feat: add raptus host

README.md

@@ -1,7 +1,11 @@
 ## Targets
 
-| Name    | Arch    | Description |
+| Name    | Arch   | Description |
-| ------- | ------- | ----------- |
+| ------- | ------ | ----------- |
-| Marr    | x86_64  |             |
+| Marr    | x86_64 |             |
-| Brontes | x86_64  |             |
+| Brontes | x86_64 |             |
-| Styrax  | Aarch64 |             |
+| Styrax  | x86_64 |             |
+
+## Thanks to these awesome people for inspiration and documentation:
+
+- https://github.com/notashelf/nyx

home/terminal/ssh/default.nix

@@ -13,6 +13,11 @@
         user = "nydragon";
         port = 22;
       };
+      vps = {
+        hostname = "vps.ccnlc.eu";
+        user = "root";
+        port = 22;
+      };
     };
   };
 }

hosts/default.nix

@@ -19,5 +19,11 @@ in
       system = "x86_64-linux";
       extraModules = [ inputs.disko.nixosModules.disko ];
     };
+
+    raptus = lib.my.mkSystem {
+      hostname = "raptus";
+      system = "x86_64-linux";
+      extraModules = [ inputs.disko.nixosModules.disko ];
+    };
   };
 }

hosts/raptus/configuration.nix

@@ -0,0 +1,62 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+    ./docker-compose.nix
+    ../../modules/nix
+  ];
+
+  device.type = {
+    vm.enable = true;
+    server.enable = true;
+  };
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  networking.firewall = lib.mkForce {
+    enable = true;
+    allowedTCPPorts = [ 80 ];
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."rusty.ccnlc.eu" = {
+      #enableACME = true;
+      #forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8000";
+        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig = ''
+          proxy_ssl_server_name on;
+          proxy_pass_header Authorization;'';
+      };
+    };
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw" # brontes
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" # marr
+  ];
+
+  system.stateVersion = "24.11";
+}

hosts/raptus/disk-config.nix

@@ -0,0 +1,40 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [ "defaults" ];
+            };
+          };
+
+        };
+      };
+    };
+  };
+}

hosts/raptus/docker-compose.nix

@@ -0,0 +1,132 @@
+# Auto-generated using compose2nix v0.2.2-pre.
+{ pkgs, lib, ... }:
+
+{
+  # Runtime
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = {
+      # Required for container networking to be able to use names.
+      dns_enabled = true;
+    };
+  };
+  virtualisation.oci-containers.backend = "podman";
+
+  # Containers
+  virtualisation.oci-containers.containers."obsidian-livesync" = {
+    image = "couchdb";
+    environment = {
+      "COUCHDB_PASSWORD" = "";
+      "COUCHDB_USER" = "";
+    };
+    volumes = [
+      "${./local.ini}:/opt/couchdb/etc/local.ini:ro"
+      "test_dbdata:/opt/couchdb/data:rw"
+    ];
+    ports = [ "5984:5984/tcp" ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=couchserver"
+      "--network=test_default"
+    ];
+  };
+  systemd.services."podman-obsidian-livesync" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 500 "always";
+    };
+    after = [
+      "podman-network-test_default.service"
+      "podman-volume-test_dbdata.service"
+    ];
+    requires = [
+      "podman-network-test_default.service"
+      "podman-volume-test_dbdata.service"
+    ];
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+  virtualisation.oci-containers.containers."rustypaste" = {
+    image = "orhunp/rustypaste:latest";
+    environment = {
+      "RUST_LOG" = "debug";
+    };
+    volumes = [
+      "${./rusty.toml}:/app/config.toml:ro"
+      "test_rustypaste-data:/app/upload:rw"
+    ];
+    ports = [ "8000:8000/tcp" ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network-alias=rustypaste"
+      "--network=test_default"
+    ];
+  };
+  systemd.services."podman-rustypaste" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 500 "always";
+    };
+    after = [
+      "podman-network-test_default.service"
+      "podman-volume-test_rustypaste-data.service"
+    ];
+    requires = [
+      "podman-network-test_default.service"
+      "podman-volume-test_rustypaste-data.service"
+    ];
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Networks
+  systemd.services."podman-network-test_default" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStop = "podman network rm -f test_default";
+    };
+    script = ''
+      podman network inspect test_default || podman network create test_default
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Volumes
+  systemd.services."podman-volume-test_dbdata" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      podman volume inspect test_dbdata || podman volume create test_dbdata
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+  systemd.services."podman-volume-test_rustypaste-data" = {
+    path = [ pkgs.podman ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      podman volume inspect test_rustypaste-data || podman volume create test_rustypaste-data
+    '';
+    partOf = [ "podman-compose-test-root.target" ];
+    wantedBy = [ "podman-compose-test-root.target" ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."podman-compose-test-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

hosts/raptus/rusty.toml

@@ -0,0 +1,70 @@
+[config]
+refresh_rate = "1s"
+
+[server]
+address = "127.0.0.1:8000"
+url = "https://vps.ccnlc.eu"
+#workers=4
+max_content_length = "10MB"
+upload_path = "./upload"
+timeout = "30s"
+expose_version = false
+expose_list = false
+#auth_tokens = [
+#  "super_secret_token1",
+#  "super_secret_token2",
+#]
+#delete_tokens = [
+#  "super_secret_token1",
+#  "super_secret_token3",
+#]
+handle_spaces = "replace" # or "encode"
+
+[landing_page]
+text = """
+┬─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐┌─┐┌─┐┌┬┐┌─┐
+├┬┘│ │└─┐ │ └┬┘├─┘├─┤└─┐ │ ├┤
+┴└─└─┘└─┘ ┴  ┴ ┴  ┴ ┴└─┘ ┴ └─┘
+
+Submit files via HTTP POST here:
+    curl -F 'file=@example.txt' <server>
+This will return the URL of the uploaded file.
+
+The server administrator might remove any pastes that they do not personally
+want to host.
+
+If you are the server administrator and want to change this page, just go
+into your config file and change it! If you change the expiry time, it is
+recommended that you do.
+
+By default, pastes expire every hour. The server admin may or may not have
+changed this.
+
+Check out the GitHub repository at https://github.com/orhun/rustypaste
+Command line tool is available  at https://github.com/orhun/rustypaste-cli
+"""
+#file = "index.txt"
+content_type = "text/plain; charset=utf-8"
+
+[paste]
+random_url = { type = "petname", words = 2, separator = "-" }
+#random_url = { type = "alphanumeric", length = 8 }
+#random_url = { type = "alphanumeric", length = 6, suffix_mode = true }
+default_extension = "txt"
+mime_override = [
+  { mime = "image/jpeg", regex = "^.*\\.jpg$" },
+  { mime = "image/png", regex = "^.*\\.png$" },
+  { mime = "image/svg+xml", regex = "^.*\\.svg$" },
+  { mime = "video/webm", regex = "^.*\\.webm$" },
+  { mime = "video/x-matroska", regex = "^.*\\.mkv$" },
+  { mime = "application/octet-stream", regex = "^.*\\.bin$" },
+  { mime = "text/plain", regex = "^.*\\.(log|txt|diff|sh|rs|toml)$" },
+]
+mime_blacklist = [
+  "application/x-dosexec",
+  "application/java-archive",
+  "application/java-vm",
+]
+duplicate_files = true
+# default_expiry = "1h"
+delete_expired_files = { enabled = true, interval = "1h" }