sorceress
/
nix-infra
1
0
Fork 0
Code Issues 6 Pull Requests Packages Projects Releases Wiki Activity
180 Commits 3 Branches 0 Tags 21 MiB
Nix 98.5%
Shell 1.5%
Go to file
Agatha Lovelace 1dd3619c5a
add jj status to starship, reconfigure prompt 		2026-04-29 15:51:33 +02:00
common add jj status to starship, reconfigure prompt 2026-04-29 15:51:33 +02:00
external ritual: Nix-darwin hackintosh init 2024-11-29 17:07:02 +01:00
hosts Remove mstdn-ebooks 2026-03-31 12:51:57 +02:00
secrets Deploy headplane 2026-03-31 13:01:54 +02:00
.envrc Replace Colmena with nh 2026-02-03 13:29:51 +01:00
.gitignore Replace hardcoded secret in grafana config 2026-02-18 01:52:27 +01:00
.sops.yaml Replace Colmena with nh 2026-02-03 13:29:51 +01:00
README.md Remove mstdn-ebooks 2026-03-31 12:51:57 +02:00
flake.lock Update nix flake, change installed utilities 2026-04-26 17:53:53 +02:00
flake.nix Update nix flake, change installed utilities 2026-04-26 17:53:53 +02:00

README.md

Infra Reference

Host Overview

nix-darwin

  • penrose: Mac Mini M1
  • sierpinski: MacBook Air M4

colmena

  • synchronicity-ii: Rented high-reliability/low-cost server
  • tears: x86 Headless desktop for heavy workloads
  • watchtower: ThinkCentre M75q Gen 2 Tiny; Home server

offline

  • bloodletting: Main server / technogothic.net

Manual setup on blank system/migrations

bloodletting:

  • nh os switch --target-host root@bloodletting -H bloodletting - deploy config
  • passwd - set user passwords
  • rsync state:
    • /var/lib:
      • acme/.lego
      • fail2ban
      • mastodon
        • dump and import Postgres and Redis DBs
      • matterbridge
      • mc-e2e
      • mc-enigmatica-8
      • nyandroid
      • prometheus2
      • prosody
    • /home/ftp

synchronicity-ii:

  • nh os switch --target-host root@synchronicity-ii -H synchronicity-ii - deploy config
  • passwd - set user passwords
  • rsync state:
    • /var/lib:
      • acme/.lego
      • bin_rs
      • grafana
      • headscale
      • hedgedoc
      • prometheus2

penrose/sierpinski:

  • nh darwin switch - deploy config
  • age-plugin-se keygen | tee (tty) | tail -n1 >> ~/Library/Application\ Support/sops/age/keys.txt - generate a private key using the Apple Secure Enclave. Make sure to add it to .sops.yaml.
  • sops updatekeys - re-encrypt secrets after adding new keys.

Rsyncd Modules

Modded minecraft instance rsync modules can be accessed through mc-[modpack]@bloodletting::mc-[modpack] with --rsh=ssh

Updating Mastodon

cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash>

Last commit which includes BSPWM configs

Common Pitfalls

  • Run sudo ssh tears if remote builds are failing. This is likely caused by a hidden "Host key verification failed" error.