From 3153fbe49cf8c36e7ccbeceab5141f3e01c8ede9 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 22 Jan 2025 17:07:59 -0600 Subject: [PATCH] random stuff --- hosts/lio/flake.lock | 56 ++++++++-------- hosts/oracle/o001/configuration.nix | 16 +++++ hosts/oracle/o001/containers.nix | 63 ++++++++++++++++++ hosts/oracle/o001/containers/tests.nix | 39 +++++++++++ hosts/oracle/o001/flake.nix | 1 + hosts/oracle/o001/nginx.nix | 90 ++++++++++++++++++++++++++ hosts/oracle/oracle.nix | 12 ++++ 7 files changed, 249 insertions(+), 28 deletions(-) create mode 100644 hosts/oracle/o001/containers.nix create mode 100644 hosts/oracle/o001/containers/tests.nix create mode 100644 hosts/oracle/o001/nginx.nix diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index a45e004..9c21650 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -321,11 +321,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1737482271, - "narHash": "sha256-97Ifbrh2mxDqAxwqmSa66hL+0jYZwkFtyEZNj55pN3o=", + "lastModified": 1737567054, + "narHash": "sha256-LI1z4HET4hgP6iyWehrWRd5luNbUk9zz/GFzqI1iAFo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "eca7c9bba81687dc5bf882015549d95cf21b8bd7", + "rev": "bbe8109b528365cf3fd3a93c931dd86d57c3bd5a", "type": "github" }, "original": { @@ -481,11 +481,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1737356906, - "narHash": "sha256-tTSFLptUoqB5Z0yhDKwqoz0EpEP5Gr7b/0LFQhenAGc=", + "lastModified": 1737490106, + "narHash": "sha256-jtZ6cta98Wx4vZHcXq0jKfOfpQtTFRFrH5W+/8jyL5g=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "f79b4d02f88fc58940f5786ed33af737bc015657", + "rev": "5be212138af55d3dcae9d77b5b14f63634243e3d", "type": "github" }, "original": { @@ -689,11 +689,11 @@ "nvim_plugin-lewis6991/gitsigns.nvim": { "flake": false, "locked": { - "lastModified": 1737480894, - "narHash": "sha256-RCpA9ECnla38cNX9PyxVL+yvdNpfZcIr/kQ/4QY6zBQ=", + "lastModified": 1737539715, + "narHash": "sha256-Htx06FTru66DPFJUZEe6AaKqVtrD65MMqcerjjEZMR4=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "2ff0c29f2a6b1247d96cc59535d53e5589fb50b6", + "rev": "632fda72df903255dc1683cd739dceaa7338128a", "type": "github" }, "original": { @@ -785,11 +785,11 @@ "nvim_plugin-mfussenegger/nvim-lint": { "flake": false, "locked": { - "lastModified": 1737286954, - "narHash": "sha256-E0M+H+l2XSGv+l2meqyt443wFsToc1gtpQKYj4ygVPg=", + "lastModified": 1737487916, + "narHash": "sha256-DKfivSjBFra/iXIuYQa7Mv5f2LglNbQTr8bQ+sCm8to=", "owner": "mfussenegger", "repo": "nvim-lint", - "rev": "ec9fda13a5254783a80b37563ed5eb97b75c28b7", + "rev": "789b7ada1b4f00e08d026dffde410dcfa6a0ba87", "type": "github" }, "original": { @@ -817,11 +817,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1737470744, - "narHash": "sha256-3tTusoDm8GbKkiBMRdto/BeDHgiU0RBL4pGq+PHqLo8=", + "lastModified": 1737559700, + "narHash": "sha256-p+hGgy6jGErqVy+pbTrfTNF2FosrQlQnMkDHsCl9/kE=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "d9fbdafd80350b38c15521e11e66936032ed90d1", + "rev": "513f4f0bde469ecb3abe2e1b606f63cf142e751e", "type": "github" }, "original": { @@ -1105,11 +1105,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1737055718, - "narHash": "sha256-EjV/EesdZvpvOaeoqUJCkcIejFUdCsQEsbt0dj41jL0=", + "lastModified": 1737567375, + "narHash": "sha256-tMLkOLANg87wuq6OSkb0iGm00mnZwOF7Xd+gai4mKNg=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "6dc21d4ce050c2e592d9635b7983d67baf216e3d", + "rev": "bf94626f32fbc3c9987ce2f4aab60d96866587df", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ "nvim_plugin-yetone/avante.nvim": { "flake": false, "locked": { - "lastModified": 1737417446, - "narHash": "sha256-7u6FzuRRyNk7NDO1be7/ptR8qFDZFxseifQadA1+hy4=", + "lastModified": 1737518419, + "narHash": "sha256-Opp6ACJwnAIkLdCQwbqjahjCErxDGIpsX9Hj/87Wm/I=", "owner": "yetone", "repo": "avante.nvim", - "rev": "15a471b1558cd0c83353aa621405b43f30454f33", + "rev": "396840a152be82354984b16f9a22cb425d0840d1", "type": "github" }, "original": { @@ -1364,11 +1364,11 @@ "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1737483156, - "narHash": "sha256-9J2jwkSZOi4oEgFcscUw/E1HiJUHpkenALOeoEosW74=", + "lastModified": 1737571139, + "narHash": "sha256-e5nK+KmfS+bYmKo4g3zC8lsEND0nYoBmn+qocmVM50o=", "ref": "refs/heads/master", - "rev": "b6d1f596766f16087b841387af2658f3275d40d7", - "revCount": 257, + "rev": "a6a34c6eddafe0d838465232c17e0893e909edd0", + "revCount": 259, "type": "git", "url": "https://git.joshuabell.xyz/nvim" }, @@ -1429,11 +1429,11 @@ ] }, "locked": { - "lastModified": 1737426362, - "narHash": "sha256-4SavpRWfRw2pLG1qqErWpk/hI1eCzqjKcE1motxHZgo=", + "lastModified": 1737512878, + "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2103fcb16359438d42141bac873ed2367a05cbe7", + "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c", "type": "github" }, "original": { diff --git a/hosts/oracle/o001/configuration.nix b/hosts/oracle/o001/configuration.nix index fa85440..f9a6484 100644 --- a/hosts/oracle/o001/configuration.nix +++ b/hosts/oracle/o001/configuration.nix @@ -5,4 +5,20 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; system.stateVersion = "25.05"; # Did you read the comment? + # boot.supportedFilesystems = [ "zfs" ]; + + + boot.kernelParams = [ "net.ifnames=0" ]; + networking.useDHCP = false; # deprecated flag, set to false until removed + networking = { + defaultGateway = "10.0.0.1"; + nameservers = [ "9.9.9.9" ]; + interfaces.eth0 = { + ipAddress = "149.130.211.142"; + prefixLength = 24; + }; + }; + + networking.firewall.enable = true; + networking.firewall.allowPing = true; } diff --git a/hosts/oracle/o001/containers.nix b/hosts/oracle/o001/containers.nix new file mode 100644 index 0000000..23aad76 --- /dev/null +++ b/hosts/oracle/o001/containers.nix @@ -0,0 +1,63 @@ +{ + config, + ... +}: +{ + + # NOTE some useful links + # nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html + # https://nixos.wiki/wiki/NixOS_Containers + options = {}; + + imports = [ + ./containers/tests.nix + ]; + + config = { + ## Give internet access + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "ve-*" ]; + # networking.nat.externalInterface = "eth0"; + + virtualisation.oci-containers.backend = "docker"; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "local.belljm.com" = { + # enableACME = true; + # forceSSL = true; + locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80"; + }; + "127.0.0.1" = { + locations."/wasabi/" = { + extraConfig = '' + rewrite ^/wasabi/(.*) /$1 break; + ''; + proxyPass = "http://${config.containers.wasabi.localAddress}:80/"; + }; + locations."/" = { + return = "404"; # or 444 for drop + }; + }; + "_" = { + default = true; + locations."/" = { + return = "404"; # or 444 for drop + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/hosts/oracle/o001/containers/tests.nix b/hosts/oracle/o001/containers/tests.nix new file mode 100644 index 0000000..b4c6659 --- /dev/null +++ b/hosts/oracle/o001/containers/tests.nix @@ -0,0 +1,39 @@ +{ + ... +}: +{ + options = { }; + + config = { + # Random test, visit http://192.168.100.11/ + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers.containers = { + # Example of defining a container, visit http://localhost:8085/ + "nginx_simple" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + }; + }; +} diff --git a/hosts/oracle/o001/flake.nix b/hosts/oracle/o001/flake.nix index f1b1ac0..a3c2df5 100644 --- a/hosts/oracle/o001/flake.nix +++ b/hosts/oracle/o001/flake.nix @@ -55,6 +55,7 @@ modules = [ ./configuration.nix ./hardware-configuration.nix + ./nginx.nix ( { pkgs, ... }: { diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix new file mode 100644 index 0000000..914a658 --- /dev/null +++ b/hosts/oracle/o001/nginx.nix @@ -0,0 +1,90 @@ +{ + config, + ... +}: +{ + + # JUST A TEST TODO remove + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + security.acme.acceptTerms = true; + security.acme.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + # Redirect self IP to domain + "149.130.211.142" = { + locations."/" = { + return = "301 https://o001.joshuabell.xyz"; + }; + }; + + # "o001.joshuabell.xyz" = { + # enableACME = true; + # forceSSL = true; + # locations = { + # "/wasabi" = { + # proxyPass = "http://192.168.100.11/"; + # extraConfig = '' + # rewrite ^/wasabi/(.*) /$1 break; + # ''; + # }; + # "/" = { + # # return = "200 'Hello World'"; + # extraConfig = '' + # default_type text/html; + # return 200 ' + # + # + #
+ # In the void you roam,
+ # A page that cannot be found-
+ # Turn back, seek anew. + #
+ # + # + # '; + # ''; + # }; + # }; + # }; + + "_" = { + default = true; + locations."/" = { + return = "444"; # 404 for not found or 444 for drop + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 # web http + 443 # web https + ]; + + networking.firewall.allowedUDPPorts = [ + # 4242 # nebula + ]; +} diff --git a/hosts/oracle/oracle.nix b/hosts/oracle/oracle.nix index 6766794..8de9867 100644 --- a/hosts/oracle/oracle.nix +++ b/hosts/oracle/oracle.nix @@ -3,6 +3,18 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.kernelParams = [ "net.ifnames=0" ]; + + networking.useDHCP = false; # deprecated flag, set to false until removed + networking = { + defaultGateway = "10.0.0.1"; + nameservers = [ "9.9.9.9" ]; + interfaces.eth0 = { + ipAddress = throw "set your own"; + prefixLength = 24; + }; + }; # TODO disable after first startup with ssh keys services.openssh = {