Create new debian_base role.

- To be used as a platform for other deployments.
Remove "all" deploy. I have literally never used this.
25 changed files with 195 additions and 947 deletions
--- a/ansible/all.yml
+++ b/ansible/all.yml
@ -1,59 +0,0 @@
 ---
 - name: cloud wg config
  hosts: vpn
  gather_facts: no  
  tasks:
    - debug: msg="Deploying wg to cloud server"
  roles:
    - { name: wg_vpn, tags: ['wg_vpn'] }
 - name: deploy the awful stack
  gather_facts: no  
  hosts: dockerhosts
  tasks:
    - debug: msg="Deploying awful stack to cloud server"
  roles:
    - { name: awfulAll, tags: ['awfulAll'] }
 - name: Configure home-net base packages
  hosts: hatchery.home.jowj.net
  gather_facts: no
  roles:
    - { name: home-net, tags: ['base'] }
 - name: Deploy mediaserver
  hosts: mediaserver
  gather_facts: no
  roles:
    - { name: mediaserver, tags: ['mediaserver'] }    
 - name: Deploy gitea
  hosts: dockerhosts
  gather_facts: no
  roles:
    - { name: gitea, tags: ['gitea'] }
 - name: Deploy nextcloud
  hosts: dockerhosts
  gather_facts: no
  roles:
    - { name: nextcloud, tags: ['nextcloud'] }
 - name: deploy the dev stack
  gather_facts: no  
  hosts: dockerhosts
  tasks:
    - debug: msg="Deploying awful stack to cloud server"
  roles:
    - { name: test, tags: ['test'] }    
 - name: deploy syslog server
  gather_facts: no  
  hosts: syslog
  tasks:
    - debug: msg="Deploy syslog server to larva."
  roles:
    - { name: syslog, tags: ['syslog'] }      
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -28,3 +28,13 @@ all:
      hosts:
        halo.awful.club:
          ansible_python_interpreter: python3
    bikeshed:
      hosts:
        seraph:
          ansible_python_interpreter: /usr/bin/python3
        demiurge:
          ansible_python_interpreter: /usr/bin/python3
        exgod:
          ansible_python_interpreter: /usr/bin/python3
      vars:
        ansible_user: root        
--- a/ansible/roles/debian_base/tasks/main.yml
+++ b/ansible/roles/debian_base/tasks/main.yml
@ -0,0 +1,60 @@
 ---
 # Configure the baseline I want on every debian box
 # Configure apt
 - name: Install aptitude using apt
  apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
 # Add custom packages to apt.
 - name: Add tailscale GPG apt Key
  apt_key:
    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
    state: present
 - name: Add tailscsale Repository
  apt_repository:
    repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
    state: present    
 # Add our packages
 - name: Install required system packages
  apt: name={{ sys_packages }} state=latest
 # Configure sudo
 - name: Make sure we have a 'sudo' group
  group:
    name: sudo
    state: present
 - name: Allow sudo group to have passwordless sudo
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'
 # loop here??
 - name: Create a new regular user with sudo privileges
  user:
    name: "{{ item }}"
    state: present
    groups: sudo
    append: true
    create_home: true
    shell: /bin/bash
  loop: "{{ create_users }}"
 # loop here
 - name: Set authorized key for remote user
  authorized_key:
    user: "{{ item }}"
    state: present
    key: "{{ copy_local_key }}"
  loop: "{{ create_users }}"
 - name: Restart sshd
  service:
    name: sshd.service
    state: restarted
--- a/ansible/roles/debian_base/vars/main.yml
+++ b/ansible/roles/debian_base/vars/main.yml
@ -0,0 +1,3 @@
 create_users: ['josiah', 'alice']
 copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
 sys_packages: [ 'sudo', 'tailscale' ]
--- a/nixos-configs/hosts/hoyden/configuration.nix
+++ b/nixos-configs/hosts/hoyden/configuration.nix
@ -4,7 +4,13 @@
 { config, pkgs, ... }:
-{
+let
  unstableTarball = fetchTarball
    "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
  nurTarball = builtins.fetchTarball
    "https://github.com/nix-community/NUR/archive/master.tar.gz";
 in {
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];
@ -25,6 +31,7 @@
  networking.useDHCP = false;
  networking.interfaces.eno1.useDHCP = true;
  networking.interfaces.wlp0s20f3.useDHCP = true;
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
@ -74,13 +81,25 @@
  };
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio.enable = true;
  hardware.pulseaudio.extraConfig = "load-module module-combine-sink";   #troubleshooting a dumb mic issue
  hardware.pulseaudio.package = pkgs.pulseaudioFull; # troubleshooting a dumb mic issues
  programs.dconf.enable = true;
  # handle bluetooth
  hardware.bluetooth.enable = true;
  services.blueman.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
@ -100,10 +119,6 @@
    ];
  };
