mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/nixos/socrates/configuration.nix

247 lines
6.6 KiB
Nix
Raw Normal View History

Ensure socrates/default.nix is a function Nix complains that `nixos.socrates` is not a function but a set. By adding `{ ... }:` to the top of the file, I'm hoping to change it from a set to a function.
2020-03-07 16:17:04 +01:00
{ ... }:
Expose secrets to Monzo / YNAB service Here is my first attempt to manage secrets when I deploy onto a NixOS machine. Background: When I develop, I use direnv, which reads an .envrc file in which I define my secrets. My secrets are read from `pass` using a pattern like this... ```shell secret_value="$(pass show path/to/secret)" ``` ...Thus far, I've found this pattern convenient. `pass show` invokes GPG, which asks me for a password to authenticate. This means that when I cd into a directory with an .envrc file using this pattern, I may be prompted by GPG for a password. When I'm not, it's because gpg-agent is still caching my password. This works for development, but I currently do not know how to use direnv for deployments. Here is what I'm using until I find a more convenient solution: - Store the secrets in /etc/secrets on socrates. Ensure that the /etc/secrets directory and its contents are only readable by root. - Use systemd's Environment and NixOS's builtins.readFile to read the files in /etc/secrets when I can `sudo nixos-rebuild`. Ideally I could call a function like `builtins.readFromPasswordStore` within configuration.nix. This would allow me to skip the step where I run... ```shell > ssh socrates > pass show finance/monzo/client-id | sudo tee /etc/secrets/monzo-client-id > pass show finance/monzo/client-secret | sudo tee /etc/secrets/monzo-client-secret > # etc ``` ...I don't know how to manage secrets using NixOS, but at least this is one answer.
2020-02-23 19:55:28 +01:00
let
Manually require dependencies for <nixpkgs>, <briefcase> When I build socrates using `sudo nixos-rebuild [...] switch`, my `nixos-config` (i.e. <briefcase/nixos/socrates/default.nix>) is a simple Nix anonymous function. Typically readTree populates my pkgs, briefcase, depot function parameters with <nixpkgs>, <briefcase>, <depot>, but `nixos-rebuild` is unaware of `readTree`. For now I'm manually importing these dependencies, and I'm leaving a TODO to reconsider switching to the `{ pkgs, briefcase, ... }` style when I better understand NixOS.
2020-03-01 23:32:43 +01:00
# TODO(wpcarro): Instead of importing these dependencies as parameters that
# readTree will expose I need to import these dependencies manually because
# I'm building this using `nixos-rebuild`. When I better understand how to
# build socrates using readTree, prefer defining this as an anonymous
# function.
briefcase = import <briefcase> {};
Attempt to build Socrates using BuildKite Let's see what happens...
2020-08-16 16:42:16 +02:00
pkgs = briefcase.third_party.pkgs;
Manually require dependencies for <nixpkgs>, <briefcase> When I build socrates using `sudo nixos-rebuild [...] switch`, my `nixos-config` (i.e. <briefcase/nixos/socrates/default.nix>) is a simple Nix anonymous function. Typically readTree populates my pkgs, briefcase, depot function parameters with <nixpkgs>, <briefcase>, <depot>, but `nixos-rebuild` is unaware of `readTree`. For now I'm manually importing these dependencies, and I'm leaving a TODO to reconsider switching to the `{ pkgs, briefcase, ... }` style when I better understand NixOS.
2020-03-01 23:32:43 +01:00
Expose secrets to Monzo / YNAB service Here is my first attempt to manage secrets when I deploy onto a NixOS machine. Background: When I develop, I use direnv, which reads an .envrc file in which I define my secrets. My secrets are read from `pass` using a pattern like this... ```shell secret_value="$(pass show path/to/secret)" ``` ...Thus far, I've found this pattern convenient. `pass show` invokes GPG, which asks me for a password to authenticate. This means that when I cd into a directory with an .envrc file using this pattern, I may be prompted by GPG for a password. When I'm not, it's because gpg-agent is still caching my password. This works for development, but I currently do not know how to use direnv for deployments. Here is what I'm using until I find a more convenient solution: - Store the secrets in /etc/secrets on socrates. Ensure that the /etc/secrets directory and its contents are only readable by root. - Use systemd's Environment and NixOS's builtins.readFile to read the files in /etc/secrets when I can `sudo nixos-rebuild`. Ideally I could call a function like `builtins.readFromPasswordStore` within configuration.nix. This would allow me to skip the step where I run... ```shell > ssh socrates > pass show finance/monzo/client-id | sudo tee /etc/secrets/monzo-client-id > pass show finance/monzo/client-secret | sudo tee /etc/secrets/monzo-client-secret > # etc ``` ...I don't know how to manage secrets using NixOS, but at least this is one answer.
2020-02-23 19:55:28 +01:00
trimNewline = x: pkgs.lib.removeSuffix "\n" x;
readSecret = x: trimNewline (builtins.readFile ("/etc/secrets/" + x));
Remove fix-point recursion from socrates/default.nix The fixed-point recursion isn't necessary.
2020-03-07 16:07:32 +01:00
in {
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
imports = [ ./hardware.nix ];
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
networking = {
hostName = "socrates";
# The global useDHCP flag is deprecated, therefore explicitly set to false
# here. Per-interface useDHCP will be mandatory in the future, so this
# generated config replicates the default behaviour.
useDHCP = false;
networkmanager.enable = true;
interfaces.enp2s0f1.useDHCP = true;
interfaces.wlp3s0.useDHCP = true;
Support bitlbee + stunnel TLS support for bitlbee...
2020-06-30 20:51:44 +02:00
firewall.allowedTCPPorts = [ 9418 80 443 6697 ];
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
};
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
time.timeZone = "UTC";
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
programs.fish.enable = true;
programs.mosh.enable = true;
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
environment.systemPackages = with pkgs; [
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
curl
direnv
emacs26-nox
gnupg
htop
pass
vim
certbot
tree
git
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
];
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
users = {
# I need a git group to run the git server.
groups.git = {};
users.wpcarro = {
isNormalUser = true;
extraGroups = [ "git" "wheel" ];
shell = pkgs.fish;
};
users.git = {
group = "git";
isNormalUser = false;
};
};
nix = {
# Expose depot as <depot>, nixpkgs as <nixpkgs>
nixPath = [
"briefcase=/home/wpcarro/briefcase"
"depot=/home/wpcarro/depot"
"nixpkgs=/home/wpcarro/nixpkgs"
];
trustedUsers = [ "root" "wpcarro" ];
};
##############################################################################
# Services
##############################################################################
Attempt to support gogs Gogs claims to be an easy-to-use Git server and web frontend written in golang. I'm eager to try it as an alternative to cgit.
2020-03-11 00:06:03 +01:00
Support bitlbee + stunnel TLS support for bitlbee...
2020-06-30 20:51:44 +02:00
systemd.services.bitlbee-stunnel = {
description = "Provides TLS termination for Bitlbee.";
wantedBy = [ "multi-user.target" ];
unitConfig = {
Restart = "always";
User = "nginx"; # This is a hack to easily get certificate access.
};
script = let configFile = builtins.toFile "stunnel.conf" ''
foreground = yes
debug = 7
[ircs]
accept = 0.0.0.0:6697
connect = 6667
cert = /var/lib/acme/wpcarro.dev/full.pem
''; in "${pkgs.stunnel}/bin/stunnel ${configFile}";
};
Support bitlbee I'm still not entirely sure what bitlbee does, but I know this: I want as many messengers in the same place as possible: IRC, Slack, Telegram. @tazjin tells me that Bitlbee will help me get to the promised land. This is hopefully one step of many in that direction.
2020-06-30 18:55:11 +02:00
nixpkgs.config.bitlbee.enableLibPurple = true;
services.bitlbee = {
Open :6667 Attempt to access Bitlbee from IRCCloud.com client...
2020-06-30 19:35:15 +02:00
interface = "0.0.0.0";
Support bitlbee I'm still not entirely sure what bitlbee does, but I know this: I want as many messengers in the same place as possible: IRC, Slack, Telegram. @tazjin tells me that Bitlbee will help me get to the promised land. This is hopefully one step of many in that direction.
2020-06-30 18:55:11 +02:00
enable = true;
libpurple_plugins = [
pkgs.telegram-purple
];
};
Use journaldriver to view journald logs from Socrates Attempting to use @tazjin's delightful simple logging library!
2020-08-14 10:16:36 +02:00
services.journaldriver = {
enable = true;
logStream = "home";
googleCloudProject = "wpcarros-infrastructure";
applicationCredentials = "/etc/gcp/key.json";
};
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
services.openssh.enable = true;
Change Gitea's rootUrl This value defaults to localhost:3000, which works, but then Gitea renders "http://localhost:3000/wpcarro/briefcase" as the URL to clone my briefcase repository.
2020-04-05 17:36:10 +02:00
services.gitea = {
enable = true;
# Without this the links to clone a repository like briefcase will be
# "http://localhost:3000/wpcarro/briefcase".
rootUrl = "https://git.wpcarro.dev/";
};
Attempt to support gogs Gogs claims to be an easy-to-use Git server and web frontend written in golang. I'm eager to try it as an alternative to cgit.
2020-03-11 00:06:03 +01:00
Disabling the monzo-token-server I haven't used this since I wrote it... and now the .tokens attribute is missing and it's screwing up my other deployment... *sigh*
2020-08-13 23:26:29 +02:00
# systemd.services.monzo-token-server = {
# enable = true;
# description = "Ensure my Monzo access token is valid";
# script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
# # TODO(wpcarro): I'm unsure of the size of this security risk, but if a
# # non-root user runs `systemctl cat monzo-token-server`, they could read the
# # following, sensitive environment variables.
# environment = {
# store_path = "/var/cache/monzo_ynab";
# monzo_client_id = readSecret "monzo-client-id";
# monzo_client_secret = readSecret "monzo-client-secret";
# ynab_personal_access_token = readSecret "ynab-personal-access-token";
# ynab_account_id = readSecret "ynab-account-id";
# ynab_budget_id = readSecret "ynab-budget-id";
# };
# serviceConfig = {
# Type = "simple";
# };
# };
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
Define the monoserver as a systemd service Much better than manually running: ```shell $ cd ~/briefcase && git pull --rebase origin master $ nix-rebuild switch $ nix-build -A zoo $ pkill zoo $ ./result/zoo & $ job -l $ disown %<job-number> ```
2020-08-14 13:50:32 +02:00
systemd.services.zoo = {
enable = true;
description = "Run my monoserver";
script = "${briefcase.zoo}/zoo";
environment = {};
serviceConfig = {
Restart = "always";
};
};
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
services.gitDaemon = {
enable = true;
basePath = "/srv/git";
exportAll = true;
repositories = [ "/srv/git/briefcase" ];
};
# Since I'm using this laptop as a server in my flat, I'd prefer to close its
# lid.
services.logind.lidSwitch = "ignore";
Log all polkit actions to find action.id for nixos-rebuild I would like to setup a polkit rule to allow `buildkite-agent` (i.e. a forthcoming user) to call `nixos-rebuild`. I need to know the `action.id` before I can write a reliable rule.
2020-08-16 20:06:42 +02:00
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
polkit.log("subject.user: " + subject.user + " is attempting action.id: " + action.id);
});
'';
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
# Provision SSL certificates to support HTTPS connections.
security.acme.acceptTerms = true;
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
security.acme.email = "wpcarro@gmail.com";
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
services.nginx = {
enable = true;
enableReload = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
commonHttpConfig = ''
log_format json_combined escape=json
'{'
'"remote_addr":"$remote_addr",'
Remove logging prefix from Nginx logs Problem: The JSON that Nginx outputs cannot be successfully parsed by journaldriver because Nginx prefixes it with "socrates nginx:". Adding `nohostname` to `access_log` should solve this problem. I borrow this from @tazjin's most recent definition of `commonHttpConfig`.
2020-08-14 12:17:47 +02:00
'"method":"$request_method",'
Add host field for nginx JSON logs I'd like to filter logs from {blog,git,zoo}.wpcarro.dev, etc.
2020-08-14 12:40:44 +02:00
'"host":"$host",'
Remove logging prefix from Nginx logs Problem: The JSON that Nginx outputs cannot be successfully parsed by journaldriver because Nginx prefixes it with "socrates nginx:". Adding `nohostname` to `access_log` should solve this problem. I borrow this from @tazjin's most recent definition of `commonHttpConfig`.
2020-08-14 12:17:47 +02:00
'"uri":"$request_uri",'
'"status":$status,'
'"request_size":$request_length,'
'"response_size":$body_bytes_sent,'
'"response_time":$request_time,'
'"referrer":"$http_referer",'
'"user_agent":"$http_user_agent"'
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
'}';
Remove logging prefix from Nginx logs Problem: The JSON that Nginx outputs cannot be successfully parsed by journaldriver because Nginx prefixes it with "socrates nginx:". Adding `nohostname` to `access_log` should solve this problem. I borrow this from @tazjin's most recent definition of `commonHttpConfig`.
2020-08-14 12:17:47 +02:00
access_log syslog:server=unix:/dev/log,nohostname json_combined;
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
'';
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
virtualHosts = {
Add sitemap to wpcarro.dev - Create ./website directory - Add a sitemap to wpcarro.dev - Move covid-uk directory to sandbox directory TODO: Next sandbox, blog, and learn in the website directory
2020-03-20 01:22:13 +01:00
"wpcarro.dev" = {
addSSL = true;
enableACME = true;
root = briefcase.website;
};
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
"learn.wpcarro.dev" = {
addSSL = true;
enableACME = true;
Move learn to website/learn Nest the learn directory in the website directory.
2020-03-20 01:47:21 +01:00
root = briefcase.website.learn;
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
};
Forward git.wpcarro.dev connections to :3000 Gitea is running a web server on localhost:3000.
2020-04-05 15:55:44 +02:00
"git.wpcarro.dev" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3000";
};
};
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
"blog.wpcarro.dev" = {
addSSL = true;
enableACME = true;
Move blog into website/blog Nest the blog work within the website directory.
2020-03-20 01:46:29 +01:00
root = briefcase.website.blog;
Attempt to serve {learn,blog}.wpcarro.dev Reading an Nginx tutorial and trying to port the information over to NixOS.
2020-03-07 16:08:11 +01:00
};
Update COVID-19 webpage - Prefer hosting on sandbox.wpcarro.dev; I would prefer to host it at sandbox.wpcarro.dev/covid-19, but I haven't figure out how to use Nginx to do serve locations like /covid-19 yet. - Splice the src directory: When I develop locally and index.html exists within ./src, I cannot access ./node_modules because ./node_modules is in a parent directory. I could fix this if I used a bundler like Parcel or Webpack, but I do not want to set that up at this time. - Introduce Tailwind for CSS. This complicates my build a bit as well. For now, I'm including output.css even though ideally I should not version-control this file. I haven't figured out how to `yarn install` and run commands like `npx tailwindcss build styles.css -o output.css` in a Nix derivation yet. Hopefully I will learn and refactor this. - Add some content about why I made this chart - Add some content about some of my covid-19 predictions - Add a footer to the webpage - Delete timeseries.json and prefer fetching the published data instead
2020-03-19 12:53:57 +01:00
"sandbox.wpcarro.dev" = {
Create line chart of UK confirmed corona virus cases I was having trouble tracking the growth of corona virus cases in the UK. Thankfully someone is publishing some daily COVID data as JSON. I downloaded that data manually and plotted it using the chart.js library as a programming exercise with Mimi. Now I'm attempting to deploy to https://wpcarro.dev/covid-uk. TODO(wpcarro): Prefer the live API data instead my soon-to-be-stale downloaded.
2020-03-18 22:29:11 +01:00
addSSL = true;
enableACME = true;
Move sandbox into website Nest the sandbox work under ./website.
2020-03-20 01:47:53 +01:00
root = briefcase.website.sandbox;
Create line chart of UK confirmed corona virus cases I was having trouble tracking the growth of corona virus cases in the UK. Thankfully someone is publishing some daily COVID data as JSON. I downloaded that data manually and plotted it using the chart.js library as a programming exercise with Mimi. Now I'm attempting to deploy to https://wpcarro.dev/covid-uk. TODO(wpcarro): Prefer the live API data instead my soon-to-be-stale downloaded.
2020-03-18 22:29:11 +01:00
};
Nixify build for Chord Drill Sergeant Thankfully @tazjin builds Gemma (an Elm project) with Nix, so I could reference Gemma's default.nix to help me with mine. Elm problematically attempts to HTTP-fetch a list of packages to verify my project's dependencies. Because Nix builds derivations in a sandbox without network access, I need to use some escape hatches (i.e. NIX_REDIRECTS, LD_PRELOAD, SYSTEM_CERTIFICATE_PATH). Welp... it's packaged now... I'm also pointing learnpianochords.app to this project's index.html. It will be live soon! :) TODO(wpcarro): Rename "Chord Drill Sergeant" -> "Learn Piano Chords" (KISS)
2020-04-17 16:08:38 +02:00
"learnpianochords.app" = {
addSSL = true;
enableACME = true;
"Chord Drill Sergeant" -> "Learn Piano Chords" In the spirit of "keep it simple, stupid", I am naming this application as closely to the functionality as I can imagine.
2020-04-18 14:30:38 +02:00
root = briefcase.website.sandbox.learnpianochords;
Nixify build for Chord Drill Sergeant Thankfully @tazjin builds Gemma (an Elm project) with Nix, so I could reference Gemma's default.nix to help me with mine. Elm problematically attempts to HTTP-fetch a list of packages to verify my project's dependencies. Because Nix builds derivations in a sandbox without network access, I need to use some escape hatches (i.e. NIX_REDIRECTS, LD_PRELOAD, SYSTEM_CERTIFICATE_PATH). Welp... it's packaged now... I'm also pointing learnpianochords.app to this project's index.html. It will be live soon! :) TODO(wpcarro): Rename "Chord Drill Sergeant" -> "Learn Piano Chords" (KISS)
2020-04-17 16:08:38 +02:00
};
Forward zoo.wpcarro.dev connections to :8000 Right now the 8000 port is hard-coded into the zoo server, which isn't ideal, but "it works" (TM).
2020-08-13 23:23:14 +02:00
"zoo.wpcarro.dev" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8000";
};
};
Incorporate NixOS configuration TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-22 19:44:44 +01:00
};
Support basic nixos/configuration.nix I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...
2020-02-20 20:49:15 +01:00
};
Update COVID-19 webpage - Prefer hosting on sandbox.wpcarro.dev; I would prefer to host it at sandbox.wpcarro.dev/covid-19, but I haven't figure out how to use Nginx to do serve locations like /covid-19 yet. - Splice the src directory: When I develop locally and index.html exists within ./src, I cannot access ./node_modules because ./node_modules is in a parent directory. I could fix this if I used a bundler like Parcel or Webpack, but I do not want to set that up at this time. - Introduce Tailwind for CSS. This complicates my build a bit as well. For now, I'm including output.css even though ideally I should not version-control this file. I haven't figured out how to `yarn install` and run commands like `npx tailwindcss build styles.css -o output.css` in a Nix derivation yet. Hopefully I will learn and refactor this. - Add some content about why I made this chart - Add some content about some of my covid-19 predictions - Add a footer to the webpage - Delete timeseries.json and prefer fetching the published data instead
2020-03-19 12:53:57 +01:00
system.stateVersion = "20.09";
Remove fix-point recursion from socrates/default.nix The fixed-point recursion isn't necessary.
2020-03-07 16:07:32 +01:00
}
Reference in a new issue Copy permalink