Add extra SSH configurations to Marauder

Install blender on marauder
Roughly setup todo-app web server
2024-12-10 17:17:11 -08:00 · 2024-12-08 09:33:40 -08:00 · 2024-12-06 17:02:11 -08:00 · 2024-11-30 13:39:34 -08:00 · 2024-11-30 13:37:43 -08:00 · 2024-11-30 13:37:00 -08:00
10 changed files with 145 additions and 26 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -15,6 +15,7 @@
        common = import ./modules/common.nix;
        prompt = import ./modules/prompt.nix;
        server = import ./modules/server.nix;
+        zerotier = import ./modules/zerotier.nix;
      };

      nixosConfigurations = {
@@ -28,6 +29,11 @@
          modules = [ ./hosts/monolith ];
          specialArgs = { inherit self inputs secrets; };
        };
+        quasar = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [ ./hosts/quasar ];
+          specialArgs = { inherit self inputs secrets; };
+        };
      };
    };
 }
--- a/hosts/marauder/backup.nix
+++ b/hosts/marauder/backup.nix
@@ -1,11 +1,5 @@
 { pkgs, config, secrets, ... }:
 {
-  environment.systemPackages = with pkgs; [
-    restic
-    libnotify
-    backblaze-b2
-  ];
-
  systemd.services = {
    notify-backup-b2-failed = {
      description = "Notify on failed backup to B2";
@@ -26,8 +20,8 @@

  environment.etc = {
    "restic-env".text = ''
-      export B2_ACCOUNT_ID="${secrets.b2.accountId}"
-      export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
+      B2_ACCOUNT_ID="${secrets.b2.accountId}"
+      B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
    '';
    "restic-password".text = secrets.restic.password;
  };
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@@ -3,11 +3,16 @@
  imports = [
    self.nixosModules.common
    self.nixosModules.prompt
+    self.nixosModules.zerotier
    ./backup.nix
    ./dev.nix
+    ./printing.nix
  ];

-  networking.hostName = "marauder";
+  networking = {
+    hostName = "marauder";
+    firewall.enable = false;
+  };

  fileSystems = {
    "/" = {
@@ -84,8 +89,11 @@
      ffmpeg
      (callPackage ./ffcheck.nix { })

-      # Productivity
+      # Misc
      obsidian
+      intiface-central
+      prismlauncher
+      blender
    ]);
  };

@@ -95,6 +103,23 @@
    dedicatedServer.openFirewall = true;
  };

+  programs.ssh.extraConfig = ''
+    Host quasar
+      HostName consortium.chat
+      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
+
+    Host monolith
+      HostName 10.243.210.154
+
+    Host fennbox
+      HostName 10.243.109.199
+      User fenn
+  '';
+
+  programs.nix-ld = {
+    enable = true;
+  };
+
  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
--- a/hosts/marauder/printing.nix
+++ b/hosts/marauder/printing.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    system-config-printer
+  ];
+
+  services.printing = {
+    enable = true;
+  };
+
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+  };
+}
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -1,15 +1,17 @@
-{ self, ... }:
+{ self, pkgs, ... }:
 {
  imports = [
    self.nixosModules.common
    self.nixosModules.prompt
    self.nixosModules.server
+    self.nixosModules.zerotier
    ./dns.nix
  ];

  networking = {
    hostName = "monolith";
    hostId = "44551c32";
+    firewall.allowedTCPPorts = [ 8000 ];
  };

  fileSystems = {
@@ -38,6 +40,32 @@
    supportedFilesystems = [ "zfs" ];
  };

+  environment.systemPackages = with pkgs; [
+    rclone
+    beets
+    flac
+    screen
+    rustup
+    gcc
+    (callPackage ../marauder/ffcheck.nix { })
+  ];
+
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.navidrome = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      Address = "0.0.0.0";
+      MusicFolder = "/library/music";
+      Scanner.GroupAlbumReleases = "true";
+      ScanSchedule = "0";
+    };
+  };
+
  promptEmoji = "🏰";

  time.timeZone = "America/Los_Angeles";
--- a/hosts/monolith/dns.nix
+++ b/hosts/monolith/dns.nix
@@ -3,22 +3,16 @@
  systemd.services.update-dns = {
    serviceConfig.Type = "oneshot";
    description = "Update the leaf.ninja DNS records";
-    path = with pkgs; [ curl jq ];
+    path = with pkgs; [ curl ];
    script = ''
      public_ip=$(curl -s https://ifconfig.me/ip)
      endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
-      curl -s \
+      curl \
        -X PUT \
        -H "Authorization: Bearer ${secrets.gandi.token}" \
        -H "Content-Type: application/json" \
        -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        "$ENDPOINT/%2A/A" | jq
-      curl -s \
-        -X PUT \
-        -H "Authorization: Bearer ${secrets.gandi.token}" \
-        -H "Content-Type: application/json" \
-        -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        "$ENDPOINT/%40/A" | jq
+        $endpoint/ostiary/A
    '';
  };

--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@@ -0,0 +1,54 @@
+{ self, modulesPath, pkgs, config, secrets, ... }:
+{
+  imports = [
+    "${modulesPath}/virtualisation/amazon-image.nix"
+    self.nixosModules.common
+    self.nixosModules.prompt
+    self.nixosModules.server
+  ];
+
+  networking = {
+    hostName = "quasar";
+    domain = "consortium.chat";
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
+
+  services.postgresql = {
+    enable = true;
+  };
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "${config.networking.domain}".extraConfig = ''
+        reverse_proxy localhost:8008
+        header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
+      '';
+      "matrix.${config.networking.domain}".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+        reverse_proxy /_synapse/client/* localhost:8008
+      '';
+      "admin.${config.networking.domain}".extraConfig = ''
+        root * ${pkgs.synapse-admin}
+        file_server
+      '';
+    };
+  };
+
+  services.matrix-synapse = {
+    enable = true;
+    settings = {
+      server_name = config.networking.domain;
+      serve_server_wellknown = true;
+      registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
+      macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
+      form_secret = secrets.synapse."consortium.chat".form-secret;
+    };
+  };
+
+  promptEmoji = "🌟";
+
+  time.timeZone = "America/Los_Angeles";
+
+  system.stateVersion = "24.05";
+}
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -1,4 +1,4 @@
-{ pkgs, secrets, ... }:
+{ pkgs, ... }:
 {
  nixpkgs.config.allowUnfree = true;

@@ -41,11 +41,6 @@
    '';
  };

-  services.zerotierone = {
-    enable = true;
-    joinNetworks = secrets.zerotier.networks;
-  };
-
  environment.systemPackages = with pkgs; [
    git-crypt
    jq
--- a/modules/zerotier.nix
+++ b/modules/zerotier.nix
@@ -0,0 +1,7 @@
+{ secrets, ... }:
+{
+  services.zerotierone = {
+    enable = true;
+    joinNetworks = secrets.zerotier.networks;
+  };
+}
--- a/secrets.json
+++ b/secrets.json
Author	SHA1	Message	Date
Nettika	227bf853ab	Add extra SSH configurations to Marauder	2024-12-10 17:17:11 -08:00
Nettika	e7100daf2f	Install blender on marauder	2024-12-08 09:33:40 -08:00
Nettika	04069f02ec	Roughly setup todo-app web server	2024-12-06 17:02:11 -08:00
Nettika	4210857297	Add ffcheck util to monolith	2024-11-30 13:39:34 -08:00
Nettika	3136ec6762	Add screen util to monolith	2024-11-30 13:37:43 -08:00
Nettika	fc2a78b0db	Fix DNS updater	2024-11-30 13:37:00 -08:00
Nettika	bb77fc54d4	Add media services	2024-11-30 10:56:41 -08:00
Nettika	91f4fe8b13	Add intiface and minecraft	2024-11-13 16:41:53 -08:00
Nettika	8be0deed4b	Enable nix-ld	2024-10-10 15:08:09 -07:00
Nettika	9ed9e10931	Disable firewall	2024-10-10 15:06:29 -07:00
Nettika	75c76ef032	Fix restic daily backups	2024-10-06 18:35:00 -07:00
Nettika	0ebe8d1121	Serve Synapse Admin from quasar	2024-09-27 21:01:31 -07:00
Nettika	d80ae92464	Add system-control-printer to marauder	2024-09-27 21:01:31 -07:00
Nettika	883204e90e	Set synapse secrets	2024-09-27 21:01:31 -07:00
Nettika	0172e6af2b	Configure synapse on quasar	2024-09-26 00:40:56 -07:00
Nettika	66786c2455	Move zerotier out of the common module	2024-09-25 21:05:05 -07:00
Nettika	e30a5830ef	Add quasar host	2024-09-25 19:44:47 -07:00
Nettika	572cca2dd9	Configure printing on marauder	2024-09-25 16:20:21 -07:00