nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Defined informis deployment. Don't need so much info to deploy.

Browse Source
This commit is contained in:
Niten 2021-04-18 23:24:01 -07:00
parent 148c82bcfe
commit eb3127a99d
6 changed files with 98 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
config/host-config/lambda.nix
View File

@ -1,6 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ let
shinobi-port = "7080";
shinobi-od-port = "7082";
in {
# TODO: remove? # TODO: remove?
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041 "openssh-with-gssapi-8.4p1" # CVE-2021-28041
@ -25,5 +29,71 @@
api-address = "/ip4/0.0.0.0/tcp/5001"; api-address = "/ip4/0.0.0.0/tcp/5001";
}; };
# TODO: add camera virtualisation = {
docker = {
enable = true;
enableOnBoot = true;
autoPrune = { enable = true; };
};
oci-containers = {
containers = {
shinobi = {
image = "shinobisystems/shinobi:latest";
ports = [ "${shinobi-port}:8080" ];
volumes = [
"/srv/shinobi/plugins:/home/Shinobi/plugins"
"/srv/shinobi/config:/home/Shinobi/config"
"/srv/shinobi/videos:/home/Shinobi/videos"
"/srv/shinobi/db-data:/var/lib/mysql"
"/etc/localtime:/etc/localtime:ro"
];
};
# shinobi-od = {
# image = "shinobisystems/shinobi-tensorflow:latest";
# volumes =
# [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
# ports = [ "${shinobi-od-port}:8082" ];
# environment = {
# PLUGIN_HOST = "panopticon.sea.fudo.org";
# PLUGIN_PORT = shinobi-port;
# PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
# };
# };
# photoprism = { image = "photoprism/photoprism"; };
};
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts = {
"panopticon.sea.fudo.org" = {
locations."/" = {
proxyPass = "http://localhost:${shinobi-port}";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
'';
};
};
# "panopticon-od.sea.fudo.org" = {
# locations."/" = {
# proxyPass = "http://localhost:${shinobi-od-port}";
# extraConfig = ''
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# '';
# };
# };
};
};
} }

4
config/sites.nix
View File

@ -70,9 +70,11 @@
joes-datacenter-0 = { joes-datacenter-0 = {
gateway-v4 = "172.86.179.17"; gateway-v4 = "172.86.179.17";
network = "FIXME"; # network = "FIXME";
nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ]; nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ];
timezone = "America/Winnipeg"; timezone = "America/Winnipeg";
deploy-pubkey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=";
}; };
}; };
} }

12
nixops/informis.nix Normal file
View File

@ -0,0 +1,12 @@
let
nixos-version = "20.09";
hosts = import ./lib/hosts.nix { inherit nixos-version; };
define-host = hosts.host-config;
in {
network.description = "Informis network";
procul = define-host "172.86.179.18" "procul";
}

8
nixops/lib/hosts.nix
View File

@ -13,15 +13,11 @@ let
initialize = import ../../initialize.nix; initialize = import ../../initialize.nix;
# This is a problem...it creates a second source of truth. host-config = ip: hostname:
host-config = ip: port: config:
{ ... }: { { ... }: {
imports = [ imports = [
(initialize { (initialize {
hostname = config.hostname; hostname = hostname;
profile = config.profile;
site = config.site;
domain = config.domain;
home-manager-package = home-manager-package; home-manager-package = home-manager-package;
pkgs = pkgs; pkgs = pkgs;
}) })

24
nixops/seattle.nix
View File

@ -1,26 +1,16 @@
let let
deploy-port = 2112;
nixos-version = "20.09"; nixos-version = "20.09";
hosts = import ./lib/hosts.nix { inherit nixos-version; }; hosts = import ./lib/hosts.nix { inherit nixos-version; };
seattle-host = ip: hostname: profile:
let define-host = hosts.host-config;
site = "seattle";
domain = "sea.fudo.org";
in hosts.host-config ip deploy-port {
inherit hostname profile domain site;
};
in { in {
network.description = "Seattle home network."; network.description = "Seattle home network.";
lambda = seattle-host "10.0.0.11" "lambda" "server"; limina = define-host "10.0.0.1" "limina";
liminia = seattle-host "10.0.0.1" "limina" "server"; lambda = define-host "10.0.0.11" "lambda";
plato = seattle-host "10.0.0.21" "plato" "server"; plato = define-host "10.0.0.21" "plato";
spark = seattle-host "10.0.0.108" "spark" "desktop"; spark = define-host "10.0.0.108" "spark";
zbox = seattle-host "10.0.0.110" "zbox" "desktop"; zbox = define-host "10.0.0.110" "zbox";
#nostromo = seattle-host "10.0.0.1" "nostromo" "server";
#lambda = seattle-host "10.0.0.3" "lambda" "server";
} }

4
packages/default.nix
View File

@ -147,8 +147,8 @@ in {
doom-emacs-config = pkgs.fetchgit { doom-emacs-config = pkgs.fetchgit {
url = "https://git.fudo.org/niten/doom-emacs.git"; url = "https://git.fudo.org/niten/doom-emacs.git";
rev = "c57d6712e358a9941b1de3508b104ffd38099a3a"; rev = "349edaa2b3b34fa77591322d4345e304eb89bc3b";
sha256 = "1b2aw06irmv3xha6rhqlw3lmy6qxv281j4w91c8af0qsvhcq9g1y"; sha256 = "0kclivh6xx8zgw39hg6kf7mfg95qhni16pma2fskr0q7akrnsva7";
}; };
vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; }; vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; };