Merge branch 'two'

This commit is contained in:
Philip Peterson 2026-05-08 20:55:59 -08:00
commit e8183c685b
10 changed files with 64 additions and 19 deletions

View file

@ -12,4 +12,4 @@ jobs:
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel
- run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel

View file

@ -3,4 +3,4 @@
set -e
git pull origin main
nixos-rebuild switch --flake .#nixos --verbose --show-trace
nixos-rebuild switch --flake .#mainframe --verbose --show-trace

View file

@ -68,7 +68,7 @@ in {
Restart = "always";
RestartSec = "0";
User = "root";
Group = "root";
Group = "repo-data";
};
};

View file

@ -12,16 +12,6 @@
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";

View file

@ -92,14 +92,13 @@
++ modules;
};
in {
nixosConfigurations.nixos = mkNixosConfiguration {
hostname = "pw-mainframe";
nixosConfigurations.mainframe = mkNixosConfiguration {
hostname = "mainframe-2";
username = "ironmagma";
args = {
nixPkgs = import nixpkgs {inherit system overlays;};
};
modules = [
disko.nixosModules.disko
agenix.nixosModules.age
./hetzner.nix
./linux.nix

View file

@ -2,12 +2,38 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
# Fixes iotop
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = false;
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4";
fsType = "ext4";
};
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
dhcpV4Config = {
UseGateway = false;
UseRoutes = false;
};
routes = [
{routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};}
];
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = true;

View file

@ -57,6 +57,11 @@ in {
file = ./secrets/webdav.age;
owner = "root";
};
anthropic-api-key = {
file = ./secrets/anthropic-api-key.age;
owner = "root";
};
};
environment.systemPackages = [
@ -71,6 +76,8 @@ in {
pkgs.rust-bin.stable.latest.default
pkgs.wget
pkgs.unstable.claude-code
# For docker-compose like setups
pkgs.arion
start-arion-run
@ -92,6 +99,9 @@ in {
# FIXME: change your shell here if you don't want zsh
programs.zsh.enable = true;
programs.zsh.shellInit = ''
export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path})
'';
environment.pathsToLink = ["/share/zsh"];
environment.shells = [pkgs.zsh];

View file

@ -48,6 +48,18 @@
};
};
"www.philippeterson.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
extraConfig = ''
return 301 https://philippeterson.com$request_uri;
'';
};
};
"philippeterson.com" = {
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
forceSSL = false; # Redirect HTTP to HTTPS?

View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg
0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU
--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0
½`2Õ±½ÖwÓ\ïž‹úÉ96ÉÃUu8<75>?îÒc?(ð$éõЭQÊãä¯êP˜øô«ËuÆÍöxQ169·d¾“3½¼ÔêRãz¿Ì<C2BF>Ÿ—Tºl>" Gáã<C3A1><08>uGà­!cøšÍì³DÉÏ­Gdf<>ïØ¥Ýa#:N¡AÖNÄ

View file

@ -1,5 +1,5 @@
{}: let
mainframePublicKey = builtins.toString "../keys/mainframe.pub";
let
mainframePublicKey = builtins.readFile ../keys/mainframe.pub;
in {
# This .age file should contain the following environment variables:
# NEARLYFREESPEECH_API_KEY
@ -8,4 +8,7 @@ in {
# WEBDAV_PASSWORD
"./webdav.age".publicKeys = [mainframePublicKey];
# ANTHROPIC_API_KEY
"./anthropic-api-key.age".publicKeys = [mainframePublicKey];
}