ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.joshuabell.xyz:3032/dotfiles

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-01-10 15:28:10 -06:00
commit a19a4df900
26 changed files with 1651 additions and 268 deletions
Download patch file Download diff file Expand all files Collapse all files

13
components/hm/ssh.nix
View file

@ -117,18 +117,13 @@ in
user = "luser"; user = "luser";
}; };
# LINODE SERVERS # LINODE SERVERS
"l001" = { "l002_" = {
identityFile = age.secrets.nix2l001.path; identityFile = age.secrets.nix2linode.path;
hostname = "172.105.22.34"; # TODO REMOVE - OFF BOARD hostname = "172.234.26.141";
user = "root"; user = "root";
}; };
"l002_" = {
identityFile = age.secrets.nix2l002.path;
hostname = "172.232.4.54";
user = "luser";
};
"l002" = { "l002" = {
identityFile = age.secrets.nix2l002.path; identityFile = age.secrets.nix2linode.path;
hostname = "10.20.40.1"; hostname = "10.20.40.1";
user = "luser"; user = "luser";
}; };

28
flake.nix
View file

@ -50,11 +50,37 @@
fi fi
done done
''; '';
mod_status = pkgs.writeShellScriptBin "mod_status" ''
cwd=$(pwd)
root=$(git rev-parse --show-toplevel)
for dir in "$root"/modules/*/; do
cd "$dir"
echo
echo " >> $(basename "$dir"):"
git status
done
cd "$cwd"
'';
linode_deploy = pkgs.writeShellScriptBin "linode_deploy" ''
cwd=$(pwd)
root=$(git rev-parse --show-toplevel)
if [ ! -d "$root/hosts/linode/$1" ]; then
echo "Host $1 does not exist"
exit 1
fi
cd "$root/hosts/linode/$1"
echo "Deploying $(basename "$(pwd)")..."
deploy
cd "$cwd"
'';
in in
{ {
default = pkgs.mkShell { default = pkgs.mkShell {
nativeBuildInputs = [ nativeBuildInputs = with pkgs; [
mod_worktrees mod_worktrees
mod_status
linode_deploy
deploy-rs
]; ];
shellHook = '' shellHook = ''

