diff --git a/nixos/.github/workflows/build.yml b/nixos/.github/workflows/build.yml index 181c1c6..07e4b5f 100644 --- a/nixos/.github/workflows/build.yml +++ b/nixos/.github/workflows/build.yml @@ -12,4 +12,4 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub - - run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel + - run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel diff --git a/nixos/apply.sh b/nixos/apply.sh index 50a7953..04811c3 100755 --- a/nixos/apply.sh +++ b/nixos/apply.sh @@ -3,4 +3,4 @@ set -e git pull origin main -nixos-rebuild switch --flake .#nixos --verbose --show-trace +nixos-rebuild switch --flake .#mainframe --verbose --show-trace diff --git a/nixos/cloned_repos/default.nix b/nixos/cloned_repos/default.nix index b29e4d6..971e517 100644 --- a/nixos/cloned_repos/default.nix +++ b/nixos/cloned_repos/default.nix @@ -68,7 +68,7 @@ in { Restart = "always"; RestartSec = "0"; User = "root"; - Group = "root"; + Group = "repo-data"; }; }; diff --git a/nixos/disk-config.nix b/nixos/disk-config.nix index c72a8d4..66d7f54 100644 --- a/nixos/disk-config.nix +++ b/nixos/disk-config.nix @@ -12,16 +12,6 @@ size = "1M"; type = "EF02"; }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; root = { name = "root"; size = "100%"; diff --git a/nixos/flake.nix b/nixos/flake.nix index caed697..55e1843 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -92,14 +92,13 @@ ++ modules; }; in { - nixosConfigurations.nixos = mkNixosConfiguration { - hostname = "pw-mainframe"; + nixosConfigurations.mainframe = mkNixosConfiguration { + hostname = "mainframe-2"; username = "ironmagma"; args = { nixPkgs = import nixpkgs {inherit system overlays;}; }; modules = [ - disko.nixosModules.disko agenix.nixosModules.age ./hetzner.nix ./linux.nix diff --git a/nixos/hetzner.nix b/nixos/hetzner.nix index ebdfa76..fd1071b 100644 --- a/nixos/hetzner.nix +++ b/nixos/hetzner.nix @@ -2,12 +2,38 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") - ./disk-config.nix ]; # Fixes iotop boot.kernel.sysctl = {"kernel.task_delayacct" = 1;}; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + efiSupport = false; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4"; + fsType = "ext4"; + }; + + networking.useDHCP = false; + systemd.network = { + enable = true; + networks."10-enp1s0" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "ipv4"; + dhcpV4Config = { + UseGateway = false; + UseRoutes = false; + }; + routes = [ + {routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};} + ]; + }; + }; + services.openssh = { enable = true; settings.PasswordAuthentication = true; diff --git a/nixos/linux.nix b/nixos/linux.nix index e82b273..3ad86de 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -57,6 +57,11 @@ in { file = ./secrets/webdav.age; owner = "root"; }; + + anthropic-api-key = { + file = ./secrets/anthropic-api-key.age; + owner = "root"; + }; }; environment.systemPackages = [ @@ -71,6 +76,8 @@ in { pkgs.rust-bin.stable.latest.default pkgs.wget + pkgs.unstable.claude-code + # For docker-compose like setups pkgs.arion start-arion-run @@ -92,6 +99,9 @@ in { # FIXME: change your shell here if you don't want zsh programs.zsh.enable = true; + programs.zsh.shellInit = '' + export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path}) + ''; environment.pathsToLink = ["/share/zsh"]; environment.shells = [pkgs.zsh]; diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 4a7b39c..92c44f2 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -48,6 +48,18 @@ }; }; + "www.philippeterson.com" = { + enableACME = true; + forceSSL = false; + addSSL = true; + + locations."/" = { + extraConfig = '' + return 301 https://philippeterson.com$request_uri; + ''; + }; + }; + "philippeterson.com" = { enableACME = true; # Enable Let's Encrypt certificate for HTTPS forceSSL = false; # Redirect HTTP to HTTPS? diff --git a/nixos/secrets/anthropic-api-key.age b/nixos/secrets/anthropic-api-key.age new file mode 100644 index 0000000..1cdd2b1 --- /dev/null +++ b/nixos/secrets/anthropic-api-key.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg +0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU +--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0 +`2ձw\96Uu8?c?($ЭQPuxQ169d3Rz̏Tl>"GuG!cDGdf=إa#:NAN \ No newline at end of file diff --git a/nixos/secrets/default.nix b/nixos/secrets/default.nix index 6c1af5e..6ec1556 100644 --- a/nixos/secrets/default.nix +++ b/nixos/secrets/default.nix @@ -1,5 +1,5 @@ -{}: let - mainframePublicKey = builtins.toString "../keys/mainframe.pub"; +let + mainframePublicKey = builtins.readFile ../keys/mainframe.pub; in { # This .age file should contain the following environment variables: # NEARLYFREESPEECH_API_KEY @@ -8,4 +8,7 @@ in { # WEBDAV_PASSWORD "./webdav.age".publicKeys = [mainframePublicKey]; + + # ANTHROPIC_API_KEY + "./anthropic-api-key.age".publicKeys = [mainframePublicKey]; }