Compare commits
10 Commits
32f6e77682
...
e65566c71d
Author | SHA1 | Date |
---|---|---|
Ryan Rix | e65566c71d | |
Ryan Rix | 8929ea4513 | |
Ryan Rix | b2980b96f2 | |
Ryan Rix | 7cc01a0f28 | |
Ryan Rix | da42378a36 | |
Ryan Rix | 2e823f0f48 | |
Ryan Rix | 8a9092ea15 | |
Ryan Rix | 7478c5c4af | |
Ryan Rix | 78891f7a79 | |
Ryan Rix | 36feb626fc |
|
@ -49,6 +49,7 @@ Anyways it has an [[id:cce/emacs][Emacs]] package which works really well and re
|
|||
|
||||
#+ARROYO_NIXOS_MODULE: nixos/direnv.nix
|
||||
#+ARROYO_NIXOS_ROLE: endpoint
|
||||
#+ARROYO_NIXOS_ROLE: droid
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/direnv.nix
|
||||
{ ... }: {
|
||||
nix.extraOptions = ''
|
||||
|
|
|
@ -22,10 +22,10 @@ Let's see if this doesn't annoy me. I'm not huge excited about any Mastodon clie
|
|||
<<list-timelines>>
|
||||
<<setup-frame>>
|
||||
:hook
|
||||
(mastodon-mode #'visual-line-mode)
|
||||
(mastodon-mode . visual-line-mode)
|
||||
:custom
|
||||
(mastodon-tl--show-avatars t)
|
||||
(mastodon-instance-url "https://cybre.space")
|
||||
(mastodon-instance-url "https://tenforward.social")
|
||||
(mastodon-active-user "rrix"))
|
||||
(provide 'cce/mastodon)
|
||||
#+end_src
|
||||
|
|
|
@ -88,6 +88,7 @@ Here's the one for getting things from my server to my laptop. Most folks who se
|
|||
patterns = [
|
||||
"feeds/Art"
|
||||
"feeds/Blogs"
|
||||
"feeds/Brain"
|
||||
"feeds/Motorsports"
|
||||
"feeds/News"
|
||||
"feeds/Self"
|
||||
|
|
107
morph.org
107
morph.org
|
@ -212,3 +212,110 @@ nixops ssh tres-ebow chown 400 /etc/wireguard-key/tres-ebow.key
|
|||
#+end_example
|
||||
|
||||
I need to make sure this stays in sync with my [[id:nixos_justdoit][JustDoIt]] script!
|
||||
|
||||
* Deploying [[id:20211120T220054.226284][The Wobserver]]
|
||||
:PROPERTIES:
|
||||
:ID: 20221112T153200.008557
|
||||
:END:
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/networks/wobserver.nix :mkdirp yes
|
||||
let
|
||||
serverCfg = ../roles/server;
|
||||
pkgs = import <nixpkgs> {};
|
||||
in {
|
||||
network.pkgs = pkgs;
|
||||
network.description = "my woserver";
|
||||
network.enableRollback = true;
|
||||
|
||||
terra-firma = {config, pkgs, ...}:
|
||||
{
|
||||
imports = [ serverCfg ../hosts/terra-firma ];
|
||||
# deployment.targetHost = "terra-firma";
|
||||
deployment.targetHost = "10.0.0.218";
|
||||
deployment.targetUser = "root";
|
||||
system.stateVersion = "22.11";
|
||||
};
|
||||
}
|
||||
#+end_src
|
||||
|
||||
** Terra Firma
|
||||
:PROPERTIES:
|
||||
:ID: 20221112T130047.292304
|
||||
:END:
|
||||
|
||||
Terra Firma is my [[id:20211120T220054.226284][Wobserver]] hosted by [[id:7fea3caa-5fa0-415a-96c7-45a1d64512fb][Wobscale Technologies]] in Seattle, WA.