240
hosts/gpdPocket3/flake.lock generated
View file

@ -3,9 +3,9 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_secrets",
"ragenix", "ragenix",
"nixpkgs" "nixpkgs"
], ],
@ -35,15 +35,14 @@
"nixpkgs-stable": [ "nixpkgs-stable": [
"mod_de_cosmic", "mod_de_cosmic",
"nixpkgs-stable" "nixpkgs-stable"
], ]
"rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1735781836, "lastModified": 1736513564,
"narHash": "sha256-3QBrsbyM1DyyXruthYJVAiK7kijJP4Mx996q1NC5FWE=", "narHash": "sha256-eAKwqMdGWambTbuZvAp3YYhAoWjaIFWGvxDAxxyh/Tg=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "553e7a4b77c4ddf8ed700776f9d71982a14e23c4", "rev": "0855bf33427209e4f5e3d2d0968a14784525e929",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -70,7 +69,7 @@
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_secrets",
"ragenix", "ragenix",
"agenix", "agenix",
"nixpkgs" "nixpkgs"
@ -128,7 +127,29 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_home-manager",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "rycee",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"mod_secrets",
"ragenix", "ragenix",
"agenix", "agenix",
"nixpkgs" "nixpkgs"
@ -148,28 +169,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"mod_home-manager",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735344290,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "rycee",
"repo": "home-manager",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"mod_boot_systemd": { "mod_boot_systemd": {
"locked": { "locked": {
"lastModified": 1735793935, "lastModified": 1735793935,
@ -190,15 +189,14 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1735795919, "lastModified": 1736544147,
"narHash": "sha256-vreq5NKH6dCj9nAsR59KTHfT+i9SLDbtGbsEcv0Heuw=", "narHash": "sha256-WijrrGDuY8O0VUgsIbZK6PrvCMdgUGPex23hv1FmmHs=",
"ref": "mod_common", "ref": "mod_common",
"rev": "b693858091a4a1e1135393b941ad16cbf21fa5fe", "rev": "780bcb7c44a274e4128af656dafce6d26463d6b8",
"revCount": 1, "revCount": 6,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -219,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735839171, "lastModified": 1736544162,
"narHash": "sha256-yXTT8Lwbsm2ujIeK8NiVb0YUdjPT//3NK8vhXd9x8KE=", "narHash": "sha256-C1pkQDar5XSdZtir3EfMWtW9gX3z8vaucGg800YzMvw=",
"ref": "mod_de_cosmic", "ref": "mod_de_cosmic",
"rev": "ce85513ec5b69279aed6859bc37c78c22e5e944f", "rev": "6d8795b3c6ce2a640abe36801959e3af37d85a2e",
"revCount": 2, "revCount": 3,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -235,17 +233,17 @@
}, },
"mod_home-manager": { "mod_home-manager": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1735796212, "lastModified": 1736544172,
"narHash": "sha256-8aN/3ioMsr8IhBvo/Ym98bkFbHQ/4ODrww15W9b0i2g=", "narHash": "sha256-5Zp1Fg5A827aIjKrhtW84vvJmwRQqBHWzKButnaD14E=",
"ref": "mod_home_manager", "ref": "mod_home_manager",
"rev": "c3bcacb4ff5697c2f186c8d645c135356f68bc11", "rev": "df0c4e95ac6b056202c4ec6fabfcfa5bd205a0b4",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -276,11 +274,11 @@
"ringofstorms-stormd": "ringofstorms-stormd" "ringofstorms-stormd": "ringofstorms-stormd"
}, },
"locked": { "locked": {
"lastModified": 1735796563, "lastModified": 1736544199,
"narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", "narHash": "sha256-OWboCDCBHFy+PuWsFVShEqEaLEgVdZR98k9zrNIb+3s=",
"ref": "mod_stormd", "ref": "mod_stormd",
"rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", "rev": "765c7f4436db03936960373ff77dc2d41f0c4cd5",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -290,6 +288,25 @@
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
} }
}, },
"mod_secrets": {
"inputs": {
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1736544189,
"narHash": "sha256-itFFi1SGZRdmREBhcDpuSD93bInq2Juoj3JQ7Q/oF+8=",
"ref": "mod_secrets",
"rev": "17777b25238d4cb84b903252c49c75bd7030a3f6",
"revCount": 8,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_secrets",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nix-filter": { "nix-filter": {
"locked": { "locked": {
"lastModified": 1710156097, "lastModified": 1710156097,
@ -323,11 +340,27 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1735669367, "lastModified": 1725634671,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -337,18 +370,17 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1735697839, "lastModified": 1735854365,
"narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=", "narHash": "sha256-pNb03vdsQmn0jS5dKAdx2DFZ2QH4RRvrIzZxqpfMcS8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae", "rev": "cd9f495ef7584a714938915d3fe9327c2735d7e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1270,11 +1302,8 @@
"agenix": "agenix", "agenix": "agenix",
"crane": "crane", "crane": "crane",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": "nixpkgs_2",
"mod_common", "rust-overlay": "rust-overlay_2"
"nixpkgs"
],
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1726755133, "lastModified": 1726755133,
@ -1294,7 +1323,7 @@
"inputs": { "inputs": {
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1735420577, "lastModified": 1735420577,
@ -1318,13 +1347,14 @@
"mod_home-manager": "mod_home-manager", "mod_home-manager": "mod_home-manager",
"mod_nebula": "mod_nebula", "mod_nebula": "mod_nebula",
"mod_ros_stormd": "mod_ros_stormd", "mod_ros_stormd": "mod_ros_stormd",
"nixpkgs": "nixpkgs_2", "mod_secrets": "mod_secrets",
"nixpkgs": "nixpkgs_3",
"ros_neovim": "ros_neovim" "ros_neovim": "ros_neovim"
} }
}, },
"ros_neovim": { "ros_neovim": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1382,14 +1412,14 @@
"nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim", "nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim",
"nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp",
"nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua",
"rust-overlay": "rust-overlay_4" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1735841437, "lastModified": 1735857201,
"narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=", "narHash": "sha256-zyljmBv1FegF4kF2ZWdSdBCIktSHxJljPipwLOOyjrk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e", "rev": "31220281739c7b6432f3533313a0fa0164f232c0",
"revCount": 253, "revCount": 254,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/nvim" "url": "https://git.joshuabell.xyz/nvim"
}, },
@ -1399,50 +1429,6 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"nixpkgs": [
"mod_common",
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725675754,
"narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"mod_de_cosmic",
"cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735698720,
"narHash": "sha256-+skLL6mq/T7s6J5YmSp89ivQOHBPQ40GEU2n8yqp6bs=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a00807363a8a6cae6c3fa84ff494bf9d96333674",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_ros_stormd", "mod_ros_stormd",
@ -1464,7 +1450,29 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_4": { "rust-overlay_2": {
"inputs": {
"nixpkgs": [
"mod_secrets",
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725675754,
"narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"ros_neovim", "ros_neovim",

1
hosts/gpdPocket3/flake.nix
View file

@ -5,6 +5,7 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets";
mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd";
mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic";
mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs";

1
hosts/h002/flake.nix
View file

@ -5,6 +5,7 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets";
mod_boot_grub.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_grub"; mod_boot_grub.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_grub";
mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd"; mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd";
mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula"; mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula";

7
hosts/linode/l002/configuration.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
boot.loader.grub.enable = true;
system.stateVersion = "24.11";
}

245
hosts/linode/l002/flake.lock generated Normal file
View file

@ -0,0 +1,245 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"mod_common": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736191002,
"narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=",
"ref": "mod_common",
"rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2",
"revCount": 4,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_common",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"mod_nebula": {
"locked": {
"lastModified": 1735839301,
"narHash": "sha256-f2JlNaCrA3BA8fPT0uThiuiIZX5ehDe0lPlSLL/QMgY=",
"ref": "mod_nebula",
"rev": "38c50b65c66740566b39529bbd91624b01b6ea2a",
"revCount": 3,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_nebula",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"mod_ros_stormd": {
"inputs": {
"ringofstorms-stormd": "ringofstorms-stormd"
},
"locked": {
"lastModified": 1735796563,
"narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=",
"ref": "mod_stormd",
"rev": "a184895fd3f32051499dfad8eb2cb18faaec4188",
"revCount": 1,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_stormd",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nix-filter": {
"locked": {
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1728888510,
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"ringofstorms-stormd": {
"inputs": {
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1735420577,
"narHash": "sha256-2HWEALz0PVJCiP/2iZuDMj4qyukXR5IxNKFxT1NAMlQ=",
"ref": "refs/heads/master",
"rev": "7edf6888a460708889fabea2c762d4dfed4fa64f",
"revCount": 51,
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
},
"original": {
"type": "git",
"url": "ssh://git.joshuabell.xyz:3032/stormd"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"mod_common": "mod_common",
"mod_nebula": "mod_nebula",
"mod_ros_stormd": "mod_ros_stormd",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"mod_ros_stormd",
"ringofstorms-stormd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729218602,
"narHash": "sha256-KDmYxpkFWa0Go0WnOpkgQOypVaQxbwgpEutET5ey1VQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "9051466c82b9b3a6ba9e06be99621ad25423ec94",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

96
hosts/linode/l002/flake.nix Normal file
View file

@ -0,0 +1,96 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_ros_stormd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_stormd";
mod_nebula.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_nebula";
};
outputs =
{
self,
nixpkgs,
deploy-rs,
...
}@inputs:
let
configuration_name = "l002";
lib = nixpkgs.lib;
in
{
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2linode"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" =
let
auto_modules = builtins.concatMap (
input:
lib.optionals
(builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules)
[
input.nixosModules.default
]
) (builtins.attrValues inputs);
in
(lib.nixosSystem {
modules = [
./configuration.nix
./hardware-configuration.nix
./linode.nix
./nginx.nix
(
{ pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
mods = {
common = {
disableRemoteBuildsOnLio = true;
systemName = configuration_name;
allowUnfree = true;
primaryUser = "luser";
docker = true;
users = {
luser = {
extraGroups = [
"wheel"
"networkmanager"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
};
};
};
};
}
)
] ++ auto_modules;
specialArgs = {
inherit inputs;
};
});
};
};
}

34
hosts/linode/l002/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

33
hosts/linode/l002/linode.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
# TODO disable after first startup with ssh keys
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys;
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
}

162
hosts/linode/l002/nginx.nix Normal file
View file

@ -0,0 +1,162 @@
{
config,
...
}:
{
# JUST A TEST TODO remove
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# PROXY HOSTS
"chat.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://10.20.40.104:3080";
};
};
"gist.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6157";
};
};
"git.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.20.40.190:6610";
};
};
"nexus.l002.joshuabell.xyz" = {
locations."/" = {
proxyPass = "http://localhost:42291";
};
};
"nexus.joshuabell.xyz" = {
locations."/" = {
proxyPass = "http://localhost:42291";
};
};
# Redirect self IP to domain
"172.234.26.141" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"2600:3c06::f03c:95ff:fe2c:2806" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"www.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/wasabi" = {
proxyPass = "http://192.168.100.11/";
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
};
"/" = {
# return = "200 '<html>Hello World</html>'";
extraConfig = ''
default_type text/html;
return 200 '
<html>
<body style="width:100vw;height:100vh;overflow:hidden">
<div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
In the void you roam,</br>
A page that cannot be found-</br>
Turn back, seek anew.
</div>
</body>
</html>
';
'';
};
};
};
"www.ellalala.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 https://ellalala.com";
};
};
"ellalala.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "444";
};
};
"_" = {
default = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
};
# STREAMS
streamConfig = ''
server {
listen 3032;
proxy_pass 10.20.40.190:6611;
}
'';
};
networking.firewall.allowedTCPPorts = [
80 # web http
443 # web https
3032 # git ssh stream
];
networking.firewall.allowedUDPPorts = [
4242 # nebula
];
}
# TODO

