Merge branch 'main' of github.com:philip-peterson/petersweb-infra
This commit is contained in:
commit
ef47bc328b
11 changed files with 65 additions and 23 deletions
2
nixos/.github/workflows/build.yml
vendored
2
nixos/.github/workflows/build.yml
vendored
|
|
@ -12,4 +12,4 @@ jobs:
|
|||
- uses: DeterminateSystems/nix-installer-action@main
|
||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||
- run: ssh-keygen -t rsa -N '' -f ./id_rsa && git add id_rsa.pub
|
||||
- run: nix build .#nixosConfigurations.nixos.config.system.build.toplevel
|
||||
- run: nix build .#nixosConfigurations.mainframe.config.system.build.toplevel
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
set -e
|
||||
|
||||
git pull origin main
|
||||
nixos-rebuild switch --flake .#nixos --verbose --show-trace
|
||||
nixos-rebuild switch --flake .#mainframe --verbose --show-trace
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ in {
|
|||
Restart = "always";
|
||||
RestartSec = "0";
|
||||
User = "root";
|
||||
Group = "root";
|
||||
Group = "repo-data";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,16 +12,6 @@
|
|||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
name = "ESP";
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
|
|
|
|||
|
|
@ -92,14 +92,13 @@
|
|||
++ modules;
|
||||
};
|
||||
in {
|
||||
nixosConfigurations.nixos = mkNixosConfiguration {
|
||||
hostname = "pw-mainframe";
|
||||
nixosConfigurations.mainframe = mkNixosConfiguration {
|
||||
hostname = "mainframe-2";
|
||||
username = "ironmagma";
|
||||
args = {
|
||||
nixPkgs = import nixpkgs {inherit system overlays;};
|
||||
};
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
agenix.nixosModules.age
|
||||
./hetzner.nix
|
||||
./linux.nix
|
||||
|
|
|
|||
|
|
@ -2,12 +2,38 @@
|
|||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./disk-config.nix
|
||||
];
|
||||
|
||||
# Fixes iotop
|
||||
boot.kernel.sysctl = {"kernel.task_delayacct" = 1;};
|
||||
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/sda";
|
||||
efiSupport = false;
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/aaf104ce-4851-40d9-aeea-bebb5684f8c4";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
networking.useDHCP = false;
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks."10-enp1s0" = {
|
||||
matchConfig.Name = "enp1s0";
|
||||
networkConfig.DHCP = "ipv4";
|
||||
dhcpV4Config = {
|
||||
UseGateway = false;
|
||||
UseRoutes = false;
|
||||
};
|
||||
routes = [
|
||||
{routeConfig = {Gateway = "172.31.1.1"; GatewayOnLink = true;};}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = true;
|
||||
|
|
|
|||
|
|
@ -57,6 +57,11 @@ in {
|
|||
file = ./secrets/webdav.age;
|
||||
owner = "root";
|
||||
};
|
||||
|
||||
anthropic-api-key = {
|
||||
file = ./secrets/anthropic-api-key.age;
|
||||
owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
|
|
@ -71,6 +76,8 @@ in {
|
|||
pkgs.rust-bin.stable.latest.default
|
||||
pkgs.wget
|
||||
|
||||
pkgs.unstable.claude-code
|
||||
|
||||
# For docker-compose like setups
|
||||
pkgs.arion
|
||||
start-arion-run
|
||||
|
|
@ -103,6 +110,9 @@ in {
|
|||
|
||||
# FIXME: change your shell here if you don't want zsh
|
||||
programs.zsh.enable = true;
|
||||
programs.zsh.shellInit = ''
|
||||
export ANTHROPIC_API_KEY=$(cat ${config.age.secrets.anthropic-api-key.path})
|
||||
'';
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
environment.shells = [pkgs.zsh];
|
||||
|
||||
|
|
|
|||
|
|
@ -48,6 +48,18 @@
|
|||
};
|
||||
|
||||
};
|
||||
"www.philippeterson.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
addSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
return 301 https://philippeterson.com$request_uri;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"philippeterson.com" = {
|
||||
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
|
||||
forceSSL = false; # Redirect HTTP to HTTPS?
|
||||
|
|
|
|||
5
nixos/secrets/anthropic-api-key.age
Normal file
5
nixos/secrets/anthropic-api-key.age
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NFD/vg rY+eiWOLOhCGzqWb4k9jNLU6aQ+PM0GNXTRTM4LfyQg
|
||||
0Ekk88iG8ktnvVPwFW5EOrNN+UDxFmqeodz0SGCganU
|
||||
--- WQ0Q25GI8bmYzB8YkFuJV6wuSKlv+waIWU2aw8A/OF0
|
||||
½`2Õ±½ÖwÓ\ïž‹úÉ96ÉÃUu8<75>?îÒc?(ð$éõÐQÊãä¯êP˜øô«ËuÆÍöxQ169·d¾“3½‚‚¼ÔêRãz¿Ì<C2BF>Ÿ—Tºl>" Gáã<C3A1><08>uGà!cøšÍì³DÉÏGdf<>ï=ÍØ¥Ýa#:N¡AÖNÄ
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
{}: let
|
||||
mainframePublicKey = builtins.toString "../keys/mainframe.pub";
|
||||
let
|
||||
mainframePublicKey = builtins.readFile ../keys/mainframe.pub;
|
||||
in {
|
||||
# This .age file should contain the following environment variables:
|
||||
# NEARLYFREESPEECH_API_KEY
|
||||
|
|
@ -8,4 +8,7 @@ in {
|
|||
|
||||
# WEBDAV_PASSWORD
|
||||
"./webdav.age".publicKeys = [mainframePublicKey];
|
||||
|
||||
# ANTHROPIC_API_KEY
|
||||
"./anthropic-api-key.age".publicKeys = [mainframePublicKey];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,10 +48,7 @@ in {
|
|||
sessionVariables.EDITOR = "vim";
|
||||
sessionVariables.SHELL = "/etc/profiles/per-user/${username}/bin/zsh";
|
||||
|
||||
packages = lib.mkDefault (
|
||||
stable-packages
|
||||
++ unstable-packages
|
||||
);
|
||||
packages = stable-packages ++ unstable-packages;
|
||||
|
||||
file.".ssh/known_hosts" = {
|
||||
text = joinedString;
|
||||
|
|
|
|||
Loading…
Reference in a new issue