added hyrule vps host and colmena remote deployment

2025-02-12 14:33:38 +10:00 · 2025-02-12 14:33:38 +10:00 · f46de5b1d7
commit f46de5b1d7
parent 23942b961e
5 changed files with 152 additions and 16 deletions
--- a/DEVDOC.md
+++ b/DEVDOC.md
@ -13,3 +13,11 @@ essentials for my work, no graphical environment.
 A simple account I let me friends connect to. 
 Limited functionality, mostly just for letting
 them test small things or for giving them files.
 ## Setup Guide
 ##### New Colmena Instance
 Enable an ssh server on the remote host, then on the 
 local machine set `.ssh/config` to have a profile for 
 your desired host and have a key pair that's authorised 
 to your desired user. 
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 #!/usr/bin/env bash
 # Deploy to all Colmena hives
 colmena build
 colmena apply
--- a/flake.nix
+++ b/flake.nix
@ -51,6 +51,13 @@
    # this is just something I'm experimenting with
    PROJECT_ROOT = builtins.toString ./.;
  in {
    # shell for `nix develop`
    devShells."x86_64-linux".default = pkgs.mkShell {
      buildInputs = with pkgs; [
        colmena
      ];
    };
    nixosConfigurations = {
      # i be on my puter fr
      myputer = nixpkgs.lib.nixosSystem {
@ -73,14 +80,29 @@
        ];
      };
-      # my server (vps)
+      # meine vps
-      imbored = nixpkgs.lib.nixosSystem {
+      #imbored = nixpkgs.lib.nixosSystem {
-        specialargs = {inherit inputs pkgs;};
+      #  specialargs = {inherit inputs pkgs;};
      #
      #  modules = [
      #    ./hosts/imbored
      #  ];
      #};
    };
-        modules = [
+    # remote deployment to my servers!!
-          ./hosts/imbored
+    colmena = {
-        ];
+      meta = {
        # set nixpkgs global
        nixpkgs = pkgs;
        # set nixpkgs per server
        # nodeNixpkgs = {
        #   hyrule = pkgs;
        # };
      };
      # meine vps
      hyrule = import ./hosts/hyrule;
    };
  };
 }
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@ -9,17 +9,17 @@
    sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj";
  };
 in {
-  # TODO: 
+  # TODO:
  #    - add github:charmbracelet/soft-serve
  #    - add forgejo
  imports = [
    ./hardware-configuration.nix
    #../modules/server/nginx.nix
    #../modules/server/ssh.nix
    #../modules/server/fail2ban.nix
  ];
  system.stateVersion = "24.11"; # DO NOT MODIFY
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
@ -33,16 +33,32 @@ in {
    keyMap = "us";
  };
-  boot.loader = {
+  # colmena deployment configuration
-    # TODO
+  deployment = {
    targetHost = "imbored.dev";
    targetPort = 22;
    targetUser = "ae";
    buildOnTarget = false; # build locally then deploy
  };
  # super duper minimum grub2 config
  boot.loader.grub = {
    enable = true;
    device = "/dev/vda";
  };
  networking = {
-    hostName = "imbored";
+    hostName = "hyrule";
    networkmanager.enable = true;
-    firewall.allowedTCPPorts = [
+
-      22 # sshd
+    firewall = {
-    ]
+      enable = true;
      allowedTCPPorts = [
        22 # sshd
        80 # nginx
        443 # nginx
      ];
    };
  };
  users = {
@ -50,10 +66,11 @@ in {
    users = {
      # primary user
-      dev = {
+      ae = {
        isNormalUser = true;
        extraGroups = ["wheel"];
        shell = pkgs.bash;
        home = "/home/ae"; # TEMP: remove and replace with home-manager
        packages = with pkgs; [
        ];
      };
@ -62,12 +79,55 @@ in {
      friends = {
        isNormalUser = true;
        shell = pkgs.bash;
        home = "/home/friends"; # TEMP: remove and replace with home-manager
        packages = with pkgs; [
        ];
      };
    };
  };
  services = {
    # simple nginx instance to host static construction page
    nginx = {
      enable = true;
      # package = pkgs.nginxStable.override { openssl = pkgs.libressl; };
      #virtualHosts."imbored.dev".locations."/" = {
      virtualHosts."imbored.dev" = {
        addSSL = true;
        enableACME = true;
        root = "/var/www/imbored";
        #index = "index.html";
        #root = pkgs.writeTextDir "index.html" ''
        #  <html>
        #  <body>
        #  Give me your mittens!
        #  </body>
        #  </html>
        #'';
      };
    };
    # quick and dirty way temporary way accessing my server
    openssh = {
      enable = true;
      ports = [22];
      settings = {
        PasswordAuthentication = true;
        PermitRootLogin = "no";
        AllowUsers = ["ae"]; # allow all users by default
        UseDns = true;
        X11Forwarding = false;
      };
    };
  };
  # accept Lets Encrypt's security policy (for nginx)
  security.acme = {
    acceptTerms = true;
    defaults.email = "eclarkboman@gmail.com";
  };
  #home-manager = {
  #  users = {
  #    dev = import ../../homes/dev;
@ -75,9 +135,13 @@ in {
  #  };
  #};
-  environment.SystemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [
    vim
    helix
  ];
  programs = {
  };
  system.stateVersion = "24.11"; # DO NOT MODIFY
 }
--- a/hosts/hyrule/hardware-configuration.nix
+++ b/hosts/hyrule/hardware-configuration.nix
@ -0,0 +1,37 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXROOT";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/NIXBOOT";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }