feat(ssh): reach ful, makanek via http first

chore: update
feat: init ful
2026-03-21 20:31:07 +01:00 · 2022-05-20 23:16:46 +02:00 · 2022-05-20 23:04:28 +02:00 · 2022-05-20 23:04:15 +02:00 · 2022-05-20 23:03:57 +02:00
12 changed files with 132 additions and 30 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -30,6 +30,7 @@ in {
            tocharian-font = pkgs.callPackage <niveum/packages/tocharian-font.nix> {};
            iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> {};
            ix = pkgs.callPackage <niveum/packages/ix.nix> {};
+            unstable = import <nixpkgs-unstable> {inherit (config.nixpkgs) config;};
          };
        };
        overlays = [
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,6 +1,4 @@
-{pkgs, ...}: let
-  nixpkgs-unstable = import <nixpkgs-unstable> {};
-in {
+{pkgs, ...}: {
  nixpkgs.config.joypixels.acceptLicense = true;
  fonts = {
    enableDefaultFonts = true;
@@ -9,17 +7,17 @@ in {
      alegreya
      alegreya-sans
      amiri
-      nixpkgs-unstable.annapurna-sil
+      unstable.annapurna-sil
      cantarell-fonts
      charis-sil
      corefonts
      crimson
      eb-garamond
      etBook
-      nixpkgs-unstable.ezra-sil
+      unstable.ezra-sil
      fira
      font-awesome-ttf
-      nixpkgs-unstable.galatia-sil
+      unstable.galatia-sil
      gentium
      gfs-fonts
      gyre-fonts
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -8,8 +8,6 @@
  menstruation = pkgs.callPackage <menstruation-backend> {};
  pandoc-doc = pkgs.callPackage <niveum/packages/man/pandoc.nix> {};

-  nixpkgs-unstable = import <nixpkgs-unstable> {config.allowUnfree = true;};
-
  zoteroStyle = {
    name,
    sha256,
@@ -35,7 +33,7 @@
    })
  ];

-  astrolog = nixpkgs-unstable.astrolog.overrideAttrs (old:
+  astrolog = pkgs.unstable.astrolog.overrideAttrs (old:
    old
    // {
      installPhase = ''
@@ -124,10 +122,10 @@ in {
    electrum
    inkscape
    astrolog
-    nixpkgs-unstable.anki # flashcards
+    unstable.anki # flashcards
    jbofihe # lojbanic software
-    nixpkgs-unstable.zoom-us # video conferencing
-    nixpkgs-unstable.alejandra # nix formatter
+    unstable.zoom-us # video conferencing
+    unstable.alejandra # nix formatter
    pdfgrep # search in pdf
    pdftk # pdf toolkit
    mupdf
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -25,6 +25,11 @@ in {
        port = sshPort;
      };
      makanek = {
+        hostname = "88.99.83.173";
+        user = "root";
+        port = sshPort;
+      };
+      "makanek.r" = {
        hostname = "makanek.r";
        user = "root";
        port = sshPort;
@@ -57,9 +62,15 @@ in {
        hostname = "135.181.85.233";
        user = "root";
      };
-      oracle = {
-        hostname = "130.61.171.199";
-        user = "ubuntu";
+      "ful.r" = {
+        hostname = "ful.r";
+        user = "root";
+        port = sshPort;
+      };
+      ful = {
+        hostname = "130.61.209.15";
+        user = "root";
+        port = sshPort;
      };
    };
  };
--- a/configs/telegram-bots/astrology.nix
+++ b/configs/telegram-bots/astrology.nix
@@ -3,7 +3,6 @@
  lib,
  ...
 }: let
-  nixpkgs-unstable = import <nixpkgs-unstable> {};
  toSymbols = pkgs.writers.writeDash "to-symbols" ''
    ${pkgs.gnused}/bin/sed '
      s/\bTri\b/△/;
@@ -50,8 +49,8 @@ in {
      now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
      date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
      {
-        ${nixpkgs-unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node"
-        ${nixpkgs-unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
+        ${pkgs.unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node"
+        ${pkgs.unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
      } | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
    '');
  };
--- a/flake.lock
+++ b/flake.lock
@@ -125,11 +125,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1652576583,
-        "narHash": "sha256-FhSixtJktylN1lnflPYgZfoH++6/VpC7euoV8RcBKSY=",
+        "lastModified": 1653027086,
+        "narHash": "sha256-ou5leASlH+EHgrGi196QP4B8iMcDwXXICH63c1El0no=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e9132b233ec7176c121b4ecb991ce397d92275ee",
+        "rev": "437fd89069be470fba34ef7c7f5abc55fe20e328",
        "type": "github"
      },
      "original": {
@@ -158,11 +158,11 @@
    "retiolum": {
      "flake": false,
      "locked": {
-        "lastModified": 1652292767,
-        "narHash": "sha256-3/ENvvvva5BiQH8YP6AHwMpApuut9CqhfjrLaoikcno=",
+        "lastModified": 1653077783,
+        "narHash": "sha256-GiL82w4BVSZZV5gIQSoEf+KoJaIkUv+29vZmmWlKb6I=",
        "owner": "krebs",
        "repo": "retiolum",
-        "rev": "7cc2a7118e4aa9f5df0953bebad28034306329e6",
+        "rev": "1b5154c3ed9f3cb751afc3e306a1b20e3358ffe5",
        "type": "github"
      },
      "original": {
@@ -242,11 +242,11 @@
    "tinc-graph": {
      "flake": false,
      "locked": {
-        "lastModified": 1652888702,
-        "narHash": "sha256-tYlhkplmAUGsHA0ucRd+yBXWqf9GXpfQlrJX1O04Fac=",
+        "lastModified": 1653080212,
+        "narHash": "sha256-BcfppAuVNp0hMcrMG/ZxE4juSrdQbJSUIA0eHS1/Wxo=",
        "owner": "kmein",
        "repo": "tinc-graph",
-        "rev": "39d2fb9a756e007ae8b39392122422bf9632fe4f",
+        "rev": "ea0ef2e5542684d1d8e34a626cb9295dec33e70d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -119,7 +119,10 @@
          type = "app";
          program = deployScriptFor {
            inherit name;
-            host = "${name}.r";
+            host =
+              if name != "ful"
+              then "${name}.r"
+              else "130.61.209.15";
          };
        };
      });
--- a/lib/retiolum-network.nix
+++ b/lib/retiolum-network.nix
@@ -4,6 +4,11 @@
    ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
  };

+  ful = {
+    ipv4 = "10.243.2.107";
+    ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
+  };
+
  zaatar = {
    ipv4 = "10.243.2.34";
    ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -0,0 +1,46 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (import <niveum/lib>) kieran retiolumAddresses;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    <niveum/configs/monitoring.nix>
+    <niveum/configs/nix.nix>
+    <niveum/configs/save-space.nix>
+    <niveum/configs/spacetime.nix>
+    <niveum/configs/sshd.nix>
+    <niveum/modules/retiolum.nix>
+  ];
+
+  nix.nixPath = ["/var/src"];
+
+  networking = {
+    firewall.allowedTCPPorts = [80 443];
+    hostName = "ful";
+    interfaces.enp0s3.useDHCP = true;
+    retiolum = retiolumAddresses.ful;
+    useDHCP = false;
+  };
+
+  system.stateVersion = "21.11";
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    email = kieran.email;
+  };
+
+  environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];
+}
--- a/systems/ful/hardware-configuration.nix
+++ b/systems/ful/hardware-configuration.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/profiles/qemu-guest.nix>];
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["virtio_pci" "usbhid"];
+      kernelModules = ["bochs_drm"];
+    };
+    kernelModules = [
+      "console=ttyS0"
+      "console=tty1"
+      "nvme.shutdown_timeout=10"
+      "libiscsi.debug_libiscsi_eh=1"
+    ];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9bf751c7-cf32-49fb-9354-17694c7a46e0";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7817-285D";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+}
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -62,6 +62,10 @@ in {
    useDHCP = false;
  };

+  nixpkgs.config.packageOverrides = pkgs: {
+    unstable = import <nixpkgs-unstable> {inherit (config.nixpkgs) config;};
+  };
+
  system.stateVersion = "20.03";

  services.nginx = {
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -5,7 +5,6 @@
 }: let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
-  nixpkgs-unstable = import <nixpkgs-unstable> {};
  domain = "pad.kmein.de";
  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
@@ -61,7 +60,7 @@ in {
  systemd.services.hedgedoc-backup = {
    description = "Hedgedoc backup service";
    script = ''
-      ${nixpkgs-unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
+      ${pkgs.unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
      | ${
        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
          import json
Author	SHA1	Message	Date
Kierán Meinhardt	8c9a44d404	feat(ssh): reach ful, makanek via http first	2022-05-20 23:16:46 +02:00
Kierán Meinhardt	45fdbad259	chore: update	2022-05-20 23:04:28 +02:00
Kierán Meinhardt	93b8d31a33	feat: init ful	2022-05-20 23:04:15 +02:00
Kierán Meinhardt	abb7924fca	chore: only one unstable nixpkgs	2022-05-20 23:03:57 +02:00