nixos/machines/rubusidaeus/default.nix

{ config, pkgs, lib, secrets, ... }:

let
  my = import ../..;
  ipv6_subnet = "2a05:3580:e41a:d600";
  ipv6_prefix = 64;
  ipv4_gateway = "192.168.1.1";
  ipv4_address = "192.168.1.3";
  ipv4_prefix = 24;
in {
  imports = [ my.modules ../../hardware/rpi4.nix ];

  networking.hostName = "rubusidaeus";

  my.laptop.enable = false;
  my.git.enable = false;
  my.roles = {
    design.enable = false;
    devel.enable = false;
    gaming.enable = false;
    graphical.enable = false;
    graphical.basic.enable = false;
    latex.enable = false;
    media-client.enable = false;
    ntp-server.enable = true;
    torrent.enable = false;
    virtualisation.enable = false;
    yggdrasil-peer.enable = true;

    server = {
      ivabus-dev.enable = true;
      slides-ivabus-dev.enable = true;
      urouter = {
        enable = true;
        settings = {
          alias = [
            {
              uri = "/";
              alias = { url = "https://ivabus.dev"; };
            }
            {
              uri = "/";
              alias = { file = "dotfiles"; };
              agent = { regex = "^curl/[0-9].[0-9].[0-9]$"; };
            }
            {
              uri = "d";
              alias = { file = "dotfiles"; };
            }
            {
              uri = "e";
              alias = { file = "env"; };
            }
            {
              uri = "nix";
              alias = { file = "nix"; };
            }
            {
              uri = "truth";
              alias = { file = "truth.py"; };
            }
          ];
        };
        dir = "/var/urouter";
        port = 8090;
        address = "0.0.0.0";
      };
    };
  };

  my.users = {
    ivabus.enable = true;
    user.enable = false;
  };

  my.features.secrets = true;

  networking = {
    useNetworkd = false;
    useDHCP = false;
    interfaces = {
      end0 = {
        ipv6.addresses = [{
          address = "${ipv6_subnet}::1337";
          prefixLength = ipv6_prefix;
        }];
        ipv4.addresses = [{
          address = ipv4_address; # Ughhhhh yep, flat network
          prefixLength = ipv4_prefix;
        }];
      };
    };
    defaultGateway = ipv4_gateway; # should set this things through let...
  };

  # 2 gig of ram is not enough
  swapDevices = [ {
    device = "/var/lib/swapfile";
    size = 16*1024;
  } ];

  # Semi-static configuration, needs rethinking
  services.nginx = {
    virtualHosts."iva.bz" = {
      locations."/".proxyPass = "http://localhost:8090";
      enableACME = true;
      addSSL = true;
      http3 = true;
      serverAliases = [ "www.iva.bz" ];
    };
    virtualHosts."xn--80acbx2cl.xn--p1ai" = {
      locations."/".proxyPass = "http://${secrets.maas-address}:8083";
      enableACME = true;
      addSSL = true;
      http3 = true;
      serverAliases = [ "ивабус.рф" ];
    };
    virtualHosts."music.ivabus.dev" = {
      locations."/".proxyPass = "http://${secrets.maas-address}:4533";
      enableACME = true;
      forceSSL = true;
      http3 = true;
    };
    virtualHosts."storage.ivabus.dev" = {
      locations."/".proxyPass = "http://${secrets.maas-address}:80";
      enableACME = true;
      forceSSL = true;
      http3 = true;
    };
    virtualHosts."git.ivabus.dev" = {
      locations."/".proxyPass = "http://${secrets.maas-address}:3000";
      enableACME = true;
      forceSSL = true;
      http3 = true;
    };
  };

  hardware.enableRedistributableFirmware = true;
  system.stateVersion = "23.05";
}
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								{ config, pkgs, lib, secrets, ... }:
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
-												minor changes

- add celerrime-x (don't work)
- minor changes (code pretty)

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-09-08 21:07:54 +03:00
+								let
 								  my = import ../..;
 								  ipv6_subnet = "2a05:3580:e41a:d600";
 								  ipv6_prefix = 64;
 								  ipv4_gateway = "192.168.1.1";
 								  ipv4_address = "192.168.1.3";
 								  ipv4_prefix = 24;
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								in {
-												Call nixfmt for the first time

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-09-06 16:10:11 +03:00
+								  imports = [ my.modules ../../hardware/rpi4.nix ];
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
 								  networking.hostName = "rubusidaeus";
 								  my.laptop.enable = false;
-												Split rubusidaeus config + split user and git config

											
										
										
											2023-09-01 07:13:07 +03:00
+								  my.git.enable = false;
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								  my.roles = {
 								    design.enable = false;
 								    devel.enable = false;
 								    gaming.enable = false;
 								    graphical.enable = false;
-												Disable basic graphical option (was enabled on server, lol)

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-11-30 16:17:10 +03:00
+								    graphical.basic.enable = false;
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								    latex.enable = false;
 								    media-client.enable = false;
-												rubusidaeus: Reenable ntp-server

