initial commit
This commit is contained in:
commit
6f28880d89
|
@ -0,0 +1,7 @@
|
||||||
|
.vscode
|
||||||
|
result
|
||||||
|
.direnv
|
||||||
|
*.qcow2
|
||||||
|
source
|
||||||
|
.envrc
|
||||||
|
*.img
|
|
@ -0,0 +1,22 @@
|
||||||
|
The MIT License (MIT)
|
||||||
|
=====================
|
||||||
|
|
||||||
|
**Copyright (c) 2022 Fernando Ayats (ayatsfer@gmail.com)**
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||||
|
of the Software, and to permit persons to whom the Software is furnished to do
|
||||||
|
so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
|
@ -0,0 +1,38 @@
|
||||||
|
#+begin_quote
|
||||||
|
The Golgi apparatus is responsible for transporting, modifying, and packaging
|
||||||
|
proteins and lipids into vesicles for delivery to targeted destinations. It is
|
||||||
|
located in the cytoplasm next to the endoplasmic reticulum and near the cell
|
||||||
|
nucleus. --- Encyclopedia Britanica
|
||||||
|
#+end_quote
|
||||||
|
|
||||||
|
This server will be an apparatus for better managing my personal projects. It
|
||||||
|
sits near the idea-generation and idea-translation components of my workflow. It
|
||||||
|
will be responsible for storing my work as a remote repository, transporting the
|
||||||
|
work between local development machines, and as a web server to improve the ease
|
||||||
|
of access of my work, both for myself and anybody curious.
|
||||||
|
|
||||||
|
Let's hope it works well.
|
||||||
|
|
||||||
|
* Setup
|
||||||
|
|
||||||
|
I'm using Hetnezer as a host. Their value for money with VPS offerings is pretty
|
||||||
|
alluring.
|
||||||
|
|
||||||
|
Additionally I've found a handy [[https://ayats.org/blog/deploy-rs-example/][blog post]] about =deploy-rs= on Hetzner, which is
|
||||||
|
remarkably convenient. They were even kind enough to link to a [[https://github.com/viperML/deploy-rs-example][repo]] which I've
|
||||||
|
shamelessly used as a starting point.
|
||||||
|
|
||||||
|
|
||||||
|
Unfortunately, Hetnezer doesn't offer a NixOS image, but they do allow you to
|
||||||
|
mount a NixOS install volume (22.05 as of writing) to your server after creating
|
||||||
|
it. After doing so, starting the VM we can get it set up simply with:
|
||||||
|
|
||||||
|
#+begin_src shell
|
||||||
|
sudo -s
|
||||||
|
nix-shell -p git
|
||||||
|
git clone https://github.com/tecosaur/golgi
|
||||||
|
cd golgi
|
||||||
|
./install.sh
|
||||||
|
# wait a bit, then create root password
|
||||||
|
shutdown -h now
|
||||||
|
#+end_src
|
|
@ -0,0 +1,115 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"deploy-rs": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"utils": "utils"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1653594315,
|
||||||
|
"narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=",
|
||||||
|
"owner": "serokell",
|
||||||
|
"repo": "deploy-rs",
|
||||||
|
"rev": "184349d8149436748986d1bdba087e4149e9c160",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "serokell",
|
||||||
|
"repo": "deploy-rs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1648199409,
|
||||||
|
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1644229661,
|
||||||
|
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils-plus": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1657226504,
|
||||||
|
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1658985539,
|
||||||
|
"narHash": "sha256-aRVZGndeuUct3S3T6vqOO64D9qY1F7qNTljd0zuwzak=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "174e938d593817f2eb5ae363684dea7c412eb96a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-22.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"deploy-rs": "deploy-rs",
|
||||||
|
"flake-utils-plus": "flake-utils-plus",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1648297722,
|
||||||
|
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
|
@ -0,0 +1,58 @@
|
||||||
|
{
|
||||||
|
description = "My server flake";
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = github:NixOS/nixpkgs/nixos-22.05;
|
||||||
|
flake-utils-plus.url = github:gytis-ivaskevicius/flake-utils-plus;
|
||||||
|
deploy-rs = {
|
||||||
|
url = github:serokell/deploy-rs;
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = inputs@{ self, nixpkgs, flake-utils-plus, ... }:
|
||||||
|
let
|
||||||
|
nixosModules = flake-utils-plus.lib.exportModules (
|
||||||
|
nixpkgs.lib.mapAttrsToList (name: value: ./nixosModules/${name}) (builtins.readDir ./nixosModules)
|
||||||
|
);
|
||||||
|
in
|
||||||
|
flake-utils-plus.lib.mkFlake {
|
||||||
|
inherit self inputs nixosModules;
|
||||||
|
|
||||||
|
hosts = {
|
||||||
|
golgi.modules = with nixosModules; [
|
||||||
|
common
|
||||||
|
admin
|
||||||
|
hardware-hetzner
|
||||||
|
# docker
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
deploy.nodes = {
|
||||||
|
my-node = {
|
||||||
|
hostname = "5.161.98.27";
|
||||||
|
fastConnection = false;
|
||||||
|
profiles = {
|
||||||
|
my-profile = {
|
||||||
|
sshUser = "admin";
|
||||||
|
path =
|
||||||
|
inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.golgi;
|
||||||
|
user = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
outputsBuilder = (channels: {
|
||||||
|
devShell = channels.nixpkgs.mkShell {
|
||||||
|
name = "my-deploy-shell";
|
||||||
|
buildInputs = with channels.nixpkgs; [
|
||||||
|
nixUnstable
|
||||||
|
inputs.deploy-rs.defaultPackage.${system}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p bash gptfdisk util-linux btrfs-progs
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
if [ "$EUID" -ne 0 ]
|
||||||
|
then echo "Please run as root for mount permissions!"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
BTRFS_OPTS="compress=zstd,noatime"
|
||||||
|
MNT="/mnt"
|
||||||
|
TARGET="/dev/sda"
|
||||||
|
|
||||||
|
# GPT labels
|
||||||
|
# /dev/sda1 -> BIOS boot
|
||||||
|
# /dev/sda2 -> BTRFS partition, with
|
||||||
|
# @rootfs mounted at /
|
||||||
|
# @nix mounted at /nix
|
||||||
|
# @boot mounted at /boot
|
||||||
|
# @swap mounted at /swap
|
||||||
|
|
||||||
|
# Mount everything at /mnt to install the system
|
||||||
|
|
||||||
|
sgdisk --zap-all "${TARGET}"
|
||||||
|
sgdisk -a1 -n1:2048:4095 -t1:EF02 "${TARGET}"
|
||||||
|
sgdisk -n2:0:0 -t2:8300 "${TARGET}"
|
||||||
|
|
||||||
|
fdisk -l "${TARGET}"
|
||||||
|
|
||||||
|
mkfs.btrfs -f -L NIXOS "${TARGET}2"
|
||||||
|
|
||||||
|
mkdir -p "${MNT}"
|
||||||
|
umount -R "${MNT}" || :
|
||||||
|
mount "${TARGET}2" "${MNT}"
|
||||||
|
btrfs subvolume create "${MNT}"/@rootfs
|
||||||
|
btrfs subvolume create "${MNT}"/@nix
|
||||||
|
btrfs subvolume create "${MNT}"/@boot
|
||||||
|
btrfs subvolume create "${MNT}"/@swap
|
||||||
|
umount "${MNT}"
|
||||||
|
|
||||||
|
mount -o "$BTRFS_OPTS,subvol=@rootfs" "${TARGET}2" "${MNT}"
|
||||||
|
mkdir "${MNT}"/{nix,boot,swap}
|
||||||
|
mount -o "$BTRFS_OPTS,subvol=@nix" "${TARGET}2" "${MNT}"/nix
|
||||||
|
mount -o "$BTRFS_OPTS,subvol=@swap" "${TARGET}2" "${MNT}"/swap
|
||||||
|
mount -o "$BTRFS_OPTS,subvol=@boot" "${TARGET}2" "${MNT}"/boot
|
||||||
|
|
||||||
|
findmnt -R --target "${MNT}"
|
||||||
|
|
||||||
|
# .#golgi is our hostname defined by our flake
|
||||||
|
nix-shell -p nixUnstable -p git --run "nixos-install --root ${MNT} --flake .#golgi"
|
||||||
|
umount -R /mnt
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users.admin = {
|
||||||
|
name = "admin";
|
||||||
|
initialPassword = "1234";
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZZqcJOLdN+QFHKyW8ST2zz750+8TdvO9IT5geXpQVt tec@tranquillity" ];
|
||||||
|
};
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
nix.trustedUsers = [ "@wheel" ]; # https://github.com/serokell/deploy-rs/issues/25
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, pkgs, inputs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
time.timeZone = "UTC";
|
||||||
|
services.openssh = { enable = true; };
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
# Currently needed for flake support, might not be needed in the future
|
||||||
|
package = pkgs.nixUnstable;
|
||||||
|
|
||||||
|
extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
|
||||||
|
# from flake-utils-plus
|
||||||
|
# Sets NIX_PATH to follow this flake's nix inputs
|
||||||
|
# So legacy nix-channel is not needed
|
||||||
|
generateNixPathFromInputs = true;
|
||||||
|
linkInputs = true;
|
||||||
|
# Pin our nixpkgs flake to the one used to build the system
|
||||||
|
generateRegistryFromInputs = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set the system revision to the flake revision
|
||||||
|
# You can query this value with: $ nix-info -m
|
||||||
|
system.configurationRevision = (if inputs.self ? rev then inputs.self.rev else null);
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
users.users.admin.extraGroups = [ "docker" ];
|
||||||
|
}
|
|
@ -0,0 +1,71 @@
|
||||||
|
{ config, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
# systemd-timesyncd failed beacuse it didn't wait for network
|
||||||
|
systemd.services.systemd-timesyncd.after = [ "network-online.target" ];
|
||||||
|
systemd.services.systemd-timesyncd.wants = [ "network-online.target" ];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
device = "/dev/sda";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/NIXOS";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@rootfs" "noatime" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/NIXOS";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@nix" "noatime" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/NIXOS";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@boot" "noatime" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/swap" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@swap" "noatime" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
create-swapfile = {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
wantedBy = [ "swap-swapfile.swap" ];
|
||||||
|
script = ''
|
||||||
|
${pkgs.coreutils}/bin/truncate -s 0 /swap/swapfile
|
||||||
|
${pkgs.e2fsprogs}/bin/chattr +C /swap/swapfile
|
||||||
|
${pkgs.btrfs-progs}/bin/btrfs property set /swap/swapfile compression none
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [{
|
||||||
|
device = "/swap/swapfile";
|
||||||
|
size = (1024 * 2);
|
||||||
|
}];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in New Issue