From ee35a417d35db0a9d70a8b995f438b1de6aba7f8 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Nov 2025 16:59:52 -0600 Subject: [PATCH 1/4] feat: increased cpu cores --- modules/nixos/guests/jellyfin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/guests/jellyfin/default.nix b/modules/nixos/guests/jellyfin/default.nix index 7ece0b7..bb2857e 100755 --- a/modules/nixos/guests/jellyfin/default.nix +++ b/modules/nixos/guests/jellyfin/default.nix @@ -82,7 +82,7 @@ in systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ]; microvm = { - vcpu = 6; + vcpu = 8; mem = 8192; hypervisor = "qemu"; interfaces = [ From 68eaa6ec61833e3707ac931f747c4aaebaa8380c Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Nov 2025 17:00:04 -0600 Subject: [PATCH 2/4] chore: cleaned up comments --- modules/nixos/guests/projectSite/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/nixos/guests/projectSite/default.nix b/modules/nixos/guests/projectSite/default.nix index 237cb61..228a2a1 100755 --- a/modules/nixos/guests/projectSite/default.nix +++ b/modules/nixos/guests/projectSite/default.nix @@ -78,7 +78,6 @@ in }; }; - # Host Caddy services.caddy = { enable = true; virtualHosts.${host}.extraConfig = '' @@ -86,7 +85,6 @@ in ''; }; - # ACME cert security.acme.certs.${host} = { dnsProvider = instances.web.dns.provider1; environmentFile = config.sops.secrets."dns/${instances.web.dns.provider1}".path; From 9ddd24717500a1c2255e7d1582a07def4ea1a00a Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Nov 2025 17:00:17 -0600 Subject: [PATCH 3/4] chore: reverted justfile --- profiles/user0/files/misc/justfile.nix | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/profiles/user0/files/misc/justfile.nix b/profiles/user0/files/misc/justfile.nix index a6997e2..6202e5e 100755 --- a/profiles/user0/files/misc/justfile.nix +++ b/profiles/user0/files/misc/justfile.nix @@ -9,16 +9,16 @@ let inherit (flake.config.services) instances; hostname = config.networking.hostName; dotPath = "~/projects/dotfiles"; - mkLocalRebuild = type: '' - ${type}-rebuild: - nixos-rebuild ${type} --sudo --flake ${dotPath}#${hostname} --show-trace + mkLocalRebuild = '' + rebuild: + nixos-rebuild switch --sudo --flake ${dotPath}#${hostname} --show-trace ''; mkRemoteRebuild = name: ip: '' - ${name}-rebuild: + rebuild-${name}: nixos-rebuild switch --flake ${dotPath}#${name} --target-host ${ip} --sudo --ask-sudo-password --show-trace ''; mkSshCommands = name: ip: '' - ${name}-ssh: + ${name}: ssh ${ip} ''; mkMicrVMSshCommands = name: ssh: '' @@ -43,14 +43,7 @@ let (command instances.firefly-iii.name instances.firefly-iii.interface.ssh) (command instances.mastodon.name instances.mastodon.interface.ssh) ]; - typeLabels = - type: - lib.concatStrings [ - (type "switch") - (type "build") - (type "boot") - ]; - localRebuild = typeLabels mkLocalRebuild; + localRebuild = mkLocalRebuild; remoteRebuild = systemRecords mkRemoteRebuild; sshCommand = systemRecords mkSshCommands; microVMSshCommand = instanceRecords mkMicrVMSshCommands; From 247ac04114be1071eb1afb950b564dd7a86ecdf8 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Nov 2025 22:16:48 -0600 Subject: [PATCH 4/4] feat: added defenseio miner --- modules/nixos/default.nix | 15 +- modules/nixos/guests/defenseio/default.nix | 174 +++++++++++++++++++++ 2 files changed, 184 insertions(+), 5 deletions(-) create mode 100755 modules/nixos/guests/defenseio/default.