diff --git a/Taskfile b/Taskfile index 2b78a26..cef244f 100755 --- a/Taskfile +++ b/Taskfile @@ -15,7 +15,7 @@ dump() { if [ -e "vm-$1.nix" ]; then sudo cp -f result/vzdump* /mnt/share/proxmox/dump/ elif [ -e "lxc-$1.nix" ]; then - sudo cp -f result/tarball/nixos-image-lxc-*.tar.xz "/mnt/share/proxmox/template/cache/$1.tar.xz" + sudo cp -f result/tarball/nixos-system-x86_64-linux.tar.xz "/mnt/share/proxmox/dump/$1.tar.xz" fi } @@ -34,15 +34,10 @@ get-ip() { deploy() { ip=$(get-ip "$1") - TMPDIR=/tmp nix-shell -p '(nixos{}).nixos-rebuild' --run \ + nix-shell -p '(nixos{}).nixos-rebuild' --run \ 'nixos-rebuild switch --flake .#'"$1"' --target-host admin@"'"$ip"'" --use-remote-sudo' } -jump-deploy() { - jump_ip=$(tailscale ip xalicas | head -n1) - env NIX_SSHOPTS="-J robert@$jump_ip" ./Taskfile deploy "$1" -} - ssh() { command "${2:-mosh}" admin@"$(get-ip "$1")" } diff --git a/flake.lock b/flake.lock index 51b517f..9ed5c8f 100644 --- a/flake.lock +++ b/flake.lock @@ -16,18 +16,36 @@ "type": "github" } }, - "nix-minecraft": { + "flake-utils": { "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", "systems": "systems" }, "locked": { - "lastModified": 1770520993, - "narHash": "sha256-ks1ZFBYlBmQ4CAM4WSmCFUtkUJzbmJ0VJH/JkKVMPqY=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1755914134, + "narHash": "sha256-RZNriojTbxeuCcytq/RlXQ7xJIDZPzGScPxWRft2fbM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "b32f4325880b4fac47b8736161a8f032dd248b70", + "rev": "f4f58df48f0ebd1c898a043790cd58dd95bc272c", "type": "github" }, "original": { @@ -38,11 +56,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -54,16 +72,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770464364, - "narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=", + "lastModified": 1755704039, + "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457", + "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 3278dc6..3726b2f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; }; @@ -30,16 +30,12 @@ outputs = { self, nixpkgs, ... }@inputs: majcraft = nixos-vma ./vm-majcraft.nix; homelab = nixos-vma ./vm-homelab.nix; metrics = nixos-lxc ./lxc-metrics.nix; - forge-runner = nixos-lxc ./lxc-forge-runner.nix; - ergo = nixos-lxc ./lxc-ergo.nix; }; packages.${system} = { majcraft = image "majcraft"; homelab = image "homelab"; metrics = lxc "metrics"; - forge-runner = lxc "forge-runner"; - ergo = lxc "ergo"; }; }; } diff --git a/lxc-ergo.nix b/lxc-ergo.nix deleted file mode 100644 index 1b35a9a..0000000 --- a/lxc-ergo.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ - pkgs, - lib, - ... -}: - -{ - imports = [ - ./lxc-base.nix - ]; - - config = { - my.vm = { - name = "ergo01"; - ip4 = "192.168.0.8"; - }; - - environment.systemPackages = with pkgs; [ - certbot - ]; - - networking.firewall.trustedInterfaces = [ "br-+" ]; - networking.firewall.allowedTCPPorts = [ - 8067 - 6697 - 443 - 80 - ]; - - virtualisation.docker = { - enable = true; - daemon.settings = { - fixed-cidr-v6 = "fd00::/80"; - ipv6 = true; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "admin+acme@dukeceph.xyz"; - }; - - services.nginx = { - enable = true; - virtualHosts."irc.dukeceph.xyz" = { - addSSL = true; - enableACME = true; - root = "/var/www/html"; - locations."/webirc".extraConfig = '' - proxy_pass http://127.0.0.1:8067; - proxy_read_timeout 600s; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - - users.groups."ergo" = { }; - users.users."ergo" = { - group = "ergo"; - isSystemUser = true; - }; - - services.ergochat = { - enable = true; - settings = { - network = { - name = "dukeceph.xyz"; - }; - server = { - name = "dukeceph.xyz"; - enforce-utf8 = true; - ip-cloaking = { - enabled = true; - netname = "dukeceph.xyz"; - }; - listeners = { - ":6697" = { - tls = { - cert = "/etc/letsencrypt/live/irc.dukeceph.xyz/fullchain.pem"; - key = "/etc/letsencrypt/live/irc.dukeceph.xyz/privkey.pem"; - }; - }; - ":8067" = { - websocket = true; - }; - }; - secure-nets = [ - "127.0.0.0/24" - "192.168.0.0/24" - ]; - }; - oper-classes = { - chat-moderator = { - title = "Chat Moderator"; - capabilities = [ - "kill" # disconnect user sessions - "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE) - "nofakelag" # exempted