Create new debian_base role.

- To be used as a platform for other deployments.

ansible/all.yml

@@ -1,59 +0,0 @@
----
-- name: cloud wg config
-  hosts: vpn
-  gather_facts: no  
-  tasks:
-    - debug: msg="Deploying wg to cloud server"
-  roles:
-    - { name: wg_vpn, tags: ['wg_vpn'] }
-
-- name: deploy the awful stack
-  gather_facts: no  
-  hosts: dockerhosts
-  tasks:
-    - debug: msg="Deploying awful stack to cloud server"
-  roles:
-    - { name: awfulAll, tags: ['awfulAll'] }
-
-
-- name: Configure home-net base packages
-  hosts: hatchery.home.jowj.net
-  gather_facts: no
-  roles:
-    - { name: home-net, tags: ['base'] }
-
-
-- name: Deploy mediaserver
-  hosts: mediaserver
-  gather_facts: no
-  roles:
-    - { name: mediaserver, tags: ['mediaserver'] }    
-
-
-- name: Deploy gitea
-  hosts: dockerhosts
-  gather_facts: no
-  roles:
-    - { name: gitea, tags: ['gitea'] }
-
-- name: Deploy nextcloud
-  hosts: dockerhosts
-  gather_facts: no
-  roles:
-    - { name: nextcloud, tags: ['nextcloud'] }
-    
-- name: deploy the dev stack
-  gather_facts: no  
-  hosts: dockerhosts
-  tasks:
-    - debug: msg="Deploying awful stack to cloud server"
-  roles:
-    - { name: test, tags: ['test'] }    
-
-- name: deploy syslog server
-  gather_facts: no  
-  hosts: syslog
-  tasks:
-    - debug: msg="Deploy syslog server to larva."
-  roles:
-    - { name: syslog, tags: ['syslog'] }      

ansible/inventory/hosts.yml

@@ -28,3 +28,13 @@ all:
       hosts:
         halo.awful.club:
           ansible_python_interpreter: python3
+    bikeshed:
+      hosts:
+        seraph:
+          ansible_python_interpreter: /usr/bin/python3
+        demiurge:
+          ansible_python_interpreter: /usr/bin/python3
+        exgod:
+          ansible_python_interpreter: /usr/bin/python3
+      vars:
+        ansible_user: root        

ansible/roles/debian_base/tasks/main.yml

@@ -0,0 +1,60 @@
+---
+# Configure the baseline I want on every debian box
+
+
+# Configure apt
+- name: Install aptitude using apt
+  apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
+
+# Add custom packages to apt.
+- name: Add tailscale GPG apt Key
+  apt_key:
+    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
+    state: present
+
+- name: Add tailscsale Repository
+  apt_repository:
+    repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
+    state: present    
+
+# Add our packages
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+# Configure sudo
+- name: Make sure we have a 'sudo' group
+  group:
+    name: sudo
+    state: present
+
+- name: Allow sudo group to have passwordless sudo
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+# loop here??
+- name: Create a new regular user with sudo privileges
+  user:
+    name: "{{ item }}"
+    state: present
+    groups: sudo
+    append: true
+    create_home: true
+    shell: /bin/bash
+  loop: "{{ create_users }}"
+
+# loop here
+- name: Set authorized key for remote user
+  authorized_key:
+    user: "{{ item }}"
+    state: present
+    key: "{{ copy_local_key }}"
+  loop: "{{ create_users }}"
+
+- name: Restart sshd
+  service:
+    name: sshd.service
+    state: restarted

ansible/roles/debian_base/vars/main.yml

@@ -0,0 +1,3 @@
+create_users: ['josiah', 'alice']
+copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
+sys_packages: [ 'sudo', 'tailscale' ]

nix-configs/hosts/hoyden/configuration.nix

@@ -4,7 +4,13 @@
 
 { config, pkgs, ... }:
 
-{
+let
+  unstableTarball = fetchTarball
+    "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
+  nurTarball = builtins.fetchTarball
+    "https://github.com/nix-community/NUR/archive/master.tar.gz";
+
+in {
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
   ];
@@ -25,6 +31,7 @@
   networking.useDHCP = false;
   networking.interfaces.eno1.useDHCP = true;
   networking.interfaces.wlp0s20f3.useDHCP = true;
+  
 
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
@@ -74,13 +81,25 @@
   };
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
   # Enable CUPS to print documents.
   # services.printing.enable = true;
 
   # Enable sound.
   sound.enable = true;
   hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.extraConfig = "load-module module-combine-sink";   #troubleshooting a dumb mic issue
+  hardware.pulseaudio.package = pkgs.pulseaudioFull; # troubleshooting a dumb mic issues
+  programs.dconf.enable = true;
 
+
+  # handle bluetooth
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
@@ -100,10 +119,6 @@
     ];
   };
 
-  # Use my SSH keys for logging in as root.
-  users.users.root.openssh.authorizedKeys.keys =
-    config.users.users.josiah.openssh.authorizedKeys.keys;  
-
   nixpkgs.config.allowUnfree = true;
 
   # List packages installed in system profile. To search, run:
@@ -111,22 +126,31 @@
 
   nixpkgs.config = {
     packageOverrides = pkgs: {
-      unstable = import attrs.unstableTarball { config = config.nixpkgs.config; };
+      unstable = import unstableTarball { config = config.nixpkgs.config; };
+      nur = import nurTarball {
+        inherit pkgs;
+      };
     };
     permittedInsecurePackages = [ 
       "python2.7-certifi-2021.10.8"
-      "python2.7-pyjwt-1.7.1"]; # required for poetry
+      "python2.7-pyjwt-1.7.1"
+      "python-2.7.18.6"
+      "openssl-1.1.1u"
+
+    ]; # required for poetry
+    
   };
 
   environment.systemPackages = with pkgs; [
     # build shit
     morph # ultimately this seems not useful to me; weird errors.
     nixops
-    unstable.deploy-rs
+    android-studio
+    deploy-rs
+    direnv
     autoconf
     yarn
     automake
-    direnv
     gnumake
     wget
     gcc-arm-embedded
@@ -139,21 +163,30 @@
     # python-language-server
     # python38Packages.python-language-server
     # jlj utils
+    # nur.repos.bhipple.talon # this is broken, right now, and there isn't another option to try.
     darktable
     digikam
     offlineimap
     unzip
     ansible
+    terraform
+    terraformer
+    awscli2
+    pass
+    doctl
     python38
     python38Packages.pip
     python38Packages.setuptools
+    nodejs_20
     pipenv
     bitwarden
     chromium
     magic-wormhole
     firefox
+    google-chrome
     unstable.nyxt
     emacs
+    vscode
     emacsPackages.flyspell-correct
     nixfmt
     mu
@@ -167,7 +200,8 @@
     wireguard-tools
     tailscale
     fortune
-    youtube-dl
+    unstable.youtube-dl
+    unstable.yt-dlp
     gcc8
     dfu-util
     scrot
@@ -176,6 +210,10 @@
     texlive.combined.scheme-full
     # jlj sound
     pavucontrol
+    blueman
+    bluedevil
+    bluez
+    gnome.cheese
     # jlj comms
     unstable.element-desktop
     slack
@@ -188,7 +226,7 @@
     jitsi-meet-electron
     # jlj de
     syncthingtray
-    unstable.synology-drive-client
+    # unstable.synology-drive-client
     barrier
     pinentry
     acpi
@@ -206,7 +244,7 @@
     # rsi stuff
     rsibreak
     workrave
-    espanso # text expander
+    unstable.espanso # text expander
     xclip # c&p from cli / required for espanso
     libnotify # required for espanso
     arc-icon-theme
@@ -226,7 +264,7 @@
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
-    pinentryFlavor = "qt";
+    pinentryFlavor = "gnome3";
   };
 
   programs.adb.enable = true;
@@ -263,6 +301,27 @@
     fsType = "nfs";
   };
 
+  fileSystems."/home/josiah/network-share/sainthood/sainthouse-wide" = {
+    device = "sainthood.home.jowj.net:/volume4/sainthouse-wide/";
+    options = [ "nfsvers=3" ];
+    fsType = "nfs";
+  };
+
+  # this doens't work right
+  # fileSystems."/home/josiah/network-share/sainthood/homes" = {
+  #   #device = "//sainthood.home.jowj.net/volume3/homes/";
+  #   device = "//sainthood.home.jowj.net//volume3/homes/";
+  #   fsType = "cifs";
+  #   options = let
+  #     # this line prevents hanging on network split
+  #     automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+  #   in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
+  # };
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
   networking.firewall.enable = false;
 
   # This value determines the NixOS release from which the default

nix-configs/hosts/hoyden/hardware-configuration.nix

@@ -30,5 +30,5 @@
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
+  # hardware.video.hidpi.enable = lib.mkDefault true;
 }

nix-configs/readme.org

@@ -0,0 +1,13 @@
+* nix configurations
+This folder tracks any nix configuration required. In the past I've experimented with using things like ~deploy-rs~ and ~morph~ for managing nix hosts, but unfortunately nix state of the art is just trash from a UX perspective. I don't recommend any of these things. Instead, I'm moving to naked configuration of a single ~configuration.nix~ file for the immediate future.
+
+** How this works
+
+There is a single folder per host currently in use. Each folder contains about 2 files, ~configuration.nix~ and ~hardware-configuration.nix~. Any changes made to a hosts configuration should go in the appropriate configuration file, saved, and committed. To use the latest version of a file, invoke ~rebuild switch~ with additional arguments, like:
+
+~nixos-rebuild -I nixos-config=path/to/your/configuration.nix~
+
+In our case, to rebuild the local ~hoyden~ configuration, we would run something like:
+
+~nixos-rebuild -I nixos-config=~/Documents/projects/adc/nix-configs/hosts/hoyden/configuration.nix switch~
+

nixos-configs/common/default.nix

@@ -1,40 +0,0 @@
-# common/default.nix
-
-# inputs to this NixOS module. We don't use any here
-# so we can ignore them all.
-{ ... }:
-
-{
-  imports = [
-    # User account definitions
-    ./users
-  ];
-
-  # clean /tmp on boot.
-  boot.cleanTmpDir = true;
-  # Allow any admin to build packages, not just root.
-  ## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
-  nix.settings.trusted-users = [ "@wheel" ]; 
-
-  # Automatically optimize the Nix store to save space
-  # by hard-linking identical files together. These savings
-  # add up.
-  #nix.settings.autoOptimiseStore = true;
-
-  # Limit the systemd journal to 100 MB of disk or the
-  # last 7 days of logs, whichever happens first.
-  services.journald.extraConfig = ''
-    SystemMaxUse=100M
-    MaxFileSec=7day
-  '';
-
-  # Use systemd-resolved for DNS lookups, but disable
-  # its dnssec support because it is kinda broken in
-  # surprising ways.
-
-  # Who is surprised that dnssec is broken? no one.
-  # services.resolved = {
-  #   enable = true;
-  #   dnssec = "false";
-  # };
-}

nixos-configs/common/users/default.nix

@@ -1,21 +0,0 @@
-# common/users/default.nix
-
-# Inputs to this NixOS module, in this case we are
-# using `pkgs` so I can configure my favorite shell fish
-# and `config` so we can make my SSH key also work with
-# the root user.
-{ config, pkgs, ... }:
-
-{
-  # The block that specifies my user account.
-  users.users.josiah = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-
-    # My SSH keys.
-    openssh.authorizedKeys.keys = [
-      # Replace this with your SSH key!
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
-    ];
-  };
-}

nixos-configs/deploy-rs/flake.lock

@@ -1,95 +0,0 @@
-{
-  "nodes": {
-    "deploy-rs": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs",
-        "utils": "utils"
-      },
-      "locked": {
-        "lastModified": 1674127017,
-        "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
-        "owner": "serokell",
-        "repo": "deploy-rs",
-        "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
-        "type": "github"
-      },
-      "original": {
-        "owner": "serokell",
-        "repo": "deploy-rs",
-        "type": "github"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1668681692,
-        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1671417167,
-        "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1672580127,
-        "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "0874168639713f547c05947c76124f78441ea46c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-22.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "deploy-rs": "deploy-rs",
-        "nixpkgs": "nixpkgs_2"
-      }
-    },
-    "utils": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

nixos-configs/deploy-rs/flake.nix

@@ -1,117 +0,0 @@
-{
-  description = "Test deployment for my server cluster";
-
-  inputs = {
-    nixpkgs.url =
-      "github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
-    # For accessing `deploy-rs`'s utility Nix functions    
-    deploy-rs.url = "github:serokell/deploy-rs";
-  };
-
-  outputs = { self, nixpkgs, deploy-rs }: {
-    nixosConfigurations.seraph = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        ../hosts/seraph/configuration.nix
-        ../common/default.nix
-      ];
-    };
-    nixosConfigurations.demiurge = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        ../hosts/demiurge/configuration.nix
-        ../common/default.nix
-      ];
-    };
-    nixosConfigurations.exgod = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        ../hosts/exgod/configuration.nix
-        ../common/default.nix
-      ];
-    };
-
-    nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        ../hosts/hoyden/configuration.nix
-        ../common/default.nix
-      ];
-    };
-
-    deploy.nodes.hoyden = {
-      hostname = "hoyden";
-      user = "root";
-      sshUser = "josiah";
-      # magicRollback = false;
-      remoteBuild = false;
-      path = deploy-rs.lib.x86_64-linux.activate.nixos
-        self.nixosConfigurations.hoyden;
-
-      # This forces ssh to connect over IPv4.
-      sshOpts = [ "-4" ];
-
-      profiles.system = {
-        path = deploy-rs.lib.x86_64-linux.activate.nixos
-          self.nixosConfigurations.hoyden;
-      };
-    };            
-    
-    deploy.nodes.seraph = {
-      hostname = "seraph";
-      user = "root";
-      sshUser = "alice";
-      # magicRollback = false;
-      remoteBuild = false;
-      path = deploy-rs.lib.x86_64-linux.activate.nixos
-        self.nixosConfigurations.seraph;
-
-      # This forces ssh to connect over IPv4.
-      sshOpts = [ "-4" ];
-
-      profiles.system = {
-        path = deploy-rs.lib.x86_64-linux.activate.nixos
-          self.nixosConfigurations.seraph;
-      };
-    };
-    deploy.nodes.demiurge = {
-      hostname = "demiurge";
-      user = "root";
-      sshUser = "alice";
-      # magicRollback = false;
-      remoteBuild = false;
-      path = deploy-rs.lib.x86_64-linux.activate.nixos
-        self.nixosConfigurations.demiurge;
-
-      # This forces ssh to connect over IPv4.
-      sshOpts = [ "-4" ];
-
-      profiles.system = {
-        path = deploy-rs.lib.x86_64-linux.activate.nixos
-          self.nixosConfigurations.demiurge;
-      };
-    };
-    deploy.nodes.exgod = {
-      hostname = "exgod";
-      user = "root";
-      sshUser = "alice";
-      # magicRollback = false;
-      remoteBuild = false;
-      path = deploy-rs.lib.x86_64-linux.activate.nixos
-        self.nixosConfigurations.exgod;
-
-      # This forces ssh to connect over IPv4.
-      sshOpts = [ "-4" ];
-
-      profiles.system = {
-        path = deploy-rs.lib.x86_64-linux.activate.nixos
-          self.nixosConfigurations.exgod;
-      };
-    };            
-
-    # This is highly advised, and will prevent many possible mistakes
-    checks =
-      builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
-      deploy-rs.lib;
-  };
-}

nixos-configs/hosts/demiurge/configuration.nix

@@ -1,119 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
-
-  users.users.alice = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    # My SSH keys.
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
-    ];
-    packages = with pkgs; [ emacs vim ];
-  };
-
-  # Use my SSH keys for logging in as root.
-  users.users.root.openssh.authorizedKeys.keys =
-    config.users.users.alice.openssh.authorizedKeys.keys;  
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "demiurge"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable =
-    true; # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "US/Central";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-  nix.settings.require-sigs = false;
-
-  # Configure keymap in X11
-  services.xserver.layout = "us";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  # environment.systemPackages = with pkgs; [
-  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #   wget
-  # ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services = {
-    tailscale.enable = true;
-    openssh.enable = true;
-  };
-
-  # Configure ssh auth for sudo/pam
-  security.sudo.enable = true;
-  security.pam.enableSSHAgentAuth = true;
-  security.pam.services.sudo.sshAgentAuth = true;
-  security.sudo.wheelNeedsPassword = false;
-    
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-  networking.firewall.checkReversePath = "loose";
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
-
-}

nixos-configs/hosts/demiurge/hardware-configuration.nix

@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/cc6be357-aed0-49da-b745-f03e48fa21de";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/72ED-3EB7";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
-
-  # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

nixos-configs/hosts/exgod/configuration.nix

@@ -1,119 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
-
-  users.users.alice = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    # My SSH keys.
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
-    ];
-    packages = with pkgs; [ emacs vim ];
-  };
-
-  # Use my SSH keys for logging in as root.
-  users.users.root.openssh.authorizedKeys.keys =
-    config.users.users.alice.openssh.authorizedKeys.keys;  
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "exgod"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable =
-    true; # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "US/Central";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-  nix.settings.require-sigs = true;
-
-  # Configure keymap in X11
-  services.xserver.layout = "us";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  # environment.systemPackages = with pkgs; [
-  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #   wget
-  # ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services = {
-    tailscale.enable = true;
-    openssh.enable = true;
-  };
-
-  # Configure ssh auth for sudo/pam
-  security.sudo.enable = true;
-  security.pam.enableSSHAgentAuth = true;
-  security.pam.services.sudo.sshAgentAuth = true;
-  security.sudo.wheelNeedsPassword = false;
-    
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-  networking.firewall.checkReversePath = "loose";
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
-
-}

nixos-configs/hosts/exgod/hardware-configuration.nix

@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/56e7b3a8-e2a6-4dbb-b4eb-9a58973e816d";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/687E-9796";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode =
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
-

nixos-configs/hosts/hoyden/flake.nix

@@ -1,25 +0,0 @@
-{
-  description = "Hoyden's Flake";
-  
-  inputs = {
-    nixpkgs.url =
-      "github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
-    # For accessing `deploy-rs`'s utility Nix functions    
-    deploy-rs.url = "github:serokell/deploy-rs";
-    unstableTarball = fetchTarball
-      "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";    
-  };    
-
-  outputs = { self, nixpkgs, unstableTarball }@attrs: {
-    nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      specialArgs = attrs;
-      modules = [ ./configuration.nix ];
-    };
-  };
-
-}
-
-
-
-

nixos-configs/hosts/seraph/configuration.nix

@@ -1,120 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
-
-  users.users.alice = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    # My SSH keys.
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
-    ];
-    packages = with pkgs; [ emacs vim ];
-  };
-
-  # Use my SSH keys for logging in as root.
-  users.users.root.openssh.authorizedKeys.keys =
-    config.users.users.alice.openssh.authorizedKeys.keys;
-  
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "seraph"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable =
-    true; # Easiest to use and most distros use this by default.
-
-  # Set your time zone.
-  time.timeZone = "US/Central";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-  nix.settings.require-sigs = false;
-
-  # Configure keymap in X11
-  services.xserver.layout = "us";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  # environment.systemPackages = with pkgs; [
-  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #   wget
-  # ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services = {
-    tailscale.enable = true;
-    openssh.enable = true;
-  };
-
-  # Configure ssh auth for sudo/pam
-  security.sudo.enable = true;
-  security.pam.enableSSHAgentAuth = true;
-  security.pam.services.sudo.sshAgentAuth = true;
-  security.sudo.wheelNeedsPassword = false;
-  
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-  networking.firewall.checkReversePath = "loose";
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
-
-}

nixos-configs/hosts/seraph/hardware-configuration.nix

@@ -1,37 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/3662ca72-d69f-42fe-a049-0f1ed2b81334";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/97D6-2BED";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  hardware.cpu.intel.updateMicrocode =
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

nixos-configs/ops/home/.gcroots/network.nix

@@ -1 +0,0 @@
-/nix/store/lwyi13rbiw9afcjps9fyiarjfkjkqq12-morph

nixos-configs/ops/home/cache-priv-key.pem

@@ -1 +0,0 @@
-hoyden:mzRpcmjuqPqre3Si990zXvAeD9xwqRJMezGsxdXV2vTayggi7ycd8bhQlPQGg3u2YhjbaztvTo1bogdeAlI/bg==

nixos-configs/ops/home/cache-pub-key.pem

@@ -1 +0,0 @@
-hoyden:2soIIu8nHfG4UJT0BoN7tmIY22s7b06NW6IHXgJSP24=

nixos-configs/ops/home/network.nix

@@ -1,40 +0,0 @@
-# ops/home/network.nix
-
-{
-  # Configuration for the network in general.
-  network = { description = "home.jowj.net cluster definition"; };
-
-  # This specifies the configuration for
-  # `seraph` as a NixOS module.
-
-  # "seraph" = { config, pkgs, lib, ... }: {
-  #   deployment.targetUser = "alice";
-  #   deployment.targetHost = "seraph";
-
-  #   # Import seraph configuration.nix
-  #   imports = [
-  #     ../../hosts/seraph/configuration.nix
-  #     ../../common ];
-  # };
-
-  "exgod" = { config, pkgs, lib, ... }: {
-    deployment.targetUser = "alice";
-    deployment.targetHost = "exgod";
-
-    # Import exgod configuration.nix
-    imports = [
-      ../../hosts/exgod/configuration.nix
-      ../../common ];
-  };  
-
-  "hoyden" = { config, pkgs, lib, ... }: {
-    deployment.targetUser = "alice";
-    deployment.targetHost = "hoyden";
-
-    # Import seraph configuration.nix
-    imports = [
-      ../../hosts/hoyden/configuration.nix
-      ../../common ];                
-  };  
-
-}

nixos-configs/ops/home/push.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env nix-shell
-
-# Specify the packages we are using in this
-# script as well as the fact that we are running it
-# in bash.
-#! nix-shell -p morph -i bash
-
-# Explode on any error.
-set -e
-
-# Build the system configurations for every
-# machine in this network and register them as
-# garbage collector roots so `nix-collect-garbage`
-# doesn't sweep them away.
-morph build --keep-result ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
-
-# Push the config to the hosts.
-morph push ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
-
-# Activate the NixOS configuration on the
-# network.
-morph deploy ~/Documents/projects/adc/nixos-configs/ops/home/network.nix test

nixos-configs/ops/home/simple.nix

@@ -1,40 +0,0 @@
-let
-  pkgs = import (import ../nixpkgs.nix) {};
-in
-{
-  network =  {
-    inherit pkgs;
-    description = "simple hosts";
-    ordering = {
-      tags = [ "db" "web" ];
-    };
-  };
-
-  "web01" = { config, pkgs, ... }: {
-    deployment.tags = [ "web" ];
-
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
-    services.nginx.enable = true;
-
-    fileSystems = {
-        "/" = { label = "nixos"; fsType = "ext4"; };
-        "/boot" = { label = "boot"; fsType = "vfat"; };
-    };
-  };
-
-  "db01" = { config, pkgs, ... }: {
-    deployment.tags = [ "db" ];
-
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
-    services.postgresql.enable = true;
-
-    fileSystems = {
-        "/" = { label = "nixos"; fsType = "ext4"; };
-        "/boot" = { label = "boot"; fsType = "vfat"; };
-    };
-  };
-}

terraform/do_domains/records_home.jowj.net.tf

@@ -177,3 +177,39 @@ resource "digitalocean_record" "tfer--87843681" {
   value    = "192.168.1.211"
   weight   = "0"
 }
+
+resource "digitalocean_record" seraph-dns {
+  domain   = "home.jowj.net"
+  flags    = "0"
+  name     = "seraph"
+  port     = "0"
+  priority = "0"
+  ttl      = "900"
+  type     = "A"
+  value    = "100.68.110.113"
+  weight   = "0"
+}
+
+resource "digitalocean_record" exgod-dns {
+  domain   = "home.jowj.net"
+  flags    = "0"
+  name     = "exgod"
+  port     = "0"
+  priority = "0"
+  ttl      = "900"
+  type     = "A"
+  value    = "100.98.219.88"
+  weight   = "0"
+}
+
+resource "digitalocean_record" demiurge-dns {
+  domain   = "home.jowj.net"
+  flags    = "0"
+  name     = "demiurge"
+  port     = "0"
+  priority = "0"
+  ttl      = "900"
+  type     = "A"
+  value    = "100.108.60.46"
+  weight   = "0"
+}