixOS_Containers
+  options = {};
+
+  imports = [
+    ./containers/tests.nix
+  ];
+
+  config = {
+    ## Give internet access
+    # networking.nat.enable = true;
+    # networking.nat.internalInterfaces = [ "ve-*" ];
+    # networking.nat.externalInterface = "eth0";
+
+    virtualisation.oci-containers.backend = "docker";
+
+    security.acme.acceptTerms = true;
+    security.acme.defaults.email = "admin@joshuabell.xyz";
+    services.nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      virtualHosts = {
+        "local.belljm.com" = {
+          # enableACME = true;
+          # forceSSL = true;
+          locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80";
+        };
+        "127.0.0.1" = {
+          locations."/wasabi/" = {
+            extraConfig = ''
+              rewrite ^/wasabi/(.*) /$1 break;
+            '';
+            proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
+          };
+          locations."/" = {
+            return = "404"; # or 444 for drop
+          };
+        };
+        "_" = {
+          default = true;
+          locations."/" = {
+            return = "404"; # or 444 for drop
+          };
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}
--- a/hosts/oracle/o001/containers/tests.nix
+++ b/hosts/oracle/o001/containers/tests.nix
@ -0,0 +1,39 @@
+{
+  ...
+}:
+{
+  options = { };
+
+  config = {
+    # Random test, visit http://192.168.100.11/
+    containers.wasabi = {
+      ephemeral = true;
+      autoStart = true;
+      privateNetwork = true;
+      hostAddress = "192.168.100.2";
+      localAddress = "192.168.100.11";
+      config =
+        { config, pkgs, ... }:
+        {
+          system.stateVersion = "24.11";
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+          networking.firewall = {
+            enable = true;
+            allowedTCPPorts = [ 80 ];
+          };
+        };
+    };
+
+    virtualisation.oci-containers.containers = {
+      # Example of defining a container, visit http://localhost:8085/
+      "nginx_simple" = {
+        # autoStart = true; this is default true
+        image = "nginx:latest";
+        ports = [
+          "127.0.0.1:8085:80"
+        ];
+      };
+    };
+  };
+}
--- a/hosts/oracle/o001/flake.nix
+++ b/hosts/oracle/o001/flake.nix
@ -55,6 +55,7 @@
            modules = [
              ./configuration.nix
              ./hardware-configuration.nix
+              ./nginx.nix
              (
                { pkgs, ... }:
                {
--- a/hosts/oracle/o001/nginx.nix
+++ b/hosts/oracle/o001/nginx.nix
@ -0,0 +1,90 @@
+{
+  config,
+  ...
+}:
+{
+
+  # JUST A TEST TODO remove
+  containers.wasabi = {
+    ephemeral = true;
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.2";
+    localAddress = "192.168.100.11";
+    config =
+      { config, pkgs, ... }:
+      {
+        system.stateVersion = "24.11";
+        services.httpd.enable = true;
+        services.httpd.adminAddr = "foo@example.org";
+        networking.firewall = {
+          enable = true;
+          allowedTCPPorts = [ 80 ];
+        };
+      };
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.email = "admin@joshuabell.xyz";
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      # Redirect self IP to domain
+      "149.130.211.142" = {
+        locations."/" = {
+          return = "301 https://o001.joshuabell.xyz";
+        };
+      };
+
+      # "o001.joshuabell.xyz" = {
+      #   enableACME = true;
+      #   forceSSL = true;
+      #   locations = {
+      #     "/wasabi" = {
+      #       proxyPass = "http://192.168.100.11/";
+      #       extraConfig = ''
+      #         rewrite ^/wasabi/(.*) /$1 break;
+      #       '';
+      #     };
+      #     "/" = {
+      #       # return = "200 '<html>Hello World</html>'";
+      #       extraConfig = ''
+      #         default_type text/html;
+      #         return 200 '
+      #           <html>
+      #             <body style="width:100vw;height:100vh;overflow:hidden">
+      #               <div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
+      #                 In the void you roam,</br>
+      #                 A page that cannot be found-</br>
+      #                 Turn back, seek anew.
+      #               </div>
+      #             </body>
+      #           </html>
+      #         ';
+      #       '';
+      #     };
+      #   };
+      # };
+
+      "_" = {
+        default = true;
+        locations."/" = {
+          return = "444"; # 404 for not found or 444 for drop
+        };
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80 # web http
+    443 # web https
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    # 4242 # nebula
+  ];
+}
--- a/hosts/oracle/oracle.nix
+++ b/hosts/oracle/oracle.nix
@ -3,6 +3,18 @@
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.kernelParams = [ "net.ifnames=0" ];
+
+  networking.useDHCP = false;  # deprecated flag, set to false until removed
+  networking = {
+    defaultGateway = "10.0.0.1";
+    nameservers = [ "9.9.9.9" ];  
+    interfaces.eth0 = {
+      ipAddress = throw "set your own";
+      prefixLength = 24;
+    };
+  };

  # TODO disable after first startup with ssh keys
  services.openssh = {