bigbird: Add README with SD card note

bert/README.md

@@ -5,7 +5,12 @@
 3. Deploy updated config with `make`
 4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking)
    1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
-5. Deploy content to web services
+5. Deploy content:
+   - websites in /srv
+   - factorio world at /var/lib/factorio/saves/default.zip
+   - git/forgejo in /var/lib/forgejo
+   - navidrome
+6. Set up Grafana users (log in with default admin/admin; change creds; configure)
 
 # Notes on Caddy
 Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what

bert/services/forgejo.nix

@@ -13,6 +13,10 @@
         HTTP_PORT = 3001;
         LANDING_PAGE = "/chandlerswift";
       };
+      repository = {
+        ENABLE_PUSH_CREATE_USER = true;
+        ENABLE_PUSH_CREATE_ORG = true;
+      };
       service.DISABLE_REGISTRATION = true;
     };
   };

bert/services/http/harborpaperco.com.nix

@@ -0,0 +1,22 @@
+
+{
+  services.caddy.virtualHosts."harborpaperco.com" = {
+    serverAliases = ["www.harborpaperco.com"];
+    extraConfig = ''
+      encode zstd gzip
+      file_server
+      root * /srv/www/harborpaperco.com
+    '';
+  };
+  # services.caddy.virtualHosts."pureserendipityweddings.com" = {
+  #   serverAliases = ["www.pureserendipityweddings.com"];
+  #   extraConfig = ''
+  #     redir https://harborpaperco.com
+  #   '';
+  # };
+  systemd.tmpfiles.settings."10-harborpaperco-com" = {
+    "/srv/www/harborpaperco.com" = {
+      d = {};
+    };
+  };
+}

bert/services/http/index.nix

@@ -2,6 +2,7 @@
   imports = [
     ./files.chandlerswift.com.nix
     ./git.chandlerswift.com.nix
+    ./harborpaperco.com.nix
     ./home.chandlerswift.com.nix
     ./katherineandchandler.com.nix
     ./maps.chandlerswift.com.nix

bigbird/Makefile

@@ -0,0 +1,21 @@
+# https://stackoverflow.com/a/23324703
+current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+.PHONY: remote-deploy
+remote-deploy:
+	rsync -av $(current_dir)/ root@bigbird:config/
+	ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix
+
+## This probably doesn't work, since architectures are different?
+# .PHONY: deploy
+# deploy:
+# 	nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com
+
+.PHONY: remote-deploy-upgrade
+remote-deploy-upgrade:
+	rsync -avz $(current_dir)/ root@animal.chandlerswift.com:config/
+	ssh root@animal.chandlerswift.com nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix
+
+# TODO: build an SD card?
+#sd-image:
+#	nix-build '<nixpkgs/nixos>'

bigbird/README.md

@@ -0,0 +1,9 @@
+# `bigbird`: ODROID HC4 NAS
+
+## SD card notes
+Many SD cards I attempted would boot fine but then fail to reset on reboot.
+Some preliminary research suggests that this may be a kernel issue, but I'm not
+entirely sure at this point. For now, I took the easy way out: Just keep trying
+SD cards until one works! Thankfully, it seems to be reliable that an SD card
+works either 100% or 0% of the time. Currently using a 32GB Microcenter cheapo,
+in place of the nicer 128GB ones I was planning on instead.

bigbird/configuration.nix

@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      # <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
+      ./hardware-configuration.nix
+      ./kathe.nix
+      ./smb.nix
+    ];
+
+  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
+  boot.loader.grub.enable = false;
+  # Enables the generation of /boot/extlinux/extlinux.conf
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  networking.hostName = "bigbird"; # Define your hostname.
+  networking.networkmanager.enable = true;
+
+  # Enable ZFS: https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.extraPools = [ "nas" ];
+
+  services.zfs.autoScrub.enable = true; # Current scan takes ~12h, runs monthly (I spend 2% of the time doing scans? lol)
+
+  networking.hostId = "66abd088"; # `openssl rand -hex 4`
+
+  time.timeZone = "America/Chicago";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    rsync
+  ];
+
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "24.05"; # Did you read the comment?
+}

bigbird/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

bigbird/kathe.nix

@@ -0,0 +1,12 @@
+{
+  users.users.kathe = {
+    isNormalUser = true;
+    description = "Käthe Swift";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJFkFEKuT9v9B9ynAf5QfLZF54jWhzEnQIeW2kQWKJ+ kathe.t.swift@gmail.com"
+    ];
+    packages = with pkgs; [
+      #
+    ];
+  };
+}

bigbird/smb.nix

@@ -0,0 +1,48 @@
+{
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    ## Switch to structured config with NixOS 24.11
+    # settings = {
+    #   global = {
+    #     "workgroup" = "WORKGROUP";
+    #     "hosts allow" = "192.168.";
+    #     "hosts deny" = "0.0.0.0/0";
+    #     "guest account" = "nobody";
+    #     "map to guest" = "bad user";
+    #   };
+    #   "public" = {
+    #     "path" = "/nas/chandler/Public";
+    #     "browseable" = "yes";
+    #     "read only" = "yes";
+    #     "guest ok" = "yes"; # aka "public = yes"
+    #   };
+    #   # "private" = {
+    #   #   "path" = "/mnt/Shares/Private";
+    #   #   "browseable" = "yes";
+    #   #   "read only" = "no";
+    #   #   "guest ok" = "no";
+    #   #   "create mask" = "0644";
+    #   #   "directory mask" = "0755";
+    #   #   "force user" = "username";
+    #   #   "force group" = "groupname";
+    #   # };
+    # };
+    extraConfig = ''
+      workgroup = WORKGROUP
+      hosts allow = 192.168.
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      "public" = {
+        "path" = "/nas/chandler/public";
+        "browseable" = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes"; # aka "public = yes"
+      };
+    };
+  };
+}