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/hosts/terra-firma/default.nix :mkdirp yes
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
networking.hostName = "terra-firma";
|
||||
boot.loader.grub.enable = true;
|
||||
# boot.loader.grub.device = "/dev/sde";
|
||||
boot.loader.grub.device = "/dev/sdf";
|
||||
|
||||
networking.hostId = "628c9fc3"; # required for zfs use
|
||||
services.tailscale.authKey = "tskey-auth-kc6ULA7CNTRL-DwkDu5vJo2RrekxqbUHNxQP4LmMDnRjS3";
|
||||
}
|
||||
#+end_src
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/hosts/terra-firma/hardware-configuration.nix :mkdirp yes
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "uhci_hcd" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "terra-firma/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "tank/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/media" =
|
||||
{ device = "tank/media";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/srv" =
|
||||
{ device = "tank/srv";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "terra-firma/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2C1E-582F";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/1ee46640-6164-4882-a59d-aa260c7780a2"; }
|
||||
];
|
||||
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
#+end_src
|
||||
|
|
166
nginx.org
166
nginx.org
|
@ -5,6 +5,7 @@
|
|||
:END:
|
||||
#+TITLE: Wobserver Nginx Frontends
|
||||
#+filetags: :Project:CCE:Wobserver:
|
||||
#+AUTO_TANGLE: t
|
||||
|
||||
Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the default configuration, follow [[elisp:(org-roam-buffer-toggle)][backlinks]] for site configurations.
|
||||
|
||||
|
@ -15,18 +16,47 @@ Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./nginx-staticsites.nix
|
||||
# ./wobserver-acme.nix
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
statusPage = true;
|
||||
appendHttpConfig = ''
|
||||
log_format main
|
||||
'$host $remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
'';
|
||||
};
|
||||
services.prometheus.exporters.nginx.enable = true;
|
||||
services.prometheus.exporters.nginxlog = {
|
||||
# enable = true;
|
||||
enable = true;
|
||||
group = "nginx";
|
||||
# https://github.com/martin-helmich/prometheus-nginxlog-exporter#configuration-file
|
||||
# settings = {};
|
||||
settings = {
|
||||
namespaces = [
|
||||
{
|
||||
name = "wobserver";
|
||||
format = ''$host $remote_addr - $remote_user [$time_local] "$request" '' +
|
||||
''$status $body_bytes_sent "$http_referer" '' +
|
||||
''"$http_user_agent" "$http_x_forwarded_for"'';
|
||||
source.files = [ "/var/log/nginx/access.log" ];
|
||||
relabel_configs = [
|
||||
{
|
||||
target_label = "host";
|
||||
from = "host";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# <<security.acme>>
|
||||
|
@ -41,47 +71,103 @@ Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the
|
|||
|
||||
I use [[https://letsencrypt.org/][Lets Encrypt]] for my DNS, I really like 'em.
|
||||
|
||||
#+NAME: security.acme
|
||||
#+begin_src nix
|
||||
security.acme = {
|
||||
defaults.email = "acme@rix.si";
|
||||
acceptTerms = true;
|
||||
};
|
||||
# 'internal' hosts
|
||||
security.acme.certs."fontkeming.fail" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"home.rix.si"
|
||||
"dns.fontkeming.fail"
|
||||
];
|
||||
};
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/wobserver-acme.nix
|
||||
{ ... }:
|
||||
|
||||
# site hosts
|
||||
security.acme.certs."rix.si" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"whatthefuck.computer" "notes.whatthefuck.computer"
|
||||
"afd.fontkeming.fail" "dev.arcology.garden"
|
||||
"dongiverse.com" "kickass.systems"
|
||||
"ring.whatthefuck.computer"
|
||||
"lionsrear.com" "arcology.garden" "cce.arcology.garden"
|
||||
];
|
||||
};
|
||||
{
|
||||
security.acme = {
|
||||
defaults.email = "acme@rix.si";
|
||||
acceptTerms = true;
|
||||
};
|
||||
# 'internal' hosts
|
||||
security.acme.certs."fontkeming.fail" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"home.rix.si"
|
||||
"dns.fontkeming.fail"
|
||||
];
|
||||
};
|
||||
|
||||
# app hosts
|
||||
security.acme.certs."files.fontkeming.fail" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"code.rix.si"
|
||||
"bag.fontkeming.fail"
|
||||
"matrix.fontkeming.fail"
|
||||
"dimension.fontkeming.fail"
|
||||
];
|
||||
};
|
||||
# site hosts
|
||||
security.acme.certs."rix.si" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"whatthefuck.computer" "notes.whatthefuck.computer"
|
||||
"afd.fontkeming.fail" "dev.arcology.garden"
|
||||
"dongiverse.com" "kickass.systems"
|
||||
"ring.whatthefuck.computer"
|
||||
"lionsrear.com" "arcology.garden" "cce.arcology.garden"
|
||||
];
|
||||
};
|
||||
|
||||
# app hosts
|
||||
security.acme.certs."files.fontkeming.fail" = {
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"code.rix.si"
|
||||
"bag.fontkeming.fail"
|
||||
"matrix.fontkeming.fail"
|
||||
"dimension.fontkeming.fail"
|
||||
];
|
||||
};
|
||||
}
|
||||
#+end_src
|
||||
|
||||
* NEXT static sites
|
||||
* NEXT virtualHosts
|
||||
* NEXT fix nginx_exporter
|
||||
* INPROGRESS static sites
|
||||
:LOGBOOK:
|
||||
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 19:41]
|
||||
:END:
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/nginx-staticsites.nix
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"fontkeming.fail".root = "/var/www/html";
|
||||
|
||||
# additional home.rix.si stuff in wobserver-observability!
|
||||
"home.rix.si".root = "/var/www/html";
|
||||
"home.rix.si".locations."/fdroid".root = "/srv/fdroid/repo";
|
||||
|
||||
"afd.fontkeming.fail".root = "/srv/afdsew/SEW";
|
||||
|
||||
"blog.dongiverse.com".root = "/srv/static-sites/blog.dongiverse.com/_site";
|
||||
"dongiverse.com".root = "/srv/static-sites/dongiverse.com/_site";
|
||||
|
||||
"kickass.systems".root = "/srv/static-sites/kickass.systems/_site";
|
||||
|
||||
"notes.whatthefuck.computer" = {
|
||||
root = "/srv/static-sites/notes.whatthefuck.computer/_site";
|
||||
locations."/atom.xml".proxyPass = "https://granary.io/url?url=http://notes.whatthefuck.computer/&input=html&output=atom&hub=https://bridgy-fed.superfeedr.com/";
|
||||
locations."/rss.xml".proxyPass = "https://granary.io/url?url=http://notes.whatthefuck.computer/&input=html&output=rss&hub=https://bridgy-fed.superfeedr.com/";
|
||||
};
|
||||
|
||||
"whatthefuck.computer" = {
|
||||
root = "/srv/static-sites/whatthefuck.computer/_site";
|
||||
serverAliases = ["rix.si"];
|
||||
locations."~ ^/~(.+?)(/.*)?$" = {
|
||||
alias = "/home/$1/public_html$2";
|
||||
index = "index.html index.htm";
|
||||
extraConfig = "autoindex on;";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
#+end_src
|
||||
|
||||
** NEXT move afd.fontkeming.fail vhost to [[id:d7d936ab-781c-4e04-88bb-af65b23c6c43][Area Forecast Discussion]]
|
||||
|
||||
** INPROGRESS plumb these through on fontkeming
|
||||
:LOGBOOK:
|
||||
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 21:19]
|
||||
:END:
|
||||
* INPROGRESS virtualHosts
|
||||
:LOGBOOK:
|
||||
- State "INPROGRESS" from "NEXT" [2022-11-12 Sat 20:01]
|
||||
:END:
|
||||
* DONE fix nginx_exporter
|
||||
:LOGBOOK:
|
||||
- State "DONE" from "NEXT" [2022-11-12 Sat 20:01]
|
||||
:END:
|
||||
* NEXT understand where webroot is wired up
|
||||
* NEXT at least read the "recommended settings"
|
||||
|
|
|
@ -0,0 +1,108 @@
|
|||
:PROPERTIES:
|
||||
:ID: 20221106T113721.266425
|
||||
:END:
|
||||
#+title: CCE in Nix On Droid
|
||||
|
||||
I'd like to get parts of my [[id:cce/cce][CCE]] running on [[id:20220817T205401.021191][t184256/nix-on-droid]] so that I can have my [[id:cce/emacs][Emacs]] [[id:a7420bb9-395f-4afa-92fb-8eaa0b8a4cd8][Tools]] like [[id:2e31b385-a003-4369-a136-c6b78c0917e1][SRS]] and [[id:cce/org-roam][org-roam]] running on it.
|
||||
|
||||
* =nix-on-droid.nix=
|
||||
:PROPERTIES:
|
||||
:ID: 20221107T121318.041740
|
||||
:END:
|
||||
|
||||
This uses [[id:arroyo/home-manager][Arroyo Home Manager]] to generate a list of Arroyo modules to include in to the Nix On Droid home-manager environment and then does some basic housekeeping stuff to expose [[id:arroyo/emacs][Arroyo Emacs]] and [[id:20221021T121120.541960][rixpkgs]] to that environment.
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nix-on-droid.nix :noweb yes
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.packages = [ pkgs.vim ];
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
nix.nixPath = [
|
||||
"nixpkgs=/data/data/com.termux.nix/files/home/.nix-defexpr/channels/nixpkgs/"
|
||||
"arroyo=/storage/emulated/0/arroyo-nix"
|
||||
"/data/data/com.termux.nix/files/home/.nix-defexpr/channels"
|
||||
];
|
||||
nix.substituters = [
|
||||
"https://cache.nixos.org/"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
nix.trustedPublicKeys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(let emacsOverlay = (import ./versions.nix {}).emacsOverlay null;
|
||||
in import emacsOverlay)
|
||||
(import <arroyo/overlay.nix>)
|
||||
];
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
home-manager.config =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
home.stateVersion = "22.05";
|
||||
imports = [
|
||||
<<home_manager_imports()>>
|
||||
];
|
||||
|
||||
|
||||
programs.ssh.matchBlocks.builder = {
|
||||
hostname = "100.96.6.32";
|
||||
user = "builder";
|
||||
};
|
||||
};
|
||||
}
|
||||
#+end_src
|
||||
|
||||
#+NAME: home_manager_imports
|
||||
#+begin_src emacs-lisp
|
||||
(->> (arroyo-home-manager-imports "droid")
|
||||
(s-join "\n"))
|
||||
#+end_src
|
||||
|
||||
#+results: home_manager_imports
|
||||
#+begin_example
|
||||
hm/prompt.nix
|
||||
hm/emacs-helpers.nix
|
||||
hm/contacts.nix
|
||||
hm/git.nix
|
||||
hm/python.nix
|
||||
hm/gnupg.nix
|
||||
hm/org-roam.nix
|
||||
hm/emacs-pager.nix
|
||||
hm/shell-helpers.nix
|
||||
hm/spell-check.nix
|
||||
hm/deadgrep.nix
|
||||
hm/profile.nix
|
||||
hm/morph.nix
|
||||
hm/nix-update.nix
|
||||
hm/atuin.nix
|
||||
hm/emacs.nix
|
||||
hm/ssh_client.nix
|
||||
#+end_example
|
||||
|
||||
* Using machines running [[id:cce/my_nixos_configuration][My NixOS configuration]] to as builders for nix-on-droid
|
||||
|
||||
#+ARROYO_NIXOS_MODULE: nixos/nixos-builder.nix
|
||||
#+ARROYO_NIXOS_ROLE: endpoint
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/nixos-builder.nix
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
users.users.builder = {
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
initialPassword = "changeme!";
|
||||
};
|
||||
|
||||
nix.trustedUsers = [ "builder" ];
|
||||
}
|
||||
#+end_src
|
|
@ -3,12 +3,12 @@
|
|||
:ROAM_ALIASES: Wobserver
|
||||
:END:
|
||||
#+title: The Wobserver
|
||||
#+filetags: :Project:
|
||||
#+filetags: :Project:Wobserver:Development:
|
||||
|
||||
#+ARCOLOGY_KEY: cce/wobserver
|
||||
#+ARCOLOGY_ALLOW_CRAWL: t
|
||||
|
||||
My Wobserver is [[roam:fontkeming]] and resides in [[id:7fea3caa-5fa0-415a-96c7-45a1d64512fb][Wobscale Technologies]]'s premier datacenter =sea1.wobscale.website=.
|
||||
My Wobserver is [[id:20221112T130047.292304][Terra Firma]] and resides in [[id:7fea3caa-5fa0-415a-96c7-45a1d64512fb][Wobscale Technologies]]'s premier datacenter =sea1.wobscale.website=.
|
||||
|
||||
* NEXT What's a Wobserver? :Writing:
|
||||
:PROPERTIES:
|
||||
|
@ -47,6 +47,7 @@ rec {
|
|||
home-manager.users.rrix.imports = [
|
||||
<<arroyo_home-manager_imports()>>
|
||||
];
|
||||
home-manager.users.rrix.home.stateVersion = "22.11";
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
|
@ -129,12 +130,44 @@ rec {
|
|||
|
||||
* Packages in the Wobserver
|
||||
|
||||
#+begin_src emacs-lisp :results drawer
|
||||
(->>
|
||||
(arroyo-nixos-imports "server")
|
||||
(--map (caar (arroyo-db-query [:select file :from keywords :where (= value $s1)] it)))
|
||||
(--map (list it
|
||||
(caar (org-roam-db-query [:select title :from nodes :where (= file $s1) :and (= level 0)] it))))
|
||||
(--map (format "- [[%s][%s]]" (first it) (second it)))
|
||||
(s-join "\n")
|
||||
)
|
||||
#+end_src
|
||||
|
||||
#+results:
|
||||
:results:
|
||||
- [[/home/rrix/org/cce/nextcloud.org][Nextcloud on Wobserver]]
|
||||
- [[/home/rrix/org/cce/postgresql.org][PostgreSQL on the Wobserver]]
|
||||
- [[/home/rrix/org/cce/nginx.org][Wobserver Nginx Frontends]]
|
||||
- [[/home/rrix/org/20220210155158-from_wireguard_to_tailscale.org][From Wireguard to Tailscale]]
|
||||
- [[/home/rrix/org/cce/cce-nixpath.org]["The manual appears to depend on the location of Nixpkgs"]]
|
||||
- [[/home/rrix/org/cce/gnupg_configuration.org][GnuPG Configuration]]
|
||||
- [[/home/rrix/org/cce/nixos.org][CCE Nixos Core]]
|
||||
- [[/home/rrix/org/cce/public_keys.org][My Public Keys and NixOS user]]
|
||||
- [[/home/rrix/org/cce/nix_community_cachix.org][Nix Community Cachix]]
|
||||
- [[/home/rrix/org/current_location.org][Where I Am At]]
|
||||
- [[/home/rrix/org/secure_backup_infrastructure.org][Secure Backup Infrastructure]]
|
||||
- [[/home/rrix/org/arroyo/arroyo-nix.org][Arroyo Nix Support]]
|
||||
- [[/home/rrix/org/cce/home-manager.org][Generate a Dynamic Home Manager Configuration]]
|
||||
- [[/home/rrix/org/cce/syncthing.org][Nearly Stateless Computing Using Syncthing]]
|
||||
- [[/home/rrix/org/arroyo/arroyo-emacs.org][Arroyo Emacs Generator]]
|
||||
- [[/home/rrix/org/cce/ssh_configuration.org][SSH Configuration]]
|
||||
:end:
|
||||
|
||||
- [[id:e4998eda-d14a-48ee-9661-3d7d1bead53c][Nginx]]
|
||||
- [[id:cce/wobserver/postgres][PostgreSQL]]
|
||||
- [[id:20220101T180015.306163][Nextcloud]]
|
||||
- [[id:cce/wobserver/matrix][Matrix Synapse]]
|
||||
- [[id:20220101T190353.843667][Wobserver Observability]]
|
||||
|
||||
|
||||
** INPROGRESS [[id:20220218T215521.617327][Heisenbridge]]
|
||||
** INPROGRESS [[id:20220101T190353.843667][Wobserver Observability]]
|
||||
** NEXT hydra
|
||||
** NEXT Redis
|
||||
** NEXT Calibre-Web
|
||||
|
@ -147,8 +180,14 @@ rec {
|
|||
** NEXT fail2ban
|
||||
** NEXT gitea
|
||||
** NEXT grocy?
|
||||
** NEXT wireguard
|
||||
** NEXT tailscale
|
||||
** CANCELLED wireguard
|
||||
:LOGBOOK:
|
||||
- State "CANCELLED" from "NEXT" [2022-11-12 Sat 16:44]
|
||||
:END:
|
||||
** DONE tailscale
|
||||
:LOGBOOK:
|
||||
- State "DONE" from "NEXT" [2022-11-12 Sat 16:44]
|
||||
:END:
|
||||
*** Why Tailscale?
|
||||
|
||||
Arroyo Systems are "self-hosted" -- the org-mode source runs in an Emacs which can be provided through an Arroyo document system, but it also goes to great effort to not rely on third party services, and goes to greater length to avoid proprietary webservices. and yet i'll probably use Tailscale for it, anyways. why?
|
||||
|
@ -159,6 +198,7 @@ Arroyo Systems are "self-hosted" -- the org-mode source runs in an Emacs which c
|
|||
*** NEXT mpd
|
||||
*** NEXT mpdscribble
|
||||
*** NEXT icecast
|
||||
|
||||
* Building a QEMU image of the Wobserver
|
||||
:PROPERTIES:
|
||||
:ID: 20220218T213149.100848
|
||||
|
@ -168,14 +208,14 @@ Right now I develop in qemu.
|
|||
|
||||
[[shell:nix-build '<nixpkgs/nixos>' -A vm --arg configuration nixlib/roles/server/default.nix &][build the VM]] then [[shell:result/bin/run-nixos-vm &][run the VM]]
|
||||
|
||||
#+ARROYO_NIXOS_MODULE: nixos/qemu-vm.nix
|
||||
#+ARROYO_NIXOS_ROLE: server
|
||||
,#+ARROYO_NIXOS_MODULE: nixos/qemu-vm.nix
|
||||
,#+ARROYO_NIXOS_ROLE: server
|
||||
|
||||
#+begin_src nix :tangle ~/arroyo-nix/nixos/qemu-vm.nix
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = ~/arroyo-nix<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
imports = <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||
];
|
||||
|
||||
|
@ -212,11 +252,26 @@ Right now I develop in qemu.
|
|||
services.qemuGuest.enable = true;
|
||||
boot.growPartition = true;
|
||||
|
||||
# XXX: move to zfs
|
||||
boot.zfs.extraPools = [ "tank" ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
device = "terra-firma/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "terra-firma/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
filesystems."/tank/media" = {
|
||||
device = "tank/media";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
filesystems."/home" = {
|
||||
device = "tank/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -68,7 +68,7 @@ in epkgs.melpaBuild {
|
|||
:fetcher github)
|
||||
'';
|
||||
|
||||
packageRequires = [ pkgs.gawk epkgs.hydra ];
|
||||
packageRequires = [ pkgs.gawk epkgs.hydra pkgs.findutils ];
|
||||
|
||||
meta = {
|
||||
homepage = "https://www.leonrische.me/fc/index.html";
|
||||
|
@ -77,6 +77,15 @@ in epkgs.melpaBuild {
|
|||
};
|
||||
#+end_src
|
||||
|
||||
#+ARROYO_HOME_MODULE: hm/org-fc.nix
|
||||
#+begin_src nix :tangle ~/arroyo-nix/hm/org-fc.nix
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
home.packages = with pkgs; [ findutils gawk ];
|
||||
}
|
||||
#+end_src
|
||||
|
||||
* Some Custom SRS contexts
|
||||
|
||||
Sometimes it's nice to focus on one thing at a time. =org-fc= gives us custom contexts and here's how I use it:
|
||||
|
|
|
@ -41,3 +41,23 @@ I poke a hole in the firewall in [[id:cce/my_nixos_configuration][My NixOS confi
|
|||
networking.firewall.allowedTCPPorts = [ 22000 ];
|
||||
}
|
||||
#+end_src
|
||||
|
||||
I have some functions which help deal with conflicts:
|
||||
|
||||
#+begin_src emacs-lisp
|
||||
(defun cce/syncthing-deconflict (&optional dir)
|
||||
(interactive "D")
|
||||
(let* ((dir (or dir org-roam-directory))
|
||||
(possible-pairs
|
||||
(->> (f-glob "*sync-conflict*" org-roam-directory)
|
||||
(--map (list it (replace-regexp-in-string (rx (seq (literal ".sync-conflict") (one-or-more (not ".")))) "" it)))))
|
||||
(stale-conflict-files ; source doesn't exist or was moved elsewhere.
|
||||
(--remove (file-exists-p (second it)) possible-pairs))
|
||||
(ediff-candidates ; source does exist and should be ediff'd
|
||||
(--filter (file-exists-p (second it)) possible-pairs)))
|
||||
(dolist (f stale-conflict-files)
|
||||
(when (yes-or-no-p (format "%s does not exist. Delete %s? " (second f) (first f)))
|
||||
(delete-file (first f))))
|
||||
(dolist (f ediff-candidates)
|
||||
(apply #'ediff-files f)))))
|
||||
#+end_src
|
||||
|
|
|
@ -69,11 +69,12 @@ By structuring these invocations like this it is possible to write a function co
|
|||
[fn:1] This is required because I couldn't get =nix-update-decls= to update the revs of these without also populating a =sha256= key which will not be valid in a =builtins.fetchGit= invocation. Both [[id:nix_community_emacs_overlay][nix-community/emacs-overlay]] and [[id:cce/home-manager][home-manager]] are loaded in situations where there is no pre-existing [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][nixpkgs]] to invoke, so they have to use this "impure" invocation.
|
||||
|
||||
* NEXT update my [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][NixOS]] version pins and deploy
|
||||
SCHEDULED: <2022-10-12 Wed .+2w>
|
||||
SCHEDULED: <2022-11-21 Mon .+2w>
|
||||
:PROPERTIES:
|
||||
:LAST_REPEAT: [2022-09-28 Wed 15:59]
|
||||
:LAST_REPEAT: [2022-11-07 Mon 12:15]
|
||||
:END:
|
||||
:LOGBOOK:
|
||||
- State "DONE" from "NEXT" [2022-11-07 Mon 12:15]
|
||||
- State "DONE" from "NEXT" [2022-09-28 Wed 15:59]
|
||||
:END:
|
||||
|
||||
|
@ -110,7 +111,7 @@ Right now I am running off a branch of [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711
|
|||
|
||||
#+NAME: prefetch-hm
|
||||
#+results:
|
||||
: "6dc8a43f397c92afbc3f771385ac803d96d5eeb5"
|
||||
: "886675991b643b701a33f533443db165c70692d1"
|
||||
|
||||
#+begin_src nix :noweb-ref homeManager :noweb yes
|
||||
homeManager = _: builtins.fetchGit {
|
||||
|
@ -127,7 +128,7 @@ homeManager = _: builtins.fetchGit {
|
|||
|
||||
#+NAME: prefetch-em
|
||||
#+results:
|
||||
: "5a0d13e02555d20144d34fb8c9af4900fe55ce06"
|
||||
: "a864e84bd842d00d686e040f552e2fa7030351a0"
|
||||
|
||||
#+NAME: emacsOverlay
|
||||
#+begin_src nix :noweb yes
|
||||
|
@ -152,9 +153,9 @@ builds from https://codeberg.org/martianh/mastodon.el/commits/branch/main
|
|||
#+begin_src nix :noweb-ref mastodon
|
||||
mastodon = { pkgs, ... }: pkgs.fetchgit {
|
||||
url = "https://codeberg.org/martianh/mastodon.el";
|
||||
rev = "6b88c28779bd64aaf56c9d1e0c5fced77a506c0a";
|
||||
sha256 = "1vr0bj52p7mkg354rpcz6zqpb0fjyai1q2cqpsrp005qr6j177si";
|
||||
# date = "2022-09-22T11:40:46+02:00";
|
||||
rev = "e61ba4cccfeddce5fe0f2b4a43cbd444861cf31e";
|
||||
sha256 = "1307x7vqv5a1cm9i3pv2jfgh47nvvr913ndvpbkkcg91jvy7lwk3";
|
||||
# date = "2022-11-07T13:58:34+01:00";
|
||||
};
|
||||
#+end_src
|
||||
|
||||
|
@ -190,9 +191,9 @@ consult-org-roam-rev = "268f436858e1ea3b263782af466a54e4d603a7d2";
|
|||
consult-org-roam = {pkgs, ...}: pkgs.fetchFromGitHub {
|
||||
owner = "jgru";
|
||||
repo = "consult-org-roam";
|
||||
rev = "3eae47a4667a583e30703c1c5344e26225b5f676";
|
||||
sha256 = "1p78nb940kyrlb3qpd2ll6zbvi1swdajc661ly9aq6kzmrvcia9r";
|
||||
# date = "2022-09-21T07:07:59+02:00";
|
||||
rev = "b93cc856d1d2dd0719926e51c5a6309bbbf60b19";
|
||||
sha256 = "1k0733kymkf8f3r4xi3fja561sybbkss3p54v7kf6pcz33v6gwc6";
|
||||
# date = "2022-11-05T13:02:36+01:00";
|
||||
};
|
||||
#+end_src
|
||||
|
||||
|
|
Loading…
Reference in New Issue