diff --git a/bert/README.md b/bert/README.md index 5fc22b6..5c8eff2 100644 --- a/bert/README.md +++ b/bert/README.md @@ -1,13 +1,20 @@ -# Installation +# `bert` + +## Installation 1. Install NixOS minimal 2. `ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key` 2. Enable SSH server and add root SSH key 3. Deploy updated config with `make` 4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking) 1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key -5. Deploy content to web services +5. Deploy content: + - websites in /srv + - factorio world at /var/lib/factorio/saves/default.zip + - git/forgejo in /var/lib/forgejo + - navidrome DB/etc in /var/lib/navidrome +6. Set up Grafana users (log in with default admin/admin; change creds; configure) -# Notes on Caddy +## Notes on Caddy Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what content-types should be compressed: diff --git a/bert/configuration.nix b/bert/configuration.nix index c541597..e26c1ef 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -58,6 +58,14 @@ services.openssh.settings.PasswordAuthentication = false; users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; + users.users.isaac = { + isNormalUser = true; + description = "Isaac Swift"; + openssh.authorizedKeys.keys = [ + # TODO + ]; + }; + networking.firewall.allowedTCPPorts = [ 80 # Caddy 443 # Caddy diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index f85f0e7..457bfb2 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -5,9 +5,11 @@ ./git.chandlerswift.com.nix ./harborpaperco.com.nix ./home.chandlerswift.com.nix + ./isaacswift.com.nix ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix ./music.chandlerswift.com.nix + ./preview.chandlerswift.com.nix ./stjohnscccc.org.nix ./swiftgang.net.nix ]; diff --git a/bert/services/http/isaacswift.com.nix b/bert/services/http/isaacswift.com.nix new file mode 100644 index 0000000..e9de32f --- /dev/null +++ b/bert/services/http/isaacswift.com.nix @@ -0,0 +1,23 @@ + +{ + services.caddy.virtualHosts."isaacswift.com" = { + serverAliases = ["www.isaacswift.com"]; + extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/isaacswift.com + # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + }; + systemd.tmpfiles.settings."10-isaacswift-com" = { + "/srv/www/isaacswift.com" = { + d = { + user = "isaac"; + }; + }; + }; +} diff --git a/bert/services/http/preview.chandlerswift.com.nix b/bert/services/http/preview.chandlerswift.com.nix new file mode 100644 index 0000000..f0da071 --- /dev/null +++ b/bert/services/http/preview.chandlerswift.com.nix @@ -0,0 +1,9 @@ +{config, ...}: { + services.caddy.virtualHosts."preview.chandlerswift.com".extraConfig = '' + reverse_proxy oscar:4000 + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; +} diff --git a/bigbird/Makefile b/bigbird/Makefile index 93d66e6..7b9f27b 100644 --- a/bigbird/Makefile +++ b/bigbird/Makefile @@ -1,20 +1,20 @@ # https://stackoverflow.com/a/23324703 current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -.PHONY: remote-deploy -remote-deploy: +.PHONY: deploy +deploy: rsync -av $(current_dir)/ root@bigbird:config/ ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix ## This probably doesn't work, since architectures are different? -# .PHONY: deploy -# deploy: +# .PHONY: local-build-deploy +# local-build-deploy: # nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com -.PHONY: remote-deploy-upgrade -remote-deploy-upgrade: - rsync -avz $(current_dir)/ root@animal.chandlerswift.com:config/ - ssh root@animal.chandlerswift.com nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix +.PHONY: deploy-upgrade +deploy-upgrade: + rsync -avz $(current_dir)/ root@bigbird:config/ + ssh root@bigbird nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix # TODO: build an SD card? #sd-image: diff --git a/bigbird/configuration.nix b/bigbird/configuration.nix index e60b61e..5a05bb6 100644 --- a/bigbird/configuration.nix +++ b/bigbird/configuration.nix @@ -14,7 +14,6 @@ boot.loader.generic-extlinux-compatible.enable = true; networking.hostName = "bigbird"; # Define your hostname. - networking.networkmanager.enable = true; # Enable ZFS: https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html boot.supportedFilesystems = [ "zfs" ]; diff --git a/bigbird/kathe.nix b/bigbird/kathe.nix index a98f3ad..f1f040c 100644 --- a/bigbird/kathe.nix +++ b/bigbird/kathe.nix @@ -1,4 +1,4 @@ -{ +{pkgs, ...}: { users.users.kathe = { isNormalUser = true; description = "Käthe Swift"; diff --git a/oscar/configuration.nix b/oscar/configuration.nix index f34c211..896bcbf 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -119,7 +119,8 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chandler.isNormalUser = true; users.users.chandler.description = "Chandler Swift"; - users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" ]; + users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" ]; + home-manager.backupFileExtension = "backup"; home-manager.users.chandler = { pkgs, ... }: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ @@ -133,11 +134,13 @@ freecad frescobaldi gimp + gnome-sound-recorder josm kate kicad libreoffice-qt prismlauncher + prusa-slicer qgis # command line applications @@ -149,6 +152,7 @@ alsa-utils dig file + git-absorb killall pv wl-clipboard @@ -201,6 +205,7 @@ url."https://aur.archlinux.org/".insteadOf = "aur:"; url."ssh://aur@aur.archlinux.org/".pushInsteadOf = "aur:"; url."ssh://git@github.com/ChandlerSwift/".insteadOf = "gh:"; + url."ssh://forgejo@bert/chandlerswift/".insteadOf = "forgejo:"; push.autoSetupRemote = true; rebase.autosquash = true; rebase.autostash = true;