From 90dff7f8f046b8c5414251907edd46a0000ef075 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 18:56:38 -0600 Subject: [PATCH 01/13] bigbird: Remove NetworkManager As far as I can tell, this is just never used. --- bigbird/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/bigbird/configuration.nix b/bigbird/configuration.nix index e60b61e..5a05bb6 100644 --- a/bigbird/configuration.nix +++ b/bigbird/configuration.nix @@ -14,7 +14,6 @@ boot.loader.generic-extlinux-compatible.enable = true; networking.hostName = "bigbird"; # Define your hostname. - networking.networkmanager.enable = true; # Enable ZFS: https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html boot.supportedFilesystems = [ "zfs" ]; From 4a5c10849cb866702f4d9bcf167c4427c26d8272 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 20:57:03 -0600 Subject: [PATCH 02/13] bert: Add preview.chandlerswift.com forwarder --- bert/services/http/index.nix | 1 + bert/services/http/preview.chandlerswift.com.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 bert/services/http/preview.chandlerswift.com.nix diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index f85f0e7..312faa9 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -8,6 +8,7 @@ ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix ./music.chandlerswift.com.nix + ./preview.chandlerswift.com.nix ./stjohnscccc.org.nix ./swiftgang.net.nix ]; diff --git a/bert/services/http/preview.chandlerswift.com.nix b/bert/services/http/preview.chandlerswift.com.nix new file mode 100644 index 0000000..f0da071 --- /dev/null +++ b/bert/services/http/preview.chandlerswift.com.nix @@ -0,0 +1,9 @@ +{config, ...}: { + services.caddy.virtualHosts."preview.chandlerswift.com".extraConfig = '' + reverse_proxy oscar:4000 + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; +} From 554d5f952b7024e5170b3bbb136b85edea2c58db Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 20:59:07 -0600 Subject: [PATCH 03/13] bigbird: Pass pkgs param for kathe I'm not entirely sure how this made it past testing! --- bigbird/kathe.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigbird/kathe.nix b/bigbird/kathe.nix index a98f3ad..f1f040c 100644 --- a/bigbird/kathe.nix +++ b/bigbird/kathe.nix @@ -1,4 +1,4 @@ -{ +{pkgs, ...}: { users.users.kathe = { isNormalUser = true; description = "Käthe Swift"; From a9f501b1370bc5edd88ea4bc085b91e26c6e0aa2 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 23:55:43 -0600 Subject: [PATCH 04/13] oscar: Add chandler to plugdev group --- oscar/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index f34c211..4a46e87 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -119,7 +119,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chandler.isNormalUser = true; users.users.chandler.description = "Chandler Swift"; - users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" ]; + users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" ]; home-manager.users.chandler = { pkgs, ... }: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ From b508306c662fc42e48dd22985d439146e5313ce0 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 23:56:14 -0600 Subject: [PATCH 05/13] oscar: Add forgejo git url substitution rule --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 4a46e87..4ab6448 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -201,6 +201,7 @@ url."https://aur.archlinux.org/".insteadOf = "aur:"; url."ssh://aur@aur.archlinux.org/".pushInsteadOf = "aur:"; url."ssh://git@github.com/ChandlerSwift/".insteadOf = "gh:"; + url."ssh://forgejo@bert/chandlerswift/".insteadOf = "forgejo:"; push.autoSetupRemote = true; rebase.autosquash = true; rebase.autostash = true; From 41648800ab5669467e32f2a41c884107b9907c51 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 12 Nov 2024 23:56:35 -0600 Subject: [PATCH 06/13] bigbird: Make Makefile consistent with other machines' --- bigbird/Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bigbird/Makefile b/bigbird/Makefile index 93d66e6..7b9f27b 100644 --- a/bigbird/Makefile +++ b/bigbird/Makefile @@ -1,20 +1,20 @@ # https://stackoverflow.com/a/23324703 current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -.PHONY: remote-deploy -remote-deploy: +.PHONY: deploy +deploy: rsync -av $(current_dir)/ root@bigbird:config/ ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix ## This probably doesn't work, since architectures are different? -# .PHONY: deploy -# deploy: +# .PHONY: local-build-deploy +# local-build-deploy: # nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com -.PHONY: remote-deploy-upgrade -remote-deploy-upgrade: - rsync -avz $(current_dir)/ root@animal.chandlerswift.com:config/ - ssh root@animal.chandlerswift.com nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix +.PHONY: deploy-upgrade +deploy-upgrade: + rsync -avz $(current_dir)/ root@bigbird:config/ + ssh root@bigbird nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix # TODO: build an SD card? #sd-image: From 0ebcaee45da77106e0f30d6001a9821ec630b11d Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 18:14:14 -0600 Subject: [PATCH 07/13] bert: Add isaacswift.com and isaac user --- bert/configuration.nix | 8 ++++++++ bert/services/http/index.nix | 1 + bert/services/http/isaacswift.com.nix | 23 +++++++++++++++++++++++ 3 files changed, 32 insertions(+) create mode 100644 bert/services/http/isaacswift.com.nix diff --git a/bert/configuration.nix b/bert/configuration.nix index c541597..e26c1ef 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -58,6 +58,14 @@ services.openssh.settings.PasswordAuthentication = false; users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ]; + users.users.isaac = { + isNormalUser = true; + description = "Isaac Swift"; + openssh.authorizedKeys.keys = [ + # TODO + ]; + }; + networking.firewall.allowedTCPPorts = [ 80 # Caddy 443 # Caddy diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 312faa9..457bfb2 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -5,6 +5,7 @@ ./git.chandlerswift.com.nix ./harborpaperco.com.nix ./home.chandlerswift.com.nix + ./isaacswift.com.nix ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix ./music.chandlerswift.com.nix diff --git a/bert/services/http/isaacswift.com.nix b/bert/services/http/isaacswift.com.nix new file mode 100644 index 0000000..e9de32f --- /dev/null +++ b/bert/services/http/isaacswift.com.nix @@ -0,0 +1,23 @@ + +{ + services.caddy.virtualHosts."isaacswift.com" = { + serverAliases = ["www.isaacswift.com"]; + extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/isaacswift.com + # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + }; + systemd.tmpfiles.settings."10-isaacswift-com" = { + "/srv/www/isaacswift.com" = { + d = { + user = "isaac"; + }; + }; + }; +} From 6aa5a4a90178769d5326b81002a22652f8529e0c Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 19:38:58 -0600 Subject: [PATCH 08/13] oscar: Add gnome-sound-recorder Was used for recording Trahan/Brosh wedding, worked nicely. I wasn't able to get any equivalent KDE utilities working. I should probably take a look at that sometime. --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 4ab6448..9a2a78a 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -133,6 +133,7 @@ freecad frescobaldi gimp + gnome-sound-recorder josm kate kicad From 1f83c03b4f764a4fbd2c8b09bb849523da2243c2 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 19:40:03 -0600 Subject: [PATCH 09/13] oscar: Add prusa-slicer --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 9a2a78a..d7a361e 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -139,6 +139,7 @@ kicad libreoffice-qt prismlauncher + prusa-slicer qgis # command line applications From b1f686c397f6f91fe5d7870f5cbb92ee71e9091f Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 19:40:27 -0600 Subject: [PATCH 10/13] oscar: Add git-absorb --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index d7a361e..42f9f8f 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -151,6 +151,7 @@ alsa-utils dig file + git-absorb killall pv wl-clipboard From 40b86fb6d43a5d8797c95b59b591933bb3b1239d Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 19:41:09 -0600 Subject: [PATCH 11/13] oscar: Set home-manager backupFileExtension This was used for atuin, where I wanted to install a new config file over an old one, but atuin kept recreating the old one if I removed it. --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 42f9f8f..896bcbf 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -120,6 +120,7 @@ users.users.chandler.isNormalUser = true; users.users.chandler.description = "Chandler Swift"; users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" ]; + home-manager.backupFileExtension = "backup"; home-manager.users.chandler = { pkgs, ... }: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ From 690f64ae803fc9fc104cb81fcfbc3c51f2d6fc57 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Mon, 18 Nov 2024 22:25:48 -0600 Subject: [PATCH 12/13] bert: Update README --- bert/README.md | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/bert/README.md b/bert/README.md index 5fc22b6..df3d008 100644 --- a/bert/README.md +++ b/bert/README.md @@ -1,13 +1,20 @@ -# Installation +# `bert` + +## Installation 1. Install NixOS minimal 2. `ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key` 2. Enable SSH server and add root SSH key 3. Deploy updated config with `make` 4. Set up [Remote Disk Unlocking](https://nixos.wiki/wiki/Remote_disk_unlocking) 1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key -5. Deploy content to web services +5. Deploy content: + - websites in /srv + - factorio world at /var/lib/factorio/saves/default.zip + - git/forgejo in /var/lib/forgejo + - navidrome DB/etc in /var/lib/navidrome +6. Set up Grafana users (log in with default admin/admin; change creds; configure) -# Notes on Caddy +## Notes on Caddy Until 2.8 is released with 24.11, Caddy has a pretty limited sense of what content-types should be compressed: @@ -21,3 +28,23 @@ it. The list was expanded in this PR: https://github.com/caddyserver/caddy/pull/6081 + +## SD card +With some microSD cards, rebooting consistently leads to a boot loop. I was +suspicious that it was all UHS microsd cards (which, these days, is most of 'em) +based in part on information in this PR: +https://github.com/armbian/build/pull/4824 + +I currently have a card in there that reliably works, but I'm 90% sure that it's +_also_ a UHS card? So I'm now really confused on what's going on. Do I have bad +cards? Bad hardware? Bad bootloader? Bad kernel? + +Basically, what I've figured out is this: I have two Microcenter branded cards. +One works every time. One never works. They contain the same contents +(bootloader, kernel, etc). With that in mind, I guess I'm forced to conclude +that it must be a difference in the cards. Both cards work fine for every other +use, as far as I can tell. + +Anyway, I spent a fair bit of time trying to get it to work, but didn't succeed. +After all that nonsense, I just found an SD card that happened to work reliably, +used that one instead, and called it good enough! 🙃 From 3379ea34d7d33b069d0b35ec733d0f9124705622 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 19 Nov 2024 23:37:37 -0600 Subject: [PATCH 13/13] bert: Remove misplaced bigbird note from README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't write documentation tired, kids! I thought I was missing this, so I had added it…to the wrong file, while similar notes were already present in the file where they belonged! --- bert/README.md | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/bert/README.md b/bert/README.md index df3d008..5c8eff2 100644 --- a/bert/README.md +++ b/bert/README.md @@ -28,23 +28,3 @@ it. The list was expanded in this PR: https://github.com/caddyserver/caddy/pull/6081 - -## SD card -With some microSD cards, rebooting consistently leads to a boot loop. I was -suspicious that it was all UHS microsd cards (which, these days, is most of 'em) -based in part on information in this PR: -https://github.com/armbian/build/pull/4824 - -I currently have a card in there that reliably works, but I'm 90% sure that it's -_also_ a UHS card? So I'm now really confused on what's going on. Do I have bad -cards? Bad hardware? Bad bootloader? Bad kernel? - -Basically, what I've figured out is this: I have two Microcenter branded cards. -One works every time. One never works. They contain the same contents -(bootloader, kernel, etc). With that in mind, I guess I'm forced to conclude -that it must be a difference in the cards. Both cards work fine for every other -use, as far as I can tell. - -Anyway, I spent a fair bit of time trying to get it to work, but didn't succeed. -After all that nonsense, I just found an SD card that happened to work reliably, -used that one instead, and called it good enough! 🙃