from "fakelag" restrictions on rate of message sending - "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block) - "vhosts" # add and remove vhosts from users - "sajoin" # join arbitrary channels, including private channels - "samode" # modify arbitrary channel and user modes - "snomasks" # subscribe to arbitrary server notice masks - "roleplay" # use the (deprecated) roleplay commands in any channel - ]; - }; - server-admin = { - title = "Server Admin"; - extends = "chat-moderator"; - capabilities = [ - "rehash" # rehash the server, i.e. reload the config at runtime - "accreg" # modify arbitrary account registrations - "chanreg" # modify arbitrary channel registrations - "history" # modify or delete history messages - "defcon" # use the DEFCON command (restrict server capabilities) - "massmessage" # message all users on the server - "metadata" # modify arbitrary metadata on channels and users - ]; - }; - }; - opers = { - duke = { - class = "server-admin"; - whois-line = "is the server administrator"; - password = "$2a$04$eEXmtfM76.qp3D7kJna7k.dF7xeeACwvxwxUM4.ysW5Kndk/S.drG"; - }; - }; - }; - }; - systemd.services.ergochat.serviceConfig.DynamicUser = lib.mkForce false; - systemd.services.ergochat.serviceConfig.User = "ergo"; - systemd.services.ergochat.serviceConfig.Group = "ergo"; - systemd.services.ergochat.restartIfChanged = false; - }; -} diff --git a/lxc-forge-runner.nix b/lxc-forge-runner.nix deleted file mode 100644 index 245c770..0000000 --- a/lxc-forge-runner.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - pkgs, - lib, - ... -}: - -{ - imports = [ - ./lxc-base.nix - ]; - - config = { - my.vm = { - name = "runner01"; - ip4 = "192.168.0.7"; - }; - - environment.systemPackages = with pkgs; [ - grafana-to-ntfy - ]; - - networking.extraHosts = '' - 192.168.0.2 xalicas - 192.168.0.3 proxmox - 192.168.0.4 craft01 - 192.168.0.5 lab01 - 192.168.0.6 metrics01 - 192.168.0.7 runner01 - 192.168.0.100 unifi - ''; - - networking.firewall.trustedInterfaces = [ "br-+" ]; - - virtualisation.docker = { - enable = true; - daemon.settings = { - fixed-cidr-v6 = "fd00::/80"; - ipv6 = true; - }; - }; - - services.gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.runner01 = { - enable = true; - name = "runner01"; - token = "E17wr2p2EH4krR5NIUokwsBhhdLCWNW5ahpEyjHY"; - url = "https://forge.rperce.net/"; - labels = [ - "node-22:docker://node:22-bookworm" - "nixos-latest:docker://nixos/nix" - "playwright-latest:docker://mcr.microsoft.com/playwright:v1.57.0-jammy" - ]; - # settings = { ... }; - }; - }; - }; -} diff --git a/lxc-metrics.nix b/lxc-metrics.nix index 9ec1d7b..207ec9e 100644 --- a/lxc-metrics.nix +++ b/lxc-metrics.nix @@ -17,7 +17,6 @@ environment.systemPackages = with pkgs; [ grafana-to-ntfy - curl ]; networking.extraHosts = '' @@ -26,11 +25,10 @@ 192.168.0.4 craft01 192.168.0.5 lab01 192.168.0.6 metrics01 - 192.168.0.7 runner01 192.168.0.100 unifi ''; - networking.firewall.allowedTCPPorts = [ + networking.firewall.allowedTCPPorts = [ 3000 # grafana 3001 # uptime-kuma ]; @@ -174,7 +172,7 @@ startAt = "daily"; postHook = '' if [ $exitStatus -eq 0 ]; then - /run/current-system/sw/bin/curl -sSL 'http://uptime.rperce.net/api/push/LmyyAawLzw?status=up&msg=OK&ping=' + curl -sSL http://metrics01:3001/api/push/LmyyAawLzw?status=up&msg=OK&ping= fi ''; }; diff --git a/vm-homelab.nix b/vm-homelab.nix index b76e5ee..d2d900b 100644 --- a/vm-homelab.nix +++ b/vm-homelab.nix @@ -35,9 +35,6 @@ in "barkeep.rperce.net".extraConfig = '' reverse_proxy http://192.168.0.2:8000 ''; - "crm.rperce.net".extraConfig = '' - reverse_proxy http://192.168.0.2:3000 - ''; "minecraft.dukeceph.xyz".extraConfig = '' reverse_proxy http://192.168.0.4:8080 ''; @@ -67,12 +64,6 @@ in header_up - Authorization } ''; - "grist.rperce.net".extraConfig = '' - reverse_proxy http://192.168.0.2:8484 - ''; - "irc.dukeceph.xyz".extraConfig = '' - reverse_proxy 192.168.0.8 - ''; }; }; @@ -114,7 +105,7 @@ in postHook = '' echo "exit $exitStatus" if [ $exitStatus -eq 0 ]; then - /run/current-system/sw/bin/curl -sSL 'http://192.168.0.6:3001/api/push/yTBTVZF8Bz?status=up&msg=OK&ping=' + /run/current-system/sw/bin/curl -sSL http://192.168.0.6:3001/api/push/yTBTVZF8Bz?status=up&msg=OK&ping= fi ''; };