.
This commit is contained in:
parent
e45ecf094b
commit
7ca43eaed8
71 changed files with 492 additions and 494 deletions
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/categories/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/categories/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Categories</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -30,6 +30,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Categories on wretched.place</title>
|
||||
<title>Categories on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/categories/</link>
|
||||
<description>Recent content in Categories on wretched.place</description>
|
||||
<description>Recent content in Categories on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
|
||||
|
|
@ -239,13 +239,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -518,7 +518,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -551,7 +551,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -573,7 +573,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -583,7 +583,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -593,7 +593,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -601,17 +601,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1282,7 +1282,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1296,7 +1296,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1409,7 +1409,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>chess.com api and the continuing search for en passant checkmate</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>chess.com api and the search for en passant checkmate</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>declarative firefox config with home-manager on nixos</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -49,7 +49,7 @@
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">"best website ever!"</span><span class="p">;</span>
|
||||
|
|
@ -63,7 +63,7 @@
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"browser.startup.homepage"</span> <span class="o">=</span> <span class="s2">"https://searx.jdysmcl.xyz"</span><span class="p">;</span>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>elite bread dough for lazy boys</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>get the thoughts out of your head and into a digital format with this python journal script</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -1,21 +1,21 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en"><head>
|
||||
<meta name="generator" content="Hugo 0.127.0"><script src="/livereload.js?mindelay=10&v=2&port=1313&path=livereload" data-no-instant defer></script>
|
||||
<meta name="generator" content="Hugo 0.145.0"><script src="/livereload.js?mindelay=10&v=2&port=1313&path=livereload" data-no-instant defer></script>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
<link rel="canonical" href="http://localhost:1313/" />
|
||||
|
||||
<a rel="me" href="https://exuberant.men/@james"></a>
|
||||
<title>wretched.place</title>
|
||||
<title>James' Blog :-)</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -27,13 +27,6 @@
|
|||
<main id="content">
|
||||
|
||||
<ul id="posts">
|
||||
<li>
|
||||
<a href="http://localhost:1313/adventures-in-running-headscale-on-nixos/">
|
||||
adventures in running headscale on nixos
|
||||
<small><time>Jun 25, 2024</time></small>
|
||||
</a>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<a href="http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/">
|
||||
so you want to write a neovim plugin with lua
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>wretched.place</title>
|
||||
<title>James' Blog :-)</title>
|
||||
<link>http://localhost:1313/</link>
|
||||
<description>Recent content on wretched.place</description>
|
||||
<description>Recent content on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -12,17 +12,6 @@
|
|||
|
||||
|
||||
|
||||
<item>
|
||||
<title>adventures in running headscale on nixos</title>
|
||||
<link>http://localhost:1313/adventures-in-running-headscale-on-nixos/</link>
|
||||
<pubDate>Tue, 25 Jun 2024 00:00:00 +0000</pubDate>
|
||||
|
||||
<guid>http://localhost:1313/adventures-in-running-headscale-on-nixos/</guid>
|
||||
<description></description>
|
||||
</item>
|
||||
|
||||
|
||||
|
||||
<item>
|
||||
<title>so you want to write a neovim plugin with lua</title>
|
||||
<link>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||
|
|
@ -251,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -530,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -563,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -585,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -595,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -605,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -613,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1294,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1308,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title></title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>learning about qtile widgets via the medium of cricket</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -134,6 +134,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>lowkey emacs setup</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>making nix-colors talk to neovim</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>multi user qtile fiddling</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>podcast setup for broke boys whose trash phone cant hack modern apps</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -114,6 +114,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/posts/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/posts/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Posts</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -168,6 +168,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Posts on wretched.place</title>
|
||||
<title>Posts on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/posts/</link>
|
||||
<description>Recent content in Posts on wretched.place</description>
|
||||
<description>Recent content in Posts on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||
|
||||
<atom:link href="http://localhost:1313/posts/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>rudimentary local scrobbling with bash</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -56,6 +56,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>setting up a lean mean hugo blogging theme</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -108,6 +108,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>simple nixos config for vps static site</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -33,7 +33,7 @@
|
|||
<p>I’m going to go through a bit of the nixos config I’ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it’s nice to have a user so you’re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -53,7 +53,7 @@
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">"example-site.here"</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -61,17 +61,17 @@
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">"/var/www/example-site/"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let’s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">"ronald@email.yes"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn’t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"@hourly root cp -r /home/ronald/example-site /var/www/"</span>
