tangled.org
anirudh.fi
+1
.gitignore
+1
.gitignore
···
···
1
+
.env
+6
-6
flake.lock
+6
-6
flake.lock
···
288
"sqlite-lib-src": "sqlite-lib-src"
289
},
290
"locked": {
291
-
"lastModified": 1751974352,
292
-
"narHash": "sha256-VUvvyMpgpWNuL+TezoT9knv6sO5B5yzJSdMHZ3BNlKE=",
293
-
"ref": "push-ksrsmmytwuul",
294
-
"rev": "f278504076c0178397ac733eeeb095ba7ad76550",
295
-
"revCount": 887,
296
"type": "git",
297
"url": "https://tangled.sh/@tangled.sh/core"
298
},
299
"original": {
300
-
"ref": "push-ksrsmmytwuul",
301
"type": "git",
302
"url": "https://tangled.sh/@tangled.sh/core"
303
}
···
288
"sqlite-lib-src": "sqlite-lib-src"
289
},
290
"locked": {
291
+
"lastModified": 1752245231,
292
+
"narHash": "sha256-paYg0gHQCN2poSo6EgNDqRKG0NV3kUcAyTgeMP2TkXM=",
293
+
"ref": "master",
294
+
"rev": "ac5359ba6ccb77f8aef3d32483fa1e0e58f46985",
295
+
"revCount": 923,
296
"type": "git",
297
"url": "https://tangled.sh/@tangled.sh/core"
298
},
299
"original": {
300
+
"ref": "master",
301
"type": "git",
302
"url": "https://tangled.sh/@tangled.sh/core"
303
}
+27
-1
flake.nix
+27
-1
flake.nix
···
2
description = "nix infra for tangled";
3
inputs = {
4
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
5
-
tangled.url = "git+https://tangled.sh/@tangled.sh/core?ref=push-ksrsmmytwuul";
6
colmena.url = "github:zhaofengli/colmena/release-0.4.x";
7
disko = {
8
url = "github:nix-community/disko";
···
27
./hosts/nixery/configuration.nix
28
];
29
};
30
colmenaHive = colmena.lib.makeHive {
31
meta = {
32
nixpkgs = nixpkgs.legacyPackages.x86_64-linux;
···
43
pkgs.curl
44
];
45
};
46
nixery = { pkgs, ... }: {
47
deployment = {
48
targetHost = "nixery.tangled.sh";
···
2
description = "nix infra for tangled";
3
inputs = {
4
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
5
+
tangled.url = "git+https://tangled.sh/@tangled.sh/core?ref=master";
6
colmena.url = "github:zhaofengli/colmena/release-0.4.x";
7
disko = {
8
url = "github:nix-community/disko";
···
27
./hosts/nixery/configuration.nix
28
];
29
};
30
+
nixosConfigurations.pds = nixpkgs.lib.nixosSystem {
31
+
system = "x86_64-linux";
32
+
modules = [
33
+
disko.nixosModules.disko
34
+
./hosts/pds/configuration.nix
35
+
];
36
+
};
37
+
38
colmenaHive = colmena.lib.makeHive {
39
meta = {
40
nixpkgs = nixpkgs.legacyPackages.x86_64-linux;
···
51
pkgs.curl
52
];
53
};
54
+
pds = { pkgs, ... }: {
55
+
deployment = {
56
+
targetHost = "tngl.sh";
57
+
targetPort = 22;
58
+
targetUser = "tangler";
59
+
buildOnTarget = true;
60
+
};
61
+
nixpkgs.system = "x86_64-linux";
62
+
63
+
imports = [
64
+
disko.nixosModules.disko
65
+
./hosts/pds/configuration.nix
66
+
./hosts/pds/services/nginx.nix
67
+
./hosts/pds/services/pds.nix
68
+
];
69
+
time.timeZone = "Europe/Helsinki";
70
+
};
71
+
72
nixery = { pkgs, ... }: {
73
deployment = {
74
targetHost = "nixery.tangled.sh";
+57
hosts/pds/configuration.nix
+57
hosts/pds/configuration.nix
···
···
1
+
{ modulesPath
2
+
, lib
3
+
, pkgs
4
+
, ...
5
+
} @ args:
6
+
{
7
+
imports = [
8
+
(modulesPath + "/installer/scan/not-detected.nix")
9
+
(modulesPath + "/profiles/qemu-guest.nix")
10
+
./disk-config.nix
11
+
];
12
+
boot.loader.grub = {
13
+
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
14
+
# devices = [ ];
15
+
efiSupport = true;
16
+
efiInstallAsRemovable = true;
17
+
};
18
+
19
+
networking.hostName = "pds";
20
+
services = {
21
+
openssh.enable = true;
22
+
};
23
+
24
+
25
+
nix = {
26
+
extraOptions = ''
27
+
experimental-features = nix-command flakes ca-derivations
28
+
warn-dirty = false
29
+
keep-outputs = false
30
+
'';
31
+
};
32
+
33
+
environment.systemPackages = map lib.lowPrio [
34
+
pkgs.curl
35
+
pkgs.gitMinimal
36
+
];
37
+
38
+
users.users.tangler = {
39
+
extraGroups = [ "networkmanager" "wheel" ];
40
+
openssh.authorizedKeys.keys = args.commonArgs.sshKeys;
41
+
isNormalUser = true;
42
+
};
43
+
44
+
security.sudo.extraRules = [
45
+
{
46
+
users = [ "tangler" ];
47
+
commands = [
48
+
{
49
+
command = "ALL";
50
+
options = [ "NOPASSWD" ];
51
+
}
52
+
];
53
+
}
54
+
];
55
+
56
+
system.stateVersion = "25.05";
57
+
}
+56
hosts/pds/disk-config.nix
+56
hosts/pds/disk-config.nix
···
···
1
+
# Example to create a bios compatible gpt partition
2
+
{ lib, ... }:
3
+
{
4
+
disko.devices = {
5
+
disk.disk1 = {
6
+
device = lib.mkDefault "/dev/vda";
7
+
type = "disk";
8
+
content = {
9
+
type = "gpt";
10
+
partitions = {
11
+
boot = {
12
+
name = "boot";
13
+
size = "1M";
14
+
type = "EF02";
15
+
};
16
+
esp = {
17
+
name = "ESP";
18
+
size = "500M";
19
+
type = "EF00";
20
+
content = {
21
+
type = "filesystem";
22
+
format = "vfat";
23
+
mountpoint = "/boot";
24
+
};
25
+
};
26
+
root = {
27
+
name = "root";
28
+
size = "100%";
29
+
content = {
30
+
type = "lvm_pv";
31
+
vg = "pool";
32
+
};
33
+
};
34
+
};
35
+
};
36
+
};
37
+
lvm_vg = {
38
+
pool = {
39
+
type = "lvm_vg";
40
+
lvs = {
41
+
root = {
42
+
size = "100%FREE";
43
+
content = {
44
+
type = "filesystem";
45
+
format = "ext4";
46
+
mountpoint = "/";
47
+
mountOptions = [
48
+
"defaults"
49
+
];
50
+
};
51
+
};
52
+
};
53
+
};
54
+
};
55
+
};
56
+
}
+35
hosts/pds/services/nginx.nix
+35
hosts/pds/services/nginx.nix
···
···
1
+
{
2
+
services.nginx = {
3
+
enable = true;
4
+
virtualHosts."tngl.sh" = {
5
+
forceSSL = true;
6
+
enableACME = true;
7
+
8
+
# match exact root
9
+
locations."= /" = {
10
+
extraConfig = ''
11
+
return 301 https://tangled.sh;
12
+
'';
13
+
};
14
+
15
+
# match all other paths
16
+
locations."/" = {
17
+
proxyPass = "http://localhost:3000";
18
+
extraConfig = ''
19
+
proxy_set_header Host $host;
20
+
proxy_set_header X-Real-IP $remote_addr;
21
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22
+
proxy_set_header X-Forwarded-Proto $scheme;
23
+
proxy_set_header Upgrade $http_upgrade;
24
+
proxy_set_header Connection "upgrade";
25
+
'';
26
+
};
27
+
};
28
+
};
29
+
30
+
security.acme = {
31
+
acceptTerms = true;
32
+
defaults.email = "anirudh@tangled.sh";
33
+
};
34
+
networking.firewall.allowedTCPPorts = [ 80 443 ];
35
+
}