From e045c02c78ebbb25f33eb860ec3f985e828304c6 Mon Sep 17 00:00:00 2001 From: Mork Swork Date: Mon, 4 May 2026 10:36:14 -0700 Subject: [PATCH 01/15] Try and fix disk --- nixos/disk-config.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/nixos/disk-config.nix b/nixos/disk-config.nix index c72a8d4..66d7f54 100644 --- a/nixos/disk-config.nix +++ b/nixos/disk-config.nix @@ -12,16 +12,6 @@ size = "1M"; type = "EF02"; }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; root = { name = "root"; size = "100%"; From e519bcc13ba0cd7f29e0ad62436408077e54789d Mon Sep 17 00:00:00 2001 From: Mork Swork Date: Mon, 4 May 2026 10:54:02 -0700 Subject: [PATCH 02/15] Updates --- nixos/.github/workflows/build.yml | 2 +- nixos/apply.sh | 2 +- nixos/flake.nix | 3 +-- nixos/hetzner.nix | 15 ++++++++------- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nixos/.github/workflows/build.yml b/nixos/.github/workflows/build.yml index 181c1c6..07e4b5f 100644 --- a/nixos/.github/workflows/build.yml +++ b/nixos/.github/workflows/build.yml @@ -12,4 +12,4 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub - - run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel + - run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel diff --git a/nixos/apply.sh b/nixos/apply.sh index 50a7953..04811c3 100755 --- a/nixos/apply.sh +++ b/nixos/apply.sh @@ -3,4 +3,4 @@ set -e git pull origin main -nixos-rebuild switch --flake .#nixos --verbose --show-trace +nixos-rebuild switch --flake .#mainframe --verbose --show-trace diff --git a/nixos/flake.nix b/nixos/flake.nix index caed697..752f75e 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -92,14 +92,13 @@ ++ modules; }; in { - nixosConfigurations.nixos = mkNixosConfiguration { + nixosConfigurations.mainframe = mkNixosConfiguration { hostname = "pw-mainframe"; username = "ironmagma"; args = { nixPkgs = import nixpkgs {inherit system overlays;}; }; modules = [ - disko.nixosModules.disko agenix.nixosModules.age ./hetzner.nix ./linux.nix diff --git a/nixos/hetzner.nix b/nixos/hetzner.nix index cbbf2f3..da3eef2 100644 --- a/nixos/hetzner.nix +++ b/nixos/hetzner.nix @@ -2,28 +2,29 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") - ./disk-config.nix ]; # Fixes iotop boot.kernel.sysctl = {"kernel.task_delayacct" = 1;}; boot.loader.grub = { - # no need to set devices, disko will add all devices that have a EF02 partition to the list already - # devices = [ ]; - efiSupport = true; - efiInstallAsRemovable = true; + enable = true; + device = "/dev/sda"; + efiSupport = false; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4"; + fsType = "ext4"; }; services.openssh = { enable = true; settings.PasswordAuthentication = true; - settings.UsePAM = false; settings.PermitRootLogin = "yes"; settings.AllowUsers = [ "root" ]; extraConfig = '' PrintLastLog no -UsePAM no ''; hostKeys = [ { From 448221afff7b3c76d0bbb7a185aaf24e7729936a Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Mon, 4 May 2026 11:04:12 -0800 Subject: [PATCH 03/15] Comment out temporarily most sites --- nixos/nginx.nix | 264 ++++++++++++++++++++++++------------------------ 1 file changed, 132 insertions(+), 132 deletions(-) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 4a7b39c..20cc707 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -48,156 +48,156 @@ }; }; - "philippeterson.com" = { - enableACME = true; # Enable Let's Encrypt certificate for HTTPS - forceSSL = false; # Redirect HTTP to HTTPS? - addSSL = true; + #"philippeterson.com" = { + # enableACME = true; # Enable Let's Encrypt certificate for HTTPS + # forceSSL = false; # Redirect HTTP to HTTPS? + # addSSL = true; - root = "/etc/pullomatic/com_philippeterson"; + # root = "/etc/pullomatic/com_philippeterson"; - locations."~ /.git(/.*)$ " = { - extraConfig = '' - deny all; - return 404; - ''; - }; + # locations."~ /.git(/.*)$ " = { + # extraConfig = '' + # deny all; + # return 404; + # ''; + # }; - locations."/games/atcsim" = { - extraConfig = '' - return 301 /games/atcsim/; - ''; - }; + # locations."/games/atcsim" = { + # extraConfig = '' + # return 301 /games/atcsim/; + # ''; + # }; - locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { - extraConfig = '' - index index.html index.htm; - rewrite ^/games/atcsim/?$ "/index.html" break; - rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; - root /etc/pullomatic/atcsim; - ''; - }; + # locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { + # extraConfig = '' + # index index.html index.htm; + # rewrite ^/games/atcsim/?$ "/index.html" break; + # rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; + # root /etc/pullomatic/atcsim; + # ''; + # }; - locations."/portfolio" = { - extraConfig = '' - return 301 /portfolio/; - ''; - }; + # locations."/portfolio" = { + # extraConfig = '' + # return 301 /portfolio/; + # ''; + # }; - locations."~ ^/portfolio/" = { - extraConfig = '' - index index.html index.htm; - rewrite ^/portfolio/?$ "/index.html" break; - rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; - root /etc/pullomatic/my-portfolio; - ''; - }; + # locations."~ ^/portfolio/" = { + # extraConfig = '' + # index index.html index.htm; + # rewrite ^/portfolio/?$ "/index.html" break; + # rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; + # root /etc/pullomatic/my-portfolio; + # ''; + # }; - locations."~ ^/echo(?((/[^/\\s]*)*))$" = { - extraConfig = '' - add_header Content-Type text/plain; - return 200 "$query"; - ''; - }; + # locations."~ ^/echo(?((/[^/\\s]*)*))$" = { + # extraConfig = '' + # add_header Content-Type text/plain; + # return 200 "$query"; + # ''; + # }; - locations."/" = { - extraConfig = '' - try_files $uri $uri.php $uri/ =404; - index index.php index.html index.htm; - rewrite ^/contact$ /contact.php last; - rewrite ^/resume$ /resume.php last; - ''; - }; + # locations."/" = { + # extraConfig = '' + # try_files $uri $uri.php $uri/ =404; + # index index.php index.html index.htm; + # rewrite ^/contact$ /contact.php last; + # rewrite ^/resume$ /resume.php last; + # ''; + # }; - locations."~ \.php$" = { - extraConfig = '' - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; - ''; - }; - }; - "blog.quineglobal.com" = { - enableACME = false; - forceSSL = false; - addSSL = false; + # locations."~ \.php$" = { + # extraConfig = '' + # include ${pkgs.nginx}/conf/fastcgi.conf; + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; + # ''; + # }; + #}; + #"blog.quineglobal.com" = { + # enableACME = false; + # forceSSL = false; + # addSSL = false; - locations."/" = { - proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container - }; - }; - "quineglobal.com" = { - enableACME = false; - forceSSL = false; - addSSL = false; + # locations."/" = { + # proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container + # }; + #}; + #"quineglobal.com" = { + # enableACME = false; + # forceSSL = false; + # addSSL = false; - locations."/" = { - extraConfig = '' - index index.html index.htm; - root /etc/pullomatic/com_quineglobal; - ''; - }; - }; + # locations."/" = { + # extraConfig = '' + # index index.html index.htm; + # root /etc/pullomatic/com_quineglobal; + # ''; + # }; + #}; - "webdav.philippeterson.com" = { - serverName = "webdav.philippeterson.com"; - enableACME = true; - onlySSL = true; + #"webdav.philippeterson.com" = { + # serverName = "webdav.philippeterson.com"; + # enableACME = true; + # onlySSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav - extraConfig = '' - # Pass required headers for WebDAV - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Pass Authorization header if required - proxy_set_header Authorization $http_authorization; - - # Set timeouts for large file uploads or long WebDAV operations - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - - # Increase client body size for large uploads - client_max_body_size 100M; - - # Optional: Disable caching for WebDAV operations - proxy_buffering off; - proxy_cache off; - ''; - }; - }; + # locations."/" = { + # proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav + # extraConfig = '' + # # Pass required headers for WebDAV + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # + # # Pass Authorization header if required + # proxy_set_header Authorization $http_authorization; + # + # # Set timeouts for large file uploads or long WebDAV operations + # proxy_read_timeout 300; + # proxy_connect_timeout 300; + # proxy_send_timeout 300; + # + # # Increase client body size for large uploads + # client_max_body_size 100M; + # + # # Optional: Disable caching for WebDAV operations + # proxy_buffering off; + # proxy_cache off; + # ''; + # }; + #}; - "forge.quinefoundation.com-https" = { - serverName = "forge.quinefoundation.com"; - enableACME = true; - onlySSL = true; + #"forge.quinefoundation.com-https" = { + # serverName = "forge.quinefoundation.com"; + # enableACME = true; + # onlySSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo - }; - }; + # locations."/" = { + # proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo + # }; + #}; - "forge.quinefoundation.com-http" = { - serverName = "forge.quinefoundation.com"; + #"forge.quinefoundation.com-http" = { + # serverName = "forge.quinefoundation.com"; - listen = [ - { addr = "0.0.0.0"; port = 80; } - { addr = "[::]"; port = 80; } - ]; - - locations."/" = { - # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. - #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS + # listen = [ + # { addr = "0.0.0.0"; port = 80; } + # { addr = "[::]"; port = 80; } + # ]; + # + # locations."/" = { + # # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. + # #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS - # Instead, temporarily redirect to HTTPS - extraConfig = '' - return 302 https://$host$request_uri; - ''; - }; - }; + # # Instead, temporarily redirect to HTTPS + # extraConfig = '' + # return 302 https://$host$request_uri; + # ''; + # }; + #}; }; # Optionally configure additional options From 339b775acf30315e051170a76437e1e56e8e330d Mon Sep 17 00:00:00 2001 From: Mork Swork Date: Mon, 4 May 2026 14:44:07 -0700 Subject: [PATCH 04/15] add anthropic key --- nixos/linux.nix | 11 +++++++++++ nixos/secrets/anthropic-api-key.age | 5 +++++ nixos/secrets/default.nix | 7 +++++-- 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 nixos/secrets/anthropic-api-key.age diff --git a/nixos/linux.nix b/nixos/linux.nix index e82b273..e028757 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -57,6 +57,11 @@ in { file = ./secrets/webdav.age; owner = "root"; }; + + anthropic-api-key = { + file = ./secrets/anthropic-api-key.age; + owner = "root"; + }; }; environment.systemPackages = [ @@ -71,6 +76,8 @@ in { pkgs.rust-bin.stable.latest.default pkgs.wget + pkgs.claude-code + # For docker-compose like setups pkgs.arion start-arion-run @@ -95,6 +102,10 @@ in { environment.pathsToLink = ["/share/zsh"]; environment.shells = [pkgs.zsh]; + environment.etc."profile.d/anthropic.sh".text = '' + export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path}) + ''; + environment.enableAllTerminfo = true; security.sudo.wheelNeedsPassword = false; diff --git a/nixos/secrets/anthropic-api-key.age b/nixos/secrets/anthropic-api-key.age new file mode 100644 index 0000000..1cdd2b1 --- /dev/null +++ b/nixos/secrets/anthropic-api-key.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg +0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU +--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0 +`2ձw\96Uu8?c?($ЭQPuxQ169d3Rz̏Tl>"GuG!cDGdf=إa#:NAN \ No newline at end of file diff --git a/nixos/secrets/default.nix b/nixos/secrets/default.nix index 6c1af5e..6ec1556 100644 --- a/nixos/secrets/default.nix +++ b/nixos/secrets/default.nix @@ -1,5 +1,5 @@ -{}: let - mainframePublicKey = builtins.toString "../keys/mainframe.pub"; +let + mainframePublicKey = builtins.readFile ../keys/mainframe.pub; in { # This .age file should contain the following environment variables: # NEARLYFREESPEECH_API_KEY @@ -8,4 +8,7 @@ in { # WEBDAV_PASSWORD "./webdav.age".publicKeys = [mainframePublicKey]; + + # ANTHROPIC_API_KEY + "./anthropic-api-key.age".publicKeys = [mainframePublicKey]; } From e75cd431ebccb74b7198de59db3299128a8f8acb Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Mon, 4 May 2026 13:47:58 -0800 Subject: [PATCH 05/15] claude code --- nixos/linux.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/linux.nix b/nixos/linux.nix index e028757..b06c7ec 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -76,7 +76,7 @@ in { pkgs.rust-bin.stable.latest.default pkgs.wget - pkgs.claude-code + pkgs.unstable.claude-code # For docker-compose like setups pkgs.arion From d47a9dc8e16aac52b0ece7f27c356c63f3332c94 Mon Sep 17 00:00:00 2001 From: Mork Swork Date: Mon, 4 May 2026 14:52:47 -0700 Subject: [PATCH 06/15] Zsh fix --- nixos/linux.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/nixos/linux.nix b/nixos/linux.nix index e028757..dd9e1d9 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -99,12 +99,11 @@ in { # FIXME: change your shell here if you don't want zsh programs.zsh.enable = true; - environment.pathsToLink = ["/share/zsh"]; - environment.shells = [pkgs.zsh]; - - environment.etc."profile.d/anthropic.sh".text = '' + programs.zsh.shellInit = '' export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path}) ''; + environment.pathsToLink = ["/share/zsh"]; + environment.shells = [pkgs.zsh]; environment.enableAllTerminfo = true; From 6a39ccced0c75c3d171c3e5cc8a0f793c4bf441e Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Mon, 4 May 2026 22:48:19 -0800 Subject: [PATCH 07/15] Try to fix networking --- nixos/hetzner.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nixos/hetzner.nix b/nixos/hetzner.nix index da3eef2..fd1071b 100644 --- a/nixos/hetzner.nix +++ b/nixos/hetzner.nix @@ -18,6 +18,22 @@ fsType = "ext4"; }; + networking.useDHCP = false; + systemd.network = { + enable = true; + networks."10-enp1s0" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "ipv4"; + dhcpV4Config = { + UseGateway = false; + UseRoutes = false; + }; + routes = [ + {routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};} + ]; + }; + }; + services.openssh = { enable = true; settings.PasswordAuthentication = true; From 3b12f7aee275db87ccf5cb5552fdc591a650f8a4 Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Mon, 4 May 2026 22:50:25 -0800 Subject: [PATCH 08/15] Try to fix hm issue --- nixos/system/home/shared.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/system/home/shared.nix b/nixos/system/home/shared.nix index 83db851..a6f67a6 100644 --- a/nixos/system/home/shared.nix +++ b/nixos/system/home/shared.nix @@ -52,7 +52,7 @@ in { ++ unstable-packages ); - file.".ssh/known_hosts".text = joinedString; + file.".ssh/known_hosts" = {text = joinedString; force = true;}; }; programs = { From ad6be27f7c813537041c516c1f15876baf68ec3a Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Mon, 4 May 2026 23:07:42 -0800 Subject: [PATCH 09/15] Enable more sites --- nixos/nginx.nix | 146 ++++++++++++++++++++++++------------------------ 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 20cc707..40eb8fe 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -116,88 +116,88 @@ # ''; # }; #}; - #"blog.quineglobal.com" = { - # enableACME = false; - # forceSSL = false; - # addSSL = false; + "blog.quineglobal.com" = { + enableACME = false; + forceSSL = false; + addSSL = false; - # locations."/" = { - # proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container - # }; - #}; - #"quineglobal.com" = { - # enableACME = false; - # forceSSL = false; - # addSSL = false; + locations."/" = { + proxyPass = "http://127.0.0.1:3010/"; # pass through to docker container + }; + }; + "quineglobal.com" = { + enableACME = false; + forceSSL = false; + addSSL = false; - # locations."/" = { - # extraConfig = '' - # index index.html index.htm; - # root /etc/pullomatic/com_quineglobal; - # ''; - # }; - #}; + locations."/" = { + extraConfig = '' + index index.html index.htm; + root /etc/pullomatic/com_quineglobal; + ''; + }; + }; - #"webdav.philippeterson.com" = { - # serverName = "webdav.philippeterson.com"; - # enableACME = true; - # onlySSL = true; + "webdav.philippeterson.com" = { + serverName = "webdav.philippeterson.com"; + enableACME = true; + onlySSL = true; - # locations."/" = { - # proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav - # extraConfig = '' - # # Pass required headers for WebDAV - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # - # # Pass Authorization header if required - # proxy_set_header Authorization $http_authorization; - # - # # Set timeouts for large file uploads or long WebDAV operations - # proxy_read_timeout 300; - # proxy_connect_timeout 300; - # proxy_send_timeout 300; - # - # # Increase client body size for large uploads - # client_max_body_size 100M; - # - # # Optional: Disable caching for WebDAV operations - # proxy_buffering off; - # proxy_cache off; - # ''; - # }; - #}; + locations."/" = { + proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav + extraConfig = '' + # Pass required headers for WebDAV + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Pass Authorization header if required + proxy_set_header Authorization $http_authorization; + + # Set timeouts for large file uploads or long WebDAV operations + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + + # Increase client body size for large uploads + client_max_body_size 100M; + + # Optional: Disable caching for WebDAV operations + proxy_buffering off; + proxy_cache off; + ''; + }; + }; - #"forge.quinefoundation.com-https" = { - # serverName = "forge.quinefoundation.com"; - # enableACME = true; - # onlySSL = true; + "forge.quinefoundation.com-https" = { + serverName = "forge.quinefoundation.com"; + enableACME = true; + onlySSL = true; - # locations."/" = { - # proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo - # }; - #}; + locations."/" = { + proxyPass = "http://127.0.0.1:3000/"; # pass through to Forgejo + }; + }; - #"forge.quinefoundation.com-http" = { - # serverName = "forge.quinefoundation.com"; + "forge.quinefoundation.com-http" = { + serverName = "forge.quinefoundation.com"; - # listen = [ - # { addr = "0.0.0.0"; port = 80; } - # { addr = "[::]"; port = 80; } - # ]; - # - # locations."/" = { - # # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. - # #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS + listen = [ + { addr = "0.0.0.0"; port = 80; } + { addr = "[::]"; port = 80; } + ]; + + locations."/" = { + # TODO: forgejo does not support HTTP+HTTPS. But it would be nice if it did. + #proxyPass = "https://forge.quinefoundation.com/"; # pass through to HTTPS - # # Instead, temporarily redirect to HTTPS - # extraConfig = '' - # return 302 https://$host$request_uri; - # ''; - # }; - #}; + # Instead, temporarily redirect to HTTPS + extraConfig = '' + return 302 https://$host$request_uri; + ''; + }; + }; }; # Optionally configure additional options From 45f4cdc920b5afa2919e2787ab303da0b6291f17 Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Tue, 5 May 2026 00:11:02 -0800 Subject: [PATCH 10/15] change hostname --- nixos/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/flake.nix b/nixos/flake.nix index 752f75e..55e1843 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -93,7 +93,7 @@ }; in { nixosConfigurations.mainframe = mkNixosConfiguration { - hostname = "pw-mainframe"; + hostname = "mainframe-2"; username = "ironmagma"; args = { nixPkgs = import nixpkgs {inherit system overlays;}; From 1d9de08c3d79a1358f0d50e3cd78e5061d1c106f Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Tue, 5 May 2026 01:28:35 -0800 Subject: [PATCH 11/15] pullomatic fix --- nixos/cloned_repos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/cloned_repos/default.nix b/nixos/cloned_repos/default.nix index b29e4d6..971e517 100644 --- a/nixos/cloned_repos/default.nix +++ b/nixos/cloned_repos/default.nix @@ -68,7 +68,7 @@ in { Restart = "always"; RestartSec = "0"; User = "root"; - Group = "root"; + Group = "repo-data"; }; }; From aed3fa1e4df23ebcc28799fca2ff9bc7ad737aee Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Tue, 5 May 2026 01:33:57 -0800 Subject: [PATCH 12/15] Add philippeterson.com --- nixos/nginx.nix | 118 ++++++++++++++++++++++++------------------------ 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 40eb8fe..4a7b39c 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -48,74 +48,74 @@ }; }; - #"philippeterson.com" = { - # enableACME = true; # Enable Let's Encrypt certificate for HTTPS - # forceSSL = false; # Redirect HTTP to HTTPS? - # addSSL = true; + "philippeterson.com" = { + enableACME = true; # Enable Let's Encrypt certificate for HTTPS + forceSSL = false; # Redirect HTTP to HTTPS? + addSSL = true; - # root = "/etc/pullomatic/com_philippeterson"; + root = "/etc/pullomatic/com_philippeterson"; - # locations."~ /.git(/.*)$ " = { - # extraConfig = '' - # deny all; - # return 404; - # ''; - # }; + locations."~ /.git(/.*)$ " = { + extraConfig = '' + deny all; + return 404; + ''; + }; - # locations."/games/atcsim" = { - # extraConfig = '' - # return 301 /games/atcsim/; - # ''; - # }; + locations."/games/atcsim" = { + extraConfig = '' + return 301 /games/atcsim/; + ''; + }; - # locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { - # extraConfig = '' - # index index.html index.htm; - # rewrite ^/games/atcsim/?$ "/index.html" break; - # rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; - # root /etc/pullomatic/atcsim; - # ''; - # }; + locations."~ ^/games/atcsim(/[^/\\s]*)*$" = { + extraConfig = '' + index index.html index.htm; + rewrite ^/games/atcsim/?$ "/index.html" break; + rewrite ^/games/atcsim(?(/[^/\\s]*)*)$ "$query" break; + root /etc/pullomatic/atcsim; + ''; + }; - # locations."/portfolio" = { - # extraConfig = '' - # return 301 /portfolio/; - # ''; - # }; + locations."/portfolio" = { + extraConfig = '' + return 301 /portfolio/; + ''; + }; - # locations."~ ^/portfolio/" = { - # extraConfig = '' - # index index.html index.htm; - # rewrite ^/portfolio/?$ "/index.html" break; - # rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; - # root /etc/pullomatic/my-portfolio; - # ''; - # }; + locations."~ ^/portfolio/" = { + extraConfig = '' + index index.html index.htm; + rewrite ^/portfolio/?$ "/index.html" break; + rewrite ^/portfolio(?(/[^/\\s]*)*)$ "$query" break; + root /etc/pullomatic/my-portfolio; + ''; + }; - # locations."~ ^/echo(?((/[^/\\s]*)*))$" = { - # extraConfig = '' - # add_header Content-Type text/plain; - # return 200 "$query"; - # ''; - # }; + locations."~ ^/echo(?((/[^/\\s]*)*))$" = { + extraConfig = '' + add_header Content-Type text/plain; + return 200 "$query"; + ''; + }; - # locations."/" = { - # extraConfig = '' - # try_files $uri $uri.php $uri/ =404; - # index index.php index.html index.htm; - # rewrite ^/contact$ /contact.php last; - # rewrite ^/resume$ /resume.php last; - # ''; - # }; + locations."/" = { + extraConfig = '' + try_files $uri $uri.php $uri/ =404; + index index.php index.html index.htm; + rewrite ^/contact$ /contact.php last; + rewrite ^/resume$ /resume.php last; + ''; + }; - # locations."~ \.php$" = { - # extraConfig = '' - # include ${pkgs.nginx}/conf/fastcgi.conf; - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; - # ''; - # }; - #}; + locations."~ \.php$" = { + extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; + ''; + }; + }; "blog.quineglobal.com" = { enableACME = false; forceSSL = false; From b9b282fde861f8db1f9b8ed716623f220328d44a Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Tue, 5 May 2026 01:39:13 -0800 Subject: [PATCH 13/15] add www.philippeterson --- nixos/nginx.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 4a7b39c..92c44f2 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -48,6 +48,18 @@ }; }; + "www.philippeterson.com" = { + enableACME = true; + forceSSL = false; + addSSL = true; + + locations."/" = { + extraConfig = '' + return 301 https://philippeterson.com$request_uri; + ''; + }; + }; + "philippeterson.com" = { enableACME = true; # Enable Let's Encrypt certificate for HTTPS forceSSL = false; # Redirect HTTP to HTTPS? From 8331c69d2d4091d2e2544623f64298b4b764723f Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Fri, 8 May 2026 20:36:50 -0800 Subject: [PATCH 14/15] add macbook air --- nixos/keys/authorized_keys/macbookair.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 nixos/keys/authorized_keys/macbookair.pub diff --git a/nixos/keys/authorized_keys/macbookair.pub b/nixos/keys/authorized_keys/macbookair.pub new file mode 100644 index 0000000..f8fa605 --- /dev/null +++ b/nixos/keys/authorized_keys/macbookair.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESaLhJGliEbW5iKXNeY+MaT+8jw4SXvhRVkjQ5DZq1G morkswork@Morks-MacBook-Air.local From 94cf550ea4b0f60accb26c4d8a1f44a610c6fed7 Mon Sep 17 00:00:00 2001 From: Philip Peterson Date: Fri, 8 May 2026 21:27:42 -0800 Subject: [PATCH 15/15] Fix mkDefault issue --- nixos/system/home/shared.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nixos/system/home/shared.nix b/nixos/system/home/shared.nix index 061585b..d4d46bd 100644 --- a/nixos/system/home/shared.nix +++ b/nixos/system/home/shared.nix @@ -48,10 +48,7 @@ in { sessionVariables.EDITOR = "vim"; sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh"; - packages = lib.mkDefault ( - stable-packages - ++ unstable-packages - ); + packages = stable-packages ++ unstable-packages; file.".ssh/known_hosts" = { text = joinedString;