|
||||
|
|
@ -82,6 +82,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -2,23 +2,23 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||
<url>
|
||||
<loc>http://localhost:1313/</loc>
|
||||
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/posts/</loc>
|
||||
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/tags/lua/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/tags/neovim/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/posts/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/tags/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/</loc>
|
||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/tags/home-manager/</loc>
|
||||
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
||||
|
|
@ -132,8 +132,6 @@
|
|||
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/info/</loc>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/links/</loc>
|
||||
</url><url>
|
||||
<loc>http://localhost:1313/categories/</loc>
|
||||
</url>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>so you want to write a neovim plugin with lua</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/bash/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/bash/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Bash</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -44,6 +44,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Bash on wretched.place</title>
|
||||
<title>Bash on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/bash/</link>
|
||||
<description>Recent content in Bash on wretched.place</description>
|
||||
<description>Recent content in Bash on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 10 Dec 2022 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/caddy/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/caddy/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Caddy</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Caddy on wretched.place</title>
|
||||
<title>Caddy on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/caddy/</link>
|
||||
<description>Recent content in Caddy on wretched.place</description>
|
||||
<description>Recent content in Caddy on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/chess/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/chess/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Chess</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -44,6 +44,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Chess on wretched.place</title>
|
||||
<title>Chess on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/chess/</link>
|
||||
<description>Recent content in Chess on wretched.place</description>
|
||||
<description>Recent content in Chess on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 08 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/cooking/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/cooking/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Cooking</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Cooking on wretched.place</title>
|
||||
<title>Cooking on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/cooking/</link>
|
||||
<description>Recent content in Cooking on wretched.place</description>
|
||||
<description>Recent content in Cooking on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sun, 22 Jan 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/css/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/css/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Css</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Css on wretched.place</title>
|
||||
<title>Css on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/css/</link>
|
||||
<description>Recent content in Css on wretched.place</description>
|
||||
<description>Recent content in Css on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/docker/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/docker/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Docker</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Docker on wretched.place</title>
|
||||
<title>Docker on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/docker/</link>
|
||||
<description>Recent content in Docker on wretched.place</description>
|
||||
<description>Recent content in Docker on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/emacs/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/emacs/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Emacs</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Emacs on wretched.place</title>
|
||||
<title>Emacs on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/emacs/</link>
|
||||
<description>Recent content in Emacs on wretched.place</description>
|
||||
<description>Recent content in Emacs on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Fri, 18 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/home-manager/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/home-manager/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Home-Manager</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -58,6 +58,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Home-Manager on wretched.place</title>
|
||||
<title>Home-Manager on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/home-manager/</link>
|
||||
<description>Recent content in Home-Manager on wretched.place</description>
|
||||
<description>Recent content in Home-Manager on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/hugo/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/hugo/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Hugo</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Hugo on wretched.place</title>
|
||||
<title>Hugo on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/hugo/</link>
|
||||
<description>Recent content in Hugo on wretched.place</description>
|
||||
<description>Recent content in Hugo on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Thu, 10 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Tags</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -170,6 +170,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Tags on wretched.place</title>
|
||||
<title>Tags on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/</link>
|
||||
<description>Recent content in Tags on wretched.place</description>
|
||||
<description>Recent content in Tags on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/javascript/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/javascript/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Javascript</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Javascript on wretched.place</title>
|
||||
<title>Javascript on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/javascript/</link>
|
||||
<description>Recent content in Javascript on wretched.place</description>
|
||||
<description>Recent content in Javascript on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/lua/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/lua/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Lua</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Lua on wretched.place</title>
|
||||
<title>Lua on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/lua/</link>
|
||||
<description>Recent content in Lua on wretched.place</description>
|
||||
<description>Recent content in Lua on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/music/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/music/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Music</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Music on wretched.place</title>
|
||||
<title>Music on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/music/</link>
|
||||
<description>Recent content in Music on wretched.place</description>
|
||||
<description>Recent content in Music on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 13 Sep 2022 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/neovim/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/neovim/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Neovim</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -44,6 +44,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Neovim on wretched.place</title>
|
||||
<title>Neovim on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/neovim/</link>
|
||||
<description>Recent content in Neovim on wretched.place</description>
|
||||
<description>Recent content in Neovim on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nix-colors/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nix-colors/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Nix-Colors</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -44,6 +44,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Nix-Colors on wretched.place</title>
|
||||
<title>Nix-Colors on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/nix-colors/</link>
|
||||
<description>Recent content in Nix-Colors on wretched.place</description>
|
||||
<description>Recent content in Nix-Colors on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nixos/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nixos/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Nixos</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -79,6 +79,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Nixos on wretched.place</title>
|
||||
<title>Nixos on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/nixos/</link>
|
||||
<description>Recent content in Nixos on wretched.place</description>
|
||||
<description>Recent content in Nixos on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/podman/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/podman/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Podman</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Podman on wretched.place</title>
|
||||
<title>Podman on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/podman/</link>
|
||||
<description>Recent content in Podman on wretched.place</description>
|
||||
<description>Recent content in Podman on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/python/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/python/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Python</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -79,6 +79,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Python on wretched.place</title>
|
||||
<title>Python on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/python/</link>
|
||||
<description>Recent content in Python on wretched.place</description>
|
||||
<description>Recent content in Python on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/qtile/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/qtile/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Qtile</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -51,6 +51,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Qtile on wretched.place</title>
|
||||
<title>Qtile on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/qtile/</link>
|
||||
<description>Recent content in Qtile on wretched.place</description>
|
||||
<description>Recent content in Qtile on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/self-hosting/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/self-hosting/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Self-Hosting</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Self-Hosting on wretched.place</title>
|
||||
<title>Self-Hosting on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/self-hosting/</link>
|
||||
<description>Recent content in Self-Hosting on wretched.place</description>
|
||||
<description>Recent content in Self-Hosting on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/tailscale/index.xml" title="wretched.place">
|
||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/tailscale/index.xml" title="James' Blog :-)">
|
||||
|
||||
<link rel="stylesheet" href="/css/style.min.css">
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
<title>Tailscale</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -37,6 +37,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Tailscale on wretched.place</title>
|
||||
<title>Tailscale on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/tags/tailscale/</link>
|
||||
<description>Recent content in Tailscale on wretched.place</description>
|
||||
<description>Recent content in Tailscale on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>tailscale, caddy, and nixos containers - a match made in heaven</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -33,13 +33,13 @@
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I’d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"ve-+"</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">"ens3"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -91,6 +91,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>teeny tiny bash fetch script</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -102,6 +102,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>theming nirvana</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>translating docker to nix?!</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
</header><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can’t be beat. I’ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I’ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -> docker compose -> docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let’s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"searxng"</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"searxng"</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">"searxng/searxng"</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren’t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.<name>.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"vpn"</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"vpn"</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--cap-add=net_admin"</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--device=/dev/net/tun"</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--network=bridge"</span>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>upgrade your qtile setup with a cute dropdown terminal</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -74,6 +74,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<title>vanilla javascript theme toggle for simpletons</title>
|
||||
</head>
|
||||
<body><header id="banner">
|
||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
||||
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
|
|
@ -109,6 +109,8 @@
|
|||
|
||||
</main><footer id="footer">
|
||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||
<br>
|
||||
<small><a href="/index.xml">rss</a></small>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue