evilfactorylabs / area13

evilfactorylabs infra — as a code
The Unlicense
2 stars 0 forks source link

nixify `komunix` OS #16

Open faultables opened 1 week ago

faultables commented 1 week ago

phase 1

phase 2

To                         Action      From
--                         ------      ----
22                         ALLOW       100.64.0.0/10             
41641                      ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
22/tcp                     ALLOW       192.168.18.0/24           
67/udp                     ALLOW       Anywhere                  
68/udp                     ALLOW       Anywhere                  
22/tcp                     ALLOW       192.168.31.0/24           
41641 (v6)                 ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
67/udp (v6)                ALLOW       Anywhere (v6)             
68/udp (v6)                ALLOW       Anywhere (v6) 

phase 3

TBD

faultables commented 1 week ago

ada yg kurang clear ga broski? @r17x

r17x commented 1 week ago

@faultables directory home isinya apa aja (selain dari crontab)?

faultables commented 1 week ago

bisa cek manual di ssh raspi ls ~ pak kwwkwkwk

r17x commented 1 week ago

@faultables disini ada banyak

Desktop  Documents  Downloads  Music  Pictures  Public  README  Templates  Videos  cachex  duckdns  komunix.org  nfs  nice  npmx  snap
faultables commented 1 week ago

coba yang cachex/ dan npmx/ dulu pak sisanya harusnya ga begitu penting

r17x commented 1 week ago

@faultables yang serve 2 file itu pakai service apa? nginx atau caddy?

faultables commented 1 week ago

caddy bro

r17x commented 1 week ago

@faultables berarti gw coba mulai dengan membuat cachex dan npmx pakai caddy + crontab?

faultables commented 1 week ago

yesss. yang gw tahu si nix kan bisa bikin kyk "ga perlu musingin nyimpen script/binary dimana" nah better klo kita bisa pakai pendekatan itu juga, kita pakai. jadi flow (contoh, untuk cache.komunix.org) itu seperti ini:

1. caddy serve static file /home/komunix/cachex/index.html

dan berikut config nya nya:

[Unit]
Description=caddy
ConditionFileIsExecutable=/usr/local/bin/caddy
After=syslog.target network-online.target

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/caddy file-server --root /home/komunix/cachex --listen 127.0.0.1:2022
StandardOutput=null
StandardError=journal

Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

file tersebut ga harus di /home/komunix, yang penting file nya ada (di step 2). take note bagian --root di ExecStart di atas

2. index.html tersebut di-generate oleh script gen.sh

script nya sederhana, untuk cache.komunix.org konten nya seperti ini (di /home/komunix/cache/gen.sh):

export timestamp=$(date +%s)
export usage=$(df -h /home/komunix/nfs/nix-cache | tail -n1)
export total_cache=$(find /home/komunix/nfs/nix-cache -type f | wc -l)
export nice=$(du -sh /home/komunix/nfs/nix-cache)

envsubst < /home/komunix/cachex/index.html.tpl > /home/komunix/cachex/index.html

disini yang penting adalah file template nya (yg technically cuma teks biasa), yang untuk cache.komunix.org, kontennya seperti berikut (di /home/komunix/cache/index.html.tpl):

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>cache.komunix.org (di raspi) - UP</title>
  </head>
  <body>
<pre>

                                    __                  __
                                   /\ \                /\ \                                          __
                        ___     __      ___\ \ \___      __    \ \ \/'\     ___     ___ ___   __  __    ___ /\_\   __  _       ___   _ __    __
                        /'___\ /'__`\   /'___\ \  _ `\  /'__`\   \ \ , <    / __`\ /' __` __`\/\ \/\ \ /' _ `\/\ \ /\ \/'\     / __`\/\`'__\/'_ `\
                        /\ \__//\ \L\.\_/\ \__/\ \ \ \ \/\  __/  __\ \ \\`\ /\ \L\ \/\ \/\ \/\ \ \ \_\ \/\ \/\ \ \ \\/>   /  __/\ \L\ \ \ \//\ \L\ \
                        \ \____\ \__/.\_\ \____\\ \_\ \_\ \____\/\_\\ \_\ \_\ \____/\ \_\ \_\ \_\ \____/\ \_\ \_\ \_\/\_/\_\/\_\ \____/\ \_\\ \____ \
                        \/____/\/__/\/_/\/____/ \/_/\/_/\/____/\/_/ \/_/\/_/\/___/  \/_/\/_/\/_/\/___/  \/_/\/_/\/_/\//\/_/\/_/\/___/  \/_/ \/___L\ \
                                                                                     /\____/
                                                                                     \_/__/

                                            <b>/nix/store milik bersama</b> | <b>tulung@komunix.org</b>

        > NixOS

        # /etc/nixos/configuration.nix

        { nix.settings.substituters = [ https://cache.komunix.org/ ]; }

        > GNU/Linux

        # /etc/nix/nix.conf

        fallback = true
        binary-caches = https://cache.komunix.org/ https://cache.nixos.org/

        # OR

        fallback = true
        substituters = https://cache.komunix.org

        > Mac OS

        # $HOME/.nixpkgs/darwin-configuration.nix

        nix.settings.substituters = pkgs.lib.mkBefore [ "https://cache.komunix.org/" ];

        > Flake

        nix.settings.experimental-features = [ "nix-command" "flakes" ];
        nix.settings.trusted-substituters = [ "https://cache.komunix.org" ];

        # Recomendation
        nix.settings.fallback = true;

        enjoy :^)

        ---

        # stats for nerds

        $> find /home/komunix/nfs/nix-cache -type f | wc -l

        $total_cache

        $> du -sh /home/komunix/nfs/nix-cache; echo; df -h /home/komunix/nfs/nix-cache; echo; date +%s

        $nice

                Filesystem                      Size  Used Avail Use% Mounted on
        $usage

        $timestamp
</pre>
  </body>
</html>

3. script gen.sh tersebut dijalankan setiap menit melalui cron

untuk crontab nya seperti ini:

* * * * * /home/komunix/cachex/gen.sh

and that's it

kesimpulan

intinya adalah gimana caranya menghindari sebisa mungkin file-file yang di manage secara manual. seperti, yang sekarang, si caddy serve static server di /home/komunix/cache karena kita secara eksplisit ngasih tau letak file nya dimana, karena kita yang manage file tersebut. ga masalah klo misalnya nanti menjadi --root /nix/store/caddy-cachex-1-1-0/etdryftugyihojpk/ selama possible

entry di crontab pun kasusnya sama, setiap menit menajalankan /home/komunix/cachex/gen.sh karena kita secara eksplisit ngatur (nyimpen) file tersebut disana. ga masalah klo misalnya nanti menjadi * * * * * /nix/store/komunix-gen-1-1-0/dfghg5342qfds/cachex.sh selama possible

mental model gw untuk kasus ini kyk pakai home-manager yg ga perlu musingin manajemen dotfiles. i think misi nix untuk membuat konfigurasi komputer tanpa musingin manajemen file konfigurasinya, menjadi possible