nixos-config/config/host-config/lambda.nix

{ config, lib, pkgs, ... }:

let
  shinobi-port = "7080";
  shinobi-od-port = "7082";
  state-dir = "/state"; # This must be a string!

  home-assistant-port = 8123;

  parent-config = config;

  generate-mac = pkgs.lib.network.generate-mac-address;

in {
  boot = {
    loader.grub.copyKernels = true;
    kernelModules = [ "rpcsec_gss_krb5" ];
  };

  networking = {
    interfaces = {
      enp3s0f0.useDHCP = false;
      enp3s0f1.useDHCP = false;
      enp4s0f0.useDHCP = false;
      enp4s0f1.useDHCP = false;

      intif0.useDHCP = true;
    };
  };

  systemd.tmpfiles.rules = [
    "L /root/.gnupg           - - - - ${state-dir}/user/root/gnupg"
    "L /root/.ssh/id_rsa      - - - - ${state-dir}/user/root/ssh/id_rsa"
    "L /root/.ssh/id_rsa.pub  - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
    "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
  ];

  services.openssh.hostKeys = [
    {
      path = "${state-dir}/ssh/ssh_host_rsa_key";
      type = "rsa";
      bits = 4096;
    }
    {
      path = "${state-dir}/ssh/ssh_host_ed25519_key";
      type = "ed25519";
      bits = 4096;
    }
  ];

  environment.etc = {
    "ssh/ssh_host_rsa_key" = {
      source = "${state-dir}/ssh/ssh_host_rsa_key";
      user = "root";
      group = "root";
      mode = "0400";
    };
    "ssh/ssh_host_rsa_key.pub" = {
      source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
      user = "root";
      group = "root";
      mode = "0444";
    };
    "ssh/ssh_host_ed25519_key" = {
      source = "${state-dir}/ssh/ssh_host_ed25519_key";
      user = "root";
      group = "root";
      mode = "0400";
    };
    "ssh/ssh_host_ed25519_key.pub" = {
      source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
      user = "root";
      group = "root";
      mode = "0444";
    };
    nixos.source = "/etc/nixos-live";
    "host-config.nix".source = "/state/host/host-config.nix";
    adjtime.source = "/state/host/adjtime";
    NIXOS.source = "/state/host/NIXOS";
  };

  security.sudo.extraConfig = ''
    # Due to rollback, sudo will lecture after every reboot
    Defaults lecture = never
  '';

  services.nginx = {
    enable = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedGzipSettings = true;

    virtualHosts."home.sea.fudo.org" = {
      locations."/" = {
        proxyPass = "http://localhost:${toString home-assistant-port}";
        proxyWebsockets = true;
      };
    };
  };

  virtualisation = {
    docker = {
      enable = true;
      enableOnBoot = true;
      autoPrune = { enable = true; };
    };

    oci-containers = {
      backend = "docker";
      containers = {
        home-assistant = {
          image = "homeassistant/home-assistant:stable";
          autoStart = true;
          environment.TZ = config.time.timeZone;
          # ports = [ "${toString home-assistant-port}:8123" ];
          volumes = [ "/state/services/home-assistant:/config" ];
          extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ];
        };

        # shinobi = {
        #   image = "shinobisystems/shinobi:latest";
        #   ports = [ "${shinobi-port}:8080" ];
        #   volumes = [
        #     "/state/shinobi/plugins:/home/Shinobi/plugins"
        #     "/state/shinobi/config:/home/Shinobi/config"
        #     "/state/shinobi/videos:/home/Shinobi/videos"
        #     "/state/shinobi/db-data:/var/lib/mysql"
        #     "/etc/localtime:/etc/localtime:ro"
        #   ];
        # };

        # shinobi-od = {
        #   image = "shinobisystems/shinobi-tensorflow:latest";
        #   volumes =
        #     [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
        #   ports = [ "${shinobi-od-port}:8082" ];
        #   environment = {
        #     PLUGIN_HOST = "panopticon.sea.fudo.org";
        #     PLUGIN_PORT = shinobi-port;
        #     PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
        #   };
        # };

        # photoprism = { image = "photoprism/photoprism"; };
      };
    };
  };
}
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`{ config, lib, pkgs, ... }:`

Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`let`
			`shinobi-port = "7080";`
			`shinobi-od-port = "7082";`
Changes for lambda 2021-07-25 22:45:36 -07:00			`state-dir = "/state"; # This must be a string!`
Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00
Added live disk flake 2022-03-16 09:49:35 -07:00			`home-assistant-port = 8123;`

			`parent-config = config;`

			`generate-mac = pkgs.lib.network.generate-mac-address;`

Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`in {`
Fixed deploy keys and added ssh keys pushed from deploy server 2021-09-22 18:43:23 -07:00			`boot = {`
			`loader.grub.copyKernels = true;`
			`kernelModules = [ "rpcsec_gss_krb5" ];`
			`};`
Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`networking = {`
			`interfaces = {`
			`enp3s0f0.useDHCP = false;`
			`enp3s0f1.useDHCP = false;`
			`enp4s0f0.useDHCP = false;`
			`enp4s0f1.useDHCP = false;`

Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00			`intif0.useDHCP = true;`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`
			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`systemd.tmpfiles.rules = [`
Initial flake commit 2021-08-04 12:37:55 -07:00			`"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"`
			`"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"`
			`"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"`
Fixed conflicts 2021-07-20 18:39:07 -07:00			`"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"`
Changes for lambda, fixes for sea.fudo.org 2021-07-26 12:09:47 -07:00			`];`

			`services.openssh.hostKeys = [`
			`{`
			`path = "${state-dir}/ssh/ssh_host_rsa_key";`
			`type = "rsa";`
			`bits = 4096;`
			`}`
			`{`
			`path = "${state-dir}/ssh/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`bits = 4096;`
			`}`
Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`];`

Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00			`environment.etc = {`
			`"ssh/ssh_host_rsa_key" = {`
			`source = "${state-dir}/ssh/ssh_host_rsa_key";`
			`user = "root";`
			`group = "root";`
			`mode = "0400";`
			`};`
			`"ssh/ssh_host_rsa_key.pub" = {`
			`source = "${state-dir}/ssh/ssh_host_rsa_key.pub";`
			`user = "root";`
			`group = "root";`
			`mode = "0444";`
			`};`
			`"ssh/ssh_host_ed25519_key" = {`
			`source = "${state-dir}/ssh/ssh_host_ed25519_key";`
			`user = "root";`
			`group = "root";`
			`mode = "0400";`
			`};`
			`"ssh/ssh_host_ed25519_key.pub" = {`
			`source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";`
			`user = "root";`
			`group = "root";`
			`mode = "0444";`
			`};`
Changes for lambda, fixes for sea.fudo.org 2021-07-26 12:09:47 -07:00			`nixos.source = "/etc/nixos-live";`
			`"host-config.nix".source = "/state/host/host-config.nix";`
			`adjtime.source = "/state/host/adjtime";`
			`NIXOS.source = "/state/host/NIXOS";`
Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`security.sudo.extraConfig = ''`
			`# Due to rollback, sudo will lecture after every reboot`
			`Defaults lecture = never`
			`'';`

Added live disk flake 2022-03-16 09:49:35 -07:00			`services.nginx = {`
			`enable = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedGzipSettings = true;`

			`virtualHosts."home.sea.fudo.org" = {`
			`locations."/" = {`
Many changes over time 2022-04-08 14:21:56 -07:00			`proxyPass = "http://localhost:${toString home-assistant-port}";`
Added live disk flake 2022-03-16 09:49:35 -07:00			`proxyWebsockets = true;`
			`};`
			`};`
			`};`

Started to move to flakes 2021-07-28 12:01:06 -07:00			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`enableOnBoot = true;`
			`autoPrune = { enable = true; };`
			`};`

			`oci-containers = {`
Added live disk flake 2022-03-16 09:49:35 -07:00			`backend = "docker";`
Started to move to flakes 2021-07-28 12:01:06 -07:00			`containers = {`
Added live disk flake 2022-03-16 09:49:35 -07:00			`home-assistant = {`
			`image = "homeassistant/home-assistant:stable";`
			`autoStart = true;`
			`environment.TZ = config.time.timeZone;`
Many changes over time 2022-04-08 14:21:56 -07:00			`# ports = [ "${toString home-assistant-port}:8123" ];`
			`volumes = [ "/state/services/home-assistant:/config" ];`
			`extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ];`
Started to move to flakes 2021-07-28 12:01:06 -07:00			`};`

Added live disk flake 2022-03-16 09:49:35 -07:00			`# shinobi = {`
			`# image = "shinobisystems/shinobi:latest";`
			`# ports = [ "${shinobi-port}:8080" ];`
			`# volumes = [`
			`# "/state/shinobi/plugins:/home/Shinobi/plugins"`
			`# "/state/shinobi/config:/home/Shinobi/config"`
			`# "/state/shinobi/videos:/home/Shinobi/videos"`
			`# "/state/shinobi/db-data:/var/lib/mysql"`
			`# "/etc/localtime:/etc/localtime:ro"`
			`# ];`
			`# };`

Started to move to flakes 2021-07-28 12:01:06 -07:00			`# shinobi-od = {`
			`# image = "shinobisystems/shinobi-tensorflow:latest";`
			`# volumes =`
			`# [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];`
			`# ports = [ "${shinobi-od-port}:8082" ];`
			`# environment = {`
			`# PLUGIN_HOST = "panopticon.sea.fudo.org";`
			`# PLUGIN_PORT = shinobi-port;`
			`# PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";`
			`# };`
			`# };`

			`# photoprism = { image = "photoprism/photoprism"; };`
			`};`
			`};`
			`};`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`}`