add gate

2025-12-26 23:14:57 +08:00 · 2024-11-19 16:50:26 -05:00 · 2024-11-19 16:50:26 -05:00 · eff3333e3d
commit eff3333e3d
parent 0090ff8ad9
7 changed files with 109 additions and 17 deletions
--- a/configurations/nixos/gate/configuration.nix
+++ b/configurations/nixos/gate/configuration.nix
@ -0,0 +1,15 @@
+{ ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "gate";
+  networking.domain = "";
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd'' ];
+  system.stateVersion = "23.11";
+}
--- a/configurations/nixos/gate/default.nix
+++ b/configurations/nixos/gate/default.nix
@ -0,0 +1,39 @@
+{ flake, pkgs, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  # nixos-unified.sshTarget = "root@5.161.184.111";
+  nixos-unified.sshTarget = "gate";
+
+  imports = [
+    ./configuration.nix
+    (self + /modules/nixos/shared/primary-as-admin.nix)
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+  services.tailscale.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."actualism.app" = {
+      # FIXME: Don't hardcode, instead of read from pureintent's containers.nix
+      locations."/".proxyPass = "http://pureintent:3000";
+      enableACME = true;
+      addSSL = true;
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "srid@srid.ca";
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 22 ];
+
+  # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
+  # https://github.com/NixOS/nixpkgs/issues/180175
+  systemd.services.NetworkManager-wait-online.enable = false;
+}
--- a/configurations/nixos/gate/hardware-configuration.nix
+++ b/configurations/nixos/gate/hardware-configuration.nix
@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+}
--- a/configurations/nixos/gate/networking.nix
+++ b/configurations/nixos/gate/networking.nix
@ -0,0 +1,34 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "8.8.8.8"
+    ];
+    defaultGateway = "172.31.1.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          { address = "5.161.184.111"; prefixLength = 32; }
+        ];
+        ipv6.addresses = [
+          { address = "2a01:4ff:f0:9d5a::1"; prefixLength = 64; }
+          { address = "fe80::9400:3ff:fedc:b821"; prefixLength = 64; }
+        ];
+        ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }];
+        ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }];
+      };
+
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="96:00:03:dc:b8:21", NAME="eth0"
+    
+  '';
+}
--- a/configurations/nixos/pureintent/containers.nix
+++ b/configurations/nixos/pureintent/containers.nix
@ -4,8 +4,6 @@
 let
  inherit (flake) inputs;
  actualism-app = inputs.actualism-app.packages.${pkgs.system}.default;
-  app-port = 3000;
-  app-domain = "actualism.app";
 in
 {
  containers.actualism-app = {
@ -21,12 +19,4 @@ in
      };
    };
  };
-
-  # TODO: cloudflare tunnels
-  services.nginx = {
-    enable = true;
-    virtualHosts.${app-domain} = {
-      locations."/".proxyPass = "http://localhost:${builtins.toString app-port}";
-    };
-  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -11,11 +11,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1731511273,
-        "narHash": "sha256-WyhJUyqpYTE/zgUI/VAJhVNVUr7I/aeU57QFpdLkn4g=",
+        "lastModified": 1732052927,
+        "narHash": "sha256-j2ZXXDUehk5ruu1GFaVoBA8dxTSa0aFxjhJbFBPbqb0=",
        "owner": "srid",
        "repo": "actualism-app",
-        "rev": "f4f829186819f96f27fda04d270d15cd23de7d16",
+        "rev": "83cac5782e2604b0d64aed4ec8bef438cf877220",
        "type": "github"
      },
      "original": {
--- a/13
+++ b/13
@ -3,14 +3,19 @@ default:

 # Activate local configuration
 [group('main')]
-activate:
+local:
    nix run

-# Deploy host 'pureintent'
-[group('main')]
-deploy:
+# Deploy to Beelink
+[group('deploy')]
+pureintent:
    nix run . pureintent

+# Deploy to nginx gate
+[group('deploy')]
+gate:
+    nix run . gate
+
 # Format the nix source tree
 fmt:
    pre-commit run --all-files