From b8c760c1331ad5d358eb97ce7c2ee613ed3bae74 Mon Sep 17 00:00:00 2001 From: Anirudh Oppiliappan Date: Tue, 11 Nov 2025 10:26:59 +0200 Subject: [PATCH] nixify knot1 Change-Id: lkyyzzlsulonlkqpvqvtzvovupxtpvrr Signed-off-by: Anirudh Oppiliappan --- flake.nix | 11 +++++++ hosts/knot1/configuration.nix | 57 ++++++++++++++++++++++++++++++++++ hosts/knot1/disk-config.nix | 56 +++++++++++++++++++++++++++++++++ hosts/knot1/services/knot.nix | 11 +++++++ hosts/knot1/services/nginx.nix | 35 +++++++++++++++++++++ 5 files changed, 170 insertions(+) create mode 100644 hosts/knot1/configuration.nix create mode 100644 hosts/knot1/disk-config.nix create mode 100644 hosts/knot1/services/knot.nix create mode 100644 hosts/knot1/services/nginx.nix diff --git a/flake.nix b/flake.nix index 8c2ea9e..e733d54 100644 --- a/flake.nix +++ b/flake.nix @@ -90,6 +90,15 @@ ]; target = "spindle.alpha.tangled.sh"; }; + + knot1 = { + modules = [ + tangled.nixosModules.knot + ./hosts/knot1/services/knot.nix + ./hosts/knot1/services/nginx.nix + ]; + target = "knot1.alpha.tangled.sh"; + }; }; in { @@ -99,6 +108,7 @@ pds = mkHost "pds" hosts.pds.modules; nixery = mkHost "nixery" hosts.nixery.modules; spindle = mkHost "spindle" hosts.spindle.modules; + knot1 = mkHost "knot1" hosts.knot1.modules; }; # colmena uses this @@ -121,6 +131,7 @@ pds = mkColmenaHost "pds" hosts.pds.target hosts.pds.modules; nixery = mkColmenaHost "nixery" hosts.nixery.target hosts.nixery.modules; spindle = mkColmenaHost "spindle" hosts.spindle.target hosts.spindle.modules; + knot1 = mkColmenaHost "knot1" hosts.knot1.target hosts.knot1.modules; }; }; } diff --git a/hosts/knot1/configuration.nix b/hosts/knot1/configuration.nix new file mode 100644 index 0000000..d811714 --- /dev/null +++ b/hosts/knot1/configuration.nix @@ -0,0 +1,57 @@ +{ modulesPath +, lib +, pkgs +, ... +} @ args: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ]; + boot.loader.grub = { + # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.hostName = "knot1-ams"; + services = { + openssh.enable = true; + }; + + + nix = { + extraOptions = '' + experimental-features = nix-command flakes ca-derivations + warn-dirty = false + keep-outputs = false + ''; + }; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ]; + + users.users.tangler = { + extraGroups = [ "networkmanager" "wheel" "docker" ]; + openssh.authorizedKeys.keys = args.commonArgs.sshKeys; + isNormalUser = true; + }; + + security.sudo.extraRules = [ + { + users = [ "tangler" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/knot1/disk-config.nix b/hosts/knot1/disk-config.nix new file mode 100644 index 0000000..88e17e5 --- /dev/null +++ b/hosts/knot1/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/knot1/services/knot.nix b/hosts/knot1/services/knot.nix new file mode 100644 index 0000000..7dcb790 --- /dev/null +++ b/hosts/knot1/services/knot.nix @@ -0,0 +1,11 @@ +{ + services.tangled.knot = { + enable = true; + stateDir = "/home/git"; + server = { + listenAddr = "127.0.0.1:5555"; + owner = "did:plc:hwevmowznbiukdf6uk5dwrrq"; + hostname = "knot1.alpha.tangled.sh"; + }; + }; +} diff --git a/hosts/knot1/services/nginx.nix b/hosts/knot1/services/nginx.nix new file mode 100644 index 0000000..646c0ba --- /dev/null +++ b/hosts/knot1/services/nginx.nix @@ -0,0 +1,35 @@ +{ + services.nginx = { + enable = true; + virtualHosts = { + "knot1.alpha.tangled.sh" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:5555"; + + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + locations."/events" = { + proxyPass = "http://127.0.0.1:5555"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "team@tangled.org"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} -- 2.43.0