These are now available at I still need to update the website copy and transfer over from Google Domains. I think I prefer billandhiscomputer (username bill, bill_and_his_computer, bill-and-his-computer, the_real_bill), so I may deprecate wpcarro. We'll see... Change-Id: Ia7831ee4813e2cf639047d22d59d302a50e06e66 Reviewed-on: Tested-by: BuildkiteCI Reviewed-by: wpcarro <> Autosubmit: wpcarro <>
149 lines
3.7 KiB
149 lines
3.7 KiB
{ depot, pkgs, ... }:
inherit (depot.users) wpcarro;
name = "diogenes";
domainName = "";
in wpcarro.terraform.googleCloudVM {
project = "wpcarros-infrastructure";
name = "diogenes";
region = "us-central1";
zone = "us-central1-a";
# DNS configuration
extraConfig = {
resource.google_dns_managed_zone."${name}" = {
inherit name;
dns_name = "${domainName}.";
resource.google_dns_record_set."${name}" = {
name = "${domainName}.";
type = "A";
ttl = 300; # 5m
managed_zone = "\${google_dns_managed_zone.${name}.name}";
rrdatas = ["\${google_compute_instance.${name}.network_interface[0].access_config[0].nat_ip}"];
configuration = {
imports = [
networking = {
firewall.allowedTCPPorts = [
22 # ssh
80 # http
443 # https
6698 # quassel
firewall.allowedUDPPortRanges = [
{ from = 60000; to = 61000; } # mosh
# Use the TVL binary cache
tvl.cache.enable = true;
users = {
mutableUsers = true;
users = {
root = {
openssh.authorizedKeys.keys = wpcarro.keys.all;
wpcarro = {
isNormalUser = true;
extraGroups = [ "wheel" "quassel" ];
openssh.authorizedKeys.keys = wpcarro.keys.all;
shell =;
security = {
acme = {
acceptTerms = true;
email = "";
sudo.wheelNeedsPassword = false;
programs = wpcarro.common.programs // {
mosh.enable = true;
# I won't have an Emacs server running on diogenes, and I'll likely be in an
# SSH session from within vterm. As such, Vim is one of the few editors that
# I tolerably navigate this way.
environment.variables = {
EDITOR = "vim";
environment.systemPackages =;
services = // {
# TODO(wpcarro): Re-enable this when rebuild-system better supports
# terraform deployments.
# = {
# enable = true;
# interval = "1h";
# };
# TODO(wpcarro): Re-enable this after debugging ACME and NXDOMAIN.
depot.quassel = {
enable = true;
acmeHost = domainName;
bindAddresses = [
journaldriver = {
enable = true;
logStream = "home";
googleCloudProject = "wpcarros-infrastructure";
applicationCredentials = "/etc/gcp/key.json";
nginx = {
enable = true;
enableReload = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# for journaldriver
commonHttpConfig = ''
log_format json_combined escape=json
access_log syslog:server=unix:/dev/log,nohostname json_combined;
virtualHosts = {
"${domainName}" = {
addSSL = true;
enableACME = true;
root =;
system.stateVersion = "21.11";