Add initial config for animal

This commit is contained in:
Chandler Swift 2024-07-07 20:37:49 -05:00
parent eba9eb03f4
commit 695c0eba9e
Signed by: chandlerswift
GPG key ID: A851D929D52FB93F
7 changed files with 180 additions and 0 deletions

3
animal/Makefile Normal file
View file

@ -0,0 +1,3 @@
.PHONY: deploy
deploy:
nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com

75
animal/configuration.nix Normal file
View file

@ -0,0 +1,75 @@
{ config, lib, pkgs, ... }: {
# config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# "minecraft-server"
# ];
imports = [
./hardware-configuration.nix
./web.nix
./monitoring.nix
./kathe.nix
./eric.nix
];
networking.hostName = "animal";
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
fileSystems."/mnt/nas" = {
device = "//home.chandlerswift.com/chandlerpublic";
fsType = "cifs";
options = [ "guest" "port=55445" ];
};
# services.minecraft-server = {
# enable = true;
# declarative = true;
# eula = true;
# dataDir = "/srv/minecraft";
# openFirewall = true;
# whitelist = {
# chandlerswift = "04095aeb-edec-3c3f-b0d5-d703fab53c9c";
# villlater = "90b7fcd6-9f43-38c5-8ea2-163f13b092f0";
# LarryHorton = "de963636-138f-3ef4-8c52-a2dcf9a328f4";
# IsaacSwift = "88e17365-4b63-3385-a4b6-b2c4864b0b98";
# Mayornnaise = "be25bf89-ef07-3fa3-926b-20b939df62f1";
# Ripptide66 = "a94051cb-5769-3726-86b5-bc9fe4cbe5f5";
# };
# };
services.murmur = {
# TODO https://nixos.org/manual/nixos/stable/options#opt-services.murmur.enable
# TODO https://github.com/azlux/botamusique
#enable = true;
};
environment.systemPackages = with pkgs; [ rsync ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];
# services.jitsi-meet = {
# enable = true;
# hostName = "meet.animal.chandlerswift.com";
# nginx.enable = false;
# caddy.enable = true;
# };
# services.jitsi-videobridge.openFirewall = true;
networking.firewall.allowedTCPPorts = [
80 # Caddy
443 # Caddy
];
# networking.firewall.allowedUDPPorts = [ ... ];
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
system.stateVersion = "24.05";
}

17
animal/eric.nix Normal file
View file

@ -0,0 +1,17 @@
{
# users.users.eric = {
# isNormalUser = true;
# description = "Eric Villnow";
# openssh.authorizedKeys.keys = [
# # TODO
# ];
# };
services.caddy.virtualHosts."nas.ericvillnow.com" = {
serverAliases = ["nas.vill.how"];
extraConfig = ''
reverse_proxy http://192.168.10.11:80
'';
};
}

View file

@ -0,0 +1,19 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/FDD2-F69B"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
swapDevices = [{
device = "/swapfile";
size = 4 * 1024; # 4GB
}];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
}

26
animal/kathe.nix Normal file
View file

@ -0,0 +1,26 @@
{
users.users.kathe = {
isNormalUser = true;
description = "Käthe Swift";
openssh.authorizedKeys.keys = [
# TODO: ed25519
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTORULg2qqAJs5i9V7YpavlDaQBdPsEtj7s23B50qRz+VjP9rNQC8F2bVgI1BbI7CqQho2IFCG2nAiBqciLAMxTqaihI6OlNyhVJvkVSXxy2ru8NEKTPA2UnciepxeyQGfgstv8d+8mLiDbcytWDbtNoTymhy5DjCwki8gnQQTO1XVcJr5N12OsvoaCcikYQwTcxgXG0rVxlg/DUQJeaV1hZdHwpgr1cbdX2JxMONo8wcW5Ox5ZJs/+Zz72iOfoa9DXJChfdOQ5dMC+WVGwd3JbHQLWQmnCepYBKiUv8JMN7ZkDBcyIFJ+dc7F/CwBrPAF9g93GEauEilWulKV4AmbqdxY+lK/hp0fSr69H4bkqLmeAeXTHIlTge1FuQKNSKHeBhQ4y7OxDc0IEzDCE7OXT04fn6etsZcFb2JIYhFZWKGxiwSYWAjfdkmVnC48sC6Q3Heonk/IxZwbKVOUlo7B0q43A4PzTWiOWFcFKDGXn3KrNRCXuLfaYxYDyTEc2ss="
];
};
services.caddy.virtualHosts."piano.animal.chandlerswift.com".extraConfig = ''
encode gzip
file_server
root /srv/piano.animal.chandlerswift.com
# hide .git # ???
'';
systemd.tmpfiles.settings."10-piano-animal-chandlerswift-com" = {
"/srv/piano.animal.chandlerswift.com" = {
d = {
user = "kathe";
mode = "0755";
};
};
};
}

20
animal/monitoring.nix Normal file
View file

@ -0,0 +1,20 @@
{
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3000;
domain = "monitoring.animal.chandlerswift.com";
};
};
};
services.prometheus = {
enable = true;
};
services.caddy.virtualHosts."monitoring.animal.chandlerswift.com".extraConfig = ''
reverse_proxy :3000
'';
}

20
animal/web.nix Normal file
View file

@ -0,0 +1,20 @@
{
services.caddy = {
enable = true;
virtualHosts."animal.chandlerswift.com".extraConfig = ''
respond "Hello, world!"
'';
};
services.caddy.virtualHosts."maps.animal.chandlerswift.com".extraConfig = ''
encode gzip
file_server
root /srv/maps.animal.chandlerswift.com
# hide .git # ???
'';
systemd.tmpfiles.settings."10-maps-animal-chandlerswift-com" = {
"/srv/maps.animal.chandlerswift.com" = {
d = {};
};
};
}