diff --git a/.gitignore b/.gitignore index ec6ca16..9f6b4cf 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,7 @@ Temporary Items *.tar.gz *.tar.gz.enc *.tar.gz.age + +# OS images & QEMU drives +*.iso +*.qcow2 diff --git a/README.md b/README.md index 9458379..813628b 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,33 @@ # Michael's Homelab -## Hosts +## Host List -| Host | OS | Services | -| :--- | :--- | :------- | -| Cuddlefish | ![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea | -| Rocktiplex | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom | -| Cloud8 | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud | +### Devices -## SELinux Notes +| Host | OS | Purpose / Services | +| :--- | :--- | :----------------- | +| [Thonkpad](thonkpad/) (portable) | ![Fedora](https://img.shields.io/badge/Fedora_37-294172?style=for-the-badge&logo=fedora&logoColor=white) | Misc. Projects | +| [Cuddlefish](cuddlefish/) | ![CentOS](https://img.shields.io/badge/centos_7-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea | +| [Rocktiplex](rocktiplex/) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom, Status Proxy, RSF Analytics | +| Cloud8 (under repair) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud | + +### Virtualized Hosts + +| VM | Kind | Machine | OS | Purpose / Services | +| :--- | :--- | :------ | :--- | :----------------- | +| [NixHost](thonkpad/nixhost/) | KVM | Thonkpad | ![NixOS](https://img.shields.io/badge/NIXOS-5277C3.svg?style=for-the-badge&logo=NixOS&logoColor=white) | NixOS Testbed | + +### Off-site + +| Host | Provider | OS | Purpose / Services | +| :--- | :------- | :--- | :----------------- | +| Backup1 | [TNAHosting](https://tnahosting.net/) | ![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04_LTS-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) | Docker Volume Backups | + +## Docker + +Most services are run as Docker containers. + +### SELinux Notes Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`: @@ -17,7 +36,7 @@ Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it t SELINUX=permissive ``` -## Dockerized Cloudflared Notes +### Dockerized Cloudflared Notes If a docker-compose file looks like this: @@ -25,10 +44,10 @@ If a docker-compose file looks like this: services: gitea-server: image: gitea/gitea:1.19.3 - ... + # ... gitea-cloudflared: image: cloudflare/cloudflared - ... + # ... ``` Then in this case the name of the target service is `gitea-server`, and (per Docker's networking shenanigans), should be specified **directly by service name,** e.g. @@ -37,7 +56,7 @@ Then in this case the name of the target service is `gitea-server`, and (per Doc https://git.michaellisano.com -> http://gitea-server:3000 ``` -## Backup Decryption Notes +## Backups Everything is encrypted with [age](https://github.com/FiloSottile/age). diff --git a/cuddlefish/motd b/cuddlefish/motd new file mode 100644 index 0000000..f6dcd58 --- /dev/null +++ b/cuddlefish/motd @@ -0,0 +1,6 @@ + ______ __ ____ _____ __ + / ____/_ ______/ /___/ / /__ / __(_)____/ /_ + / / / / / / __ / __ / / _ \/ /_/ / ___/ __ \ +/ /___/ /_/ / /_/ / /_/ / / __/ __/ (__ ) / / / +\____/\__,_/\__,_/\__,_/_/\___/_/ /_/____/_/ /_/ + diff --git a/rocktiplex/motd b/rocktiplex/motd new file mode 100644 index 0000000..600d5cb --- /dev/null +++ b/rocktiplex/motd @@ -0,0 +1,7 @@ + +,------. ,--. ,--. ,--. ,--. +| .--. ' ,---. ,---.| |,-.,-' '-.`--' ,---. | | ,---. ,--. ,--. +| '--'.'| .-. || .--'| /'-. .-',--.| .-. || || .-. : \ `' / +| |\ \ ' '-' '\ `--.| \ \ | | | || '-' '| |\ --. / /. \ +`--' '--' `---' `---'`--'`--' `--' `--'| |-' `--' `----''--' '--' + `--' diff --git a/thonkpad/motd b/thonkpad/motd new file mode 100644 index 0000000..d2327da --- /dev/null +++ b/thonkpad/motd @@ -0,0 +1,12 @@ + + _____ _ _ _____ _ _ _ ________ ___ ______ + |_ _| | | |_ _| \ | || | / /| ___ \/ _ \| _ \ + | | | |_| | | | | \| || |/ / | |_/ / /_\ \ | | | + | | | _ | | | | . ` || \ | __/| _ | | | | + | | | | | |_| |_| |\ || |\ \| | | | | | |/ / + \_/ \_| |_/\___/\_| \_/\_| \_/\_| \_| |_/___/ + +=========================================================== + WARNING: DO NOT RESTART. THIS MACHINE'S SSD IS ENCRYPTED. +=========================================================== + diff --git a/thonkpad/nixhost/configuration.nix b/thonkpad/nixhost/configuration.nix new file mode 100644 index 0000000..c6e9825 --- /dev/null +++ b/thonkpad/nixhost/configuration.nix @@ -0,0 +1,100 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Kernel options - text-only b/c QEMU + boot.kernelParams = [ "console=ttyS0" ]; + + # Use the GRUB 2 boot loader with BIOS ONLY. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # NOTE: Because we are in a headless VM, removed: + # i18n, networking, X11, sound, CUPS/printing, touchpad + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.nixuser = { + isNormalUser = true; + home = "/home/nixuser"; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + python311 + htop + bat + zsh + oh-my-zsh + starship + ]; + }; + + users.defaultUserShell = pkgs.zsh; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + tree + neofetch + curl + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + programs.zsh = { + enable = true; + ohMyZsh = { + enable = true; + plugins = [ "git" ]; + theme = "robbyrussell"; + }; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings.PubkeyAuthentication = true; + settings.PasswordAuthentication = false; + settings.PermitRootLogin = "no"; + }; + + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/thonkpad/nixhost/grun.sh b/thonkpad/nixhost/grun.sh new file mode 100755 index 0000000..7e8bd69 --- /dev/null +++ b/thonkpad/nixhost/grun.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# Graphical runner for desktop + +ISO=nixos +DRIVENAME=nixhost +MEM_GB=1 + +qemu-system-x86_64 -enable-kvm \ + -m $(expr 1024 \* $MEM_GB) -drive file=./$DRIVENAME.qcow2,format=qcow2 + diff --git a/thonkpad/nixhost/run.sh b/thonkpad/nixhost/run.sh new file mode 100755 index 0000000..7e321a3 --- /dev/null +++ b/thonkpad/nixhost/run.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +ISO=nixos +DRIVENAME=nixhost +MEM_GB=1 +SSH_PORT=2022 + +qemu-system-x86_64 -enable-kvm -nographic -vga none \ + -net user,hostfwd=tcp::2022-:22 -net nic \ + -m $(expr 1024 \* $MEM_GB) -drive file=./$DRIVENAME.qcow2,format=qcow2 + diff --git a/thonkpad/nixhost/setup.sh b/thonkpad/nixhost/setup.sh new file mode 100755 index 0000000..ae04191 --- /dev/null +++ b/thonkpad/nixhost/setup.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +ISO=nixos +DRIVENAME=nixhost +DRIVE_GB=50 +MEM_GB=1 + +if [ -f $ISO.iso ]; then + echo "Found $ISO.iso" +else + wget -O $ISO.iso https://channels.nixos.org/nixos-23.05/latest-nixos-minimal-x86_64-linux.iso +fi + +if [ -f $DRIVENAME.qcow2 ]; then + echo "Found $DRIVENAME.qcow2." +else + qemu-img create -f qcow2 $DRIVENAME.qcow2 ${DRIVE_GB}G +fi + +# try headless-esque flags: +# -display curses +# -nographic + +qemu-system-x86_64 -enable-kvm -display curses -nographic -cdrom $ISO.iso \ + -m $(expr 1024 \* $MEM_GB) -drive file=./$DRIVENAME.qcow2,format=qcow2 +