Add misobot host configuration

.sops.yaml

@@ -5,7 +5,7 @@ keys:
     - &cobalt age1wxuydl093x79sx6mglj58lsr6qtm5d4230cdfxhdx3mglfx4u9fsx33v7j
     - &carbon age1nw5jrnx75p2j5s3e6vx08gu8e24vm4w8llzyn7jt6qskzvkwu3zqlju3ad
     - &oxygen age1u700gg0j3h34gu7dhek7cah3agr39mjtmgaml4jwrg6su7wj9szq8qqrcw
-    - &hydrogen age1lckuq0rws9n3kw4yt4gx8c57jk9nfc86pypclapjgnxn89k5ce2qfygchg
+    - &misobot age1570r58zv42c0nhn8ngasysdlqexk9qgm50zzy6fgsvc3udpt05yskq4feu
     - &nickel age1kg6sf8x9vwu8nw3fx38z5swpy04k5mnt0nqm2t0wgqt6qjqpjd4qdmmhvk
 
 creation_rules:
@@ -21,12 +21,12 @@ creation_rules:
         - *joonas
         age:
         - *cobalt
-  - path_regex: hosts/hydrogen/secrets.yaml$
+  - path_regex: hosts/misobot/secrets.yaml$
     key_groups:
       - pgp:
         - *joonas
         age:
-        - *hydrogen
+        - *misobot
   - path_regex: hosts/carbon/secrets.yaml$
     key_groups:
       - pgp:

README.md

@@ -12,7 +12,7 @@ Shell scripts are built from the flake at <https://github.com/joinemm/bin>
 
 - `cobalt` - Desktop workstation/gaming pc
 - `carbon` - Thinkpad X1 Carbon gen11 (work laptop)
-- `hydrogen` - Hetzner box running grafana and prometheus for monitoring
+- `misobot` - Hetzner box running Miso Bot's production deployment
 - `oxygen` - Hetzner box acting as syncthing node and hosting web services
 - `zinc` - Raspberry Pi 4B, mainly used as a DNS server
 - `nickel` - Aoostar WTR PRO, my NAS and home server

hosts/default.nix

@@ -34,9 +34,9 @@ in
       inherit specialArgs;
       modules = [ ./oxygen ];
     };
-    hydrogen = lib.nixosSystem {
+    misobot = lib.nixosSystem {
       inherit specialArgs;
-      modules = [ ./hydrogen ];
+      modules = [ ./misobot ];
     };
     zinc = lib.nixosSystem {
       inherit specialArgs;

hosts/hydrogen/default.nix → hosts/misobot/default.nix

@@ -6,9 +6,6 @@
   config,
   ...
 }:
-let
-  domain = "monitoring.misobot.xyz";
-in
 {
   imports = lib.flatten [
     (with self.profiles; [
@@ -23,10 +20,11 @@ in
     ../../disko/hetzner-osdisk.nix
   ];
 
-  disko.devices.disk.sda.device = "/dev/disk/by-path/pci-0000:00:04.0-scsi-0:0:0:0";
+  disko.devices.disk.sda.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_56638307";
 
   nixpkgs.hostPlatform = "x86_64-linux";
-  networking.hostName = "hydrogen";
+  networking.hostName = "misobot-prod";
+  system.stateVersion = "24.11";
 
   environment.systemPackages = with pkgs; [ busybox ];
 
@@ -35,7 +33,7 @@ in
 
     settings = {
       server = {
-        http_port = 3000;
+        http_port = 3300;
         http_addr = "127.0.0.1";
       };
 
@@ -58,32 +56,28 @@ in
 
   services.prometheus = {
     enable = true;
-
     port = 9090;
     listenAddress = "0.0.0.0";
     webExternalUrl = "/prometheus/";
     checkConfig = true;
-
     globalConfig.scrape_interval = "15s";
 
     scrapeConfigs = [
       {
-        job_name = "miso";
+        job_name = "services";
         static_configs = [
           {
             targets = [
-              "api.misobot.xyz"
-              "api.misobot.xyz:9100"
+              "127.0.0.1:3000"
             ];
           }
         ];
       }
       {
-        job_name = "servers";
+        job_name = "hardware";
         static_configs = [
           {
             targets = [
-              "65.21.249.145:9100"
               "127.0.0.1:9100"
             ];
           }
@@ -92,8 +86,15 @@ in
     ];
   };
 
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+  };
+
+  users.users.joonas.extraGroups = [ "docker" ];
+
   services.nginx.virtualHosts = {
-    "${domain}" = {
+    "monitoring.misobot.xyz" = {
       enableACME = true;
       forceSSL = true;
       locations."/prometheus/" = {
@@ -105,7 +106,25 @@ in
         proxyWebsockets = true;
       };
     };
-  };
 
-  system.stateVersion = "23.11";
+    "api.misobot.xyz" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000"; # port mapped in docker-compose
+        # CORS
+        extraConfig = ''
+          add_header Access-Control-Allow-Origin "*";
+        '';
+      };
+    };
+
+    "url.misobot.xyz" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080"; # port mapped in docker-compose
+      };
+    };
+  };
 }

hosts/hydrogen/secrets.yaml → hosts/misobot/secrets.yaml

@@ -1,4 +1,4 @@
-ssh_host_ed25519_key: ENC[AES256_GCM,data:jOKHZo/+yI9kEDXY02c/npL5/72ef/UZmDavxByNWkZE2W/39ZzguV90UOD7WQKwimQSnMziW5arvueuRXAOMVkOt0xPfWMLeaLdF4FTj3dE5I7U8jIUCfBkAwdUuoMadlbxdE8PlhDIurjDg2Vm3Kq8TBP2gd9XP0/b/EmG77Dp81zRrNN38MRXOANZ3JGkPM/OfdR85lejfs4pzRH+FhYwJ1K5HZSgwlHwa27Erve/s3AKXEGCmg4ciuMb0gGnpY8Zzh/noCQOPZObQlKR7g/6dCuKic2gWlsnyNviV97fWh0MPu1Jvt8Wn4CZaZ58D68kAsHIjYq4RNJiYahnWz94fQcZedET//F0Ix+jAgu0VCEGZE+baEDTX8ZEx7tyao/a7LEUASf1xT7WBO07kK4Fyr37IPbJSN/x+eNxeEBW3ieYRmr92F0VHVaUvI3LdwF+CCjeQMoEVX/lHesO2RId5Zsbb3SM9eKLM1+pnwuOJu9tdlyh7uN5pyQhtQPzJGo2VJYp3Q/f/50RI5+a,iv:fZfuhIOCzw3L5D/gvXbQbFtIz9xvaxdHJOEHBvHErdQ=,tag:scc1I75oMfdZqjXMfnEM9g==,type:str]
+ssh_host_ed25519_key: ENC[AES256_GCM,data:canRwUcA6MlclC3Jyt7rxANvsLibUGmaO611rUvG58qIeBPVE4rmypYWIOhw/FUQkwwhmg0zq31XK0C7GilGNHe1j/gSVIx6jOcDGzs/VBrwvLvZcZfGwYHbJtUT5GIuPEeVEji0tdlv054ZfjTCddIVCxxsyjKjIte7PyKgF9I3CX13HrejwZFpCVbDaoNvK/sqDmTAzpL6JJHC7a1n/1/Cvgk46mfM7dYPX3HZQXhLBUsG0pG3PAgi3/t6s8Vf2LXU7AL92zgNoiPkP9x9XZtaUknXEwq7P9G/VHm/52YCFgfWsk2XIGk2QeBsxXn+1XKH80wtjXMu2NfjBdvPtoZxX2segT3dZLRELd18y9j3gsvIomhkMBF1oX0Dr/dnOFvG2UmmtaDUZ97HrtWRbio66dEFCofL3H2yt0wbfILS8l6y0JhBStGzJ/CwftGrtZZ4c9SXb1jGFZLiIcf8WtJxBzihw4NOH1jmqEjGkjyW5Ach3BiCtB2qXW/70cA5oqwGsAyiC5nPGlyrMW1L,iv:Fe0dhvAI658/VPhyi5UCS8xjaJdHTwEagw5t3qrfXwY=,tag:zzleOJqKdc7H8muL3Yovfw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +14,8 @@ sops:
             QTcyOVBSOTZHakpCWE1tbUs5UWdlZmcKusCaY1AyqPSgDntYj0v+dyjysOn9ZQo0
             idZun733aS1ZgeWc2zAxTuCHfS2iaclEJVa0LeyAQz4+225f+Af0hA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-27T19:09:57Z"
-    mac: ENC[AES256_GCM,data:klKc0wnyPXZB56BaWoyC2FljQbSaQ0PVkycS1FZdMp9TmBtCfVaG8VSTzFEQXLollVuegP5kqPx7v196txGQVt2a/EG2Oc4IRuGIm3DcIT9LNuWZEGeDu2LDmDtVb68DpYtJsEzt0OxpxS1afmtke00WUiSHZHd2HQrUH21ZpL8=,iv:2gbWLrsd7c6Q2QgIUWt93hyCTMHOqs21AYpwrHBTFKs=,tag:iJ4CsQ8fkWGYAOO17h/9pg==,type:str]
+    lastmodified: "2025-01-05T12:14:24Z"
+    mac: ENC[AES256_GCM,data:gw1UMo0WgX3a6RaJpCnvhjCnX1DeauMI9qm1tA7qUt1GPcZIQAM0A+kTH1i7xPT56ELpvxZ+RsV8SU9rvI5isHn/x4W8Sj+Lvd1ToWSXBI5FcNmmuE6u5Tj2bWRBPeOdZ0e9cV9OgYUvhnypjlCUZ3yB59xcT/94O5RGBiNmozQ=,iv:hwvZ+grxHeh7JKQSDLp+aqUCAg9KHVGp5tlodY1KLSI=,tag:StJVT6z+i1D/0ytg5/W88g==,type:str]
     pgp:
         - created_at: "2024-07-27T19:10:56Z"
           enc: |-
@@ -49,4 +49,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 87ECDD306614E5105299F0D4090EB48A4669AA54
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2

nix/deployments.nix

@@ -10,11 +10,11 @@ let
         path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.oxygen;
       };
     };
-    hydrogen = {
-      hostname = "65.108.222.239";
+    misobot = {
+      hostname = "5.161.235.21";
       profiles.system = {
         user = "root";
-        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.hydrogen;
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.misobot;
       };
     };
     nickel = {

scripts/install.sh

@@ -22,6 +22,14 @@ for arg in "$@"; do
     esac
 done
 
+if [[ -z "$FLAKE" || -z "$HOST" ]]; then
+    echo "FLAKE and HOST not given!"
+    echo ""
+    echo "Usage:"
+    echo "  node-install .#flakeattr user@hostname [--secrets /path/to/yaml] [-v]"
+    exit 1
+fi
+
 echo "FLAKE      = $FLAKE"
 echo "HOST       = $HOST"
 echo "SECRETS    = $SECRETS"