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-11-30 17:20:49 +03:00
+								    ntp-server.enable = true;
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								    torrent.enable = false;
 								    virtualisation.enable = false;
-												Host private yggdrasil peer

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-17 10:57:18 +03:00
+								    yggdrasil-peer.enable = true;
-												Enable webservice for testing on rubusidaeus

											
										
										
											2023-09-07 17:32:56 +03:00
-												Host slides.ivabus.dev using Nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-17 17:25:24 +03:00
+								    server = {
 								      ivabus-dev.enable = true;
 								      slides-ivabus-dev.enable = true;
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								      urouter = {
 								        enable = true;
 								        settings = {
 								          alias = [
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "/";
 								              alias = { url = "https://ivabus.dev"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "/";
 								              alias = { file = "dotfiles"; };
 								              agent = { regex = "^curl/[0-9].[0-9].[0-9]$"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "d";
 								              alias = { file = "dotfiles"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "e";
 								              alias = { file = "env"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "nix";
 								              alias = { file = "nix"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								            {
-												Bump urouter to 0.5.0

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-21 19:07:22 +03:00
+								              uri = "truth";
 								              alias = { file = "truth.py"; };
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								            }
 								          ];
 								        };
 								        dir = "/var/urouter";
 								        port = 8090;
 								        address = "0.0.0.0";
 								      };
-												Host slides.ivabus.dev using Nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-17 17:25:24 +03:00
+								    };
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								  };
-												Minor changes

Untested VF2 config, basic "user", option to enable users, option to enable git, basic graphics role, unfinished `router` role, global features

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-03 17:15:14 +03:00
+								  my.users = {
 								    ivabus.enable = true;
 								    user.enable = false;
 								  };
 								  my.features.secrets = true;
-												minor changes

- add celerrime-x (don't work)
- minor changes (code pretty)

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-09-08 21:07:54 +03:00
+								  networking = {
 								    useNetworkd = false;
 								    useDHCP = false;
 								    interfaces = {
 								      end0 = {
 								        ipv6.addresses = [{
 								          address = "${ipv6_subnet}::1337";
 								          prefixLength = ipv6_prefix;
 								        }];
 								        ipv4.addresses = [{
 								          address = ipv4_address; # Ughhhhh yep, flat network
 								          prefixLength = ipv4_prefix;
 								        }];
 								      };
 								    };
 								    defaultGateway = ipv4_gateway; # should set this things through let...
 								  };
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
-												Enable swapfile on rubusidaeus

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-22 07:30:15 +03:00
+								  # 2 gig of ram is not enough
 								  swapDevices = [ {
 								    device = "/var/lib/swapfile";
 								    size = 16*1024;
 								  } ];
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								  # Semi-static configuration, needs rethinking
 								  services.nginx = {
 								    virtualHosts."iva.bz" = {
-												Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-20 20:17:29 +03:00
+								      locations."/".proxyPass = "http://localhost:8090";
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								      enableACME = true;
 								      addSSL = true;
-												Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-10 09:36:24 +03:00
+								      http3 = true;
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								      serverAliases = [ "www.iva.bz" ];
 								    };
 								    virtualHosts."xn--80acbx2cl.xn--p1ai" = {
 								      locations."/".proxyPass = "http://${secrets.maas-address}:8083";
 								      enableACME = true;
 								      addSSL = true;
-												Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-10 09:36:24 +03:00
+								      http3 = true;
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								      serverAliases = [ "ивабус.рф" ];
 								    };
-												Add music.ivabus.dev to proxying services

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 13:14:19 +03:00
+								    virtualHosts."music.ivabus.dev" = {
 								      locations."/".proxyPass = "http://${secrets.maas-address}:4533";
 								      enableACME = true;
 								      forceSSL = true;
-												Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-10 09:36:24 +03:00
+								      http3 = true;
-												Add music.ivabus.dev to proxying services

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 13:14:19 +03:00
+								    };
-												Fix all nix-darwin machines + add effundam-x

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-11-01 21:42:41 +03:00
+								    virtualHosts."storage.ivabus.dev" = {
 								      locations."/".proxyPass = "http://${secrets.maas-address}:80";
 								      enableACME = true;
 								      forceSSL = true;
-												Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-10 09:36:24 +03:00
+								      http3 = true;
-												Fix all nix-darwin machines + add effundam-x

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-11-01 21:42:41 +03:00
+								    };
 								    virtualHosts."git.ivabus.dev" = {
 								      locations."/".proxyPass = "http://${secrets.maas-address}:3000";
 								      enableACME = true;
 								      forceSSL = true;
-												Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-12-10 09:36:24 +03:00
+								      http3 = true;
-												Fix all nix-darwin machines + add effundam-x

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-11-01 21:42:41 +03:00
+								    };
-												Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-10-27 12:29:45 +03:00
+								  };
-												Add raspberry pi machine

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

											
										
										
											2023-08-31 18:28:25 +03:00
+								  hardware.enableRedistributableFirmware = true;
 								  system.stateVersion = "23.05";
 								}