diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..0a722d7 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix; diff --git a/.gitignore b/.gitignore index 7ea4304..9c43034 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ keys.toml +.direnv diff --git a/animal/Makefile b/animal/Makefile deleted file mode 100644 index 9c3acda..0000000 --- a/animal/Makefile +++ /dev/null @@ -1,3 +0,0 @@ -.PHONY: deploy -deploy: - nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com diff --git a/animal/configuration.nix b/animal/configuration.nix deleted file mode 100644 index 137722c..0000000 --- a/animal/configuration.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: { - -# config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ -# "minecraft-server" -# ]; - - imports = [ - ./hardware-configuration.nix - ./web.nix - ./monitoring.nix - ./kathe.nix - ./eric.nix - ]; - - networking.hostName = "animal"; - time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; - - fileSystems."/mnt/nas" = { - device = "//home.chandlerswift.com/chandlerpublic"; - fsType = "cifs"; - options = [ "guest" "port=55445" ]; - }; - -# services.minecraft-server = { -# enable = true; -# declarative = true; -# eula = true; -# dataDir = "/srv/minecraft"; -# openFirewall = true; -# whitelist = { -# chandlerswift = "04095aeb-edec-3c3f-b0d5-d703fab53c9c"; -# villlater = "90b7fcd6-9f43-38c5-8ea2-163f13b092f0"; -# LarryHorton = "de963636-138f-3ef4-8c52-a2dcf9a328f4"; -# IsaacSwift = "88e17365-4b63-3385-a4b6-b2c4864b0b98"; -# Mayornnaise = "be25bf89-ef07-3fa3-926b-20b939df62f1"; -# Ripptide66 = "a94051cb-5769-3726-86b5-bc9fe4cbe5f5"; -# }; -# }; - - services.murmur = { - # TODO https://nixos.org/manual/nixos/stable/options#opt-services.murmur.enable - # TODO https://github.com/azlux/botamusique - #enable = true; - }; - - environment.systemPackages = with pkgs; [ rsync ]; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; - -# services.jitsi-meet = { -# enable = true; -# hostName = "meet.animal.chandlerswift.com"; -# nginx.enable = false; -# caddy.enable = true; -# }; -# services.jitsi-videobridge.openFirewall = true; - - - networking.firewall.allowedTCPPorts = [ - 80 # Caddy - 443 # Caddy - ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - system.stateVersion = "24.05"; - -} - diff --git a/animal/eric.nix b/animal/eric.nix deleted file mode 100644 index 4eb1783..0000000 --- a/animal/eric.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - -# users.users.eric = { -# isNormalUser = true; -# description = "Eric Villnow"; -# openssh.authorizedKeys.keys = [ -# # TODO -# ]; -# }; - - services.caddy.virtualHosts."nas.ericvillnow.com" = { - serverAliases = ["nas.vill.how"]; - extraConfig = '' - reverse_proxy http://192.168.10.11:80 - ''; - }; -} diff --git a/animal/hardware-configuration.nix b/animal/hardware-configuration.nix deleted file mode 100644 index 9bf6dc6..0000000 --- a/animal/hardware-configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/FDD2-F69B"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; }; - swapDevices = [{ - device = "/swapfile"; - size = 4 * 1024; # 4GB - }]; - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; -} diff --git a/animal/kathe.nix b/animal/kathe.nix deleted file mode 100644 index f083c75..0000000 --- a/animal/kathe.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - - users.users.kathe = { - isNormalUser = true; - description = "Käthe Swift"; - openssh.authorizedKeys.keys = [ - # TODO: ed25519 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTORULg2qqAJs5i9V7YpavlDaQBdPsEtj7s23B50qRz+VjP9rNQC8F2bVgI1BbI7CqQho2IFCG2nAiBqciLAMxTqaihI6OlNyhVJvkVSXxy2ru8NEKTPA2UnciepxeyQGfgstv8d+8mLiDbcytWDbtNoTymhy5DjCwki8gnQQTO1XVcJr5N12OsvoaCcikYQwTcxgXG0rVxlg/DUQJeaV1hZdHwpgr1cbdX2JxMONo8wcW5Ox5ZJs/+Zz72iOfoa9DXJChfdOQ5dMC+WVGwd3JbHQLWQmnCepYBKiUv8JMN7ZkDBcyIFJ+dc7F/CwBrPAF9g93GEauEilWulKV4AmbqdxY+lK/hp0fSr69H4bkqLmeAeXTHIlTge1FuQKNSKHeBhQ4y7OxDc0IEzDCE7OXT04fn6etsZcFb2JIYhFZWKGxiwSYWAjfdkmVnC48sC6Q3Heonk/IxZwbKVOUlo7B0q43A4PzTWiOWFcFKDGXn3KrNRCXuLfaYxYDyTEc2ss=" - ]; - }; - - services.caddy.virtualHosts."piano.animal.chandlerswift.com".extraConfig = '' - encode gzip - file_server - root /srv/piano.animal.chandlerswift.com - # hide .git # ??? - ''; - systemd.tmpfiles.settings."10-piano-animal-chandlerswift-com" = { - "/srv/piano.animal.chandlerswift.com" = { - d = { - user = "kathe"; - mode = "0755"; - }; - }; - }; -} diff --git a/animal/monitoring.nix b/animal/monitoring.nix deleted file mode 100644 index 707d3ba..0000000 --- a/animal/monitoring.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - services.grafana = { - enable = true; - settings = { - server = { - http_addr = "127.0.0.1"; - http_port = 3000; - domain = "monitoring.animal.chandlerswift.com"; - }; - }; - }; - - services.prometheus = { - enable = true; - }; - - services.caddy.virtualHosts."monitoring.animal.chandlerswift.com".extraConfig = '' - reverse_proxy :3000 - ''; -} diff --git a/animal/web.nix b/animal/web.nix deleted file mode 100644 index 6e0e106..0000000 --- a/animal/web.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - services.caddy = { - enable = true; - virtualHosts."animal.chandlerswift.com".extraConfig = '' - respond "Hello, world!" - ''; - }; - - services.caddy.virtualHosts."maps.animal.chandlerswift.com".extraConfig = '' - encode gzip - file_server - root /srv/maps.animal.chandlerswift.com - # hide .git # ??? - ''; - systemd.tmpfiles.settings."10-maps-animal-chandlerswift-com" = { - "/srv/maps.animal.chandlerswift.com" = { - d = {}; - }; - }; -} diff --git a/bert/Makefile b/bert/Makefile new file mode 100644 index 0000000..c6583fc --- /dev/null +++ b/bert/Makefile @@ -0,0 +1,16 @@ +# https://stackoverflow.com/a/23324703 +current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) + +.PHONY: deploy +deploy: + rsync -avz $(current_dir)/ root@bert:config/ + ssh root@bert nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix + +.PHONY: local-build-deploy +local-build-deploy: + nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@bert --target-host root@bert + +.PHONY: deploy-upgrade +deploy-upgrade: + rsync -avz $(current_dir)/ root@bert:config/ + ssh root@bert nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix diff --git a/bert/README.md b/bert/README.md new file mode 100644 index 0000000..5fc22b6 --- /dev/null +++ b/bert/README.md @@ -0,0 +1,23 @@ +# Installation +1. Install NixOS minimal +2. `ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key` +2. Enable SSH server and add root SSH key +3. Deploy updated config with `make` +4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking) + 1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key +5. Deploy content to web services + +# Notes on Caddy +Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what +content-types should be compressed: + +https://github.com/caddyserver/caddy/blob/v2.7.6/modules/caddyhttp/encode/encode.go#L85-L101 + +Specifically, this doesn't include GeoJSON, which is a bit of a shame for +maps.chandlerswift.com. That said, I'll probably be upgrading to 24.11 as soon +as it comes out, so in the intervening time I'm just not going to worry about +it. + +The list was expanded in this PR: + +https://github.com/caddyserver/caddy/pull/6081 diff --git a/bert/configuration.nix b/bert/configuration.nix new file mode 100644 index 0000000..c475e2a --- /dev/null +++ b/bert/configuration.nix @@ -0,0 +1,70 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./services/factorio.nix + ./services/http/index.nix + ./services/monitoring.nix + ./services/forgejo.nix + ]; + + # Bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.timeout = 1; + + # Set up SSH unlocking + boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd = { + availableKernelModules = [ "e1000e" ]; + network = { + enable = true; + flushBeforeStage2 = true; # Without this, stage2 IPv6 config is messed up? + ssh = { + enable = true; + port = 22; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com" ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + shell = "/bin/cryptsetup-askpass"; + }; + }; + }; + + boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1"; + networking.hostName = "bert"; + + # Enable networking + networking.networkmanager.enable = true; + + time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + environment.systemPackages = with pkgs; [ + rsync + ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; + + networking.firewall.allowedTCPPorts = [ + 80 # Caddy + 443 # Caddy + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + +} diff --git a/bert/hardware-configuration.nix b/bert/hardware-configuration.nix new file mode 100644 index 0000000..bd11bff --- /dev/null +++ b/bert/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/5abc0802-3969-460c-8089-5fec9f985c18"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-da40f6d2-49d7-4a55-8a2e-94fa5f28dbbc".device = "/dev/disk/by-uuid/da40f6d2-49d7-4a55-8a2e-94fa5f28dbbc"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B684-07FB"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f5d7bb99-03aa-4f7c-9d4a-e264ceb514c6"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/bert/services/factorio.nix b/bert/services/factorio.nix new file mode 100644 index 0000000..10e0b27 --- /dev/null +++ b/bert/services/factorio.nix @@ -0,0 +1,17 @@ +{ + # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # "factorio-headless" + # ]; + services.factorio = let + factorio-nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/7e35ac30ea1d236419653182559367ecd8a30675.tar.gz") { + config.allowUnfree = true; + }; + in { + enable = true; + package = factorio-nixpkgs.factorio-headless; + openFirewall = true; + nonBlockingSaving = true; + game-name = "Chandler's Factorio Server"; + description = "Job 28:2"; + }; +} diff --git a/bert/services/forgejo.nix b/bert/services/forgejo.nix new file mode 100644 index 0000000..9d7d619 --- /dev/null +++ b/bert/services/forgejo.nix @@ -0,0 +1,19 @@ +{ + services.forgejo = { + enable = true; + settings = { + DEFAULT = { + APP_NAME = "Forgejo: Beyond coding. We Forge."; # TODO + }; + server = { + # USE_PROXY_PROTOCOL = true; + DOMAIN = "git.chandlerswift.com"; + #SSH_DOMAIN = "git.chandlerswift.com"; + ROOT_URL = "https://git.chandlerswift.com/"; + HTTP_PORT = 3001; + LANDING_PAGE = "/chandlerswift"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; +} diff --git