From 8aee036e83cfdd558903749798ffb1de1a55fcf3 Mon Sep 17 00:00:00 2001 From: Sokhibjon Orzikulov Date: Sun, 15 Sep 2024 22:38:46 +0500 Subject: [PATCH] kolyma-4 --- .gitignore | 2 + flake.nix | 7 +++ modules/nixos/default.nix | 1 + modules/nixos/root.nix | 11 +++++ modules/server/caddy/default.nix | 1 + modules/server/caddy/kolyma-4.nix | 32 +++++++++++++ modules/server/container/default.nix | 1 + modules/server/container/kolyma-4.nix | 28 +++++++++++ nixos/kolyma-1/configuration.nix | 4 +- nixos/kolyma-2/configuration.nix | 4 +- nixos/kolyma-3/configuration.nix | 4 +- nixos/kolyma-4/configuration.nix | 57 +++++++++++++++++++++++ nixos/kolyma-4/hardware-configuration.nix | 55 ++++++++++++++++++++++ nixos/kolyma-4/services.nix | 12 +++++ 14 files changed, 210 insertions(+), 9 deletions(-) create mode 100644 modules/nixos/root.nix create mode 100644 modules/server/caddy/kolyma-4.nix create mode 100644 modules/server/container/kolyma-4.nix create mode 100644 nixos/kolyma-4/configuration.nix create mode 100644 nixos/kolyma-4/hardware-configuration.nix create mode 100644 nixos/kolyma-4/services.nix diff --git a/.gitignore b/.gitignore index 7eaa9ba..3278daf 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,5 @@ Cargo.lock result result-* +# Ignore nohup +nohup.out diff --git a/flake.nix b/flake.nix index 79d770d..73fd861 100644 --- a/flake.nix +++ b/flake.nix @@ -156,6 +156,13 @@ ./nixos/kolyma-3/configuration.nix ]; }; + "Kolyma-4" = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + # > Our main nixos configuration file < + ./nixos/kolyma-4/configuration.nix + ]; + }; }; # Development shells diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index b81601a..08c5114 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,6 +5,7 @@ ssh = import ./ssh.nix; zsh = import ./zsh.nix; users = import ./users; + root = import ./root.nix; maid = import ./maid.nix; boot = import ./boot.nix; motd = import ./motd.nix; diff --git a/modules/nixos/root.nix b/modules/nixos/root.nix new file mode 100644 index 0000000..baa74f0 --- /dev/null +++ b/modules/nixos/root.nix @@ -0,0 +1,11 @@ +{ config +, lib +, pkgs +, inputs +, ... +}: { + config = { + # To be able to SSH into the system on emergency + users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ]; + }; +} diff --git a/modules/server/caddy/default.nix b/modules/server/caddy/default.nix index 0a22956..888e543 100644 --- a/modules/server/caddy/default.nix +++ b/modules/server/caddy/default.nix @@ -3,4 +3,5 @@ kolyma-1 = import ./kolyma-1.nix; kolyma-2 = import ./kolyma-2.nix; kolyma-3 = import ./kolyma-3.nix; + kolyma-4 = import ./kolyma-4.nix; } diff --git a/modules/server/caddy/kolyma-4.nix b/modules/server/caddy/kolyma-4.nix new file mode 100644 index 0000000..27aa48c --- /dev/null +++ b/modules/server/caddy/kolyma-4.nix @@ -0,0 +1,32 @@ +{ config +, lib +, pkgs +, ... +}: { + config = { + # Configure Caddy + services.caddy = { + # Enable the Caddy web server + enable = true; + + # Define a simple virtual host + virtualHosts = { + "kolyma.uz" = { + serverAliases = [ + "www.kolyma.uz" + "ns4.kolyma.uz" + "http://65.109.74.214" + "http://2a01:4f9:3071:31ce::" + ]; + extraConfig = '' + reverse_proxy 127.0.0.1:8440 + ''; + }; + }; + }; + + # Ensure the firewall allows HTTP and HTTPS traffic + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 80 443 ]; + }; +} diff --git a/modules/server/container/default.nix b/modules/server/container/default.nix index 5c469c8..3616382 100644 --- a/modules/server/container/default.nix +++ b/modules/server/container/default.nix @@ -3,4 +3,5 @@ kolyma-1 = import ./kolyma-1.nix; kolyma-2 = import ./kolyma-2.nix; kolyma-3 = import ./kolyma-3.nix; + kolyma-4 = import ./kolyma-4.nix; } diff --git a/modules/server/container/kolyma-4.nix b/modules/server/container/kolyma-4.nix new file mode 100644 index 0000000..ba252f4 --- /dev/null +++ b/modules/server/container/kolyma-4.nix @@ -0,0 +1,28 @@ +{ config +, lib +, pkgs +, outputs +, ... +}: { + imports = [ + outputs.nixosModules.docker + ]; + + virtualisation.oci-containers.containers = { + # _ __ __ _ __ + # | | / /__ / /_ _____(_) /____ + # | | /| / / _ \/ __ \/ ___/ / __/ _ \ + # | |/ |/ / __/ /_/ (__ ) / /_/ __/ + # |__/|__/\___/_.