diff --git a/README b/DEVDOC.md similarity index 62% rename from README rename to DEVDOC.md index 64fb0f3..9c5eb28 100644 --- a/README +++ b/DEVDOC.md @@ -13,3 +13,11 @@ essentials for my work, no graphical environment. A simple account I let me friends connect to. Limited functionality, mostly just for letting them test small things or for giving them files. + + +## Setup Guide +##### New Colmena Instance +Enable an ssh server on the remote host, then on the +local machine set `.ssh/config` to have a profile for +your desired host and have a key pair that's authorised +to your desired user. diff --git a/deploy-remote b/deploy-remote new file mode 100755 index 0000000..0a4f6ae --- /dev/null +++ b/deploy-remote @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +# Deploy to all Colmena hives +colmena build +colmena apply diff --git a/flake.nix b/flake.nix index 725347c..c743676 100755 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,13 @@ # this is just something I'm experimenting with PROJECT_ROOT = builtins.toString ./.; in { + # shell for `nix develop` + devShells."x86_64-linux".default = pkgs.mkShell { + buildInputs = with pkgs; [ + colmena + ]; + }; + nixosConfigurations = { # i be on my puter fr myputer = nixpkgs.lib.nixosSystem { @@ -73,14 +80,29 @@ ]; }; - # my server (vps) - imbored = nixpkgs.lib.nixosSystem { - specialargs = {inherit inputs pkgs;}; + # meine vps + #imbored = nixpkgs.lib.nixosSystem { + # specialargs = {inherit inputs pkgs;}; + # + # modules = [ + # ./hosts/imbored + # ]; + #}; + }; - modules = [ - ./hosts/imbored - ]; + # remote deployment to my servers!! + colmena = { + meta = { + # set nixpkgs global + nixpkgs = pkgs; + # set nixpkgs per server + # nodeNixpkgs = { + # hyrule = pkgs; + # }; }; + + # meine vps + hyrule = import ./hosts/hyrule; }; }; } diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index d8f3e55..1d5286c 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -9,17 +9,17 @@ sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj"; }; in { - # TODO: + # TODO: # - add github:charmbracelet/soft-serve # - add forgejo imports = [ + ./hardware-configuration.nix #../modules/server/nginx.nix #../modules/server/ssh.nix #../modules/server/fail2ban.nix ]; - system.stateVersion = "24.11"; # DO NOT MODIFY nix.settings.experimental-features = [ "nix-command" "flakes" @@ -33,16 +33,32 @@ in { keyMap = "us"; }; - boot.loader = { - # TODO + # colmena deployment configuration + deployment = { + targetHost = "imbored.dev"; + targetPort = 22; + targetUser = "ae"; + buildOnTarget = false; # build locally then deploy + }; + + # super duper minimum grub2 config + boot.loader.grub = { + enable = true; + device = "/dev/vda"; }; networking = { - hostName = "imbored"; + hostName = "hyrule"; networkmanager.enable = true; - firewall.allowedTCPPorts = [ - 22 # sshd - ] + + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # sshd + 80 # nginx + 443 # nginx + ]; + }; }; users = { @@ -50,10 +66,11 @@ in { users = { # primary user - dev = { + ae = { isNormalUser = true; extraGroups = ["wheel"]; shell = pkgs.bash; + home = "/home/ae"; # TEMP: remove and replace with home-manager packages = with pkgs; [ ]; }; @@ -62,12 +79,55 @@ in { friends = { isNormalUser = true; shell = pkgs.bash; + home = "/home/friends"; # TEMP: remove and replace with home-manager packages = with pkgs; [ ]; }; }; }; + services = { + # simple nginx instance to host static construction page + nginx = { + enable = true; + + # package = pkgs.nginxStable.override { openssl = pkgs.libressl; }; + + #virtualHosts."imbored.dev".locations."/" = { + virtualHosts."imbored.dev" = { + addSSL = true; + enableACME = true; + root = "/var/www/imbored"; + #index = "index.html"; + #root = pkgs.writeTextDir "index.html" '' + # + # + # Give me your mittens! + # + # + #''; + }; + }; + + # quick and dirty way temporary way accessing my server + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = true; + PermitRootLogin = "no"; + AllowUsers = ["ae"]; # allow all users by default + UseDns = true; + X11Forwarding = false; + }; + }; + }; + # accept Lets Encrypt's security policy (for nginx) + security.acme = { + acceptTerms = true; + defaults.email = "eclarkboman@gmail.com"; + }; + #home-manager = { # users = { # dev = import ../../homes/dev; @@ -75,9 +135,13 @@ in { # }; #}; - environment.SystemPackages = with pkgs; [ + environment.systemPackages = with pkgs; [ + vim + helix ]; programs = { }; + + system.stateVersion = "24.11"; # DO NOT MODIFY } diff --git a/hosts/hyrule/hardware-configuration.nix b/hosts/hyrule/hardware-configuration.nix new file mode 100644 index 0000000..13fe39a --- /dev/null +++ b/hosts/hyrule/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}