nixos-config/config/host-config/lambda.nix

{ config, lib, pkgs, ... }:

let
  shinobi-port = "7080";
  shinobi-od-port = "7082";

in {
  networking = {
    interfaces = {
      enp3s0f0.useDHCP = false;
      enp3s0f1.useDHCP = false;
      enp4s0f0.useDHCP = false;
      enp4s0f1.useDHCP = false;

      intif0 = { useDHCP = true; };
    };
  };

  fudo.secrets = {
    host-secrets.lambda = {
      host-keytab = {
        source-file = /state/secrets/kerberos/lambda.keytab;
        target-file = "/etc/krb5.keytab";
        user = "root";
      };
    };

    secret-group = "fudo-secrets";
    secret-users = [ "niten" ];
    secret-paths = [ "/state/secrets" ];
  };

  systemd.tmpfiles.rules = [
    "L /root/.gnupg - - - - /state/root/gnupg"
    # "L /root/.emacs.d - - - - /state/root/emacs.d"
    "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
    "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
    "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
    "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
    "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
  ];

  security.sudo.extraConfig = ''
    # Due to rollback, sudo will lecture after every reboot
    Defaults lecture = never
  '';

  virtualisation = {
    docker = {
      enable = true;
      enableOnBoot = true;
      autoPrune = { enable = true; };
    };

    oci-containers = {
      containers = {
        shinobi = {
          image = "shinobisystems/shinobi:latest";
          ports = [ "${shinobi-port}:8080" ];
          volumes = [
            "/state/shinobi/plugins:/home/Shinobi/plugins"
            "/state/shinobi/config:/home/Shinobi/config"
            "/state/shinobi/videos:/home/Shinobi/videos"
            "/state/shinobi/db-data:/var/lib/mysql"
            "/etc/localtime:/etc/localtime:ro"
          ];
        };

        # shinobi-od = {
        #   image = "shinobisystems/shinobi-tensorflow:latest";
        #   volumes =
        #     [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
        #   ports = [ "${shinobi-od-port}:8082" ];
        #   environment = {
        #     PLUGIN_HOST = "panopticon.sea.fudo.org";
        #     PLUGIN_PORT = shinobi-port;
        #     PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
        #   };
        # };

        # photoprism = { image = "photoprism/photoprism"; };
      };
    };
  };

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;

    virtualHosts = {
      "panopticon.sea.fudo.org" = {
        locations."/" = {
          proxyPass = "http://localhost:${shinobi-port}";
          extraConfig = ''
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-By $server_addr:$server_port;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
          '';
        };
      };
      # "panopticon-od.sea.fudo.org" = {
      #   locations."/" = {
      #     proxyPass = "http://localhost:${shinobi-od-port}";
      #     extraConfig = ''
      #       proxy_http_version 1.1;
      #       proxy_set_header Upgrade $http_upgrade;
      #       proxy_set_header Connection "Upgrade";
      #     '';
      #   };
      # };
    };
  };
}
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`{ config, lib, pkgs, ... }:`

Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`let`
			`shinobi-port = "7080";`
			`shinobi-od-port = "7082";`

			`in {`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`networking = {`
			`interfaces = {`
			`enp3s0f0.useDHCP = false;`
			`enp3s0f1.useDHCP = false;`
			`enp4s0f0.useDHCP = false;`
			`enp4s0f1.useDHCP = false;`

Switch back to intif0 for lambda 2021-04-12 15:27:42 -07:00			`intif0 = { useDHCP = true; };`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`
			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`fudo.secrets = {`
			`host-secrets.lambda = {`
			`host-keytab = {`
			`source-file = /state/secrets/kerberos/lambda.keytab;`
			`target-file = "/etc/krb5.keytab";`
			`user = "root";`
			`};`
Evolution in Seattle 2021-04-29 21:39:21 -07:00			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`secret-group = "fudo-secrets";`
			`secret-users = [ "niten" ];`
			`secret-paths = [ "/state/secrets" ];`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`systemd.tmpfiles.rules = [`
			`"L /root/.gnupg - - - - /state/root/gnupg"`
			`# "L /root/.emacs.d - - - - /state/root/emacs.d"`
			`"L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"`
			`"L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"`
			`"L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"`
			`"L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"`
			`"L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"`
			`];`

			`security.sudo.extraConfig = ''`
			`# Due to rollback, sudo will lecture after every reboot`
			`Defaults lecture = never`
			`'';`

Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`enableOnBoot = true;`
			`autoPrune = { enable = true; };`
			`};`

			`oci-containers = {`
			`containers = {`
			`shinobi = {`
			`image = "shinobisystems/shinobi:latest";`
			`ports = [ "${shinobi-port}:8080" ];`
			`volumes = [`
Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`"/state/shinobi/plugins:/home/Shinobi/plugins"`
			`"/state/shinobi/config:/home/Shinobi/config"`
			`"/state/shinobi/videos:/home/Shinobi/videos"`
			`"/state/shinobi/db-data:/var/lib/mysql"`
Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`"/etc/localtime:/etc/localtime:ro"`
			`];`
			`};`

			`# shinobi-od = {`
			`# image = "shinobisystems/shinobi-tensorflow:latest";`
			`# volumes =`
			`# [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];`
			`# ports = [ "${shinobi-od-port}:8082" ];`
			`# environment = {`
			`# PLUGIN_HOST = "panopticon.sea.fudo.org";`
			`# PLUGIN_PORT = shinobi-port;`
			`# PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";`
			`# };`
			`# };`

			`# photoprism = { image = "photoprism/photoprism"; };`
			`};`
			`};`
			`};`

			`services.nginx = {`
			`enable = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`

			`virtualHosts = {`
			`"panopticon.sea.fudo.org" = {`
			`locations."/" = {`
			`proxyPass = "http://localhost:${shinobi-port}";`
			`extraConfig = ''`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "Upgrade";`
chanegs over time... 2021-06-08 14:22:37 -07:00
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-By $server_addr:$server_port;`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`'';`
			`};`
			`};`
			`# "panopticon-od.sea.fudo.org" = {`
			`# locations."/" = {`
			`# proxyPass = "http://localhost:${shinobi-od-port}";`
			`# extraConfig = ''`
			`# proxy_http_version 1.1;`
			`# proxy_set_header Upgrade $http_upgrade;`
			`# proxy_set_header Connection "Upgrade";`
			`# '';`
			`# };`
			`# };`
			`};`
			`};`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`}`