From 815c1ad67162ff960fe793392733f5ffc0858e73 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:05:36 -0600 Subject: [PATCH 01/10] bigbird: Enable ZFS autoscrub --- bigbird/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bigbird/configuration.nix b/bigbird/configuration.nix index f50cdc4..e60b61e 100644 --- a/bigbird/configuration.nix +++ b/bigbird/configuration.nix @@ -21,6 +21,8 @@ boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "nas" ]; + services.zfs.autoScrub.enable = true; # Current scan takes ~12h, runs monthly (I spend 2% of the time doing scans? lol) + networking.hostId = "66abd088"; # `openssl rand -hex 4` time.timeZone = "America/Chicago"; From 3e7ead9d5f63c295dfece8119f1efec1d163a84b Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:07:53 -0600 Subject: [PATCH 02/10] bigbird: Add README with SD card note --- bigbird/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 bigbird/README.md diff --git a/bigbird/README.md b/bigbird/README.md new file mode 100644 index 0000000..0ccdd49 --- /dev/null +++ b/bigbird/README.md @@ -0,0 +1,9 @@ +# `bigbird`: ODROID HC4 NAS + +## SD card notes +Many SD cards I attempted would boot fine but then fail to reset on reboot. +Some preliminary research suggests that this may be a kernel issue, but I'm not +entirely sure at this point. For now, I took the easy way out: Just keep trying +SD cards until one works! Thankfully, it seems to be reliable that an SD card +works either 100% or 0% of the time. Currently using a 32GB Microcenter cheapo, +in place of the nicer 128GB ones I was planning on instead. From 0b821f6111d003d380fa67314e134588e1e38c25 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:15:27 -0600 Subject: [PATCH 03/10] bert: Disable networkmanager I wasn't actually using this anyway? :shrug: --- bert/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/bert/configuration.nix b/bert/configuration.nix index c475e2a..369623e 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -35,8 +35,6 @@ boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1"; networking.hostName = "bert"; - # Enable networking - networking.networkmanager.enable = true; time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; From e9e8913fe6f63d96f5e0ee8b77dce34a364210d9 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:15:45 -0600 Subject: [PATCH 04/10] bert: Add public mount from bigbird --- bert/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bert/configuration.nix b/bert/configuration.nix index 369623e..eecb150 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -35,6 +35,11 @@ boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1"; networking.hostName = "bert"; + fileSystems."/mnt/bigbird-public" = { + device = "//bigbird/public"; + fsType = "cifs"; + options = [ "guest" ]; + }; time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; From 5271fe9965886013c1a8048ba421fbcc4cecb745 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:29:06 -0600 Subject: [PATCH 05/10] bert: Add navidrome --- bert/configuration.nix | 1 + bert/services/http/index.nix | 1 + bert/services/http/music.chandlerswift.com.nix | 5 +++++ bert/services/navidrome.nix | 10 ++++++++++ 4 files changed, 17 insertions(+) create mode 100644 bert/services/http/music.chandlerswift.com.nix create mode 100644 bert/services/navidrome.nix diff --git a/bert/configuration.nix b/bert/configuration.nix index eecb150..c541597 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -8,6 +8,7 @@ ./services/http/index.nix ./services/monitoring.nix ./services/forgejo.nix + ./services/navidrome.nix ]; # Bootloader diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 4420666..80976af 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -6,6 +6,7 @@ ./home.chandlerswift.com.nix ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix + ./music.chandlerswift.com.nix ./stjohnscccc.org.nix ./swiftgang.net.nix ]; diff --git a/bert/services/http/music.chandlerswift.com.nix b/bert/services/http/music.chandlerswift.com.nix new file mode 100644 index 0000000..c43cd35 --- /dev/null +++ b/bert/services/http/music.chandlerswift.com.nix @@ -0,0 +1,5 @@ +{config, ...