Publish quine-core
This commit is contained in:
commit
6c2551349e
41 changed files with 1638 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
.DS_Store
|
||||||
|
terraform/.terraform
|
||||||
15
nixos/.github/workflows/build.yml
vendored
Normal file
15
nixos/.github/workflows/build.yml
vendored
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
name: 'build'
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
pull_request:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
|
||||||
|
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel
|
||||||
3
nixos/.gitignore
vendored
Normal file
3
nixos/.gitignore
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
.idea
|
||||||
|
result
|
||||||
|
secrets.json
|
||||||
10
nixos/README.md
Normal file
10
nixos/README.md
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
How to install:
|
||||||
|
|
||||||
|
nix --extra-experimental-features flakes --extra-experimental-features nix-command run --debug github:numtide/nixos-anywhere --verbose -- --flake .#nixos root@yourhost.com
|
||||||
|
|
||||||
|
You will need to maually make these:
|
||||||
|
```
|
||||||
|
/root/.ssh/id_rsa
|
||||||
|
/root/.ssh/id_rsa.pub
|
||||||
|
/root/.ssh/id_rsa.pem
|
||||||
|
```
|
||||||
6
nixos/apply.sh
Executable file
6
nixos/apply.sh
Executable file
|
|
@ -0,0 +1,6 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
git pull origin main
|
||||||
|
nixos-rebuild switch --flake .#nixos --verbose --show-trace
|
||||||
8
nixos/clean.sh
Executable file
8
nixos/clean.sh
Executable file
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
nix-store --gc
|
||||||
|
nix-collect-garbage -d
|
||||||
|
rm -rf ~/.cache/nix
|
||||||
|
rm -rf /nix/var/nix/gcroots/*
|
||||||
71
nixos/cloned_repos/default.nix
Normal file
71
nixos/cloned_repos/default.nix
Normal file
|
|
@ -0,0 +1,71 @@
|
||||||
|
{
|
||||||
|
pullomatic,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
domainToPath = domain: lib.concatStringsSep "_" domain;
|
||||||
|
domainToRepoName = domain: lib.concatStringsSep "-" domain;
|
||||||
|
|
||||||
|
makeConfigFile = domain: remoteUrl: branch: {
|
||||||
|
name = domainToRepoName domain;
|
||||||
|
text = ''
|
||||||
|
path: /etc/pullomatic/${domainToPath domain}
|
||||||
|
remote_url: ${remoteUrl}
|
||||||
|
remote_branch: ${branch}
|
||||||
|
interval:
|
||||||
|
interval: 10m
|
||||||
|
credentials:
|
||||||
|
private_key: /root/.ssh/id_rsa.pem
|
||||||
|
private_key_path: true
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
configFiles = [
|
||||||
|
(makeConfigFile
|
||||||
|
["com" "philippeterson"]
|
||||||
|
"git@github.com:philip-peterson/philippeterson.com.git"
|
||||||
|
"master")
|
||||||
|
(makeConfigFile
|
||||||
|
["com" "quinefoundation" "blog"]
|
||||||
|
"git@github.com:philip-peterson/blog.git"
|
||||||
|
"master")
|
||||||
|
(makeConfigFile
|
||||||
|
["atcsim"]
|
||||||
|
"git@github.com:philip-peterson/ATC-Sim.git"
|
||||||
|
"master")
|
||||||
|
];
|
||||||
|
|
||||||
|
configDir =
|
||||||
|
pkgs.runCommand "config-dir" {
|
||||||
|
buildInputs = [pkgs.coreutils];
|
||||||
|
} ''
|
||||||
|
mkdir -p $out
|
||||||
|
|
||||||
|
# Loop over the config files and write each one to $out
|
||||||
|
${lib.concatStringsSep "\n" (map (cf: ''
|
||||||
|
echo "${cf.text}" > $out/${cf.name}
|
||||||
|
chmod 0644 $out/${cf.name}
|
||||||
|
'')
|
||||||
|
configFiles)}
|
||||||
|
|
||||||
|
chmod -R 0750 $out
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
systemd.services.pullomatic = {
|
||||||
|
description = "Pull repositories with polling from a daemon";
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pullomatic} -c ${configDir}";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "0";
|
||||||
|
User = "root";
|
||||||
|
Group = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /etc/pullomatic - root repo-data - -"
|
||||||
|
"Z /etc/pullomatic - root repo-data - -"
|
||||||
|
"Z /etc/pullomatic/* - root repo-data - -"
|
||||||
|
];
|
||||||
|
}
|
||||||
55
nixos/disk-config.nix
Normal file
55
nixos/disk-config.nix
Normal file
|
|
@ -0,0 +1,55 @@
|
||||||
|
# Example to create a bios compatible gpt partition
|
||||||
|
{lib, ...}: {
|
||||||
|
disko.devices = {
|
||||||
|
disk.disk1 = {
|
||||||
|
device = lib.mkDefault "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
boot = {
|
||||||
|
name = "boot";
|
||||||
|
size = "1M";
|
||||||
|
type = "EF02";
|
||||||
|
};
|
||||||
|
esp = {
|
||||||
|
name = "ESP";
|
||||||
|
size = "500M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
name = "root";
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "lvm_pv";
|
||||||
|
vg = "pool";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
lvm_vg = {
|
||||||
|
pool = {
|
||||||
|
type = "lvm_vg";
|
||||||
|
lvs = {
|
||||||
|
root = {
|
||||||
|
size = "100%FREE";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
3
nixos/firewall.nix
Normal file
3
nixos/firewall.nix
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
networking.firewall.allowedTCPPorts = [80 22 443];
|
||||||
|
}
|
||||||
227
nixos/flake.lock
Normal file
227
nixos/flake.lock
Normal file
|
|
@ -0,0 +1,227 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"darwin": "darwin",
|
||||||
|
"home-manager": "home-manager",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1723293904,
|
||||||
|
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"darwin": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1700795494,
|
||||||
|
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||||
|
"owner": "lnl7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lnl7",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"disko": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707385478,
|
||||||
|
"narHash": "sha256-xwKXoBeiwfp+jqQxt3O0mUxrBXsNfdBn15teMMWbw0U=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"rev": "15b52c3c8a718253e66f1b92f595dc47873fdfea",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"agenix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703113217,
|
||||||
|
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706981411,
|
||||||
|
