From 0c12e523534b187e7e785a12b167f353ac0654f6 Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:13:30 -0800 Subject: [PATCH 1/7] fix: hugo systemwide package --- packages/default.nix | 1 + users/stitchynyan/home.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/default.nix b/packages/default.nix index 498c230..1d3d24a 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -75,6 +75,7 @@ in "glsl_analyzer" "gnumake" "gnupg" + "hugo" "lazygit" "mypy" "neofetch" diff --git a/users/stitchynyan/home.nix b/users/stitchynyan/home.nix index 851f9d6..fabc2a4 100644 --- a/users/stitchynyan/home.nix +++ b/users/stitchynyan/home.nix @@ -55,7 +55,6 @@ in home.packages = with pkgs; [ cider ngspice - hugo kicad #steamvr? procps From 0283dea2e60770c86636bc3a5ed49ecb7ad80b92 Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:17:11 -0800 Subject: [PATCH 2/7] feat!: init tanzanite host! --- flake.nix | 18 +++++++++ hosts/tanzanite/default.nix | 76 +++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 hosts/tanzanite/default.nix diff --git a/flake.nix b/flake.nix index 310483f..be3e0c6 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,24 @@ } ]; }; + tanzanite = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + + ./packages/default.nix + ./hosts/tanzanite/default.nix + ./users/nyadmin/default.nix + + home-manager.nixosModules.home-manager + { + home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.nyadmin = import ./users/nyadmin/home.nix; + } + ]; + }; }; }; diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix new file mode 100644 index 0000000..7fca921 --- /dev/null +++ b/hosts/tanzanite/default.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, modulesPath, ... }: +let + +in { + imports = [ ../default.nix ]; + + stitchyconf = { + form = "server"; + }; + + networking.hostName = "tanzanite"; + time.timeZone = "America/Los_Angeles"; + networking.firewall = { + allowedTCPPorts = [ 22 80 222 443 ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + }; + + }; + # Non-Redundant Storage + fileSystems."/" = + { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; + fsType = "btrfs"; + options = [ "subvol=@nix-root" "compress=zstd"]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; + fsType = "btrfs"; + options = [ "subvol=@nix-home" "compress=zstd"]; + }; + + fileSystems."/nix/store" = + { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; + fsType = "btrfs"; + options = [ "subvol=@nix" "noatime" "compress=zstd"]; + }; + + fileSystems."/persist" = + { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; + fsType = "btrfs"; + options = [ "subvol=@persist" "compress=zstd"]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/262D-F161"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5c007a16-9f0f-42d0-8761-63bea3120f6d"; } + ]; + + # Static Networking + systemd.network.enable = true; + networking.useNetworkd = true; + systemd.network.networks."10-lan" = { + matchConfig.Name = "enp0s31f6"; + address = [ + "192.168.51.3/24" + ]; + routes = [ + { Gateway = "192.168.51.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + system.stateVersion = "24.11"; +} From 8bff5db0f5c587d1abda6214da1a7c1c6f669042 Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:17:45 -0800 Subject: [PATCH 3/7] feat(tanzanite): redundant storage configuration --- hosts/tanzanite/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix index 7fca921..3d928e8 100644 --- a/hosts/tanzanite/default.nix +++ b/hosts/tanzanite/default.nix @@ -18,9 +18,25 @@ in { boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + # Redundant Storage + fileSystems."/opt/data" = { + device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; + fsType = "btrfs"; + options = [ "subvol=@data" "compress=zstd" ]; }; + fileSystems."/opt/docker-containers" = { + device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; + fsType = "btrfs"; + options = [ "subvol=@docker-containers" "compress=zstd" ]; }; + + fileSystems."/opt/www" = { + device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; + fsType = "btrfs"; + options = [ "subvol=@www" "compress=zstd" ]; + }; + # Non-Redundant Storage fileSystems."/" = { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; From 0effd941824123b1f0aa69e462f31969c0b7c78c Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:18:09 -0800 Subject: [PATCH 4/7] feat(tanzanite): use old docker data dir --- hosts/tanzanite/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix index 3d928e8..a475a20 100644 --- a/hosts/tanzanite/default.nix +++ b/hosts/tanzanite/default.nix @@ -10,6 +10,13 @@ in { networking.hostName = "tanzanite"; time.timeZone = "America/Los_Angeles"; + + virtualisation.docker = { + enable = true; + daemon.settings = { + data-root = "/opt/data"; + }; + }; networking.firewall = { allowedTCPPorts = [ 22 80 222 443 ]; From 38c91175518f8d3a3343410b744a26a8e9ebd21a Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:18:43 -0800 Subject: [PATCH 5/7] feat(tanzanite): acme cert configuration --- hosts/tanzanite/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix index a475a20..2af54d3 100644 --- a/hosts/tanzanite/default.nix +++ b/hosts/tanzanite/default.nix @@ -17,6 +17,16 @@ in { data-root = "/opt/data"; }; }; + security.acme = { + acceptTerms = true; + defaults.email = "stitchy@stitchy.moe"; + defaults.dnsProvider = "porkbun"; + defaults.environmentFile = "/persist/acme/porkbun.tokens"; + certs = { + }; + }; + + }; networking.firewall = { allowedTCPPorts = [ 22 80 222 443 ]; From 59ad1090685aae03bee47a5e5deee8524eff9c7d Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:19:45 -0800 Subject: [PATCH 6/7] feat(tanzanite): nginx configuration for website --- hosts/tanzanite/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix index 2af54d3..63414e5 100644 --- a/hosts/tanzanite/default.nix +++ b/hosts/tanzanite/default.nix @@ -17,6 +17,7 @@ in { data-root = "/opt/data"; }; }; + security.acme = { acceptTerms = true; defaults.email = "stitchy@stitchy.moe"; @@ -26,9 +27,22 @@ in { }; }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "stitchy.moe" = { + enableACME = true; + forceSSL = true; + root = "/opt/www/stitchy.moe/public"; + }; }; + }; + networking.firewall = { allowedTCPPorts = [ 22 80 222 443 ]; + }; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; From 5a37fd5165a73db74b921725ea1681d38a50ee8e Mon Sep 17 00:00:00 2001 From: stitchy Date: Sat, 21 Dec 2024 19:20:17 -0800 Subject: [PATCH 7/7] feat(tanzanite): nginx configuration for forgio --- hosts/tanzanite/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix index 63414e5..d30c4e5 100644 --- a/hosts/tanzanite/default.nix +++ b/hosts/tanzanite/default.nix @@ -37,6 +37,13 @@ in { forceSSL = true; root = "/opt/www/stitchy.moe/public"; }; + "gay.stitchy.moe" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3333"; + }; + }; }; };