diff --git a/config/common/default.nix b/config/common/default.nix index 4c7d8a1..5b6b400 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -20,7 +20,38 @@ with lib; { linux-manual unzip zip + figlet ]; + + deployment.tags = [ "all" ]; + deployment.targetHost = mkDefault config.networking.fqdn; + deployment.targetPort = mkDefault 22; + deployment.targetUser = mkDefault null; + + nix.settings.trusted-users = [ "roo" "@wheel" ]; + security.dhparams.defaultBitSize = 4096; + + system.activationScripts.motd.text = let + cfg = config.system.nixos; + in '' + root=/nix/var/lib/deployment + mkdir -p $root + date "+%s" > $root/date + + cat << EOF > $root/motd + Welcome to ${cfg.distroName} ${cfg.release} ("${cfg.codeName}") on + $(${pkgs.figlet}/bin/figlet ${config.networking.hostName}).${config.networking.domain} + + Last deployed on $(date -d @$(cat "$deployment_folder/date")) + EOF + ''; + users.motdFile = "/nix/var/lib/deployment/motd"; + + nix.gc.automatic = true; + nix.gc.options = "--delete-older-than 7d"; + services.journald.extraConfig = "SystemMaxUse=256M"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + system.stateVersion = "23.11"; time.timeZone = mkDefault "CET"; } diff --git a/config/hosts/web-dus/configuration.nix b/config/hosts/web-dus/configuration.nix index d785865..a976db8 100644 --- a/config/hosts/web-dus/configuration.nix +++ b/config/hosts/web-dus/configuration.nix @@ -1,6 +1,7 @@ { config, inputs, pkgs, ... }: let bmpPort = 11019; + kyouma-www = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system}; autoIndex = '' autoindex on; autoindex_exact_size off; @@ -10,6 +11,7 @@ let in { imports = [ inputs.fernglas.nixosModules.default + inputs.kyouma-www.nixosModules.default ]; networking = { hostName = "web-dus"; @@ -22,6 +24,16 @@ in { ]; }; services.vnstat.enable = true; + services.vyosBld = { + enable = true; + output = "/nix/var/www/kyouma.net/vyos"; + buildFlags = { + architecture = "amd64"; + build-by = "noc@kyouma.net"; + build-type = "release"; + version = "1.5-$(date %Y%m%d)"; + }; + }; services.fernglas = { enable = true; settings = { @@ -39,10 +51,10 @@ in { }; services.nginx = { createHost = { - "miau.zip" = { root = "/persistent/www/kyouma.net"; }; + "miau.zip" = { root = kyouma-www.default; }; "www.miau.zip" = { redirectTo = "miau.zip"; }; "www.kyouma.net" = { redirectTo = "kyouma.net"; }; - "emily.cat" = { root = "/persistent/www/emily.cat/_site"; }; + "emily.cat" = { root = "/nix/var/www/emily.cat/_site"; }; "www.emily.cat" = { redirectTo = "kyouma.net"; }; "www.cocaine.trade" = { redirectTo = "cocaine.trade"; }; @@ -55,7 +67,7 @@ in { ''; }; "cocaine.trade" = { - root = "/persistent/basti/cocaine.trade"; + root = "/nix/var/www/basti/cocaine.trade"; extraConfig = ''error_page 404 /404.html;''; locations."/" = { index = "index.html"; @@ -65,17 +77,21 @@ in { }; "files.cocaine.trade" = { useACMEHost = "cocaine.trade"; - root = "/persistent/basti/files.cocaine.trade"; + root = "/nix/var/www/basti/files.cocaine.trade"; locations."/".extraConfig = autoIndex; }; "kyouma.net" = { - root = inputs.kyouma-www.packages.${config.nixpkgs.hostPlatform.system}.kyouma-www; + root = kyouma-www.default; locations = { - "/ihk/" = { - root = "/persistent/www/kyouma.net/ihk"; + "/assets/media/".root = kyouma-www.vid; + "/vyos/" = { + root = config.services.vyosBld.output; + extraConfig = autoIndex; + }; + "/ihk/" = { + root = "/nix/var/www/kyouma.net/ihk"; extraConfig = autoIndex; }; - "/vyos/".extraConfig = autoIndex; }; }; "lg.kyouma.net" = { diff --git a/flake.lock b/flake.lock index 1c6ca6b..34b4dda 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1705072719, - "narHash": "sha256-s898/by3aICymgFs870UVHfflv9ZT6kGFzElVXF/gMw=", + "lastModified": 1705415185, + "narHash": "sha256-3sAayXCMBqdEdKqAcGd41K2u0HYAWYu3J9rfIKBfLR4=", "ref": "refs/heads/main", - "rev": "2ab1f3aa7aea531078a537bd56aa53c2242e0d4e", - "revCount": 7, + "rev": "d2fa7e29cdb68657be67f869383b37ab0dbf168f", + "revCount": 28, "type": "git", "url": "ssh://git@git.bsd.gay/snaki/kyouma-net.git" }, @@ -107,11 +107,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1704722960, - "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", + "lastModified": 1705133751, + "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", + "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b3a132f..ff0ea03 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,13 @@ }; outputs = { self, nixpkgs, nixos-hardware, fernglas, kyouma-www, ... }@inputs: { + colmena = { + meta = { + allowApplyAll = false; + nixpkgs = self.legacyPackages.x86_64-linux; + specialArgs = { inherit inputs; }; + }; + }; nixosConfigurations = { web02 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -19,6 +26,16 @@ ./config/hosts/web-dus/configuration.nix ]; }; + crime = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + .config/common + .config/common-lxc.nix + .config/common-nginx.nix + .config/hosts/crime/configuration.nix + ]; + }; # ryuuko = nixpkgs.lib.nixosSystem { # system = "x86_64-linux"; # specialArgs = attrs;