___/____/_/\__/\___/ + website = { + image = "ghcr.io/kolyma-labs/gate@sha256:2a1cfdfe8e78aa4173c260f5f1a40640785e182ca4aebfe09dc7b0544c4c24fd"; + ports = [ "8440:80" ]; + }; + }; + + # Necessary firewall rules for docker containers + # networking.firewall.allowedUDPPorts = [ + # ]; + # networking.firewall.allowedTCPPorts = [ + # ]; +} diff --git a/nixos/kolyma-1/configuration.nix b/nixos/kolyma-1/configuration.nix index e7dd268..08601a5 100644 --- a/nixos/kolyma-1/configuration.nix +++ b/nixos/kolyma-1/configuration.nix @@ -13,6 +13,7 @@ outputs.nixosModules.data outputs.nixosModules.maid outputs.nixosModules.motd + outputs.nixosModules.root outputs.nixosModules.network outputs.nixosModules.nixpkgs @@ -35,9 +36,6 @@ # Don't ask for password security.sudo.wheelNeedsPassword = false; - # To be able to SSH into the system on emergency - users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ]; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/nixos/kolyma-2/configuration.nix b/nixos/kolyma-2/configuration.nix index e3a4f39..e35d63c 100644 --- a/nixos/kolyma-2/configuration.nix +++ b/nixos/kolyma-2/configuration.nix @@ -13,6 +13,7 @@ outputs.nixosModules.data outputs.nixosModules.maid outputs.nixosModules.motd + outputs.nixosModules.root outputs.nixosModules.network outputs.nixosModules.nixpkgs @@ -35,9 +36,6 @@ # Don't ask for password security.sudo.wheelNeedsPassword = false; - # To be able to SSH into the system on emergency - users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ]; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/nixos/kolyma-3/configuration.nix b/nixos/kolyma-3/configuration.nix index 04b6697..469e370 100644 --- a/nixos/kolyma-3/configuration.nix +++ b/nixos/kolyma-3/configuration.nix @@ -13,6 +13,7 @@ outputs.nixosModules.data outputs.nixosModules.maid outputs.nixosModules.motd + outputs.nixosModules.root outputs.nixosModules.network outputs.nixosModules.nixpkgs @@ -47,9 +48,6 @@ # Don't ask for password security.sudo.wheelNeedsPassword = false; - # To be able to SSH into the system on emergency - users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAGqU+JleLM0T44P2quirtLPrhFExOi6EOe0GYXkTFcTSjhw9LqiuX1/FbqNdKTaP9k6CdV3xc/8Z5wxbNOhpcPi9XLoupv9oNyIew7QYl+ZoAck6/qPsM7uptGYCwo0/ErzPNLd3ERD3KT1axCqrI6rWJ+JFOMAPtGeAZZxIedksViZ5SuNhpzXCIzS2PACqDTxFj7JwXK/pQ200h9ZS0MSh7iLKggXQfRVDndJxRnVY69NmbRa4MqkjgyxqWSDbqrDAXuTHpqKJ5kpXJ6p2a82EIHcCwXXpEmLwKxatxWJWJb9nurm3aS74BYmT3pRVVSPC6n5a2LWN9GxzvVh3AXXZtWGvjXSqBxHdSyUoDPuZnDneycdRC5vs6I1jSGTyDFdc4Etq1M5uUYb6SqCjJIBvTNqVnOf8nzFwl/ENvc8sbIVtILgAbBdwDiiQSu8xppqWMZfkQJy+uI5Ok7TZ8o5rGIblzfKyTiljCQb7RO7Klg3TwysetREn8ZEykBx0= This world soon will cherish into my darkness of my madness'' ]; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/nixos/kolyma-4/configuration.nix b/nixos/kolyma-4/configuration.nix new file mode 100644 index 0000000..dd38465 --- /dev/null +++ b/nixos/kolyma-4/configuration.nix @@ -0,0 +1,57 @@ +{ inputs +, outputs +, lib +, config +, pkgs +, ... +}: +{ + imports = [ + # If you want to use modules your own flake exports (from modules/nixos): + outputs.nixosModules.ssh + outputs.nixosModules.zsh + outputs.nixosModules.boot + outputs.nixosModules.data + outputs.nixosModules.maid + outputs.nixosModules.motd + outputs.nixosModules.root + outputs.nixosModules.network + outputs.nixosModules.nixpkgs + + # User configs + outputs.nixosModules.users.sakhib + outputs.nixosModules.users.sardor + + # Import your deployed service list + ./services.nix + + # Import your generated (nixos-generate-config) hardware configuration + ./hardware-configuration.nix + + # Home Manager NixOS Module + inputs.home-manager.nixosModules.home-manager + ]; + + # Hostname of the system + networking.hostName = "Kolyma-4"; + + # Entirely disable hibernation + systemd.sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + AllowHybridSleep=no + AllowSuspendThenHibernate=no + ''; + + # Don't ask for password + security.sudo.wheelNeedsPassword = false; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.05"; +} diff --git a/nixos/kolyma-4/hardware-configuration.nix b/nixos/kolyma-4/hardware-configuration.nix new file mode 100644 index 0000000..84d684f --- /dev/null +++ b/nixos/kolyma-4/hardware-configuration.nix @@ -0,0 +1,55 @@ +{ config +, lib +, pkgs +, modulesPath +, ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ]; + boot.initrd.kernelModules = [ "nvme" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.bios = { + enable = true; + uefi = true; + raided = true; + mirrors = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + }; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/76f237de-5eb6-4241-894e-d024a29685c8"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/852A-FFFC"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/82953896-b081-4cc7-ad7b-c82c12a076ef"; }]; + + network = { + enable = true; + + ipv4 = { + enable = true; + address = "65.109.74.214"; + }; + + ipv6 = { + enable = true; + address = "2a01:4f9:3071:31ce::"; + }; + }; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/kolyma-4/services.nix b/nixos/kolyma-4/services.nix new file mode 100644 index 0000000..825ebbe --- /dev/null +++ b/nixos/kolyma-4/services.nix @@ -0,0 +1,12 @@ +{ config +, lib +, pkgs +, outputs +, ... +}: { + # Deployed Services + imports = [ + outputs.serverModules.caddy.kolyma-4 + outputs.serverModules.container.kolyma-4 + ]; +}