all: cleanup and dedupe · tangled.org/infra@8aa85c4

+43

common/base.nix

··· 1 + { modulesPath, lib, pkgs, commonArgs, ... }: 2 + { 3 + imports = [ 4 + (modulesPath + "/installer/scan/not-detected.nix") 5 + (modulesPath + "/profiles/qemu-guest.nix") 6 + ]; 7 + 8 + boot.loader.grub = { 9 + efiSupport = true; 10 + efiInstallAsRemovable = true; 11 + }; 12 + 13 + services.openssh.enable = true; 14 + 15 + nix.extraOptions = '' 16 + experimental-features = nix-command flakes ca-derivations 17 + warn-dirty = false 18 + keep-outputs = false 19 + ''; 20 + 21 + environment.systemPackages = map lib.lowPrio [ 22 + pkgs.curl 23 + pkgs.gitMinimal 24 + ]; 25 + 26 + users.users.tangler = { 27 + extraGroups = [ "networkmanager" "wheel" ]; 28 + openssh.authorizedKeys.keys = commonArgs.sshKeys; 29 + isNormalUser = true; 30 + }; 31 + 32 + security.sudo.extraRules = [ 33 + { 34 + users = [ "tangler" ]; 35 + commands = [ 36 + { 37 + command = "ALL"; 38 + options = [ "NOPASSWD" ]; 39 + } 40 + ]; 41 + } 42 + ]; 43 + }

+3

common/tailscale.nix

··· 1 + { 2 + services.tailscale.enable = true; 3 + }

+36 -53

flake.nix

··· 20 20 21 21 outputs = { nixpkgs, disko, colmena, nixery-flake, tangled, atlogin, ... }: 22 22 let 23 + lib = nixpkgs.lib; 23 24 system = "x86_64-linux"; 24 25 commonArgs = import ./common/ssh.nix; 25 26 26 - # Helper function to create nixosConfiguration 27 + baseModules = [ 28 + disko.nixosModules.disko 29 + ./common/base.nix 30 + ./common/tailscale.nix 31 + ]; 32 + 27 33 mkHost = hostname: extraModules: 28 - nixpkgs.lib.nixosSystem { 34 + lib.nixosSystem { 29 35 inherit system; 30 36 specialArgs = { inherit commonArgs; }; 31 - modules = [ 32 - disko.nixosModules.disko 33 - ./hosts/${hostname}/configuration.nix 34 - ] ++ extraModules; 37 + modules = baseModules ++ [ ./hosts/${hostname}/configuration.nix ] ++ extraModules; 35 38 }; 36 39 37 - # Helper function to create colmena host 38 - mkColmenaHost = hostname: targetHost: targetPort: extraModules: 39 - { 40 - deployment = { 41 - inherit targetHost; 42 - inherit targetPort; 43 - targetUser = "tangler"; 44 - buildOnTarget = true; 45 - }; 46 - nixpkgs.system = system; 47 - time.timeZone = "Europe/Helsinki"; 48 - imports = [ 49 - disko.nixosModules.disko 50 - ./hosts/${hostname}/configuration.nix 51 - ] ++ extraModules; 40 + mkColmenaHost = hostname: targetHost: targetPort: extraModules: { 41 + deployment = { 42 + inherit targetHost targetPort; 43 + targetUser = "tangler"; 44 + buildOnTarget = true; 52 45 }; 46 + nixpkgs.system = system; 47 + time.timeZone = "Europe/Helsinki"; 48 + imports = baseModules ++ [ ./hosts/${hostname}/configuration.nix ] ++ extraModules; 49 + }; 53 50 54 - # Host configurations 55 51 hosts = { 56 52 appview = { 57 53 modules = [ ··· 61 57 ./hosts/appview/services/litestream.nix 62 58 ]; 63 59 target = "95.111.205.38"; 60 + port = 2222; 64 61 }; 65 62 66 63 pds = { ··· 116 113 }; 117 114 in 118 115 { 119 - # nixos-anywhere and nixos-rebuild use these 120 - nixosConfigurations = { 121 - appview = mkHost "appview" hosts.appview.modules; 122 - pds = mkHost "pds" hosts.pds.modules; 123 - nixery = mkHost "nixery" hosts.nixery.modules; 124 - spindle = mkHost "spindle" hosts.spindle.modules; 125 - knot1 = mkHost "knot1" hosts.knot1.modules; 126 - mirror = mkHost "mirror" hosts.mirror.modules; 127 - }; 116 + nixosConfigurations = lib.mapAttrs 117 + (name: host: mkHost name host.modules) 118 + hosts; 128 119 129 - # colmena uses this 130 - colmenaHive = colmena.lib.makeHive { 131 - meta = { 132 - nixpkgs = nixpkgs.legacyPackages.${system}; 133 - specialArgs = { 134 - inherit commonArgs; 135 - nixery-pkgs = import nixery-flake.outPath { 136 - pkgs = import nixpkgs { inherit system; }; 120 + colmenaHive = colmena.lib.makeHive ( 121 + { 122 + meta = { 123 + nixpkgs = nixpkgs.legacyPackages.${system}; 124 + specialArgs = { 125 + inherit commonArgs; 126 + nixery-pkgs = import nixery-flake.outPath { 127 + pkgs = import nixpkgs { inherit system; }; 128 + }; 129 + tangled-pkgs = tangled.packages.x86_64-linux; 137 130 }; 138 - tangled-pkgs = tangled.packages.x86_64-linux; 139 131 }; 140 - }; 141 - 142 - defaults = { pkgs, ... }: { 143 - environment.systemPackages = [ pkgs.curl ]; 144 - }; 145 - 146 - appview = mkColmenaHost "appview" hosts.appview.target 2222 hosts.appview.modules; 147 - pds = mkColmenaHost "pds" hosts.pds.target 22 hosts.pds.modules; 148 - nixery = mkColmenaHost "nixery" hosts.nixery.target 22 hosts.nixery.modules; 149 - spindle = mkColmenaHost "spindle" hosts.spindle.target 22 hosts.spindle.modules; 150 - knot1 = mkColmenaHost "knot1" hosts.knot1.target 22 hosts.knot1.modules; 151 - mirror = mkColmenaHost "mirror" hosts.mirror.target 22 hosts.mirror.modules; 152 - }; 132 + } // lib.mapAttrs 133 + (name: host: mkColmenaHost name host.target (host.port or 22) host.modules) 134 + hosts 135 + ); 153 136 }; 154 137 }

+3 -58

hosts/appview/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - boot.loader.grub = { 13 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 14 - # devices = [ ]; 15 - efiSupport = true; 16 - efiInstallAsRemovable = true; 17 - }; 18 - 3 + imports = [ ./disk-config.nix ]; 19 4 networking.hostName = "appview-arn"; 20 - services = { 21 - openssh.enable = true; 22 - openssh.ports = [2222]; 23 - }; 24 - 25 - # networking.extraHosts = '' 26 - # 85.9.211.103 knot1.tangled.sh 27 - # ''; 28 - 29 - 30 - nix = { 31 - extraOptions = '' 32 - experimental-features = nix-command flakes ca-derivations 33 - warn-dirty = false 34 - keep-outputs = false 35 - ''; 36 - }; 37 - 38 - environment.systemPackages = map lib.lowPrio [ 39 - pkgs.curl 40 - pkgs.gitMinimal 41 - ]; 42 - 43 - users.users.tangler = { 44 - extraGroups = [ "networkmanager" "wheel" ]; 45 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 46 - isNormalUser = true; 47 - }; 48 - 49 - security.sudo.extraRules = [ 50 - { 51 - users = [ "tangler" ]; 52 - commands = [ 53 - { 54 - command = "ALL"; 55 - options = [ "NOPASSWD" ]; 56 - } 57 - ]; 58 - } 59 - ]; 60 - 5 + services.openssh.ports = [ 2222 ]; 61 6 system.stateVersion = "25.05"; 62 7 }

+1

hosts/appview/services/nginx.nix

··· 17 17 ~*CCBot 1; 18 18 ~*anthropic-ai 1; 19 19 ~*Claude-Web 1; 20 + ~*meta-externalagent 1; 20 21 } 21 22 ''; 22 23

+3 -50

hosts/knot1/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - boot.loader.grub = { 13 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 14 - # devices = [ ]; 15 - efiSupport = true; 16 - efiInstallAsRemovable = true; 17 - }; 3 + imports = [ ./disk-config.nix ]; 18 4 19 5 networking.hostName = "knot1-ams"; 20 - services = { 21 - openssh.enable = true; 22 - }; 23 6 24 - 25 - nix = { 26 - extraOptions = '' 27 - experimental-features = nix-command flakes ca-derivations 28 - warn-dirty = false 29 - keep-outputs = false 30 - ''; 31 - }; 32 - 33 - environment.systemPackages = map lib.lowPrio [ 34 - pkgs.curl 35 - pkgs.gitMinimal 36 - ]; 37 - 38 - users.users.tangler = { 39 - extraGroups = [ "networkmanager" "wheel" "docker" ]; 40 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 41 - isNormalUser = true; 42 - }; 7 + users.users.tangler.extraGroups = [ "docker" ]; 43 8 44 9 users.users.git = { 45 10 home = "/home/git"; ··· 49 14 }; 50 15 51 16 users.groups.git = {}; 52 - 53 - security.sudo.extraRules = [ 54 - { 55 - users = [ "tangler" ]; 56 - commands = [ 57 - { 58 - command = "ALL"; 59 - options = [ "NOPASSWD" ]; 60 - } 61 - ]; 62 - } 63 - ]; 64 17 65 18 system.stateVersion = "25.05"; 66 19 }

+1 -1

hosts/knot1/services/knot.nix

··· 5 5 stateDir = "/home/git"; 6 6 server = { 7 7 listenAddr = "127.0.0.1:5555"; 8 - owner = "did:plc:hwevmowznbiukdf6uk5dwrrq"; 8 + owner = "did:plc:wshs7t2adsemcrrd4snkeqli"; 9 9 hostname = "knot1.tangled.sh"; 10 10 }; 11 11 };

+3 -50

hosts/mirror/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - 13 - boot.loader.grub = { 14 - efiSupport = true; 15 - efiInstallAsRemovable = true; 16 - }; 17 - 3 + imports = [ ./disk-config.nix ]; 18 4 networking.hostName = "mirror"; 19 - 20 - services.openssh.enable = true; 21 - 22 - nix = { 23 - extraOptions = '' 24 - experimental-features = nix-command flakes ca-derivations 25 - warn-dirty = false 26 - keep-outputs = false 27 - ''; 28 - }; 29 - 30 - environment.systemPackages = map lib.lowPrio [ 31 - pkgs.curl 32 - pkgs.gitMinimal 33 - ]; 34 - 35 - users.users.tangler = { 36 - extraGroups = [ "networkmanager" "wheel" ]; 37 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 38 - isNormalUser = true; 39 - }; 40 - 41 - security.sudo.extraRules = [ 42 - { 43 - users = [ "tangler" ]; 44 - commands = [ 45 - { 46 - command = "ALL"; 47 - options = [ "NOPASSWD" ]; 48 - } 49 - ]; 50 - } 51 - ]; 52 - 5 + networking.enableIPv6 = false; 53 6 system.stateVersion = "25.05"; 54 7 }

+15 -64

hosts/nixery/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - boot.loader.grub = { 13 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 14 - # devices = [ ]; 15 - efiSupport = true; 16 - efiInstallAsRemovable = true; 17 - }; 3 + imports = [ ./disk-config.nix ]; 18 4 19 5 networking.hostName = "nixery"; 20 - services = { 21 - openssh.enable = true; 22 - tangled.spindle = { 23 - enable = true; 24 - server = { 25 - owner = "did:plc:wshs7t2adsemcrrd4snkeqli"; # @tangled.sh 26 - hostname = "spindle.tangled.sh"; 27 - listenAddr = "127.0.0.1:6555"; 28 - queueSize = 100; 29 - maxJobCount = 2; 30 - secrets = { 31 - provider = "openbao"; 32 - }; 33 - }; 34 - pipelines = { 35 - workflowTimeout = "15m"; 36 - }; 37 - }; 38 - }; 6 + 7 + users.users.tangler.extraGroups = [ "docker" ]; 39 8 40 9 virtualisation.docker = { 41 10 enable = true; 42 11 logDriver = "json-file"; 43 12 }; 44 13 45 - nix = { 46 - extraOptions = '' 47 - experimental-features = nix-command flakes ca-derivations 48 - warn-dirty = false 49 - keep-outputs = false 50 - ''; 14 + services.tangled.spindle = { 15 + enable = true; 16 + server = { 17 + owner = "did:plc:wshs7t2adsemcrrd4snkeqli"; # @tangled.sh 18 + hostname = "spindle.tangled.sh"; 19 + listenAddr = "127.0.0.1:6555"; 20 + queueSize = 100; 21 + maxJobCount = 2; 22 + secrets.provider = "openbao"; 23 + }; 24 + pipelines.workflowTimeout = "15m"; 51 25 }; 52 - 53 - environment.systemPackages = map lib.lowPrio [ 54 - pkgs.curl 55 - pkgs.gitMinimal 56 - ]; 57 - 58 - users.users.tangler = { 59 - extraGroups = [ "networkmanager" "wheel" "docker" ]; 60 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 61 - isNormalUser = true; 62 - }; 63 - 64 - security.sudo.extraRules = [ 65 - { 66 - users = [ "tangler" ]; 67 - commands = [ 68 - { 69 - command = "ALL"; 70 - options = [ "NOPASSWD" ]; 71 - } 72 - ]; 73 - } 74 - ]; 75 26 76 27 system.stateVersion = "25.05"; 77 28 }

+2 -53

hosts/pds/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - boot.loader.grub = { 13 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 14 - # devices = [ ]; 15 - efiSupport = true; 16 - efiInstallAsRemovable = true; 17 - }; 18 - 3 + imports = [ ./disk-config.nix ]; 19 4 networking.hostName = "pds"; 20 - services = { 21 - openssh.enable = true; 22 - }; 23 - 24 - 25 - nix = { 26 - extraOptions = '' 27 - experimental-features = nix-command flakes ca-derivations 28 - warn-dirty = false 29 - keep-outputs = false 30 - ''; 31 - }; 32 - 33 - environment.systemPackages = map lib.lowPrio [ 34 - pkgs.curl 35 - pkgs.gitMinimal 36 - ]; 37 - 38 - users.users.tangler = { 39 - extraGroups = [ "networkmanager" "wheel" ]; 40 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 41 - isNormalUser = true; 42 - }; 43 - 44 - security.sudo.extraRules = [ 45 - { 46 - users = [ "tangler" ]; 47 - commands = [ 48 - { 49 - command = "ALL"; 50 - options = [ "NOPASSWD" ]; 51 - } 52 - ]; 53 - } 54 - ]; 55 - 56 5 system.stateVersion = "25.05"; 57 6 }

+3 -53

hosts/spindle/configuration.nix

··· 1 - { modulesPath 2 - , lib 3 - , pkgs 4 - , ... 5 - } @ args: 1 + { ... }: 6 2 { 7 - imports = [ 8 - (modulesPath + "/installer/scan/not-detected.nix") 9 - (modulesPath + "/profiles/qemu-guest.nix") 10 - ./disk-config.nix 11 - ]; 12 - boot.loader.grub = { 13 - # no need to set devices, disko will add all devices that have a EF02 partition to the list already 14 - # devices = [ ]; 15 - efiSupport = true; 16 - efiInstallAsRemovable = true; 17 - }; 18 - 3 + imports = [ ./disk-config.nix ]; 19 4 networking.hostName = "spindle-waw"; 20 - services = { 21 - openssh.enable = true; 22 - }; 23 - 24 - 25 - nix = { 26 - extraOptions = '' 27 - experimental-features = nix-command flakes ca-derivations 28 - warn-dirty = false 29 - keep-outputs = false 30 - ''; 31 - }; 32 - 33 - environment.systemPackages = map lib.lowPrio [ 34 - pkgs.curl 35 - pkgs.gitMinimal 36 - ]; 37 - 38 - users.users.tangler = { 39 - extraGroups = [ "networkmanager" "wheel" "docker" ]; 40 - openssh.authorizedKeys.keys = args.commonArgs.sshKeys; 41 - isNormalUser = true; 42 - }; 43 - 44 - security.sudo.extraRules = [ 45 - { 46 - users = [ "tangler" ]; 47 - commands = [ 48 - { 49 - command = "ALL"; 50 - options = [ "NOPASSWD" ]; 51 - } 52 - ]; 53 - } 54 - ]; 55 - 5 + users.users.tangler.extraGroups = [ "docker" ]; 56 6 system.stateVersion = "25.05"; 57 7 }

Configure Feed

Configure Feed