diff --git a/components/hm/ssh.nix b/components/hm/ssh.nix index 22eb107..7d9bb05 100644 --- a/components/hm/ssh.nix +++ b/components/hm/ssh.nix @@ -117,18 +117,13 @@ in user = "luser"; }; # LINODE SERVERS - "l001" = { - identityFile = age.secrets.nix2l001.path; - hostname = "172.105.22.34"; # TODO REMOVE - OFF BOARD + "l002_" = { + identityFile = age.secrets.nix2linode.path; + hostname = "172.234.26.141"; user = "root"; }; - "l002_" = { - identityFile = age.secrets.nix2l002.path; - hostname = "172.232.4.54"; - user = "luser"; - }; "l002" = { - identityFile = age.secrets.nix2l002.path; + identityFile = age.secrets.nix2linode.path; hostname = "10.20.40.1"; user = "luser"; }; diff --git a/flake.nix b/flake.nix index 7d7f5ec..43e5a7e 100644 --- a/flake.nix +++ b/flake.nix @@ -50,11 +50,37 @@ fi done ''; + mod_status = pkgs.writeShellScriptBin "mod_status" '' + cwd=$(pwd) + root=$(git rev-parse --show-toplevel) + for dir in "$root"/modules/*/; do + cd "$dir" + echo + echo " >> $(basename "$dir"):" + git status + done + cd "$cwd" + ''; + linode_deploy = pkgs.writeShellScriptBin "linode_deploy" '' + cwd=$(pwd) + root=$(git rev-parse --show-toplevel) + if [ ! -d "$root/hosts/linode/$1" ]; then + echo "Host $1 does not exist" + exit 1 + fi + cd "$root/hosts/linode/$1" + echo "Deploying $(basename "$(pwd)")..." + deploy + cd "$cwd" + ''; in { default = pkgs.mkShell { - nativeBuildInputs = [ + nativeBuildInputs = with pkgs; [ mod_worktrees + mod_status + linode_deploy + deploy-rs ]; shellHook = '' diff --git a/hosts/gpdPocket3/flake.lock b/hosts/gpdPocket3/flake.lock index b5959f7..f2defaa 100644 --- a/hosts/gpdPocket3/flake.lock +++ b/hosts/gpdPocket3/flake.lock @@ -3,9 +3,9 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "nixpkgs" ], @@ -35,15 +35,14 @@ "nixpkgs-stable": [ "mod_de_cosmic", "nixpkgs-stable" - ], - "rust-overlay": "rust-overlay_2" + ] }, "locked": { - "lastModified": 1735781836, - "narHash": "sha256-3QBrsbyM1DyyXruthYJVAiK7kijJP4Mx996q1NC5FWE=", + "lastModified": 1736513564, + "narHash": "sha256-eAKwqMdGWambTbuZvAp3YYhAoWjaIFWGvxDAxxyh/Tg=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "553e7a4b77c4ddf8ed700776f9d71982a14e23c4", + "rev": "0855bf33427209e4f5e3d2d0968a14784525e929", "type": "github" }, "original": { @@ -70,7 +69,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "agenix", "nixpkgs" @@ -128,7 +127,29 @@ "home-manager": { "inputs": { "nixpkgs": [ - "mod_common", + "mod_home-manager", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "rycee", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "mod_secrets", "ragenix", "agenix", "nixpkgs" @@ -148,28 +169,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "mod_home-manager", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735344290, - "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", - "owner": "rycee", - "repo": "home-manager", - "rev": "613691f285dad87694c2ba1c9e6298d04736292d", - "type": "github" - }, - "original": { - "owner": "rycee", - "ref": "release-24.11", - "repo": "home-manager", - "type": "github" - } - }, "mod_boot_systemd": { "locked": { "lastModified": 1735793935, @@ -190,15 +189,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "ragenix": "ragenix" + ] }, "locked": { - "lastModified": 1735795919, - "narHash": "sha256-vreq5NKH6dCj9nAsR59KTHfT+i9SLDbtGbsEcv0Heuw=", + "lastModified": 1736544147, + "narHash": "sha256-WijrrGDuY8O0VUgsIbZK6PrvCMdgUGPex23hv1FmmHs=", "ref": "mod_common", - "rev": "b693858091a4a1e1135393b941ad16cbf21fa5fe", - "revCount": 1, + "rev": "780bcb7c44a274e4128af656dafce6d26463d6b8", + "revCount": 6, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -219,11 +217,11 @@ ] }, "locked": { - "lastModified": 1735839171, - "narHash": "sha256-yXTT8Lwbsm2ujIeK8NiVb0YUdjPT//3NK8vhXd9x8KE=", + "lastModified": 1736544162, + "narHash": "sha256-C1pkQDar5XSdZtir3EfMWtW9gX3z8vaucGg800YzMvw=", "ref": "mod_de_cosmic", - "rev": "ce85513ec5b69279aed6859bc37c78c22e5e944f", - "revCount": 2, + "rev": "6d8795b3c6ce2a640abe36801959e3af37d85a2e", + "revCount": 3, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -235,17 +233,17 @@ }, "mod_home-manager": { "inputs": { - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1735796212, - "narHash": "sha256-8aN/3ioMsr8IhBvo/Ym98bkFbHQ/4ODrww15W9b0i2g=", + "lastModified": 1736544172, + "narHash": "sha256-5Zp1Fg5A827aIjKrhtW84vvJmwRQqBHWzKButnaD14E=", "ref": "mod_home_manager", - "rev": "c3bcacb4ff5697c2f186c8d645c135356f68bc11", - "revCount": 1, + "rev": "df0c4e95ac6b056202c4ec6fabfcfa5bd205a0b4", + "revCount": 2, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -276,11 +274,11 @@ "ringofstorms-stormd": "ringofstorms-stormd" }, "locked": { - "lastModified": 1735796563, - "narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", + "lastModified": 1736544199, + "narHash": "sha256-OWboCDCBHFy+PuWsFVShEqEaLEgVdZR98k9zrNIb+3s=", "ref": "mod_stormd", - "rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", - "revCount": 1, + "rev": "765c7f4436db03936960373ff77dc2d41f0c4cd5", + "revCount": 2, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -290,6 +288,25 @@ "url": "https://git.joshuabell.xyz/dotfiles" } }, + "mod_secrets": { + "inputs": { + "ragenix": "ragenix" + }, + "locked": { + "lastModified": 1736544189, + "narHash": "sha256-itFFi1SGZRdmREBhcDpuSD93bInq2Juoj3JQ7Q/oF+8=", + "ref": "mod_secrets", + "rev": "17777b25238d4cb84b903252c49c75bd7030a3f6", + "revCount": 8, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_secrets", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, "nix-filter": { "locked": { "lastModified": 1710156097, @@ -323,11 +340,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { @@ -337,18 +370,17 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1735697839, - "narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=", + "lastModified": 1735854365, + "narHash": "sha256-pNb03vdsQmn0jS5dKAdx2DFZ2QH4RRvrIzZxqpfMcS8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae", + "rev": "cd9f495ef7584a714938915d3fe9327c2735d7e4", "type": "github" }, "original": { "owner": "nixos", - "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -1270,11 +1302,8 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": [ - "mod_common", - "nixpkgs" - ], - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1726755133, @@ -1294,7 +1323,7 @@ "inputs": { "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1735420577, @@ -1318,13 +1347,14 @@ "mod_home-manager": "mod_home-manager", "mod_nebula": "mod_nebula", "mod_ros_stormd": "mod_ros_stormd", - "nixpkgs": "nixpkgs_2", + "mod_secrets": "mod_secrets", + "nixpkgs": "nixpkgs_3", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1382,14 +1412,14 @@ "nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1735841437, - "narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=", + "lastModified": 1735857201, + "narHash": "sha256-zyljmBv1FegF4kF2ZWdSdBCIktSHxJljPipwLOOyjrk=", "ref": "refs/heads/master", - "rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e", - "revCount": 253, + "rev": "31220281739c7b6432f3533313a0fa0164f232c0", + "revCount": 254, "type": "git", "url": "https://git.joshuabell.xyz/nvim" }, @@ -1399,50 +1429,6 @@ } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "mod_common", - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1725675754, - "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "mod_de_cosmic", - "cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735698720, - "narHash": "sha256-+skLL6mq/T7s6J5YmSp89ivQOHBPQ40GEU2n8yqp6bs=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "a00807363a8a6cae6c3fa84ff494bf9d96333674", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { "inputs": { "nixpkgs": [ "mod_ros_stormd", @@ -1464,7 +1450,29 @@ "type": "github" } }, - "rust-overlay_4": { + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "mod_secrets", + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725675754, + "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { "inputs": { "nixpkgs": [ "ros_neovim", diff --git a/hosts/gpdPocket3/flake.nix b/hosts/gpdPocket3/flake.nix index 63af207..30576bf 100644 --- a/hosts/gpdPocket3/flake.nix +++ b/hosts/gpdPocket3/flake.nix @@ -5,6 +5,7 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; diff --git a/hosts/h002/flake.nix b/hosts/h002/flake.nix index bc9377c..f3e7e17 100644 --- a/hosts/h002/flake.nix +++ b/hosts/h002/flake.nix @@ -5,6 +5,7 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; mod_boot_grub.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_grub"; mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; diff --git a/hosts/linode/l002/configuration.nix b/hosts/linode/l002/configuration.nix new file mode 100644 index 0000000..016d4ad --- /dev/null +++ b/hosts/linode/l002/configuration.nix @@ -0,0 +1,7 @@ +{ + ... +}: +{ + boot.loader.grub.enable = true; + system.stateVersion = "24.11"; +} diff --git a/hosts/linode/l002/flake.lock b/hosts/linode/l002/flake.lock new file mode 100644 index 0000000..a5600a5 --- /dev/null +++ b/hosts/linode/l002/flake.lock @@ -0,0 +1,245 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "mod_common": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736191002, + "narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=", + "ref": "mod_common", + "rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2", + "revCount": 4, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_common", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "mod_nebula": { + "locked": { + "lastModified": 1735839301, + "narHash": "sha256-f2JlNaCrA3BA8fPT0uThiuiIZX5ehDe0lPlSLL/QMgY=", + "ref": "mod_nebula", + "rev": "38c50b65c66740566b39529bbd91624b01b6ea2a", + "revCount": 3, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_nebula", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "mod_ros_stormd": { + "inputs": { + "ringofstorms-stormd": "ringofstorms-stormd" + }, + "locked": { + "lastModified": 1735796563, + "narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", + "ref": "mod_stormd", + "rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", + "revCount": 1, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_stormd", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "ringofstorms-stormd": { + "inputs": { + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1735420577, + "narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=", + "ref": "refs/heads/master", + "rev": "7edf6888a460708889fabea2c762d4dfed4fa64f", + "revCount": 51, + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + }, + "original": { + "type": "git", + "url": "ssh://git.joshuabell.xyz:3032/stormd" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "mod_common": "mod_common", + "mod_nebula": "mod_nebula", + "mod_ros_stormd": "mod_ros_stormd", + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "mod_ros_stormd", + "ringofstorms-stormd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729218602, + "narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/linode/l002/flake.nix b/hosts/linode/l002/flake.nix new file mode 100644 index 0000000..36b790c --- /dev/null +++ b/hosts/linode/l002/flake.nix @@ -0,0 +1,96 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + deploy-rs.url = "github:serokell/deploy-rs"; + + mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; + mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; + mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; + }; + + outputs = + { + self, + nixpkgs, + deploy-rs, + ... + }@inputs: + let + configuration_name = "l002"; + lib = nixpkgs.lib; + in + { + deploy = { + sshUser = "root"; + sshOpts = [ + "-i" + "/run/agenix/nix2linode" + ]; + nodes.${configuration_name} = { + hostname = "172.234.26.141"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; + }; + }; + }; + + nixosConfigurations = { + nixos = self.nixosConfigurations.${configuration_name}; + "${configuration_name}" = + let + auto_modules = builtins.concatMap ( + input: + lib.optionals + (builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules) + [ + input.nixosModules.default + ] + ) (builtins.attrValues inputs); + in + (lib.nixosSystem { + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ./linode.nix + ./nginx.nix + ( + { pkgs, ... }: + { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" + ]; + mods = { + common = { + disableRemoteBuildsOnLio = true; + systemName = configuration_name; + allowUnfree = true; + primaryUser = "luser"; + docker = true; + users = { + luser = { + extraGroups = [ + "wheel" + "networkmanager" + ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" + ]; + }; + }; + }; + }; + } + ) + ] ++ auto_modules; + specialArgs = { + inherit inputs; + }; + }); + }; + }; +} diff --git a/hosts/linode/l002/hardware-configuration.nix b/hosts/linode/l002/hardware-configuration.nix new file mode 100644 index 0000000..6507949 --- /dev/null +++ b/hosts/linode/l002/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} + diff --git a/hosts/linode/l002/linode.nix b/hosts/linode/l002/linode.nix new file mode 100644 index 0000000..2fca20d --- /dev/null +++ b/hosts/linode/l002/linode.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: +{ + # https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + # TODO disable after first startup with ssh keys + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; # Disable DHCP globally as we will not need it. + # required for ssh? + networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + inetutils + mtr + sysstat + ]; +} diff --git a/hosts/linode/l002/nginx.nix b/hosts/linode/l002/nginx.nix new file mode 100644 index 0000000..34873e5 --- /dev/null +++ b/hosts/linode/l002/nginx.nix @@ -0,0 +1,162 @@ +{ + config, + ... +}: +{ + + # JUST A TEST TODO remove + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + security.acme.acceptTerms = true; + security.acme.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + # PROXY HOSTS + "chat.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://10.20.40.104:3080"; + }; + }; + "gist.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.20.40.190:6157"; + }; + }; + "git.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.20.40.190:6610"; + }; + }; + "nexus.l002.joshuabell.xyz" = { + locations."/" = { + proxyPass = "http://localhost:42291"; + }; + }; + "nexus.joshuabell.xyz" = { + locations."/" = { + proxyPass = "http://localhost:42291"; + }; + }; + + # Redirect self IP to domain + "172.234.26.141" = { + locations."/" = { + return = "301 https://joshuabell.xyz"; + }; + }; + "2600:3c06::f03c:95ff:fe2c:2806" = { + locations."/" = { + return = "301 https://joshuabell.xyz"; + }; + }; + + "www.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 https://joshuabell.xyz"; + }; + }; + "joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations = { + "/wasabi" = { + proxyPass = "http://192.168.100.11/"; + extraConfig = '' + rewrite ^/wasabi/(.*) /$1 break; + ''; + }; + "/" = { + # return = "200 'Hello World'"; + extraConfig = '' + default_type text/html; + return 200 ' + + +