a/bert/services/http/caddy-browse-template.html b/bert/services/http/caddy-browse-template.html new file mode 100644 index 0000000..079ab14 --- /dev/null +++ b/bert/services/http/caddy-browse-template.html @@ -0,0 +1,1068 @@ +{{- define "icon"}} + {{- if .IsDir}} + {{- if .IsSymlink}} + + + + + + {{- else}} + + + + + {{- end}} + {{- else if or (eq .Name "LICENSE") (eq .Name "README")}} + + + + + + + {{- else if .HasExt ".jpg" ".jpeg" ".png" ".gif" ".webp" ".tiff" ".bmp" ".heif" ".heic" ".svg"}} + {{- if eq .Tpl.Layout "grid"}} + + {{- else}} + + + + + + + + {{- end}} + {{- else if .HasExt ".mp4" ".mov" ".m4v" ".mpeg" ".mpg" ".avi" ".ogg" ".webm" ".mkv" ".vob" ".gifv" ".3gp"}} + + + + + + + + + + + + {{- else if .HasExt ".mp3" ".m4a" ".aac" ".ogg" ".flac" ".wav" ".wma" ".midi" ".cda"}} + + + + + + + + {{- else if .HasExt ".pdf"}} + + + + + + + + + + {{- else if .HasExt ".csv" ".tsv"}} + + + + + + + + + {{- else if .HasExt ".txt" ".doc" ".docx" ".odt" ".fodt" ".rtf"}} + + + + + + + + + {{- else if .HasExt ".xls" ".xlsx" ".ods" ".fods"}} + + + + + + + + + {{- else if .HasExt ".ppt" ".pptx" ".odp" ".fodp"}} + + + + + + + + + + + {{- else if .HasExt ".zip" ".gz" ".xz" ".tar" ".7z" ".rar" ".xz" ".zst"}} + + + + + + + + + + + + {{- else if .HasExt ".deb" ".dpkg"}} + + + + + + {{- else if .HasExt ".rpm" ".exe" ".flatpak" ".appimage" ".jar" ".msi" ".apk"}} + + + + + + + + + {{- else if .HasExt ".ps1"}} + + + + + + + {{- else if .HasExt ".py" ".pyc" ".pyo"}} + + + + + + + + + {{- else if .HasExt ".bash" ".sh" ".com" ".bat" ".dll" ".so"}} + + + + + {{- else if .HasExt ".dmg"}} + + + + + + + + + {{- else if .HasExt ".iso" ".img"}} + + + + + + + + {{- else if .HasExt ".md" ".mdown" ".markdown"}} + + + + + + + {{- else if .HasExt ".ttf" ".otf" ".woff" ".woff2" ".eof"}} + + + + + + + + + {{- else if .HasExt ".go"}} + + + + + + + + + {{- else if .HasExt ".html" ".htm"}} + + + + + + + + + + + + + {{- else if .HasExt ".js"}} + + + + + + + + {{- else if .HasExt ".css"}} + + + + + + + + + {{- else if .HasExt ".json" ".json5" ".jsonc"}} + + + + + + + + {{- else if .HasExt ".ts"}} + + + + + + + + + + {{- else if .HasExt ".sql"}} + + + + + + + + + + + {{- else if .HasExt ".db" ".sqlite" ".bak" ".mdb"}} + + + + + + + {{- else if .HasExt ".eml" ".email" ".mailbox" ".mbox" ".msg"}} + + + + + + {{- else if .HasExt ".crt" ".pem" ".x509" ".cer" ".ca-bundle"}} + + + + + + + + + + {{- else if .HasExt ".key" ".keystore" ".jks" ".p12" ".pfx" ".pub"}} + + + + + + {{- else}} + {{- if .IsSymlink}} + + + + + + + + {{- else}} + + + + + + {{- end}} + {{- end}} +{{- end}} + + + + {{html .Name}} + + + + + +{{- if eq .Layout "grid"}} + +{{- end}} + + +
+
+
Folder Path
+

+ {{range $i, $crumb := .Breadcrumbs}}{{html $crumb.Text}}{{if ne $i 0}}/{{end}}{{end}} +

+
+
+
+
+
+
+ + {{.NumDirs}} director{{if eq 1 .NumDirs}}y{{else}}ies{{end}} + + + {{.NumFiles}} file{{if ne 1 .NumFiles}}s{{end}} + + {{- if ne 0 .Limit}} + + (of which only {{.Limit}} are displayed) + + {{- end}} +
+ + + + + + + List + + + + + + + + + + Grid + +
+
+ {{- if eq .Layout "grid"}} + {{- range .Items}} +
+ + {{template "icon" .}} +
{{html .Name}}
+
{{.HumanSize}}
+ +
+ {{- end}} + {{- else}} + + + + + + + + + + + + {{- if .CanGoUp}} + + + + + + + + {{- end}} + {{- range .Items}} + + + + {{- if .IsDir}} + + {{- else}} + + {{- end}} + + + + {{- end}} + +
+ {{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} + + + + + + + {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} + + + + + + + {{- else}} + + + + + + + {{- end}} + + {{- if and (eq .Sort "name") (ne .Order "desc")}} + + Name + + + + + + {{- else if and (eq .Sort "name") (ne .Order "asc")}} + + Name + + + + + + {{- else}} + + Name + + {{- end}} + +
+ + + + + + +
+ 		+ {{- if and (eq .Sort "size") (ne .Order "desc")}} + + Size + + + + + + {{- else if and (eq .Sort "size") (ne .Order "asc")}} + + Size + + + + + + {{- else}} + + Size + + {{- end}} + + {{- if and (eq .Sort "time") (ne .Order "desc")}} + + Modified + + + + + + {{- else if and (eq .Sort "time") (ne .Order "asc")}} + + Modified + + + + + + {{- else}} + + Modified + + {{- end}} +
+ + + + + + Up + +
+ + {{template "icon" .}} + {{html .Name}} + + +
+
+
+ {{.HumanSize}} +
+
+ 		+ +
+ {{- end}} +
+
+
+ + + + diff --git a/bert/services/http/files.chandlerswift.com.nix b/bert/services/http/files.chandlerswift.com.nix new file mode 100644 index 0000000..74c5e0c --- /dev/null +++ b/bert/services/http/files.chandlerswift.com.nix @@ -0,0 +1,13 @@ + +{ + services.caddy.virtualHosts."files.chandlerswift.com".extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/files.chandlerswift.com + ''; + systemd.tmpfiles.settings."10-files-chandlerswift-com" = { + "/srv/www/files.chandlerswift.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/git.chandlerswift.com.nix b/bert/services/http/git.chandlerswift.com.nix new file mode 100644 index 0000000..609c95f --- /dev/null +++ b/bert/services/http/git.chandlerswift.com.nix @@ -0,0 +1,5 @@ +{config, ...}: { + services.caddy.virtualHosts."git.chandlerswift.com".extraConfig = '' + reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} + ''; +} diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix new file mode 100644 index 0000000..eef8812 --- /dev/null +++ b/bert/services/http/home.chandlerswift.com.nix @@ -0,0 +1,15 @@ + +{ + services.caddy.virtualHosts."home.chandlerswift.com".extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/home.chandlerswift.com + reverse_proxy /grafana/* localhost:3000 + # hide .git # ??? + ''; + systemd.tmpfiles.settings."10-home-chandlerswift-com" = { + "/srv/www/home.chandlerswift.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix new file mode 100644 index 0000000..3054875 --- /dev/null +++ b/bert/services/http/index.nix @@ -0,0 +1,21 @@ +{ + imports = [ + ./files.chandlerswift.com.nix + ./git.chandlerswift.com.nix + ./home.chandlerswift.com.nix + ./katherineandchandler.com.nix + ./maps.chandlerswift.com.nix + ./stjohnscccc.org.nix + ./swiftgang.net.nix + ]; + + services.caddy = { + enable = true; + email = "chandler@chandlerswift.com"; + globalConfig = '' + servers { + metrics # Enable Prometheus monitoring + } + ''; + }; +} diff --git a/bert/services/http/katherineandchandler.com.nix b/bert/services/http/katherineandchandler.com.nix new file mode 100644 index 0000000..352cf32 --- /dev/null +++ b/bert/services/http/katherineandchandler.com.nix @@ -0,0 +1,14 @@ + +{ + services.caddy.virtualHosts."katherineandchandler.com".extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/katherineandchandler.com + # hide .git # ??? + ''; + systemd.tmpfiles.settings."10-katherineandchandler-com" = { + "/srv/www/katherineandchandler.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/maps.chandlerswift.com.nix b/bert/services/http/maps.chandlerswift.com.nix new file mode 100644 index 0000000..fb21cb8 --- /dev/null +++ b/bert/services/http/maps.chandlerswift.com.nix @@ -0,0 +1,14 @@ + +{ + services.caddy.virtualHosts."maps.chandlerswift.com".extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/maps.chandlerswift.com + # hide .git # ??? + ''; + systemd.tmpfiles.settings."10-maps-chandlerswift-com" = { + "/srv/www/maps.chandlerswift.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/stjohnscccc.org.nix b/bert/services/http/stjohnscccc.org.nix new file mode 100644 index 0000000..b462c02 --- /dev/null +++ b/bert/services/http/stjohnscccc.org.nix @@ -0,0 +1,54 @@ +{ pkgs, lib, config, ... }: +let + app = "stjohnscccc"; + domain = "${app}.chandlerswift.com"; # TODO + dataDir = "/srv/www/stjohnscccc.org"; +in { + services.phpfpm.pools.${app} = { + user = app; + settings = { + "listen.owner" = config.services.caddy.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + # "pm.max_requests" = 500; + "pm.start_servers" = 1; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 4; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + # phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; + }; + services.caddy.virtualHosts.${domain}.extraConfig = '' + root * ${dataDir}/public + + handle /downloads/* { + file_server { + browse ${./caddy-browse-template.html} + hide .gitignore + } + } + + handle { + encode zstd gzip + php_fastcgi unix/${config.services.phpfpm.pools.${app}.socket} + file_server + } + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + users.users.${app} = { + isSystemUser = true; + home = dataDir; + group = app; + }; + users.groups.${app} = {}; + systemd.tmpfiles.settings."10-stjohnscccc.org" = { + "/srv/www/stjohnscccc.org" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/swiftgang.net.nix b/bert/services/http/swiftgang.net.nix new file mode 100644 index 0000000..82bee79 --- /dev/null +++ b/bert/services/http/swiftgang.net.nix @@ -0,0 +1,13 @@ + +{ + services.caddy.virtualHosts."swiftgang.net".extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/swiftgang.net + ''; + systemd.tmpfiles.settings."10-swiftgang-net" = { + "/srv/www/swiftgang.net" = { + d = {}; + }; + }; +} diff --git a/bert/services/monitoring.nix b/bert/services/monitoring.nix new file mode 100644 index 0000000..8f524c4 --- /dev/null +++ b/bert/services/monitoring.nix @@ -0,0 +1,41 @@ +{ + services.prometheus = { + enable = true; + scrapeConfigs = [ + { + job_name = "caddy"; + static_configs = [{ + targets = [ + "localhost:2019" + ]; + }]; + } + { + job_name = "node"; + static_configs = [{ + targets = [ + "localhost:9100" + ]; + }]; + } + ]; + exporters.node = { + enable = true; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + # extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; + }; + + services.grafana = { + enable = true; + settings = { + server = { + root_url = "https://home.chandlerswift.com/grafana/"; + serve_from_sub_path = true; + }; + }; + }; + +} diff --git a/oscar/configuration.nix b/oscar/configuration.nix index abf5210..db1e3ae 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -138,7 +138,6 @@ libreoffice-qt prismlauncher qgis - thunderbird # command line applications beets @@ -163,6 +162,8 @@ factorio ]; + programs.thunderbird.enable = true; + programs.bash.enable = true; programs.direnv = { diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..81d6525 --- /dev/null +++ b/shell.nix @@ -0,0 +1,11 @@ +let +# nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.05"; + pkgs = import { config = {}; overlays = []; }; +in + +pkgs.mkShellNoCC { + packages = with pkgs; [ + # nixd + gnumake + ]; +}