.
This commit is contained in:
parent
e45ecf094b
commit
7ca43eaed8
71 changed files with 492 additions and 494 deletions
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||
<channel>
|
||||
<title>Categories on wretched.place</title>
|
||||
<title>Categories on James' Blog :-)</title>
|
||||
<link>http://localhost:1313/categories/</link>
|
||||
<description>Recent content in Categories on wretched.place</description>
|
||||
<description>Recent content in Categories on James' Blog :-)</description>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en-GB</language>
|
||||
|
||||
|
|
@ -239,13 +239,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||
<h3 id="what-to-do">what to do?</h3>
|
||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl">
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -518,7 +518,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||
|
|
@ -551,7 +551,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||
|
|
@ -573,7 +573,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||
<h3 id="ssh">SSH</h3>
|
||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
|
|
@ -583,7 +583,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||
|
|
@ -593,7 +593,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
|
|
@ -601,17 +601,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||
<h3 id="cron">CRON</h3>
|
||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||
|
|
@ -1282,7 +1282,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1296,7 +1296,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||
|
|
@ -1409,7 +1409,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue