.
This commit is contained in:
parent
e45ecf094b
commit
7ca43eaed8
71 changed files with 492 additions and 494 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
baseURL = "https://wretched.place"
|
baseURL = "https://jdysmcl.xyz"
|
||||||
title = "wretched.place"
|
title = "James' Blog :-)"
|
||||||
theme = "etch"
|
theme = "etch"
|
||||||
languageCode = "en-GB"
|
languageCode = "en-GB"
|
||||||
enableInlineShortcodes = true
|
enableInlineShortcodes = true
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/categories/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/categories/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Categories</title>
|
<title>Categories</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -30,6 +30,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Categories on wretched.place</title>
|
<title>Categories on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/categories/</link>
|
<link>http://localhost:1313/categories/</link>
|
||||||
<description>Recent content in Categories on wretched.place</description>
|
<description>Recent content in Categories on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
|
|
||||||
|
|
@ -239,13 +239,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -518,7 +518,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -551,7 +551,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -573,7 +573,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -583,7 +583,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -593,7 +593,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -601,17 +601,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1282,7 +1282,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1296,7 +1296,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1409,7 +1409,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>chess.com api and the continuing search for en passant checkmate</title>
|
<title>chess.com api and the continuing search for en passant checkmate</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>chess.com api and the search for en passant checkmate</title>
|
<title>chess.com api and the search for en passant checkmate</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>declarative firefox config with home-manager on nixos</title>
|
<title>declarative firefox config with home-manager on nixos</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -49,7 +49,7 @@
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">"best website ever!"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">"best website ever!"</span><span class="p">;</span>
|
||||||
|
|
@ -63,7 +63,7 @@
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">"browser.startup.homepage"</span> <span class="o">=</span> <span class="s2">"https://searx.jdysmcl.xyz"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">"browser.startup.homepage"</span> <span class="o">=</span> <span class="s2">"https://searx.jdysmcl.xyz"</span><span class="p">;</span>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>elite bread dough for lazy boys</title>
|
<title>elite bread dough for lazy boys</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>get the thoughts out of your head and into a digital format with this python journal script</title>
|
<title>get the thoughts out of your head and into a digital format with this python journal script</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -1,21 +1,21 @@
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en"><head>
|
<html lang="en"><head>
|
||||||
<meta name="generator" content="Hugo 0.127.0"><script src="/livereload.js?mindelay=10&v=2&port=1313&path=livereload" data-no-instant defer></script>
|
<meta name="generator" content="Hugo 0.145.0"><script src="/livereload.js?mindelay=10&v=2&port=1313&path=livereload" data-no-instant defer></script>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
<link rel="canonical" href="http://localhost:1313/" />
|
<link rel="canonical" href="http://localhost:1313/" />
|
||||||
|
|
||||||
<a rel="me" href="https://exuberant.men/@james"></a>
|
<a rel="me" href="https://exuberant.men/@james"></a>
|
||||||
<title>wretched.place</title>
|
<title>James' Blog :-)</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -27,13 +27,6 @@
|
||||||
<main id="content">
|
<main id="content">
|
||||||
|
|
||||||
<ul id="posts">
|
<ul id="posts">
|
||||||
<li>
|
|
||||||
<a href="http://localhost:1313/adventures-in-running-headscale-on-nixos/">
|
|
||||||
adventures in running headscale on nixos
|
|
||||||
<small><time>Jun 25, 2024</time></small>
|
|
||||||
</a>
|
|
||||||
</li>
|
|
||||||
|
|
||||||
<li>
|
<li>
|
||||||
<a href="http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/">
|
<a href="http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/">
|
||||||
so you want to write a neovim plugin with lua
|
so you want to write a neovim plugin with lua
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>wretched.place</title>
|
<title>James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/</link>
|
<link>http://localhost:1313/</link>
|
||||||
<description>Recent content on wretched.place</description>
|
<description>Recent content on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -12,17 +12,6 @@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<item>
|
|
||||||
<title>adventures in running headscale on nixos</title>
|
|
||||||
<link>http://localhost:1313/adventures-in-running-headscale-on-nixos/</link>
|
|
||||||
<pubDate>Tue, 25 Jun 2024 00:00:00 +0000</pubDate>
|
|
||||||
|
|
||||||
<guid>http://localhost:1313/adventures-in-running-headscale-on-nixos/</guid>
|
|
||||||
<description></description>
|
|
||||||
</item>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>so you want to write a neovim plugin with lua</title>
|
<title>so you want to write a neovim plugin with lua</title>
|
||||||
<link>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
<link>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</link>
|
||||||
|
|
@ -251,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -530,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -563,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -585,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -595,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -605,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -613,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1294,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1308,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title></title>
|
<title></title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>learning about qtile widgets via the medium of cricket</title>
|
<title>learning about qtile widgets via the medium of cricket</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -134,6 +134,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>lowkey emacs setup</title>
|
<title>lowkey emacs setup</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>making nix-colors talk to neovim</title>
|
<title>making nix-colors talk to neovim</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>multi user qtile fiddling</title>
|
<title>multi user qtile fiddling</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>podcast setup for broke boys whose trash phone cant hack modern apps</title>
|
<title>podcast setup for broke boys whose trash phone cant hack modern apps</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -114,6 +114,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/posts/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/posts/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Posts</title>
|
<title>Posts</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -168,6 +168,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Posts on wretched.place</title>
|
<title>Posts on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/posts/</link>
|
<link>http://localhost:1313/posts/</link>
|
||||||
<description>Recent content in Posts on wretched.place</description>
|
<description>Recent content in Posts on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 25 Jun 2024 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
||||||
<atom:link href="http://localhost:1313/posts/index.xml" rel="self" type="application/rss+xml" />
|
<atom:link href="http://localhost:1313/posts/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>rudimentary local scrobbling with bash</title>
|
<title>rudimentary local scrobbling with bash</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -56,6 +56,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>setting up a lean mean hugo blogging theme</title>
|
<title>setting up a lean mean hugo blogging theme</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -108,6 +108,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>simple nixos config for vps static site</title>
|
<title>simple nixos config for vps static site</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -33,7 +33,7 @@
|
||||||
<p>I’m going to go through a bit of the nixos config I’ve got for my vps.</p>
|
<p>I’m going to go through a bit of the nixos config I’ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -43,7 +43,7 @@
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it’s nice to have a user so you’re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it’s nice to have a user so you’re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -53,7 +53,7 @@
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">"example-site.here"</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">"example-site.here"</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -61,17 +61,17 @@
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">"/var/www/example-site/"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">"/var/www/example-site/"</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let’s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let’s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">"ronald@email.yes"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">"ronald@email.yes"</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn’t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn’t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">"@hourly root cp -r /home/ronald/example-site /var/www/"</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">"@hourly root cp -r /home/ronald/example-site /var/www/"</span>
|
||||||
|
|
@ -82,6 +82,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -2,23 +2,23 @@
|
||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||||
<url>
|
<url>
|
||||||
|
<loc>http://localhost:1313/</loc>
|
||||||
|
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||||
|
</url><url>
|
||||||
|
<loc>http://localhost:1313/posts/</loc>
|
||||||
|
<lastmod>2024-06-25T00:00:00+00:00</lastmod>
|
||||||
|
</url><url>
|
||||||
<loc>http://localhost:1313/tags/lua/</loc>
|
<loc>http://localhost:1313/tags/lua/</loc>
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/tags/neovim/</loc>
|
<loc>http://localhost:1313/tags/neovim/</loc>
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||||
</url><url>
|
|
||||||
<loc>http://localhost:1313/posts/</loc>
|
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</loc>
|
<loc>http://localhost:1313/so-you-want-to-write-a-neovim-plugin-with-lua/</loc>
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/tags/</loc>
|
<loc>http://localhost:1313/tags/</loc>
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
||||||
</url><url>
|
|
||||||
<loc>http://localhost:1313/</loc>
|
|
||||||
<lastmod>2024-04-06T00:00:00+00:00</lastmod>
|
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/tags/home-manager/</loc>
|
<loc>http://localhost:1313/tags/home-manager/</loc>
|
||||||
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
<lastmod>2023-08-18T00:00:00+00:00</lastmod>
|
||||||
|
|
@ -132,8 +132,6 @@
|
||||||
