Publish quine-core

This commit is contained in:
Philip Peterson 2024-11-15 22:00:01 -09:00
commit 6c2551349e
No known key found for this signature in database
GPG key ID: 354311183FC6519B
41 changed files with 1638 additions and 0 deletions

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.DS_Store
terraform/.terraform

15
nixos/.github/workflows/build.yml vendored Normal file
View file

@ -0,0 +1,15 @@
name: 'build'
on:
push:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel

3
nixos/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.idea
result
secrets.json

10
nixos/README.md Normal file
View file

@ -0,0 +1,10 @@
How to install:
nix --extra-experimental-features flakes --extra-experimental-features nix-command run --debug github:numtide/nixos-anywhere --verbose -- --flake .#nixos root@yourhost.com
You will need to maually make these:
```
/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/id_rsa.pem
```

6
nixos/apply.sh Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -e
git pull origin main
nixos-rebuild switch --flake .#nixos --verbose --show-trace

8
nixos/clean.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env bash
set -e
nix-store --gc
nix-collect-garbage -d
rm -rf ~/.cache/nix
rm -rf /nix/var/nix/gcroots/*

View file

@ -0,0 +1,71 @@
{
pullomatic,
pkgs,
lib,
...
}: let
domainToPath = domain: lib.concatStringsSep "_" domain;
domainToRepoName = domain: lib.concatStringsSep "-" domain;
makeConfigFile = domain: remoteUrl: branch: {
name = domainToRepoName domain;
text = ''
path: /etc/pullomatic/${domainToPath domain}
remote_url: ${remoteUrl}
remote_branch: ${branch}
interval:
interval: 10m
credentials:
private_key: /root/.ssh/id_rsa.pem
private_key_path: true
'';
};
configFiles = [
(makeConfigFile
["com" "philippeterson"]
"git@github.com:philip-peterson/philippeterson.com.git"
"master")
(makeConfigFile
["com" "quinefoundation" "blog"]
"git@github.com:philip-peterson/blog.git"
"master")
(makeConfigFile
["atcsim"]
"git@github.com:philip-peterson/ATC-Sim.git"
"master")
];
configDir =
pkgs.runCommand "config-dir" {
buildInputs = [pkgs.coreutils];
} ''
mkdir -p $out
# Loop over the config files and write each one to $out
${lib.concatStringsSep "\n" (map (cf: ''
echo "${cf.text}" > $out/${cf.name}
chmod 0644 $out/${cf.name}
'')
configFiles)}
chmod -R 0750 $out
'';
in {
systemd.services.pullomatic = {
description = "Pull repositories with polling from a daemon";
serviceConfig = {
ExecStart = "${pullomatic} -c ${configDir}";
Restart = "always";
RestartSec = "0";
User = "root";
Group = "root";
};
};
systemd.tmpfiles.rules = [
"d /etc/pullomatic - root repo-data - -"
"Z /etc/pullomatic - root repo-data - -"
"Z /etc/pullomatic/* - root repo-data - -"
];
}

55
nixos/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

3
nixos/firewall.nix Normal file
View file

@ -0,0 +1,3 @@
{pkgs, ...}: {
networking.firewall.allowedTCPPorts = [80 22 443];
}

227
nixos/flake.lock Normal file
View file

@ -0,0 +1,227 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707385478,
"narHash": "sha256-xwKXoBeiwfp+jqQxt3O0mUxrBXsNfdBn15teMMWbw0U=",
"owner": "nix-community",
"repo": "disko",
"rev": "15b52c3c8a718253e66f1b92f595dc47873fdfea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707016097,
"narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "3e3dad2808379c522138e2e8b0eb73500721a237",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-index-database",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1707347730,
"narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1707268954,
"narHash": "sha256-2en1kvde3cJVc3ZnTy8QeD2oKcseLFjYPLKhIGDanQ0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f8e2ebd66d097614d51a56a755450d4ae1632df1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1707488227,
"narHash": "sha256-CJavI6VIk12u8mntxepDDinX2TX5et1I2phRm9mObtI=",
"owner": "nix-community",
"repo": "NUR",
"rev": "7401f12518027ed8ea1d8f7634a446ac3269c3c4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723515680,
"narHash": "sha256-nHdKymsHCVIh0Wdm4MvSgxcTTg34FJIYHRQkQYaSuvk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4ee3d9e9569f70d7bb40f28804d6fe950c81eab3",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

