Merge branch 'main' of github.com:philip-peterson/petersweb-infra

This commit is contained in:
Mork Swork 2026-05-14 14:34:28 -07:00
commit ef47bc328b
11 changed files with 65 additions and 23 deletions

View file

@ -12,4 +12,4 @@ jobs:
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main - uses: DeterminateSystems/magic-nix-cache-action@main
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub - run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel - run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel

View file

@ -3,4 +3,4 @@
set -e set -e
git pull origin main git pull origin main
nixos-rebuild switch --flake .#nixos --verbose --show-trace nixos-rebuild switch --flake .#mainframe --verbose --show-trace

View file

@ -68,7 +68,7 @@ in {
Restart = "always"; Restart = "always";
RestartSec = "0"; RestartSec = "0";
User = "root"; User = "root";
Group = "root"; Group = "repo-data";
}; };
}; };

View file

@ -12,16 +12,6 @@
size = "1M"; size = "1M";
type = "EF02"; type = "EF02";
}; };
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = { root = {
name = "root"; name = "root";
size = "100%"; size = "100%";

View file

@ -92,14 +92,13 @@
++ modules; ++ modules;
}; };
in { in {
nixosConfigurations.nixos = mkNixosConfiguration { nixosConfigurations.mainframe = mkNixosConfiguration {
hostname = "pw-mainframe"; hostname = "mainframe-2";
username = "ironmagma"; username = "ironmagma";
args = { args = {
nixPkgs = import nixpkgs {inherit system overlays;}; nixPkgs = import nixpkgs {inherit system overlays;};
}; };
modules = [ modules = [
disko.nixosModules.disko
agenix.nixosModules.age agenix.nixosModules.age
./hetzner.nix ./hetzner.nix
./linux.nix ./linux.nix

View file

@ -2,12 +2,38 @@
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
]; ];
# Fixes iotop # Fixes iotop
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;}; boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = false;
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4";
fsType = "ext4";
};
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
dhcpV4Config = {
UseGateway = false;
UseRoutes = false;
};
routes = [
{routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};}
];
};
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PasswordAuthentication = true; settings.PasswordAuthentication = true;

View file

@ -57,6 +57,11 @@ in {
file = ./secrets/webdav.age; file = ./secrets/webdav.age;
owner = "root"; owner = "root";
}; };
anthropic-api-key = {
file = ./secrets/anthropic-api-key.age;
owner = "root";
};
}; };
environment.systemPackages = [ environment.systemPackages = [
@ -71,6 +76,8 @@ in {
pkgs.rust-bin.stable.latest.default pkgs.rust-bin.stable.latest.default
pkgs.wget pkgs.wget
pkgs.unstable.claude-code
# For docker-compose like setups # For docker-compose like setups
pkgs.arion pkgs.arion
start-arion-run start-arion-run
@ -103,6 +110,9 @@ in {
# FIXME: change your shell here if you don't want zsh # FIXME: change your shell here if you don't want zsh
programs.zsh.enable = true; programs.zsh.enable = true;
programs.zsh.shellInit = ''
export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path})
'';
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];
environment.shells = [pkgs.zsh]; environment.shells = [pkgs.zsh];

View file

@ -48,6 +48,18 @@
}; };
}; };
"www.philippeterson.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
extraConfig = ''
return 301 https://philippeterson.com$request_uri;
'';
};
};
"philippeterson.com" = { "philippeterson.com" = {
enableACME = true; # Enable Let's Encrypt certificate for HTTPS enableACME = true; # Enable Let's Encrypt certificate for HTTPS
forceSSL = false; # Redirect HTTP to HTTPS? forceSSL = false; # Redirect HTTP to HTTPS?

View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg
0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU
--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0
½`2Õ±½ÖwÓ\ïž‹úÉ96ÉÃUu8<75>?îÒc?(ð$éõЭQÊãä¯êP˜øô«ËuÆÍöxQ169·d¾“3½¼ÔêRãz¿Ì<C2BF>Ÿ—Tºl>" Gáã<C3A1><08>uGà­!cøšÍì³DÉÏ­Gdf<>ïØ¥Ýa#:N¡AÖNÄ

View file

@ -1,5 +1,5 @@
{}: let let
mainframePublicKey = builtins.toString "../keys/mainframe.pub"; mainframePublicKey = builtins.readFile ../keys/mainframe.pub;
in { in {
# This .age file should contain the following environment variables: # This .age file should contain the following environment variables:
# NEARLYFREESPEECH_API_KEY # NEARLYFREESPEECH_API_KEY
@ -8,4 +8,7 @@ in {
# WEBDAV_PASSWORD # WEBDAV_PASSWORD
"./webdav.age".publicKeys = [mainframePublicKey]; "./webdav.age".publicKeys = [mainframePublicKey];
# ANTHROPIC_API_KEY
"./anthropic-api-key.age".publicKeys = [mainframePublicKey];
} }

View file

@ -48,10 +48,7 @@ in {
sessionVariables.EDITOR = "vim"; sessionVariables.EDITOR = "vim";
sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh"; sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh";
packages = lib.mkDefault ( packages = stable-packages ++ unstable-packages;
stable-packages
++ unstable-packages
);
file.".ssh/known_hosts" = { file.".ssh/known_hosts" = {
text = joinedString; text = joinedString;