From 695c0eba9eefe4567ff8c6956d132076cb43e35f Mon Sep 17 00:00:00 2001
From: Chandler Swift <chandler@chandlerswift.com>
Date: Sun, 7 Jul 2024 20:37:49 -0500
Subject: [PATCH] Add initial config for animal

---
 animal/Makefile                   |  3 ++
 animal/configuration.nix          | 75 +++++++++++++++++++++++++++++++
 animal/eric.nix                   | 17 +++++++
 animal/hardware-configuration.nix | 19 ++++++++
 animal/kathe.nix                  | 26 +++++++++++
 animal/monitoring.nix             | 20 +++++++++
 animal/web.nix                    | 20 +++++++++
 7 files changed, 180 insertions(+)
 create mode 100644 animal/Makefile
 create mode 100644 animal/configuration.nix
 create mode 100644 animal/eric.nix
 create mode 100644 animal/hardware-configuration.nix
 create mode 100644 animal/kathe.nix
 create mode 100644 animal/monitoring.nix
 create mode 100644 animal/web.nix

diff --git a/animal/Makefile b/animal/Makefile
new file mode 100644
index 0000000..9c3acda
--- /dev/null
+++ b/animal/Makefile
@@ -0,0 +1,3 @@
+.PHONY: deploy
+deploy:
+	nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com
diff --git a/animal/configuration.nix b/animal/configuration.nix
new file mode 100644
index 0000000..137722c
--- /dev/null
+++ b/animal/configuration.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }: {
+
+#   config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+#       "minecraft-server"
+#     ];
+
+  imports = [
+    ./hardware-configuration.nix
+    ./web.nix
+    ./monitoring.nix
+    ./kathe.nix
+    ./eric.nix
+  ];
+
+  networking.hostName = "animal";
+  time.timeZone = "America/Chicago";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  fileSystems."/mnt/nas" = {
+    device = "//home.chandlerswift.com/chandlerpublic";
+    fsType = "cifs";
+    options = [ "guest" "port=55445" ];
+  };
+
+#   services.minecraft-server = {
+#     enable = true;
+#     declarative = true;
+#     eula = true;
+#     dataDir = "/srv/minecraft";
+#     openFirewall = true;
+#     whitelist = {
+#       chandlerswift = "04095aeb-edec-3c3f-b0d5-d703fab53c9c";
+#       villlater = "90b7fcd6-9f43-38c5-8ea2-163f13b092f0";
+#       LarryHorton = "de963636-138f-3ef4-8c52-a2dcf9a328f4";
+#       IsaacSwift = "88e17365-4b63-3385-a4b6-b2c4864b0b98";
+#       Mayornnaise = "be25bf89-ef07-3fa3-926b-20b939df62f1";
+#       Ripptide66 = "a94051cb-5769-3726-86b5-bc9fe4cbe5f5";
+#     };
+#   };
+
+  services.murmur = {
+    # TODO https://nixos.org/manual/nixos/stable/options#opt-services.murmur.enable
+    # TODO https://github.com/azlux/botamusique
+    #enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [ rsync ];
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];
+
+#   services.jitsi-meet = {
+#     enable = true;
+#     hostName = "meet.animal.chandlerswift.com";
+#     nginx.enable = false;
+#     caddy.enable = true;
+#   };
+#   services.jitsi-videobridge.openFirewall = true;
+
+
+  networking.firewall.allowedTCPPorts = [
+    80 # Caddy
+    443 # Caddy
+  ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  system.stateVersion = "24.05";
+
+}
+
diff --git a/animal/eric.nix b/animal/eric.nix
new file mode 100644
index 0000000..4eb1783
--- /dev/null
+++ b/animal/eric.nix
@@ -0,0 +1,17 @@
+{
+
+#   users.users.eric = {
