Changes for lambda

config/hardware/lambda.nix

@@ -19,7 +19,6 @@
     };
 
     kernelModules = [ "kvm-amd" ];
-    externalModulePackages = [ ];
     kernelPackages = pkgs.linuxPackages_latest;
 
     loader.grub = {
@@ -49,16 +48,16 @@
 
   networking = {
     macvlans = {
-      intif0 = {
+      extif0 = {
         interface = "enp3s0f1";
         mode = "bridge";
       };
     };
 
     interfaces = {
-      intif0 = {
+      extif0 = {
-        # output of: echo lambda-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
+        # output of: echo lambda-extif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
-        macAddress = "02:f5:fe:8c:22:fe";
+        macAddress = "02:27:fe:1c:3c:6e";
       };
     };
   };

config/hosts/lambda.nix

@@ -1,11 +1,22 @@
 { config, lib, pkgs, ... }:
 
-let primary-ip = "10.0.0.3";
+let
+  primary-ip = "10.0.0.3";
+  shinobi-port = "7080";
+  shinobi-od-port = "7082";
 
 in {
+
+  # TODO: remove?
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssh-with-gssapi-8.4p1" # CVE-2021-28041
+  ];
+
   fudo.slynk.enable = true;
 
   networking = {
+    defaultGateway = "10.0.0.1";
+    
     interfaces = {
       enp3s0f0.useDHCP = false;
       enp3s0f1.useDHCP = false;
@@ -28,5 +39,61 @@ in {
     api-address = "/ip4/${primary-ip}/tcp/5001";
   };
 
-  # TODO: add camera
+  virtualisation.oci-containers.containers = {
+    shinobi = {
+      image = "shinobisystems/shinobi:latest";
+      ports = [ "${shinobi-port}:8080" ];
+      volumes = [
+        "/srv/shinobi/plugins:/home/Shinobi/plugins"
+        "/srv/shinobi/config:/home/Shinobi/config"
+        "/srv/shinobi/videos:/home/Shinobi/videos"
+        "/srv/shinobi/db-data:/var/lib/mysql"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+
+    # shinobi-od = {
+    #   image = "shinobisystems/shinobi-tensorflow:latest";
+    #   volumes =
+    #     [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
+    #   ports = [ "${shinobi-od-port}:8082" ];
+    #   environment = {
+    #     PLUGIN_HOST = "panopticon.sea.fudo.org";
+    #     PLUGIN_PORT = shinobi-port;
+    #     PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
+    #   };
+    # };
+
+    # photoprism = { image = "photoprism/photoprism"; };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "panopticon.sea.fudo.org" = {
+        locations."/" = {
+          proxyPass = "http://localhost:${shinobi-port}";
+          extraConfig = ''
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+          '';
+        };
+      };
+      # "panopticon-od.sea.fudo.org" = {
+      #   locations."/" = {
+      #     proxyPass = "http://localhost:${shinobi-od-port}";
+      #     extraConfig = ''
+      #       proxy_http_version 1.1;
+      #       proxy_set_header Upgrade $http_upgrade;
+      #       proxy_set_header Connection "Upgrade";
+      #     '';
+      #   };
+      # };
+    };
+  };
 }

config/networks/sea.fudo.org.nix

@@ -77,7 +77,7 @@ in {
     };
     lambda = {
       ip-address = "10.0.0.3";
-      mac-address = "02:50:f6:52:9f:9d";
+      mac-address = "02:27:fe:1c:3c:6e";
     };
     switch-master = {
       ip-address = "10.0.0.5";

config/profiles/server.nix

@@ -6,7 +6,6 @@ let
     emacs-nox
     ldns
     ldns.examples
-    jdk14_headless
     racket-minimal
     reboot-if-necessary
     test-config
@@ -24,7 +23,8 @@ let
       $WALL "$1 exists, rebooting system"
       ${pkgs.systemd}/bin/reboot
     else
-      $WALL "$1 does not exist, aborting reboot."
+      $WALL "$1 does not exist, switching config."
+      nixos-rebuild switch
     fi
 
     exit 0