diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 917add3..53cb3ed 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,8 +16,7 @@ in sddm wireguard microvm - defenseio - # midnight + midnight ; }; }; @@ -32,8 +31,7 @@ in plymouth wireguard microvm - defenseio - # midnight + midnight ; }; }; @@ -42,8 +40,7 @@ in imports = builtins.attrValues { inherit (modules) microvm - defenseio - # midnight + midnight ; }; }; @@ -63,7 +60,7 @@ in # logrotate mastodon microvm - # midnight + midnight minecraft # ollamaCeres ceresOpenCloud @@ -75,7 +72,6 @@ in vaultwarden website zookeeper - defenseio ; }; }; @@ -87,11 +83,10 @@ in caddy logrotate microvm - # midnight + midnight # opencloud sambaEris postgresEris - defenseio ; }; }; diff --git a/modules/nixos/guests/defenseio/default.nix b/modules/nixos/guests/defenseio/default.nix deleted file mode 100755 index 2863bff..0000000 --- a/modules/nixos/guests/defenseio/default.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ - flake, - pkgs, - config, - ... -}: -let - inherit (flake.config.people) user0; - inherit (flake.config.machines) devices; - - mars = devices.mars.name; - ceres = devices.ceres.name; - eris = devices.eris.name; - deimos = devices.deimos.name; - phobos = devices.phobos.name; - - hostname = config.networking.hostName; - - deviceLogic = - var0: var1: var2: var3: var4: - if hostname == ceres then - var0 - else if hostname == eris then - var1 - else if hostname == mars then - var2 - else if hostname == deimos then - var3 - else if hostname == phobos then - var4 - else - var0; - - macOctet = deviceLogic "57" "58" "59" "60" "61"; -in - -{ - microvm = { - vms = { - defenseio = { - autostart = true; - config = - let - macAddress = "02:00:00:00:00:${macOctet}"; - workers = deviceLogic 35 4 18 5 6; - in - { - environment.systemPackages = [ - pkgs.git - pkgs.ncurses - pkgs.python313 - ]; - - microvm = { - forwardPorts = [ - { - from = "host"; - host.port = 2058; - guest.port = 22; - } - ]; - hypervisor = "qemu"; - interfaces = [ - { - type = "user"; - id = "uservm-dfo"; - mac = macAddress; - } - ]; - mem = deviceLogic 45000 5120 22000 6144 7168; - shares = [ - { - mountPoint = "/nix/.ro-store"; - proto = "virtiofs"; - source = "/nix/store"; - tag = "read_only_nix_store"; - } - { - mountPoint = "/var/lib/defenseio-data"; - proto = "virtiofs"; - source = "/var/lib/defenseio-data"; - tag = "defenseio_data"; - } - ]; - vcpu = workers; - }; - - networking.firewall.allowedTCPPorts = [ - 22 - ]; - - services = { - openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - }; - - system.stateVersion = "25.05"; - - systemd = { - network = { - enable = true; - networks."20-user" = { - matchConfig.MACAddress = macAddress; - networkConfig = { - DHCP = "yes"; - }; - }; - }; - - tmpfiles.rules = [ - "d /var/lib/defenseio-data 0755 root root - -" - ]; - - services = { - defenseio-miner = { - after = [ "network-online.target" ]; - description = "DefenseIOMiner - DFO token miner"; - serviceConfig = { - Environment = [ - "PATH=/run/current-system/sw/bin" - "TERM=xterm-256color" - ]; - ExecStartPre = pkgs.writeShellScript "setup-miner" '' - # Create venv if not already present (persists on virtiofs mount) - if [ ! -d /var/lib/defenseio-data/venv ]; then - ${pkgs.python313}/bin/python -m venv /var/lib/defenseio-data/venv - fi - - # Install/upgrade dependencies - /var/lib/defenseio-data/venv/bin/pip install --upgrade pip - /var/lib/defenseio-data/venv/bin/pip install requests pycardano cbor2 portalocker - - # Clone repo if not already present - if [ ! -d /var/lib/defenseio-data/MidnightMiner ]; then - cd /var/lib/defenseio-data - ${pkgs.git}/bin/git clone https://github.com/djeanql/MidnightMiner.git - else - cd /var/lib/defenseio-data/MidnightMiner - ${pkgs.git}/bin/git pull - fi - - # Show current commit - cd /var/lib/defenseio-data/MidnightMiner - echo "Current commit: $(${pkgs.git}/bin/git log -1 --format='%h - %s')" - ''; - ExecStart = pkgs.writeShellScript "run-miner" '' - export PATH=/run/current-system/sw/bin:$PATH - cd /var/lib/defenseio-data/MidnightMiner - /var/lib/defenseio-data/venv/bin/python miner.py --defensio --workers ${toString workers} --no-donation - ''; - Restart = "always"; - RestartSec = 10; - }; - wants = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - }; - }; - }; - - time.timeZone = "America/Winnipeg"; - - users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; - - }; - }; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/defenseio-data 0751 microvm wheel - -" - ]; - -} diff --git a/modules/nixos/guests/jellyfin/default.nix b/modules/nixos/guests/jellyfin/default.nix index bb2857e..7ece0b7 100755 --- a/modules/nixos/guests/jellyfin/default.nix +++ b/modules/nixos/guests/jellyfin/default.nix @@ -82,7 +82,7 @@ in systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ]; microvm = { - vcpu = 8; + vcpu = 6; mem = 8192; hypervisor = "qemu"; interfaces = [ diff --git a/modules/nixos/guests/projectSite/default.nix b/modules/nixos/guests/projectSite/default.nix index 228a2a1..237cb61 100755 --- a/modules/nixos/guests/projectSite/default.nix +++ b/modules/nixos/guests/projectSite/default.nix @@ -78,6 +78,7 @@ in }; }; + # Host Caddy services.caddy = { enable = true; virtualHosts.${host}.extraConfig = '' @@ -85,6 +86,7 @@ in ''; }; + # ACME cert security.acme.certs.${host} = { dnsProvider = instances.web.dns.provider1; environmentFile = config.sops.secrets."dns/${instances.web.dns.provider1}".path; diff --git a/profiles/user0/files/misc/justfile.nix b/profiles/user0/files/misc/justfile.nix index 6202e5e..a6997e2 100755 --- a/profiles/user0/files/misc/justfile.nix +++ b/profiles/user0/files/misc/justfile.nix @@ -9,16 +9,16 @@ let inherit (flake.config.services) instances; hostname = config.networking.hostName; dotPath = "~/projects/dotfiles"; - mkLocalRebuild = '' - rebuild: - nixos-rebuild switch --sudo --flake ${dotPath}#${hostname} --show-trace + mkLocalRebuild = type: '' + ${type}-rebuild: + nixos-rebuild ${type} --sudo --flake ${dotPath}#${hostname} --show-trace ''; mkRemoteRebuild = name: ip: '' - rebuild-${name}: + ${name}-rebuild: nixos-rebuild switch --flake ${dotPath}#${name} --target-host ${ip} --sudo --ask-sudo-password --show-trace ''; mkSshCommands = name: ip: '' - ${name}: + ${name}-ssh: ssh ${ip} ''; mkMicrVMSshCommands = name: ssh: '' @@ -43,7 +43,14 @@ let (command instances.firefly-iii.name instances.firefly-iii.interface.ssh) (command instances.mastodon.name instances.mastodon.interface.ssh) ]; - localRebuild = mkLocalRebuild; + typeLabels = + type: + lib.concatStrings [ + (type "switch") + (type "build") + (type "boot") + ]; + localRebuild = typeLabels mkLocalRebuild; remoteRebuild = systemRecords mkRemoteRebuild; sshCommand = systemRecords mkSshCommands; microVMSshCommand = instanceRecords mkMicrVMSshCommands;