From 4533c3edecfaf9e3129a7e3ed20f95d01b386a0d Mon Sep 17 00:00:00 2001 From: Nydragon Date: Tue, 20 Aug 2024 12:52:01 +0200 Subject: [PATCH] feat: add raptus host --- README.md | 14 ++-- home/terminal/ssh/default.nix | 5 ++ hosts/default.nix | 6 ++ hosts/raptus/configuration.nix | 62 +++++++++++++++ hosts/raptus/disk-config.nix | 40 ++++++++++ hosts/raptus/docker-compose.nix | 132 ++++++++++++++++++++++++++++++++ hosts/raptus/local.ini | 0 hosts/raptus/rusty.toml | 70 +++++++++++++++++ 8 files changed, 324 insertions(+), 5 deletions(-) create mode 100644 hosts/raptus/configuration.nix create mode 100644 hosts/raptus/disk-config.nix create mode 100644 hosts/raptus/docker-compose.nix create mode 100644 hosts/raptus/local.ini create mode 100644 hosts/raptus/rusty.toml diff --git a/README.md b/README.md index 8cfdc7e..64186ea 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,11 @@ ## Targets -| Name | Arch | Description | -| ------- | ------- | ----------- | -| Marr | x86_64 | | -| Brontes | x86_64 | | -| Styrax | Aarch64 | | +| Name | Arch | Description | +| ------- | ------ | ----------- | +| Marr | x86_64 | | +| Brontes | x86_64 | | +| Styrax | x86_64 | | + +## Thanks to these awesome people for inspiration and documentation: + +- https://github.com/notashelf/nyx diff --git a/home/terminal/ssh/default.nix b/home/terminal/ssh/default.nix index 0fe2f17..ac5d23f 100644 --- a/home/terminal/ssh/default.nix +++ b/home/terminal/ssh/default.nix @@ -13,6 +13,11 @@ user = "nydragon"; port = 22; }; + vps = { + hostname = "vps.ccnlc.eu"; + user = "root"; + port = 22; + }; }; }; } diff --git a/hosts/default.nix b/hosts/default.nix index 9f2fad4..4fd93a6 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -19,5 +19,11 @@ in system = "x86_64-linux"; extraModules = [ inputs.disko.nixosModules.disko ]; }; + + raptus = lib.my.mkSystem { + hostname = "raptus"; + system = "x86_64-linux"; + extraModules = [ inputs.disko.nixosModules.disko ]; + }; }; } diff --git a/hosts/raptus/configuration.nix b/hosts/raptus/configuration.nix new file mode 100644 index 0000000..3946863 --- /dev/null +++ b/hosts/raptus/configuration.nix @@ -0,0 +1,62 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ./docker-compose.nix + ../../modules/nix + ]; + + device.type = { + vm.enable = true; + server.enable = true; + }; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.firewall = lib.mkForce { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."rusty.ccnlc.eu" = { + #enableACME = true; + #forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_ssl_server_name on; + proxy_pass_header Authorization;''; + }; + }; + }; + + services.openssh.enable = true; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ]; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw" # brontes + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" # marr + ]; + + system.stateVersion = "24.11"; +} diff --git a/hosts/raptus/disk-config.nix b/hosts/raptus/disk-config.nix new file mode 100644 index 0000000..d70096a --- /dev/null +++ b/hosts/raptus/disk-config.nix @@ -0,0 +1,40 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ "defaults" ]; + }; + }; + + }; + }; + }; + }; +} diff --git a/hosts/raptus/docker-compose.nix b/hosts/raptus/docker-compose.nix new file mode 100644 index 0000000..26e9df4 --- /dev/null +++ b/hosts/raptus/docker-compose.nix @@ -0,0 +1,132 @@ +# Auto-generated using compose2nix v0.2.2-pre. +{ pkgs, lib, ... }: + +{ + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."obsidian-livesync" = { + image = "couchdb"; + environment = { + "COUCHDB_PASSWORD" = ""; + "COUCHDB_USER" = ""; + }; + volumes = [ + "${./local.ini}:/opt/couchdb/etc/local.ini:ro" + "test_dbdata:/opt/couchdb/data:rw" + ]; + ports = [ "5984:5984/tcp" ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=couchserver" + "--network=test_default" + ]; + }; + systemd.services."podman-obsidian-livesync" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-test_default.service" + "podman-volume-test_dbdata.service" + ]; + requires = [ + "podman-network-test_default.service" + "podman-volume-test_dbdata.service" + ]; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + virtualisation.oci-containers.containers."rustypaste" = { + image = "orhunp/rustypaste:latest"; + environment = { + "RUST_LOG" = "debug"; + }; + volumes = [ + "${./rusty.toml}:/app/config.toml:ro" + "test_rustypaste-data:/app/upload:rw" + ]; + ports = [ "8000:8000/tcp" ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=rustypaste" + "--network=test_default" + ]; + }; + systemd.services."podman-rustypaste" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-test_default.service" + "podman-volume-test_rustypaste-data.service" + ]; + requires = [ + "podman-network-test_default.service" + "podman-volume-test_rustypaste-data.service" + ]; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + + # Networks + systemd.services."podman-network-test_default" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f test_default"; + }; + script = '' + podman network inspect test_default || podman network create test_default + ''; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + + # Volumes + systemd.services."podman-volume-test_dbdata" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect test_dbdata || podman volume create test_dbdata + ''; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + systemd.services."podman-volume-test_rustypaste-data" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect test_rustypaste-data || podman volume create test_rustypaste-data + ''; + partOf = [ "podman-compose-test-root.target" ]; + wantedBy = [ "podman-compose-test-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-test-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/hosts/raptus/local.ini b/hosts/raptus/local.ini new file mode 100644 index 0000000..e69de29 diff --git a/hosts/raptus/rusty.toml b/hosts/raptus/rusty.toml new file mode 100644 index 0000000..fe93d3b --- /dev/null +++ b/hosts/raptus/rusty.toml @@ -0,0 +1,70 @@ +[config] +refresh_rate = "1s" + +[server] +address = "127.0.0.1:8000" +url = "https://vps.ccnlc.eu" +#workers=4 +max_content_length = "10MB" +upload_path = "./upload" +timeout = "30s" +expose_version = false +expose_list = false +#auth_tokens = [ +# "super_secret_token1", +# "super_secret_token2", +#] +#delete_tokens = [ +# "super_secret_token1", +# "super_secret_token3", +#] +handle_spaces = "replace" # or "encode" + +[landing_page] +text = """ +┬─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐┌─┐┌─┐┌┬┐┌─┐ +├┬┘│ │└─┐ │ └┬┘├─┘├─┤└─┐ │ ├┤ +┴└─└─┘└─┘ ┴ ┴ ┴ ┴ ┴└─┘ ┴ └─┘ + +Submit files via HTTP POST here: + curl -F 'file=@example.txt' +This will return the URL of the uploaded file. + +The server administrator might remove any pastes that they do not personally +want to host. + +If you are the server administrator and want to change this page, just go +into your config file and change it! If you change the expiry time, it is +recommended that you do. + +By default, pastes expire every hour. The server admin may or may not have +changed this. + +Check out the GitHub repository at https://github.com/orhun/rustypaste +Command line tool is available at https://github.com/orhun/rustypaste-cli +""" +#file = "index.txt" +content_type = "text/plain; charset=utf-8" + +[paste] +random_url = { type = "petname", words = 2, separator = "-" } +#random_url = { type = "alphanumeric", length = 8 } +#random_url = { type = "alphanumeric", length = 6, suffix_mode = true } +default_extension = "txt" +mime_override = [ + { mime = "image/jpeg", regex = "^.*\\.jpg$" }, + { mime = "image/png", regex = "^.*\\.png$" }, + { mime = "image/svg+xml", regex = "^.*\\.svg$" }, + { mime = "video/webm", regex = "^.*\\.webm$" }, + { mime = "video/x-matroska", regex = "^.*\\.mkv$" }, + { mime = "application/octet-stream", regex = "^.*\\.bin$" }, + { mime = "text/plain", regex = "^.*\\.(log|txt|diff|sh|rs|toml)$" }, +] +mime_blacklist = [ + "application/x-dosexec", + "application/java-archive", + "application/java-vm", +] +duplicate_files = true +# default_expiry = "1h" +delete_expired_files = { enabled = true, interval = "1h" }