110
nixos/flake.nix Normal file
View file

@ -0,0 +1,110 @@
{
description = "NixOS configuration";
# 24.05
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
inputs.agenix.url = "github:ryantm/agenix";
inputs.agenix.inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.home-manager.url = "github:nix-community/home-manager/release-23.11";
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
inputs.nur.url = "github:nix-community/NUR";
inputs.nix-index-database.url = "github:Mic92/nix-index-database";
inputs.nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
outputs = inputs:
with inputs; let
system = "x86_64-linux";
globals = builtins.fromJSON (builtins.readFile "${self}/globals.json");
config = {
allowUnfree = true;
permittedInsecurePackages = [
# FIXME:: add any insecure packages you absolutely need here
];
};
overlays = [
nur.overlay
(_final: prev: {
# this allows us to reference pkgs.unstable
unstable = import nixpkgs-unstable {
inherit (prev) system;
inherit config;
};
})
(import rust-overlay)
];
nixpkgsWithOverlays = with inputs; rec {
inherit overlays config;
};
pkgs = nixpkgsWithOverlays;
lib = pkgs.lib;
configurationDefaults = args: {
nixpkgs = nixpkgsWithOverlays;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hm-backup";
home-manager.extraSpecialArgs = args;
};
argDefaults = {
inherit
globals
inputs
self
nix-index-database
;
channels = {
inherit nixpkgs nixpkgs-unstable;
};
};
mkNixosConfiguration = {
hostname,
username,
args ? {},
modules,
}: let
specialArgs = argDefaults // {inherit hostname username;} // args;
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules =
[
(configurationDefaults specialArgs)
home-manager.nixosModules.home-manager
]
++ modules;
};
in {
nixosConfigurations.nixos = mkNixosConfiguration {
hostname = "pw-mainframe";
username = "ironmagma";
args = {
nixPkgs = import nixpkgs {inherit system overlays;};
};
modules = [
disko.nixosModules.disko
agenix.nixosModules.age
./hetzner.nix
./linux.nix
];
};
};
}

5
nixos/format.sh Executable file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -e
nix-shell -p alejandra.out --run 'alejandra .'

2
nixos/globals.json Normal file
View file

@ -0,0 +1,2 @@
{
}

42
nixos/hetzner.nix Normal file
View file

@ -0,0 +1,42 @@
{modulesPath, ...}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
# Fixes iotop
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
extraConfig = ''
PrintLastLog no
'';
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
# For secrets
{
path = "/root/.ssh/id_rsa_nix";
type = "ed25519";
}
];
};
}

View file

@ -0,0 +1,68 @@
{pkgs ? import <nixpkgs> {}, ...}: let
# Fetch the tarball
nfsn_ddns_tarball = pkgs.fetchurl {
url = "https://files.pythonhosted.org/packages/76/15/607b52a0bfda95fd8157c1c4b3b3631aa535206b2bd8fb43f57961460402/nfsn_ddns-0.2.0.tar.gz";
sha256 = "sha256-ijD3hrdoYNt/MHy4C6zIqgU5sj+kGg+ma8TswO5qOEk=";
};
# Extract the tarball
extracted_nfsn_ddns = pkgs.stdenv.mkDerivation {
name = "nfsn-ddns-extracted";
src = nfsn_ddns_tarball;
buildInputs = [pkgs.gnugrep pkgs.gnumake pkgs.gzip]; # Ensure tools are available for extraction if needed
phases = ["unpackPhase" "installPhase"];
unpackPhase = ''
mkdir -p $out
tar -xzf $src -C $out
'';
installPhase = ''
echo "Extracted files available in $out"
'';
meta = with pkgs.lib; {
description = "Extracted files from nfsn_ddns tarball";
license = licenses.unlicense;
maintainers = [];
};
};
in
pkgs.python3Packages.buildPythonApplication rec {
pname = "invoke-ddns";
version = "0.0.1";
src = ./.;
format = "setuptools";
dontUseCmakeConfigure = true;
buildInputs = with pkgs.python3Packages; [
setuptools
extracted_nfsn_ddns
];
propagatedBuildInputs = with pkgs.python3Packages; [
tornado
requests
python-daemon
pip
pykka
pytest
];
# no tests implemented
#doCheck = false;
#pythonImportsCheck = [ "mopidy_jellyfin" ];
meta = with pkgs.lib; {
homepage = "https://github.com/philip-peterson/invoke-ddns";
description = "Invoke DDNS for fun and profit";
license = licenses.unlicense;
maintainers = ["Philip Peterson"];
};
}