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
|
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/info/</loc>
|
<loc>http://localhost:1313/info/</loc>
|
||||||
</url><url>
|
|
||||||
<loc>http://localhost:1313/links/</loc>
|
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>http://localhost:1313/categories/</loc>
|
<loc>http://localhost:1313/categories/</loc>
|
||||||
</url>
|
</url>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>so you want to write a neovim plugin with lua</title>
|
<title>so you want to write a neovim plugin with lua</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/bash/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/bash/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Bash</title>
|
<title>Bash</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -44,6 +44,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Bash on wretched.place</title>
|
<title>Bash on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/bash/</link>
|
<link>http://localhost:1313/tags/bash/</link>
|
||||||
<description>Recent content in Bash on wretched.place</description>
|
<description>Recent content in Bash on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sat, 10 Dec 2022 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Sat, 10 Dec 2022 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/caddy/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/caddy/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Caddy</title>
|
<title>Caddy</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Caddy on wretched.place</title>
|
<title>Caddy on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/caddy/</link>
|
<link>http://localhost:1313/tags/caddy/</link>
|
||||||
<description>Recent content in Caddy on wretched.place</description>
|
<description>Recent content in Caddy on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/chess/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/chess/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Chess</title>
|
<title>Chess</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -44,6 +44,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Chess on wretched.place</title>
|
<title>Chess on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/chess/</link>
|
<link>http://localhost:1313/tags/chess/</link>
|
||||||
<description>Recent content in Chess on wretched.place</description>
|
<description>Recent content in Chess on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 08 Nov 2022 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 08 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/cooking/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/cooking/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Cooking</title>
|
<title>Cooking</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Cooking on wretched.place</title>
|
<title>Cooking on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/cooking/</link>
|
<link>http://localhost:1313/tags/cooking/</link>
|
||||||
<description>Recent content in Cooking on wretched.place</description>
|
<description>Recent content in Cooking on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sun, 22 Jan 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Sun, 22 Jan 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/css/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/css/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Css</title>
|
<title>Css</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Css on wretched.place</title>
|
<title>Css on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/css/</link>
|
<link>http://localhost:1313/tags/css/</link>
|
||||||
<description>Recent content in Css on wretched.place</description>
|
<description>Recent content in Css on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/docker/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/docker/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Docker</title>
|
<title>Docker</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Docker on wretched.place</title>
|
<title>Docker on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/docker/</link>
|
<link>http://localhost:1313/tags/docker/</link>
|
||||||
<description>Recent content in Docker on wretched.place</description>
|
<description>Recent content in Docker on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/emacs/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/emacs/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Emacs</title>
|
<title>Emacs</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Emacs on wretched.place</title>
|
<title>Emacs on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/emacs/</link>
|
<link>http://localhost:1313/tags/emacs/</link>
|
||||||
<description>Recent content in Emacs on wretched.place</description>
|
<description>Recent content in Emacs on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Fri, 18 Nov 2022 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Fri, 18 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/home-manager/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/home-manager/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Home-Manager</title>
|
<title>Home-Manager</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -58,6 +58,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Home-Manager on wretched.place</title>
|
<title>Home-Manager on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/home-manager/</link>
|
<link>http://localhost:1313/tags/home-manager/</link>
|
||||||
<description>Recent content in Home-Manager on wretched.place</description>
|
<description>Recent content in Home-Manager on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/hugo/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/hugo/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Hugo</title>
|
<title>Hugo</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Hugo on wretched.place</title>
|
<title>Hugo on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/hugo/</link>
|
<link>http://localhost:1313/tags/hugo/</link>
|
||||||
<description>Recent content in Hugo on wretched.place</description>
|
<description>Recent content in Hugo on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Thu, 10 Nov 2022 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Thu, 10 Nov 2022 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Tags</title>
|
<title>Tags</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -170,6 +170,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Tags on wretched.place</title>
|
<title>Tags on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/</link>
|
<link>http://localhost:1313/tags/</link>
|
||||||
<description>Recent content in Tags on wretched.place</description>
|
<description>Recent content in Tags on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/javascript/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/javascript/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Javascript</title>
|
<title>Javascript</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Javascript on wretched.place</title>
|
<title>Javascript on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/javascript/</link>
|
<link>http://localhost:1313/tags/javascript/</link>
|
||||||
<description>Recent content in Javascript on wretched.place</description>
|
<description>Recent content in Javascript on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Mon, 26 Jun 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/lua/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/lua/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Lua</title>
|
<title>Lua</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Lua on wretched.place</title>
|
<title>Lua on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/lua/</link>
|
<link>http://localhost:1313/tags/lua/</link>
|
||||||
<description>Recent content in Lua on wretched.place</description>
|
<description>Recent content in Lua on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/music/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/music/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Music</title>
|
<title>Music</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Music on wretched.place</title>
|
<title>Music on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/music/</link>
|
<link>http://localhost:1313/tags/music/</link>
|
||||||
<description>Recent content in Music on wretched.place</description>
|
<description>Recent content in Music on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 13 Sep 2022 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 13 Sep 2022 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/neovim/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/neovim/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Neovim</title>
|
<title>Neovim</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -44,6 +44,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Neovim on wretched.place</title>
|
<title>Neovim on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/neovim/</link>
|
<link>http://localhost:1313/tags/neovim/</link>
|
||||||
<description>Recent content in Neovim on wretched.place</description>
|
<description>Recent content in Neovim on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Sat, 06 Apr 2024 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nix-colors/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nix-colors/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Nix-Colors</title>
|
<title>Nix-Colors</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -44,6 +44,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Nix-Colors on wretched.place</title>
|
<title>Nix-Colors on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/nix-colors/</link>
|
<link>http://localhost:1313/tags/nix-colors/</link>
|
||||||
<description>Recent content in Nix-Colors on wretched.place</description>
|
<description>Recent content in Nix-Colors on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nixos/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/nixos/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Nixos</title>
|
<title>Nixos</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -79,6 +79,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Nixos on wretched.place</title>
|
<title>Nixos on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/nixos/</link>
|
<link>http://localhost:1313/tags/nixos/</link>
|
||||||
<description>Recent content in Nixos on wretched.place</description>
|
<description>Recent content in Nixos on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Fri, 18 Aug 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/podman/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/podman/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Podman</title>
|
<title>Podman</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Podman on wretched.place</title>
|
<title>Podman on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/podman/</link>
|
<link>http://localhost:1313/tags/podman/</link>
|
||||||
<description>Recent content in Podman on wretched.place</description>
|
<description>Recent content in Podman on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 28 Feb 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/python/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/python/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Python</title>
|
<title>Python</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -79,6 +79,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Python on wretched.place</title>
|
<title>Python on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/python/</link>
|
<link>http://localhost:1313/tags/python/</link>
|
||||||
<description>Recent content in Python on wretched.place</description>
|
<description>Recent content in Python on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/qtile/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/qtile/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Qtile</title>
|
<title>Qtile</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -51,6 +51,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Qtile on wretched.place</title>
|
<title>Qtile on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/qtile/</link>
|
<link>http://localhost:1313/tags/qtile/</link>
|
||||||
<description>Recent content in Qtile on wretched.place</description>
|
<description>Recent content in Qtile on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Mon, 03 Apr 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/self-hosting/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/self-hosting/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Self-Hosting</title>
|
<title>Self-Hosting</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Self-Hosting on wretched.place</title>
|
<title>Self-Hosting on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/self-hosting/</link>
|
<link>http://localhost:1313/tags/self-hosting/</link>
|
||||||
<description>Recent content in Self-Hosting on wretched.place</description>
|
<description>Recent content in Self-Hosting on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
<link rel="shortcut icon" href="http://localhost:1313/favicon.ico">
|
||||||
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/tailscale/index.xml" title="wretched.place">
|
<link rel="alternate" type="application/rss+xml" href="http://localhost:1313/tags/tailscale/index.xml" title="James' Blog :-)">
|
||||||
|
|
||||||
<link rel="stylesheet" href="/css/style.min.css">
|
<link rel="stylesheet" href="/css/style.min.css">
|
||||||
|
|
||||||
|
|
@ -14,7 +14,7 @@
|
||||||
<title>Tailscale</title>
|
<title>Tailscale</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||||||
<channel>
|
<channel>
|
||||||
<title>Tailscale on wretched.place</title>
|
<title>Tailscale on James' Blog :-)</title>
|
||||||
<link>http://localhost:1313/tags/tailscale/</link>
|
<link>http://localhost:1313/tags/tailscale/</link>
|
||||||
<description>Recent content in Tailscale on wretched.place</description>
|
<description>Recent content in Tailscale on James' Blog :-)</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-GB</language>
|
<language>en-GB</language>
|
||||||
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 16 May 2023 00:00:00 +0000</lastBuildDate>
|
||||||
|
|
@ -240,13 +240,13 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&#34;ve-+&#34;</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">&#34;ens3&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -519,7 +519,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
<description><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can&rsquo;t be beat. I&rsquo;ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I&rsquo;ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -&gt; docker compose -&gt; docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let&rsquo;s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;searxng&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">&#34;searxng/searxng&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -552,7 +552,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren&rsquo;t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.&lt;name&gt;.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">&#34;vpn&#34;</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--cap-add=net_admin&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--device=/dev/net/tun&#34;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;--network=bridge&#34;</span>
|
||||||
|
|
@ -574,7 +574,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
<p>I&rsquo;m going to go through a bit of the nixos config I&rsquo;ve got for my vps.</p>
|
||||||
<h3 id="ssh">SSH</h3>
|
<h3 id="ssh">SSH</h3>
|
||||||
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
<p>Having a way to to get into your server is useful. Managing ssh on nix is very simple; this enables the ssh daemon, tells it what port to run on, disables plain text passwords, and disables root login.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">openssh</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">69</span> <span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
|
|
@ -584,7 +584,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
</span></span></code></pre></div><h3 id="adding-a-user">ADDING A USER</h3>
|
||||||
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
<p>Generally, it&rsquo;s nice to have a user so you&rsquo;re not just rawdogging everything as root. This adds a user called ronald, sets their default shell, and adds them to some useful groups. You can even add your public ssh keys here for ultimate convenience.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">users</span><span class="o">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">ronald</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">isNormalUser</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">shell</span> <span class="o">=</span> <span class="n">pkgs</span><span class="o">.</span><span class="n">fish</span><span class="p">;</span>
|
||||||
|
|
@ -594,7 +594,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
</span></span></code></pre></div><h3 id="nginx">NGINX</h3>
|
||||||
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
<p>I use nginx to serve my sites. Compared to the nginx config I used to mess around with, the equivalent nix config is very clean. This chunk tells nginx to serve the contents of <code>/var/www/example-site</code> at <code>example-site.here</code>. It also opens the ports for http and https in the firewall.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">nginx</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">virtualHosts</span><span class="o">.</span><span class="s2">&#34;example-site.here&#34;</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableACME</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -602,17 +602,17 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">root</span> <span class="o">=</span> <span class="s2">&#34;/var/www/example-site/&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="err">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
</span></span><span class="line"><span class="cl"><span class="n">networking</span><span class="o">.</span><span class="n">firewall</span><span class="o">.</span><span class="n">allowedTCPPorts</span> <span class="o">=</span> <span class="p">[</span> <span class="mi">80</span> <span class="mi">443</span> <span class="p">];</span>
|
||||||
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
</span></span></code></pre></div><h3 id="https">HTTPS</h3>
|
||||||
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
<p>You can also make nix deal with all the let&rsquo;s encrypt certbot stuff. It looks like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">security</span><span class="o">.</span><span class="n">acme</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">acceptTerms</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">defaults</span><span class="o">.</span><span class="n">email</span> <span class="o">=</span> <span class="s2">&#34;ronald@email.yes&#34;</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
</span></span></code></pre></div><p>This will set up certificates for any sites you set the <code>enableAMCE</code> to true option for.</p>
|
||||||
<h3 id="cron">CRON</h3>
|
<h3 id="cron">CRON</h3>
|
||||||
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
<p>This is one final little tidbit I set up the other day. I had got bored of having to ssh into my server to manually copy my updated site to the website root. The problem was I would need root privileges on the server to rsync the files to the website root. This seemed like a whole minefield I didn&rsquo;t want to mess with. Instead I set up a little cron job which copies a directory from my home to the website root every hour.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">services</span><span class="o">.</span><span class="n">cron</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">systemCronJobs</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;@hourly root cp -r /home/ronald/example-site /var/www/&#34;</span>
|
||||||
|
|
@ -1283,7 +1283,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
</span></span></code></pre></div><p>This is the list of <a href="https://nur.nix-community.org/repos/rycee/">all extensions</a> available in the repo.</p>
|
||||||
<h3 id="bookmarks">BOOKMARKS</h3>
|
<h3 id="bookmarks">BOOKMARKS</h3>
|
||||||
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
<p>Bookmarks can be added per profile. The format for it goes something like this:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">bookmarks</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">name</span> <span class="o">=</span> <span class="s2">&#34;best website ever!&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1297,7 +1297,7 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
</span></span><span class="line"><span class="cl"><span class="p">};</span>
|
||||||
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
</span></span></code></pre></div><h3 id="settings">SETTINGS</h3>
|
||||||
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
<p>Again, these can be added per profile. Basically, any option you can find in about:config can be added here; this is a selection of potentially useful options I have set:</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">profiles</span><span class="o">.</span><span class="n">james</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">settings</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
</span></span><span class="line"><span class="cl"> <span class="c1">#newtab stuff</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">&#34;browser.startup.homepage&#34;</span> <span class="o">=</span> <span class="s2">&#34;https://searx.jdysmcl.xyz&#34;</span><span class="p">;</span>
|
||||||
|
|
@ -1410,7 +1410,5 @@ After moving across most of my stuff I came across the problem of how to hook th
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</channel>
|
</channel>
|
||||||
</rss>
|
</rss>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>tailscale, caddy, and nixos containers - a match made in heaven</title>
|
<title>tailscale, caddy, and nixos containers - a match made in heaven</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -33,13 +33,13 @@
|
||||||
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
|
||||||
<h3 id="what-to-do">what to do?</h3>
|
<h3 id="what-to-do">what to do?</h3>
|
||||||
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I’d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I’d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"> <span class="n">networking</span><span class="o">.</span><span class="n">nat</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enable</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"ve-+"</span><span class="p">];</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">internalInterfaces</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"ve-+"</span><span class="p">];</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">"ens3"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">externalInterface</span> <span class="o">=</span> <span class="s2">"ens3"</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
</span></span><span class="line"><span class="cl"> <span class="p">};</span>
|
||||||
</span></span><span class="line"><span class="cl">
|
</span></span><span class="line"><span class="cl">
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="err">=</span> <span class="p">{</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">containers</span><span class="o">.</span><span class="n">jellyfin</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">enableTun</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">privateNetwork</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
|
|
@ -91,6 +91,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>teeny tiny bash fetch script</title>
|
<title>teeny tiny bash fetch script</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -102,6 +102,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>theming nirvana</title>
|
<title>theming nirvana</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>translating docker to nix?!</title>
|
<title>translating docker to nix?!</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -32,7 +32,7 @@
|
||||||
</header><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can’t be beat. I’ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I’ve been playing around with the nixos approach to managing docker containers.</p>
|
</header><p>In my opinion, there are moments when the convenience of docker and its surrounding ecosystem can’t be beat. I’ve been dabbling in the self hosting world and oftentimes the best maintained packaging option is a docker image. As a result of this I’ve been playing around with the nixos approach to managing docker containers.</p>
|
||||||
<h3 id="nix---docker-compose---docker-run">nix -> docker compose -> docker run</h3>
|
<h3 id="nix---docker-compose---docker-run">nix -> docker compose -> docker run</h3>
|
||||||
<p>To illustrate how to translate a simple example from the world of docker to nix let’s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
<p>To illustrate how to translate a simple example from the world of docker to nix let’s have a look at the config for my <a href="https://docs.searxng.org/">searxng</a> instance.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"searxng"</span> <span class="err">=</span> <span class="p">{</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"searxng"</span> <span class="o">=</span> <span class="p">{</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">autoStart</span> <span class="o">=</span> <span class="no">true</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">"searxng/searxng"</span><span class="p">;</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">image</span> <span class="o">=</span> <span class="s2">"searxng/searxng"</span><span class="p">;</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
</span></span><span class="line"><span class="cl"> <span class="n">volumes</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
|
|
@ -65,7 +65,7 @@
|
||||||
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
</span></span></span><span class="line"><span class="cl"><span class="se"></span> searxng/searxng
|
||||||
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
</span></span></code></pre></div><h3 id="bits-and-bobs">bits and bobs</h3>
|
||||||
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren’t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.<name>.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
<p>As you can see, nix very kindly provides you with convenient options for the most essential tasks: mounting volumes, exposing ports, passing environment variables etc. But what about some more niche configurations that aren’t exposed in <a href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-containers.nix">oci-containers.nix</a>. As far as I can tell, your best bet in these scenarios is <code>virtualisation.oci-containers.containers.<name>.extraOptions</code>; this lets you pass a list of command line arguments to your docker run command. For example, I had this in my config for a vpn container.</p>
|
||||||
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"vpn"</span><span class="o">.</span><span class="n">extraOptions</span> <span class="err">=</span> <span class="p">[</span>
|
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nix" data-lang="nix"><span class="line"><span class="cl"><span class="n">virtualisation</span><span class="o">.</span><span class="n">oci-containers</span><span class="o">.</span><span class="n">containers</span><span class="o">.</span><span class="s2">"vpn"</span><span class="o">.</span><span class="n">extraOptions</span> <span class="o">=</span> <span class="p">[</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--cap-add=net_admin"</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">"--cap-add=net_admin"</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--device=/dev/net/tun"</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">"--device=/dev/net/tun"</span>
|
||||||
</span></span><span class="line"><span class="cl"> <span class="s2">"--network=bridge"</span>
|
</span></span><span class="line"><span class="cl"> <span class="s2">"--network=bridge"</span>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>upgrade your qtile setup with a cute dropdown terminal</title>
|
<title>upgrade your qtile setup with a cute dropdown terminal</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -74,6 +74,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
<title>vanilla javascript theme toggle for simpletons</title>
|
<title>vanilla javascript theme toggle for simpletons</title>
|
||||||
</head>
|
</head>
|
||||||
<body><header id="banner">
|
<body><header id="banner">
|
||||||
<h2><a href="http://localhost:1313/">wretched.place</a></h2>
|
<h2><a href="http://localhost:1313/">James' Blog :-)</a></h2>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
@ -109,6 +109,8 @@
|
||||||
|
|
||||||
</main><footer id="footer">
|
</main><footer id="footer">
|
||||||
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
<small>made with <a href="https://gohugo.io">hugo</a> and <a href="https://github.com/LukasJoswiak/etch">etch</a> :)</small>
|
||||||
|
<br>
|
||||||
|
<small><a href="/index.xml">rss</a></small>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue