added hyrule vps host and colmena remote deployment

2025-02-12 14:33:38 +10:00 · 2025-02-12 14:33:38 +10:00 · f46de5b1d7
commit f46de5b1d7
parent 23942b961e
5 changed files with 152 additions and 16 deletions
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@ -9,17 +9,17 @@
    sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj";
  };
 in {
-  # TODO: 
+  # TODO:
  #    - add github:charmbracelet/soft-serve
  #    - add forgejo

  imports = [
+    ./hardware-configuration.nix
    #../modules/server/nginx.nix
    #../modules/server/ssh.nix
    #../modules/server/fail2ban.nix
  ];

-  system.stateVersion = "24.11"; # DO NOT MODIFY
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
@ -33,16 +33,32 @@ in {
    keyMap = "us";
  };

-  boot.loader = {
-    # TODO
+  # colmena deployment configuration
+  deployment = {
+    targetHost = "imbored.dev";
+    targetPort = 22;
+    targetUser = "ae";
+    buildOnTarget = false; # build locally then deploy
+  };
+
+  # super duper minimum grub2 config
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
  };

  networking = {
-    hostName = "imbored";
+    hostName = "hyrule";
    networkmanager.enable = true;
-    firewall.allowedTCPPorts = [
-      22 # sshd
-    ]
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22 # sshd
+        80 # nginx
+        443 # nginx
+      ];
+    };
  };

  users = {
@ -50,10 +66,11 @@ in {

    users = {
      # primary user
-      dev = {
+      ae = {
        isNormalUser = true;
        extraGroups = ["wheel"];
        shell = pkgs.bash;
+        home = "/home/ae"; # TEMP: remove and replace with home-manager
        packages = with pkgs; [
        ];
      };
@ -62,12 +79,55 @@ in {
      friends = {
        isNormalUser = true;
        shell = pkgs.bash;
+        home = "/home/friends"; # TEMP: remove and replace with home-manager
        packages = with pkgs; [
        ];
      };
    };
  };

+  services = {
+    # simple nginx instance to host static construction page
+    nginx = {
+      enable = true;
+
+      # package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
+
+      #virtualHosts."imbored.dev".locations."/" = {
+      virtualHosts."imbored.dev" = {
+        addSSL = true;
+        enableACME = true;
+        root = "/var/www/imbored";
+        #index = "index.html";
+        #root = pkgs.writeTextDir "index.html" ''
+        #  <html>
+        #  <body>
+        #  Give me your mittens!
+        #  </body>
+        #  </html>
+        #'';
+      };
+    };
+
+    # quick and dirty way temporary way accessing my server
+    openssh = {
+      enable = true;
+      ports = [22];
+      settings = {
+        PasswordAuthentication = true;
+        PermitRootLogin = "no";
+        AllowUsers = ["ae"]; # allow all users by default
+        UseDns = true;
+        X11Forwarding = false;
+      };
+    };
+  };
+  # accept Lets Encrypt's security policy (for nginx)
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "eclarkboman@gmail.com";
+  };
+
  #home-manager = {
  #  users = {
  #    dev = import ../../homes/dev;
@ -75,9 +135,13 @@ in {
  #  };
  #};

-  environment.SystemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [
+    vim
+    helix
  ];

  programs = {
  };
+
+  system.stateVersion = "24.11"; # DO NOT MODIFY
 }