View file

@ -0,0 +1,2 @@
if __name__ == '__main__':
pass

View file

@ -0,0 +1,2 @@
def main():
pass

View file

@ -0,0 +1,20 @@
#!/usr/bin/env python
from distutils.core import setup
setup(name='InvokeDdns',
version='1.0',
description='Checks with NearlyFreeSpeech that the dynamic dns entries are right',
author='Philip Peterson',
author_email='peterson@sent.com',
url='https://github.com/philip-peterson/invoke-ddns',
packages=['invoke_ddns', 'invoke_ddns.command'],
install_requires=[
'tornado>=4.4'
],
entry_points={
'console_scripts': [
'invoke-ddns = invoke_ddns.command:main',
],
},
)

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDtibpc9Zz03PvrNLfgAz4UQ58UYrxw+8AZbzuSO8Gpvu4Eu0X3dJkD90tnK2XxsqKLUqN9pvoveA/29ul0DoAe9XHUXZJw//htwkUttVae2Uu7I+YnIqre1y3I0YQt+B1FzkYEaZ6KOTAqLGlRB27nzVagoCfZ0IW1cHf4NIL91hmZBNFHMNZoDP41p0zPOvJcw8SDTYv3h6K/sY60b1QB7yu5xIfFihzvTG7M6TBluLTNtdOK/qj79dEVbHr6etCjj0CChPozxq+CaCT/Mp2V6fpNxFADWsh7oLFG/gsDFYLJAn02NwQOT+yjWqWWa3qS73HzL2MaOzwDwwwV+4PK+/dIiU8Jw21guevWrZVGvmoZb4IC/I4DrlGZBpfBz/e0Kznkf8+pRx10SGjepXQVYCIUce6ptYm2X+oPuriUjTQKa3a4bvDFSMzgK6nt5CJzZI+tk9uTpxYH2gX4D06M7cylYgywJNSIyGE8+yJ8XpWgyAoM6tf9BIppJbLJQKsbO+IuElSjQWj5pcw/KIwYAFW5mQLjnjRmQg5HX8gkT6PD9jen26JJahYcfZnvlVwl1GkU52hCGP5LhdG2dgbZHG9Jibd+aVm5IfhnaB0/jWjV0+IuB1Wns3Etkbp098rXmiG6TLfI1XdH7+xbPw4+vSvBtlzTfRUfTTaY57VR4Q== ironmagma@Philips-MBP

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC534fjfQ8PFUuyqp/3jH+tE2hq5EbbR8QcJ5ZYdm5H28d0+npxE4RnxqA82q/ZHiZT1nG5BIlRitPoIE74LFruLPBzZVfpOQxqczCAM2gsKGOY8Ug30Jl3OazsEyXYcZPdYdl/KhdrzPuJArRA7rdiI3krgVRnyG/bmU9/uQJ5fhowMJ8owYLdP4SXxh0O/vTauyNTxvddQAtGd+1DmcrFjFFNc8FeEhItMu2I9E1nIMS+lVSXOLZr1kXJa4kAhjUrWziI4nfzHESkV0hjF+DOQB/6bMFD04vkhCdK3wXKbEFkKzSBBtHQavpD7givk8mKWncdNR0bH+mB6WgiPbDAG83Q6ycAk3gX/AQAG/k/ZWo5x0u6MCN2op++JQLghdsg7T6iTJ+vTwqtEXiaWzckpEs+NR6GML8o/HCRZTTam8RIBgW5oUoqa52aDUS0WNpAGEfiUnmoKmAbxhsjtTVNPU0pWAKmon9mEmw83CzqogxAkOIgrWM58QGaGsuNgqU= root@monolith

View file

@ -0,0 +1 @@
"github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"

View file

@ -0,0 +1,2 @@
"github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk="

View file

@ -0,0 +1,2 @@
"github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="

1
nixos/keys/mainframe.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5cEJLzQH5v3r4DrwZxwXOGQWaRVlyJGciXkOz6KiKI root@pw-mainframe

