Compare commits

...

8 Commits

3
.gitignore vendored

@ -1 +1,2 @@
private
/private
.gcroots

@ -0,0 +1,12 @@
{
"machine-haless-03.cryto.net" = {
ipv4 = "31.7.187.145";
internalIpv4 = "10.217.0.5";
tincPublicKey = builtins.readFile ./tinc-keys/machine-haless-03.cryto.net.pub;
};
"machine-borg2-01.cryto.net" = {
ipv4 = "205.185.121.93";
internalIpv4 = "10.217.0.6";
tincPublicKey = builtins.readFile ./tinc-keys/machine-borg2-01.cryto.net.pub;
};
}

@ -0,0 +1 @@
FZNH5Z50Tr/Ep0VpbnIBasUxekLteUphr5Vzi6ONrNH

@ -0,0 +1 @@
P4MOft3fYOHYpG0I58lYxdZm40u9CXhTH0jvuyIbKZP

@ -24,6 +24,8 @@ let
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
letsEncrypt = (import ./presets/nginx/lets-encrypt.nix);
};
nodes = (import ./data/nodes.nix);
tincConfiguration = (import ./lib/tinc-configuration.nix);
in {
network = {
inherit pkgs;
@ -37,6 +39,7 @@ in {
presets.base
presets.kvm
./hardware-configurations/machine-borg2-01.nix
(tincConfiguration { hostname = "machine-borg2-01.cryto.net"; nodes = nodes; })
];
boot.loader.grub.device = lib.mkForce "/dev/vda";
@ -77,6 +80,7 @@ in {
presets.base
presets.kvm
./hardware-configurations/machine-haless-03.nix
(tincConfiguration { hostname = "machine-haless-03.cryto.net"; nodes = nodes; })
];
deployment.healthChecks.http = let
@ -121,6 +125,10 @@ in {
return 404;
'';
};
"modular-matrix.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{ root = ./sources/modular-matrix; }
];
"haless.cryto.net" = lib.mkMerge [
(nginxPresets.letsEncrypt)
{

@ -25,5 +25,5 @@
];
nix.maxJobs = lib.mkDefault 1;
virtualisation.hypervGuest.enable = true;
# virtualisation.hypervGuest.enable = true;
}

@ -0,0 +1,62 @@
/* TODO: Translate this to a service/module at some point? Something like 'cryto.network' that handles all the internal-networking stuff. */
{ hostname, nodes, pingInterval ? 10 }:
{ lib, ... }: let
/* NOTE: We cannot just use simple string interpolation, because tinc's configuration format is not indentation-tolerant. Therefore, we do some programmatic concatenation magic to ensure that everything is indentation-free, without turning this file into a mess of wrong indentation. */
generateConfiguration = options:
let
keys = builtins.attrNames options;
toPairs = map (key: {key = key; value = options.${key};});
createConfigEntries = map (item: "${item.key} = ${toString item.value}");
in
builtins.concatStringsSep "\n" (createConfigEntries (toPairs keys));
in {
deployment.secrets = {
"tinc-key" = {
source = "../private/${hostname}/tinc-key.priv";
destination = "/etc/tinc/cryto/ed25519_key.priv";
owner = { user = "tinc.cryto"; };
action = [ "systemctl" "restart" "tinc.cryto.service" ];
};
};
services.tinc.networks.cryto = {
debugLevel = 3;
extraConfig = generateConfiguration {
AutoConnect = "yes";
PingInterval = pingInterval;
};
hosts = let
mapper = nodeName: nodeConfiguration:
lib.nameValuePair
/* NOTE: The below is because for a machine named `foo.bar-baz.net`, tinc expects a configuration file named `foo_bar_baz_net`. */
( builtins.replaceStrings [ "." "-" ] [ "_" "_" ] nodeName )
( generateConfiguration {
# Address = nodeName;
/* TODO: Figure out why a DNS name doesn't work here ("Error looking up machine-borg2-01.cryto.net port 655: Device or resource busy") */
Address = nodeConfiguration.ipv4;
Subnet = "${nodeConfiguration.internalIpv4}/32";
Ed25519PublicKey = nodeConfiguration.tincPublicKey;
} );
in lib.mapAttrs' mapper nodes;
};
networking.interfaces."tinc.cryto".ipv4.addresses = [{
address = nodes.${hostname}.internalIpv4;
prefixLength = 24;
}];
networking.firewall = {
allowedTCPPorts = [
655
];
allowedUDPPorts = [
655
];
trustedInterfaces = [
"tinc.cryto"
];
};
}

@ -16,6 +16,7 @@
iftop
nload
lsof
mtr
];
services.openssh = {

@ -0,0 +1,23 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Modular Matrix</title>
</head>
<body>
<h1>Modular Matrix</h1>
<p>
<em><strong>NOTE:</strong> If you're looking for the Matrix website, go to <a href="https://matrix.org">Matrix.org</a>. If you're looking for the Matrix hosting service, go to <a href="https://modular.im/">Modular.im</a>. This project is not affiliated with either of those two.</em>
</p>
<p>
Hi! This will eventually be the website for Modular Matrix, a project to build a modular JavaScript SDK for the <a href="https://matrix.org">Matrix protocol</a>, as an alternative to the <code>matrix-js-sdk</code>.
</p>
<p>
Currently there's not really anything here yet, though you can have a look at the <a href="https://www.npmjs.com/org/modular-matrix?tab=packages">already-published packages</a> if you're curious about how things are going.
</p>
<p>
You can contact me on Matrix as <a href="https://matrix.to/#/@joepie91:pixie.town">@joepie91:pixie.town</a>.
</p>
</body>
</html>

@ -1 +1 @@
SSH_USER=root morph deploy "$@" configuration/default.nix switch
SSH_USER=root morph --keep-result deploy "$@" configuration/default.nix switch

@ -0,0 +1 @@
SSH_USER=root morph --keep-result upload-secrets "$@" configuration/default.nix

@ -0,0 +1,5 @@
# From the machine's `private` folder:
nix-shell --command 'tinc --batch --config ./ -n cryto generate-ed25519-keys' --packages tinc_pre
# NOTE: Change the machine name!
mv ed25519_key.priv tinc-key.priv && sed -i -r 's/^Ed25519PublicKey = //' ed25519_key.pub && mv ed25519_key.pub ../../configuration/data/tinc-keys/machine-haless-03.cryto.net.pub
Loading…
Cancel
Save