Infra Reference

Host Overview

nix-darwin

• penrose: Mac Mini M1
• sierpinski: MacBook Air M4

colmena

• synchronicity-ii: Rented high-reliability/low-cost server
• tears: x86 Headless desktop for heavy workloads
• watchtower: ThinkCentre M75q Gen 2 Tiny; Home server

offline

• bloodletting: Main server / technogothic.net

Manual setup on blank system/migrations

bloodletting:

• nh os switch --target-host root@bloodletting -H bloodletting - deploy config
• passwd - set user passwords
• rsync state:
  • /var/lib:
    • acme/.lego
    • bin_rs
    • fail2ban
    • grafana
    • headscale
    • hedgedoc
    • mastodon
      • dump and import Postgres and Redis DBs
    • matterbridge
    • mc-e2e
    • mc-enigmatica-8
    • mstdn-ebooks
    • nyandroid
    • prometheus2
    • prosody
  • /home/ftp

penrose/sierpinski:

• nh darwin switch - deploy config
• age-plugin-se keygen | tee (tty) | tail -n1 >> ~/Library/Application\ Support/sops/age/keys.txt - generate a private key using the Apple Secure Enclave. Make sure to add it to .sops.yaml.
• sops updatekeys - re-encrypt secrets after adding new keys.

Rsyncd Modules

Modded minecraft instance rsync modules can be accessed through mc-[modpack]@bloodletting::mc-[modpack] with --rsh=ssh

Updating Mastodon

cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>

Last commit which includes BSPWM configs

Common Pitfalls

• Run sudo ssh tears if remote builds are failing. This is likely caused by a hidden "Host key verification failed" error.