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"ref": "release-23.11",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-index-database": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707016097,
|
||||||
|
"narHash": "sha256-V4lHr6hFQ3rK650dh64Xffxsf4kse9vUYWsM+ldjkco=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "nix-index-database",
|
||||||
|
"rev": "3e3dad2808379c522138e2e8b0eb73500721a237",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "nix-index-database",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707347730,
|
||||||
|
"narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707268954,
|
||||||
|
"narHash": "sha256-2en1kvde3cJVc3ZnTy8QeD2oKcseLFjYPLKhIGDanQ0=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "f8e2ebd66d097614d51a56a755450d4ae1632df1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nur": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707488227,
|
||||||
|
"narHash": "sha256-CJavI6VIk12u8mntxepDDinX2TX5et1I2phRm9mObtI=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"rev": "7401f12518027ed8ea1d8f7634a446ac3269c3c4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"agenix": "agenix",
|
||||||
|
"disko": "disko",
|
||||||
|
"home-manager": "home-manager_2",
|
||||||
|
"nix-index-database": "nix-index-database",
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"nur": "nur",
|
||||||
|
"rust-overlay": "rust-overlay"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"rust-overlay": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1723515680,
|
||||||
|
"narHash": "sha256-nHdKymsHCVIh0Wdm4MvSgxcTTg34FJIYHRQkQYaSuvk=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "4ee3d9e9569f70d7bb40f28804d6fe950c81eab3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
||||||
110
nixos/flake.nix
Normal file
110
nixos/flake.nix
Normal file
|
|
@ -0,0 +1,110 @@
|
||||||
|
{
|
||||||
|
description = "NixOS configuration";
|
||||||
|
|
||||||
|
# 24.05
|
||||||
|
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
|
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
|
inputs.agenix.url = "github:ryantm/agenix";
|
||||||
|
inputs.agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
inputs.rust-overlay = {
|
||||||
|
url = "github:oxalica/rust-overlay";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
inputs.home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||||
|
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
inputs.nur.url = "github:nix-community/NUR";
|
||||||
|
|
||||||
|
inputs.nix-index-database.url = "github:Mic92/nix-index-database";
|
||||||
|
inputs.nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
inputs.disko.url = "github:nix-community/disko";
|
||||||
|
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
outputs = inputs:
|
||||||
|
with inputs; let
|
||||||
|
system = "x86_64-linux";
|
||||||
|
globals = builtins.fromJSON (builtins.readFile "${self}/globals.json");
|
||||||
|
|
||||||
|
config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
permittedInsecurePackages = [
|
||||||
|
# FIXME:: add any insecure packages you absolutely need here
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
overlays = [
|
||||||
|
nur.overlay
|
||||||
|
(_final: prev: {
|
||||||
|
# this allows us to reference pkgs.unstable
|
||||||
|
unstable = import nixpkgs-unstable {
|
||||||
|
inherit (prev) system;
|
||||||
|
inherit config;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(import rust-overlay)
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgsWithOverlays = with inputs; rec {
|
||||||
|
inherit overlays config;
|
||||||
|
};
|
||||||
|
|
||||||
|
pkgs = nixpkgsWithOverlays;
|
||||||
|
lib = pkgs.lib;
|
||||||
|
|
||||||
|
configurationDefaults = args: {
|
||||||
|
nixpkgs = nixpkgsWithOverlays;
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.backupFileExtension = "hm-backup";
|
||||||
|
home-manager.extraSpecialArgs = args;
|
||||||
|
};
|
||||||
|
|
||||||
|
argDefaults = {
|
||||||
|
inherit
|
||||||
|
globals
|
||||||
|
inputs
|
||||||
|
self
|
||||||
|
nix-index-database
|
||||||
|
;
|
||||||
|
channels = {
|
||||||
|
inherit nixpkgs nixpkgs-unstable;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mkNixosConfiguration = {
|
||||||
|
hostname,
|
||||||
|
username,
|
||||||
|
args ? {},
|
||||||
|
modules,
|
||||||
|
}: let
|
||||||
|
specialArgs = argDefaults // {inherit hostname username;} // args;
|
||||||
|
in
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system specialArgs;
|
||||||
|
modules =
|
||||||
|
[
|
||||||
|
(configurationDefaults specialArgs)
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
|
]
|
||||||
|
++ modules;
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
nixosConfigurations.nixos = mkNixosConfiguration {
|
||||||
|
hostname = "pw-mainframe";
|
||||||
|
username = "ironmagma";
|
||||||
|
args = {
|
||||||
|
nixPkgs = import nixpkgs {inherit system overlays;};
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
disko.nixosModules.disko
|
||||||
|
agenix.nixosModules.age
|
||||||
|
./hetzner.nix
|
||||||
|
./linux.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
5
nixos/format.sh
Executable file
5
nixos/format.sh
Executable file
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
nix-shell -p alejandra.out --run 'alejandra .'
|
||||||
2
nixos/globals.json
Normal file
2
nixos/globals.json
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
{
|
||||||
|
}
|
||||||
42
nixos/hetzner.nix
Normal file
42
nixos/hetzner.nix
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
{modulesPath, ...}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
./disk-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Fixes iotop
|
||||||
|
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
|
||||||
|
# devices = [ ];
|
||||||
|
efiSupport = true;
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
extraConfig = ''
|
||||||
|
PrintLastLog no
|
||||||
|
'';
|
||||||
|
hostKeys = [
|
||||||
|
{
|
||||||
|
bits = 4096;
|
||||||
|
path = "/etc/ssh/ssh_host_rsa_key";
|
||||||
|
type = "rsa";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
|
type = "ed25519";
|
||||||
|
}
|
||||||
|
|
||||||
|
# For secrets
|
||||||
|
{
|
||||||
|
path = "/root/.ssh/id_rsa_nix";
|
||||||
|
type = "ed25519";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
68
nixos/invoke-ddns/default.nix
Normal file
68
nixos/invoke-ddns/default.nix
Normal file
|
|
@ -0,0 +1,68 @@
|
||||||
|
{pkgs ? import <nixpkgs> {}, ...}: let
|
||||||
|
# Fetch the tarball
|
||||||
|
nfsn_ddns_tarball = pkgs.fetchurl {
|
||||||
|
url = "https://files.pythonhosted.org/packages/76/15/607b52a0bfda95fd8157c1c4b3b3631aa535206b2bd8fb43f57961460402/nfsn_ddns-0.2.0.tar.gz";
|
||||||
|
sha256 = "sha256-ijD3hrdoYNt/MHy4C6zIqgU5sj+kGg+ma8TswO5qOEk=";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Extract the tarball
|
||||||
|
extracted_nfsn_ddns = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "nfsn-ddns-extracted";
|
||||||
|
|
||||||
|
src = nfsn_ddns_tarball;
|
||||||
|
|
||||||
|
buildInputs = [pkgs.gnugrep pkgs.gnumake pkgs.gzip]; # Ensure tools are available for extraction if needed
|
||||||
|
|
||||||
|
phases = ["unpackPhase" "installPhase"];
|
||||||
|
|
||||||
|
unpackPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
tar -xzf $src -C $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
echo "Extracted files available in $out"
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with pkgs.lib; {
|
||||||
|
description = "Extracted files from nfsn_ddns tarball";
|
||||||
|
license = licenses.unlicense;
|
||||||
|
maintainers = [];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.python3Packages.buildPythonApplication rec {
|
||||||
|
pname = "invoke-ddns";
|
||||||
|
version = "0.0.1";
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
format = "setuptools";
|
||||||
|
|
||||||
|
dontUseCmakeConfigure = true;
|
||||||
|
|
||||||
|
buildInputs = with pkgs.python3Packages; [
|
||||||
|
setuptools
|
||||||
|
extracted_nfsn_ddns
|
||||||
|
];
|
||||||
|
|
||||||
|
propagatedBuildInputs = with pkgs.python3Packages; [
|
||||||
|
tornado
|
||||||
|
requests
|
||||||
|
python-daemon
|
||||||
|
pip
|
||||||
|
pykka
|
||||||
|
pytest
|
||||||
|
];
|
||||||
|
|
||||||
|
# no tests implemented
|
||||||
|
#doCheck = false;
|
||||||
|
#pythonImportsCheck = [ "mopidy_jellyfin" ];
|
||||||
|
|
||||||
|
meta = with pkgs.lib; {
|
||||||
|
homepage = "https://github.com/philip-peterson/invoke-ddns";
|
||||||
|
description = "Invoke DDNS for fun and profit";
|
||||||
|
license = licenses.unlicense;
|
||||||
|
maintainers = ["Philip Peterson"];
|
||||||
|
};
|
||||||
|
}
|
||||||
2
nixos/invoke-ddns/invoke_ddns/__init__.py
Normal file
2
nixos/invoke-ddns/invoke_ddns/__init__.py
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
if __name__ == '__main__':
|
||||||
|
pass
|
||||||
2
nixos/invoke-ddns/invoke_ddns/command/__init__.py
Normal file
2
nixos/invoke-ddns/invoke_ddns/command/__init__.py
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
def main():
|
||||||
|
pass
|
||||||
20
nixos/invoke-ddns/setup.py
Normal file
20
nixos/invoke-ddns/setup.py
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
from distutils.core import setup
|
||||||
|
|
||||||
|
setup(name='InvokeDdns',
|
||||||
|
version='1.0',
|
||||||
|
description='Checks with NearlyFreeSpeech that the dynamic dns entries are right',
|
||||||
|
author='Philip Peterson',
|
||||||
|
author_email='peterson@sent.com',
|
||||||
|
url='https://github.com/philip-peterson/invoke-ddns',
|
||||||
|
packages=['invoke_ddns', 'invoke_ddns.command'],
|
||||||
|
install_requires=[
|
||||||
|
'tornado>=4.4'
|
||||||
|
],
|
||||||
|
entry_points={
|
||||||
|
'console_scripts': [
|
||||||
|
'invoke-ddns = invoke_ddns.command:main',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
)
|
||||||
1
nixos/keys/authorized_keys/macbookpro-intel.pub
Normal file
1
nixos/keys/authorized_keys/macbookpro-intel.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDtibpc9Zz03PvrNLfgAz4UQ58UYrxw+8AZbzuSO8Gpvu4Eu0X3dJkD90tnK2XxsqKLUqN9pvoveA/29ul0DoAe9XHUXZJw//htwkUttVae2Uu7I+YnIqre1y3I0YQt+B1FzkYEaZ6KOTAqLGlRB27nzVagoCfZ0IW1cHf4NIL91hmZBNFHMNZoDP41p0zPOvJcw8SDTYv3h6K/sY60b1QB7yu5xIfFihzvTG7M6TBluLTNtdOK/qj79dEVbHr6etCjj0CChPozxq+CaCT/Mp2V6fpNxFADWsh7oLFG/gsDFYLJAn02NwQOT+yjWqWWa3qS73HzL2MaOzwDwwwV+4PK+/dIiU8Jw21guevWrZVGvmoZb4IC/I4DrlGZBpfBz/e0Kznkf8+pRx10SGjepXQVYCIUce6ptYm2X+oPuriUjTQKa3a4bvDFSMzgK6nt5CJzZI+tk9uTpxYH2gX4D06M7cylYgywJNSIyGE8+yJ8XpWgyAoM6tf9BIppJbLJQKsbO+IuElSjQWj5pcw/KIwYAFW5mQLjnjRmQg5HX8gkT6PD9jen26JJahYcfZnvlVwl1GkU52hCGP5LhdG2dgbZHG9Jibd+aVm5IfhnaB0/jWjV0+IuB1Wns3Etkbp098rXmiG6TLfI1XdH7+xbPw4+vSvBtlzTfRUfTTaY57VR4Q== ironmagma@Philips-MBP
|
||||||
1
nixos/keys/authorized_keys/macbookpro.pub
Normal file
1
nixos/keys/authorized_keys/macbookpro.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local
|
||||||
1
nixos/keys/authorized_keys/monolith.pub
Normal file
1
nixos/keys/authorized_keys/monolith.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC534fjfQ8PFUuyqp/3jH+tE2hq5EbbR8QcJ5ZYdm5H28d0+npxE4RnxqA82q/ZHiZT1nG5BIlRitPoIE74LFruLPBzZVfpOQxqczCAM2gsKGOY8Ug30Jl3OazsEyXYcZPdYdl/KhdrzPuJArRA7rdiI3krgVRnyG/bmU9/uQJ5fhowMJ8owYLdP4SXxh0O/vTauyNTxvddQAtGd+1DmcrFjFFNc8FeEhItMu2I9E1nIMS+lVSXOLZr1kXJa4kAhjUrWziI4nfzHESkV0hjF+DOQB/6bMFD04vkhCdK3wXKbEFkKzSBBtHQavpD7givk8mKWncdNR0bH+mB6WgiPbDAG83Q6ycAk3gX/AQAG/k/ZWo5x0u6MCN2op++JQLghdsg7T6iTJ+vTwqtEXiaWzckpEs+NR6GML8o/HCRZTTam8RIBgW5oUoqa52aDUS0WNpAGEfiUnmoKmAbxhsjtTVNPU0pWAKmon9mEmw83CzqogxAkOIgrWM58QGaGsuNgqU= root@monolith
|
||||||
1
nixos/keys/known_hosts/one.nix
Normal file
1
nixos/keys/known_hosts/one.nix
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
"github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"
|
||||||
2
nixos/keys/known_hosts/three.nix
Normal file
2
nixos/keys/known_hosts/three.nix
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
"github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk="
|
||||||
2
nixos/keys/known_hosts/two.nix
Normal file
2
nixos/keys/known_hosts/two.nix
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
"github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="
|
||||||
1
nixos/keys/mainframe.pub
Normal file
1
nixos/keys/mainframe.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5cEJLzQH5v3r4DrwZxwXOGQWaRVlyJGciXkOz6KiKI root@pw-mainframe
|
||||||
186
nixos/linux.nix
Normal file
186
nixos/linux.nix
Normal file
|
|
@ -0,0 +1,186 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
username,
|
||||||
|
hostname,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
nix-index-database,
|
||||||
|
inputs,
|
||||||
|
specialArgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
ddnsPkg = import ./invoke-ddns {inherit pkgs;};
|
||||||
|
|
||||||
|
startSeq = builtins.fromJSON ''"\u001b[7m"''; # Start inverted color
|
||||||
|
endSeq = builtins.fromJSON ''"\u001b[27m"''; # End inverted color
|
||||||
|
motd = "${startSeq} Welcome to the Peterson Mainframe! Look, touch, but DO NOT LICK. ${endSeq}";
|
||||||
|
|
||||||
|
nixPkgs = specialArgs.nixPkgs;
|
||||||
|
ourRustVersion = pkgs.rust-bin.selectLatestNightlyWith (toolchain: toolchain.complete);
|
||||||
|
|
||||||
|
ourRustPlatform = nixPkgs.makeRustPlatform {
|
||||||
|
rustc = ourRustVersion;
|
||||||
|
cargo = ourRustVersion;
|
||||||
|
};
|
||||||
|
|
||||||
|
pullomaticPkg = import ./pullomatic {
|
||||||
|
inherit lib pkgs;
|
||||||
|
rustPlatform = ourRustPlatform;
|
||||||
|
specialArgs = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
pullomatic = "${pullomaticPkg}/bin/pullomatic";
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
(import ./cloned_repos {inherit pkgs pullomatic lib;})
|
||||||
|
(import ./nginx.nix {inherit pkgs lib config;})
|
||||||
|
(import ./firewall.nix {inherit pkgs;})
|
||||||
|
(import ./system/users.nix {inherit pkgs config lib nix-index-database;})
|
||||||
|
];
|
||||||
|
|
||||||
|
time.timeZone = "America/Anchorage";
|
||||||
|
|
||||||
|
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age;
|
||||||
|
age.secrets.nearlyfreespeech.owner = "root";
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
ddnsPkg
|
||||||
|
pullomaticPkg
|
||||||
|
pkgs.vim
|
||||||
|
pkgs.php
|
||||||
|
pkgs.rustc
|
||||||
|
pkgs.cargo
|
||||||
|
pkgs.util-linux
|
||||||
|
pkgs.iotop
|
||||||
|
pkgs.rust-bin.stable.latest.default
|
||||||
|
];
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 1 * 1024; # 1GB
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /home/ironmagma/.config 0755 ${username} users"
|
||||||
|
"d /root/.config 0755 ${username} users"
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = "${hostname}";
|
||||||
|
|
||||||
|
# FIXME: change your shell here if you don't want zsh
|
||||||
|
programs.zsh.enable = true;
|
||||||
|
environment.pathsToLink = ["/share/zsh"];
|
||||||
|
environment.shells = [pkgs.zsh];
|
||||||
|
|
||||||
|
environment.enableAllTerminfo = true;
|
||||||
|
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
|
users.motd = motd;
|
||||||
|
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
enableOnBoot = true;
|
||||||
|
autoPrune.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
|
||||||
|
containers = {
|
||||||
|
"hello" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "nginxdemos/hello";
|
||||||
|
#user = "root:jellyfin";
|
||||||
|
volumes = [
|
||||||
|
];
|
||||||
|
ports = ["8081:80"];
|
||||||
|
};
|
||||||
|
|
||||||
|
"navidrome" = {
|
||||||
|
autoStart = true;
|
||||||
|
environment = {
|
||||||
|
"TZ" = "America/Anchorage";
|
||||||
|
"PUID" = "1000";
|
||||||
|
"PGID" = "100";
|
||||||
|
|
||||||
|
"ND_SCANSCHEDULE" = "1h";
|
||||||
|
"ND_LOGLEVEL" = "info";
|
||||||
|
"ND_SESSIONTIMEOUT" = "24h";
|
||||||
|
"ND_BASEURL" = "";
|
||||||
|
};
|
||||||
|
ports = ["4533:4533"];
|
||||||
|
volumes = [
|
||||||
|
"/var/navidrome/data:/data"
|
||||||
|
"/var/navidrome/music:/music:ro"
|
||||||
|
];
|
||||||
|
image = "deluan/navidrome";
|
||||||
|
};
|
||||||
|
|
||||||
|
"webdav" = {
|
||||||
|
autoStart = true;
|
||||||
|
image = "dgraziotin/nginx-webdav-nononsense";
|
||||||
|
#user = "root:jellyfin";
|
||||||
|
volumes = [
|
||||||
|
"/mnt/webdav/data:/data"
|
||||||
|
"/mnt/webdav/config:/config"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
"WEBDAV_USERNAME" = "foo";
|
||||||
|
# TODO
|
||||||
|
"WEBDAV_PASSWORD" = "bar";
|
||||||
|
"TZ" = "America/Anchorage";
|
||||||
|
|
||||||
|
"PUID" = "60"; # nginx user
|
||||||
|
"PGID" = "60"; # nginx group
|
||||||
|
};
|
||||||
|
ports = ["8082:80"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
settings = {
|
||||||
|
trusted-users = [username];
|
||||||
|
|
||||||
|
accept-flake-config = true;
|
||||||
|
auto-optimise-store = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
registry = {
|
||||||
|
nixpkgs = {
|
||||||
|
flake = inputs.nixpkgs;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixPath = [
|
||||||
|
"nixpkgs=${inputs.nixpkgs.outPath}"
|
||||||
|
"nixos-config=/etc/nixos/configuration.nix"
|
||||||
|
"/nix/var/nix/profiles/per-user/root/channels"
|
||||||
|
];
|
||||||
|
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
extraOptions = ''experimental-features = nix-command flakes'';
|
||||||
|
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
options = "--delete-older-than 7d";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# HTTPS
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "peterson@sent.com";
|
||||||
|
certs."philippeterson.com" = {
|
||||||
|
dnsProvider = "nearlyfreespeech";
|
||||||
|
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||||
|
webroot = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
BIN
nixos/nfsn_ddns-0.2.0-py3-none-any.whl
Normal file
BIN
nixos/nfsn_ddns-0.2.0-py3-none-any.whl
Normal file
Binary file not shown.
144
nixos/nginx.nix
Normal file
144
nixos/nginx.nix
Normal file
|
|
@ -0,0 +1,144 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"_default" = {
|
||||||
|
listen = [
|
||||||
|
{ addr = "0.0.0.0"; port = 80; }
|
||||||
|
{ addr = "[::]"; port = 80; }
|
||||||
|
];
|
||||||
|
serverName = "_";
|
||||||
|
extraConfig = ''
|
||||||
|
deny all;
|
||||||
|
return 444;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"philippeterson.com" = {
|
||||||
|
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
|
||||||
|
forceSSL = false; # Redirect HTTP to HTTPS?
|
||||||
|
addSSL = true;
|
||||||
|
|
||||||
|
root = "/etc/pullomatic/com_philippeterson";
|
||||||
|
|
||||||
|
locations."~ /.git(/.*)$ " = {
|
||||||
|
extraConfig = ''
|
||||||
|
deny all;
|
||||||
|
return 404;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
index index.html index.htm;
|
||||||
|
rewrite ^/games/atcsim/?$ "/index.html" break;
|
||||||
|
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||||
|
root /etc/pullomatic/atcsim;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Content-Type text/plain;
|
||||||
|
return 200 "$query";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
try_files $uri $uri.php $uri/ =404;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
rewrite ^/contact$ /contact.php last;
|
||||||
|
rewrite ^/resume$ /resume.php last;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ \.php$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"blog.quinefoundation.com" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = false;
|
||||||
|
addSSL = true;
|
||||||
|
|
||||||
|
root = "/etc/pullomatic/com_quinefoundation_blog/markdown-blog";
|
||||||
|
|
||||||
|
locations."~ /.git(/.*)$ " = {
|
||||||
|
extraConfig = ''
|
||||||
|
deny all;
|
||||||
|
return 404;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ ^/static(/.*)?$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
autoindex on;
|
||||||
|
root /etc/pullomatic/com_quinefoundation_blog/static;
|
||||||
|
rewrite ^/static(?<query>(/[^/\\s]*)*)$ "$query" break;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^/?$ /blog-posts-list.php last;
|
||||||
|
rewrite ^/post/?$ /blog-posts-list.php last;
|
||||||
|
rewrite ^/about/?$ /about.php last;
|
||||||
|
rewrite ^/credits/?$ /credits.php last;
|
||||||
|
rewrite ^/post/([-a-zA-Z0-9]*)$ /blog-page.php?page=$1.md last;
|
||||||
|
rewrite ^/rss.xml$ /rss.php last;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ \.php$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Optionally configure additional options
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.phpfpm.pools = {
|
||||||
|
main = {
|
||||||
|
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
|
||||||
|
user = "nginx";
|
||||||
|
group = "nginx";
|
||||||
|
settings = {
|
||||||
|
# listen = /run/phpfpm.sock
|
||||||
|
# "listen.mode = 0660
|
||||||
|
"listen.owner" = "nginx";
|
||||||
|
"listen.group" = "nginx";
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = 75;
|
||||||
|
"pm.start_servers" = 10;
|
||||||
|
"pm.min_spare_servers" = 5;
|
||||||
|
"pm.max_spare_servers" = 20;
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
|
||||||
|
"php_admin_value[error_log]" = "stderr";
|
||||||
|
"php_admin_flag[log_errors]" = true;
|
||||||
|
"catch_workers_output" = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
41
nixos/pullomatic/default.nix
Normal file
41
nixos/pullomatic/default.nix
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
rustPlatform,
|
||||||
|
specialArgs,
|
||||||
|
}:
|
||||||
|
rustPlatform.buildRustPackage rec {
|
||||||
|
pname = "pullomatic";
|
||||||
|
version = "1.0.0";
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "philip-peterson";
|
||||||
|
repo = pname;
|
||||||
|
rev = "master";
|
||||||
|
hash = "sha256-VVIhbbdHBBeodODWQq40q91uqtTrUHsCyPgTZ5VtrRc=";
|
||||||
|
};
|
||||||
|
|
||||||
|
cargoBuildFlags = ["--bin" "pullomatic"];
|
||||||
|
|
||||||
|
cargoHash = "sha256-oo0M4AlraRw2LRYzvhlbjgvSolZcuRz+2WruesEWltk=";
|
||||||
|
|
||||||
|
nativeBuildInputs = with pkgs; [
|
||||||
|
pkg-config
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = with pkgs; [
|
||||||
|
openssl
|
||||||
|
];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "A tool for automating GitHub pulls";
|
||||||
|
homepage = "https://github.com/philip-peterson/pullomatic";
|
||||||
|
license = lib.licenses.unlicense;
|
||||||
|
maintainers = [
|
||||||
|
{
|
||||||
|
name = "Philip Peterson";
|
||||||
|
email = "peterson@sent.com";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
5
nixos/refresh.sh
Executable file
5
nixos/refresh.sh
Executable file
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
./apply.sh
|
||||||
5
nixos/secrets/README.md
Normal file
5
nixos/secrets/README.md
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
To decrypt these files, you would need the Quine Foundation server's private key,
|
||||||
|
which is of course not public information. However, you could also generate your own
|
||||||
|
secrets using `age` which is an open source project used to power this server.
|
||||||
|
These would use your own private key, and therefore the encrypted versions would of
|
||||||
|
course differ from what's public in this repository.
|
||||||
8
nixos/secrets/default.nix
Normal file
8
nixos/secrets/default.nix
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
{}: let
|
||||||
|
mainframePublicKey = builtins.toString "../keys/mainframe.pub";
|
||||||
|
in {
|
||||||
|
# This .age file should contain the following environment variables:
|
||||||
|
# NEARLYFREESPEECH_API_KEY
|
||||||
|
# NEARLYFREESPEECH_LOGIN
|
||||||
|
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
|
||||||
|
}
|
||||||
9
nixos/secrets/nearlyfreespeech.age
Normal file
9
nixos/secrets/nearlyfreespeech.age
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyBteHlN
|
||||||
|
bTNkUUxaY2NwRFdSR1E4VWhkbW8yV2VrT2dJbGRFMjJoUkJHNGc0CkI0Z25jMDJK
|
||||||
|
ck1TOWM0eHFZSzJETU1sekxFVGFDOWdDWGlicVlwdGY4T2cKLS0tIEZBSnJyQVN5
|
||||||
|
Nk1WZjM2aVdDdkNtamdBOExUSWNobEJzdFRnQ1JsbjZyNUEKpQAGd4xnEZd2JHFN
|
||||||
|
grhQ/kLePUz7W0i8epk+bu2aJiSs7sSznRI0gTf6zTwpUk1p0zOtJaK7uopPC+go
|
||||||
|
I9FPCx+rXzbmwrMcVUuzZLa8M1gikABswKSxKB/kHqH7KzrVGscQ4xz1gN+hdOS8
|
||||||
|
5xoP
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
15
nixos/system/home/ironmagma.nix
Normal file
15
nixos/system/home/ironmagma.nix
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
username,
|
||||||
|
nix-index-database,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
shared = import ./shared.nix {
|
||||||
|
inherit config pkgs username nix-index-database lib;
|
||||||
|
homeDirectory = "/home/ironmagma";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
imports = [shared];
|
||||||
|
}
|
||||||
17
nixos/system/home/root.nix
Normal file
17
nixos/system/home/root.nix
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
username,
|
||||||
|
nix-index-database,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
shared = import ./shared.nix {
|
||||||
|
inherit config pkgs username nix-index-database lib;
|
||||||
|
homeDirectory = "/root";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
imports = [shared];
|
||||||
|
|
||||||
|
home.sessionVariables.EDITOR = "vim";
|
||||||
|
}
|
||||||
252
nixos/system/home/shared.nix
Normal file
252
nixos/system/home/shared.nix
Normal file
|
|
@ -0,0 +1,252 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
username,
|
||||||
|
nix-index-database,
|
||||||
|
lib,
|
||||||
|
homeDirectory,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
unstable-packages = with pkgs.unstable; [
|
||||||
|
coreutils
|
||||||
|
curl
|
||||||
|
findutils
|
||||||
|
git
|
||||||
|
git-crypt
|
||||||
|
jq
|
||||||
|
killall
|
||||||
|
tmux
|
||||||
|
unzip
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
zip
|
||||||
|
];
|
||||||
|
|
||||||
|
stable-packages = with pkgs; [
|
||||||
|
rustup
|
||||||
|
go
|
||||||
|
nodejs
|
||||||
|
python3
|
||||||
|
alejandra # nix formatter
|
||||||
|
];
|
||||||
|
|
||||||
|
dir = builtins.toString ../../keys/known_hosts;
|
||||||
|
files = builtins.attrNames (builtins.readDir dir);
|
||||||
|
pubKeys = map (file: import (dir + "/" + file)) files;
|
||||||
|
joinedString = lib.concatStringsSep " " pubKeys;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
nix-index-database.hmModules.nix-index
|
||||||
|
];
|
||||||
|
|
||||||
|
home = {
|
||||||
|
stateVersion = "22.11";
|
||||||
|
username = lib.mkDefault "${username}";
|
||||||
|
homeDirectory = homeDirectory;
|
||||||
|
|
||||||
|
sessionVariables.EDITOR = "vim";
|
||||||
|
sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh";
|
||||||
|
|
||||||
|
packages = lib.mkDefault (
|
||||||
|
stable-packages
|
||||||
|
++ unstable-packages
|
||||||
|
);
|
||||||
|
|
||||||
|
file.".ssh/known_hosts".text = joinedString;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
home-manager.enable = true;
|
||||||
|
nix-index.enable = true;
|
||||||
|
nix-index.enableZshIntegration = true;
|
||||||
|
nix-index-database.comma.enable = true;
|
||||||
|
|
||||||
|
# FIXME: disable this if you don't want to use the starship prompt
|
||||||
|
starship.enable = true;
|
||||||
|
starship.settings = {
|
||||||
|
aws.disabled = true;
|
||||||
|
gcloud.disabled = true;
|
||||||
|
kubernetes.disabled = false;
|
||||||
|
git_branch.style = "242";
|
||||||
|
directory.style = "blue";
|
||||||
|
directory.truncate_to_repo = false;
|
||||||
|
directory.truncation_length = 8;
|
||||||
|
python.disabled = true;
|
||||||
|
ruby.disabled = true;
|
||||||
|
hostname.ssh_only = false;
|
||||||
|
hostname.style = "bold green";
|
||||||
|
};
|
||||||
|
|
||||||
|
# FIXME: disable whatever you don't want
|
||||||
|
fzf.enable = true;
|
||||||
|
fzf.enableZshIntegration = true;
|
||||||
|
lsd.enable = true;
|
||||||
|
lsd.enableAliases = true;
|
||||||
|
zoxide.enable = true;
|
||||||
|
zoxide.enableZshIntegration = true;
|
||||||
|
broot.enable = true;
|
||||||
|
broot.enableZshIntegration = true;
|
||||||
|
|
||||||
|
direnv.enable = true;
|
||||||
|
direnv.enableZshIntegration = true;
|
||||||
|
direnv.nix-direnv.enable = true;
|
||||||
|
|
||||||
|
git = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.unstable.git;
|
||||||
|
delta.enable = true;
|
||||||
|
delta.options = {
|
||||||
|
line-numbers = true;
|
||||||
|
side-by-side = true;
|
||||||
|
navigate = true;
|
||||||
|
};
|
||||||
|
userEmail = "1326208+philip-peterson@users.noreply.github.com";
|
||||||
|
userName = "philip-peterson";
|
||||||
|
extraConfig = {
|
||||||
|
push = {
|
||||||
|
default = "current";
|
||||||
|
autoSetupRemote = true;
|
||||||
|
};
|
||||||
|
merge = {
|
||||||
|
conflictstyle = "diff3";
|
||||||
|
};
|
||||||
|
diff = {
|
||||||
|
colorMoved = "default";
|
||||||
|
};
|
||||||
|
safe = {
|
||||||
|
directory = "/var/petersweb-infra";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
zsh = {
|
||||||
|
enable = true;
|
||||||
|
autocd = true;
|
||||||
|
enableAutosuggestions = true;
|
||||||
|
enableCompletion = true;
|
||||||
|
defaultKeymap = "emacs";
|
||||||
|
history.size = 10000;
|
||||||
|
history.save = 10000;
|
||||||
|
history.expireDuplicatesFirst = true;
|
||||||
|
history.ignoreDups = true;
|
||||||
|
history.ignoreSpace = true;
|
||||||
|
historySubstringSearch.enable = true;
|
||||||
|
|
||||||
|
plugins = [
|
||||||
|
{
|
||||||
|
name = "fast-syntax-highlighting";
|
||||||
|
src = "${pkgs.zsh-fast-syntax-highlighting}/share/zsh/site-functions";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "zsh-nix-shell";
|
||||||
|
file = "nix-shell.plugin.zsh";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "chisui";
|
||||||
|
repo = "zsh-nix-shell";
|
||||||
|
rev = "v0.5.0";
|
||||||
|
sha256 = "0za4aiwwrlawnia4f29msk822rj9bgcygw6a8a6iikiwzjjz0g91";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
shellAliases = {
|
||||||
|
"u" = "cd ..";
|
||||||
|
"uu" = "cd ../..";
|
||||||
|
"uuu" = "cd ../../..";
|
||||||
|
"uuuu" = "cd ../../../..";
|
||||||
|
gs = "git status";
|
||||||
|
gc = "nix-collect-garbage --delete-old";
|
||||||
|
refresh = "source ~/.zshrc";
|
||||||
|
show_path = "echo $PATH | tr ':' '\n'";
|
||||||
|
|
||||||
|
gst = "git status";
|
||||||
|
gco = "git checkout";
|
||||||
|
};
|
||||||
|
|
||||||
|
envExtra = ''
|
||||||
|
export PATH=$PATH:$HOME/.local/bin
|
||||||
|
'';
|
||||||
|
|
||||||
|
initExtra = ''
|
||||||
|
bindkey '^p' history-search-backward
|
||||||
|
bindkey '^n' history-search-forward
|
||||||
|
bindkey '^e' end-of-line
|
||||||
|
bindkey '^w' forward-word
|
||||||
|
bindkey "^[[3~" delete-char
|
||||||
|
bindkey ";5C" forward-word
|
||||||
|
bindkey ";5D" backward-word
|
||||||
|
|
||||||
|
zstyle ':completion:*:*:*:*:*' menu select
|
||||||
|
|
||||||
|
# Complete . and .. special directories
|
||||||
|
zstyle ':completion:*' special-dirs true
|
||||||
|
|
||||||
|
zstyle ':completion:*' list-colors ""
|
||||||
|
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
|
||||||
|
|
||||||
|
# disable named-directories autocompletion
|
||||||
|
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
|
||||||
|
|
||||||
|
# Use caching so that commands like apt and dpkg complete are useable
|
||||||
|
zstyle ':completion:*' use-cache on
|
||||||
|
zstyle ':completion:*' cache-path "$XDG_CACHE_HOME/zsh/.zcompcache"
|
||||||
|
|
||||||
|
# Don't complete uninteresting users
|
||||||
|
zstyle ':completion:*:*:*:users' ignored-patterns \
|
||||||
|
adm amanda apache at avahi avahi-autoipd beaglidx bin cacti canna \
|
||||||
|
clamav daemon dbus distcache dnsmasq dovecot fax ftp games gdm \
|
||||||
|
gkrellmd gopher hacluster haldaemon halt hsqldb ident junkbust kdm \
|
||||||
|
ldap lp mail mailman mailnull man messagebus mldonkey mysql nagios \
|
||||||
|
named netdump news nfsnobody nobody nscd ntp nut nx obsrun openvpn \
|
||||||
|
operator pcap polkitd postfix postgres privoxy pulse pvm quagga radvd \
|
||||||
|
rpc rpcuser rpm rtkit scard shutdown squid sshd statd svn sync tftp \
|
||||||
|
usbmux uucp vcsa wwwrun xfs '_*'
|
||||||
|
# ... unless we really want to.
|
||||||
|
zstyle '*' single-ignored complete
|
||||||
|
|
||||||
|
# https://thevaluable.dev/zsh-completion-guide-examples/
|
||||||
|
zstyle ':completion:*' completer _extensions _complete _approximate
|
||||||
|
zstyle ':completion:*:descriptions' format '%F{green}-- %d --%f'
|
||||||
|
zstyle ':completion:*' group-name ""
|
||||||
|
zstyle ':completion:*:*:-command-:*:*' group-order alias builtins functions commands
|
||||||
|
zstyle ':completion:*' squeeze-slashes true
|
||||||
|
zstyle ':completion:*' matcher-list "" 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
|
||||||
|
|
||||||
|
# mkcd is equivalent to takedir
|
||||||
|
function mkcd takedir() {
|
||||||
|
mkdir -p $@ && cd ''${@:$#}
|
||||||
|
}
|
||||||
|
|
||||||
|
function takeurl() {
|
||||||
|
local data thedir
|
||||||
|
data="$(mktemp)"
|
||||||
|
curl -L "$1" > "$data"
|
||||||
|
tar xf "$data"
|
||||||
|
thedir="$(tar tf "$data" | head -n 1)"
|
||||||
|
rm "$data"
|
||||||
|
cd "$thedir"
|
||||||
|
}
|
||||||
|
|
||||||
|
function takegit() {
|
||||||
|
git clone "$1"
|
||||||
|
cd "$(basename ''${1%%.git})"
|
||||||
|
}
|
||||||
|
|
||||||
|
function take() {
|
||||||
|
if [[ $1 =~ ^(https?|ftp).*\.(tar\.(gz|bz2|xz)|tgz)$ ]]; then
|
||||||
|
takeurl "$1"
|
||||||
|
elif [[ $1 =~ ^([A-Za-z0-9]\+@|https?|git|ssh|ftps?|rsync).*\.git/?$ ]]; then
|
||||||
|
takegit "$1"
|
||||||
|
else
|
||||||
|
takedir "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
WORDCHARS='*?[]~=&;!#$%^(){}<>'
|
||||||
|
|
||||||
|
# fixes duplication of commands when using tab-completion
|
||||||
|
export LANG=C.UTF-8
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
74
nixos/system/users.nix
Normal file
74
nixos/system/users.nix
Normal file
|
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
nix-index-database,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
makeUser = {
|
||||||
|
username,
|
||||||
|
home,
|
||||||
|
extraGroups,
|
||||||
|
authorizedKeys,
|
||||||
|
homeConfig ? null,
|
||||||
|
isNormalUser ? true,
|
||||||
|
}: {
|
||||||
|
extraGroups = extraGroups ++ [username];
|
||||||
|
|
||||||
|
home-manager.users.${username} = homeConfig;
|
||||||
|
|
||||||
|
users.users.${username} = {
|
||||||
|
isNormalUser = isNormalUser;
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
openssh.authorizedKeys.keys = authorizedKeys;
|
||||||
|
home = home;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.${username} = {
|
||||||
|
name = "${username}";
|
||||||
|
members = ["${username}"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
dir = builtins.toString ../keys/authorized_keys;
|
||||||
|
files = builtins.attrNames (builtins.readDir dir);
|
||||||
|
authorizedKeys = map (file: builtins.readFile "${dir}/${file}") files;
|
||||||
|
|
||||||
|
rootUser = makeUser {
|
||||||
|
isNormalUser = false;
|
||||||
|
username = "root";
|
||||||
|
home = "/root";
|
||||||
|
extraGroups = [];
|
||||||
|
authorizedKeys = authorizedKeys;
|
||||||
|
homeConfig = import ./home/root.nix {
|
||||||
|
username = "root";
|
||||||
|
inherit config pkgs nix-index-database lib;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ironmagmaUser = makeUser {
|
||||||
|
username = "ironmagma";
|
||||||
|
home = "/home/ironmagma";
|
||||||
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"docker"
|
||||||
|
];
|
||||||
|
authorizedKeys = [
|
||||||
|
(builtins.readFile ../keys/authorized_keys/macbookpro.pub)
|
||||||
|
(builtins.readFile ../keys/authorized_keys/macbookpro-intel.pub)
|
||||||
|
(builtins.readFile ../keys/authorized_keys/monolith.pub)
|
||||||
|
];
|
||||||
|
homeConfig = import ./home/ironmagma.nix {
|
||||||
|
username = "ironmagma";
|
||||||
|
inherit config pkgs nix-index-database lib;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
users.groups.repo-data = {
|
||||||
|
name = "repo-data";
|
||||||
|
members = ["nginx"];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users = rootUser.users.users // ironmagmaUser.users.users // {};
|
||||||
|
home-manager.users = rootUser.home-manager.users // ironmagmaUser.home-manager.users;
|
||||||
|
}
|
||||||
46
terraform/.terraform.lock.hcl
Normal file
46
terraform/.terraform.lock.hcl
Normal file
|
|
@ -0,0 +1,46 @@
|
||||||
|
# This file is maintained automatically by "terraform init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hashicorp/null" {
|
||||||
|
version = "3.2.2"
|
||||||
|
constraints = "3.2.2"
|
||||||
|
hashes = [
|
||||||
|
"h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
|
||||||
|
"h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
|
||||||
|
"zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
|
||||||
|
"zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
|
||||||
|
"zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
|
||||||
|
"zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
|
||||||
|
"zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
|
||||||
|
"zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
|
||||||
|
"zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
|
||||||
|
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||||
|
"zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
|
||||||
|
"zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
|
||||||
|
"zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
|
||||||
|
"zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hetznercloud/hcloud" {
|
||||||
|
version = "1.47.0"
|
||||||
|
constraints = "~> 1.45"
|
||||||
|
hashes = [
|
||||||
|
"h1:B7iDacnh16TWyenN4+eledjmuZ89vYkdg5yFjlRNT7M=",
|
||||||
|
"h1:KQbtq1sXF4deoc0DKgjyyJMdIuHfhfhAPkVV0DlTMRI=",
|
||||||
|
"zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34",
|
||||||
|
"zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887",
|
||||||
|
"zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340",
|
||||||
|
"zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d",
|
||||||
|
"zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8",
|
||||||
|
"zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25",
|
||||||
|
"zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f",
|
||||||
|
"zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb",
|
||||||
|
"zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e",
|
||||||
|
"zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557",
|
||||||
|
"zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4",
|
||||||
|
"zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd",
|
||||||
|
"zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e",
|
||||||
|
"zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c",
|
||||||
|
]
|
||||||
|
}
|
||||||
45
terraform/foo.tf
Normal file
45
terraform/foo.tf
Normal file
|
|
@ -0,0 +1,45 @@
|
||||||
|
locals {
|
||||||
|
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local"
|
||||||
|
}
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
hcloud = {
|
||||||
|
source = "hetznercloud/hcloud"
|
||||||
|
version = "~> 1.45"
|
||||||
|
}
|
||||||
|
|
||||||
|
null = {
|
||||||
|
source = "hashicorp/null"
|
||||||
|
version = "3.2.2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_ssh_key" "default" {
|
||||||
|
name = "Philip Macbook Pro M2"
|
||||||
|
public_key = local.public_key
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set the variable value in *.tfvars file
|
||||||
|
# or using the -var="hcloud_token=..." CLI option
|
||||||
|
# variable "hcloud_token" {
|
||||||
|
# sensitive = true
|
||||||
|
# }
|
||||||
|
|
||||||
|
# Configure the Hetzner Cloud Provider
|
||||||
|
provider "hcloud" {
|
||||||
|
token = "hmUptEnfNpDdYVAeLOvmv14fZn9YV9wYuDhU4t0Mso26K2JLNbuJ2CvtCI3mLJyp"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create a server
|
||||||
|
resource "hcloud_server" "web" {
|
||||||
|
name = "syncthing"
|
||||||
|
image = "fedora-40"
|
||||||
|
server_type = "cx32"
|
||||||
|
|
||||||
|
ssh_keys = [
|
||||||
|
"Philip Macbook Pro M2"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
75
terraform/terraform.tfstate
Normal file
75
terraform/terraform.tfstate
Normal file
|
|
@ -0,0 +1,75 @@
|
||||||
|
{
|
||||||
|
"version": 4,
|
||||||
|
"terraform_version": "1.5.7",
|
||||||
|
"serial": 28,
|
||||||
|
"lineage": "0a446551-97f6-5e1f-fd21-d1a5bd66b38f",
|
||||||
|
"outputs": {},
|
||||||
|
"resources": [
|
||||||
|
{
|
||||||
|
"mode": "managed",
|
||||||
|
"type": "hcloud_server",
|
||||||
|
"name": "web",
|
||||||
|
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
|
||||||
|
"instances": [
|
||||||
|
{
|
||||||
|
"schema_version": 0,
|
||||||
|
"attributes": {
|
||||||
|
"allow_deprecated_images": false,
|
||||||
|
"backup_window": "",
|
||||||
|
"backups": false,
|
||||||
|
"datacenter": "hel1-dc2",
|
||||||
|
"delete_protection": false,
|
||||||
|
"firewall_ids": [],
|
||||||
|
"id": "51104554",
|
||||||
|
"ignore_remote_firewall_ids": false,
|
||||||
|
"image": "fedora-40",
|
||||||
|
"ipv4_address": "135.181.83.225",
|
||||||
|
"ipv6_address": "2a01:4f9:c010:8efd::1",
|
||||||
|
"ipv6_network": "2a01:4f9:c010:8efd::/64",
|
||||||
|
"iso": null,
|
||||||
|
"keep_disk": false,
|
||||||
|
"labels": {},
|
||||||
|
"location": "hel1",
|
||||||
|
"name": "syncthing",
|
||||||
|
"network": [],
|
||||||
|
"placement_group_id": 0,
|
||||||
|
"primary_disk_size": 80,
|
||||||
|
"public_net": [],
|
||||||
|
"rebuild_protection": false,
|
||||||
|
"rescue": null,
|
||||||
|
"server_type": "cx32",
|
||||||
|
"shutdown_before_deletion": false,
|
||||||
|
"ssh_keys": [
|
||||||
|
"Philip Macbook Pro M2"
|
||||||
|
],
|
||||||
|
"status": "running",
|
||||||
|
"timeouts": null,
|
||||||
|
"user_data": null
|
||||||
|
},
|
||||||
|
"sensitive_attributes": [],
|
||||||
|
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"mode": "managed",
|
||||||
|
"type": "hcloud_ssh_key",
|
||||||
|
"name": "default",
|
||||||
|
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
|
||||||
|
"instances": [
|
||||||
|
{
|
||||||
|
"schema_version": 0,
|
||||||
|
"attributes": {
|
||||||
|
"fingerprint": "eb:d4:34:7f:69:a7:82:3c:4c:f6:54:d3:4a:f3:73:cd",
|
||||||
|
"id": "22314214",
|
||||||
|
"labels": {},
|
||||||
|
"name": "Philip Macbook Pro M2",
|
||||||
|
"public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOqjSTQAQ2H4RD7oHWXjc6M4TcLniAsieo1hk7jl/VHxl6fVKxab5rtWpbDBN9SqNmoTHlWRSd+kCIVdg8a0Psy0NISTfSUniWh9qIJrjXTpWfJ9PkXIlVrleEz9Szn0GY5NyYUcNiZSencMszrOkJC8DcKIW8qp+17VeYpnS/hbwjIjdhgaFA8DjrHRgXuf88XBbi+XDB+Rw0vLLL1qsdT0NPe3uE1ixYCIUlVu3imMq431xJ/x3MLJoLJm3KSjO8NKWbw4PetxOd4LDhJbHkDpdA0P+D2ZewPIGYA45Z+pxZqvfrKIBnB4RIW5tCMGMeZHWS74vhXODPzf67TkScCGt/FU92yZHRpBNYwZ+dS+8YWMmo3t2/YWpPxLFXkAx6t78TdVGhhFrjWdxPB9hTdfdX1Sh51mbp9WVLYgqT+M/YROesrSwm7TKMgMLemA77ISf0LqWrGBo6fHRGmIfwe/fI9hSAObdHkARwPHD2GhZl+SxW7D9CV8jhV6KKbc0= ironmagma@Philips-MacBook-Pro.local"
|
||||||
|
},
|
||||||
|
"sensitive_attributes": []
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"check_results": null
|
||||||
|
}
|
||||||
56
terraform/terraform.tfstate.backup
Normal file
56
terraform/terraform.tfstate.backup
Normal file
|
|
@ -0,0 +1,56 @@
|
||||||
|
{
|
||||||
|
"version": 4,
|
||||||
|
"terraform_version": "1.5.7",
|
||||||
|
"serial": 26,
|
||||||
|
"lineage": "0a446551-97f6-5e1f-fd21-d1a5bd66b38f",
|
||||||
|
"outputs": {},
|
||||||
|
"resources": [
|
||||||
|
{
|
||||||
|
"mode": "managed",
|
||||||
|
"type": "hcloud_server",
|
||||||
|
"name": "web",
|
||||||
|
"provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
|
||||||
|
"instances": [
|
||||||
|
{
|
||||||
|
"schema_version": 0,
|
||||||
|
"attributes": {
|
||||||
|
"allow_deprecated_images": false,
|
||||||
|
"backup_window": "",
|
||||||
|
"backups": false,
|
||||||
|
"datacenter": "hel1-dc2",
|
||||||
|
"delete_protection": false,
|
||||||
|
"firewall_ids": [],
|
||||||
|
"id": "51104554",
|
||||||
|
"ignore_remote_firewall_ids": false,
|
||||||
|
"image": "fedora-40",
|
||||||
|
"ipv4_address": "135.181.83.225",
|
||||||
|
"ipv6_address": "2a01:4f9:c010:8efd::1",
|
||||||
|
"ipv6_network": "2a01:4f9:c010:8efd::/64",
|
||||||
|
"iso": null,
|
||||||
|
"keep_disk": false,
|
||||||
|
"labels": {},
|
||||||
|
"location": "hel1",
|
||||||
|
"name": "syncthing",
|
||||||
|
"network": [],
|
||||||
|
"placement_group_id": 0,
|
||||||
|
"primary_disk_size": 80,
|
||||||
|
"public_net": [],
|
||||||
|
"rebuild_protection": false,
|
||||||
|
"rescue": null,
|
||||||
|
"server_type": "cx32",
|
||||||
|
"shutdown_before_deletion": false,
|
||||||
|
"ssh_keys": [
|
||||||
|
"Philip Macbook Pro M2"
|
||||||
|
],
|
||||||
|
"status": "running",
|
||||||
|
"timeouts": null,
|
||||||
|
"user_data": null
|
||||||
|
},
|
||||||
|
"sensitive_attributes": [],
|
||||||
|
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo1NDAwMDAwMDAwMDAwfX0="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"check_results": null
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue