Move to deploy-rs, add basic configuration
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..0f112c3
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 2
+max_line_length = 80
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..f49671e
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,13 @@
+keys:
+ - &skyler D520 AC8D 7C96 9212 5B2B BD3A 1AFD 1025 6B3C 714D
+ - &python_laptop B2EE B25A FB4C 3A2E C7FA C3A4 3676 C8DC 50D2 4FF6
+creation_rules:
+ - path_regex: secrets/.*
+ key_groups:
+ - pgp:
+ - *skyler
+ - *python_laptop
+ - path_regex: projects/darknosis/.*
+ key_groups:
+ - pgp:
+ - *skyler
diff --git a/default/configuration.nix b/default/configuration.nix
new file mode 100644
index 0000000..75d091a
--- /dev/null
+++ b/default/configuration.nix
@@ -0,0 +1,133 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+ # Use the GRUB 2 boot loader.
+ boot.loader.systemd-boot.enable = true;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
+ # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+ # networking.hostName = "nixos"; # Define your hostname.
+ # Pick only one of the below networking options.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+
+ # Set your time zone.
+ time.timeZone = "America/New_York";
+
+ # Configure network proxy if necessary
+ # networking.proxy.default = "http://user:password@proxy:port/";
+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+ # Select internationalisation properties.
+ # i18n.defaultLocale = "en_US.UTF-8";
+ # console = {
+ # font = "Lat2-Terminus16";
+ # keyMap = "us";
+ # useXkbConfig = true; # use xkbOptions in tty.
+ # };
+
+ # Enable the X11 windowing system.
+ # services.xserver.enable = true;
+
+
+
+
+ # Configure keymap in X11
+ # services.xserver.layout = "us";
+ # services.xserver.xkbOptions = {
+ # "eurosign:e";
+ # "caps:escape" # map caps to escape.
+ # };
+
+ # Enable CUPS to print documents.
+ # services.printing.enable = true;
+
+ # Enable sound.
+ # sound.enable = true;
+ # hardware.pulseaudio.enable = true;
+
+ # Enable touchpad support (enabled default in most desktopManager).
+ # services.xserver.libinput.enable = true;
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ # users.users.alice = {
+ # isNormalUser = true;
+ # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+ # packages = with pkgs; [
+ # firefox
+ # thunderbird
+ # ];
+ # };
+ users.users.minion = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNCOdHSYGKQj8QMQKuWsnTUCGpKNwQa+/15JVD7kxO4VxI0mavpoB6EIwVF881s2DYqRNv2UQIKbw/tZ8qnTbk8HvzvHBjuJE9okAfelphkiH60mM+FzRZrUaDFLKzTBy1fBAk1O35vNaXJS3qDdr2wQOU9D10Ulvq1RBRSVe4uWbZJUWbac/zq2ghRfcHEavhGVIqI7JRcBy8P721bFULs5lxEUMZM2MBavg2wvbFc41CXZSAmK3M+wS2WPdSA8GxbiMgcPhiArRfqJbO/v3NUGIHQnTRK3kEpblVLz9ULpTo0Kl4pcTgIGI0S3zSJIV2VXERnzkjEgNn8gjDVBCZEXyFlGlPNV1DBd+NZwcqfAXsUHGkOs+GPGm93QVsbPoqZ49N5BJg1SZCE7KWfQAnkWE/ki7Z7+BJAWbZsoc7KSz7bvy5jr6yfIzwmy4mAgiVZFfCDRI3S3oEbhqW8TWZatEPSjMgDLsh3AgYdzjYQ1p6IM91wvD+XxB0/8+LaL0= minion@python"
+ ];
+ };
+ users.users.coded = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ shell = pkgs.zsh;
+
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
+ ];
+ };
+ users.users.nucleus = {
+ isSystemUser = true;
+ createHome = true;
+ group = "clicks";
+ shell = pkgs.bashInteractive;
+ };
+
+ programs.zsh.enable = true;
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+ wget
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # List services that you want to enable:
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ networking.firewall.enable = false;
+ networking.hostName = "Clicks";
+ # Copy the NixOS configuration file and link it from the resulting system
+ # (/run/current-system/configuration.nix). This is useful in case you
+ # accidentally delete configuration.nix.
+ /* system.copySystemConfiguration = true; */
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "22.11"; # Did you read the comment?
+
+}
diff --git a/default/flake.nix b/default/flake.nix
new file mode 100644
index 0000000..15d1309
--- /dev/null
+++ b/default/flake.nix
@@ -0,0 +1,23 @@
+{
+ description = "A very basic flake";
+
+ outputs = { self, nixpkgs }: {
+
+ packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
+
+ packages.x86_64-linux.nixosConfigurations.nixos = let
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ {
+ nixpkgs.config.allowUnfree = true;
+ services.mongodb.enable = true;
+ services.mongodb.package = pkgs.mongodb-6_0;
+ }
+ ./configuration.nix
+ ];
+ };
+
+ };
+}
diff --git a/default/hardware-configuration.nix b/default/hardware-configuration.nix
new file mode 100644
index 0000000..36d9aac
--- /dev/null
+++ b/default/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/33e79acf-16a4-4263-be79-792c9432568c";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/4EB3-743A";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/3f3ddaa2-80c8-4915-83fe-fcec42bb877c"; }
+ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..7b92f77
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,93 @@
+{
+ "nodes": {
+ "deploy-rs": {
+ "inputs": {
+ "flake-compat": "flake-compat",
+ "nixpkgs": "nixpkgs",
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1674127017,
+ "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
+ "type": "github"
+ },
+ "original": {
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "type": "github"
+ }
+ },
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1671417167,
+ "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1677655566,
+ "narHash": "sha256-I8G8Lmpp3YduYl4+pkiIJFGT1WKw+8ZMH2QwANkTu2U=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "ae8bdd2de4c23b239b5a771501641d2ef5e027d0",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "root": {
+ "inputs": {
+ "deploy-rs": "deploy-rs",
+ "nixpkgs": "nixpkgs_2"
+ }
+ },
+ "utils": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..b384e79
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,37 @@
+{
+ description = "A flake to deploy and configure Clicks' NixOS server";
+
+ inputs.deploy-rs.url = "github:serokell/deploy-rs";
+
+ outputs = { self, nixpkgs, deploy-rs, ... }@inputs: {
+ nixosConfigurations.clicks = let
+ system = "x86_64-linux";
+ pkgs = import nixpkgs {
+ inherit system;
+ config.allowUnfree = true;
+ };
+ in nixpkgs.lib.nixosSystem {
+ inherit system pkgs;
+ modules = [
+ ./default/configuration.nix
+ ./default/hardware-configuration.nix
+ ./services/mongodb.nix
+ {
+ security.sudo.wheelNeedsPassword = false;
+ users.mutableUsers = false;
+ }
+ ];
+ };
+
+ deploy.nodes.clicks = {
+ profiles.system = {
+ remoteBuild = true;
+ user = "root";
+ path = deploy-rs.lib.x86_64-linux.activate.nixos
+ self.nixosConfigurations.clicks;
+ };
+ hostname = "192.168.89.74";
+ profilesOrder = [ "system" ];
+ };
+ };
+}
diff --git a/host/github.nix b/host/github.nix
new file mode 100644
index 0000000..189c262
--- /dev/null
+++ b/host/github.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+ environment.systemPackages = [
+ pkgs.gh
+ ];
+}
diff --git a/host/shell.nix b/host/shell.nix
new file mode 100644
index 0000000..cc2e6d5
--- /dev/null
+++ b/host/shell.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }: {
+ users.defaultUserShell = pkgs.zsh;
+
+ programs.zsh = {
+ enable = true;
+ ohMyZsh = [ "zsh-syntax-highlighting" "git" "git-auto-fetch" "gh" ];
+ autosuggestions = {
+ enable = true;
+ async = true;
+ };
+ syntaxHighlighting.enable = true;
+ };
+}
diff --git a/host/sshKeys/minion b/host/sshKeys/minion
new file mode 100644
index 0000000..a64e3fc
--- /dev/null
+++ b/host/sshKeys/minion
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCW6p9/BRP+zgYj50MY2ncAMtsEGfD8HhGlb7T2SFjBvK5GrYu1WhbPgYN/+CvnC5MXOOzAoMl4u7TlSBf2EVIQf6PTYa9HQFXX1zhkNji53eTddI6DO3Vxd4te1jWwN3XpLrqyX9lw/o/oFDJ97GolGA8CjeamQLBKSf95/BMHwqYYQUQzzRBg+TUYMVleH1smsSxbOg497Eyqlk6lwpEW17X6zW2ulBalfbekuv3NZ/+Ca2CCQMYZ4Ieqr0T0aAdToQG0H2DjOQZnOPNJW9qAuv86X6u/A0BOKTMPQ8khH0pxUsk4xBA9s7YgRtpLhNPTVhC7q6LJywBBBDNrx1Bg7bU0/5f/fHGgLQj3xWLJA3B6v1c4XIf5IQzNoGNbhrJM1bbjtUYI/c0UAd2ID0dFX8VO8JZYrDz9fRcq2MS6/0/zRee1Yk6A/9EembZJ3CoXdtM3tNXBYtlDuObMAml+8QBkBPcF31PuHEtzRMbLe0zx0HKlQUj86onVXs/yK4M= minion@python
diff --git a/host/sshKeys/pinea b/host/sshKeys/pinea
new file mode 100644
index 0000000..be15e9f
--- /dev/null
+++ b/host/sshKeys/pinea
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX92qv+fNaNThFXAaQnSpclmxCSnA9ftilSUEb4lwG3 GitHub
\ No newline at end of file
diff --git a/host/texts/MOTD b/host/texts/MOTD
new file mode 100644
index 0000000..1993df3
--- /dev/null
+++ b/host/texts/MOTD
@@ -0,0 +1,15 @@
+┌────────────────────────────────────────┐
+│ │
+│ ┌─── │ │ │
+│ │ │ │ │
+│ │ │ │ │
+│ │ │ │ │
+│ └──► ├──► ▼ │
+│ │
+│ │
+│ │
+│ ──► │
+│ │
+│ │
+│ │
+└────────────────────────────────────────┘
diff --git a/host/users.nix b/host/users.nix
new file mode 100644
index 0000000..a09372c
--- /dev/null
+++ b/host/users.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }: let
+ createUser = { username, realname, founder = false, sudo = false, ... }: {
+ description = realname;
+ extraGroups = (
+ (if founder then [ "founder" ] else []) ++
+ (if founder || sudo then [ "wheel" ] else [])
+ );
+ isNormalUser = true;
+ openssh.authorizedKeys.keyFiles = [ "./sshKeys/${username}" ];
+ };
+
+ users = {
+ "coded" = { realname = "Sam"; founder = true; };
+ "minion" = { realname = "Skyler"; founder = true; };
+ "pineapplefan" = { realname = "Ash"; founder = true; };
+ "eek" = { realname = "Nexus"; sudo = true; };
+ };
+in {
+ users = {
+ mutableUsers = false;
+ motd = ''
+ Welcome to Clicks! Please make sure to follow all guidelines for using the server, which you can find by typing
+ `guidelines` in your terminal. In particular, please remember to use this server as minimally as possible (e.g.
+ by keeping as much of your work as is possible stateless and by using your personal
+ "${builtins.readFile ./texts/MOTD}"
+ '';
+ defaultUserShell = pkgs.zsh;
+ users = builtins.mapAttrs (name: value: createUser { username = name; } // value) users;
+ groups = { };
+ };
+}
diff --git a/services/mongodb.nix b/services/mongodb.nix
new file mode 100644
index 0000000..6156f7c
--- /dev/null
+++ b/services/mongodb.nix
@@ -0,0 +1,6 @@
+{ config, pkgs, ... }: {
+ services.mongodb.enable = true;
+ services.mongodb.enableAuth = true;
+ services.mongodb.initialRootPassword = "fYhw&%6frpcL9zcJ5p^b^tquP0kyVE9hehoLY4lY2zUUzbIjEyDPhAIMe2M";
+ services.mongodb.package = pkgs.mongodb-6_0;
+}