71
hosts/linode/l004/configuration.nix Normal file
View file

@ -0,0 +1,71 @@
{
config,
...
}:
{
boot.loader.grub.enable = true;
system.stateVersion = "24.11";
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker"; # or "podman"
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/wasabi/" = {
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
};
locations."/" = {
# return = "404"; # or 444 for drop
proxyPass = "http://127.0.0.1:8085/";
};
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

135
hosts/linode/l004/flake.lock generated Normal file
View file

@ -0,0 +1,135 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"mod_common": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736191002,
"narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=",
"ref": "mod_common",
"rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2",
"revCount": 4,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_common",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"mod_common": "mod_common",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

91
hosts/linode/l004/flake.nix Normal file
View file

@ -0,0 +1,91 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
deploy-rs,
...
}@inputs:
let
configuration_name = "l004";
lib = nixpkgs.lib;
in
{
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2linode"
];
nodes.${configuration_name} = {
hostname = "LINODE_IP_HERE_TODO";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" =
let
auto_modules = builtins.concatMap (
input:
lib.optionals
(builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules)
[
input.nixosModules.default
]
) (builtins.attrValues inputs);
in
(lib.nixosSystem {
modules = [
./configuration.nix
./hardware-configuration.nix
./linode.nix
(
{ pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
mods = {
common = {
disableRemoteBuildsOnLio = true;
systemName = configuration_name;
allowUnfree = true;
primaryUser = "luser";
docker = true;
users = {
luser = {
extraGroups = [
"wheel"
"networkmanager"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
};
};
};
};
}
)
] ++ auto_modules;
specialArgs = {
inherit inputs;
};
});
};
};
}

34
hosts/linode/l004/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

33
hosts/linode/l004/linode.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
# TODO disable after first startup with ssh keys
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys;
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
}

10
hosts/linode/l004/readme.md Normal file
View file

@ -0,0 +1,10 @@
# Linode setup
https://www.linode.com/docs/guides/install-nixos-on-linode/#prepare-your-linode
https://nixos.org/download/
`export HOSTNAME=NAME && sudo nixos-rebuild switch --flake ~/.config/nixos-config`
# Deploying
`cd hosts/NAME && deploy`

39
hosts/linode/linode.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
# TODO disable after first startup with ssh keys
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
gitMinimal
vim
nano
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002"
];
}

60
hosts/linode/readme.md Normal file
View file

@ -0,0 +1,60 @@
# Linode setup
<https://www.linode.com/docs/guides/install-nixos-on-linode/#prepare-your-linode>
<https://nixos.org/download/>
- shutdown linode
- delete existing disks and configuration profiles
- Create Disks
- `installer`: `ext4` `1280 MB`
- `swap`: `swap` `512 MB`
- `nixos`: `ext4` all remaining space
- Create two configuration profiles, one for the installer and one to boot NixOS. For each profile, disable all of the options under Filesystem/Boot Helpers and set the Configuration Profile to match the following:
- installer profile
- Label: installer
- Kernel: Direct Disk
- /dev/sda: nixos
- /dev/sdb: swap
- /dev/sdc: installer
- root / boot device: Standard: `/dev/sdc`
- nixos profile
- Label: nixos
- Kernel: GRUB 2
- /dev/sda: nixos
- /dev/sdb: swap
- root / boot device: Standard: `/dev/sda`
- Setup installer.
- rescue mode with installer as /dev/sda
- Open LISH
```bash
# Update SSL certificates to allow HTTPS connections:
update-ca-certificates
# set the iso url to a variable
iso=https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso
# verify sda disk is installer (~1GB)
lsblk
curl -L https://channels.nixos.org/nixos-24.11/latest-nixos-minimal-x86_64-linux.iso.sha256
# Download the ISO, write it to the installer disk, and verify the checksum:
curl -L $iso | tee >(dd of=/dev/sda) | sha256sum
# verify the shas are the same then shutdown system
shutdown 0
```
- Boot the installer configuration profile and install nixos
(open GLISH and `sudo -i && passwd #simple pass` ssh into machine for easier copy paste, rerun `passwd` with a more secure password here if desired)
- mount /dev/sda /mnt
- swapon /dev/sdb
- nixos-generate-config --root /mnt
- cd /mnt/etc/nixos
- # TODO rewrite device modifiers like they say in the tutorial? I had issues with linode's device labeling so I am leaving it to uuids, this could bite me in the future idk
- copy `linode.nix` into remote server and import it into `configuration.nix`
- update ssh key for root user if needed
- `nixos-install`
- shutdown in linode, delete installer disk
- delete the installer configuration profile in linode, boot into nixos configuration profile
tada, should be able to ssh with root and ssh key defined in earlier in linode.nix