  # Use my SSH keys for logging in as root.
  users.users.root.openssh.authorizedKeys.keys =
    config.users.users.josiah.openssh.authorizedKeys.keys;  
  nixpkgs.config.allowUnfree = true;
  # List packages installed in system profile. To search, run:
@ -111,22 +126,31 @@
  nixpkgs.config = {
    packageOverrides = pkgs: {
-      unstable = import attrs.unstableTarball { config = config.nixpkgs.config; };
+      unstable = import unstableTarball { config = config.nixpkgs.config; };
      nur = import nurTarball {
        inherit pkgs;
      };
    };
    permittedInsecurePackages = [ 
      "python2.7-certifi-2021.10.8"
-      "python2.7-pyjwt-1.7.1"]; # required for poetry
+      "python2.7-pyjwt-1.7.1"
      "python-2.7.18.6"
      "openssl-1.1.1u"
    ]; # required for poetry
  };
  environment.systemPackages = with pkgs; [
    # build shit
    morph # ultimately this seems not useful to me; weird errors.
    nixops
-    unstable.deploy-rs
+    android-studio
    deploy-rs
    direnv
    autoconf
    yarn
    automake
    direnv
    gnumake
    wget
    gcc-arm-embedded
@ -139,21 +163,30 @@
    # python-language-server
    # python38Packages.python-language-server
    # jlj utils
    # nur.repos.bhipple.talon # this is broken, right now, and there isn't another option to try.
    darktable
    digikam
    offlineimap
    unzip
    ansible
    terraform
    terraformer
    awscli2
    pass
    doctl
    python38
    python38Packages.pip
    python38Packages.setuptools
    nodejs_20
    pipenv
    bitwarden
    chromium
    magic-wormhole
    firefox
    google-chrome
    unstable.nyxt
    emacs
    vscode
    emacsPackages.flyspell-correct
    nixfmt
    mu
@ -167,7 +200,8 @@
    wireguard-tools
    tailscale
    fortune
-    youtube-dl
+    unstable.youtube-dl
    unstable.yt-dlp
    gcc8
    dfu-util
    scrot
@ -176,6 +210,10 @@
    texlive.combined.scheme-full
    # jlj sound
    pavucontrol
    blueman
    bluedevil
    bluez
    gnome.cheese
    # jlj comms
    unstable.element-desktop
    slack
@ -188,7 +226,7 @@
    jitsi-meet-electron
    # jlj de
    syncthingtray
-    unstable.synology-drive-client
+    # unstable.synology-drive-client
    barrier
    pinentry
    acpi
@ -206,7 +244,7 @@
    # rsi stuff
    rsibreak
    workrave
-    espanso # text expander
+    unstable.espanso # text expander
    xclip # c&p from cli / required for espanso
    libnotify # required for espanso
    arc-icon-theme
@ -226,7 +264,7 @@
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
-    pinentryFlavor = "qt";
+    pinentryFlavor = "gnome3";
  };
  programs.adb.enable = true;
@ -263,6 +301,27 @@
    fsType = "nfs";
  };
  fileSystems."/home/josiah/network-share/sainthood/sainthouse-wide" = {
    device = "sainthood.home.jowj.net:/volume4/sainthouse-wide/";
    options = [ "nfsvers=3" ];
    fsType = "nfs";
  };
  # this doens't work right
  # fileSystems."/home/josiah/network-share/sainthood/homes" = {
  #   #device = "//sainthood.home.jowj.net/volume3/homes/";
  #   device = "//sainthood.home.jowj.net//volume3/homes/";
  #   fsType = "cifs";
  #   options = let
  #     # this line prevents hanging on network split
  #     automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
  #   in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
  # };
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;
  # This value determines the NixOS release from which the default
--- a/nixos-configs/hosts/hoyden/hardware-configuration.nix
+++ b/nixos-configs/hosts/hoyden/hardware-configuration.nix
@ -30,5 +30,5 @@
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
+  # hardware.video.hidpi.enable = lib.mkDefault true;
 }
--- a/nix-configs/readme.org
+++ b/nix-configs/readme.org
@ -0,0 +1,13 @@
 * nix configurations
 This folder tracks any nix configuration required. In the past I've experimented with using things like ~deploy-rs~ and ~morph~ for managing nix hosts, but unfortunately nix state of the art is just trash from a UX perspective. I don't recommend any of these things. Instead, I'm moving to naked configuration of a single ~configuration.nix~ file for the immediate future.
 ** How this works
 There is a single folder per host currently in use. Each folder contains about 2 files, ~configuration.nix~ and ~hardware-configuration.nix~. Any changes made to a hosts configuration should go in the appropriate configuration file, saved, and committed. To use the latest version of a file, invoke ~rebuild switch~ with additional arguments, like:
 ~nixos-rebuild -I nixos-config=path/to/your/configuration.nix~
 In our case, to rebuild the local ~hoyden~ configuration, we would run something like:
 ~nixos-rebuild -I nixos-config=~/Documents/projects/adc/nix-configs/hosts/hoyden/configuration.nix switch~
--- a/nixos-configs/common/default.nix
+++ b/nixos-configs/common/default.nix
@ -1,40 +0,0 @@
 # common/default.nix
 # inputs to this NixOS module. We don't use any here
 # so we can ignore them all.
 { ... }:
 {
  imports = [
    # User account definitions
    ./users
  ];
  # clean /tmp on boot.
  boot.cleanTmpDir = true;
  # Allow any admin to build packages, not just root.
  ## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
  nix.settings.trusted-users = [ "@wheel" ]; 
  # Automatically optimize the Nix store to save space
  # by hard-linking identical files together. These savings
  # add up.
  #nix.settings.autoOptimiseStore = true;
  # Limit the systemd journal to 100 MB of disk or the
  # last 7 days of logs, whichever happens first.
  services.journald.extraConfig = ''
    SystemMaxUse=100M
    MaxFileSec=7day
  '';
  # Use systemd-resolved for DNS lookups, but disable
  # its dnssec support because it is kinda broken in
  # surprising ways.
  # Who is surprised that dnssec is broken? no one.
  # services.resolved = {
  #   enable = true;
  #   dnssec = "false";
  # };
 }
--- a/nixos-configs/common/users/default.nix
+++ b/nixos-configs/common/users/default.nix
@ -1,21 +0,0 @@
 # common/users/default.nix
 # Inputs to this NixOS module, in this case we are
 # using `pkgs` so I can configure my favorite shell fish
 # and `config` so we can make my SSH key also work with
 # the root user.
 { config, pkgs, ... }:
 {
  # The block that specifies my user account.
  users.users.josiah = {
    isNormalUser = true;
    shell = pkgs.bash;
    # My SSH keys.
    openssh.authorizedKeys.keys = [
      # Replace this with your SSH key!
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
    ];
  };
 }
--- a/nixos-configs/deploy-rs/flake.lock
+++ b/nixos-configs/deploy-rs/flake.lock
@ -1,95 +0,0 @@
 {
  "nodes": {
    "deploy-rs": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs",
        "utils": "utils"
      },
      "locked": {
        "lastModified": 1674127017,
        "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
        "owner": "serokell",
        "repo": "deploy-rs",
        "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
        "type": "github"
      },
      "original": {
        "owner": "serokell",
        "repo": "deploy-rs",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1668681692,
        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1671417167,
        "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1672580127,
        "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "0874168639713f547c05947c76124f78441ea46c",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-22.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "deploy-rs": "deploy-rs",
        "nixpkgs": "nixpkgs_2"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1667395993,
        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/nixos-configs/deploy-rs/flake.nix
+++ b/nixos-configs/deploy-rs/flake.nix
@ -1,117 +0,0 @@
 {
  description = "Test deployment for my server cluster";
  inputs = {
    nixpkgs.url =
      "github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
    # For accessing `deploy-rs`'s utility Nix functions    
    deploy-rs.url = "github:serokell/deploy-rs";
  };
  outputs = { self, nixpkgs, deploy-rs }: {
    nixosConfigurations.seraph = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ../hosts/seraph/configuration.nix
        ../common/default.nix
      ];
    };
    nixosConfigurations.demiurge = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ../hosts/demiurge/configuration.nix
        ../common/default.nix
      ];
    };
    nixosConfigurations.exgod = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ../hosts/exgod/configuration.nix
        ../common/default.nix
      ];
    };
    nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ../hosts/hoyden/configuration.nix
        ../common/default.nix
      ];
    };
    deploy.nodes.hoyden = {
      hostname = "hoyden";
      user = "root";
      sshUser = "josiah";
      # magicRollback = false;
      remoteBuild = false;
      path = deploy-rs.lib.x86_64-linux.activate.nixos
        self.nixosConfigurations.hoyden;
      # This forces ssh to connect over IPv4.
      sshOpts = [ "-4" ];
      profiles.system = {
        path = deploy-rs.lib.x86_64-linux.activate.nixos
          self.nixosConfigurations.hoyden;
      };
    };            
    deploy.nodes.seraph = {
      hostname = "seraph";
      user = "root";
      sshUser = "alice";
      # magicRollback = false;
      remoteBuild = false;
      path = deploy-rs.lib.x86_64-linux.activate.nixos
        self.nixosConfigurations.seraph;
      # This forces ssh to connect over IPv4.
      sshOpts = [ "-4" ];
      profiles.system = {
        path = deploy-rs.lib.x86_64-linux.activate.nixos
          self.nixosConfigurations.seraph;
      };
    };
    deploy.nodes.demiurge = {
      hostname = "demiurge";
      user = "root";
      sshUser = "alice";
      # magicRollback = false;
      remoteBuild = false;
      path = deploy-rs.lib.x86_64-linux.activate.nixos
        self.nixosConfigurations.demiurge;
      # This forces ssh to connect over IPv4.
      sshOpts = [ "-4" ];
      profiles.system = {
        path = deploy-rs.lib.x86_64-linux.activate.nixos
          self.nixosConfigurations.demiurge;
      };
    };
    deploy.nodes.exgod = {
      hostname = "exgod";
      user = "root";
      sshUser = "alice";
      # magicRollback = false;
      remoteBuild = false;
      path = deploy-rs.lib.x86_64-linux.activate.nixos
        self.nixosConfigurations.exgod;
      # This forces ssh to connect over IPv4.
      sshOpts = [ "-4" ];
      profiles.system = {
        path = deploy-rs.lib.x86_64-linux.activate.nixos
          self.nixosConfigurations.exgod;
      };
    };            
    # This is highly advised, and will prevent many possible mistakes
    checks =
      builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
      deploy-rs.lib;
  };
 }
--- a/nixos-configs/hosts/demiurge/configuration.nix
+++ b/nixos-configs/hosts/demiurge/configuration.nix
@ -1,119 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];
  users.users.alice = {
    isNormalUser = true;
    shell = pkgs.bash;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    # My SSH keys.
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
    ];
    packages = with pkgs; [ emacs vim ];
  };
  # Use my SSH keys for logging in as root.
  users.users.root.openssh.authorizedKeys.keys =
    config.users.users.alice.openssh.authorizedKeys.keys;  
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "demiurge"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable =
    true; # Easiest to use and most distros use this by default.
  # Set your time zone.
  time.timeZone = "US/Central";
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };
  # Enable the X11 windowing system.
  # services.xserver.enable = true;
  nix.settings.require-sigs = false;
  # Configure keymap in X11
  services.xserver.layout = "us";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services = {
    tailscale.enable = true;
    openssh.enable = true;
  };
  # Configure ssh auth for sudo/pam
  security.sudo.enable = true;
  security.pam.enableSSHAgentAuth = true;
  security.pam.services.sudo.sshAgentAuth = true;
  security.sudo.wheelNeedsPassword = false;
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  networking.firewall.checkReversePath = "loose";
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/nixos-configs/hosts/demiurge/hardware-configuration.nix
+++ b/nixos-configs/hosts/demiurge/hardware-configuration.nix
@ -1,38 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/cc6be357-aed0-49da-b745-f03e48fa21de";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/72ED-3EB7";
      fsType = "vfat";
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos-configs/hosts/exgod/configuration.nix
+++ b/nixos-configs/hosts/exgod/configuration.nix
@ -1,119 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];
  users.users.alice = {
    isNormalUser = true;
    shell = pkgs.bash;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    # My SSH keys.
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
    ];
    packages = with pkgs; [ emacs vim ];
  };
  # Use my SSH keys for logging in as root.
  users.users.root.openssh.authorizedKeys.keys =
    config.users.users.alice.openssh.authorizedKeys.keys;  
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "exgod"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable =
    true; # Easiest to use and most distros use this by default.
  # Set your time zone.
  time.timeZone = "US/Central";
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };
  # Enable the X11 windowing system.
  # services.xserver.enable = true;
  nix.settings.require-sigs = true;
  # Configure keymap in X11
  services.xserver.layout = "us";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services = {
    tailscale.enable = true;
    openssh.enable = true;
  };
  # Configure ssh auth for sudo/pam
  security.sudo.enable = true;
  security.pam.enableSSHAgentAuth = true;
  security.pam.services.sudo.sshAgentAuth = true;
  security.sudo.wheelNeedsPassword = false;
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  networking.firewall.checkReversePath = "loose";
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/nixos-configs/hosts/exgod/hardware-configuration.nix
+++ b/nixos-configs/hosts/exgod/hardware-configuration.nix
@ -1,38 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules =
    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/56e7b3a8-e2a6-4dbb-b4eb-9a58973e816d";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/687E-9796";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos-configs/hosts/hoyden/flake.nix
+++ b/nixos-configs/hosts/hoyden/flake.nix
@ -1,25 +0,0 @@
 {
  description = "Hoyden's Flake";
  inputs = {
    nixpkgs.url =
      "github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
    # For accessing `deploy-rs`'s utility Nix functions    
    deploy-rs.url = "github:serokell/deploy-rs";
    unstableTarball = fetchTarball
      "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";    
  };    
  outputs = { self, nixpkgs, unstableTarball }@attrs: {
    nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = attrs;
      modules = [ ./configuration.nix ];
    };
  };
 }
--- a/nixos-configs/hosts/seraph/configuration.nix
+++ b/nixos-configs/hosts/seraph/configuration.nix
@ -1,120 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];
  users.users.alice = {
    isNormalUser = true;
    shell = pkgs.bash;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    # My SSH keys.
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
    ];
    packages = with pkgs; [ emacs vim ];
  };
  # Use my SSH keys for logging in as root.
  users.users.root.openssh.authorizedKeys.keys =
    config.users.users.alice.openssh.authorizedKeys.keys;
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "seraph"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable =
    true; # Easiest to use and most distros use this by default.
  # Set your time zone.
  time.timeZone = "US/Central";
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };
  # Enable the X11 windowing system.
  # services.xserver.enable = true;
  nix.settings.require-sigs = false;
  # Configure keymap in X11
  services.xserver.layout = "us";
  # Enable CUPS to print documents.
  # services.printing.enable = true;
  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services = {
    tailscale.enable = true;
    openssh.enable = true;
  };
  # Configure ssh auth for sudo/pam
  security.sudo.enable = true;
  security.pam.enableSSHAgentAuth = true;
  security.pam.services.sudo.sshAgentAuth = true;
  security.sudo.wheelNeedsPassword = false;
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  networking.firewall.checkReversePath = "loose";
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/nixos-configs/hosts/seraph/hardware-configuration.nix
+++ b/nixos-configs/hosts/seraph/hardware-configuration.nix
@ -1,37 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules =
    [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/3662ca72-d69f-42fe-a049-0f1ed2b81334";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/97D6-2BED";
    fsType = "vfat";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos-configs/ops/home/.gcroots/network.nix
+++ b/nixos-configs/ops/home/.gcroots/network.nix
@ -1 +0,0 @@
 /nix/store/lwyi13rbiw9afcjps9fyiarjfkjkqq12-morph
--- a/nixos-configs/ops/home/cache-priv-key.pem
+++ b/nixos-configs/ops/home/cache-priv-key.pem
@ -1 +0,0 @@
 hoyden:mzRpcmjuqPqre3Si990zXvAeD9xwqRJMezGsxdXV2vTayggi7ycd8bhQlPQGg3u2YhjbaztvTo1bogdeAlI/bg==
--- a/nixos-configs/ops/home/cache-pub-key.pem
+++ b/nixos-configs/ops/home/cache-pub-key.pem
@ -1 +0,0 @@
 hoyden:2soIIu8nHfG4UJT0BoN7tmIY22s7b06NW6IHXgJSP24=
--- a/nixos-configs/ops/home/network.nix
+++ b/nixos-configs/ops/home/network.nix
@ -1,40 +0,0 @@
 # ops/home/network.nix
 {
  # Configuration for the network in general.
  network = { description = "home.jowj.net cluster definition"; };
  # This specifies the configuration for
  # `seraph` as a NixOS module.
  # "seraph" = { config, pkgs, lib, ... }: {
  #   deployment.targetUser = "alice";
  #   deployment.targetHost = "seraph";
  #   # Import seraph configuration.nix
  #   imports = [
  #     ../../hosts/seraph/configuration.nix
  #     ../../common ];
  # };
  "exgod" = { config, pkgs, lib, ... }: {
    deployment.targetUser = "alice";
    deployment.targetHost = "exgod";
    # Import exgod configuration.nix
    imports = [
      ../../hosts/exgod/configuration.nix
      ../../common ];
  };  
  "hoyden" = { config, pkgs, lib, ... }: {
    deployment.targetUser = "alice";
    deployment.targetHost = "hoyden";
    # Import seraph configuration.nix
    imports = [
      ../../hosts/hoyden/configuration.nix
      ../../common ];                
  };  
 }
--- a/nixos-configs/ops/home/push.sh
+++ b/nixos-configs/ops/home/push.sh
@ -1,22 +0,0 @@
 #!/usr/bin/env nix-shell
 # Specify the packages we are using in this
 # script as well as the fact that we are running it
 # in bash.
 #! nix-shell -p morph -i bash
 # Explode on any error.
 set -e
 # Build the system configurations for every
 # machine in this network and register them as
 # garbage collector roots so `nix-collect-garbage`
 # doesn't sweep them away.
 morph build --keep-result ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
 # Push the config to the hosts.
 morph push ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
 # Activate the NixOS configuration on the
 # network.
 morph deploy ~/Documents/projects/adc/nixos-configs/ops/home/network.nix test
--- a/nixos-configs/ops/home/simple.nix
+++ b/nixos-configs/ops/home/simple.nix
@ -1,40 +0,0 @@
 let
  pkgs = import (import ../nixpkgs.nix) {};
 in
 {
  network =  {
    inherit pkgs;
    description = "simple hosts";
    ordering = {
      tags = [ "db" "web" ];
    };
  };
  "web01" = { config, pkgs, ... }: {
    deployment.tags = [ "web" ];
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    services.nginx.enable = true;
    fileSystems = {
        "/" = { label = "nixos"; fsType = "ext4"; };
        "/boot" = { label = "boot"; fsType = "vfat"; };
    };
  };
  "db01" = { config, pkgs, ... }: {
    deployment.tags = [ "db" ];
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    services.postgresql.enable = true;
    fileSystems = {
        "/" = { label = "nixos"; fsType = "ext4"; };
        "/boot" = { label = "boot"; fsType = "vfat"; };
    };
  };
 }
--- a/terraform/do_domains/records_home.jowj.net.tf
+++ b/terraform/do_domains/records_home.jowj.net.tf
@ -177,3 +177,39 @@ resource "digitalocean_record" "tfer--87843681" {
  value    = "192.168.1.211"
  weight   = "0"
 }
 resource "digitalocean_record" seraph-dns {
  domain   = "home.jowj.net"
  flags    = "0"
  name     = "seraph"
  port     = "0"
  priority = "0"
  ttl      = "900"
  type     = "A"
  value    = "100.68.110.113"
  weight   = "0"
 }
 resource "digitalocean_record" exgod-dns {
  domain   = "home.jowj.net"
  flags    = "0"
  name     = "exgod"
  port     = "0"
  priority = "0"
  ttl      = "900"
  type     = "A"
  value    = "100.98.219.88"
  weight   = "0"
 }
 resource "digitalocean_record" demiurge-dns {
  domain   = "home.jowj.net"
  flags    = "0"
  name     = "demiurge"
  port     = "0"
  priority = "0"
  ttl      = "900"
  type     = "A"
  value    = "100.108.60.46"
  weight   = "0"
 }
Author	SHA1	Message	Date
josiah	06615390aa	Create new debian_base role. - To be used as a platform for other deployments.	9 months ago
josiah	21a30eabd1	Remove "all" deploy. I have literally never used this.	9 months ago
josiah	e253cf9898	Add cluster nodes to ansible inventory, add DNS records.	9 months ago
josiah	9d7ba14fdb	Create new nix-configs folder for host specific nix configuration.	9 months ago
josiah	65fc8af6d8	Remove no longer used nix configs. Deprecated the nix cluster.	9 months ago
		`@ -1 +0,0 @@`
			`/nix/store/lwyi13rbiw9afcjps9fyiarjfkjkqq12-morph`
		`@ -1 +0,0 @@`
			`hoyden:mzRpcmjuqPqre3Si990zXvAeD9xwqRJMezGsxdXV2vTayggi7ycd8bhQlPQGg3u2YhjbaztvTo1bogdeAlI/bg==`
		`@ -1 +0,0 @@`
			`hoyden:2soIIu8nHfG4UJT0BoN7tmIY22s7b06NW6IHXgJSP24=`