ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update all VPS configs

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-03-19 12:49:00 -05:00
parent 138565efad
commit c781a90851
12 changed files with 1374 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/h002/flake.nix
View file

@ -52,7 +52,6 @@
docker.enable = true; docker.enable = true;
}; };
users = { users = {
# Users are all normal users and default password is password1
admins = [ "josh" ]; # First admin is also the primary user owning nix config admins = [ "josh" ]; # First admin is also the primary user owning nix config
users = { users = {
josh = { josh = {

8
hosts/linode/l001/flake.lock generated
View file

@ -32,11 +32,11 @@
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1742335106, "lastModified": 1742406125,
"narHash": "sha256-NmpZH5jNuJqfx6ty+Ttnyig22R4Pfwb7iUtbujjQgYk=", "narHash": "sha256-+NQNj2IMJuEiymB+YrcZkxeZt7QlC+Bwe5rWgRRHKrU=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "aacf05e59d89836103e75345640d7b82481363c0", "rev": "138565efadeed6baf2a632c5dcc95a2031c77f86",
"revCount": 366, "revCount": 371,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },

19
hosts/linode/l001/flake.nix
View file

@ -49,8 +49,9 @@
( (
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
users.users.root.openssh.authorizedKeys.keys = [ environment.systemPackages = with pkgs; [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" bitwarden
vaultwarden
]; ];
ringofstorms_common = { ringofstorms_common = {
@ -65,29 +66,21 @@
ssh.enable = true; ssh.enable = true;
}; };
users = { users = {
# Users are all normal users and default password is password1
admins = [ "luser" ]; # First admin is also the primary user owning nix config
users = { users = {
luser = { root = {
extraGroups = [
"networkmanager"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
packages = with pkgs; [
bitwarden
vaultwarden
];
}; };
}; };
}; };
homeManager = { homeManager = {
users = { users = {
luser = { root = {
imports = with common.homeManagerModules; [ imports = with common.homeManagerModules; [
tmux tmux
atuin
git git
postgres postgres
starship starship

1
hosts/linode/l001/linode.nix
View file

@ -18,7 +18,6 @@
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys;
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it. networking.useDHCP = false; # Disable DHCP globally as we will not need it.

8
hosts/linode/l002/flake.lock generated
View file

@ -32,11 +32,11 @@
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1742335106, "lastModified": 1742406125,
"narHash": "sha256-NmpZH5jNuJqfx6ty+Ttnyig22R4Pfwb7iUtbujjQgYk=", "narHash": "sha256-+NQNj2IMJuEiymB+YrcZkxeZt7QlC+Bwe5rWgRRHKrU=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "aacf05e59d89836103e75345640d7b82481363c0", "rev": "138565efadeed6baf2a632c5dcc95a2031c77f86",
"revCount": 366, "revCount": 371,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },

22
hosts/linode/l002/flake.nix
View file

@ -48,14 +48,18 @@
( (
{ pkgs, ... }: { pkgs, ... }:
{ {
users.users.root.openssh.authorizedKeys.keys = [ environment.systemPackages = with pkgs; [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" bitwarden
vaultwarden
]; ];
ringofstorms_common = { ringofstorms_common = {
systemName = configuration_name; systemName = configuration_name;
general = { general = {
disableRemoteBuildsOnLio = true; disableRemoteBuildsOnLio = true;
readWindowsDrives = false;
jetbrainsMonoFont = false;
ttyCapsEscape = false;
}; };
programs = { programs = {
tailnet.enable = true; tailnet.enable = true;
@ -63,29 +67,21 @@
ssh.enable = true; ssh.enable = true;
}; };
users = { users = {
# Users are all normal users and default password is password1
admins = [ "luser" ]; # First admin is also the primary user owning nix config
users = { users = {
luser = { root = {
extraGroups = [
"networkmanager"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
packages = with pkgs; [
bitwarden
vaultwarden
];
}; };
}; };
}; };
homeManager = { homeManager = {
users = { users = {
luser = { root = {
imports = with common.homeManagerModules; [ imports = with common.homeManagerModules; [
tmux tmux
atuin
git git
postgres postgres
starship starship

1
hosts/linode/l002/linode.nix
View file

@ -18,7 +18,6 @@
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys;
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it. networking.useDHCP = false; # Disable DHCP globally as we will not need it.

9
hosts/linode/l002/nginx.nix
View file

@ -1,5 +1,4 @@
{ {
pkgs,
... ...
}: }:
{ {
@ -76,14 +75,6 @@
proxyPass = "http://100.64.0.2:6610"; proxyPass = "http://100.64.0.2:6610";
}; };
}; };
"vault.t.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.64.0.2:64608";
};
};
# Redirect self IP to domain # Redirect self IP to domain
"172.234.26.141" = { "172.234.26.141" = {

1308
hosts/oracle/o001/flake.lock generated
View file

File diff suppressed because it is too large Load diff

128
hosts/oracle/o001/flake.nix
View file

@ -2,18 +2,19 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
common.url = "git+https://git.joshuabell.xyz/dotfiles";
mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
mod_common.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
{ {
self, self,
nixpkgs, nixpkgs,
common,
ros_neovim,
deploy-rs, deploy-rs,
... ...
}@inputs: }:
let let
configuration_name = "o001"; configuration_name = "o001";
lib = nixpkgs.lib; lib = nixpkgs.lib;
@ -37,76 +38,67 @@
nixosConfigurations = { nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name}; nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" = "${configuration_name}" = lib.nixosSystem {
let system = "aarch64-linux";
auto_modules = builtins.concatMap ( modules = [
input: common.nixosModules.default
lib.optionals ros_neovim.nixosModules.default
(builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules) ./configuration.nix
[ ./hardware-configuration.nix
input.nixosModules.default ./nginx.nix
] ./vaultwarden.nix
) (builtins.attrValues inputs); (
in { pkgs, ... }:
(lib.nixosSystem { {
system = "aarch64-linux"; environment.systemPackages = with pkgs; [
modules = [ bitwarden
./configuration.nix vaultwarden
./hardware-configuration.nix ];
./nginx.nix
./vaultwarden.nix
../../../components/nix/tailscale.nix
(
{ pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle"
];
components = {
# NOTE we manually onboard this machine since it has no secrets uploaded to it
tailscale.useSecretsAuth = false;
};
services.fail2ban = { ringofstorms_common = {
enable = true; systemName = configuration_name;
ignoreIP = [ general = {
"100.64.0.0/10" disableRemoteBuildsOnLio = true;
]; readWindowsDrives = false;
jetbrainsMonoFont = false;
ttyCapsEscape = false;
}; };
services.openssh = { programs = {
enable = true; tailnet.enable = true;
settings.PermitRootLogin = "yes"; tailnet.useSecretsAuth = false;
settings.PasswordAuthentication = false; ssh.enable = true;
docker.enable = true;
}; };
users = {
mods = { users = {
common = { root = {
disableRemoteBuildsOnLio = true; openssh.authorizedKeys.keys = [
systemName = configuration_name; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle"
allowUnfree = true; ];
primaryUser = "luser"; shell = pkgs.zsh;
docker = true;
users = {
luser = {
extraGroups = [
"wheel"
"networkmanager"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle"
];
};
}; };
}; };
}; };
} homeManager = {
) users = {
] ++ auto_modules; root = {
specialArgs = { imports = with common.homeManagerModules; [
inherit inputs; tmux
}; atuin
}); git
postgres
starship
zoxide
zsh
];
};
};
};
};
}
)
];
};
}; };
}; };
} }

1
hosts/oracle/o001/hardware-configuration.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = { boot.loader.grub = {
enable = true;
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";

2
hosts/oracle/o001/vaultwarden.nix
View file

@ -61,7 +61,7 @@ in
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_PORT = builtins.toString v_port; ROCKET_PORT = builtins.toString v_port;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
# ADMIN_TOKEN = "> vaultwarden hash"; ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YMFEq4GZiCeM+MBSW75G+gq6Dnywszaqhhdrt5pIyLw$zdlU/ws8kfBVa/FWp1LVfhnu+CVuItG2nPGXgKyjWug";
}; };
}; };
}; };