219
hosts/lio/containers_test.nix Normal file
View file

@ -0,0 +1,219 @@
{
config,
pkgs,
...
}:
{
# NOTE some useful links
# nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
# https://nixos.wiki/wiki/NixOS_Containers
#
options.services.librechat =
let
lib = pkgs.lib;
in
{
enable = lib.mkEnableOption "LibreChat service";
port = lib.mkOption {
type = lib.types.port;
default = 3080;
description = "Port number for the LibreChat API service";
};
ragPort = lib.mkOption {
type = lib.types.port;
default = 8000;
description = "Port number for the RAG API service";
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/librechat";
description = "Directory to store LibreChat data";
};
};
config = {
## Give internet access
# networking.nat.enable = true;
# networking.nat.internalInterfaces = [ "ve-*" ];
# networking.nat.externalInterface = "eth0";
# Random test
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
virtualisation.oci-containers = {
backend = "docker"; # or "podman"
containers = {
# Example of defining a container from the compose file
"test_nginx" = {
# autoStart = true; this is default true
image = "nginx:latest";
ports = [
"127.0.0.1:8085:80"
];
};
# librechat
librechat = {
user = "root";
image = "ghcr.io/danny-avila/librechat-dev:latest";
ports = [
"${toString config.services.librechat.port}:${toString config.services.librechat.port}"
];
dependsOn = [
"librechat_mongodb"
"librechat_rag_api"
];
environment = {
HOST = "0.0.0.0";
MONGO_URI = "mongodb://librechat_mongodb:27017/LibreChat";
MEILI_HOST = "http://librechat_meilisearch:7700";
RAG_PORT = toString config.services.librechat.ragPort;
RAG_API_URL = "http://librechat_rag_api:${toString config.services.librechat.ragPort}";
};
environmentFiles = [ "${config.services.librechat.dataDir}/.env" ];
volumes = [
"${config.services.librechat.dataDir}/.env:/app/.env"
"${config.services.librechat.dataDir}/librechat.yaml:/app/librechat.yaml"
"${config.services.librechat.dataDir}/images:/app/client/public/images"
"${config.services.librechat.dataDir}/logs:/app/api/logs"
];
extraOptions = [ "--network=librechat-network" ];
};
librechat_mongodb = {
user = "root";
image = "mongo";
volumes = [
"${config.services.librechat.dataDir}/data-node:/data/db"
];
cmd = [
"mongod"
"--noauth"
];
extraOptions = [ "--network=librechat-network" ];
};
librechat_meilisearch = {
user = "root";
image = "getmeili/librechat_meilisearch:v1.7.3";
environment = {
MEILI_HOST = "http://librechat_meilisearch:7700";
MEILI_NO_ANALYTICS = "true";
};
volumes = [
"${config.services.librechat.dataDir}/meili_data_v1.7:/meili_data"
];
extraOptions = [ "--network=librechat-network" ];
};
librechat_vectordb = {
user = "root";
image = "ankane/pgvector:latest";
environment = {
POSTGRES_DB = "mydatabase";
POSTGRES_USER = "myuser";
POSTGRES_PASSWORD = "mypassword";
};
volumes = [
"${config.services.librechat.dataDir}/pgdata2:/var/lib/postgresql/data"
];
extraOptions = [ "--network=librechat-network" ];
};
librechat_rag_api = {
user = "root";
image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest";
environment = {
DB_HOST = "librechat_vectordb";
RAG_PORT = toString config.services.librechat.ragPort;
OPENAI_API_KEY = "not_using_openai";
};
dependsOn = [ "librechat_vectordb" ];
environmentFiles = [ "${config.services.librechat.dataDir}/.env" ];
extraOptions = [ "--network=librechat-network" ];
};
# TODO revisit local whisper, for now I am using groq free for STT
# librechat_whisper = {
# user = "root";
# image = "onerahmet/openai-whisper-asr-webservice:latest";
# # ports = [ "8080:8080" ];
# environment = {
# ASR_MODEL = "base"; # You can change to small, medium, large, etc.
# ASR_ENGINE = "openai_whisper";
# };
# extraOptions = [ "--network=librechat-network" ];
# };
};
};
systemd.services.create-librechat-network = {
description = "Create Docker network for LibreChat";
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];
script = ''
if ! ${pkgs.docker}/bin/docker network inspect librechat-network >/dev/null 2>&1; then
${pkgs.docker}/bin/docker network create librechat-network
fi
'';
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"local.belljm.com" = {
# enableACME = true;
# forceSSL = true;
locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80";
};
"127.0.0.1" = {
locations."/wasabi/" = {
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
};
locations."/" = {
return = "404"; # or 444 for drop
};
};
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

240
hosts/lio/flake.lock generated
View file

@ -3,9 +3,9 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_secrets",
"ragenix", "ragenix",
"nixpkgs" "nixpkgs"
], ],
@ -35,15 +35,14 @@
"nixpkgs-stable": [ "nixpkgs-stable": [
"mod_de_cosmic", "mod_de_cosmic",
"nixpkgs-stable" "nixpkgs-stable"
], ]
"rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1735781836, "lastModified": 1736513564,
"narHash": "sha256-3QBrsbyM1DyyXruthYJVAiK7kijJP4Mx996q1NC5FWE=", "narHash": "sha256-eAKwqMdGWambTbuZvAp3YYhAoWjaIFWGvxDAxxyh/Tg=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "553e7a4b77c4ddf8ed700776f9d71982a14e23c4", "rev": "0855bf33427209e4f5e3d2d0968a14784525e929",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -70,7 +69,7 @@
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_secrets",
"ragenix", "ragenix",
"agenix", "agenix",
"nixpkgs" "nixpkgs"
@ -128,7 +127,29 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_common", "mod_home-manager",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "rycee",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"mod_secrets",
"ragenix", "ragenix",
"agenix", "agenix",
"nixpkgs" "nixpkgs"
@ -148,28 +169,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"mod_home-manager",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735344290,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "rycee",
"repo": "home-manager",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"mod_boot_systemd": { "mod_boot_systemd": {
"locked": { "locked": {
"lastModified": 1735793935, "lastModified": 1735793935,
@ -190,15 +189,14 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1735795919, "lastModified": 1736544147,
"narHash": "sha256-vreq5NKH6dCj9nAsR59KTHfT+i9SLDbtGbsEcv0Heuw=", "narHash": "sha256-WijrrGDuY8O0VUgsIbZK6PrvCMdgUGPex23hv1FmmHs=",
"ref": "mod_common", "ref": "mod_common",
"rev": "b693858091a4a1e1135393b941ad16cbf21fa5fe", "rev": "780bcb7c44a274e4128af656dafce6d26463d6b8",
"revCount": 1, "revCount": 6,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -219,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735839171, "lastModified": 1736544162,
"narHash": "sha256-yXTT8Lwbsm2ujIeK8NiVb0YUdjPT//3NK8vhXd9x8KE=", "narHash": "sha256-C1pkQDar5XSdZtir3EfMWtW9gX3z8vaucGg800YzMvw=",
"ref": "mod_de_cosmic", "ref": "mod_de_cosmic",
"rev": "ce85513ec5b69279aed6859bc37c78c22e5e944f", "rev": "6d8795b3c6ce2a640abe36801959e3af37d85a2e",
"revCount": 2, "revCount": 3,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -235,17 +233,17 @@
}, },
"mod_home-manager": { "mod_home-manager": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1735796212, "lastModified": 1736544172,
"narHash": "sha256-8aN/3ioMsr8IhBvo/Ym98bkFbHQ/4ODrww15W9b0i2g=", "narHash": "sha256-5Zp1Fg5A827aIjKrhtW84vvJmwRQqBHWzKButnaD14E=",
"ref": "mod_home_manager", "ref": "mod_home_manager",
"rev": "c3bcacb4ff5697c2f186c8d645c135356f68bc11", "rev": "df0c4e95ac6b056202c4ec6fabfcfa5bd205a0b4",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -276,11 +274,11 @@
"ringofstorms-stormd": "ringofstorms-stormd" "ringofstorms-stormd": "ringofstorms-stormd"
}, },
"locked": { "locked": {
"lastModified": 1735796563, "lastModified": 1736544199,
"narHash": "sha256-YjXJu/5Hcl7YpcpiHLd5wqCFUlJp39MM9CfQKhdpkk8=", "narHash": "sha256-OWboCDCBHFy+PuWsFVShEqEaLEgVdZR98k9zrNIb+3s=",
"ref": "mod_stormd", "ref": "mod_stormd",
"rev": "a184895fd3f32051499dfad8eb2cb18faaec4188", "rev": "765c7f4436db03936960373ff77dc2d41f0c4cd5",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },
@ -290,6 +288,25 @@
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
} }
}, },
"mod_secrets": {
"inputs": {
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1736544189,
"narHash": "sha256-itFFi1SGZRdmREBhcDpuSD93bInq2Juoj3JQ7Q/oF+8=",
"ref": "mod_secrets",
"rev": "17777b25238d4cb84b903252c49c75bd7030a3f6",
"revCount": 8,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
"original": {
"ref": "mod_secrets",
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
}
},
"nix-filter": { "nix-filter": {
"locked": { "locked": {
"lastModified": 1710156097, "lastModified": 1710156097,
@ -323,11 +340,27 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1735669367, "lastModified": 1725634671,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1736200483,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -337,18 +370,17 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1735697839, "lastModified": 1735854365,
"narHash": "sha256-0Acw0UaLi+VNThsmeX8zOKi000DFrYXNnrgpOpk2+MM=", "narHash": "sha256-pNb03vdsQmn0jS5dKAdx2DFZ2QH4RRvrIzZxqpfMcS8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5eaa5fdf06d2b15d373b82c0f3a1ec1c6cab02ae", "rev": "cd9f495ef7584a714938915d3fe9327c2735d7e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1270,11 +1302,8 @@
"agenix": "agenix", "agenix": "agenix",
"crane": "crane", "crane": "crane",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": "nixpkgs_2",
"mod_common", "rust-overlay": "rust-overlay_2"
"nixpkgs"
],
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1726755133, "lastModified": 1726755133,
@ -1294,7 +1323,7 @@
"inputs": { "inputs": {
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1735420577, "lastModified": 1735420577,
@ -1318,13 +1347,14 @@
"mod_home-manager": "mod_home-manager", "mod_home-manager": "mod_home-manager",
"mod_nebula": "mod_nebula", "mod_nebula": "mod_nebula",
"mod_ros_stormd": "mod_ros_stormd", "mod_ros_stormd": "mod_ros_stormd",
"nixpkgs": "nixpkgs_2", "mod_secrets": "mod_secrets",
"nixpkgs": "nixpkgs_3",
"ros_neovim": "ros_neovim" "ros_neovim": "ros_neovim"
} }
}, },
"ros_neovim": { "ros_neovim": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1382,14 +1412,14 @@
"nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim", "nvim_plugin-yetone/avante.nvim": "nvim_plugin-yetone/avante.nvim",
"nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp",
"nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua",
"rust-overlay": "rust-overlay_4" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1735841437, "lastModified": 1735857201,
"narHash": "sha256-ZwmlaFhOlQ7f6Rq6VxRup7giPiwQlwe71HcoO/laRJo=", "narHash": "sha256-zyljmBv1FegF4kF2ZWdSdBCIktSHxJljPipwLOOyjrk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "71d82c875fff85ae250804f45f1acf65f42cdc1e", "rev": "31220281739c7b6432f3533313a0fa0164f232c0",
"revCount": 253, "revCount": 254,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/nvim" "url": "https://git.joshuabell.xyz/nvim"
}, },
@ -1399,50 +1429,6 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"nixpkgs": [
"mod_common",
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725675754,
"narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"mod_de_cosmic",
"cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735698720,
"narHash": "sha256-+skLL6mq/T7s6J5YmSp89ivQOHBPQ40GEU2n8yqp6bs=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a00807363a8a6cae6c3fa84ff494bf9d96333674",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"mod_ros_stormd", "mod_ros_stormd",
@ -1464,7 +1450,29 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_4": { "rust-overlay_2": {
"inputs": {
"nixpkgs": [
"mod_secrets",
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725675754,
"narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"ros_neovim", "ros_neovim",

14
hosts/lio/flake.nix
View file

@ -5,6 +5,7 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets";
mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd";
mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic";
mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs";
@ -42,6 +43,7 @@
modules = [ modules = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./containers_test.nix
( (
{ pkgs, ... }: { pkgs, ... }:
{ {
@ -60,6 +62,7 @@
mods = { mods = {
common = { common = {
disableRemoteBuildsOnLio = true;
systemName = configuration_name; systemName = configuration_name;
allowUnfree = true; allowUnfree = true;
primaryUser = "josh"; primaryUser = "josh";
@ -86,7 +89,6 @@
google-chrome google-chrome
discordo discordo
discord discord
# nautilus qimgv # file browsing (not needed in cosmic)
firefox-esr firefox-esr
# freecad # freecad
# openscad # openscad
@ -106,7 +108,6 @@
../../components/hm/atuin.nix ../../components/hm/atuin.nix
../../components/hm/direnv.nix ../../components/hm/direnv.nix
../../components/hm/git.nix ../../components/hm/git.nix
# ../../components/hm/launcher_rofi.nix # not needed in cosmic
../../components/hm/nix_deprecations.nix ../../components/hm/nix_deprecations.nix
../../components/hm/obs.nix ../../components/hm/obs.nix
../../components/hm/postgres.nix ../../components/hm/postgres.nix
@ -117,15 +118,6 @@
../../components/hm/zsh.nix ../../components/hm/zsh.nix
]; ];
}; };
# root = {
# imports = [
# ../../components/hm/nix_deprecations.nix
# ../../components/hm/postgres.nix
# ../../components/hm/starship.nix
# ../../components/hm/zoxide.nix
# ../../components/hm/zsh.nix
# ];
# };
}; };
}; };
}; };

16
hosts/oren/flake.nix
View file

@ -5,6 +5,7 @@
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common";
mod_common.inputs.nixpkgs.follows = "nixpkgs"; mod_common.inputs.nixpkgs.follows = "nixpkgs";
mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets";
mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd";
mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic";
mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs";
@ -77,12 +78,7 @@
google-chrome google-chrome
discordo discordo
discord discord
# nautilus qimgv # file browsing (not needed in cosmic)
firefox-esr firefox-esr
# freecad
# ladybird
# ollama
# vlc
]; ];
}; };
}; };
@ -96,7 +92,6 @@
../../components/hm/atuin.nix ../../components/hm/atuin.nix
../../components/hm/direnv.nix ../../components/hm/direnv.nix
../../components/hm/git.nix ../../components/hm/git.nix
# ../../components/hm/launcher_rofi.nix # not needed in cosmic
../../components/hm/nix_deprecations.nix ../../components/hm/nix_deprecations.nix
../../components/hm/postgres.nix ../../components/hm/postgres.nix
../../components/hm/ssh.nix ../../components/hm/ssh.nix
@ -105,15 +100,6 @@
../../components/hm/zsh.nix ../../components/hm/zsh.nix
]; ];
}; };
# root = {
# imports = [
# ../../components/hm/nix_deprecations.nix
# ../../components/hm/postgres.nix
# ../../components/hm/starship.nix
# ../../components/hm/zoxide.nix
# ../../components/hm/zsh.nix
# ];
# };
}; };
}; };
}; };

48
onboard.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, ... }:
{
networking.hostName = "%%HOSTNAME%%";
networking.networkmanager.enable = true;
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
vim
curl
git
sudo
];
users.users.%%USERNAME%% = {
initialPassword = "password1";
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "video" "input" ];
};
# Ensure SSH key pair generation for non-root users
systemd.services.generate_ssh_key = {
description = "Generate SSH key pair for %%USERNAME%%";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "%%USERNAME%%";
Type = "oneshot";
};
script = ''
#!/run/current-system/sw/bin/bash
if [ ! -f /home/%%USERNAME%%/.ssh/id_ed25519 ]; then
if [ -v DRY_RUN ]; then
echo "DRY_RUN is set. Would generate SSH key for %%USERNAME%%."
else
echo "Generating SSH key for %%USERNAME%%."
mkdir -p /home/%%USERNAME%%/.ssh
chmod 700 /home/%%USERNAME%%/.ssh
/run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/%%USERNAME%%/.ssh/id_ed25519 -N ""
fi
else
echo "SSH key already exists for %%USERNAME%%."
fi
'';
};
}

44
onboard.sh Normal file
View file

@ -0,0 +1,44 @@
#!/bin/sh
# curl --proto '=https' --tlsv1.2 -sSf https://share.joshuabell.link/nix/onboard.sh
# Go to nix configuration
cd /mnt/etc/nixos
# Ask for required variables
VAR_HOST=$HOSTNAME
VAR_USER=$USERNAME
echo "Hostname will be: $VAR_HOST"
echo "Username will be: $VAR_USER"
while true; do
read -p "Do you wish to continue? (y/n)" yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit;;
* ) echo "Please answer y/n.";;
esac
done
# Switch to use labels in hardware-configuration
ex +'/fileSystems."\/"' +"/by-uuid" +'s#by-uuid/.*"#by-label/NIXROOT"' \
+'/fileSystems."\/boot"' +"/by-uuid" +'s#by-uuid/.*"#by-label/NIXBOOT"' \
+"wq" hardware-configuration.nix
echo "Switched hardware configuration to use labels"
grep "by-uuid" hardware-configuration.nix # Should show nothing, this will help prompt for changes
grep "by-label" hardware-configuration.nix
echo
echo "TODO add swap section here that asks for sizes..."
echo
# Download settings needed for initial boot
curl -O https://share.joshuabell.link/nix/onboard.nix
# update username and hostname in onboard file
ex +"%s/%%HOSTNAME%%/$VAR_HOST/g" +"%s/%%USERNAME%%/$VAR_USER/g" +"wq" onboard.nix
# Import onboard file in configuration.nix
ex +"%s#hardware-configuration.nix#hardware-configuration.nix ./onboard.nix#g" +"wq" configuration.nix
echo "Setup onboard.nix in configuration.nix"
echo
echo "Run \`nixos-install\` to finish then reboot"
echo "It's recommended to verify contents of hardware config first."
echo

5
readme.md
View file

@ -87,3 +87,8 @@ efi /EFI/Microsoft/Boot/bootmgfw.efi
- work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal - work on secrets pre ragenix, stormd pre install for all the above bootstrapping steps would be ideal
- reduce home manager, make per user modules support instead - reduce home manager, make per user modules support instead
- Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive. - Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive.
# Server hosts
simply run `deploy` in the host root and it will push changes to the server