ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ringofstorms:c0a86636d236a4501c5bf9f661177c1f3ae6ca87
Branches Tags
ringofstorms:master
ringofstorms:i3
..
compare: ringofstorms:7fd871e3ef8254f1975877b31e77c790d9c3f0f4
Branches Tags
ringofstorms:master
ringofstorms:i3

No commits in common. "c0a86636d236a4501c5bf9f661177c1f3ae6ca87" and "7fd871e3ef8254f1975877b31e77c790d9c3f0f4" have entirely different histories.
c0a86636d2 ... 7fd871e3ef

7 changed files with 1711 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/linode/l002/configuration.nix Normal file
View file

@ -0,0 +1,7 @@
{
...
}:
{
boot.loader.grub.enable = true;
system.stateVersion = "24.11";
}

1388
hosts/linode/l002/flake.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

100
hosts/linode/l002/flake.nix Normal file
View file

@ -0,0 +1,100 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
deploy-rs.url = "github:serokell/deploy-rs";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
outputs =
{
self,
nixpkgs,
common,
ros_neovim,
deploy-rs,
...
}:
let
configuration_name = "l002";
lib = nixpkgs.lib;
in
{
deploy = {
sshUser = "root";
sshOpts = [
"-i"
"/run/agenix/nix2linode"
];
nodes.${configuration_name} = {
hostname = "172.234.26.141";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configuration_name};
};
};
};
nixosConfigurations = {
nixos = self.nixosConfigurations.${configuration_name};
"${configuration_name}" = lib.nixosSystem {
modules = [
common.nixosModules.default
ros_neovim.nixosModules.default
./configuration.nix
./hardware-configuration.nix
./linode.nix
./nginx.nix
(
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bitwarden
vaultwarden
];
ringofstorms_common = {
systemName = configuration_name;
general = {
disableRemoteBuildsOnLio = true;
readWindowsDrives = false;
jetbrainsMonoFont = false;
ttyCapsEscape = false;
};
programs = {
tailnet.enable = true;
ssh.enable = true;
};
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode"
];
shell = pkgs.zsh;
};
};
};
homeManager = {
users = {
root = {
imports = with common.homeManagerModules; [
tmux
atuin
git
postgres
starship
zoxide
zsh
];
};
};
};
};
}
)
];
};
};
};
}

34
hosts/linode/l002/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

32
hosts/linode/l002/linode.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, ... }:
{
# https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.enable = true;
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
settings.PasswordAuthentication = false;
};
networking.usePredictableInterfaceNames = false;
networking.useDHCP = false; # Disable DHCP globally as we will not need it.
# required for ssh?
networking.interfaces.eth0.useDHCP = true;
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
}

150
hosts/linode/l002/nginx.nix Normal file
View file

@ -0,0 +1,150 @@
{
...
}:
{
# JUST A TEST TODO remove
containers.wasabi = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = "192.168.100.11";
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
};
};
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "admin@joshuabell.xyz";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# default that is put first for fallbacks
# Note that order here doesn't matter it orders alphabetically so `0` puts it first
# I had an issue tha the first SSL port 443 site would catch any https traffic instead
# of hitting my default fallback and this fixes that issue and ensure this is hit instead
"002.linodes.joshuabell.xyz" = {
default = true;
enableACME = true;
forceSSL = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
# PROXY HOSTS
"chat.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.64.0.1:3080";
};
};
"gist.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://100.64.0.13";
};
};
"git.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://100.64.0.13";
};
};
# Redirect self IP to domain
"172.234.26.141" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"2600:3c06::f03c:95ff:fe2c:2806" = {
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"www.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 https://joshuabell.xyz";
};
};
"joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/wasabi" = {
proxyPass = "http://192.168.100.11/";
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
};
"/" = {
# return = "200 '<html>Hello World</html>'";
extraConfig = ''
default_type text/html;
return 200 '
<html>
<body style="width:100vw;height:100vh;overflow:hidden">
<div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
In the void you roam,</br>
A page that cannot be found-</br>
Turn back, seek anew.
</div>
</body>
</html>
';
'';
};
};
};
"www.ellalala.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 https://ellalala.com";
};
};
"ellalala.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "444";
};
};
};
# STREAMS
streamConfig = ''
server {
listen 3032;
proxy_pass 100.64.0.13:3032;
}
'';
};
networking.firewall.allowedTCPPorts = [
80 # web http
443 # web https
3032 # git ssh stream
];
}

11
hosts/oracle/o001/nginx.nix
View file

@ -142,21 +142,10 @@
}; };
}; };
}; };
# STREAMS
streamConfig = ''
server {
listen 3032;
proxy_pass 100.64.0.13:3032;
}
'';
}; };
# NOTE Oracle also has security rules that must expose these ports so this alone will not work! See readme
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 # web http 80 # web http
443 # web https 443 # web https
3032 # ssh for git server
]; ];
} }