diff --git a/bert/README.md b/bert/README.md index 5c8eff2..5fc22b6 100644 --- a/bert/README.md +++ b/bert/README.md @@ -1,20 +1,13 @@ -# `bert` - -## Installation +# Installation 1. Install NixOS minimal 2. `ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key` 2. Enable SSH server and add root SSH key 3. Deploy updated config with `make` 4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking) 1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key -5. Deploy content: - - websites in /srv - - factorio world at /var/lib/factorio/saves/default.zip - - git/forgejo in /var/lib/forgejo - - navidrome DB/etc in /var/lib/navidrome -6. Set up Grafana users (log in with default admin/admin; change creds; configure) +5. Deploy content to web services -## Notes on Caddy +# Notes on Caddy Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what content-types should be compressed: diff --git a/bert/configuration.nix b/bert/configuration.nix index e26c1ef..c541597 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -58,14 +58,6 @@ services.openssh.settings.PasswordAuthentication = false; users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; - users.users.isaac = { - isNormalUser = true; - description = "Isaac Swift"; - openssh.authorizedKeys.keys = [ - # TODO - ]; - }; - networking.firewall.allowedTCPPorts = [ 80 # Caddy 443 # Caddy diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 457bfb2..f85f0e7 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -5,11 +5,9 @@ ./git.chandlerswift.com.nix ./harborpaperco.com.nix ./home.chandlerswift.com.nix - ./isaacswift.com.nix ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix ./music.chandlerswift.com.nix - ./preview.chandlerswift.com.nix ./stjohnscccc.org.nix ./swiftgang.net.nix ]; diff --git a/bert/services/http/isaacswift.com.nix b/bert/services/http/isaacswift.com.nix deleted file mode 100644 index e9de32f..0000000 --- a/bert/services/http/isaacswift.com.nix +++ /dev/null @@ -1,23 +0,0 @@ - -{ - services.caddy.virtualHosts."isaacswift.com" = { - serverAliases = ["www.isaacswift.com"]; - extraConfig = '' - encode zstd gzip - file_server - root * /srv/www/isaacswift.com - # hide .git # ??? - - handle_errors { - respond "{err.status_code} {err.status_text}" - } - ''; - }; - systemd.tmpfiles.settings."10-isaacswift-com" = { - "/srv/www/isaacswift.com" = { - d = { - user = "isaac"; - }; - }; - }; -} diff --git a/bert/services/http/preview.chandlerswift.com.nix b/bert/services/http/preview.chandlerswift.com.nix deleted file mode 100644 index f0da071..0000000 --- a/bert/services/http/preview.chandlerswift.com.nix +++ /dev/null @@ -1,9 +0,0 @@ -{config, ...}: { - services.caddy.virtualHosts."preview.chandlerswift.com".extraConfig = '' - reverse_proxy oscar:4000 - - handle_errors { - respond "{err.status_code} {err.status_text}" - } - ''; -} diff --git a/bigbird/Makefile b/bigbird/Makefile index 7b9f27b..93d66e6 100644 --- a/bigbird/Makefile +++ b/bigbird/Makefile @@ -1,20 +1,20 @@ # https://stackoverflow.com/a/23324703 current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -.PHONY: deploy -deploy: +.PHONY: remote-deploy +remote-deploy: rsync -av $(current_dir)/ root@bigbird:config/ ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix ## This probably doesn't work, since architectures are different? -# .PHONY: local-build-deploy -# local-build-deploy: +# .PHONY: deploy +# deploy: # nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com -.PHONY: deploy-upgrade -deploy-upgrade: - rsync -avz $(current_dir)/ root@bigbird:config/ - ssh root@bigbird nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix +.PHONY: remote-deploy-upgrade +remote-deploy-upgrade: + rsync -avz $(current_dir)/ root@animal.chandlerswift.com:config/ + ssh root@animal.chandlerswift.com nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix # TODO: build an SD card? #sd-image: diff --git a/bigbird/configuration.nix b/bigbird/configuration.nix index 5a05bb6..e60b61e 100644 --- a/bigbird/configuration.nix +++ b/bigbird/configuration.nix @@ -14,6 +14,7 @@ boot.loader.generic-extlinux-compatible.enable = true; networking.hostName = "bigbird"; # Define your hostname. + networking.networkmanager.enable = true; # Enable ZFS: https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html boot.supportedFilesystems = [ "zfs" ]; diff --git a/bigbird/kathe.nix b/bigbird/kathe.nix index f1f040c..a98f3ad 100644 --- a/bigbird/kathe.nix +++ b/bigbird/kathe.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ users.users.kathe = { isNormalUser = true; description = "Käthe Swift"; diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 896bcbf..f34c211 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -119,8 +119,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chandler.isNormalUser = true; users.users.chandler.description = "Chandler Swift"; - users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" ]; - home-manager.backupFileExtension = "backup"; + users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" ]; home-manager.users.chandler = { pkgs, ... }: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -134,13 +133,11 @@ freecad frescobaldi gimp - gnome-sound-recorder josm kate kicad libreoffice-qt prismlauncher - prusa-slicer qgis # command line applications @@ -152,7 +149,6 @@ alsa-utils dig file - git-absorb killall pv wl-clipboard @@ -205,7 +201,6 @@ url."https://aur.archlinux.org/".insteadOf = "aur:"; url."ssh://aur@aur.archlinux.org/".pushInsteadOf = "aur:"; url."ssh://git@github.com/ChandlerSwift/".insteadOf = "gh:"; - url."ssh://forgejo@bert/chandlerswift/".insteadOf = "forgejo:"; push.autoSetupRemote = true; rebase.autosquash = true; rebase.autostash = true;