walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

Compare commits

base: walkah:4f1f81e4251de3f9e96bcd9e5c7dbe7b86df3537
Branches Tags
walkah:main
...
compare: walkah:main
Branches Tags
walkah:main

187 Commits
4f1f81e425 ... main

Author SHA1 Message Date
James Walker
11418b33b9 ⬆️ version bump 2025-10-19 20:15:33 -04:00
James Walker
3ebc43b540 🚑 fix raspberry pi build 2025-10-15 12:27:35 -04:00
James Walker
8fbf192735 ⬆️ version bump 2025-10-12 11:02:54 -04:00
James Walker
262b1a1f30 ⬆️ version bump 2025-10-11 21:11:58 -04:00
James Walker
919da33fb5 ⬆️ version bump 2025-10-07 13:21:55 -04:00
James Walker
c3fd894a76 💄 squircle icon for emacs 2025-09-25 14:35:27 -04:00
James Walker
a3604071d5 📦 more package tweaks 2025-09-08 17:30:42 -04:00
James Walker
b7a0807165 📦 more package tweaks 2025-09-02 17:12:25 -04:00
James Walker
55ae30f066 🔧 fresh borgbase repo 2025-09-01 13:14:06 -04:00
James Walker
861a12bc60 📦 what's one more browser? 2025-09-01 13:11:02 -04:00
James Walker
9fa98cb111 🔒️ plato: broadcom driver marked insecure 
NOTE: maybe just remove it?
 2025-08-18 15:16:10 -04:00
James Walker
9fbe64a194 🚨 formatting tweaks 2025-08-18 10:31:48 -04:00
James Walker
ac03db4f87 ⬆️ version bump 2025-07-20 14:07:20 -04:00
James Walker
7cec56a95e 🔧 cleanup matrix config 2025-07-01 15:14:13 -04:00
James Walker
a507412e0e 🚚 homebrew app renames 2025-06-23 12:30:06 -04:00
James Walker
3ecac708c3 🚚 pre-commit-hooks rename 2025-06-02 16:54:44 -04:00
James Walker
7b8c02a19e ♻️ refactor flake-utils usage 2025-06-01 14:21:00 -04:00
James Walker
38aff239a0 🔥remove deploy-rs (no longer in use) 2025-05-26 17:03:14 -04:00
James Walker
f58a14541f 👽️ nix-darwin: primaryUser 2025-05-17 16:40:50 -04:00
James Walker
6183c17722 ⬆️ version bump 2025-05-01 17:35:01 -04:00
James Walker
ac43ae77cc 📦️ experimenting with podman 2025-04-20 16:07:45 -04:00
James Walker
ccfcb5ec7f 🐛 mas 2.0 works again 2025-04-13 11:55:48 -04:00
James Walker
30db860308 🐛 btop is not a cask 2025-04-08 19:57:03 -04:00
James Walker
35b24b54fd 🔧 nixfmt-tree 2025-04-08 19:50:13 -04:00
James Walker
5aaeb78e9c 📦️ I don't remember why I removed btop 2025-04-08 19:49:43 -04:00
James Walker
f4307bd301 🔧 plato: docker dns 2025-04-07 11:28:45 -04:00
James Walker
1ff4017cd6 🐛 homebrew masApps aren't working 
See: https://github.com/nix-darwin/nix-darwin/issues/1323
 2025-04-02 21:20:36 -04:00
James Walker
e31b3a36d7 ⬆️ version bump 2025-04-01 12:46:50 -04:00
James Walker
765d3d3919 🔥 ipfs-cluster service is now upstream 2025-03-31 17:02:04 -04:00
James Walker
4503ca8cc8 🚚 nix-darwin has a new home 2025-03-28 13:28:23 -04:00
James Walker
22abedaf52 📦️ more package updates 2025-03-23 16:52:23 -07:00
James Walker
cdadeee69a 📦️ package updates 2025-03-17 10:22:51 -04:00
James Walker
dafa424d2d add k3s 2025-03-10 23:22:23 -04:00
James Walker
005b0bb5e4 🔥 remove traefik 2025-03-09 20:54:32 -04:00
James Walker
a4b746fd9c 🔧 set k3s server address 2025-03-08 18:02:27 -05:00
James Walker
defc49c48a add k3s 2025-03-08 17:50:32 -05:00
James Walker
72198292ab 📦 add bruno 2025-03-05 22:50:05 -05:00
James Walker
e066118d2b ⬆️ version bump 2025-03-03 13:20:22 -05:00
James Walker
d14137fedd 📦️ emacs-plus now v30 2025-02-26 22:27:28 -05:00
James Walker
c9d5a5a966 📦 dev tools 2025-02-20 14:24:27 -08:00
James Walker
5c46a41206 ⬆️ version bump 2025-02-17 15:15:32 -05:00
James Walker
bbe4fe6f76 🔧 tailscale webclient for metrics 2025-02-15 17:54:31 -05:00
James Walker
87a362c9c7 👽️ darwin: update nix daemon config 2025-02-13 22:42:52 -05:00
James Walker
6b1e91b0f5 ⬆️ version bump 2025-02-08 08:14:10 -05:00
James Walker
86371ba451 ⬆️ version bump 2025-02-06 10:32:19 -05:00
James Walker
3d945eb6af 🔥 remove old homebrew casks 2025-01-31 13:04:33 -05:00
James Walker
df43e5550b 🔥 no terraform from homebrew 2025-01-27 10:54:59 -05:00
James Walker
04ad800a88 📦 heraclitus: adding some packages 2025-01-24 11:10:11 -05:00
James Walker
afafcb92ad ⬆️ version bump 2025-01-22 23:43:15 -05:00
James Walker
f5b8d4fde5 🛂 add minecraft user 2025-01-17 18:22:23 -05:00
James Walker
7ae9292871 ⬆️ bump version 2025-01-17 15:20:14 -05:00
James Walker
4b0c646ef3 📦 epicurus: standalone tailscale / update IP 2025-01-12 17:20:30 -05:00
James Walker
c2ffa8c929 📦 switch to tailscale standalone 
(I didn't realize it's the recommended macOS install method)
 2025-01-08 22:32:54 -05:00
James Walker
a5238adc25 📦 loving ghostty 2025-01-07 21:39:57 -05:00
James Walker
c9f76587b3 📦 asdf from homebrew 2025-01-03 21:58:47 -05:00
James Walker
8fc9873beb 📦 cursor bandwagon? 2024-12-20 20:12:13 -05:00
James Walker
6b0c1057eb ⬆️ version bump 2024-12-09 21:06:16 -05:00
James Walker
a53ad5a5ae 🎨 move to nixfmt-rfc-style 2024-12-07 20:46:15 -05:00
James Walker
9ea7912596 🐛 fix TLS error in chezmoi update 2024-11-30 19:30:57 -05:00
James Walker
39a6c16cea ⬆️ version bump 2024-11-27 16:50:04 -05:00
James Walker
1b059d60a2 ⬆️ version bump 2024-11-24 14:44:53 -05:00
James Walker
2f90fe4b5e 🔧 chezmoi update 2024-11-21 18:48:25 -05:00
James Walker
be94d1a35a 📦 package updates 2024-11-15 16:57:44 -05:00
James Walker
365872d879 ⬆️ version bump 2024-11-10 17:30:41 -05:00
James Walker
56a6133b36 ⬆️ version bump 2024-11-04 22:29:44 -06:00
James Walker
9ef3beccb8 📦 add watchman 2024-11-02 17:43:01 -04:00
James Walker
a23f972a35 ⬆️ version bump 2024-11-01 17:47:57 -04:00
James Walker
4012f8229c 🔥 matrix-sliding-sync is no more 2024-10-23 14:57:45 -04:00
James Walker
adf5861cf9 ⬆️ version bump 2024-10-22 22:09:49 -04:00
James Walker
ea5496e870 ♻️ move terraform code start adding dns 2024-10-17 11:24:13 -04:00
James Walker
73a52e35d0 ⬆️ version bump 2024-10-17 00:14:42 -04:00
James Walker
1ce8c86b0d 🚀 reinstate system.autoUpgrade 2024-10-14 14:27:09 -04:00
James Walker
578d029c1a 🔥 remove linux-builder (for now) 2024-10-04 16:53:06 -04:00
James Walker
732720117d 🐛 don't always init chezmoi 2024-10-03 21:46:45 -04:00
James Walker
d9b0c54edc 🐛 aristotle: fix kernel build 2024-10-01 13:34:13 -04:00
James Walker
5c489491ad 🔧 move tofu configs 2024-09-26 15:30:46 -04:00
James Walker
398b1e7470 📦 package shuffling 2024-09-25 13:29:05 -04:00
James Walker
46685f03d7 aristotle: fan configs 2024-09-24 10:50:32 -04:00
James Walker
49d2768cfe 📦 moving to brews for macOS 2024-09-18 21:29:09 -04:00
James Walker
d3bd7ef416 🔧 aristotle: rebuild agent 2024-09-15 21:28:49 -04:00
James Walker
6d38e964e3 🔧 aristotle: move to raspberry-pi-nix 
also re-deployed form, matter and purpose
 2024-09-15 20:35:46 -04:00
James Walker
8b57a7580a 🐛 fix chezmoi deploy 2024-09-15 13:06:52 -04:00
James Walker
d9173abb79 ♻️ refactor home-manager / dotfiles to use chezmoi 2024-09-14 18:12:01 -04:00
James Walker
6321f08230 ⬆️ version bump 2024-09-11 12:41:33 -04:00
James Walker
06ddc96680 ♻️ consolidate nix configs 2024-09-02 10:47:02 -04:00
James Walker
49884d40e5 ⬆️ version bump 2024-08-31 12:24:46 -04:00
James Walker
70cd5624a5 🔧 ups config change 2024-08-27 17:58:52 -04:00
James Walker
12a0213098 🔥 remove homestar 2024-08-25 13:42:38 -04:00
James Walker
e49bed2b6d 🚚 logi-options rename 2024-08-24 16:01:27 -04:00
James Walker
6e31fa5c55 ⬆️ version bump 2024-08-21 20:18:40 -04:00
James Walker
68f137dd4f 📦 adding packages 2024-08-20 10:47:48 -04:00
James Walker
965f8de5db 🔥 no more lorri 2024-08-19 20:04:21 -04:00
James Walker
e747d2f5be 📦️ package tweaks 2024-08-08 19:26:46 -04:00
James Walker
61e13e4932 ⬆️ version bump 2024-08-05 15:00:42 -04:00
James Walker
9dd174a224 🔧 switch from nil to nixd 2024-08-02 13:27:23 -04:00
James Walker
37713225ba ⬆️ version bump 2024-07-29 11:50:26 -04:00
James Walker
5448135da4 ⬆️ version bump 2024-07-21 16:31:00 -04:00
James Walker
1e39527f5e add badbits deny for ipfs gateway 2024-07-19 14:26:53 -04:00
James Walker
ac19b5ab7b ⬆️ version bump 2024-07-18 17:23:47 -04:00
James Walker
8be7f73e87 🐛 switch to homebrew doppler 2024-07-14 13:04:44 -04:00
James Walker
fed866990c 🚑 minecraft: fix nat forwarding 2024-07-12 15:09:14 -04:00
James Walker
fe3911ab2c 📦 k8s tools 2024-07-04 10:38:59 -04:00
James Walker
e58507d809 🚚 firefox developer edition cask moved 2024-07-02 10:02:41 -04:00
James Walker
0ede09f95c ⬆ version bump 2024-06-24 15:57:26 -04:00
James Walker
cc4d60cbac ⬆️ version bump 2024-06-21 10:52:48 -04:00
James Walker
a836a0a66b 📦 add some dev tools 2024-06-18 21:50:22 -04:00
James Walker
aabadd52f0 ⬆️ version bump 2024-06-14 14:39:26 -04:00
James Walker
07a489b471 🔥 more app cleanup 2024-06-10 12:29:42 -04:00
James Walker
2a4cb54402 🔥 remove bartender 2024-06-06 15:44:31 -04:00
James Walker
6f104b10da ⬆️ version bump 2024-06-03 22:39:04 -04:00
James Walker
6ea9e35c72 ⬆️ version bump 2024-05-25 22:53:28 -04:00
James Walker
e5f6ff3f12 ⬆️ version bump 2024-05-21 21:49:56 -04:00
James Walker
3fc2cae03f ⬆️ version bump 2024-05-18 18:26:57 -04:00
James Walker
e22164ab91 ⬆️ version bump 2024-05-13 17:10:30 -04:00
James Walker
177f4c6393 🔥 not using ipfs desktop anymore 2024-05-06 17:29:22 -04:00
James Walker
f641c69942 📦 package updates 2024-04-25 16:45:05 -04:00
James Walker
c1d0e6a267 ⬆️ version bump 2024-04-22 13:14:35 -04:00
James Walker
558d182465 ⬆️ version bump 2024-04-11 11:54:11 -04:00
James Walker
d451d34500 ⬆️ version bump 2024-04-09 13:00:57 -04:00
James Walker
b31ec0d4f7 ⬆️ version bump 2024-04-08 13:46:54 -04:00
James Walker
0055ce56a4 ⬆️ version bump 2024-04-06 15:00:59 -04:00
James Walker
b994cb6c73 ⬆️ version bump 2024-04-04 21:25:02 -04:00
James Walker
c5e8d3896b 👽️ deploy-rs overlay update 2024-03-30 13:43:43 -04:00
James Walker
a07a205143 ⬆️ bump versions 2024-03-28 15:49:32 -04:00
James Walker
1a7a9fce77 🔧 plato: update homestar peerID 2024-03-18 22:05:23 -04:00
James Walker
c3e9fd6714 ⬆️version bump 2024-03-16 11:14:56 -04:00
James Walker
68614a06e6 🔒️ plato: fixed homestar key 2024-03-15 10:45:46 -04:00
James Walker
d5fea83d5f 🗑️ plato: clean up deprecated option 2024-03-10 11:15:59 -04:00
James Walker
5aa4b923f1 ⬆ version bump 2024-03-05 23:18:14 -05:00
James Walker
e05ac089ed ⬆ version bump 2024-03-02 13:56:38 -05:00
James Walker
765df12592 🔧 homestar node 2024-02-29 19:01:40 -05:00
James Walker
074e771c3a 🔧 give linux-builder more resources 2024-02-29 16:09:02 -05:00
James Walker
4ed771304c 🔥 aristotle: remove homestar 
the aarch64-linux build is really slow :(
 2024-02-29 16:08:01 -05:00
James Walker
b574218035 📦️ add some dev tools 2024-02-27 18:28:22 -05:00
James Walker
79c2cdd6b0 🐛 whoops 2024-02-23 15:29:42 -05:00
James Walker
ae1760ffd8 aristotle: add homestar 2024-02-23 15:04:24 -05:00
James Walker
4026caccae ⬆️ bump versions 2024-02-18 12:17:17 -05:00
James Walker
f7e0ac3cbb ♻️ refactor some monitoring configs 2024-02-17 22:12:24 -05:00
James Walker
15d95e6208 🔥 clean up duplicate rpi configs 2024-02-17 13:25:00 -05:00
James Walker
c9692d70eb add homestar 2024-02-16 11:50:50 -05:00
James Walker
d8f19c487a ⬆️ version bump 2024-02-11 17:39:01 -05:00
James Walker
b38511486c ⬆️ version bump 2024-01-28 12:24:32 -05:00
James Walker
d87221ed37 ️ use deploy-rs from nixpkgs 2024-01-26 17:00:00 -05:00
James Walker
aa4ed46e50 ⬆️ version bump 2024-01-19 13:28:06 -05:00
James Walker
8ada774d89 📦️ use emacs-macport 2024-01-17 22:34:11 -05:00
James Walker
23a5e21b71 ⬆️ version bump 2024-01-10 11:11:25 -05:00
James Walker
f59ff2b383 ⬆️ version bump 2024-01-08 18:46:00 -05:00
James Walker
a3de6659c1 🔧 matrix-sliding-sync settings update 2024-01-01 17:22:30 -05:00
James Walker
954abfd1f2 ⬆️ version bump 2023-12-26 09:54:53 -05:00
James Walker
7b21bc7e91 ⬆️ version bump 2023-12-22 11:45:07 -05:00
James Walker
a44af04160 🔧 aristotle: set timeZone 2023-12-20 11:10:46 -05:00
James Walker
74fbd0a385 ⬆️ version bump 2023-12-19 14:09:56 -05:00
James Walker
ef401a4e4c use system.autoUpgrade for nixos machines 
also add garnix.io cache

Closes #18
 2023-12-15 22:28:14 -05:00
James Walker
f85ef16b42 📦️ rework some base packages 2023-12-12 18:59:06 -05:00
James Walker
94d559c4f4 🔨 pg upgrade script 2023-12-11 16:59:00 -05:00
James Walker
a38118b191 new power.ups configs 2023-12-10 14:53:55 -05:00
James Walker
4c3c44f052 🔧 update postgres permissions 2023-11-27 12:14:54 -05:00
James Walker
c39bbfd5fc ⬆️ bump versions 2023-11-04 13:25:46 -04:00
James Walker
3659087618 📦 package updates 2023-10-20 16:27:29 -04:00
James Walker
63399e4f36 🔥 stick with emacs-nox 2023-10-13 21:40:18 -04:00
James Walker
2b6d30de6e 🏗️ switch to opentofu 2023-10-10 19:27:29 -04:00
James Walker
e7766c9b8d 🔧 tweak borgbase repo 2023-09-30 13:29:52 -04:00
James Walker
e8d834dff2 📦 opal now in homebrew 2023-09-22 10:51:42 -04:00
James Walker
98f3460c5f 🔧 mount samba as user 2023-09-15 22:20:24 -04:00
James Walker
01ee84e69e 📦 package cleanup 2023-09-15 22:20:05 -04:00
James Walker
9ec3ddde1f ⚰️ remove old darwin-local script 2023-09-12 17:01:59 -04:00
James Walker
ba4eaf1d2e 🏗️ no more nfs (smb for parthenon) 2023-09-10 16:16:14 -04:00
James Walker
4066c2b6a9 🚨 statix updates 2023-09-10 14:27:05 -04:00
James Walker
ccdea6b752 ⬆️ bump versions 2023-09-09 14:34:13 -04:00
James Walker
00b0360e0c ⬆️ bump versions 2023-09-02 12:39:29 -04:00
James Walker
e66a4b9a37 playing with terraform 2023-08-20 13:06:05 -04:00
James Walker
6198ed9d59 📦 fewer global tools - more shells 2023-08-20 13:05:50 -04:00
James Walker
475792286d 🔧 ipfs config tweaks 2023-07-27 16:24:11 -04:00
James Walker
19a01e278e ♻️ config refactor cleanup 2023-07-27 15:51:15 -04:00
James Walker
d4b4ba1d1e ♻️ refactor layout, simplify flake.nix 2023-07-27 15:22:16 -04:00
James Walker
74296f8b9b ⚰️ remove pulumi 2023-07-26 15:01:14 -04:00
James Walker
e1871a2030 📦️ package updates - emacs29, nil, etc 2023-07-25 12:26:13 -04:00
James Walker
5f668bee6d 🐛 darwin.linux-builder is fixed 2023-07-25 12:24:03 -04:00
James Walker
71395424ee 🗑️ remove deprecated homebrew tap 2023-07-21 12:48:59 -04:00
James Walker
17a779f5f9 matrix-sliding-sync - new module upstream 2023-07-21 12:48:23 -04:00
James Walker
402bddec5d 🐛 aristotle: enable poe-hat support 2023-07-17 17:01:34 -04:00
James Walker
883e1e634d 🐛 darwin.linux-builder is broken :( 2023-07-17 14:41:12 -04:00
James Walker
9f80c55ace add pre-commit-hooks 2023-07-14 18:53:25 -04:00
James Walker
4decbc5f3c add matrix-sliding-sync 
Close #17
 2023-07-09 19:58:59 -04:00
James Walker
74e75de168 🐛 aristotle: fix bootloader config 2023-07-09 19:58:27 -04:00
James Walker
7c92880612 🗑️ boot.loader.raspberryPi deprecated 2023-07-09 13:56:52 -04:00
James Walker
aee94aef3a nix-darwin now includes linux-builder 2023-07-09 13:56:26 -04:00
87 changed files with 914976 additions and 3228 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -2,3 +2,6 @@
/result /result
/.pre-commit-config.yaml /.pre-commit-config.yaml
/node_modules/ /node_modules/
.terraform
*.tfvars
*.tfstate*

8
.sops.yaml
View File

@@ -1,10 +1,10 @@
keys: keys:
- &walkah age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j - &walkah age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
- &plato age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh - &plato age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
- &agent age1vc8svd5277rjkgzg7frf04uaa45w3crhfvg628rqyrqmxul3q9nsjz6yxk - &agent age1pn2hnqvgt7rvfglxddlj3jwrm79rvmutmexkpxv4frdnznlel33qvfy6u5
- &form age1ulmzprdmcd8r0w47a0nrrlg8melkjk6evl2rc54yh6lxkcfas36q6wrsv9 - &form age1mnrl9u8vpdjncge33pg7quakl0qdf5dlfgch87jhrs0wrvup4s0s5xh7ly
- &matter age1lfjkch3pqaq3uwmjxyucpm2tws6llxqqjglj4yn49jkwkf50xvmqrl974e - &matter age1tt0gwcm03zmpelerpph49knn8f6t8z7aq9una2qys76kf4rwxpnquxkvz3
- &purpose age1jnf94uq5ap96vk7nfk3qkr38ylhletc6pskj0ypc470d7gmt0qeqskdy5z - &purpose age1px55dk5n3whfdyshzyxqmyjvqdmv9au6myx6w67jw3cqp9sdx9rsa6xep9
- &socrates age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz - &socrates age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.yaml$ - path_regex: secrets/[^/]+\.yaml$

3
Pulumi.dev.yaml
View File

@@ -1,3 +0,0 @@
config:
digitalocean:token:
secure: AAABAAVsdUUt74fFhXPNy+qr0l0Ciku2PfjJY43XTfWG3YlseqFUGW3RmpGPk6CyXtkyQu321goZlaoLISy+75t/1tmKzdPzew5N46WfLybPAe7mANOCukPybLqhfKnJxQSgDfvQjw==

3
Pulumi.yaml
View File

@@ -1,3 +0,0 @@
name: athens
runtime: nodejs
description: city state in the cloud

3
default.nix
View File

@@ -10,4 +10,5 @@
) )
{ {
src = ./.; src = ./.;
}).defaultNix }
).defaultNix

492
flake.lock generated
View File

@@ -7,76 +7,28 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1688145780, "lastModified": 1760721282,
"narHash": "sha256-dNUINvO7qM7fItWSeqL2nE/F3IHCGZEeERMkm1i4pP4=", "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=",
"owner": "lnl7", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43587cdb726f73b962f12028055520dbd1d7233f", "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "lnl7", "owner": "nix-darwin",
"ref": "master", "ref": "master",
"repo": "nix-darwin", "repo": "nix-darwin",
"type": "github" "type": "github"
} }
}, },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"dotfiles": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1676918308,
"narHash": "sha256-KMh5uMk43TMkB0MMzwwBIIYU7PNbi3glzBEvrayV9ss=",
"owner": "walkah",
"repo": "dotfiles",
"rev": "65e0539591df9939c2c1aba34d70d6d7d52c79ea",
"type": "github"
},
"original": {
"owner": "walkah",
"repo": "dotfiles",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1747046372,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -88,11 +40,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1747046372,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -101,68 +53,39 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": { "gitignore": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1687709756, "lastModified": 1709087332,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "numtide", "owner": "hercules-ci",
"repo": "flake-utils", "repo": "gitignore.nix",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "hercules-ci",
"repo": "flake-utils", "repo": "gitignore.nix",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1688220547, "lastModified": 1760887455,
"narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=", "narHash": "sha256-/xU8iYZjolWbMUNBQF6af5zgGs73Qw21WMgz1tLs3Yw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b", "rev": "aeabc1ac63e6ebb8ba4714c4abdfe0556f2de765",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -171,13 +94,47 @@
"type": "github" "type": "github"
} }
}, },
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1725630279,
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1724944683,
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.7",
"repo": "libpisp",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1687654967, "lastModified": 1736643958,
"narHash": "sha256-ki8vItcjn8Z8n+QD9NEoCQbbbG7VzWy71hyOkFFwCkM=", "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "b3ec8fb525fc0c8f08eff5ef93c684b4c6d0e777", "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -194,11 +151,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1688003049, "lastModified": 1751903740,
"narHash": "sha256-5oSxbv8OVSg2dOvycJ9eisacxF8e52N0PVUFryWWJmE=", "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "bde0bc291c95b710dd63d5e5c422e47f760a1406", "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -207,61 +164,13 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": {
"locked": {
"lastModified": 1686838567,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1686960236, "lastModified": 1760872779,
"narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", "narHash": "sha256-c5C907Raf9eY8f1NUXYeju9aUDlm227s/V0OptEbypA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "04af42f3b31dba0ef742d254456dc4c14eedac86",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1687031877,
"narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99", "rev": "63bdb5d90fa2fa11c42f9716ad1e23565613b07c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1688188316,
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -271,34 +180,215 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1736061677,
"narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760663237,
"narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": "nixpkgs_2",
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src",
"rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src",
"rpi-linux-stable-src": "rpi-linux-stable-src",
"rpicam-apps-src": "rpicam-apps-src"
},
"locked": {
"lastModified": 1742223591,
"narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "3e8100d5e976a6a2be363015cb33463af9ef441a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"deploy-rs": "deploy-rs", "flake-compat": "flake-compat",
"dotfiles": "dotfiles",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2", "pre-commit-hooks": "pre-commit-hooks",
"raspberry-pi-nix": "raspberry-pi-nix",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"workon": "workon" "systems": "systems"
}
},
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1723266537,
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1728405098,
"narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20241008",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_12_17-src": {
"flake": false,
"locked": {
"lastModified": 1740765145,
"narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.12.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_78-src": {
"flake": false,
"locked": {
"lastModified": 1740503700,
"narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "2e071057fded90e789c0101498e45a1778be93fe",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.6.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-stable-src": {
"flake": false,
"locked": {
"lastModified": 1728403745,
"narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "stable_20241008",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1727515047,
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.2",
"repo": "rpicam-apps",
"type": "github"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1687398569, "lastModified": 1760845571,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=", "narHash": "sha256-PwGzU3EOU65Ef1VvuNnVLie+l+P0g/fzf/PGUG82KbM=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192", "rev": "9c9a9798be331ed3f4b2902933d7677d0659ee61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -321,58 +411,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"workon": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1686189967,
"narHash": "sha256-MKEIclafqC6oXxaP+w0zDtdVEmW3WCPgHzhnLyt7ijU=",
"owner": "walkah",
"repo": "workon",
"rev": "ea4766fa8dc5219804ebbdb6df411586fba402e9",
"type": "github"
},
"original": {
"owner": "walkah",
"repo": "workon",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

245
flake.nix
View File

@@ -3,17 +3,16 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; systems.url = "github:nix-systems/default";
home-manager.url = "github:nix-community/home-manager"; raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
flake-utils.url = "github:numtide/flake-utils";
deploy-rs = { darwin = {
url = "github:serokell/deploy-rs"; url = "github:nix-darwin/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
darwin = { home-manager = {
url = "github:lnl7/nix-darwin/master"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -22,215 +21,65 @@
flake = false; flake = false;
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pre-commit-hooks = {
# My stuff url = "github:cachix/git-hooks.nix";
dotfiles = {
url = "github:walkah/dotfiles";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
inputs.flake-utils.follows = "flake-utils";
}; };
workon = { sops-nix = {
url = "github:walkah/workon"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = outputs =
{ self {
, nixpkgs self,
, deploy-rs nixpkgs,
, darwin pre-commit-hooks,
, flake-utils systems,
, nixos-generators ...
, home-manager
, dotfiles
, workon
, ...
}@inputs: }@inputs:
let let
overlays = [ forAllSystems =
(self: _super: { fn: nixpkgs.lib.genAttrs (import systems) (system: fn system nixpkgs.legacyPackages.${system});
workon = workon.packages.${self.system}.default;
})
];
mkSystem = hostName: system: modules:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
home-manager.nixosModules.home-manager
(_: {
networking.hostName = hostName;
nixpkgs.overlays = overlays;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
})
] ++ modules;
specialArgs = inputs;
};
mkDarwin = hostName: system: modules:
darwin.lib.darwinSystem {
inherit system;
modules = [
home-manager.darwinModules.home-manager
(_: {
networking.hostName = hostName;
nixpkgs.overlays = overlays;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
})
] ++ modules;
specialArgs = inputs;
};
in in
flake-utils.lib.eachDefaultSystem {
(system: checks = forAllSystems (
let system: pkgs:
pkgs = nixpkgs.legacyPackages.${system}; import ./nix/checks.nix {
darwin-local = pkgs.writeScriptBin "darwin-local" '' inherit
#!${pkgs.stdenv.shell} self
nix build .#darwinConfigurations.$(hostname -s).system pkgs
./result/sw/bin/darwin-rebuild switch --flake . pre-commit-hooks
''; system
;
}
);
devShells = forAllSystems (system: pkgs: import ./nix/shells.nix { inherit self pkgs system; });
formatter = forAllSystems (_: pkgs: pkgs.nixfmt-tree);
}
// {
hosts = import ./nix/hosts.nix;
overlays.default = nixpkgs.lib.composeManyExtensions [ ];
in darwinConfigurations = import ./nix/darwin.nix inputs;
{ nixosConfigurations = import ./nix/nixos.nix inputs;
packages = { nixConfig = {
digitalocean = nixos-generators.nixosGenerate { extra-substituters = [
system = "x86_64-linux"; "https://walkah.cachix.org"
format = "do"; "https://nix-community.cachix.org"
modules = [ ];
./modules/base extra-trusted-public-keys = [
./users "walkah.cachix.org-1:D8cO78JoJC6UPV1ZMgd1V5znpk3jNUERGIeAKN15hxo="
]; "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
}; ];
};
devShells.default = pkgs.mkShell {
name = "athens";
buildInputs = [ darwin-local deploy-rs.packages.${system}.deploy-rs pkgs.nixpkgs-fmt pkgs.rnix-lsp pkgs.sops ];
};
formatter = pkgs.nixpkgs-fmt;
}) // {
nixosConfigurations = {
# Aristotle
agent = mkSystem "agent" "aarch64-linux" [ ./hosts/aristotle/configuration.nix ];
form = mkSystem "form" "aarch64-linux" [ ./hosts/aristotle/configuration.nix ];
matter = mkSystem "matter" "aarch64-linux" [ ./hosts/aristotle/configuration.nix ];
purpose = mkSystem "purpose" "aarch64-linux" [ ./hosts/aristotle/configuration.nix ];
plato = mkSystem "plato" "x86_64-linux" [ ./hosts/plato/configuration.nix ];
socrates = mkSystem "socrates" "x86_64-linux" [ ./hosts/socrates/configuration.nix ];
};
darwinConfigurations = {
epicurus = mkDarwin "epicurus" "aarch64-darwin" [ ./hosts/epicurus/darwin-configuration.nix ];
heraclitus = mkDarwin "heraclitus" "aarch64-darwin" [ ./hosts/heraclitus/darwin-configuration.nix ];
};
homeConfigurations = {
"walkah@epicurus" = dotfiles.homeConfigurations.aarch64-darwin.walkah;
"walkah@heraclitus" = dotfiles.homeConfigurations.aarch64-darwin.walkah;
};
deploy.nodes = {
agent = {
hostname = "agent";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.agent;
};
};
form = {
hostname = "form";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.form;
};
};
matter = {
hostname = "matter";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.matter;
};
};
purpose = {
hostname = "purpose";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.purpose;
};
};
plato = {
hostname = "plato";
profiles = {
system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.plato;
};
walkah = {
user = "walkah";
path = deploy-rs.lib.x86_64-linux.activate.home-manager
dotfiles.homeConfigurations.x86_64-linux.walkah;
};
};
};
socrates = {
hostname = "socrates";
profiles = {
system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.socrates;
};
walkah = {
user = "walkah";
path = deploy-rs.lib.x86_64-linux.activate.home-manager
dotfiles.homeConfigurations.x86_64-linux.walkah;
};
};
};
epicurus = {
hostname = "epicurus";
profiles = {
system = {
user = "root";
path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.epicurus;
};
walkah = {
user = "walkah";
path = deploy-rs.lib.aarch64-darwin.activate.home-manager dotfiles.homeConfigurations.aarch64-darwin.walkah;
};
};
};
}; };
}; };
} }

61
hosts/aristotle/configuration.nix
View File

@@ -1,61 +0,0 @@
{ pkgs, nixos-hardware, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
nixos-hardware.nixosModules.raspberry-pi-4
../../modules/base
../../modules/ipfs/cluster.nix
../../modules/sops
];
nixpkgs.overlays = [ (import ../../overlays) ];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = false;
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.loader.raspberryPi = {
enable = true;
version = 4;
};
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = true;
networking.firewall.enable = false;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
];
environment.systemPackages = with pkgs; [ libraspberrypi ];
services = {
prometheus = {
enable = true;
port = 9090;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
openFirewall = true;
port = 9100;
};
};
};
tailscale = { enable = true; };
};
}

27
hosts/epicurus/darwin-configuration.nix
View File

@@ -1,27 +0,0 @@
{ pkgs, ... }:
{
imports = [
./homebrew.nix
../../modules/base/darwin.nix
../../modules/builder
../../modules/dev
];
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [ emacs-nox ];
# Use a custom configuration.nix location.
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
services.lorri.enable = true;
users.users.walkah.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
];
}

31
hosts/heraclitus/darwin-configuration.nix
View File

@@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./homebrew.nix
../../modules/base/darwin.nix
../../modules/dev
../../modules/builder
];
nixpkgs.config.allowBroken = true;
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# environment.systemPackages = with pkgs; [ emacs ];
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
services.lorri.enable = true;
services.ipfs.enable = true;
system = {
defaults = {
dock = {
autohide = true;
orientation = "left";
};
};
};
}

69
hosts/heraclitus/homebrew.nix
View File

@@ -1,69 +0,0 @@
_:
{
homebrew = {
taps = [
"homebrew/cask"
"homebrew/cask-drivers"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
"1password/tap"
];
brews = [ "coreutils" "fontconfig" ];
casks = [
"1password"
"1password-cli"
"android-studio"
"bartender"
"beeper"
"brave-browser"
"bunch"
"calibre"
"discord"
"docker"
"element"
"fantastical"
"figma"
"firefox"
"firefox-developer-edition"
"font-jetbrains-mono"
"font-jetbrains-mono-nerd-font"
"google-chrome"
"gpg-suite"
"hazel"
"iterm2"
"logi-options-plus"
"logseq"
"loom"
"microsoft-edge"
"minecraft"
"obsidian"
"plexamp"
"raycast"
"slack"
"sonos"
"spotify"
"stats"
"steam"
"syncthing"
"synology-drive"
"todoist"
"unity-hub"
"visual-studio-code"
"zoom"
];
masApps = {
OnePasswordSafari = 1569813296;
Bumpr = 1166066070;
DayOne = 1055511498;
Drafts = 1435957248;
HomeAssistant = 1099568401;
Tailscale = 1475387142;
Xcode = 497799835;
};
};
}

174
hosts/plato/configuration.nix
View File

@@ -1,174 +0,0 @@
{ config, pkgs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../users
../../modules/base
../../modules/coredns
../../modules/drone
../../modules/drone/runner-docker.nix
../../modules/gitea
../../modules/matrix
../../modules/minecraft
../../modules/postgresql
../../modules/sops
../../modules/traefik
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ (import ../../overlays) ];
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# Set your time zone.
time.timeZone = "America/Toronto";
networking.hostName = "plato"; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.enp10s0.useDHCP = true;
networking.interfaces.enp9s0.useDHCP = true;
security.sudo.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
];
system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ pinentry weechat ];
fileSystems."/mnt/downloads" = {
device = "192.168.6.100:/volume1/Downloads";
fsType = "nfs";
};
fileSystems."/mnt/music" = {
device = "192.168.6.100:/volume1/Music";
fsType = "nfs";
};
fileSystems."/mnt/video" = {
device = "192.168.6.100:/volume1/Video";
fsType = "nfs";
};
power.ups = {
enable = true;
mode = "standalone";
ups."cyberpower" = {
description = "Cyberpower EC650LCD";
driver = "usbhid-ups";
port = "auto";
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
walkah.coredns = { enable = true; };
services = {
borgbackup.jobs."borgbase" = {
paths = [
"/var/lib"
"/var/backup"
];
exclude = [
# very large paths
"/var/lib/docker"
"/var/lib/postgresql"
"/var/lib/systemd"
];
repo = "qxflzs92@qxflzs92.repo.borgbase.com:repo";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
compression = "auto,lzma";
startAt = "daily";
};
grafana = {
enable = true;
settings = {
server = {
domain = "plato.walkah.lab";
http_port = 2342;
http_addr = "0.0.0.0";
};
};
};
prometheus = {
enable = true;
port = 9090;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9100;
};
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [
"plato:9100"
"agent:9100"
"form:9100"
"matter:9100"
"purpose:9100"
"socrates:9100"
];
}];
}
{
job_name = "coredns";
static_configs = [{ targets = [ "plato:9153" ]; }];
}
{
job_name = "ipfs";
metrics_path = "/debug/metrics/prometheus";
static_configs = [{
targets = [ "agent:5001" "form:5001" "matter:5001" "purpose:5001" ];
}];
}
];
};
};
}

17
index.ts
View File

@@ -1,17 +0,0 @@
import * as digitalocean from "@pulumi/digitalocean";
const socrates = new digitalocean.Droplet("socrates", {
backups: true,
image: "72067660",
ipv6: true,
monitoring: true,
name: "socrates",
privateNetworking: true,
region: digitalocean.Region.TOR1,
size: digitalocean.DropletSlug.DropletS8VCPU16GB,
vpcUuid: "392caea6-dc7f-11e8-b1a9-3cfdfea9ee58",
}, {
protect: true,
});
export const socratesIP = socrates.ipv4Address;

29
modules/base/default.nix
View File

@@ -1,29 +0,0 @@
{ pkgs, ... }: {
imports = [ ./common.nix ];
environment.systemPackages = with pkgs; [
inetutils
vim
];
nix = {
gc = {
persistent = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "walkah" ];
};
};
programs = {
mosh.enable = true;
};
system.stateVersion = "23.05";
}

61
modules/builder/default.nix
View File

@@ -1,61 +0,0 @@
{ config, nixpkgs, pkgs, ... }:
let
dataDir = "/var/lib/darwin-builder";
port = 33022;
darwin-builder = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
"${nixpkgs}/nixos/modules/profiles/macos-builder.nix"
{
system.nixos.revision = nixpkgs.lib.mkForce null;
virtualisation.host.pkgs = pkgs;
virtualisation.darwin-builder.hostPort = port;
virtualisation.darwin-builder.workingDirectory = dataDir;
}
];
};
in
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "builder";
systems = [ "aarch64-linux" ];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
}
{
hostName = "plato";
systems = [ "x86_64-linux" ];
maxJobs = 6;
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
}
];
nix.settings.builders-use-substitutes = true;
# We can't/want to edit /var/root/.ssh/config so instead we create the config at another location and tell ssh to use that instead by modifying NIX_SSHOPTS
environment.etc."nix/ssh_config".text = ''
Host builder
User builder
HostName 127.0.0.1
Port ${toString port}
IdentityFile ${dataDir}/keys/builder_ed25519
Host plato
IdentityFile /var/root/.ssh/id_plato
'';
# Tell nix-daemon to use our custom SSH config
nix.envVars = { NIX_SSHOPTS = "-F /etc/nix/ssh_config"; };
launchd.daemons.darwin-builder = {
command = "${darwin-builder.config.system.build.macos-builder-installer}/bin/create-builder";
serviceConfig = {
KeepAlive = true;
RunAtLoad = true;
StandardOutPath = "/var/log/darwin-builder.log";
StandardErrorPath = "/var/log/darwin-builder.log";
};
};
}

42
modules/dev/default.nix
View File

@@ -1,42 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
emacs
# Cloud
awscli2
pulumi-bin
# Elixir
elixir
elixir_ls
# Git / CI
drone-cli
mr
tea
# Golang
go
gopls
# Nix
cachix
niv
nixfmt
nixpkgs-fmt
rnix-lsp
# Node/JS
deno
nodejs
yarn
# Rust
rustup
# My stuff
workon
];
}

62
modules/ipfs/gateway.nix
View File

@@ -1,62 +0,0 @@
{ pkgs, ... }:
let
peers = [
{
ID = "12D3KooWMQSgdfa4tUrDhkFx4zP3ZpgT1ryj9KH5RGUae62Vsc7y";
Addrs = [ "/ip4/100.95.167.126/tcp/4001" ];
}
{
ID = "12D3KooWMqSiDukubKNKrK7J4PaF3mfNnZFVAd3Lh7qj3Y3e5bcN";
Addrs = [ "/ip4/100.87.220.71/tcp/4001" ];
}
{
ID = "12D3KooWGmNRyqP969QbyP8NLVRZNK2i6yCcP6N6N2r2DCG4H34v";
Addrs = [ "/ip4/100.126.255.109/tcp/4001" ];
}
{
ID = "12D3KooWFkR8nsG5pzffoAfMzmwBcSakXxnogVa6inRxUbpfN5ua";
Addrs = [ "/ip4/100.74.59.80/tcp/4001" ];
}
];
in
{
imports = [ ./default.nix ];
environment.systemPackages = with pkgs; [ ipfs-migrator ];
networking.firewall = {
allowedTCPPorts = [ 4001 ];
allowedUDPPorts = [ 4001 ];
};
services = {
kubo = {
enable = true;
settings = {
Peering = { Peers = peers; };
Swarm = { AddrFilters = null; };
};
};
nginx = {
# IPFS Gateway
virtualHosts."walkah.cloud" = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
};
# Hosted Sites
virtualHosts."walkah.net" = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
serverAliases = [
"www.walkah.net"
];
};
};
};
}

39
modules/matrix/nginx.nix
View File

@@ -1,39 +0,0 @@
{ pkgs, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"matrix.walkah.chat" = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://100.111.208.75:8008"; };
};
"walkah.chat" = {
forceSSL = true;
enableACME = true;
locations."= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "matrix.walkah.chat:443"; };
in
''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
};
in
''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/" = { root = pkgs.element-web; };
};
};
};
}

14
modules/minecraft/proxy.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
let
dest_ip = "100.111.208.75";
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.allowedTCPPorts = [ 25565 ];
networking.firewall.extraCommands = ''
IPTABLES=${pkgs.iptables}/bin/iptables
"$IPTABLES" -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination ${dest_ip}:25565
"$IPTABLES" -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
'';
}

39
modules/postgresql/default.nix
View File

@@ -1,39 +0,0 @@
{ pkgs, config, ... }: {
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_14;
};
postgresqlBackup = {
enable = true;
};
};
# Postgres upgrades: https://nixos.org/manual/nixos/stable/index.html#module-services-postgres-upgrading
environment.systemPackages = [
(pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
# XXX replace `<new version>` with the psqlSchema here
export NEWDATA="/var/lib/postgresql/14"
# XXX specify the postgresql package you'd like to upgrade to
export NEWBIN="${pkgs.postgresql_14}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

51
modules/traefik/default.nix
View File

@@ -1,51 +0,0 @@
{ config, ... }:
{
services.traefik = {
enable = true;
group = "docker";
environmentFiles = [
config.sops.secrets.traefik.path
];
staticConfigOptions = {
api = {
dashboard = true;
insecure = true;
};
certificatesResolvers = {
myresolver = {
acme = {
email = "walkah@walkah.net";
storage = "/var/lib/traefik/acme.json";
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
entryPoints = {
web = {
address = ":80";
http = {
redirections = {
entryPoint = {
to = "websecure";
scheme = "https";
};
};
};
};
websecure = {
address = ":443";
};
};
providers = {
docker = { };
};
};
};
sops.secrets.traefik = {
owner = "traefik";
};
}

15
nix/checks.nix Normal file
View File

@@ -0,0 +1,15 @@
{
system,
pre-commit-hooks,
...
}:
{
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
deadnix.enable = true;
nixfmt-rfc-style.enable = true;
statix.enable = true;
};
};
}

29
nix/darwin.nix Normal file
View File

@@ -0,0 +1,29 @@
{
self,
darwin,
home-manager,
...
}:
let
mkDarwin =
hostName: modules:
let
hostSystem = self.hosts.${hostName}.system;
in
darwin.lib.darwinSystem {
system = hostSystem;
modules = [
home-manager.darwinModules.home-manager
(_: {
networking.hostName = hostName;
nixpkgs.overlays = [ self.overlays.default ];
})
]
++ modules;
specialArgs = { inherit home-manager; };
};
in
{
epicurus = mkDarwin "epicurus" [ ./hosts/epicurus/darwin-configuration.nix ];
heraclitus = mkDarwin "heraclitus" [ ./hosts/heraclitus/darwin-configuration.nix ];
}

49
nix/hosts.nix Normal file
View File

@@ -0,0 +1,49 @@
{
socrates = {
type = "nixos";
address = "100.103.57.96";
system = "x86_64-linux";
sshUser = "walkah";
};
plato = {
type = "nixos";
address = "100.111.208.75";
system = "x86_64-linux";
sshUser = "walkah";
};
agent = {
type = "nixos";
address = "100.103.219.26";
system = "aarch64-linux";
sshUser = "root";
};
form = {
type = "nixos";
address = "100.104.247.27";
system = "aarch64-linux";
sshUser = "root";
};
matter = {
type = "nixos";
address = "100.95.77.67";
system = "aarch64-linux";
sshUser = "root";
};
purpose = {
type = "nixos";
address = "100.117.49.15";
system = "aarch64-linux";
sshUser = "root";
};
epicurus = {
type = "darwin";
address = "100.75.26.104";
system = "aarch64-darwin";
sshUser = "walkah";
};
heraclitus = {
type = "darwin";
address = "100.72.149.31";
system = "aarch64-darwin";
};
}

75
nix/hosts/aristotle/configuration.nix Normal file
View File

@@ -0,0 +1,75 @@
{ pkgs, raspberry-pi-nix, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/base/nixos.nix
raspberry-pi-nix.nixosModules.raspberry-pi
../../modules/ipfs/cluster.nix
../../modules/k3s/agent.nix
../../modules/sops
];
# See: https://github.com/NixOS/nixos-hardware/issues/858
boot.initrd.systemd.tpm2.enable = false;
boot.kernelParams = [
"cgroup_enable=memory"
"cgroup_enable=cpuset"
"cgroup_memory=1"
];
raspberry-pi-nix.board = "bcm2711";
hardware.raspberry-pi.config = {
all = {
dt-overlays = {
rpi-poe = {
enable = true;
params = {
poe_fan_temp0 = {
enable = true;
value = 50000;
};
poe_fan_temp1 = {
enable = true;
value = 60000;
};
poe_fan_temp2 = {
enable = true;
value = 70000;
};
poe_fan_temp3 = {
enable = true;
value = 80000;
};
};
};
};
};
};
time.timeZone = "America/Toronto";
networking = {
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
useDHCP = false;
interfaces.eth0.useDHCP = true;
interfaces.wlan0.useDHCP = true;
firewall.enable = false;
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
];
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
security.sudo.wheelNeedsPassword = false;
}

6
hosts/aristotle/hardware-configuration.nix → nix/hosts/aristotle/hardware-configuration.nix
View File

@@ -6,14 +6,10 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4"; fsType = "ext4";
options = [ "noatime" ];
}; };
swapDevices = [ ]; swapDevices = [ ];

10
nix/hosts/epicurus/darwin-configuration.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./homebrew.nix
../../modules/base/darwin.nix
../../modules/builder
../../modules/dev
];
}

15
hosts/epicurus/homebrew.nix → nix/hosts/epicurus/homebrew.nix
View File

@@ -4,27 +4,30 @@ _:
homebrew = { homebrew = {
taps = [ taps = [
"homebrew/cask" "homebrew/cask"
"homebrew/cask-drivers"
"homebrew/cask-fonts"
"homebrew/services" "homebrew/services"
]; ];
brews = [ "code-server" "coreutils" "mosh" ]; brews = [
"btop"
"code-server"
"coreutils"
"mas"
"mosh"
];
casks = [ casks = [
"1password" "1password"
"docker" "docker-desktop"
"font-jetbrains-mono" "font-jetbrains-mono"
"font-jetbrains-mono-nerd-font" "font-jetbrains-mono-nerd-font"
"gpg-suite" "gpg-suite"
"plex-media-server" "plex-media-server"
"stats" "stats"
"syncthing"
"synology-drive" "synology-drive"
"tailscale-app"
]; ];
masApps = { masApps = {
Tailscale = 1475387142;
Xcode = 497799835; Xcode = 497799835;
}; };
}; };

19
nix/hosts/heraclitus/darwin-configuration.nix Normal file
View File

@@ -0,0 +1,19 @@
{ ... }:
{
imports = [
./homebrew.nix
../../modules/base/darwin.nix
../../modules/dev
../../modules/builder
];
system = {
defaults = {
dock = {
autohide = true;
orientation = "left";
};
};
};
}

106
nix/hosts/heraclitus/homebrew.nix Normal file
View File

@@ -0,0 +1,106 @@
_:
{
homebrew = {
taps = [
"homebrew/cask"
"homebrew/services"
"walkah/tap"
"1password/tap"
"d12frosted/emacs-plus"
"dracula/install"
"heroku/brew"
];
brews = [
"asdf"
"argocd"
"cmake"
"cocoapods"
"coreutils"
{
name = "emacs-plus";
args = [ "--with-c9rgreen-sonoma-icon" ];
}
"fontconfig"
"gcc"
"gh"
"helm"
"heroku"
"ipfs"
"kind"
"kubernetes-cli"
"kustomize"
"libtool"
"mas"
"mr"
"ollama"
"opentofu"
"podman"
"r"
"ripgrep"
"tea"
"terminal-notifier"
"watchman"
];
casks = [
"1password"
"1password-cli"
"actual"
"android-studio"
"arc"
"balenaetcher"
"beeper"
"brave-browser"
"bruno"
"bunch"
"calibre"
"claude"
"discord"
"docker-desktop"
"dracula-xcode"
"element"
"fantastical"
"figma"
"firefox@developer-edition"
"font-jetbrains-mono"
"font-jetbrains-mono-nerd-font"
"ghostty"
"google-chrome"
"gpg-suite"
"hazel"
"jordanbaird-ice"
"logi-options+"
"logitech-camera-settings"
"microsoft-edge"
"minecraft"
"obsidian"
"opal-composer"
"plexamp"
"raycast"
"rstudio"
"slack"
"sonos"
"spotify"
"stats"
"steam"
"synology-drive"
"tailscale-app"
"todoist-app"
"visual-studio-code"
"zen"
"zoom"
"zulu@17"
];
masApps = {
OnePasswordSafari = 1569813296;
Bumpr = 1166066070;
DayOne = 1055511498;
Drafts = 1435957248;
HomeAssistant = 1099568401;
Xcode = 497799835;
};
};
}

217
nix/hosts/plato/configuration.nix Normal file
View File

@@ -0,0 +1,217 @@
{
pkgs,
config,
lib,
...
}:
let
automount_opts = "uid=1000,gid=1000,x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
inherit (config.sops) secrets;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/base/nixos.nix
../../modules/coredns
../../modules/drone
../../modules/drone/runner-docker.nix
../../modules/gitea
../../modules/k3s/server.nix
../../modules/matrix
../../modules/minecraft
../../modules/postgresql
../../modules/sops
];
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
# Use the systemd-boot EFI boot loader.
enable = true;
configurationLimit = 3;
};
};
tmp.cleanOnBoot = true;
};
# Set your time zone.
time.timeZone = "America/Toronto";
networking = {
hostName = "plato"; # Define your hostname.
useDHCP = false;
interfaces = {
enp10s0.useDHCP = true;
enp9s0.useDHCP = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
security.sudo.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
];
environment.systemPackages = with pkgs; [
cifs-utils
pinentry
weechat
];
fileSystems = {
"/mnt/downloads" = {
device = "//parthenon/Downloads";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
};
"/mnt/music" = {
device = "//parthenon/Music";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
};
"/mnt/video" = {
device = "//parthenon/Video";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
};
};
nixpkgs.config.allowInsecurePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"broadcom-sta" # aka “wl”
];
power.ups = {
enable = true;
mode = "netserver";
ups."cyberpower" = {
description = "Cyberpower EC650LCD";
driver = "usbhid-ups";
port = "auto";
};
upsd = {
enable = true;
listen = [
{ address = "0.0.0.0"; }
];
};
users.upsmon = {
passwordFile = secrets.upsmon.path;
upsmon = "primary";
};
upsmon.monitor."cyberpower".user = "upsmon";
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
sops.secrets = {
filesystems-parthenon = { };
upsmon = { };
};
services = {
borgbackup.jobs."borgbase" = {
paths = [
"/var/backup"
];
repo = "ssh://h7ug55o3@h7ug55o3.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
compression = "auto,lzma";
startAt = "daily";
};
grafana = {
enable = true;
settings = {
server = {
domain = "plato.walkah.lab";
http_port = 2342;
http_addr = "0.0.0.0";
};
};
};
prometheus = {
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"plato:9100"
"agent:9100"
"form:9100"
"matter:9100"
"purpose:9100"
"socrates:9100"
];
}
];
}
{
job_name = "coredns";
static_configs = [ { targets = [ "plato:9153" ]; } ];
}
{
job_name = "ipfs";
metrics_path = "/debug/metrics/prometheus";
static_configs = [
{
targets = [
"agent:5001"
"form:5001"
"matter:5001"
"purpose:5001"
];
}
];
}
];
};
tailscale = {
useRoutingFeatures = "server";
};
};
walkah.coredns = {
enable = true;
};
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
daemon.settings = {
dns = [
"1.1.1.1"
"1.0.0.1"
];
};
};
}

37
hosts/plato/hardware-configuration.nix → nix/hosts/plato/hardware-configuration.nix
View File

@@ -5,21 +5,25 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ initrd.availableKernelModules = [
"uhci_hcd" "uhci_hcd"
"ehci_pci" "ehci_pci"
"ahci" "ahci"
"xhci_pci" "xhci_pci"
"firewire_ohci" "firewire_ohci"
"usb_storage" "usb_storage"
"usbhid" "usbhid"
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ]; kernelModules = [
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; "kvm-intel"
"wl"
];
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2"; device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";
@@ -31,7 +35,6 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; } ];
[{ device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; }];
} }

60
hosts/socrates/configuration.nix → nix/hosts/socrates/configuration.nix
View File

@@ -1,9 +1,9 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix # generated at runtime by nixos-infect ./networking.nix # generated at runtime by nixos-infect
../../users ../../modules/base/nixos.nix
../../modules/base
../../modules/akkoma ../../modules/akkoma
../../modules/akkoma/nginx.nix ../../modules/akkoma/nginx.nix
@@ -18,35 +18,43 @@
../../modules/sops ../../modules/sops
]; ];
nixpkgs.overlays = [ (import ../../overlays) ];
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
# Set your time zone. # Set your time zone.
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking.hostName = "socrates"; networking = {
networking.firewall.allowPing = true; hostName = "socrates";
networking.firewall.allowedTCPPorts = [ 80 443 ]; firewall = {
networking.firewall.trustedInterfaces = [ "tailscale0" ]; allowPing = true;
networking.firewall.checkReversePath = "loose"; allowedTCPPorts = [
80
nix = { 443
settings.trusted-users = [ "@wheel" "root" ]; ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
}; };
security.sudo.wheelNeedsPassword = false; nix = {
settings.trusted-users = [
"@wheel"
"root"
];
};
security = {
sudo.wheelNeedsPassword = false;
acme.acceptTerms = true;
acme.defaults.email = "walkah@walkah.net";
};
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
]; ];
system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ ipfs-migrator ]; environment.systemPackages = with pkgs; [ ipfs-migrator ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "walkah@walkah.net";
walkah.coredns = { walkah.coredns = {
enable = true; enable = true;
addr = "100.103.57.96"; addr = "100.103.57.96";
@@ -60,21 +68,5 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
openssh = { enable = true; };
prometheus = {
enable = true;
port = 9090;
listenAddress = "100.103.57.96";
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
openFirewall = true;
port = 9100;
listenAddress = "100.103.57.96";
};
};
};
tailscale = { enable = true; };
}; };
} }

5
hosts/socrates/hardware-configuration.nix → nix/hosts/socrates/hardware-configuration.nix
View File

@@ -2,5 +2,8 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "/dev/vda";
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
} }

23
hosts/socrates/networking.nix → nix/hosts/socrates/networking.nix
View File

@@ -1,4 +1,5 @@
{ lib, ... }: { { lib, ... }:
{
# This file was populated at runtime with the networking # This file was populated at runtime with the networking
# details gathered from the active system. # details gathered from the active system.
networking = { networking = {
@@ -28,14 +29,18 @@
prefixLength = 64; prefixLength = 64;
} }
]; ];
ipv4.routes = [{ ipv4.routes = [
address = "167.99.176.1"; {
prefixLength = 32; address = "167.99.176.1";
}]; prefixLength = 32;
ipv6.routes = [{ }
address = "2604:a880:cad:d0::1"; ];
prefixLength = 32; ipv6.routes = [
}]; {
address = "2604:a880:cad:d0::1";
prefixLength = 32;
}
];
}; };
}; };

61
modules/akkoma/default.nix → nix/modules/akkoma/default.nix
View File

@@ -41,9 +41,15 @@ in
}; };
"Pleroma.Web.Endpoint" = { "Pleroma.Web.Endpoint" = {
secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; }; secret_key_base = {
signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; _secret = secrets.akkoma-secret-key-base.path;
live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; };
signing_salt = {
_secret = secrets.akkoma-signing-salt.path;
};
live_view.signing_salt = {
_secret = secrets.akkoma-signing-salt.path;
};
url = { url = {
host = "walkah.social"; host = "walkah.social";
scheme = "https"; scheme = "https";
@@ -57,12 +63,18 @@ in
}; };
":web_push_encryption" = { ":web_push_encryption" = {
":vapid_details" = { ":vapid_details" = {
private_key = { _secret = secrets.akkoma-vapid-private-key.path; }; private_key = {
public_key = { _secret = secrets.akkoma-vapid-public-key.path; }; _secret = secrets.akkoma-vapid-private-key.path;
};
public_key = {
_secret = secrets.akkoma-vapid-public-key.path;
};
}; };
}; };
":joken" = { ":joken" = {
":default_signer" = { _secret = secrets.akkoma-joken-signer.path; }; ":default_signer" = {
_secret = secrets.akkoma-joken-signer.path;
};
}; };
}; };
nginx = null; # doing this manually nginx = null; # doing this manually
@@ -77,24 +89,23 @@ in
databases = [ "akkoma" ]; databases = [ "akkoma" ];
}; };
}; };
sops = {
sops.secrets.akkoma-secret-key-base = { secrets = {
owner = akkoma.user; akkoma-secret-key-base = {
}; owner = akkoma.user;
};
sops.secrets.akkoma-signing-salt = { akkoma-signing-salt = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-vapid-private-key = {
sops.secrets.akkoma-vapid-private-key = { owner = akkoma.user;
owner = akkoma.user; };
}; akkoma-vapid-public-key = {
owner = akkoma.user;
sops.secrets.akkoma-vapid-public-key = { };
owner = akkoma.user; akkoma-joken-signer = {
}; owner = akkoma.user;
};
sops.secrets.akkoma-joken-signer = { };
owner = akkoma.user;
}; };
} }

3
modules/akkoma/nginx.nix → nix/modules/akkoma/nginx.nix
View File

@@ -1,5 +1,4 @@
_: _: {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {

11
modules/base/common.nix → nix/modules/base/common.nix
View File

@@ -13,18 +13,17 @@ _:
settings = { settings = {
substituters = [ substituters = [
"https://walkah.cachix.org" "https://walkah.cachix.org"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"walkah.cachix.org-1:D8cO78JoJC6UPV1ZMgd1V5znpk3jNUERGIeAKN15hxo=" "walkah.cachix.org-1:D8cO78JoJC6UPV1ZMgd1V5znpk3jNUERGIeAKN15hxo="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
]; ];
}; };
}; };
programs = { programs.zsh.enable = true;
zsh = {
enable = true;
promptInit = "";
};
};
} }

33
modules/base/darwin.nix → nix/modules/base/darwin.nix
View File

@@ -1,9 +1,13 @@
{ pkgs, ... }: { { ... }:
{
imports = [ ./common.nix ]; imports = [
./common.nix
../../users
];
nix = { nix = {
configureBuildUsers = true; enable = true;
extraOptions = '' extraOptions = ''
extra-platforms = x86_64-darwin aarch64-darwin extra-platforms = x86_64-darwin aarch64-darwin
@@ -18,7 +22,10 @@
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
settings = { settings = {
trusted-users = [ "root" "@admin" ]; trusted-users = [
"root"
"@admin"
];
}; };
}; };
@@ -42,20 +49,8 @@
}; };
}; };
nixpkgs.config.packageOverrides = pkgs: { system = {
haskellPackages = pkgs.haskellPackages.override { primaryUser = "walkah";
overrides = _self: super: { stateVersion = 4;
niv = pkgs.haskell.lib.overrideCabal super.niv (_drv: {
enableSeparateBinOutput = false;
});
};
};
}; };
users.users.walkah = {
home = "/Users/walkah";
shell = pkgs.zsh;
};
system.stateVersion = 4;
} }

63
nix/modules/base/nixos.nix Normal file
View File

@@ -0,0 +1,63 @@
{ config, pkgs, ... }:
{
imports = [
./common.nix
../monitoring
../../users
];
documentation = {
enable = false;
};
environment.systemPackages = with pkgs; [
btop
htop
inetutils
vim
];
nix = {
gc = {
persistent = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
settings = {
auto-optimise-store = true;
trusted-users = [
"root"
"walkah"
];
};
};
programs = {
mosh.enable = true;
};
services = {
openssh.enable = true;
tailscale = {
enable = true;
extraSetFlags = [ "--webclient" ];
};
};
system = {
autoUpgrade = {
enable = true;
flake = "github:walkah/athens#${config.networking.hostName}";
dates = "hourly";
flags = [
"--option"
"tarball-ttl"
"0"
];
};
stateVersion = "23.05";
};
}

23
nix/modules/builder/default.nix Normal file
View File

@@ -0,0 +1,23 @@
_: {
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "plato";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 6;
supportedFeatures = [
"benchmark"
"big-parallel"
"kvm"
];
}
];
extraOptions = ''
builders-use-substitutes = true
'';
};
}

0
modules/code-server/default.nix → nix/modules/code-server/default.nix
View File

2
modules/code-server/nginx.nix → nix/modules/code-server/nginx.nix
View File

@@ -8,7 +8,7 @@ _:
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://100.66.26.116:8080"; proxyPass = "http://100.75.26.104:8080";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

3
modules/coredns/default.nix → nix/modules/coredns/default.nix
View File

@@ -1,7 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; with lib;
let cfg = config.walkah.coredns; let
cfg = config.walkah.coredns;
in in
{ {
options.walkah.coredns = { options.walkah.coredns = {

12
modules/coredns/walkah.lab.zone → nix/modules/coredns/walkah.lab.zone
View File

@@ -1,6 +1,6 @@
$ORIGIN walkah.lab. $ORIGIN walkah.lab.
@ 3600 IN SOA plato.walkah.lab. walkah.walkah.net. ( @ 3600 IN SOA plato.walkah.lab. walkah.walkah.net. (
2021070700 ; serial 2023091000 ; serial
7200 ; refresh (2 hours) 7200 ; refresh (2 hours)
3600 ; retry (1 hour) 3600 ; retry (1 hour)
1209600 ; expire (2 weeks) 1209600 ; expire (2 weeks)
@@ -10,10 +10,10 @@ $ORIGIN walkah.lab.
socrates IN A 100.103.57.96 socrates IN A 100.103.57.96
plato IN A 100.111.208.75 plato IN A 100.111.208.75
; aristotle ; aristotle
agent IN A 100.95.167.126 agent IN A 100.103.219.26
form IN A 100.87.220.71 form IN A 100.104.247.27
matter IN A 100.126.255.109 matter IN A 100.95.77.67
purpose IN A 100.74.59.80 purpose IN A 100.117.49.15
parthenon IN A 100.106.65.39 parthenon IN A 100.106.65.39
epicurus IN A 100.66.26.116 epicurus IN A 100.75.26.104

11
nix/modules/dev/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
# Nix
cachix
nixd
nixf
nixfmt-rfc-style
];
}

7
modules/drone/default.nix → nix/modules/drone/default.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, config, ... }: { { pkgs, config, ... }:
{
sops.secrets.drone = { sops.secrets.drone = {
owner = "drone"; owner = "drone";
}; };
@@ -9,9 +10,7 @@
ensureUsers = [ ensureUsers = [
{ {
name = "drone"; name = "drone";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE drone" = "ALL PRIVILEGES";
};
} }
]; ];
}; };

0
modules/drone/nginx.nix → nix/modules/drone/nginx.nix
View File

3
modules/drone/runner-docker.nix → nix/modules/drone/runner-docker.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, config, ... }: { { pkgs, config, ... }:
{
systemd.services.drone-runner-docker = { systemd.services.drone-runner-docker = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {

14
modules/drone/runner-exec.nix → nix/modules/drone/runner-exec.nix
View File

@@ -36,14 +36,14 @@
"/etc/passwd:/etc/passwd" "/etc/passwd:/etc/passwd"
"/etc/group:/etc/group" "/etc/group:/etc/group"
"/nix/var/nix/profiles/system/etc/nix:/etc/nix" "/nix/var/nix/profiles/system/etc/nix:/etc/nix"
"${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
"${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
"${ "${
builtins.toFile "ssh_config" '' config.environment.etc."ssl/certs/ca-certificates.crt".source
Host eve.thalheim.io }:/etc/ssl/certs/ca-certificates.crt"
ForwardAgent yes "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
'' "${builtins.toFile "ssh_config" ''
}:/etc/ssh/ssh_config" Host eve.thalheim.io
ForwardAgent yes
''}:/etc/ssh/ssh_config"
"/etc/machine-id" "/etc/machine-id"
# channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing # channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing
"/nix/" "/nix/"

34
modules/gitea/default.nix → nix/modules/gitea/default.nix
View File

@@ -1,6 +1,7 @@
{ config, ... }: { config, ... }:
let cfg = config.services.gitea; let
cfg = config.services.gitea;
in in
{ {
users.users.git = { users.users.git = {
@@ -20,9 +21,15 @@ in
lfs.enable = true; lfs.enable = true;
settings = { settings = {
log = { LEVEL = "Error"; }; log = {
other = { SHOW_FOOTER_VERSION = false; }; LEVEL = "Error";
repository = { DEFAULT_BRANCH = "main"; }; };
other = {
SHOW_FOOTER_VERSION = false;
};
repository = {
DEFAULT_BRANCH = "main";
};
server = { server = {
DOMAIN = "walkah.dev"; DOMAIN = "walkah.dev";
HTTP_ADDR = "0.0.0.0"; HTTP_ADDR = "0.0.0.0";
@@ -30,17 +37,32 @@ in
ROOT_URL = "https://walkah.dev/"; ROOT_URL = "https://walkah.dev/";
SSH_DOMAIN = "git.walkah.dev"; SSH_DOMAIN = "git.walkah.dev";
}; };
service = { DISABLE_REGISTRATION = true; }; service = {
session = { COOKIE_SECURE = true; }; DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
}; };
dump.enable = false; dump.enable = false;
database = { database = {
createDatabase = false;
type = "postgres"; type = "postgres";
name = "gitea";
socket = "/run/postgresql";
user = "git"; user = "git";
}; };
}; };
postgresql = {
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "git";
}
];
};
postgresqlBackup.databases = [ "gitea" ]; postgresqlBackup.databases = [ "gitea" ];
}; };
} }

0
modules/gitea/nginx.nix → nix/modules/gitea/nginx.nix
View File

0
modules/home-assistant/nginx.nix → nix/modules/home-assistant/nginx.nix
View File

913231
nix/modules/ipfs/badbits.deny Normal file
View File

File diff suppressed because it is too large Load Diff

6
modules/ipfs/cluster.nix → nix/modules/ipfs/cluster.nix
View File

@@ -3,13 +3,17 @@
{ {
imports = [ imports = [
./default.nix ./default.nix
../../services/ipfs-cluster.nix
]; ];
services = { services = {
kubo = { kubo = {
enable = true; enable = true;
settings = { settings = {
Discovery = {
MDNS = {
Enabled = true;
};
};
Swarm = { Swarm = {
AddrFilters = null; AddrFilters = null;
ConnMgr = { ConnMgr = {

15
modules/ipfs/default.nix → nix/modules/ipfs/default.nix
View File

@@ -1,8 +1,6 @@
{ pkgs, ... }: _:
{ {
environment.systemPackages = with pkgs; [ ipfs-migrator ];
services = { services = {
kubo = { kubo = {
enable = true; enable = true;
@@ -19,9 +17,14 @@
"/ip6/::/udp/4001/quic" "/ip6/::/udp/4001/quic"
]; ];
}; };
API = { HTTPHeaders = { Access-Control-Allow-Origin = [ "*" ]; }; }; API = {
Discovery = { MDNS = { Enabled = true; }; }; HTTPHeaders = {
Routing = { Type = "dht"; }; Access-Control-Allow-Origin = [ "*" ];
};
};
Routing = {
Type = "dht";
};
}; };
}; };
}; };

79
nix/modules/ipfs/gateway.nix Normal file
View File

@@ -0,0 +1,79 @@
{ pkgs, ... }:
let
peers = [
{
ID = "12D3KooWEVoGdqsakyi3bgE8ivvRzcgTjiirFNS2FbUMw6HSjZF9";
Addrs = [ "/ip4/100.103.219.26/tcp/4001" ];
}
{
ID = "12D3KooWC5ncgKeJV2G6QBdGMkT2gLbeviaDxpYR7V6NVTsma3C5";
Addrs = [ "/ip4/100.104.247.27/tcp/4001" ];
}
{
ID = "12D3KooW9xeqfnnNWafiDkLXWjC5YdUnBrG5tJDd3tnm86kqVwhA";
Addrs = [ "/ip4/100.95.77.67/tcp/4001" ];
}
{
ID = "12D3KooWLYPckqA4JACJ4vioWc4tYuPjmfLMbgviECnWqazjSgK9";
Addrs = [ "/ip4/100.117.49.15/tcp/4001" ];
}
];
in
{
imports = [ ./default.nix ];
environment.systemPackages = with pkgs; [ ipfs-migrator ];
environment.etc = {
"ipfs/denylists/badbits.deny".source = ./badbits.deny;
};
networking.firewall = {
allowedTCPPorts = [ 4001 ];
allowedUDPPorts = [ 4001 ];
};
services = {
kubo = {
enable = true;
settings = {
Discovery = {
MDNS = {
Enabled = false;
};
};
Peering = {
Peers = peers;
};
Swarm = {
AddrFilters = null;
};
};
};
nginx = {
# IPFS Gateway
virtualHosts."walkah.cloud" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
};
};
# Hosted Sites
virtualHosts."walkah.net" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
};
serverAliases = [
"www.walkah.net"
];
};
};
};
}

12
nix/modules/k3s/agent.nix Normal file
View File

@@ -0,0 +1,12 @@
_:
let
hosts = import ../../hosts.nix;
in
{
imports = [ ./common.nix ];
services.k3s = {
role = "agent";
serverAddr = "https://${hosts.plato.address}:6443";
};
}

18
nix/modules/k3s/common.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, ... }:
let
hostname = config.networking.hostName;
hosts = import ../../hosts.nix;
in
{
services.k3s = {
enable = true;
tokenFile = config.sops.secrets.k3s-token.path;
extraFlags = [
"--node-external-ip=${hosts.${hostname}.address}"
];
};
sops.secrets.k3s-token = {
owner = "root";
mode = "0400";
};
}

7
nix/modules/k3s/server.nix Normal file
View File

@@ -0,0 +1,7 @@
{
imports = [ ./common.nix ];
services.k3s = {
role = "server";
clusterInit = true;
};
}

46
modules/matrix/default.nix → nix/modules/matrix/default.nix
View File

@@ -1,10 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [
matrix-synapse-tools.synadm
];
services = { services = {
postgresql = { postgresql = {
enable = true; enable = true;
@@ -17,7 +13,10 @@
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
}; };
postgresqlBackup.databases = [ "matrix" ]; postgresqlBackup.databases = [
"matrix"
"matrix-syncv3"
];
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
@@ -28,21 +27,30 @@
enable_registration = false; enable_registration = false;
database = { database = {
name = "psycopg2"; name = "psycopg2";
args = { database = "matrix"; }; args = {
database = "matrix";
};
}; };
listeners = [{ listeners = [
bind_addresses = [ {
"0.0.0.0" bind_addresses = [
]; "0.0.0.0"
port = 8008; ];
type = "http"; port = 8008;
tls = false; type = "http";
x_forwarded = true; tls = false;
resources = [{ x_forwarded = true;
compress = false; resources = [
names = [ "client" "federation" ]; {
}]; compress = false;
}]; names = [
"client"
"federation"
];
}
];
}
];
}; };
extraConfigFiles = [ extraConfigFiles = [
config.sops.secrets.matrix-registration-secret.path config.sops.secrets.matrix-registration-secret.path

64
nix/modules/matrix/nginx.nix Normal file
View File

@@ -0,0 +1,64 @@
_:
{
services.nginx = {
enable = true;
virtualHosts = {
"matrix.walkah.chat" = {
forceSSL = true;
enableACME = true;
locations."/_matrix" = {
proxyPass = "http://100.111.208.75:8008";
};
locations."/_synapse/client" = {
proxyPass = "http://100.111.208.75:8008";
};
};
"syncv3.walkah.chat" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://100.111.208.75:8088";
};
};
"walkah.chat" = {
forceSSL = true;
enableACME = true;
locations = {
"= /.well-known/matrix/server".extraConfig =
let
server = {
"m.server" = "matrix.walkah.chat:443";
};
in
''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = {
"base_url" = "https://matrix.walkah.chat";
};
"org.matrix.msc3575.proxy" = {
"url" = "https://syncv3.walkah.chat";
};
};
in
''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
# "/" = {
# root = pkgs.element-web;
# };
};
};
};
};
}

1
modules/minecraft/default.nix → nix/modules/minecraft/default.nix
View File

@@ -21,6 +21,7 @@ _: {
puffpuffpassion = "72e0d040-fa54-47e8-a6e7-162fdaa0cac5"; puffpuffpassion = "72e0d040-fa54-47e8-a6e7-162fdaa0cac5";
rafadoodle = "9a7c860e-e269-4c38-b2f7-ca5533c27e98"; rafadoodle = "9a7c860e-e269-4c38-b2f7-ca5533c27e98";
camylamb = "c9fcbfa1-89da-4cf9-97fe-b9e5290a4eb4"; camylamb = "c9fcbfa1-89da-4cf9-97fe-b9e5290a4eb4";
shortychark = "3f420f61-867f-4651-a849-d2e54f8c220d";
}; };
}; };
} }

32
nix/modules/minecraft/proxy.nix Normal file
View File

@@ -0,0 +1,32 @@
_:
let
dest_ip = "100.111.208.75";
dest_port = 25565;
in
{
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ dest_port ];
};
nat = {
enable = true;
internalInterfaces = [ "tailscale0" ];
externalInterface = "eth0";
forwardPorts = [
{
sourcePort = dest_port;
proto = "tcp";
destination = "${dest_ip}:${toString dest_port}";
}
];
};
};
services = {
tailscale = {
useRoutingFeatures = "server";
extraUpFlags = [ "--stateful-filtering=false" ];
};
};
}

17
nix/modules/monitoring/default.nix Normal file
View File

@@ -0,0 +1,17 @@
_:
{
services = {
prometheus = {
enable = true;
port = 9090;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9100;
};
};
};
};
}

45
nix/modules/postgresql/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{ pkgs, config, ... }:
{
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_14;
};
postgresqlBackup = {
enable = true;
};
};
# Postgres upgrades: https://nixos.org/manual/nixos/stable/index.html#module-services-postgres-upgrading
environment.systemPackages = [
(
let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_15;
in
pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
''
)
];
}

0
modules/sops/default.nix → nix/modules/sops/default.nix
View File

38
nix/nixos.nix Normal file
View File

@@ -0,0 +1,38 @@
{
self,
nixpkgs,
home-manager,
raspberry-pi-nix,
sops-nix,
...
}:
let
mkSystem =
hostName: modules:
let
hostSystem = self.hosts.${hostName}.system;
in
nixpkgs.lib.nixosSystem {
modules = [
home-manager.nixosModules.home-manager
(_: {
networking.hostName = hostName;
nixpkgs.overlays = [ self.overlays.default ];
nixpkgs.config.allowUnfree = true;
})
{ nixpkgs.hostPlatform = hostSystem; }
]
++ modules;
specialArgs = { inherit raspberry-pi-nix sops-nix; };
};
in
{
# Aristotle
agent = mkSystem "agent" [ ./hosts/aristotle/configuration.nix ];
form = mkSystem "form" [ ./hosts/aristotle/configuration.nix ];
matter = mkSystem "matter" [ ./hosts/aristotle/configuration.nix ];
purpose = mkSystem "purpose" [ ./hosts/aristotle/configuration.nix ];
plato = mkSystem "plato" [ ./hosts/plato/configuration.nix ];
socrates = mkSystem "socrates" [ ./hosts/socrates/configuration.nix ];
}

0
overlays/default.nix → nix/overlays/default.nix
View File

85
nix/secrets/secrets.yaml Normal file
View File

@@ -0,0 +1,85 @@
matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str]
drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
akkoma-secret-key-base: ENC[AES256_GCM,data:OQBGkyjhDeNz40bBMMqLU7S6s4r6CtatOxJ5RNdba5m5NQO+JJ5/sEuOjJrJ29oRGjHFYwmUcAB9vptWdGZdcA==,iv:oYh9fh12cNYJOgC8DAxyYxw8dp1Fmd1CijNpgmn/AV8=,tag:E9W/5TWPjIgjE3o/QAky0A==,type:str]
akkoma-signing-salt: ENC[AES256_GCM,data:KtOdcHM8XLY=,iv:RXvLlSyPzK6HYFxwyKEnDw1llmfNC5ambqvGiAkVxnA=,tag:LLna293WAYoBlr0j3U6zkg==,type:str]
akkoma-vapid-private-key: ENC[AES256_GCM,data:D8Dh53yOgKrcsttJ36xyV1locXBV2BB2EG/rOfIctCbOItdsodtpMCAwRg==,iv:xzheaTo0b3szYGvZmc3ucPi9lYXJStznAUyWNQ9TATE=,tag:tHV5DUFuvq2F9yRFmHrQXQ==,type:str]
akkoma-vapid-public-key: ENC[AES256_GCM,data:HnUAyTq7dwa+A9L1X3YyxkiJ71BoZis5TdEPHJZkFRoiU5ZYu21xJW4R1H8xsCUDTaFTKLzdSNImVStIg1A+ex6UXLvsJwqM55P8ZnUm87V5KIsCimEm,iv:vVNoYubajEgqZIg6j9k6HjY/j4ib8A7MHGWPrJnkpCw=,tag:GBr2z4EGbn5vmFMWtY013w==,type:str]
akkoma-joken-signer: ENC[AES256_GCM,data:6GbXC7teDXxr0z7eBLm9EvJv59Bvd1FqRuBGntAH9YzM79MVUMsx4JnCZ+bPR9hLiIVgITeAc5djk2tiJewh6w==,iv:q7A8f7kocb1Go7acFkVSxdmhObPxpGlfbPgfrOXHEjg=,tag:lS4UNS1ivVZdmm8AMS/1MQ==,type:str]
filesystems-parthenon: ENC[AES256_GCM,data:dYO+QjvWhR3oXrDfAEaUvTLx147NIDFcPUa7p3Jv558ynqmmEnVZ3+fVMUQVIw==,iv:ASmXqNA8/TZvSRo31CFAzt6StsZzZpVFvz15LN5+QmQ=,tag:Wx6kDCXqZ1iSmxpggBKVxA==,type:str]
upsmon: ENC[AES256_GCM,data:Rlqkhh7w8S9jD3mwUdkt3g==,iv:hiMkbAhea1f6r5gGTRw49ebepMtTYBVyH+bHwp/T61Q=,tag:cbaxIDuD4JNeCC5MiMGl6w==,type:str]
k3s-token: ENC[AES256_GCM,data:dyyFY/ruyCfAdQmmdD1eDPKhBWkbgElbFQgMjGALrM8OeTXRiiV18AwG1ZGtw+j3CBmladwBf0+gcfC0ojKHlA==,iv:j4IOIZegDMJik6shOhUZGyI0N8TD1yMDcOacArgM05Q=,tag:t91uRzF8RgxLF/f2M+9Wgg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOT3gyL29ETGNYSTNBMHhx
RUVNRmdpZm9TZTdJNTJCOSt5blZ3T2JLVlhVCldaTjhaanBrWTVIOWJQQ1VJUTUw
alJuRjhOU2wxWEF1RG0vZE9LVU1JcHMKLS0tIGF0VlRDeldsSFFZNzVHaWJGTUtC
WlhMcDM3RlF5Y3FkRXczbWNHQWNrVjAKx77NlnVTab75G2QTiuEmAyI10m2ZbMjc
IyVWoRabZY96J/HYiZaURZY5Aq10Opa9vTp0xXL0FxLwF0Bclr7J+Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzY3hRcjZsZDBjb1FtWElx
ODV3Q0g2Q0QveEUrMkRIZlJSbDBBdjlHZ25ZCmxvcngwN1V4RkJLL1NzWkw4bjNF
OXdXMlo1KzZIV3BtUWtXOGdzQ1l1RnMKLS0tIFJjY3JtOHNwTldrM0dqbnkvSThM
QW0zMzJtMzNSaEJldzJITDAvZExtcFUKTovVFKkl40WdXOji8xWKZ8eZcEXU64uz
4K7fqyhchzu+PB1xVMYeSahIYTh2oZGSKXi8nnTBwz2cPLJmy/8Biw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pn2hnqvgt7rvfglxddlj3jwrm79rvmutmexkpxv4frdnznlel33qvfy6u5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYlZtbC9sSXhzYUU2bnBZ
ZmpKUk5BcHdGbTJ3b0xhRTVxMXIxOXJYSmpNCkdWQ3hJV0t0OVcwNmYwaVh5V3VJ
ellsaGRyNnVEaTkxUFNReG4yTUprQUkKLS0tIHNqdjdmQjh3cHlwb0M2bGk0b2NG
eGV5Vk54dzNWSlFGTWc1akxHUmhiQ28KzAs/krsXZxcRQpefv5ncqbZ6D9Mr8HDl
9Ir35JL2HhZv3wtMUK9TQVINmbPiPGf9mzVoiCQ7Nq9J80wzt/A53Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mnrl9u8vpdjncge33pg7quakl0qdf5dlfgch87jhrs0wrvup4s0s5xh7ly
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTeDI0QXE4L0tBWDd3dmVI
TlN3RlBNYjNCUkZMWGUwVEtkZHU4UTVYdWw4CnMvT09sU0EyVllSM1VSRXhsL2FF
NnVGQ0hyRTFjdjBWSjVpNXNuc3I4RTAKLS0tIEIveW00Ky9jbnozTGZqZk4zeEdp
ZnBaRUJMSy9sSTIwUzR0U1JsRFhJWnMKOyIeYJquwLWqmLVqMNRCLK1U/10ILBEu
FX+kU8c5qrpsSoMjNfy/h9QCF/5u+9CV/9wHw2HONN0CAwWlYrDgdw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tt0gwcm03zmpelerpph49knn8f6t8z7aq9una2qys76kf4rwxpnquxkvz3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6a2JmV1hQb0FHekpzVWVL
d1RzdEoxVmZWQ25XT2hkYmtESFIrNFc1N1Y0Cmx4dEZrRnhDZDlGRXJPVGRpa0l5
akhKR3dlTS9SblFrTndBakVIemwrRFEKLS0tICsraW83aFlvRzRKVHdQcjhLUjFB
K29DeVBqWUs0ejRUVUd2SkpVYzd1UEkK0/AHkZ7gKouHi26nsZsr4CpmDu+jbKx6
BA7VAwCI0nBP5sOgNXbsmYhgyAlaz28tybNXV+QzCnJiyTXhZM5F8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1px55dk5n3whfdyshzyxqmyjvqdmv9au6myx6w67jw3cqp9sdx9rsa6xep9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS1BMUFU5T05PM2Z1Zk96
N3FYTWp3bWtwMDZ4QVdVMEVLaTFueE9Od1JJCjdtMUNRa1JGWUkxRTZueS9vSGdx
NG9TVHF5T3lYbUZxa1FWY2RldHV1ZVkKLS0tIHNqbEZlSk9zR1FpWmNMQy8rayt6
SStpZHdKZGN0NGNieldPY2JTcnJ4ZW8Kz5u/fJjkwi8vJh3CB7K0S7+b9gzOhsvW
+0lfMGT+Dtbchq8O1wsCoBfe8I5kV2QlXJxTU7o4BASFKfNzX9E4gA==
-----END AGE ENCRYPTED FILE-----
- recipient: age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVa2pHd2dvNHBwcW85SnNy
aSt4ZElQdGZLMW5GNnIyc2NxY1J2MEk1c0RjCmJiMEY5cklnWVVHN25ST2JSWEhT
WWcvVG9TRVlVdWFzcjhENFZCMUhXVHMKLS0tIFpWcURkWFExU200TlR1N2NIak4z
WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY
c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-10T18:41:36Z"
mac: ENC[AES256_GCM,data:nAUaEMxYGZc+hzeFo2sjQNBPuVw9GKjDAL9R9uJl9ySWNOLtSjl150qkAYjfqfIpsiyRtnSBfP1UxvKHjbAv5Fu9Bmkv+1rv6T8d9nK541DrT1IJ/F/sdw+Vqf/xJss1pvZLP/KhLT5wfvyPrk3VeKWx5f7BI/VzCsU1MNukZdY=,iv:ooxqCvIogeyXiHC10BJUYu9PCTZr/bnUJHiUzg2bjw4=,tag:Wt+vmIVPmlTOxAQ6rHnxdg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

23
nix/shells.nix Normal file
View File

@@ -0,0 +1,23 @@
{
system,
pkgs,
self,
...
}:
{
default = pkgs.mkShell {
name = "athens";
buildInputs = with pkgs; [
deadnix
doctl
nixd
nixf
nixpkgs-fmt
opentofu
statix
sops
];
inherit (self.checks.${system}.pre-commit-check) shellHook;
};
}

5
nix/users/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ ... }:
{
imports = [ ./walkah ];
}

27
nix/users/walkah/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ lib, pkgs, ... }:
{
users.users.walkah = {
home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
];
}
// lib.optionalAttrs pkgs.stdenv.isLinux {
extraGroups = [
"wheel"
"docker"
];
group = "walkah";
isNormalUser = true;
};
users.groups.walkah = { };
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.walkah = import ./home.nix;
};
}

30
nix/users/walkah/home.nix Normal file
View File

@@ -0,0 +1,30 @@
{ lib, pkgs, ... }:
{
home = {
packages = with pkgs; [
chezmoi
bat
direnv
eza
fd
fzf
git
htop
jq
starship
tmux
];
activation.chezmoi = lib.hm.dag.entryAfter [ "installPackages" ] ''
export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
export PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH"
if [ ! -d $HOME/.local/share/chezmoi ]; then
$DRY_RUN_CMD ${pkgs.chezmoi}/bin/chezmoi init --apply walkah/dotfiles
else
$DRY_RUN_CMD ${pkgs.chezmoi}/bin/chezmoi update --apply
fi
'';
stateVersion = "24.05";
};
}

1645
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
package.json
View File

@@ -1,11 +0,0 @@
{
"name": "athens",
"main": "index.ts",
"devDependencies": {
"@types/node": "^16"
},
"dependencies": {
"@pulumi/pulumi": "^3.0.0",
"@pulumi/digitalocean": "^4.0.0"
}
}

83
secrets/secrets.yaml
View File

@@ -1,83 +0,0 @@
matrix-registration-secret: ENC[AES256_GCM,data:Sn3pGBq4U3Tgw0pYaetnBLRiNdFGnMxAxyfrxhF9kFDMFijKSy9XBj71M5XxV4shYQyPvu2WDnPR1YvyoQVlv8cEoXhX7++JlYsp/2ZfKIzp4iMxh24z57Cw8vg=,iv:/zxlIeI9gWWCHbejYgz8pjjOrukKome0/bmcXuG3/yE=,tag:3fc3c96H3pO1FUO7p3T4gw==,type:str]
ipfs-cluster-secret: ENC[AES256_GCM,data:fmZ1USrJlR8fbulr1Kn8LDkMl/c6OkIN5M5q4X0MLO77K8zPwTXm0+M8ZHfq36rnuxBV0gsTiYBn47DSQLaDkONOPuEu99EGuIYZ9qZQVaZ/RC12ej6bpHaaX3m3j48szOXwJdoyDWlP32ZFanMznO8+EwAz5ccNV03ck/Rh/qpq9pWt/QjNhqtAkwFkooGB0aWRdHlillsB/SGQJk/moweIQk3qz2Ya4cN21Cxfssd08TDacjNCUekIgZ/xuXV7j8dCV/qiAOJEfaHn,iv:bAEDTTeQvg+sE67nEuSZhxqJBZVXFRNIPOZGkPYy9dY=,tag:82eBLePaqu7tYu0MtefMOQ==,type:str]
drone: ENC[AES256_GCM,data:UKh2qyZq5eTiEpdbGve+fCQZzSx/j+wUv9eHT/ToU9b51rwA7XJQC4g3rvljBL9X7DFVVdsWOdG6y1eRGImdelJ5hwxa8oK5CBpaGLGjd9+Hm8SS+Q+PAFDW6fdsPtDDgK5jjykcIlJ7u9mjCffFsCGw3UWfHxnniCnIba9e499XU+VR6l96U3oGOsrr0XO/d2zwrOm3mvXQL1P3cE+se4/UDKrdABGfKWyGqZ9xgi6Q7PTSmRv4AtpwpgF1URBvPVqs6yoexWetksLv+Xk5H50EeucbMOA+oUSJ06fUMECFRF9thRrdUbtK,iv:CiZz6NSksNMGmZxWS7uE69O6UnvTkRWbeBwC1bUqR9o=,tag:qcLmseQgkjMVv2uNXPFHzw==,type:str]
traefik: ENC[AES256_GCM,data:SEjgraDDpdJnaOEZVi/0Vtr3J/jQ3zC2kZaMmMRKhRd77EkXC6eeSbOaORv30QSXcfipm8INT45TKZfRSdbnoV6XbgAqLyLmef3LkmMt+eA=,iv:bbns12ZiqeBha0eWEARMixFfPDHzF8PBjUEeEdkwf6Q=,tag:ft2k2CQk7VmfWiGhhyHVfQ==,type:str]
akkoma-secret-key-base: ENC[AES256_GCM,data:OQBGkyjhDeNz40bBMMqLU7S6s4r6CtatOxJ5RNdba5m5NQO+JJ5/sEuOjJrJ29oRGjHFYwmUcAB9vptWdGZdcA==,iv:oYh9fh12cNYJOgC8DAxyYxw8dp1Fmd1CijNpgmn/AV8=,tag:E9W/5TWPjIgjE3o/QAky0A==,type:str]
akkoma-signing-salt: ENC[AES256_GCM,data:KtOdcHM8XLY=,iv:RXvLlSyPzK6HYFxwyKEnDw1llmfNC5ambqvGiAkVxnA=,tag:LLna293WAYoBlr0j3U6zkg==,type:str]
akkoma-vapid-private-key: ENC[AES256_GCM,data:D8Dh53yOgKrcsttJ36xyV1locXBV2BB2EG/rOfIctCbOItdsodtpMCAwRg==,iv:xzheaTo0b3szYGvZmc3ucPi9lYXJStznAUyWNQ9TATE=,tag:tHV5DUFuvq2F9yRFmHrQXQ==,type:str]
akkoma-vapid-public-key: ENC[AES256_GCM,data:HnUAyTq7dwa+A9L1X3YyxkiJ71BoZis5TdEPHJZkFRoiU5ZYu21xJW4R1H8xsCUDTaFTKLzdSNImVStIg1A+ex6UXLvsJwqM55P8ZnUm87V5KIsCimEm,iv:vVNoYubajEgqZIg6j9k6HjY/j4ib8A7MHGWPrJnkpCw=,tag:GBr2z4EGbn5vmFMWtY013w==,type:str]
akkoma-joken-signer: ENC[AES256_GCM,data:6GbXC7teDXxr0z7eBLm9EvJv59Bvd1FqRuBGntAH9YzM79MVUMsx4JnCZ+bPR9hLiIVgITeAc5djk2tiJewh6w==,iv:q7A8f7kocb1Go7acFkVSxdmhObPxpGlfbPgfrOXHEjg=,tag:lS4UNS1ivVZdmm8AMS/1MQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16yv7atd8n880ja98pksqqvunu2yw00660lkh4n0sg39j5vt3dujshyu95j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZlFKbFY4YjNnN3hhNTNw
V1N0ZVh6ZDJrSng4M1pBMWxqZTJmcUJLWUdNCm55K2RpVSs0NHNGK1F4K28xTk9q
UHVESitPSEs2eEZCT3RreWpVam80ZmMKLS0tIHJ4Q3pHOFVTOStBUGprR0FvRHhl
VzhmT3BzYy8veHhaZUtUSmxCZDh5V1kKsjFBNoqtUD44d8ImP/DcvS+gBkQJi/Vt
0NlkRRhWndFGss6gkcf7aIObHw9kAlU6RsspJt5Wte6ZLHj3eATkfA==
-----END AGE ENCRYPTED FILE-----
- recipient: age12m47c7xvqttncps0e79pwamzqa4nmnxekwumtwcv5ju6q74fufaqp9d0xh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTbVlQY1kzb3RxZG90RWlG
eUNBZlZPNUhEZXBqcFFUdTVXWUgyOFllMjB3Cm9lS09tdXZuYmpzUWJDSnI1OTlG
NDBlcWFBSDg3UnB2YVlMRUduTXZsaUUKLS0tIFkwTWxRNnVER3g1VVYzbURKM2ha
b09tcStFNWlrRVdBSFhZMVRaYkFGSE0KeHfPNNADsP6v0H9PihaKEDXWjun8ORsb
uQKLTz8wKTUk8JIFfY1g5iUqNxG+XvOQrSx/8Cepz+h/2sn3sAcaXw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vc8svd5277rjkgzg7frf04uaa45w3crhfvg628rqyrqmxul3q9nsjz6yxk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWFYzS1B1NVZBZDFNTXRv
TS9EOUd5Umw2c2pmUmhzb0ViUUsrZTBNQ0JnClZvajN4ODNYME11aXFiSmxZUlV3
eDlhTWFxSkF1UWlGVS9jZkk2SmlsKzQKLS0tIGE0TmNucGNiV2VJV1FnZmw4TEJy
aHpTLzdFeGZ6MVkzTmRjZit0U1I0Zk0Kd6DJlpqsqwwlAXC8Tl0AhijCQ8gHtFwX
VeTC0PsUdMxEoTq3mg4aM0M5AML4txDKRpFH4XkH9G6lgU9hNebXUA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ulmzprdmcd8r0w47a0nrrlg8melkjk6evl2rc54yh6lxkcfas36q6wrsv9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyS21pT3U4R3pjU255QVdV
NXgrTDhVT3IvVVQ4N051TkdFT3NJMWozRFhvCnloNmRROTdMZHpkSDB6L25vVWlX
RWNTM2czYmNKcUI5NTVZdmwvRWhmQ00KLS0tIElJTmI4aC9xVHk4dHF4cWtEQ0RQ
VTJzUUtIaklZVVVNS3JLOWZSbXJYWDgKHcnC1EQ9qSfCgnoNPUa1/fTWJd8zhSAA
+5aMUt6Ff4FF3I3e+CIbbTHZdpjgLoO3BgAYFMwn7iImjGDYTuSHQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lfjkch3pqaq3uwmjxyucpm2tws6llxqqjglj4yn49jkwkf50xvmqrl974e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiR1JnZzhpQzdYTll5cFhQ
em83Zjh0TjhIZmhRd3hHTVkwendPNzFNMUZJClNqb08vQjVTdjgvblN2YTJsOGZM
VU1udXh1NmFOS284ZFJQanNQN1JGbUkKLS0tICtla1RRdHo0TE54bm1YUGJ0R3Jw
WTdQMXdFMFJidTFyY3o3a080MUU0c3MKtG/7ruQyF9g++O3YHAhJO8MzflCtjYw3
HgzCF68X14ow/47/oKOPjlM19L8lO4a/sDtQ5RevDWn/+RQLY8mUlQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jnf94uq5ap96vk7nfk3qkr38ylhletc6pskj0ypc470d7gmt0qeqskdy5z
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPKzB6a0pyUTRWeExLaUFu
NzlsaEFDNFdkUFZQbmFiTDRObFIrZjBmd1dnCnBqa2l5N01CZ3Voay9vTTgyRmtk
V0JYM3NwVVlBVWwxS2o1QVpKSE9SRk0KLS0tIGNaWGxoczh0UG4wOGY1azlnWEtm
VGh2SVVSMDh5VnBoOWc1Mi92R1hPLzAKaCkUGHbc1rR6vMZX97cqH4OLhyM+MmMc
jPJ2pbrmdZwjHmBVhZUHb+Ow8x8lyERW6Z1mbr1F6eEd5of6dVJ23w==
-----END AGE ENCRYPTED FILE-----
- recipient: age12wakcnv487c5rkgv7z6umzywrqwcy6dgguq0dug6lxp64scjsq6sspkmgz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UzQ0OFBPZ1BFY0VGSHNF
V0tpTFZIdkVtbHE2RkVSZ2lqYi95eGwzbW5jCm9BS0tLZDhwRGhIRExNTjVvVDNy
RzUwWmdBMEUyMUpQSWhKK21ZWUNPeEUKLS0tIG9KdlpXaDFLckVhVlBQaWJxeVJm
dFZacUhiZDFxK0xZMDJJeCtQUmtuSGcKVz2TOsyw5F4mpFgbZnkWPjQPB7nSKkzd
96r8RHs8CrlSpBUP6TG6Q+Tz77G1XIgcZrN9EVyYCQB7zOukIdZ5zw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-19T01:51:10Z"
mac: ENC[AES256_GCM,data:dIOL/ovDcGbgLNFSNmlR/rneEcVtUQi0wGzLoJpzv3sT23DsiyXm4WZVShIz+Kjxsu6rFsRnqO6yGfHvA9aDE0Iz0DGPm4AgLl2pRq+cgPoTuZRnKptwLLNcCKXxWu74g0bBn6/PirYFcEK3hZN9gejA6910lFrHpsPdmiWVu94=,iv:HaBxBIpS+JWsKg38TuQP9VbsYYGKQjpq1UYWvxAC/MA=,tag:GrI57dalcj/sOwdX7I6lbA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

124
services/ipfs-cluster.nix
View File

@@ -1,124 +0,0 @@
## From https://github.com/NixOS/nixpkgs/pull/100871
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.ipfs-cluster;
# secret is by envvar, not flag
initFlags = toString [
(optionalString (cfg.initPeers != [ ]) "--peers")
(lib.strings.concatStringsSep "," cfg.initPeers)
];
in
{
###### interface
options = {
services.ipfs-cluster = {
enable = mkEnableOption
"Pinset orchestration for IPFS - requires ipfs daemon to be useful";
user = mkOption {
type = types.str;
default = "ipfs";
description = "User under which the ipfs-cluster daemon runs.";
};
group = mkOption {
type = types.str;
default = "ipfs";
description = "Group under which the ipfs-cluster daemon runs.";
};
consensus = mkOption {
type = types.enum [ "raft" "crdt" ];
description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/ipfs-cluster";
description = "The data dir for ipfs-cluster.";
};
initPeers = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Peer addresses to initialize with on first run.";
};
openSwarmPort = mkOption {
type = types.bool;
description = "Open swarm port, secured by the cluster secret. This does not expose the API or proxy. https://cluster.ipfs.io/documentation/guides/security/";
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
File containing the cluster secret in the format of EnvironmentFile as described by
<citerefentry><refentrytitle>systemd.exec</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>. For example:
<programlisting>
CLUSTER_SECRET=<replaceable>...</replaceable>
</programlisting>
if null, a new secret will be generated on first run.
A secret in the correct format can also be generated by: openssl rand -hex 32
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ipfs-cluster ];
systemd.tmpfiles.rules =
[ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
systemd.services.ipfs-cluster-init = {
path = [ "/run/wrappers" pkgs.ipfs-cluster ];
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "default.target" ];
serviceConfig = {
# "" clears exec list (man systemd.service -> execStart)
ExecStart = [
""
"${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
];
Type = "oneshot";
RemainAfterExit = true;
User = cfg.user;
Group = cfg.group;
} // optionalAttrs (cfg.secretFile != null) {
EnvironmentFile = cfg.secretFile;
};
unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
};
systemd.services.ipfs-cluster = {
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "multi-user.target" ];
wants = [ "ipfs-cluster-init.service" ];
after = [ "ipfs-cluster-init.service" ];
serviceConfig = {
ExecStart =
[ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ];
User = cfg.user;
Group = cfg.group;
} // optionalAttrs (cfg.secretFile != null) {
EnvironmentFile = cfg.secretFile;
};
};
networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];
};
}

3
shell.nix
View File

@@ -10,4 +10,5 @@
) )
{ {
src = ./.; src = ./.;
}).shellNix }
).shellNix

49
terraform/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,49 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/cloudflare/cloudflare" {
version = "4.52.0"
constraints = "~> 4.0"
hashes = [
"h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
"zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
"zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
"zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
"zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
"zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
"zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
"zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
"zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
"zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
"zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
"zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
"zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
"zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
]
}
provider "registry.opentofu.org/digitalocean/digitalocean" {
version = "2.49.2"
constraints = "~> 2.0"
hashes = [
"h1:JzS2Y+M1FEMa7/wbKqiCsLSfcUC/HAg9Cq+3HeJuZgo=",
"zh:0fdf521cd264fa17ade903673a96e30b017da1970950d7566d8efaeb7eeaa051",
"zh:1457402e4c5e588e1fc7dc4f360e994c06ab84b4822186e5d67cccef80d817de",
"zh:1b5f1e524cc74c8c9bfe214950972c054ddb24424b396b2c25a932938408dde5",
"zh:293f45fbed53f41b18b4212dee571617cd2968793aedb477958a0b01d640cfbc",
"zh:316dd02bc81d6aeea5fd38c0fe6819fc13696a5f239111e93f9c9730491c2df4",
"zh:32fa7a2a88a50f93025d9ece6b7d755e5c7931fc14f8336341c0939616224523",
"zh:52a977f7ecd480ca03a4a6821afa2de893966a8baa38834b1570ec2ae5b71ec9",
"zh:8c733467ff87aa98495a1c8cdb83d6c6fbaa93a329ff6611ef8ff11d86801321",
"zh:93352fe00a2ada0f188e8669c61283b708a602e10aa7d5ddda9302b24b47fe14",
"zh:9357cf59572b21c4b9d85c6cb22facf9d82cf037f8674b884b3a7be66a06f598",
"zh:a3286ecb621e052fba29c26737b093329c5bcd99d7d7c8fc470ce4695b129abd",
"zh:b66b7b8e37c3614a3e4083b118e6d0de63b90029471a94e5cbb7f44c6d36330d",
"zh:d06dd42935819ea454516edd24f980ca6c1e18ebb3c3e47f8ff4f4ef68fb06e4",
"zh:d89490c30f3e4f097d71af5075b126e5ec13983f3072275a5c0c468bf0df8a57",
"zh:de7d8114938c52920426ae94451edb26ba98583712545c480a69308506ec6a72",
"zh:f6a55d865a3f4ec3a79359bd30e4ef6e2742f1e02a1d934e44b41b092155fc45",
]
}

17
terraform/cloudflare_dns.tf Normal file
View File

@@ -0,0 +1,17 @@
locals {
account_id = "273a4698f673c012fd50161e46ceafdb"
}
resource "cloudflare_zone" "walkah_codes" {
account_id = local.account_id
zone = "walkah.codes"
}
resource "cloudflare_record" "walkah_codes" {
zone_id = cloudflare_zone.walkah_codes.id
name = "walkah.codes"
type = "A"
proxied = true
content = digitalocean_droplet.socrates.ipv4_address
}

9
terraform/digitalocean_droplets.tf Normal file
View File

@@ -0,0 +1,9 @@
resource "digitalocean_droplet" "socrates" {
name = "socrates"
image = "72067660"
size = "s-8vcpu-16gb"
backups = true
ipv6 = true
monitoring = true
}

21
terraform/main.tf Normal file
View File

@@ -0,0 +1,21 @@
terraform {
required_version = ">= 1.8.0"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 4.0"
}
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
provider "cloudflare" {
api_token = var.cloudflare_token
}
provider "digitalocean" {
token = var.do_token
}

6
terraform/variables.tf Normal file
View File

@@ -0,0 +1,6 @@
variable "cloudflare_token" {
type = string
}
variable "do_token" {
type = string
}

18
tsconfig.json
View File

@@ -1,18 +0,0 @@
{
"compilerOptions": {
"strict": true,
"outDir": "bin",
"target": "es2016",
"module": "commonjs",
"moduleResolution": "node",
"sourceMap": true,
"experimentalDecorators": true,
"pretty": true,
"noFallthroughCasesInSwitch": true,
"noImplicitReturns": true,
"forceConsistentCasingInFileNames": true
},
"files": [
"index.ts"
]
}

5
users/default.nix
View File

@@ -1,5 +0,0 @@
{ ... }:
{
imports = [ ./walkah.nix ];
}

13
users/walkah.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }:
{
users.users.walkah = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" "docker" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
];
};
}