summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xcommander.nix29
-rw-r--r--flake.lock275
-rw-r--r--flake.nix106
-rw-r--r--openstack.nix31
-rw-r--r--webroot/index.html1
-rw-r--r--website.nix34
6 files changed, 476 insertions, 0 deletions
diff --git a/commander.nix b/commander.nix
new file mode 100755
index 0000000..294d269
--- /dev/null
+++ b/commander.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+{
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ programs.ssh.enableAskPassword = false;
+ programs.gnupg.agent =
+ {
+ pinentryFlavor = "tty";
+ enable = true;
+ enableSSHSupport = true;
+ };
+ security.sudo.wheelNeedsPassword = false;
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.users.commander = {
+ isNormalUser = true;
+ uid = 1009;
+ name = "commander";
+ description = "system administration";
+ createHome = true;
+ home = "/home/commander";
+ hashedPassword = "$6$irFKKFRDPP$H5EaeHornoVvWcKtUBj.29tPvw.SspaSi/vOPGc3GG2bW//M.ld3E7E3XCevJ6vn175A/raHvNIotXayvMqzz0";
+ openssh.authorizedKeys.keys =
+ [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 darthpjb@gmail.com"
+ ];
+ extraGroups = [ "wheel" "dialout" "disk" "networkManager" ]; # Enable ‘sudo’ for the user.
+ };
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..4edfa53
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,275 @@
+{
+ "nodes": {
+ "agenix": {
+ "inputs": {
+ "darwin": "darwin",
+ "home-manager": "home-manager",
+ "nixpkgs": "nixpkgs"
+ },
+ "locked": {
+ "lastModified": 1690228878,
+ "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
+ "owner": "ryantm",
+ "repo": "agenix",
+ "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ryantm",
+ "repo": "agenix",
+ "type": "github"
+ }
+ },
+ "blobs": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1604995301,
+ "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "type": "gitlab"
+ }
+ },
+ "darwin": {
+ "inputs": {
+ "nixpkgs": [
+ "agenix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1673295039,
+ "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+ "owner": "lnl7",
+ "repo": "nix-darwin",
+ "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lnl7",
+ "ref": "master",
+ "repo": "nix-darwin",
+ "type": "github"
+ }
+ },
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "agenix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1682203081,
+ "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "nixinate": {
+ "inputs": {
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "lastModified": 1688141737,
+ "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
+ "owner": "matthewcroughan",
+ "repo": "nixinate",
+ "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "matthewcroughan",
+ "repo": "nixinate",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1677676435,
+ "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-22_11": {
+ "locked": {
+ "lastModified": 1669558522,
+ "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-22.11",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs-23_05": {
+ "locked": {
+ "lastModified": 1684782344,
+ "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-23.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1653060744,
+ "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "dfd82985c273aac6eced03625f454b334daae2e8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1694048570,
+ "narHash": "sha256-PEQptwFCVaJ+jLFJgrZll2shQ9VI/7xVhrCYkJo8iIw=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "4f77ea639305f1de0a14d9d41eef83313360638c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-23.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1670751203,
+ "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_unstable": {
+ "locked": {
+ "lastModified": 1693985761,
+ "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "agenix": "agenix",
+ "nixinate": "nixinate",
+ "nixpkgs": "nixpkgs_3",
+ "nixpkgs_unstable": "nixpkgs_unstable",
+ "simple-nixos-mailserver": "simple-nixos-mailserver"
+ }
+ },
+ "simple-nixos-mailserver": {
+ "inputs": {
+ "blobs": "blobs",
+ "flake-compat": "flake-compat",
+ "nixpkgs": "nixpkgs_4",
+ "nixpkgs-22_11": "nixpkgs-22_11",
+ "nixpkgs-23_05": "nixpkgs-23_05",
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1689976554,
+ "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "type": "gitlab"
+ }
+ },
+ "utils": {
+ "locked": {
+ "lastModified": 1605370193,
+ "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..36b6b3b
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,106 @@
+{
+ description = "Cybertrike.org";
+
+ inputs = {
+ nixinate.url = "github:matthewcroughan/nixinate";
+ agenix.url = "github:ryantm/agenix";
+ nixpkgs_unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+ };
+
+ outputs = inputs@{ self, nixpkgs, agenix, nixinate, nixpkgs_unstable, simple-nixos-mailserver }:
+ let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ webroot = "${self}/webroot";
+ in
+ {
+ formatter.x86_64-linux = pkgs.nixpkgs-fmt;
+ apps.x86_64-linux = (inputs.nixinate.nixinate.x86_64-linux inputs.self).nixinate;
+ devShell.x86_64-linux =
+ pkgs.mkShell {
+ buildInputs = with pkgs; [ figlet tmux ];
+ shellHook = ''
+ # Session Name
+ session="project-env-sh"
+
+ # Check if the session exists, discarding output
+ # We can check $? for the exit status (zero for success, non-zero for failure)
+ tmux has-session -t $session 2>/dev/null
+
+ if [ $? != 0 ]; then
+ # Start New Session with our name
+ tmux new-session -d -s $session
+
+ # Name first Window and start zsh
+ tmux rename-window -t 0 'Main'
+ tmux send-keys -t 'Main' 'nix flake show' C-m
+ tmux send-keys -t 'Main' 'clear' C-m
+
+ # Create and setup pane for btop
+ tmux split-window -h
+ tmux rename-window 'btop'
+ tmux send-keys -t 'btop' 'ssh -t commander@193.16.42.36 btop' C-m
+
+ tmux select-pane -t 0
+
+ # Create and setup pane for btop
+ tmux split-window -v
+ tmux rename-window 'ssh'
+ tmux send-keys -t 'ssh' 'ssh commander@193.16.42.36' C-m
+
+ tmux select-pane -t 0
+ fi
+ tmux attach-session -t $session'';
+ };
+ nixosConfigurations = {
+ crash-over-burn-1 = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ simple-nixos-mailserver.nixosModule
+ {
+ mailserver = {
+ fqdn = "mail.crashoverburn.com";
+ domains = [ "mail.crashoverburn.com" "crashoverburn.com" ];
+ enable = true;
+ # A list of all login accounts. To create the password hashes, use
+ # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+ loginAccounts = {
+ "crash@crashoverburn.com" = {
+ hashedPasswordFile = "${self}/password.file";
+ aliases = [ "postmaster@mail.cybertrike.org" "overburn@cybertrike.org"];
+ };
+ };
+ certificateScheme = "acme-nginx";
+ };
+ }
+ agenix.nixosModules.default
+ ./openstack.nix
+ (import ./website.nix { inherit webroot; })
+ ./commander.nix
+ {
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "security@mail.cybertrike.org";
+ };
+ environment.systemPackages = [
+ pkgs.btop
+ pkgs.tmux
+ pkgs.neovim
+ ];
+ imports = [
+ "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix"
+ ];
+ _module.args.nixinate = {
+ host = "193.16.42.36";
+ sshUser = "commander";
+ substituteOnTarget = true;
+ hermetic = true;
+ buildOn = "local";
+ };
+ }
+ ];
+ };
+ };
+ };
+}
diff --git a/openstack.nix b/openstack.nix
new file mode 100644
index 0000000..ebf4eca
--- /dev/null
+++ b/openstack.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+ nix = {
+ settings.trusted-users = [ "root" "commander" ];
+ package = pkgs.nixUnstable;
+ extraOptions = ''
+ experimental-features = nix-command flakes
+ '';
+ };
+ # Set your time zone.
+ time.timeZone = "Europe/London";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_GB.UTF-8";
+ console = {
+ font = "Lat2-Terminus16";
+ keyMap = "uk";
+ };
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+ services.openssh.ports = [ 1108 22 ];
+ services.openssh.settings.PermitRootLogin = lib.mkForce "no";
+ services.openssh.settings.PasswordAuthentication = false;
+ # Open ports in the firewall.
+ networking.firewall.allowedTCPPorts = [ 1108 22 ];
+ networking.firewall.allowedUDPPorts = [ ];
+
+ # Configure keymap in X11
+ services.xserver.layout = "gb";
+ system.stateVersion = "22.11";
+}
diff --git a/webroot/index.html b/webroot/index.html
new file mode 100644
index 0000000..95d09f2
--- /dev/null
+++ b/webroot/index.html
@@ -0,0 +1 @@
+hello world \ No newline at end of file
diff --git a/website.nix b/website.nix
new file mode 100644
index 0000000..fe61856
--- /dev/null
+++ b/website.nix
@@ -0,0 +1,34 @@
+{ webroot }:{ config, lib, pkgs, ... }:
+{
+ services.nginx.enable = true;
+ services.nginx.virtualHosts."crash-over-burn.com" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+ services.nginx.virtualHosts."crash-over-burn.site" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+ services.nginx.virtualHosts."crash-over-burn.online" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+ services.nginx.virtualHosts."crashoverburn.com" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+ services.nginx.virtualHosts."crashoverburn.site" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+ services.nginx.virtualHosts."crashoverburn.online" = {
+ addSSL = true;
+ enableACME = true;
+ root = webroot;
+ };
+} \ No newline at end of file