Merge branch 'two'
This commit is contained in:
commit
e8183c685b
10 changed files with 64 additions and 19 deletions
2
nixos/.github/workflows/build.yml
vendored
2
nixos/.github/workflows/build.yml
vendored
|
|
@ -12,4 +12,4 @@ jobs:
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
|
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
|
||||||
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel
|
- run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,4 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
git pull origin main
|
git pull origin main
|
||||||
nixos-rebuild switch --flake .#nixos --verbose --show-trace
|
nixos-rebuild switch --flake .#mainframe --verbose --show-trace
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@ in {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "0";
|
RestartSec = "0";
|
||||||
User = "root";
|
User = "root";
|
||||||
Group = "root";
|
Group = "repo-data";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,16 +12,6 @@
|
||||||
size = "1M";
|
size = "1M";
|
||||||
type = "EF02";
|
type = "EF02";
|
||||||
};
|
};
|
||||||
esp = {
|
|
||||||
name = "ESP";
|
|
||||||
size = "500M";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
root = {
|
root = {
|
||||||
name = "root";
|
name = "root";
|
||||||
size = "100%";
|
size = "100%";
|
||||||
|
|
|
||||||
|
|
@ -92,14 +92,13 @@
|
||||||
++ modules;
|
++ modules;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
nixosConfigurations.nixos = mkNixosConfiguration {
|
nixosConfigurations.mainframe = mkNixosConfiguration {
|
||||||
hostname = "pw-mainframe";
|
hostname = "mainframe-2";
|
||||||
username = "ironmagma";
|
username = "ironmagma";
|
||||||
args = {
|
args = {
|
||||||
nixPkgs = import nixpkgs {inherit system overlays;};
|
nixPkgs = import nixpkgs {inherit system overlays;};
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
disko.nixosModules.disko
|
|
||||||
agenix.nixosModules.age
|
agenix.nixosModules.age
|
||||||
./hetzner.nix
|
./hetzner.nix
|
||||||
./linux.nix
|
./linux.nix
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,38 @@
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
./disk-config.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Fixes iotop
|
# Fixes iotop
|
||||||
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
|
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
device = "/dev/sda";
|
||||||
|
efiSupport = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.useDHCP = false;
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
networks."10-enp1s0" = {
|
||||||
|
matchConfig.Name = "enp1s0";
|
||||||
|
networkConfig.DHCP = "ipv4";
|
||||||
|
dhcpV4Config = {
|
||||||
|
UseGateway = false;
|
||||||
|
UseRoutes = false;
|
||||||
|
};
|
||||||
|
routes = [
|
||||||
|
{routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.PasswordAuthentication = true;
|
settings.PasswordAuthentication = true;
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,11 @@ in {
|
||||||
file = ./secrets/webdav.age;
|
file = ./secrets/webdav.age;
|
||||||
owner = "root";
|
owner = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
anthropic-api-key = {
|
||||||
|
file = ./secrets/anthropic-api-key.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
@ -71,6 +76,8 @@ in {
|
||||||
pkgs.rust-bin.stable.latest.default
|
pkgs.rust-bin.stable.latest.default
|
||||||
pkgs.wget
|
pkgs.wget
|
||||||
|
|
||||||
|
pkgs.unstable.claude-code
|
||||||
|
|
||||||
# For docker-compose like setups
|
# For docker-compose like setups
|
||||||
pkgs.arion
|
pkgs.arion
|
||||||
start-arion-run
|
start-arion-run
|
||||||
|
|
@ -92,6 +99,9 @@ in {
|
||||||
|
|
||||||
# FIXME: change your shell here if you don't want zsh
|
# FIXME: change your shell here if you don't want zsh
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
programs.zsh.shellInit = ''
|
||||||
|
export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path})
|
||||||
|
'';
|
||||||
environment.pathsToLink = ["/share/zsh"];
|
environment.pathsToLink = ["/share/zsh"];
|
||||||
environment.shells = [pkgs.zsh];
|
environment.shells = [pkgs.zsh];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -48,6 +48,18 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
"www.philippeterson.com" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = false;
|
||||||
|
addSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
return 301 https://philippeterson.com$request_uri;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
"philippeterson.com" = {
|
"philippeterson.com" = {
|
||||||
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
|
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
|
||||||
forceSSL = false; # Redirect HTTP to HTTPS?
|
forceSSL = false; # Redirect HTTP to HTTPS?
|
||||||
|
|
|
||||||
5
nixos/secrets/anthropic-api-key.age
Normal file
5
nixos/secrets/anthropic-api-key.age
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg
|
||||||
|
0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU
|
||||||
|
--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0
|
||||||
|
½`2Õ±½ÖwÓ\ïž‹úÉ96ÉÃUu8<75>?îÒc?(ð$éõÐQÊãä¯êP˜øô«ËuÆÍöxQ169·d¾“3½‚‚¼ÔêRãz¿Ì<C2BF>Ÿ—Tºl>" Gáã<C3A1><08>uGà!cøšÍì³DÉÏGdf<>ï=ÍØ¥Ýa#:N¡AÖNÄ
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{}: let
|
let
|
||||||
mainframePublicKey = builtins.toString "../keys/mainframe.pub";
|
mainframePublicKey = builtins.readFile ../keys/mainframe.pub;
|
||||||
in {
|
in {
|
||||||
# This .age file should contain the following environment variables:
|
# This .age file should contain the following environment variables:
|
||||||
# NEARLYFREESPEECH_API_KEY
|
# NEARLYFREESPEECH_API_KEY
|
||||||
|
|
@ -8,4 +8,7 @@ in {
|
||||||
|
|
||||||
# WEBDAV_PASSWORD
|
# WEBDAV_PASSWORD
|
||||||
"./webdav.age".publicKeys = [mainframePublicKey];
|
"./webdav.age".publicKeys = [mainframePublicKey];
|
||||||
|
|
||||||
|
# ANTHROPIC_API_KEY
|
||||||
|
"./anthropic-api-key.age".publicKeys = [mainframePublicKey];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue