use explicit ssh_config

README.md

@@ -8,10 +8,8 @@ On the depoyment host, I use nix channels, and set:
 
 ```
 $ nix-channel --list
-nixos https://nixos.org/channels/nixos-22.05
-
-$ echo $NIX_PATH
-nixpkgs=nix/var/nix/profiles/per-user/nora/channels/nixos/
+home-manager https://github.com/nix-community/home-manager/archive/release-22.11.tar.gz
+nixpkgs https://nixos.org/channels/nixos-22.11
 ```
 
 ## Layout

common/common.nix

@@ -4,9 +4,11 @@
 {
   imports = [
     ./users
+    <home-manager/nixos>
+    #../external/home-manager/nixos
   ];
 
-  system.autoUpgrade.channel = "https://nixos.org/channels/nixos-22.05";
+  system.autoUpgrade.channel = "https://nixos.org/channels/nixos-22.11";
 
   boot.cleanTmpDir = true;
 
@@ -29,30 +31,7 @@
     iosevka-aile-bin = super.iosevka-bin.override {
       variant = "aile";
     };
-  })];
-
-  fonts = {
-    fonts = with pkgs; [
-      noto-fonts
-      noto-fonts-cjk
-      noto-fonts-emoji
-      iosevka-curly-bin
-      iosevka-slab-bin
-      iosevka-etoile-bin
-      iosevka-aile-bin
-      (nerdfonts.override { fonts = ["Iosevka"]; })
-    ];
-
-    fontconfig = {
-      defaultFonts = {
-        emoji = ["Noto Color Emoji"];
-        serif = ["Iosevka Etoile Medium" "Noto Color Emoji"];
-        sansSerif = ["Iosevka Aile Medium" "Noto Color Emoji"];
-        monospace = ["Iosevka Fixed Medium" "Noto Color Emoji"];
-      };
-      useEmbeddedBitmaps = true;
-    };
-  };
+  })]; 
 
   i18n.defaultLocale = "en_US.UTF-8";
 

common/default.nix

@@ -1,10 +1,3 @@
 # inputs to this NixOS module. We don't use any here
 # so we can ignore them all.
-{ ... }:
-
-{
-  imports = [
-    ./common.nix
-    ../external/home-manager/nixos
-  ];
-}
+{ ... }:{}

common/fragments/grafana.nix

@@ -19,6 +19,12 @@
         targets = ["crimespoon:9002"];
       }];
     }
+    {
+      job_name = "crimespoon_minecraft";
+      static_configs = [{
+        targets = ["crimespoon:25585"];
+      }];
+    }
     {
       job_name = "felonyspork";
       static_configs = [{
@@ -32,6 +38,12 @@
       }];
     }
     {
+      job_name = "felonyspork_infrared";
+      static_configs = [{
+        targets = ["felonyspork:9136"];
+      }];
+    }
+   {
       job_name = "akina";
       static_configs = [{
         targets = ["stats.akina.nora.codes"];

common/fragments/infrared-reverse-proxy.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  nixpkgs.config.allowUnfree = true;
+  virtualisation.oci-containers.containers = {
+    "infrared" = {
+      image = "haveachin/infrared:latest";
+      environment = {
+        INFRARED_CONFIG_PATH = "/configs/";
+        INFRARED_PROMETHEUS_ENABLED = "true";
+        INFRARED_PROMETHEUS_BIND = ":9136";
+      };
+      autoStart = true;
+      ports = ["25565:25565" "9136:9136"];
+      volumes = [
+        "/etc/infrared/configs/:/configs/"
+      ];
+    };
+  };
+
+  environment.etc."infrared/configs/home.nora.codes" = {
+    mode = "0666";
+    source = ../../include/infrared-home.nora.codes.json;
+  };
+
+  # Port 9136 is for the prom exporter.
+  networking.firewall.allowedTCPPorts = [ 9136 25565 ];
+  networking.firewall.allowedUDPPorts = [ 25565 ];
+}

common/fragments/minecraft-server.nix

@@ -6,24 +6,25 @@
       image = "itzg/minecraft-server";
       environment = {
         EULA = "TRUE";
-        VERSION = "1.19";
+        VERSION = "1.19.2";
         TYPE = "FABRIC";
         INIT_MEMORY = "1G";
         MAX_MEMORY = "8G";
         ALLOW_NETHER = "TRUE";
-        SEED = "-573947210";
+        SEED = "-7159392300545500356";
         MOTD = "Minecraft with Fabric on CRIMESPOON via Docker";
         ICON = "https://nora.codes/favicon.ico";
         SPAWN_PROTECTION="FALSE";
         DIFFICULTY="easy";
+        MODRINTH_PROJECTS="fabric-api,fabric-biome-api,fallingtree,bluemap,lithium,betterend,betternether,waystone-towers,balm,waystones,immersive_structures,essential-commands,towns-and-towers,tectonic,paradise-lost:beta";
       };
       autoStart = true;
-      ports = ["25565:25565" "8100:8100"];
+      ports = ["25565:25565" "25585:25585" "8100:8100"];
       volumes = ["/var/games/minecraft:/data"];
     };
   };
 
   # Port 8100 is for BlueMap.
-  networking.firewall.allowedTCPPorts = [ 25565 8100 ];
+  networking.firewall.allowedTCPPorts = [ 25565 25585 8100 ];
   networking.firewall.allowedUDPPorts = [ 25565 ];
 }

external/home-manager

@@ -1 +0,0 @@
-Subproject commit 6d9d9294d09b5e88df65f8c6651efb8a4d7d2476

external/nixos-hardware

@@ -1 +0,0 @@
-Subproject commit 9886a06e4745edb31587d0e9481ad82d35f0d593

hosts/crimespoon/configuration.nix

@@ -9,6 +9,7 @@
     [
       ./hardware-configuration.nix
       ./home.nix
+      ../../common/common.nix
       ../../common/fragments/avahi.nix
       ../../common/fragments/unifi.nix
       ../../common/fragments/grafana.nix

hosts/felonyspork/configuration.nix

@@ -9,6 +9,7 @@
     [
       ./hardware-configuration.nix
       ./home.nix
+      ../../common/common.nix
       ../../common/fragments/avahi.nix
       ../../common/fragments/syncthing.nix
       ../../common/fragments/mosh.nix
@@ -17,6 +18,7 @@
       ../../common/fragments/promtail.nix
       ../../common/fragments/fail2ban.nix
       ../../common/fragments/vaapi-jellyfin.nix
+      ../../common/fragments/infrared-reverse-proxy.nix
     ];
 
   # Use the systemd-boot EFI boot loader.

hosts/semaphorebravo/configuration.nix

@@ -0,0 +1,75 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./home.nix
+      ../../common/common.nix
+      ../../common/fragments/avahi.nix
+      ../../common/fragments/unifi.nix
+      ../../common/fragments/prometheus_exporters.nix
+      ../../common/fragments/mosh.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  networking.hostName = "semaphorebravo"; # Define your hostname.
+  networking.wireless.enable = false;  # Enables wireless support via wpa_supplicant.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Chicago";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Configure keymap in X11
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  # Unique user account.
+  users.users.sebbi = {
+    isNormalUser = true;
+    description = "Semaphore Bravo";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+
+}

hosts/semaphorebravo/hardware-configuration.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/35505246-f786-4c06-a65c-7bb3d6b35679";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/D60C-714F";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/59675d27-08c3-4b72-a09e-d2568ba6becc"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/semaphorebravo/home.nix

@@ -0,0 +1,8 @@
+{ pkgs, ...}:
+{
+  imports = [
+    ../../common/home_manager/common.nix
+    ../../common/home_manager/fragments/terminal.nix
+    ../../common/fragments/iperf.nix
+  ];
+}

include/infrared-home.nora.codes.json

@@ -0,0 +1,6 @@
+{
+  "domainName": "home.nora.codes",
+  "listenTo": "0.0.0.0:25565",
+  "proxyTo": "crimespoon:25565",
+  "disconnectMessage": "Sorry {{username}}, but the server appears to be broken. Let Nora know!"
+}

ops/home/network.nix

@@ -1,6 +1,10 @@
 {
   network = {
     description = "Home network";
+    nixConfig = {
+      "auto-optimize-store" = "true";
+      "warn-dirty" = "true";
+    };
   };
 
   "felonyspork" = { config, pkgs, lib, ... }: {
@@ -20,4 +24,12 @@
     deployment.targetUser = "root";
     deployment.targetHost = "crimespoon";
   };
+  "semaphorebravo" = { config, pkgs, lib, ... }: {
+    imports = [
+      ../../common/default.nix
+      ../../hosts/semaphorebravo/configuration.nix
+    ];
+    deployment.targetUser = "root";
+    deployment.targetHost = "semaphorebravo";
+  };
 }

ops/home/push

@@ -1,12 +1,9 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -p morph -i bash
-
+#
 set -e
 
 pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null
-
-morph build --keep-result $@ ./network.nix
-morph push $@ ./network.nix
-morph deploy $@ ./network.nix switch
+SSH_CONFIG_FILE=./ssh_config morph deploy $@ ./network.nix switch
 
 popd > /dev/null

ops/home/ssh_config

@@ -0,0 +1,8 @@
+Host felonyspork
+  HostName home.nora.codes
+
+Host crimespoon
+  HostName 192.168.88.168
+
+Host semaphorebravo
+  HostName 10.0.0.2