Compare commits
No commits in common. "63d14c58fda27fb576730096843464eaca3d488b" and "a367be6426e437705d982b65af6d1537c5a36404" have entirely different histories.
@ -5,12 +5,7 @@
3. Deploy updated config with `make`
3. Deploy updated config with `make`
4. Set up [Remote Disk Unlocking](
4. Set up [Remote Disk Unlocking](
1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
5. Deploy content:
5. Deploy content to web services
- websites in /srv
- factorio world at /var/lib/factorio/saves/
- git/forgejo in /var/lib/forgejo
- navidrome
6. Set up Grafana users (log in with default admin/admin; change creds; configure)
# Notes on Caddy
# Notes on Caddy
Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what
Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what
@ -13,10 +13,6 @@
HTTP_PORT = 3001;
HTTP_PORT = 3001;
LANDING_PAGE = "/chandlerswift";
LANDING_PAGE = "/chandlerswift";
repository = {
@ -1,22 +0,0 @@
services.caddy.virtualHosts."" = {
serverAliases = [""];
extraConfig = ''
encode zstd gzip
root * /srv/www/
# services.caddy.virtualHosts."" = {
# serverAliases = [""];
# extraConfig = ''
# redir
# '';
# };
systemd.tmpfiles.settings."10-harborpaperco-com" = {
"/srv/www/" = {
d = {};
@ -2,7 +2,6 @@
imports = [
imports = [
@ -1,21 +0,0 @@
current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
.PHONY: remote-deploy
rsync -av $(current_dir)/ root@bigbird:config/
ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix
## This probably doesn't work, since architectures are different?
# .PHONY: deploy
# deploy:
# nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host --target-host
.PHONY: remote-deploy-upgrade
rsync -avz $(current_dir)/
ssh nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix
# TODO: build an SD card?
# nix-build '<nixpkgs/nixos>'
@ -1,9 +0,0 @@
# `bigbird`: ODROID HC4 NAS
## SD card notes
Many SD cards I attempted would boot fine but then fail to reset on reboot.
Some preliminary research suggests that this may be a kernel issue, but I'm not
entirely sure at this point. For now, I took the easy way out: Just keep trying
SD cards until one works! Thankfully, it seems to be reliable that an SD card
works either 100% or 0% of the time. Currently using a 32GB Microcenter cheapo,
in place of the nicer 128GB ones I was planning on instead.
@ -1,65 +0,0 @@
{ config, lib, pkgs, ... }:
imports =
[ # Include the results of the hardware scan.
# <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
networking.hostName = "bigbird"; # Define your hostname.
networking.networkmanager.enable = true;
# Enable ZFS:
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
boot.zfs.extraPools = [ "nas" ];
services.zfs.autoScrub.enable = true; # Current scan takes ~12h, runs monthly (I spend 2% of the time doing scans? lol)
networking.hostId = "66abd088"; # `openssl rand -hex 4`
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b'' ];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see for how
# to actually do that.
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
# For more information, see `man configuration.nix` or .
system.stateVersion = "24.05"; # Did you read the comment?
@ -1,31 +0,0 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
@ -1,12 +0,0 @@
users.users.kathe = {
isNormalUser = true;
description = "Käthe Swift";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJFkFEKuT9v9B9ynAf5QfLZF54jWhzEnQIeW2kQWKJ+"
packages = with pkgs; [
@ -1,48 +0,0 @@
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
## Switch to structured config with NixOS 24.11
# settings = {
# global = {
# "workgroup" = "WORKGROUP";
# "hosts allow" = "192.168.";
# "hosts deny" = "";
# "guest account" = "nobody";
# "map to guest" = "bad user";
# };
# "public" = {
# "path" = "/nas/chandler/Public";
# "browseable" = "yes";
# "read only" = "yes";
# "guest ok" = "yes"; # aka "public = yes"
# };
# # "private" = {
# # "path" = "/mnt/Shares/Private";
# # "browseable" = "yes";
# # "read only" = "no";
# # "guest ok" = "no";
# # "create mask" = "0644";
# # "directory mask" = "0755";
# # "force user" = "username";
# # "force group" = "groupname";
# # };
# };
extraConfig = ''
workgroup = WORKGROUP
hosts allow = 192.168.
hosts deny =
guest account = nobody
map to guest = bad user
shares = {
"public" = {
"path" = "/nas/chandler/public";
"browseable" = "yes";
"read only" = "yes";
"guest ok" = "yes"; # aka "public = yes"
Reference in a new issue