+ In the void you roam,
+ A page that cannot be found-
+ Turn back, seek anew. +
+ + + '; + ''; + }; + }; + }; + + "www.ellalala.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 https://ellalala.com"; + }; + }; + "ellalala.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "444"; + }; + }; + + "_" = { + default = true; + locations."/" = { + return = "444"; # 404 for not found or 444 for drop + }; + }; + }; + + # STREAMS + streamConfig = '' + server { + listen 3032; + proxy_pass 10.20.40.190:6611; + } + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 # web http + 443 # web https + 3032 # git ssh stream + ]; + + networking.firewall.allowedUDPPorts = [ + 4242 # nebula + ]; +} + +# TODO diff --git a/hosts/linode/l004/configuration.nix b/hosts/linode/l004/configuration.nix new file mode 100644 index 0000000..e9e0b9d --- /dev/null +++ b/hosts/linode/l004/configuration.nix @@ -0,0 +1,71 @@ +{ + config, + ... +}: +{ + boot.loader.grub.enable = true; + system.stateVersion = "24.11"; + + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; # or "podman" + containers = { + # Example of defining a container from the compose file + "test_nginx" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + }; + }; + + security.acme.acceptTerms = true; + security.acme.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/wasabi/" = { + extraConfig = '' + rewrite ^/wasabi/(.*) /$1 break; + ''; + proxyPass = "http://${config.containers.wasabi.localAddress}:80/"; + }; + locations."/" = { + # return = "404"; # or 444 for drop + proxyPass = "http://127.0.0.1:8085/"; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/hosts/linode/l004/flake.lock b/hosts/linode/l004/flake.lock new file mode 100644 index 0000000..cc7b75b --- /dev/null +++ b/hosts/linode/l004/flake.lock @@ -0,0 +1,135 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "mod_common": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736191002, + "narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=", + "ref": "mod_common", + "rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2", + "revCount": 4, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_common", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "mod_common": "mod_common", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/linode/l004/flake.nix b/hosts/linode/l004/flake.nix new file mode 100644 index 0000000..d208e3c --- /dev/null +++ b/hosts/linode/l004/flake.nix @@ -0,0 +1,91 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + deploy-rs.url = "github:serokell/deploy-rs"; + + mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; + mod_common.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + deploy-rs, + ... + }@inputs: + let + configuration_name = "l004"; + lib = nixpkgs.lib; + in + { + deploy = { + sshUser = "root"; + sshOpts = [ + "-i" + "/run/agenix/nix2linode" + ]; + nodes.${configuration_name} = { + hostname = "LINODE_IP_HERE_TODO"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name}; + }; + }; + }; + + nixosConfigurations = { + nixos = self.nixosConfigurations.${configuration_name}; + "${configuration_name}" = + let + auto_modules = builtins.concatMap ( + input: + lib.optionals + (builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules) + [ + input.nixosModules.default + ] + ) (builtins.attrValues inputs); + in + (lib.nixosSystem { + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ./linode.nix + ( + { pkgs, ... }: + { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" + ]; + mods = { + common = { + disableRemoteBuildsOnLio = true; + systemName = configuration_name; + allowUnfree = true; + primaryUser = "luser"; + docker = true; + users = { + luser = { + extraGroups = [ + "wheel" + "networkmanager" + ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" + ]; + }; + }; + }; + }; + } + ) + ] ++ auto_modules; + specialArgs = { + inherit inputs; + }; + }); + }; + }; +} diff --git a/hosts/linode/l004/hardware-configuration.nix b/hosts/linode/l004/hardware-configuration.nix new file mode 100644 index 0000000..6507949 --- /dev/null +++ b/hosts/linode/l004/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} + diff --git a/hosts/linode/l004/linode.nix b/hosts/linode/l004/linode.nix new file mode 100644 index 0000000..2fca20d --- /dev/null +++ b/hosts/linode/l004/linode.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: +{ + # https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + # TODO disable after first startup with ssh keys + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; # Disable DHCP globally as we will not need it. + # required for ssh? + networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + inetutils + mtr + sysstat + ]; +} diff --git a/hosts/linode/l004/readme.md b/hosts/linode/l004/readme.md new file mode 100644 index 0000000..3a96486 --- /dev/null +++ b/hosts/linode/l004/readme.md @@ -0,0 +1,10 @@ +# Linode setup + +https://www.linode.com/docs/guides/install-nixos-on-linode/#prepare-your-linode +https://nixos.org/download/ + +`export HOSTNAME=NAME && sudo nixos-rebuild switch --flake ~/.config/nixos-config` + +# Deploying + +`cd hosts/NAME && deploy` diff --git a/hosts/linode/linode.nix b/hosts/linode/linode.nix new file mode 100644 index 0000000..53cc77f --- /dev/null +++ b/hosts/linode/linode.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + # https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + # TODO disable after first startup with ssh keys + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; # Disable DHCP globally as we will not need it. + # required for ssh? + networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + inetutils + mtr + sysstat + gitMinimal + vim + nano + ]; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + ]; +} diff --git a/hosts/linode/readme.md b/hosts/linode/readme.md new file mode 100644 index 0000000..d8772e0 --- /dev/null +++ b/hosts/linode/readme.md @@ -0,0 +1,60 @@ +# Linode setup + + + + +- shutdown linode +- delete existing disks and configuration profiles +- Create Disks + - `installer`: `ext4` `1280 MB` + - `swap`: `swap` `512 MB` + - `nixos`: `ext4` all remaining space +- Create two configuration profiles, one for the installer and one to boot NixOS. For each profile, disable all of the options under Filesystem/Boot Helpers and set the Configuration Profile to match the following: + - installer profile + - Label: installer + - Kernel: Direct Disk + - /dev/sda: nixos + - /dev/sdb: swap + - /dev/sdc: installer + - root / boot device: Standard: `/dev/sdc` + - nixos profile + - Label: nixos + - Kernel: GRUB 2 + - /dev/sda: nixos + - /dev/sdb: swap + - root / boot device: Standard: `/dev/sda` +- Setup installer. + - rescue mode with installer as /dev/sda + - Open LISH + +```bash +# Update SSL certificates to allow HTTPS connections: +update-ca-certificates +# set the iso url to a variable +iso=https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso +# verify sda disk is installer (~1GB) +lsblk +curl -L https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso.sha256 +# Download the ISO, write it to the installer disk, and verify the checksum: +curl -L $iso | tee >(dd of=/dev/sda) | sha256sum +# verify the shas are the same then shutdown system +shutdown 0 +``` + +- Boot the installer configuration profile and install nixos +(open GLISH and `sudo -i && passwd #simple pass` ssh into machine for easier copy paste, rerun `passwd` with a more secure password here if desired) + - mount /dev/sda /mnt + - swapon /dev/sdb + - nixos-generate-config --root /mnt + - cd /mnt/etc/nixos + +- # TODO rewrite device modifiers like they say in the tutorial? I had issues with linode's device labeling so I am leaving it to uuids, this could bite me in the future idk + + - copy `linode.nix` into remote server and import it into `configuration.nix` + - update ssh key for root user if needed + - `nixos-install` +- shutdown in linode, delete installer disk +- delete the installer configuration profile in linode, boot into nixos configuration profile + + +tada, should be able to ssh with root and ssh key defined in earlier in linode.nix diff --git a/hosts/lio/containers_test.nix b/hosts/lio/containers_test.nix new file mode 100644 index 0000000..67fdc3d --- /dev/null +++ b/hosts/lio/containers_test.nix @@ -0,0 +1,219 @@ +{ + config, + pkgs, + ... +}: +{ + + # NOTE some useful links + # nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html + # https://nixos.wiki/wiki/NixOS_Containers + # + + options.services.librechat = + let + lib = pkgs.lib; + in + { + enable = lib.mkEnableOption "LibreChat service"; + port = lib.mkOption { + type = lib.types.port; + default = 3080; + description = "Port number for the LibreChat API service"; + }; + ragPort = lib.mkOption { + type = lib.types.port; + default = 8000; + description = "Port number for the RAG API service"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/librechat"; + description = "Directory to store LibreChat data"; + }; + }; + + config = { + ## Give internet access + # networking.nat.enable = true; + # networking.nat.internalInterfaces = [ "ve-*" ]; + # networking.nat.externalInterface = "eth0"; + + # Random test + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; # or "podman" + containers = { + # Example of defining a container from the compose file + "test_nginx" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + + # librechat + librechat = { + user = "root"; + image = "ghcr.io/danny-avila/librechat-dev:latest"; + ports = [ + "${toString config.services.librechat.port}:${toString config.services.librechat.port}" + ]; + dependsOn = [ + "librechat_mongodb" + "librechat_rag_api" + ]; + environment = { + HOST = "0.0.0.0"; + MONGO_URI = "mongodb://librechat_mongodb:27017/LibreChat"; + MEILI_HOST = "http://librechat_meilisearch:7700"; + RAG_PORT = toString config.services.librechat.ragPort; + RAG_API_URL = "http://librechat_rag_api:${toString config.services.librechat.ragPort}"; + }; + environmentFiles = [ "${config.services.librechat.dataDir}/.env" ]; + volumes = [ + "${config.services.librechat.dataDir}/.env:/app/.env" + "${config.services.librechat.dataDir}/librechat.yaml:/app/librechat.yaml" + "${config.services.librechat.dataDir}/images:/app/client/public/images" + "${config.services.librechat.dataDir}/logs:/app/api/logs" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_mongodb = { + user = "root"; + image = "mongo"; + volumes = [ + "${config.services.librechat.dataDir}/data-node:/data/db" + ]; + cmd = [ + "mongod" + "--noauth" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_meilisearch = { + user = "root"; + image = "getmeili/librechat_meilisearch:v1.7.3"; + environment = { + MEILI_HOST = "http://librechat_meilisearch:7700"; + MEILI_NO_ANALYTICS = "true"; + }; + volumes = [ + "${config.services.librechat.dataDir}/meili_data_v1.7:/meili_data" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_vectordb = { + user = "root"; + image = "ankane/pgvector:latest"; + environment = { + POSTGRES_DB = "mydatabase"; + POSTGRES_USER = "myuser"; + POSTGRES_PASSWORD = "mypassword"; + }; + volumes = [ + "${config.services.librechat.dataDir}/pgdata2:/var/lib/postgresql/data" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_rag_api = { + user = "root"; + image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest"; + environment = { + DB_HOST = "librechat_vectordb"; + RAG_PORT = toString config.services.librechat.ragPort; + OPENAI_API_KEY = "not_using_openai"; + }; + dependsOn = [ "librechat_vectordb" ]; + environmentFiles = [ "${config.services.librechat.dataDir}/.env" ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + # TODO revisit local whisper, for now I am using groq free for STT + # librechat_whisper = { + # user = "root"; + # image = "onerahmet/openai-whisper-asr-webservice:latest"; + # # ports = [ "8080:8080" ]; + # environment = { + # ASR_MODEL = "base"; # You can change to small, medium, large, etc. + # ASR_ENGINE = "openai_whisper"; + # }; + # extraOptions = [ "--network=librechat-network" ]; + # }; + }; + }; + + systemd.services.create-librechat-network = { + description = "Create Docker network for LibreChat"; + serviceConfig.Type = "oneshot"; + wantedBy = [ "multi-user.target" ]; + script = '' + if ! ${pkgs.docker}/bin/docker network inspect librechat-network >/dev/null 2>&1; then + ${pkgs.docker}/bin/docker network create librechat-network + fi + ''; + }; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "admin@joshuabell.xyz"; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "local.belljm.com" = { + # enableACME = true; + # forceSSL = true; + locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80"; + }; + "127.0.0.1" = { + locations."/wasabi/" = { + extraConfig = '' + rewrite ^/wasabi/(.*) /$1 break; + ''; + proxyPass = "http://${config.containers.wasabi.localAddress}:80/"; + }; + locations."/" = { + return = "404"; # or 444 for drop + }; + }; + "_" = { + default = true; + locations."/" = { + return = "404"; # or 444 for drop + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index b5959f7..f2defaa 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -3,9 +3,9 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "nixpkgs" ], @@ -35,15 +35,14 @@ "nixpkgs-stable": [ "mod_de_cosmic", "nixpkgs-stable" - ], - "rust-overlay": "rust-overlay_2" + ] }, "locked": { - "lastModified": 1735781836, - "narHash": "sha256-3QBrsbyM1DyyXruthYJVAiK7kijJP4Mx996q1NC5FWE=", + "lastModified": 1736513564, + "narHash": "sha256-eAKwqMdGWambTbuZvAp3YYhAoWjaIFWGvxDAxxyh/Tg=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "553e7a4b77c4ddf8ed700776f9d71982a14e23c4", + "rev": "0855bf33427209e4f5e3d2d0968a14784525e929", "type": "github" }, "original": { @@ -70,7 +69,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "agenix", "nixpkgs" @@ -128,7 +127,29 @@ "home-manager": { "inputs": { "nixpkgs": [ - "mod_common", + "mod_home-manager", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "rycee", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "mod_secrets", "ragenix", "agenix", "nixpkgs" @@ -148,28 +169,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "mod_home-manager", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735344290, - "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", - "owner": "rycee", - "repo": "home-manager", - "rev": "613691f285dad87694c2ba1c9e6298d04736292d", - "type": "github" - }, - "original": { - "owner": "rycee", - "ref": "release-24.11", - "repo": "home-manager", - "type": "github" - } - }, "mod_boot_systemd": { "locked": { "lastModified": 1735793935, @@ -190,15 +189,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "ragenix": "ragenix" + ] }, "locked": { - "lastModified": 1735795919, - "narHash": "sha256-vreq5NKH6dCj9nAsR59KTHfT+i9SLDbtGbsEcv0Heuw=", + "lastModified": 1736544147, + "narHash": "sha256-WijrrGDuY8O0VUgsIbZK6PrvCMdgUGPex23hv1FmmHs=", "ref": "mod_common", - "rev": "b693858091a4a1e1135393b941ad16cbf21fa5fe", - "revCount": 1, + "rev": "780bcb7c44a274e4128af656dafce6d26463d6b8", + "revCount": 6, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -219,11 +217,11 @@ ] }, "locked": { - "lastModified": 1735839171, - "narHash": "sha256-yXTT8Lwbsm2ujIeK8NiVb0YUdjPT//3NK8vhXd9x8KE=", + "lastModified": 1736544162, + "narHash": "sha256-C1pkQDar5XSdZtir3EfMWtW9gX3z8vaucGg800YzMvw=", "ref": "mod_de_cosmic", - "rev": "ce85513ec5b69279aed6859bc37c78c22e5e944f", - "revCount": 2, + "rev": "6d8795b3c6ce2a640abe36801959e3af37d85a2e", + "revCount": 3, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -235,17 +233,17 @@ }, "mod_home-manager": { "inputs": { - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1735796212, - "narHash": "sha256-8aN/3ioMsr8IhBvo/Ym98bkFbHQ/4ODrww15W9b0i2g=", + "lastModified": 1736544172, + "narHash": "sha256-5Zp1Fg5A827aIjKrhtW84vvJmwRQqBHWzKButnaD14E=", "ref": "mod_home_manager", - "rev": "c3bcacb4ff5697c2f186c8d645c135356f68bc11", - "revCount": 1, + "rev": "df0c4e95ac6b056202c4ec6fabfcfa5bd205a0b4", + "revCount": 2, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -276,11 +274,11 @@ "ringofstorms-stormd": "ringofstorms-stormd" }, "locked": { - "lastModified": 1735796563, - "narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", + "lastModified": 1736544199, + "narHash": "sha256-OWboCDCBHFy+PuWsFVShEqEaLEgVdZR98k9zrNIb+3s=", "ref": "mod_stormd", - "rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", - "revCount": 1, + "rev": "765c7f4436db03936960373ff77dc2d41f0c4cd5", + "revCount": 2, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -290,6 +288,25 @@ "url": "https://git.joshuabell.xyz/dotfiles" } }, + "mod_secrets": { + "inputs": { + "ragenix": "ragenix" + }, + "locked": { + "lastModified": 1736544189, + "narHash": "sha256-itFFi1SGZRdmREBhcDpuSD93bInq2Juoj3JQ7Q/oF+8=", + "ref": "mod_secrets", + "rev": "17777b25238d4cb84b903252c49c75bd7030a3f6", + "revCount": 8, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_secrets", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, "nix-filter": { "locked": { "lastModified": 1710156097, @@ -323,11 +340,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { @@ -337,18 +370,17 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1735697839, - "narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=", + "lastModified": 1735854365, + "narHash": "sha256-pNb03vdsQmn0jS5dKAdx2DFZ2QH4RRvrIzZxqpfMcS8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae", + "rev": "cd9f495ef7584a714938915d3fe9327c2735d7e4", "type": "github" }, "original": { "owner": "nixos", - "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -1270,11 +1302,8 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": [ - "mod_common", - "nixpkgs" - ], - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1726755133, @@ -1294,7 +1323,7 @@ "inputs": { "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay" }, "locked": { "lastModified": 1735420577, @@ -1318,13 +1347,14 @@ "mod_home-manager": "mod_home-manager", "mod_nebula": "mod_nebula", "mod_ros_stormd": "mod_ros_stormd", - "nixpkgs": "nixpkgs_2", + "mod_secrets": "mod_secrets", + "nixpkgs": "nixpkgs_3", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1382,14 +1412,14 @@ "nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1735841437, - "narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=", + "lastModified": 1735857201, + "narHash": "sha256-zyljmBv1FegF4kF2ZWdSdBCIktSHxJljPipwLOOyjrk=", "ref": "refs/heads/master", - "rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e", - "revCount": 253, + "rev": "31220281739c7b6432f3533313a0fa0164f232c0", + "revCount": 254, "type": "git", "url": "https://git.joshuabell.xyz/nvim" }, @@ -1399,50 +1429,6 @@ } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "mod_common", - "ragenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1725675754, - "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "mod_de_cosmic", - "cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735698720, - "narHash": "sha256-+skLL6mq/T7s6J5YmSp89ivQOHBPQ40GEU2n8yqp6bs=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "a00807363a8a6cae6c3fa84ff494bf9d96333674", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { "inputs": { "nixpkgs": [ "mod_ros_stormd", @@ -1464,7 +1450,29 @@ "type": "github" } }, - "rust-overlay_4": { + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "mod_secrets", + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725675754, + "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { "inputs": { "nixpkgs": [ "ros_neovim", diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 77c9ec8..9f4b7d6 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -5,6 +5,7 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; @@ -42,6 +43,7 @@ modules = [ ./configuration.nix ./hardware-configuration.nix + ./containers_test.nix ( { pkgs, ... }: { @@ -60,6 +62,7 @@ mods = { common = { + disableRemoteBuildsOnLio = true; systemName = configuration_name; allowUnfree = true; primaryUser = "josh"; @@ -86,7 +89,6 @@ google-chrome discordo discord - # nautilus qimgv # file browsing (not needed in cosmic) firefox-esr # freecad # openscad @@ -106,7 +108,6 @@ ../../components/hm/atuin.nix ../../components/hm/direnv.nix ../../components/hm/git.nix - # ../../components/hm/launcher_rofi.nix # not needed in cosmic ../../components/hm/nix_deprecations.nix ../../components/hm/obs.nix ../../components/hm/postgres.nix @@ -117,15 +118,6 @@ ../../components/hm/zsh.nix ]; }; - # root = { - # imports = [ - # ../../components/hm/nix_deprecations.nix - # ../../components/hm/postgres.nix - # ../../components/hm/starship.nix - # ../../components/hm/zoxide.nix - # ../../components/hm/zsh.nix - # ]; - # }; }; }; }; diff --git a/hosts/oren/flake.nix b/hosts/oren/flake.nix index ef32243..768a09f 100644 --- a/hosts/oren/flake.nix +++ b/hosts/oren/flake.nix @@ -5,6 +5,7 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; @@ -77,12 +78,7 @@ google-chrome discordo discord - # nautilus qimgv # file browsing (not needed in cosmic) firefox-esr - # freecad - # ladybird - # ollama - # vlc ]; }; }; @@ -96,7 +92,6 @@ ../../components/hm/atuin.nix ../../components/hm/direnv.nix ../../components/hm/git.nix - # ../../components/hm/launcher_rofi.nix # not needed in cosmic ../../components/hm/nix_deprecations.nix ../../components/hm/postgres.nix ../../components/hm/ssh.nix @@ -105,15 +100,6 @@ ../../components/hm/zsh.nix ]; }; - # root = { - # imports = [ - # ../../components/hm/nix_deprecations.nix - # ../../components/hm/postgres.nix - # ../../components/hm/starship.nix - # ../../components/hm/zoxide.nix - # ../../components/hm/zsh.nix - # ]; - # }; }; }; }; diff --git a/onboard.nix b/onboard.nix new file mode 100644 index 0000000..739c0e1 --- /dev/null +++ b/onboard.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: +{ + networking.hostName = "%%HOSTNAME%%"; + networking.networkmanager.enable = true; + + services.openssh.enable = true; + networking.firewall.allowedTCPPorts = [ 22 ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + environment.systemPackages = with pkgs; [ + vim + curl + git + sudo + ]; + + users.users.%%USERNAME%% = { + initialPassword = "password1"; + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "video" "input" ]; + }; + + # Ensure SSH key pair generation for non-root users + systemd.services.generate_ssh_key = { + description = "Generate SSH key pair for %%USERNAME%%"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "%%USERNAME%%"; + Type = "oneshot"; + }; + script = '' + #!/run/current-system/sw/bin/bash + if [ ! -f /home/%%USERNAME%%/.ssh/id_ed25519 ]; then + if [ -v DRY_RUN ]; then + echo "DRY_RUN is set. Would generate SSH key for %%USERNAME%%." + else + echo "Generating SSH key for %%USERNAME%%." + mkdir -p /home/%%USERNAME%%/.ssh + chmod 700 /home/%%USERNAME%%/.ssh + /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/%%USERNAME%%/.ssh/id_ed25519 -N "" + fi + else + echo "SSH key already exists for %%USERNAME%%." + fi + ''; + }; +} diff --git a/onboard.sh b/onboard.sh new file mode 100644 index 0000000..9c5ae26 --- /dev/null +++ b/onboard.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# curl --proto '=https' --tlsv1.2 -sSf https://share.joshuabell.link/nix/onboard.sh + +# Go to nix configuration +cd /mnt/etc/nixos + +# Ask for required variables +VAR_HOST=$HOSTNAME +VAR_USER=$USERNAME +echo "Hostname will be: $VAR_HOST" +echo "Username will be: $VAR_USER" +while true; do + read -p "Do you wish to continue? (y/n)" yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer y/n.";; + esac +done + +# Switch to use labels in hardware-configuration +ex +'/fileSystems."\/"' +"/by-uuid" +'s#by-uuid/.*"#by-label/NIXROOT"' \ + +'/fileSystems."\/boot"' +"/by-uuid" +'s#by-uuid/.*"#by-label/NIXBOOT"' \ + +"wq" hardware-configuration.nix +echo "Switched hardware configuration to use labels" +grep "by-uuid" hardware-configuration.nix # Should show nothing, this will help prompt for changes +grep "by-label" hardware-configuration.nix +echo + +echo "TODO add swap section here that asks for sizes..." +echo + +# Download settings needed for initial boot +curl -O https://share.joshuabell.link/nix/onboard.nix +# update username and hostname in onboard file +ex +"%s/%%HOSTNAME%%/$VAR_HOST/g" +"%s/%%USERNAME%%/$VAR_USER/g" +"wq" onboard.nix +# Import onboard file in configuration.nix +ex +"%s#hardware-configuration.nix#hardware-configuration.nix ./onboard.nix#g" +"wq" configuration.nix +echo "Setup onboard.nix in configuration.nix" +echo + +echo "Run \`nixos-install\` to finish then reboot" +echo "It's recommended to verify contents of hardware config first." +echo diff --git a/readme.md b/readme.md index b0f52c1..601e0d6 100644 --- a/readme.md +++ b/readme.md @@ -87,3 +87,8 @@ efi /EFI/Microsoft/Boot/bootmgfw.efi - work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal - reduce home manager, make per user modules support instead - Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive. + + +# Server hosts + +simply run `deploy` in the host root and it will push changes to the server