186
nixos/linux.nix Normal file
View file

@ -0,0 +1,186 @@
{
config,
username,
hostname,
pkgs,
lib,
nix-index-database,
inputs,
specialArgs,
...
}: let
ddnsPkg = import ./invoke-ddns {inherit pkgs;};
startSeq = builtins.fromJSON ''"\u001b[7m"''; # Start inverted color
endSeq = builtins.fromJSON ''"\u001b[27m"''; # End inverted color
motd = "${startSeq} Welcome to the Peterson Mainframe! Look, touch, but DO NOT LICK. ${endSeq}";
nixPkgs = specialArgs.nixPkgs;
ourRustVersion = pkgs.rust-bin.selectLatestNightlyWith (toolchain: toolchain.complete);
ourRustPlatform = nixPkgs.makeRustPlatform {
rustc = ourRustVersion;
cargo = ourRustVersion;
};
pullomaticPkg = import ./pullomatic {
inherit lib pkgs;
rustPlatform = ourRustPlatform;
specialArgs = {};
};
pullomatic = "${pullomaticPkg}/bin/pullomatic";
in {
imports = [
(import ./cloned_repos {inherit pkgs pullomatic lib;})
(import ./nginx.nix {inherit pkgs lib config;})
(import ./firewall.nix {inherit pkgs;})
(import ./system/users.nix {inherit pkgs config lib nix-index-database;})
];
time.timeZone = "America/Anchorage";
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age;
age.secrets.nearlyfreespeech.owner = "root";
environment.systemPackages = [
ddnsPkg
pullomaticPkg
pkgs.vim
pkgs.php
pkgs.rustc
pkgs.cargo
pkgs.util-linux
pkgs.iotop
pkgs.rust-bin.stable.latest.default
];
swapDevices = [
{
device = "/swapfile";
size = 1 * 1024; # 1GB
}
];
systemd.tmpfiles.rules = [
"d /home/ironmagma/.config 0755 ${username} users"
"d /root/.config 0755 ${username} users"
];
networking.hostName = "${hostname}";
# FIXME: change your shell here if you don't want zsh
programs.zsh.enable = true;
environment.pathsToLink = ["/share/zsh"];
environment.shells = [pkgs.zsh];
environment.enableAllTerminfo = true;
security.sudo.wheelNeedsPassword = false;
users.motd = motd;
system.stateVersion = "22.05";
virtualisation.docker = {
enable = true;
enableOnBoot = true;
autoPrune.enable = true;
};
virtualisation.oci-containers = {
backend = "docker";
containers = {
"hello" = {
autoStart = true;
image = "nginxdemos/hello";
#user = "root:jellyfin";
volumes = [
];
ports = ["8081:80"];
};
"navidrome" = {
autoStart = true;
environment = {
"TZ" = "America/Anchorage";
"PUID" = "1000";
"PGID" = "100";
"ND_SCANSCHEDULE" = "1h";
"ND_LOGLEVEL" = "info";
"ND_SESSIONTIMEOUT" = "24h";
"ND_BASEURL" = "";
};
ports = ["4533:4533"];
volumes = [
"/var/navidrome/data:/data"
"/var/navidrome/music:/music:ro"
];
image = "deluan/navidrome";
};
"webdav" = {
autoStart = true;
image = "dgraziotin/nginx-webdav-nononsense";
#user = "root:jellyfin";
volumes = [
"/mnt/webdav/data:/data"
"/mnt/webdav/config:/config"
];
environment = {
"WEBDAV_USERNAME" = "foo";
# TODO
"WEBDAV_PASSWORD" = "bar";
"TZ" = "America/Anchorage";
"PUID" = "60"; # nginx user
"PGID" = "60"; # nginx group
};
ports = ["8082:80"];
};
};
};
nix = {
settings = {
trusted-users = [username];
accept-flake-config = true;
auto-optimise-store = true;
};
registry = {
nixpkgs = {
flake = inputs.nixpkgs;
};
};
nixPath = [
"nixpkgs=${inputs.nixpkgs.outPath}"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
package = pkgs.nixFlakes;
extraOptions = ''experimental-features = nix-command flakes'';
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
# HTTPS
security.acme = {
acceptTerms = true;
defaults.email = "peterson@sent.com";
certs."philippeterson.com" = {
dnsProvider = "nearlyfreespeech";
environmentFile = config.age.secrets."nearlyfreespeech".path;
webroot = null;
};
};
}

Binary file not shown.

144
nixos/nginx.nix Normal file
View file

@ -0,0 +1,144 @@
{
lib,
pkgs,
config,
...
}: {
services.nginx = {
enable = true;
virtualHosts = {
"_default" = {
listen = [
{ addr = "0.0.0.0"; port = 80; }
{ addr = "[::]"; port = 80; }
];
serverName = "_";
extraConfig = ''
deny all;
return 444;
'';
};
"philippeterson.com" = {
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
forceSSL = false; # Redirect HTTP to HTTPS?
addSSL = true;
root = "/etc/pullomatic/com_philippeterson";
locations."~ /.git(/.*)$ " = {
extraConfig = ''
deny all;
return 404;
'';
};
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/games/atcsim/?$ "/index.html" break;
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/atcsim;
'';
};
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "$query";
'';
};
locations."/" = {
extraConfig = ''
try_files $uri $uri.php $uri/ =404;
index index.php index.html index.htm;
rewrite ^/contact$ /contact.php last;
rewrite ^/resume$ /resume.php last;
'';
};
locations."~ \.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
'';
};
};
"blog.quinefoundation.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
root = "/etc/pullomatic/com_quinefoundation_blog/markdown-blog";
locations."~ /.git(/.*)$ " = {
extraConfig = ''
deny all;
return 404;
'';
};
locations."~ ^/static(/.*)?$" = {
extraConfig = ''
autoindex on;
root /etc/pullomatic/com_quinefoundation_blog/static;
rewrite ^/static(?<query>(/[^/\\s]*)*)$ "$query" break;
'';
};
locations."/" = {
extraConfig = ''
rewrite ^/?$ /blog-posts-list.php last;
rewrite ^/post/?$ /blog-posts-list.php last;
rewrite ^/about/?$ /about.php last;
rewrite ^/credits/?$ /credits.php last;
rewrite ^/post/([-a-zA-Z0-9]*)$ /blog-page.php?page=$1.md last;
rewrite ^/rss.xml$ /rss.php last;
try_files $uri $uri/ =404;
index index.php index.html index.htm;
'';
};
locations."~ \.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
'';
};
};
};
# Optionally configure additional options
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
services.phpfpm.pools = {
main = {
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
user = "nginx";
group = "nginx";
settings = {
# listen = /run/phpfpm.sock
# "listen.mode = 0660
"listen.owner" = "nginx";
"listen.group" = "nginx";
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
};
};
}

View file

@ -0,0 +1,41 @@
{
lib,
pkgs,
rustPlatform,
specialArgs,
}:
rustPlatform.buildRustPackage rec {
pname = "pullomatic";
version = "1.0.0";
src = pkgs.fetchFromGitHub {
owner = "philip-peterson";
repo = pname;
rev = "master";
hash = "sha256-VVIhbbdHBBeodODWQq40q91uqtTrUHsCyPgTZ5VtrRc=";
};
cargoBuildFlags = ["--bin" "pullomatic"];
cargoHash = "sha256-oo0M4AlraRw2LRYzvhlbjgvSolZcuRz+2WruesEWltk=";
nativeBuildInputs = with pkgs; [
pkg-config
];
buildInputs = with pkgs; [
openssl
];
meta = {
description = "A tool for automating GitHub pulls";
homepage = "https://github.com/philip-peterson/pullomatic";
license = lib.licenses.unlicense;
maintainers = [
{
name = "Philip Peterson";
email = "peterson@sent.com";
}
];
};
}

5
nixos/refresh.sh Executable file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -e
./apply.sh

5
nixos/secrets/README.md Normal file
View file

@ -0,0 +1,5 @@
To decrypt these files, you would need the Quine Foundation server's private key,
which is of course not public information. However, you could also generate your own
secrets using `age` which is an open source project used to power this server.
These would use your own private key, and therefore the encrypted versions would of
course differ from what's public in this repository.

View file

@ -0,0 +1,8 @@
{}: let
mainframePublicKey = builtins.toString "../keys/mainframe.pub";
in {
# This .age file should contain the following environment variables:
# NEARLYFREESPEECH_API_KEY
# NEARLYFREESPEECH_LOGIN
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
}

View file

@ -0,0 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyBteHlN
bTNkUUxaY2NwRFdSR1E4VWhkbW8yV2VrT2dJbGRFMjJoUkJHNGc0CkI0Z25jMDJK
ck1TOWM0eHFZSzJETU1sekxFVGFDOWdDWGlicVlwdGY4T2cKLS0tIEZBSnJyQVN5
Nk1WZjM2aVdDdkNtamdBOExUSWNobEJzdFRnQ1JsbjZyNUEKpQAGd4xnEZd2JHFN
grhQ/kLePUz7W0i8epk+bu2aJiSs7sSznRI0gTf6zTwpUk1p0zOtJaK7uopPC+go
I9FPCx+rXzbmwrMcVUuzZLa8M1gikABswKSxKB/kHqH7KzrVGscQ4xz1gN+hdOS8
5xoP
-----END AGE ENCRYPTED FILE-----

View file

@ -0,0 +1,15 @@
{
config,
pkgs,
username,
nix-index-database,
lib,
...
}: let
shared = import ./shared.nix {
inherit config pkgs username nix-index-database lib;
homeDirectory = "/home/ironmagma";
};
in {
imports = [shared];
}

View file

@ -0,0 +1,17 @@
{
config,
pkgs,
username,
nix-index-database,
lib,
...
}: let
shared = import ./shared.nix {
inherit config pkgs username nix-index-database lib;
homeDirectory = "/root";
};
in {
imports = [shared];
home.sessionVariables.EDITOR = "vim";
}

View file

@ -0,0 +1,252 @@
{
config,
pkgs,
username,
nix-index-database,
lib,
homeDirectory,
...
}: let
unstable-packages = with pkgs.unstable; [
coreutils
curl
findutils
git
git-crypt
jq
killall
tmux
unzip
vim
wget
zip
];
stable-packages = with pkgs; [
rustup
go
nodejs
python3
alejandra # nix formatter
];
dir = builtins.toString ../../keys/known_hosts;
files = builtins.attrNames (builtins.readDir dir);
pubKeys = map (file: import (dir + "/" + file)) files;
joinedString = lib.concatStringsSep " " pubKeys;
in {
imports = [
nix-index-database.hmModules.nix-index
];
home = {
stateVersion = "22.11";
username = lib.mkDefault "${username}";
homeDirectory = homeDirectory;
sessionVariables.EDITOR = "vim";
sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh";
packages = lib.mkDefault (
stable-packages
++ unstable-packages
);
file.".ssh/known_hosts".text = joinedString;
};
programs = {
home-manager.enable = true;
nix-index.enable = true;
nix-index.enableZshIntegration = true;
nix-index-database.comma.enable = true;
# FIXME: disable this if you don't want to use the starship prompt
starship.enable = true;
starship.settings = {
aws.disabled = true;
gcloud.disabled = true;
kubernetes.disabled = false;
git_branch.style = "242";
directory.style = "blue";
directory.truncate_to_repo = false;
directory.truncation_length = 8;
python.disabled = true;
ruby.disabled = true;
hostname.ssh_only = false;
hostname.style = "bold green";
};
# FIXME: disable whatever you don't want
fzf.enable = true;
fzf.enableZshIntegration = true;
lsd.enable = true;
lsd.enableAliases = true;
zoxide.enable = true;
zoxide.enableZshIntegration = true;
broot.enable = true;
broot.enableZshIntegration = true;
direnv.enable = true;
direnv.enableZshIntegration = true;
direnv.nix-direnv.enable = true;
git = {
enable = true;
package = pkgs.unstable.git;
delta.enable = true;
delta.options = {
line-numbers = true;
side-by-side = true;
navigate = true;
};
userEmail = "1326208+philip-peterson@users.noreply.github.com";
userName = "philip-peterson";
extraConfig = {
push = {
default = "current";
autoSetupRemote = true;
};
merge = {
conflictstyle = "diff3";
};
diff = {
colorMoved = "default";
};
safe = {
directory = "/var/petersweb-infra";
};
};
};
zsh = {
enable = true;
autocd = true;
enableAutosuggestions = true;
enableCompletion = true;
defaultKeymap = "emacs";
history.size = 10000;
history.save = 10000;
history.expireDuplicatesFirst = true;
history.ignoreDups = true;
history.ignoreSpace = true;
historySubstringSearch.enable = true;
plugins = [
{
name = "fast-syntax-highlighting";
src = "${pkgs.zsh-fast-syntax-highlighting}/share/zsh/site-functions";
}
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.5.0";
sha256 = "0za4aiwwrlawnia4f29msk822rj9bgcygw6a8a6iikiwzjjz0g91";
};
}
];
shellAliases = {
"u" = "cd ..";
"uu" = "cd ../..";
"uuu" = "cd ../../..";
"uuuu" = "cd ../../../..";
gs = "git status";
gc = "nix-collect-garbage --delete-old";
refresh = "source ~/.zshrc";
show_path = "echo $PATH | tr ':' '\n'";
gst = "git status";
gco = "git checkout";
};
envExtra = ''
export PATH=$PATH:$HOME/.local/bin
'';
initExtra = ''
bindkey '^p' history-search-backward
bindkey '^n' history-search-forward
bindkey '^e' end-of-line
bindkey '^w' forward-word
bindkey "^[[3~" delete-char
bindkey ";5C" forward-word
bindkey ";5D" backward-word
zstyle ':completion:*:*:*:*:*' menu select
# Complete . and .. special directories
zstyle ':completion:*' special-dirs true
zstyle ':completion:*' list-colors ""
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
# disable named-directories autocompletion
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
# Use caching so that commands like apt and dpkg complete are useable
zstyle ':completion:*' use-cache on
zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
# Don't complete uninteresting users
zstyle ':completion:*:*:*:users' ignored-patterns \
adm amanda apache at avahi avahi-autoipd beaglidx bin cacti canna \
clamav daemon dbus distcache dnsmasq dovecot fax ftp games gdm \
gkrellmd gopher hacluster haldaemon halt hsqldb ident junkbust kdm \
ldap lp mail mailman mailnull man messagebus mldonkey mysql nagios \
named netdump news nfsnobody nobody nscd ntp nut nx obsrun openvpn \
operator pcap polkitd postfix postgres privoxy pulse pvm quagga radvd \
rpc rpcuser rpm rtkit scard shutdown squid sshd statd svn sync tftp \
usbmux uucp vcsa wwwrun xfs '_*'
# ... unless we really want to.
zstyle '*' single-ignored complete
# https://thevaluable.dev/zsh-completion-guide-examples/
zstyle ':completion:*' completer _extensions _complete _approximate
zstyle ':completion:*:descriptions' format '%F{green}-- %d --%f'
zstyle ':completion:*' group-name ""
zstyle ':completion:*:*:-command-:*:*' group-order alias builtins functions commands
zstyle ':completion:*' squeeze-slashes true
zstyle ':completion:*' matcher-list "" 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
# mkcd is equivalent to takedir
function mkcd takedir() {
mkdir -p $@ && cd ''${@:$#}
}
function takeurl() {
local data thedir
data="$(mktemp)"
curl -L "$1" > "$data"
tar xf "$data"
thedir="$(tar tf "$data" | head -n 1)"
rm "$data"
cd "$thedir"
}
function takegit() {
git clone "$1"
cd "$(basename ''${1%%.git})"
}
function take() {
if [[ $1 =~ ^(https?|ftp).*\.(tar\.(gz|bz2|xz)|tgz)$ ]]; then
takeurl "$1"
elif [[ $1 =~ ^([A-Za-z0-9]\+@|https?|git|ssh|ftps?|rsync).*\.git/?$ ]]; then
takegit "$1"
else
takedir "$@"
fi
}
WORDCHARS='*?[]~=&;!#$%^(){}<>'
# fixes duplication of commands when using tab-completion
export LANG=C.UTF-8
'';
};
};
}

74
nixos/system/users.nix Normal file
View file

@ -0,0 +1,74 @@
{
pkgs,
config,
nix-index-database,
lib,
...
}: let
makeUser = {
username,
home,
extraGroups,
authorizedKeys,
homeConfig ? null,
isNormalUser ? true,
}: {
extraGroups = extraGroups ++ [username];
home-manager.users.${username} = homeConfig;
users.users.${username} = {
isNormalUser = isNormalUser;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = authorizedKeys;
home = home;
};
users.groups.${username} = {
name = "${username}";
members = ["${username}"];
};
};
dir = builtins.toString ../keys/authorized_keys;
files = builtins.attrNames (builtins.readDir dir);
authorizedKeys = map (file: builtins.readFile "${dir}/${file}") files;
rootUser = makeUser {
isNormalUser = false;
username = "root";
home = "/root";
extraGroups = [];
authorizedKeys = authorizedKeys;
homeConfig = import ./home/root.nix {
username = "root";
inherit config pkgs nix-index-database lib;
};
};
ironmagmaUser = makeUser {
username = "ironmagma";
home = "/home/ironmagma";
extraGroups = [
"wheel"
"docker"
];
authorizedKeys = [
(builtins.readFile ../keys/authorized_keys/macbookpro.pub)
(builtins.readFile ../keys/authorized_keys/macbookpro-intel.pub)
(builtins.readFile ../keys/authorized_keys/monolith.pub)
];
homeConfig = import ./home/ironmagma.nix {
username = "ironmagma";
inherit config pkgs nix-index-database lib;
};
};
in {
users.groups.repo-data = {
name = "repo-data";
members = ["nginx"];
};
users.users = rootUser.users.users // ironmagmaUser.users.users // {};
home-manager.users = rootUser.home-manager.users // ironmagmaUser.home-manager.users;
}

View file

@ -0,0 +1,46 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/null" {
version = "3.2.2"
constraints = "3.2.2"
hashes = [
"h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
"h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
"zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
"zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
"zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
"zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
"zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
"zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
"zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
"zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
"zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
"zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
]
}
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.47.0"
constraints = "~> 1.45"
hashes = [
"h1:B7iDacnh16TWyenN4+eledjmuZ89vYkdg5yFjlRNT7M=",
"h1:KQbtq1sXF4deoc0DKgjyyJMdIuHfhfhAPkVV0DlTMRI=",
"zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34",
"zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887",
"zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340",
"zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d",
"zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8",
"zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25",
"zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f",
"zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb",
"zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e",
"zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557",
"zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4",
"zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd",
"zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e",
"zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c",
]
}

45
terraform/foo.tf Normal file
View file

@ -0,0 +1,45 @@
locals {
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local"
}
terraform {
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = "~> 1.45"
}
null = {
source = "hashicorp/null"
version = "3.2.2"
}
}
}
resource "hcloud_ssh_key" "default" {
name = "Philip Macbook Pro M2"
public_key = local.public_key
}
# Set the variable value in *.tfvars file
# or using the -var="hcloud_token=..." CLI option
# variable "hcloud_token" {
# sensitive = true
# }
# Configure the Hetzner Cloud Provider
provider "hcloud" {
token = "hmUptEnfNpDdYVAeLOvmv14fZn9YV9wYuDhU4t0Mso26K2JLNbuJ2CvtCI3mLJyp"
}
# Create a server
resource "hcloud_server" "web" {
name = "syncthing"
image = "fedora-40"
server_type = "cx32"
ssh_keys = [
"Philip Macbook Pro M2"
]
}

View file

@ -0,0 +1,75 @@
{
"version": 4,
"terraform_version": "1.5.7",
"serial": 28,
"lineage": "0a446551-97f6-5e1f-fd21-d1a5bd66b38f",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "hcloud_server",
"name": "web",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allow_deprecated_images": false,
"backup_window": "",
"backups": false,
"datacenter": "hel1-dc2",
"delete_protection": false,
"firewall_ids": [],
"id": "51104554",
"ignore_remote_firewall_ids": false,
"image": "fedora-40",
"ipv4_address": "135.181.83.225",
"ipv6_address": "2a01:4f9:c010:8efd::1",
"ipv6_network": "2a01:4f9:c010:8efd::/64",
"iso": null,
"keep_disk": false,
"labels": {},
"location": "hel1",
"name": "syncthing",
"network": [],
"placement_group_id": 0,
"primary_disk_size": 80,
"public_net": [],
"rebuild_protection": false,
"rescue": null,
"server_type": "cx32",
"shutdown_before_deletion": false,
"ssh_keys": [
"Philip Macbook Pro M2"
],
"status": "running",
"timeouts": null,
"user_data": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "hcloud_ssh_key",
"name": "default",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"fingerprint": "eb:d4:34:7f:69:a7:82:3c:4c:f6:54:d3:4a:f3:73:cd",
"id": "22314214",
"labels": {},
"name": "Philip Macbook Pro M2",
"public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local"
},
"sensitive_attributes": []
}
]
}
],
"check_results": null
}

View file

@ -0,0 +1,56 @@
{
"version": 4,
"terraform_version": "1.5.7",
"serial": 26,
"lineage": "0a446551-97f6-5e1f-fd21-d1a5bd66b38f",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "hcloud_server",
"name": "web",
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allow_deprecated_images": false,
"backup_window": "",
"backups": false,
"datacenter": "hel1-dc2",
"delete_protection": false,
"firewall_ids": [],
"id": "51104554",
"ignore_remote_firewall_ids": false,
"image": "fedora-40",
"ipv4_address": "135.181.83.225",
"ipv6_address": "2a01:4f9:c010:8efd::1",
"ipv6_network": "2a01:4f9:c010:8efd::/64",
"iso": null,
"keep_disk": false,
"labels": {},
"location": "hel1",
"name": "syncthing",
"network": [],
"placement_group_id": 0,
"primary_disk_size": 80,
"public_net": [],
"rebuild_protection": false,
"rescue": null,
"server_type": "cx32",
"shutdown_before_deletion": false,
"ssh_keys": [
"Philip Macbook Pro M2"
],
"status": "running",
"timeouts": null,
"user_data": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0="
}
]
}
],
"check_results": null
}