From 95cbbfb157e66d11e02ce6ba49415c12013efc57 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 21:18:54 +0100 Subject: [PATCH 1/2] fix: jellyfin revproxy Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index 3aaea4c..118f869 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -177,9 +177,14 @@ services.nginx.virtualHosts."media.escapeangle.com" = { forceSSL = true; enableACME = true; - locations."/" = { - proxyPass = "http://localhost:8096"; - proxyWebsockets = true; + locations = { + "/" = { + proxyPass = "http://localhost:8096"; + }; + "/socket" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + }; }; }; From a55ed8b41b5b7895b2b0e2734242354deac79d5e Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Sat, 1 Nov 2025 10:39:18 +0100 Subject: [PATCH 2/2] feat: add hyp-01 Signed-off-by: Lander Van den Bulcke --- flake.lock | 37 +++++++++ flake.nix | 21 ++++- hosts/hyp-01/default.nix | 25 ++++++ hosts/hyp-01/modules/boot.nix | 8 ++ hosts/hyp-01/modules/disko.nix | 115 ++++++++++++++++++++++++++ hosts/hyp-01/modules/impermanence.nix | 30 +++++++ hosts/hyp-01/modules/networking.nix | 51 ++++++++++++ hosts/hyp-01/modules/users.nix | 20 +++++ 8 files changed, 306 insertions(+), 1 deletion(-) create mode 100644 hosts/hyp-01/default.nix create mode 100644 hosts/hyp-01/modules/boot.nix create mode 100644 hosts/hyp-01/modules/disko.nix create mode 100644 hosts/hyp-01/modules/impermanence.nix create mode 100644 hosts/hyp-01/modules/networking.nix create mode 100644 hosts/hyp-01/modules/users.nix diff --git a/flake.lock b/flake.lock index d1cb89f..8bd6b7c 100644 --- a/flake.lock +++ b/flake.lock @@ -388,6 +388,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "ixx": { "inputs": { "flake-utils": [ @@ -659,12 +674,14 @@ "disko": "disko", "headplane": "headplane", "home-manager": "home-manager", + "impermanence": "impermanence", "nixos-mailserver": "nixos-mailserver", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "sops-nix": "sops-nix", + "srvos": "srvos", "tidalcycles": "tidalcycles" } }, @@ -688,6 +705,26 @@ "type": "github" } }, + "srvos": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761869910, + "narHash": "sha256-ogo46cmshLzXOOz1YO7KKAXaQNVsU5witFSNLWIULpU=", + "owner": "nix-community", + "repo": "srvos", + "rev": "412e15bdb690c5e4ad99dbc9cc91692393120c57", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "srvos", + "type": "github" + } + }, "superdirt-src": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index cbf2b4c..6e8898d 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,17 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # srvos + srvos = { + url = "github:nix-community/srvos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # impermanence + impermanence = { + url = "github:nix-community/impermanence"; + }; + # theme catppuccin = { url = "github:catppuccin/nix/release-25.05"; @@ -121,7 +132,15 @@ ); nixosConfigurations = { - # Workstations + # hypervisors + hyp-01 = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + ./hosts/hyp-01 + ]; + }; + + # workstations wodan = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; modules = [ diff --git a/hosts/hyp-01/default.nix b/hosts/hyp-01/default.nix new file mode 100644 index 0000000..2993340 --- /dev/null +++ b/hosts/hyp-01/default.nix @@ -0,0 +1,25 @@ +{ + inputs, + ... +}: +{ + networking.hostName = "hyp-01"; + networking.hostId = "ae2c05d3"; + + imports = [ + inputs.disko.nixosModules.disko + inputs.impermanence.nixosModules.impermanence + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-hetzner-online-intel + inputs.srvos.nixosModules.mixins-terminfo + inputs.srvos.nixosModules.mixins-nginx + + ./modules/boot.nix + ./modules/disko.nix + ./modules/impermanence.nix + ./modules/networking.nix + ./modules/users.nix + ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/hyp-01/modules/boot.nix b/hosts/hyp-01/modules/boot.nix new file mode 100644 index 0000000..fa3aaf9 --- /dev/null +++ b/hosts/hyp-01/modules/boot.nix @@ -0,0 +1,8 @@ +{ + # BIOS system + boot.loader.systemd-boot.enable = false; + boot.loader.grub = { + enable = true; + efiSupport = false; + }; +} diff --git a/hosts/hyp-01/modules/disko.nix b/hosts/hyp-01/modules/disko.nix new file mode 100644 index 0000000..3962c3a --- /dev/null +++ b/hosts/hyp-01/modules/disko.nix @@ -0,0 +1,115 @@ +let + disk1 = "/dev/disk/by-path/pci-0000:00:17.0-ata-2.0"; + disk2 = "/dev/disk/by-path/pci-0000:00:17.0-ata-3.0"; +in +{ + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = disk1; + content = { + type = "table"; + format = "mbr"; + partitions = [ + { + name = "boot-primary"; + size = "1G"; + bootable = true; + type = "EF02"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; + } + { + name = "zfs-a"; + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + }; + disk2 = { + type = "disk"; + device = disk2; + content = { + type = "table"; + format = "mbr"; + partitions = [ + { + name = "boot-secondary"; + size = "1G"; + bootable = true; + type = "EF02"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot-fallback"; + mountOptions = [ "nofail" ]; + }; + } + { + name = "zfs-b"; + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + compression = "lz4"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "true"; + mountpoint = "none"; + }; + options.ashift = "12"; + datasets = { + "root" = { + type = "zfs_fs"; + options = { + mountpoint = "none"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "prompt"; + }; + }; + "root/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options.atime = "off"; + }; + "root/persist" = { + type = "zfs_fs"; + mountpoint = "/persist"; + }; + }; + }; + }; + }; + + boot.loader.grub = { + device = disk1; + + mirroredBoots = [ + { + devices = [ disk2 ]; + path = "/boot-fallback"; + } + ]; + }; +} diff --git a/hosts/hyp-01/modules/impermanence.nix b/hosts/hyp-01/modules/impermanence.nix new file mode 100644 index 0000000..2d50d54 --- /dev/null +++ b/hosts/hyp-01/modules/impermanence.nix @@ -0,0 +1,30 @@ +{ lib, ... }: +{ + boot.initrd.systemd.enable = true; + boot.initrd.postDeviceCommands = lib.mkAfter "zfs mount -a"; + + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = [ + "defaults" + "size=4G" + "mode=755" + ]; + }; + + environment.persistence."/persist" = { + directories = [ + "/etc/nixos" + "/var/log" + ]; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + ]; + }; + +} diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix new file mode 100644 index 0000000..ecfd10e --- /dev/null +++ b/hosts/hyp-01/modules/networking.nix @@ -0,0 +1,51 @@ +{ config, lib, ... }: +{ + options = { + networking.hyp-01.ipv4.address = lib.mkOption { + type = lib.types.str; + default = "88.99.145.10"; + }; + + networking.hyp-01.ipv4.cidr = lib.mkOption { + type = lib.types.str; + default = "26"; + }; + + networking.hyp-01.ipv4.gateway = lib.mkOption { + type = lib.types.str; + default = "88.99.145.1"; + }; + + networking.hyp-01.ipv6.address = lib.mkOption { + type = lib.types.str; + default = "2a01:4f8:10a:2962::1"; + }; + + networking.hyp-01.ipv6.cidr = lib.mkOption { + type = lib.types.str; + default = "64"; + }; + + networking.hyp-01.ipv6.gateway = lib.mkOption { + type = lib.types.str; + default = "fe80::1"; + }; + }; + + config = { + networking = { + dhcpcd.enable = false; + nameservers = [ "9.9.9.9" ]; + }; + + systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; + + boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink"; + + boot.initrd.network = { + enable = true; + }; + + boot.initrd.kernelModules = [ "igb" ]; + }; +} diff --git a/hosts/hyp-01/modules/users.nix b/hosts/hyp-01/modules/users.nix new file mode 100644 index 0000000..ac65bda --- /dev/null +++ b/hosts/hyp-01/modules/users.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +let + sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026"; +in +{ + users.mutableUsers = false; + + users.users.root = { + openssh.authorizedKeys.keys = [ sshKey ]; + }; + + users.users.lander = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ sshKey ]; + }; +}