+#     isNormalUser = true;
+#     description = "Eric Villnow";
+#     openssh.authorizedKeys.keys = [
+#       # TODO
+#     ];
+#   };
+
+  services.caddy.virtualHosts."nas.ericvillnow.com" = {
+    serverAliases = ["nas.vill.how"];
+    extraConfig = ''
+      reverse_proxy http://192.168.10.11:80
+    '';
+  };
+}
diff --git a/animal/hardware-configuration.nix b/animal/hardware-configuration.nix
new file mode 100644
index 0000000..9bf6dc6
--- /dev/null
+++ b/animal/hardware-configuration.nix
@@ -0,0 +1,19 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = { device = "/dev/disk/by-uuid/FDD2-F69B"; fsType = "vfat"; };
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
+  swapDevices = [{
+    device = "/swapfile";
+    size = 4 * 1024; # 4GB
+  }];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+}
diff --git a/animal/kathe.nix b/animal/kathe.nix
new file mode 100644
index 0000000..f083c75
--- /dev/null
+++ b/animal/kathe.nix
@@ -0,0 +1,26 @@
+{
+
+  users.users.kathe = {
+    isNormalUser = true;
+    description = "Käthe Swift";
+    openssh.authorizedKeys.keys = [
+      # TODO: ed25519
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTORULg2qqAJs5i9V7YpavlDaQBdPsEtj7s23B50qRz+VjP9rNQC8F2bVgI1BbI7CqQho2IFCG2nAiBqciLAMxTqaihI6OlNyhVJvkVSXxy2ru8NEKTPA2UnciepxeyQGfgstv8d+8mLiDbcytWDbtNoTymhy5DjCwki8gnQQTO1XVcJr5N12OsvoaCcikYQwTcxgXG0rVxlg/DUQJeaV1hZdHwpgr1cbdX2JxMONo8wcW5Ox5ZJs/+Zz72iOfoa9DXJChfdOQ5dMC+WVGwd3JbHQLWQmnCepYBKiUv8JMN7ZkDBcyIFJ+dc7F/CwBrPAF9g93GEauEilWulKV4AmbqdxY+lK/hp0fSr69H4bkqLmeAeXTHIlTge1FuQKNSKHeBhQ4y7OxDc0IEzDCE7OXT04fn6etsZcFb2JIYhFZWKGxiwSYWAjfdkmVnC48sC6Q3Heonk/IxZwbKVOUlo7B0q43A4PzTWiOWFcFKDGXn3KrNRCXuLfaYxYDyTEc2ss="
+    ];
+  };
+
+  services.caddy.virtualHosts."piano.animal.chandlerswift.com".extraConfig = ''
+    encode gzip
+    file_server
+    root /srv/piano.animal.chandlerswift.com
+    # hide .git # ???
+  '';
+  systemd.tmpfiles.settings."10-piano-animal-chandlerswift-com" = {
+    "/srv/piano.animal.chandlerswift.com" = {
+      d = {
+        user = "kathe";
+        mode = "0755";
+      };
+    };
+  };
+}
diff --git a/animal/monitoring.nix b/animal/monitoring.nix
new file mode 100644
index 0000000..707d3ba
--- /dev/null
+++ b/animal/monitoring.nix
@@ -0,0 +1,20 @@
+{
+  services.grafana = {
+    enable = true;
+    settings = {
+      server = {
+        http_addr = "127.0.0.1";
+        http_port = 3000;
+        domain = "monitoring.animal.chandlerswift.com";
+      };
+    };
+  };
+
+  services.prometheus = {
+    enable = true;
+  };
+
+  services.caddy.virtualHosts."monitoring.animal.chandlerswift.com".extraConfig = ''
+    reverse_proxy :3000
+  '';
+}
diff --git a/animal/web.nix b/animal/web.nix
new file mode 100644
index 0000000..6e0e106
--- /dev/null
+++ b/animal/web.nix
@@ -0,0 +1,20 @@
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts."animal.chandlerswift.com".extraConfig = ''
+      respond "Hello, world!"
+    '';
+  };
+
+  services.caddy.virtualHosts."maps.animal.chandlerswift.com".extraConfig = ''
+    encode gzip
+    file_server
+    root /srv/maps.animal.chandlerswift.com
+    # hide .git # ???
+  '';
+  systemd.tmpfiles.settings."10-maps-animal-chandlerswift-com" = {
+    "/srv/maps.animal.chandlerswift.com" = {
+      d = {};
+    };
+  };
+}