add digitalocean image

2026-05-11 17:36:07 +08:00 · 2021-09-11 11:35:09 -04:00 · 2021-09-11 11:35:09 -04:00 · cba5d487a0
commit cba5d487a0
parent c17d5c4f12
6 changed files with 44 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+result
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 all:
-	sudo nixos-rebuild switch && systemctl restart --user emanote
+	sudo nixos-rebuild switch -j auto && systemctl restart --user emanote
 	
 	
 freeupboot:
--- a/features/desktopish/autolock.nix
+++ b/features/desktopish/autolock.nix
@ -30,6 +30,8 @@ in
  };

  environment.systemPackages = [
+    # TODO: replace this with https://github.com/jD91mZM2/xidlehook
+    #
    # A script to disable auto-suspend until unlocking the computer the next
    # time. The idea is to leave this running on desktop, whilst taking my
    # laptop to another room and ssh to the desktop.
--- a/hosts/p71.nix
+++ b/hosts/p71.nix
@ -73,6 +73,7 @@
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "audio" ];
  };
+  users.users.srid.openssh.authorizedKeys.keys = import ./sshkeys.nix;
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
--- a/images/digitalocean.nix
+++ b/images/digitalocean.nix
@ -0,0 +1,32 @@
+let
+  nixpkgs =
+    (
+      let
+        lock = builtins.fromJSON (builtins.readFile ../flake.lock);
+      in
+      fetchTarball {
+        url = "https://github.com/NixOS/nixpkgs/archive/${lock.nodes.nixpkgs.locked.rev}.tar.gz";
+        sha256 = lock.nodes.nixpkgs.locked.narHash;
+      }
+    );
+  pkgs = import nixpkgs { };
+  config = {
+    imports =
+      [ "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix" ];
+
+    # Headless - don't start a tty on the serial consoles.
+    systemd.services."serial-getty@ttyS0".enable = false;
+    systemd.services."serial-getty@hvc0".enable = false;
+    systemd.services."getty@tty1".enable = false;
+    systemd.services."autovt@".enable = false;
+
+    # Make sure that SSH is available
+    networking.firewall.allowedTCPPorts = [ 22 ];
+    services.sshd.enable = true;
+    users.users.root.openssh.authorizedKeys.keys = import ../sshkeys.nix;
+
+    # Use more aggressive compression then the default.
+    virtualisation.digitalOceanImage.compressionMethod = "bzip2";
+  };
+in
+(pkgs.nixos config).digitalOceanImage
--- a/sshkeys.nix
+++ b/sshkeys.nix
@ -0,0 +1,7 @@
+[
+  "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+EC
+rPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601s
+ds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU
+5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRx
+TU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos"
+]