diff options
Diffstat (limited to 'users/wpcarro/nixos')
-rw-r--r-- | users/wpcarro/nixos/default.nix | 38 | ||||
-rw-r--r-- | users/wpcarro/nixos/diogenes/README.md | 13 | ||||
-rw-r--r-- | users/wpcarro/nixos/diogenes/default.nix | 130 | ||||
-rw-r--r-- | users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix | 11 | ||||
-rw-r--r-- | users/wpcarro/nixos/modules/www/wpcarro.dev.nix | 11 |
5 files changed, 0 insertions, 203 deletions
diff --git a/users/wpcarro/nixos/default.nix b/users/wpcarro/nixos/default.nix index 4cc37f7fc8f1..1b9432be0f18 100644 --- a/users/wpcarro/nixos/default.nix +++ b/users/wpcarro/nixos/default.nix @@ -3,7 +3,6 @@ let inherit (depot.users.wpcarro.nixos) ava - diogenes kyoko marcus tarasco; @@ -16,43 +15,6 @@ in marcusSystem = systemFor marcus; tarascoSystem = systemFor ava; - # Apply terraform updates and rebuild NixOS for diogenes. - deploy-diogenes = pkgs.writeShellScriptBin "deploy-diogenes" '' - set -euo pipefail - readonly TF_STATE_DIR=/depot/users/wpcarro/terraform - rm -f $TF_STATE_DIR/*.json - readonly STORE_PATH="${diogenes.json}" - # We can't use the result symlink because terraform looks for a *.json file - # in the current working directory. - cp $STORE_PATH $TF_STATE_DIR - - if [ ! -d $TF_STATE_DIR/.terraform ]; then - ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" init - fi - - function cleanup() { - rm -f "$TF_STATE_DIR/$(basename $STORE_PATH)" - } - trap cleanup EXIT - - ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" apply - ''; - - # Rebuild NixOS for diogenes without applying terraform updates. - rebuild-diogenes = pkgs.writeShellScriptBin "rebuild-diogenes" '' - set -euo pipefail - readonly target="root@billandhiscomputer.com" - - # We need to call nix-build here on the drvPath because it may not be in - # /nix/store yet. - readonly STORE_PATH="$(nix-build ${diogenes.drvPath} --no-out-link --show-trace)" - nix-copy-closure --to $target ${diogenes.osPath} \ - --gzip --use-substitutes $STORE_PATH - - ssh $target 'nix-env --profile /nix/var/nix/profiles/system --set ${diogenes.osPath}' - ssh $target '${diogenes.osPath}/bin/switch-to-configuration switch' - ''; - meta.ci.targets = [ "avaSystem" "kyokoSystem" diff --git a/users/wpcarro/nixos/diogenes/README.md b/users/wpcarro/nixos/diogenes/README.md deleted file mode 100644 index f77c01d2d425..000000000000 --- a/users/wpcarro/nixos/diogenes/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# diogenes - -diogenes is a NixOS machine deployed on a Google VM. It hosts -https://billandhiscomputer.com. - -## Deployment - -I manage diogenes's deployment with Terraform. My current workflow looks like -this: - -```shell -deploy-diogenes -``` diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix deleted file mode 100644 index e83329e4c266..000000000000 --- a/users/wpcarro/nixos/diogenes/default.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ depot, pkgs, ... }: - -let - inherit (depot.users) wpcarro; - name = "diogenes"; - domainName = "billandhiscomputer.com"; - - mod = name: depot.path.origSrc + ("/ops/modules/" + name); - usermod = name: depot.path.origSrc + ("/users/wpcarro/nixos/modules/" + name); -in -wpcarro.terraform.googleCloudVM { - project = "wpcarros-infrastructure"; - name = "diogenes"; - region = "us-central1"; - zone = "us-central1-a"; - - # DNS configuration - extraConfig = { - # billandhiscomputer.com - resource.google_dns_managed_zone."${name}" = { - inherit name; - dns_name = "${domainName}."; - }; - - resource.google_dns_record_set."${name}" = { - name = "${domainName}."; - type = "A"; - ttl = 300; # 5m - managed_zone = "\${google_dns_managed_zone.${name}.name}"; - rrdatas = [ "\${google_compute_instance.${name}.network_interface[0].access_config[0].nat_ip}" ]; - }; - - resource.google_compute_instance."${name}" = { - network_interface.access_config = { - public_ptr_domain_name = "${domainName}."; - }; - }; - }; - - configuration = { - imports = [ - (mod "quassel.nix") - (usermod "nginx.nix") - (usermod "www/billandhiscomputer.com.nix") - (usermod "www/wpcarro.dev.nix") - ]; - - networking = { - firewall.allowedTCPPorts = [ - 22 # ssh - 80 # http - 443 # https - 6698 # quassel - ]; - firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } # mosh - ]; - }; - - # Use the TVL binary cache - tvl.cache.enable = true; - - users = { - mutableUsers = true; - users = { - root = { - openssh.authorizedKeys.keys = wpcarro.keys.all; - }; - wpcarro = { - isNormalUser = true; - extraGroups = [ "wheel" "quassel" ]; - openssh.authorizedKeys.keys = wpcarro.keys.all; - shell = pkgs.fish; - }; - # This is required so that quasselcore can read the ACME cert in - # /var/lib/acme, which is only available to user=acme or group=nginx. - quassel.extraGroups = [ "nginx" ]; - }; - }; - - security = { - acme = { - acceptTerms = true; - defaults.email = "wpcarro@gmail.com"; - }; - - sudo.wheelNeedsPassword = false; - }; - - programs = wpcarro.common.programs // { - mosh.enable = true; - }; - - # I won't have an Emacs server running on diogenes, and I'll likely be in an - # SSH session from within vterm. As such, Vim is one of the few editors that - # I tolerably navigate this way. - environment.variables = { - EDITOR = "vim"; - }; - - environment.systemPackages = wpcarro.common.shell-utils; - - services = wpcarro.common.services // { - # TODO(wpcarro): Re-enable this when rebuild-system better supports - # terraform deployments. - # depot.auto-deploy = { - # enable = true; - # interval = "1h"; - # }; - - # TODO(wpcarro): Re-enable this after debugging ACME and NXDOMAIN. - depot.quassel = { - enable = true; - acmeHost = domainName; - bindAddresses = [ - "0.0.0.0" - ]; - }; - - journaldriver = { - enable = true; - logStream = "home"; - googleCloudProject = "wpcarros-infrastructure"; - applicationCredentials = "/etc/gcp/key.json"; - }; - }; - - system.stateVersion = "21.11"; - }; -} diff --git a/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix b/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix deleted file mode 100644 index ec4e5d7302fc..000000000000 --- a/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, depot, ... }: - -{ - config = { - services.nginx.virtualHosts."billandhiscomputer.com" = { - enableACME = true; - forceSSL = true; - root = depot.users.wpcarro.website.root; - }; - }; -} diff --git a/users/wpcarro/nixos/modules/www/wpcarro.dev.nix b/users/wpcarro/nixos/modules/www/wpcarro.dev.nix deleted file mode 100644 index 62c1ed308c89..000000000000 --- a/users/wpcarro/nixos/modules/www/wpcarro.dev.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - config = { - services.nginx.virtualHosts."wpcarro.dev" = { - enableACME = true; - forceSSL = true; - extraConfig = "return 302 https://billandhiscomputer.com$request_uri;"; - }; - }; -} |