From 0699acbd173b5c853c152a34d15028c305d112de Mon Sep 17 00:00:00 2001 From: kalipso Date: Wed, 15 Jan 2025 13:32:26 +0100 Subject: [PATCH 1/3] [infradocs] init --- machines/configuration.nix | 10 ++++++++++ machines/infradocs/configuration.nix | 20 ++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 machines/infradocs/configuration.nix diff --git a/machines/configuration.nix b/machines/configuration.nix index 0fae148..3f38d6c 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -141,6 +141,16 @@ in ]; }; + infradocs = nixosSystem { + system = "x86_64-linux"; + specialArgs.inputs = inputs; + specialArgs.self = self; + modules = makeMicroVM "infradocs" "10.0.0.11" "D0:E5:CA:F0:D7:E7" [ + self.nixosModules.malobeo.vpn + ./infradocs/configuration.nix + ]; + }; + lucia = nixosSystem { system = "aarch64-linux"; specialArgs.inputs = inputs; diff --git a/machines/infradocs/configuration.nix b/machines/infradocs/configuration.nix new file mode 100644 index 0000000..0d775bb --- /dev/null +++ b/machines/infradocs/configuration.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, inputs, ... }: + +with lib; + +{ + networking = { + hostName = mkDefault "infradocs"; + useDHCP = false; + nameservers = [ "1.1.1.1" ]; + }; + + imports = [ + ../durruti/documentation.nix + ../modules/malobeo_user.nix + ../modules/sshd.nix + ]; + + system.stateVersion = "22.11"; # Did you read the comment? +} + -- 2.51.2 From 0ee95c22d6c189c76b24da5181a5469f452a90aa Mon Sep 17 00:00:00 2001 From: kalipso Date: Wed, 15 Jan 2025 14:03:30 +0100 Subject: [PATCH 2/3] [fanny] setup proxypass chain --- machines/durruti/host_config.nix | 2 +- machines/fanny/configuration.nix | 4 ++++ machines/vpn/configuration.nix | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 1a00761..cc4cf43 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -36,7 +36,7 @@ in services.nginx.virtualHosts."docs.malobeo.org" = { forceSSL = true; enableACME= true; - locations."/".proxyPass = "http://${cfg.host_ip}:9000"; + locations."/".proxyPass = "http://10.0.0.10"; }; services.nginx.virtualHosts."tasklist.malobeo.org" = { diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index fa86933..456afd6 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -51,6 +51,10 @@ in privateKeyFile = config.sops.secrets.wg_private.path; }; + services.nginx.virtualHosts."docs.malobeo.org" = { + locations."/".proxyPass = "http://10.0.0.11:9000"; + }; + services.tor = { enable = true; client.enable = true; diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index 57e6341..d10f80f 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -27,6 +27,10 @@ with lib; privateKeyFile = config.sops.secrets.wg_private.path; }; + services.nginx.virtualHosts."docs.malobeo.org" = { + locations."/".proxyPass = "http://10.100.0.101"; + }; + system.stateVersion = "22.11"; # Did you read the comment? } -- 2.51.2 From cc5aead929377c769956068cbfdbbf028b523355 Mon Sep 17 00:00:00 2001 From: kalipso Date: Wed, 15 Jan 2025 14:48:42 +0100 Subject: [PATCH 3/3] [fanny] setup as microvm host --- machines/configuration.nix | 4 +++- machines/fanny/configuration.nix | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/machines/configuration.nix b/machines/configuration.nix index 3f38d6c..7e74d56 100644 --- a/machines/configuration.nix +++ b/machines/configuration.nix @@ -93,6 +93,8 @@ let }; } ] ++ defaultModules ++ modules; + + inputsMod = inputs // { malobeo = self; }; in { louise = nixosSystem { @@ -115,7 +117,7 @@ in fanny = nixosSystem { system = "x86_64-linux"; - specialArgs.inputs = inputs; + specialArgs.inputs = inputsMod; modules = defaultModules ++ [ self.nixosModules.malobeo.vpn ./fanny/configuration.nix diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 456afd6..211a8a2 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -15,6 +15,7 @@ in ../modules/autoupdate.nix inputs.self.nixosModules.malobeo.initssh inputs.self.nixosModules.malobeo.disko + inputs.self.nixosModules.malobeo.microvm ]; malobeo.autoUpdate = { @@ -51,6 +52,10 @@ in privateKeyFile = config.sops.secrets.wg_private.path; }; + services.malobeo.microvm.enableHostBridge = true; + services.malobeo.microvm.deployHosts = [ "infradocs" ]; + + services.nginx.virtualHosts."docs.malobeo.org" = { locations."/".proxyPass = "http://10.0.0.11:9000"; }; -- 2.51.2