}: { + services.caddy.virtualHosts."music.chandlerswift.com".extraConfig = '' + reverse_proxy localhost:${toString config.services.navidrome.settings.Port} + ''; +} diff --git a/bert/services/navidrome.nix b/bert/services/navidrome.nix new file mode 100644 index 0000000..42d86a6 --- /dev/null +++ b/bert/services/navidrome.nix @@ -0,0 +1,10 @@ +{ + services.navidrome = { + enable = true; + settings = { + MusicFolder = "/mnt/bigbird-public/media/music"; + ScanSchedule = "@every 12h"; + EnableSharing = true; + }; + }; +} From 542b9dd68d79dbb3e8b7867b0ff83efbd8fa5d42 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:51:58 -0600 Subject: [PATCH 06/10] bert: Add home.chandlerswift.com/sheets --- bert/services/http/home.chandlerswift.com.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index eef8812..506ef7d 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -6,6 +6,16 @@ root * /srv/www/home.chandlerswift.com reverse_proxy /grafana/* localhost:3000 # hide .git # ??? + + file_server /sheets/* { + browse ${./caddy-browse-template.html} + + # TOOD: is there a better way to strip the prefix here? This shouldn't be + # vulnerable to a directory traversal attack (and it doesn't really + # matter anyway; everything in there is public somewhere or another!) but + # it sorta feels wrong to do this without a `/sheets` suffix. + root /mnt/bigbird-public + } ''; systemd.tmpfiles.settings."10-home-chandlerswift-com" = { "/srv/www/home.chandlerswift.com" = { From 9e3c4ee13e80a45aaeef8b5e470c78df0fd99755 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:56:24 -0600 Subject: [PATCH 07/10] bert: Add handle_errors clause to all sites It looks like this was CLOSED WONTFIX: How can we _possibly_ know that upon an error, the developer might want us to send an indication of that error??!!1! Snark aside (mine and his): it looks like there's not a great way to enable sane error behavior globally :/ https://caddy.community/t/handling-errors-globally/17174/2 In the future, I should probably make this a snippet or something. --- bert/services/http/files.chandlerswift.com.nix | 4 ++++ bert/services/http/harborpaperco.com.nix | 4 ++++ bert/services/http/home.chandlerswift.com.nix | 4 ++++ bert/services/http/katherineandchandler.com.nix | 4 ++++ bert/services/http/maps.chandlerswift.com.nix | 4 ++++ bert/services/http/swiftgang.net.nix | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/bert/services/http/files.chandlerswift.com.nix b/bert/services/http/files.chandlerswift.com.nix index 74c5e0c..7aead1e 100644 --- a/bert/services/http/files.chandlerswift.com.nix +++ b/bert/services/http/files.chandlerswift.com.nix @@ -4,6 +4,10 @@ encode zstd gzip file_server root * /srv/www/files.chandlerswift.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-files-chandlerswift-com" = { "/srv/www/files.chandlerswift.com" = { diff --git a/bert/services/http/harborpaperco.com.nix b/bert/services/http/harborpaperco.com.nix index 705b0b1..8b46fa2 100644 --- a/bert/services/http/harborpaperco.com.nix +++ b/bert/services/http/harborpaperco.com.nix @@ -6,6 +6,10 @@ encode zstd gzip file_server root * /srv/www/harborpaperco.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; }; # services.caddy.virtualHosts."pureserendipityweddings.com" = { diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index 506ef7d..1c11558 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -16,6 +16,10 @@ # it sorta feels wrong to do this without a `/sheets` suffix. root /mnt/bigbird-public } + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-home-chandlerswift-com" = { "/srv/www/home.chandlerswift.com" = { diff --git a/bert/services/http/katherineandchandler.com.nix b/bert/services/http/katherineandchandler.com.nix index 352cf32..2aa308d 100644 --- a/bert/services/http/katherineandchandler.com.nix +++ b/bert/services/http/katherineandchandler.com.nix @@ -5,6 +5,10 @@ file_server root * /srv/www/katherineandchandler.com # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-katherineandchandler-com" = { "/srv/www/katherineandchandler.com" = { diff --git a/bert/services/http/maps.chandlerswift.com.nix b/bert/services/http/maps.chandlerswift.com.nix index fb21cb8..101820b 100644 --- a/bert/services/http/maps.chandlerswift.com.nix +++ b/bert/services/http/maps.chandlerswift.com.nix @@ -5,6 +5,10 @@ file_server root * /srv/www/maps.chandlerswift.com # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-maps-chandlerswift-com" = { "/srv/www/maps.chandlerswift.com" = { diff --git a/bert/services/http/swiftgang.net.nix b/bert/services/http/swiftgang.net.nix index 82bee79..1de094e 100644 --- a/bert/services/http/swiftgang.net.nix +++ b/bert/services/http/swiftgang.net.nix @@ -4,6 +4,10 @@ encode zstd gzip file_server root * /srv/www/swiftgang.net + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-swiftgang-net" = { "/srv/www/swiftgang.net" = { From 9e80802351060e85c443e1dc4442b66ff8f9e845 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 01:57:25 -0600 Subject: [PATCH 08/10] bert: Enable pureserendipityweddings.com redirect --- bert/services/http/harborpaperco.com.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bert/services/http/harborpaperco.com.nix b/bert/services/http/harborpaperco.com.nix index 8b46fa2..071f053 100644 --- a/bert/services/http/harborpaperco.com.nix +++ b/bert/services/http/harborpaperco.com.nix @@ -12,12 +12,12 @@ } ''; }; - # services.caddy.virtualHosts."pureserendipityweddings.com" = { - # serverAliases = ["www.pureserendipityweddings.com"]; - # extraConfig = '' - # redir https://harborpaperco.com - # ''; - # }; + services.caddy.virtualHosts."pureserendipityweddings.com" = { + serverAliases = ["www.pureserendipityweddings.com"]; + extraConfig = '' + redir https://harborpaperco.com + ''; + }; systemd.tmpfiles.settings."10-harborpaperco-com" = { "/srv/www/harborpaperco.com" = { d = {}; From 0f4b0295c8afb5ba646de9b289c677ead09a24f6 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 02:01:34 -0600 Subject: [PATCH 09/10] bert: add 0hats.com Future direction: Have a systemd timer that regens this automatically, and updates the index page accordingly. --- bert/services/http/0hats.com.nix | 20 ++++++++++++++++++++ bert/services/http/index.nix | 1 + 2 files changed, 21 insertions(+) create mode 100644 bert/services/http/0hats.com.nix diff --git a/bert/services/http/0hats.com.nix b/bert/services/http/0hats.com.nix new file mode 100644 index 0000000..809af75 --- /dev/null +++ b/bert/services/http/0hats.com.nix @@ -0,0 +1,20 @@ + +{ + services.caddy.virtualHosts."0hats.com" = { + serverAliases = ["www.0hats.com"]; + extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/0hats.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + }; + systemd.tmpfiles.settings."10-0hats-com" = { + "/srv/www/0hats.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 80976af..f85f0e7 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -1,5 +1,6 @@ { imports = [ + ./0hats.com.nix ./files.chandlerswift.com.nix ./git.chandlerswift.com.nix ./harborpaperco.com.nix From f7c5255017f38cd69602c9e889ea2f2a75444f82 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 02:05:12 -0600 Subject: [PATCH 10/10] oscar: Allow unfree steam-unwrapped Apparently this is a new requirement? https://wiki.nixos.org/w/index.php?title=Steam&diff=prev&oldid=18248 --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 10eea01..f34c211 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -16,6 +16,7 @@ "steam" "steam-original" "steam-run" + "steam-unwrapped" ]; # https://discourse.nixos.org/t/github-strategies-for-configuration-nix/1983/14