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 53cb3ed..917add3 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,7 +16,8 @@ in sddm wireguard microvm - midnight + defenseio + # midnight ; }; }; @@ -31,7 +32,8 @@ in plymouth wireguard microvm - midnight + defenseio + # midnight ; }; }; @@ -40,7 +42,8 @@ in imports = builtins.attrValues { inherit (modules) microvm - midnight + defenseio + # midnight ; }; }; @@ -60,7 +63,7 @@ in # logrotate mastodon microvm - midnight + # midnight minecraft # ollamaCeres ceresOpenCloud @@ -72,6 +75,7 @@ in vaultwarden website zookeeper + defenseio ; }; }; @@ -83,10 +87,11 @@ in caddy logrotate microvm - midnight + # midnight # opencloud sambaEris postgresEris + defenseio ; }; }; diff --git a/modules/nixos/guests/defenseio/default.nix b/modules/nixos/guests/defenseio/default.nix new file mode 100755 index 0000000..2863bff --- /dev/null +++ b/modules/nixos/guests/defenseio/default.nix @@ -0,0 +1,174 @@ +{ + flake, + pkgs, + config, + ... +}: +let + inherit (flake.config.people) user0; + inherit (flake.config.machines) devices; + + mars = devices.mars.name; + ceres = devices.ceres.name; + eris = devices.eris.name; + deimos = devices.deimos.name; + phobos = devices.phobos.name; + + hostname = config.networking.hostName; + + deviceLogic = + var0: var1: var2: var3: var4: + if hostname == ceres then + var0 + else if hostname == eris then + var1 + else if hostname == mars then + var2 + else if hostname == deimos then + var3 + else if hostname == phobos then + var4 + else + var0; + + macOctet = deviceLogic "57" "58" "59" "60" "61"; +in + +{ + microvm = { + vms = { + defenseio = { + autostart = true; + config = + let + macAddress = "02:00:00:00:00:${macOctet}"; + workers = deviceLogic 35 4 18 5 6; + in + { + environment.systemPackages = [ + pkgs.git + pkgs.ncurses + pkgs.python313 + ]; + + microvm = { + forwardPorts = [ + { + from = "host"; + host.port = 2058; + guest.port = 22; + } + ]; + hypervisor = "qemu"; + interfaces = [ + { + type = "user"; + id = "uservm-dfo"; + mac = macAddress; + } + ]; + mem = deviceLogic 45000 5120 22000 6144 7168; + shares = [ + { + mountPoint = "/nix/.ro-store"; + proto = "virtiofs"; + source = "/nix/store"; + tag = "read_only_nix_store"; + } + { + mountPoint = "/var/lib/defenseio-data"; + proto = "virtiofs"; + source = "/var/lib/defenseio-data"; + tag = "defenseio_data"; + } + ]; + vcpu = workers; + }; + + networking.firewall.allowedTCPPorts = [ + 22 + ]; + + services = { + openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + }; + + system.stateVersion = "25.05"; + + systemd = { + network = { + enable = true; + networks."20-user" = { + matchConfig.MACAddress = macAddress; + networkConfig = { + DHCP = "yes"; + }; + }; + }; + + tmpfiles.rules = [ + "d /var/lib/defenseio-data 0755 root root - -" + ]; + + services = { + defenseio-miner = { + after = [ "network-online.target" ]; + description = "DefenseIOMiner - DFO token miner"; + serviceConfig = { + Environment = [ + "PATH=/run/current-system/sw/bin" + "TERM=xterm-256color" + ]; + ExecStartPre = pkgs.writeShellScript "setup-miner" '' + # Create venv if not already present (persists on virtiofs mount) + if [ ! -d /var/lib/defenseio-data/venv ]; then + ${pkgs.python313}/bin/python -m venv /var/lib/defenseio-data/venv + fi + + # Install/upgrade dependencies + /var/lib/defenseio-data/venv/bin/pip install --upgrade pip + /var/lib/defenseio-data/venv/bin/pip install requests pycardano cbor2 portalocker + + # Clone repo if not already present + if [ ! -d /var/lib/defenseio-data/MidnightMiner ]; then + cd /var/lib/defenseio-data + ${pkgs.git}/bin/git clone https://github.com/djeanql/MidnightMiner.git + else + cd /var/lib/defenseio-data/MidnightMiner + ${pkgs.git}/bin/git pull + fi + + # Show current commit + cd /var/lib/defenseio-data/MidnightMiner + echo "Current commit: $(${pkgs.git}/bin/git log -1 --format='%h - %s')" + ''; + ExecStart = pkgs.writeShellScript "run-miner" '' + export PATH=/run/current-system/sw/bin:$PATH + cd /var/lib/defenseio-data/MidnightMiner + /var/lib/defenseio-data/venv/bin/python miner.py --defensio --workers ${toString workers} --no-donation + ''; + Restart = "always"; + RestartSec = 10; + }; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + }; + }; + + time.timeZone = "America/Winnipeg"; + + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + + }; + }; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/defenseio-data 0751 microvm wheel - -" + ]; + +}