From eb3127a99d591f81a7cce6acc7aff5ab94cf0465 Mon Sep 17 00:00:00 2001 From: Niten Date: Sun, 18 Apr 2021 23:24:01 -0700 Subject: [PATCH] Defined informis deployment. Don't need so much info to deploy. --- config/host-config/lambda.nix | 74 ++++++++++++++++++++++++++++++++++- config/sites.nix | 4 +- nixops/informis.nix | 12 ++++++ nixops/lib/hosts.nix | 8 +--- nixops/seattle.nix | 24 ++++-------- packages/default.nix | 4 +- 6 files changed, 98 insertions(+), 28 deletions(-) create mode 100644 nixops/informis.nix diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix index 8feb358..141cc2c 100644 --- a/config/host-config/lambda.nix +++ b/config/host-config/lambda.nix @@ -1,6 +1,10 @@ { config, lib, pkgs, ... }: -{ +let + shinobi-port = "7080"; + shinobi-od-port = "7082"; + +in { # TODO: remove? nixpkgs.config.permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" # CVE-2021-28041 @@ -25,5 +29,71 @@ api-address = "/ip4/0.0.0.0/tcp/5001"; }; - # TODO: add camera + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + autoPrune = { enable = true; }; + }; + + oci-containers = { + containers = { + shinobi = { + image = "shinobisystems/shinobi:latest"; + ports = [ "${shinobi-port}:8080" ]; + volumes = [ + "/srv/shinobi/plugins:/home/Shinobi/plugins" + "/srv/shinobi/config:/home/Shinobi/config" + "/srv/shinobi/videos:/home/Shinobi/videos" + "/srv/shinobi/db-data:/var/lib/mysql" + "/etc/localtime:/etc/localtime:ro" + ]; + }; + + # shinobi-od = { + # image = "shinobisystems/shinobi-tensorflow:latest"; + # volumes = + # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ]; + # ports = [ "${shinobi-od-port}:8082" ]; + # environment = { + # PLUGIN_HOST = "panopticon.sea.fudo.org"; + # PLUGIN_PORT = shinobi-port; + # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3"; + # }; + # }; + + # photoprism = { image = "photoprism/photoprism"; }; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + + virtualHosts = { + "panopticon.sea.fudo.org" = { + locations."/" = { + proxyPass = "http://localhost:${shinobi-port}"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + ''; + }; + }; + # "panopticon-od.sea.fudo.org" = { + # locations."/" = { + # proxyPass = "http://localhost:${shinobi-od-port}"; + # extraConfig = '' + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # ''; + # }; + # }; + }; + }; } diff --git a/config/sites.nix b/config/sites.nix index 5810243..c9adc6e 100644 --- a/config/sites.nix +++ b/config/sites.nix @@ -70,9 +70,11 @@ joes-datacenter-0 = { gateway-v4 = "172.86.179.17"; - network = "FIXME"; + # network = "FIXME"; nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ]; timezone = "America/Winnipeg"; + deploy-pubkey = + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="; }; }; } diff --git a/nixops/informis.nix b/nixops/informis.nix new file mode 100644 index 0000000..3464c3d --- /dev/null +++ b/nixops/informis.nix @@ -0,0 +1,12 @@ +let + nixos-version = "20.09"; + + hosts = import ./lib/hosts.nix { inherit nixos-version; }; + + define-host = hosts.host-config; + +in { + network.description = "Informis network"; + + procul = define-host "172.86.179.18" "procul"; +} diff --git a/nixops/lib/hosts.nix b/nixops/lib/hosts.nix index a279063..cba2807 100644 --- a/nixops/lib/hosts.nix +++ b/nixops/lib/hosts.nix @@ -13,15 +13,11 @@ let initialize = import ../../initialize.nix; - # This is a problem...it creates a second source of truth. - host-config = ip: port: config: + host-config = ip: hostname: { ... }: { imports = [ (initialize { - hostname = config.hostname; - profile = config.profile; - site = config.site; - domain = config.domain; + hostname = hostname; home-manager-package = home-manager-package; pkgs = pkgs; }) diff --git a/nixops/seattle.nix b/nixops/seattle.nix index ae4cfc3..338b546 100644 --- a/nixops/seattle.nix +++ b/nixops/seattle.nix @@ -1,26 +1,16 @@ let - deploy-port = 2112; - nixos-version = "20.09"; hosts = import ./lib/hosts.nix { inherit nixos-version; }; - seattle-host = ip: hostname: profile: - let - site = "seattle"; - domain = "sea.fudo.org"; - in hosts.host-config ip deploy-port { - inherit hostname profile domain site; - }; + + define-host = hosts.host-config; in { network.description = "Seattle home network."; - lambda = seattle-host "10.0.0.11" "lambda" "server"; - liminia = seattle-host "10.0.0.1" "limina" "server"; - plato = seattle-host "10.0.0.21" "plato" "server"; - spark = seattle-host "10.0.0.108" "spark" "desktop"; - zbox = seattle-host "10.0.0.110" "zbox" "desktop"; - - #nostromo = seattle-host "10.0.0.1" "nostromo" "server"; - #lambda = seattle-host "10.0.0.3" "lambda" "server"; + limina = define-host "10.0.0.1" "limina"; + lambda = define-host "10.0.0.11" "lambda"; + plato = define-host "10.0.0.21" "plato"; + spark = define-host "10.0.0.108" "spark"; + zbox = define-host "10.0.0.110" "zbox"; } diff --git a/packages/default.nix b/packages/default.nix index 3ad013d..288ed93 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -147,8 +147,8 @@ in { doom-emacs-config = pkgs.fetchgit { url = "https://git.fudo.org/niten/doom-emacs.git"; - rev = "c57d6712e358a9941b1de3508b104ffd38099a3a"; - sha256 = "1b2aw06irmv3xha6rhqlw3lmy6qxv281j4w91c8af0qsvhcq9g1y"; + rev = "349edaa2b3b34fa77591322d4345e304eb89bc3b"; + sha256 = "0kclivh6xx8zgw39hg6kf7mfg95qhni16pma2fskr0q7akrnsva7"; }; vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; };