kolyma-4

.gitignore

@@ -19,3 +19,5 @@ Cargo.lock
 result
 result-*
 
+# Ignore nohup
+nohup.out

flake.nix

@@ -156,6 +156,13 @@
             ./nixos/kolyma-3/configuration.nix
           ];
         };
+        "Kolyma-4" = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs outputs; };
+          modules = [
+            # > Our main nixos configuration file <
+            ./nixos/kolyma-4/configuration.nix
+          ];
+        };
       };
 
       # Development shells

modules/nixos/default.nix

@@ -5,6 +5,7 @@
   ssh = import ./ssh.nix;
   zsh = import ./zsh.nix;
   users = import ./users;
+  root = import ./root.nix;
   maid = import ./maid.nix;
   boot = import ./boot.nix;
   motd = import ./motd.nix;

modules/nixos/root.nix

@@ -0,0 +1,11 @@
+{ config
+, lib
+, pkgs
+, inputs
+, ...
+}: {
+  config = {
+    # To be able to SSH into the system on emergency
+    users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ];
+  };
+}

modules/server/caddy/default.nix

@@ -3,4 +3,5 @@
   kolyma-1 = import ./kolyma-1.nix;
   kolyma-2 = import ./kolyma-2.nix;
   kolyma-3 = import ./kolyma-3.nix;
+  kolyma-4 = import ./kolyma-4.nix;
 }

modules/server/caddy/kolyma-4.nix

@@ -0,0 +1,32 @@
+{ config
+, lib
+, pkgs
+, ...
+}: {
+  config = {
+    # Configure Caddy
+    services.caddy = {
+      # Enable the Caddy web server
+      enable = true;
+
+      # Define a simple virtual host
+      virtualHosts = {
+        "kolyma.uz" = {
+          serverAliases = [
+            "www.kolyma.uz"
+            "ns4.kolyma.uz"
+            "http://65.109.74.214"
+            "http://2a01:4f9:3071:31ce::"
+          ];
+          extraConfig = ''
+            reverse_proxy 127.0.0.1:8440
+          '';
+        };
+      };
+    };
+
+    # Ensure the firewall allows HTTP and HTTPS traffic
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 80 443 ];
+  };
+}

modules/server/container/default.nix

@@ -3,4 +3,5 @@
   kolyma-1 = import ./kolyma-1.nix;
   kolyma-2 = import ./kolyma-2.nix;
   kolyma-3 = import ./kolyma-3.nix;
+  kolyma-4 = import ./kolyma-4.nix;
 }

modules/server/container/kolyma-4.nix

@@ -0,0 +1,28 @@
+{ config
+, lib
+, pkgs
+, outputs
+, ...
+}: {
+  imports = [
+    outputs.nixosModules.docker
+  ];
+
+  virtualisation.oci-containers.containers = {
+    #  _       __     __         _ __
+    # | |     / /__  / /_  _____(_) /____
+    # | | /| / / _ \/ __ \/ ___/ / __/ _ \
+    # | |/ |/ /  __/ /_/ (__  ) / /_/  __/
+    # |__/|__/\___/_.___/____/_/\__/\___/
+    website = {
+      image = "ghcr.io/kolyma-labs/gate@sha256:2a1cfdfe8e78aa4173c260f5f1a40640785e182ca4aebfe09dc7b0544c4c24fd";
+      ports = [ "8440:80" ];
+    };
+  };
+
+  # Necessary firewall rules for docker containers
+  # networking.firewall.allowedUDPPorts = [
+  # ];
+  # networking.firewall.allowedTCPPorts = [
+  # ];
+}

nixos/kolyma-1/configuration.nix

@@ -13,6 +13,7 @@
     outputs.nixosModules.data
     outputs.nixosModules.maid
     outputs.nixosModules.motd
+    outputs.nixosModules.root
     outputs.nixosModules.network
     outputs.nixosModules.nixpkgs
 
@@ -35,9 +36,6 @@
   # Don't ask for password
   security.sudo.wheelNeedsPassword = false;
 
-  # To be able to SSH into the system on emergency
-  users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ];
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

nixos/kolyma-2/configuration.nix

@@ -13,6 +13,7 @@
     outputs.nixosModules.data
     outputs.nixosModules.maid
     outputs.nixosModules.motd
+    outputs.nixosModules.root
     outputs.nixosModules.network
     outputs.nixosModules.nixpkgs
 
@@ -35,9 +36,6 @@
   # Don't ask for password
   security.sudo.wheelNeedsPassword = false;
 
-  # To be able to SSH into the system on emergency
-  users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ];
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

nixos/kolyma-3/configuration.nix

@@ -13,6 +13,7 @@
     outputs.nixosModules.data
     outputs.nixosModules.maid
     outputs.nixosModules.motd
+    outputs.nixosModules.root
     outputs.nixosModules.network
     outputs.nixosModules.nixpkgs
 
@@ -47,9 +48,6 @@
   # Don't ask for password
   security.sudo.wheelNeedsPassword = false;
 
-  # To be able to SSH into the system on emergency
-  users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ];
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

nixos/kolyma-4/configuration.nix

@@ -0,0 +1,57 @@
+{ inputs
+, outputs
+, lib
+, config
+, pkgs
+, ...
+}:
+{
+  imports = [
+    # If you want to use modules your own flake exports (from modules/nixos):
+    outputs.nixosModules.ssh
+    outputs.nixosModules.zsh
+    outputs.nixosModules.boot
+    outputs.nixosModules.data
+    outputs.nixosModules.maid
+    outputs.nixosModules.motd
+    outputs.nixosModules.root
+    outputs.nixosModules.network
+    outputs.nixosModules.nixpkgs
+
+    # User configs
+    outputs.nixosModules.users.sakhib
+    outputs.nixosModules.users.sardor
+
+    # Import your deployed service list
+    ./services.nix
+
+    # Import your generated (nixos-generate-config) hardware configuration
+    ./hardware-configuration.nix
+
+    # Home Manager NixOS Module
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  # Hostname of the system
+  networking.hostName = "Kolyma-4";
+
+  # Entirely disable hibernation
+  systemd.sleep.extraConfig = ''
+    AllowSuspend=no
+    AllowHibernation=no
+    AllowHybridSleep=no
+    AllowSuspendThenHibernate=no
+  '';
+
+  # Don't ask for password
+  security.sudo.wheelNeedsPassword = false;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "24.05";
+}

nixos/kolyma-4/hardware-configuration.nix

@@ -0,0 +1,55 @@
+{ config
+, lib
+, pkgs
+, modulesPath
+, ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.bios = {
+    enable = true;
+    uefi = true;
+    raided = true;
+    mirrors = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
+  };
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/76f237de-5eb6-4241-894e-d024a29685c8";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/852A-FFFC";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/82953896-b081-4cc7-ad7b-c82c12a076ef"; }];
+
+  network = {
+    enable = true;
+
+    ipv4 = {
+      enable = true;
+      address = "65.109.74.214";
+    };
+
+    ipv6 = {
+      enable = true;
+      address = "2a01:4f9:3071:31ce::";
+    };
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/kolyma-4/services.nix

@@ -0,0 +1,12 @@
+{ config
+, lib
+, pkgs
+, outputs
+, ...
+}: {
+  # Deployed Services
+  imports = [
+    outputs.serverModules.caddy.kolyma-4
+    outputs.serverModules.container.kolyma-4
+  ];
+}