diff options
| -rw-r--r-- | .envrc | 1 | ||||
| -rw-r--r-- | blog/nixos-1.md | 57 | ||||
| -rw-r--r-- | blog/wireguard-vpn.md | 18 | ||||
| -rw-r--r-- | default.nix | 16 | ||||
| -rw-r--r-- | nix/rust.nix | 10 | ||||
| -rw-r--r-- | nix/sources.json | 50 | ||||
| -rw-r--r-- | nix/sources.nix | 174 | ||||
| -rw-r--r-- | shell.nix | 16 | ||||
| -rw-r--r-- | src/main.rs | 3 | ||||
| -rw-r--r-- | src/misc/mod.rs | 4 | ||||
| -rw-r--r-- | templates/about.rs.html | 43 | ||||
| -rw-r--r-- | templates/index.rs.html | 14 |
12 files changed, 404 insertions, 2 deletions
@@ -0,0 +1 @@ +eval "$(lorri direnv)" diff --git a/blog/nixos-1.md b/blog/nixos-1.md new file mode 100644 index 0000000..d85c2e1 --- /dev/null +++ b/blog/nixos-1.md @@ -0,0 +1,57 @@ +--- +title: NixOS Part 1 +date: 2022-02-22 +--- + +Recently, I switched both of my primary laptops from Arch (cesium/vulcan) and +Windows (carbon) to NixOS, mostly on a whim. Some friends of mine have been +encouraging me to try it out for a while, and I did so over the winter break on +Carbon, but I couldn't get flakes to work properly, so I abandoned it and put +Windows on it. What I needed from carbon was for it to work as a notetaking +tablet, and Windows came with OneNote so it was easy to get set up. + +Ever since, NixOS has been in the back of my mind. The idea of a system +configuration tracked in Git that I can use on clients and servers intrigued me +and I wanted to see how I could use that in my systems administration. + +# First Steps +The first thing I did was talk with my friends who were trying to get me to use +NixOS in the first place. They recommended that I go with setting up my flake +immediately, instead of trying to merge my existing `configuration.nix` into a +flake later. This turned out to be the right move, and I'm now tracking my +system configuration at [muirrum/nix](https://git.carathe.dev/muirrum/nix). This +has led to me being able to share a baseline configuration across both carbon +and cesium, including my user configuration and the packages I expect to have +(including neovim, zsh, firefox, and my custom fork of dwm). + +# Encapsulate and Unif~~i~~y +Everything else I'm planning to split into modules, for both my user +configuration and my system configuration. I've already started this with +`nixos/modules/*.nix` and `home/modules/mail.nix` which set up system modules +like Steam, Darktable, and virtualization, as well as my mail sync systemd +service. That way, I can enable the things I need per-system, while still +maintaining the ability to centrally manage it. Now I can add +`./nixos/modules/steam.nix` to my system configuration and I get *my* Steam +setup on every system, every time. It's the same with Darktable, libvirtd, or +`mbsync`. Getting a unified system configuration is as simple as +`nixos-rebuild switch` in my flake directory. I'm planning on rolling this out +to my servers slowly, starting with my physical server during the next break. + +# Packaging +NixOS is based on the Nix package manager, which allows developers to describe +exactly which versions of which packages should be built to make their app work +every time. I've been using this to package my bots and configure their +development environments so I don't have those tools polluting my `$PATH` +outside of the directories where I intend to work on them. I have one of my bots +set up to automatically build a small Docker image for me, so that I can quickly +push it up to my private registry. + +# Conclusion +I plan to keep using NixOS for all my devices. I've found it fun to tinker with, +especially since it keeps a backup of previous versions of your system, so that +if you mess something up you can just reboot and choose a different one. I +haven't needed that *yet* but I'm sure it's coming soon, knowing how much I like +to mess with things that shouldn't be messed with. + +I'll probably write about my experience getting NixOS set up on my home server +in another post. diff --git a/blog/wireguard-vpn.md b/blog/wireguard-vpn.md new file mode 100644 index 0000000..9525717 --- /dev/null +++ b/blog/wireguard-vpn.md @@ -0,0 +1,18 @@ +--- +title: Wireguard Site-to-Site VPN +date: 2022-02-15 +draft: true +--- + +Hi all! Recently, I was inspired by [this post][xepost] to make my own Wireguard +VPN between my laptop and servers. That post is super old though, so I wanted to +write up what I changed and added. + +# Initial Setup + +I chose my dedicated Debian host as the Wireguard server. So far in its +lifetime, it's been gathering all the miscellaneous infrastructure services like +Prometheus, so there's not much happening on it + + +[xepost]: https://christine.website/blog/site-to-site-wireguard-part-1-2019-04-02 diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..a8a3c11 --- /dev/null +++ b/default.nix @@ -0,0 +1,16 @@ +{ sources ? import ./nix/sources.nix, pkgs ? import sources.nixpkgs { } }: +let + rust = import ./nix/rust.nix { inherit sources; }; + + naersk = pkgs.callPackage sources.naersk { + rustc = rust; + cargo = rust; + }; + + src = builtins.filterSource (path: type: type != "directory" || + builtins.baseNameOf path != "target") ./.; + +in naersk.buildPackage { + inherit src; + remapPathPrefix = true; +} diff --git a/nix/rust.nix b/nix/rust.nix new file mode 100644 index 0000000..1419ec7 --- /dev/null +++ b/nix/rust.nix @@ -0,0 +1,10 @@ +{ sources ? import ./sources.nix }: + +let + pkgs = + import sources.nixpkgs { overlays = [ (import sources.nixpkgs-mozilla) ]; }; + channel = "nightly"; + date = "2022-02-16"; + targets = [ ]; + chan = pkgs.rustChannelOfTargets channel date targets; +in chan diff --git a/nix/sources.json b/nix/sources.json new file mode 100644 index 0000000..1a3725a --- /dev/null +++ b/nix/sources.json @@ -0,0 +1,50 @@ +{ + "naersk": { + "branch": "master", + "description": "Build rust crates in Nix. No configuration, no code generation, no IFD. Sandbox friendly. [maintainer: ???]", + "homepage": "", + "owner": "nmattia", + "repo": "naersk", + "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", + "sha256": "1jhagazh69w7jfbrchhdss54salxc66ap1a1yd7xasc92vr0qsx4", + "type": "tarball", + "url": "https://github.com/nmattia/naersk/archive/2fc8ce9d3c025d59fee349c1f80be9785049d653.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + }, + "niv": { + "branch": "master", + "description": "Easy dependency management for Nix projects", + "homepage": "https://github.com/nmattia/niv", + "owner": "nmattia", + "repo": "niv", + "rev": "9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a", + "sha256": "1ajyqr8zka1zlb25jx1v4xys3zqmdy3prbm1vxlid6ah27a8qnzh", + "type": "tarball", + "url": "https://github.com/nmattia/niv/archive/9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + }, + "nixpkgs": { + "branch": "release-20.03", + "description": "Nix Packages collection", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eb73405ecceb1dc505b7cbbd234f8f94165e2696", + "sha256": "06k21wbyhhvq2f1xczszh3c2934p0m02by3l2ixvd6nkwrqklax7", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/eb73405ecceb1dc505b7cbbd234f8f94165e2696.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + }, + "nixpkgs-mozilla": { + "branch": "master", + "description": "Mozilla overlay for Nixpkgs.", + "homepage": "", + "owner": "mozilla", + "repo": "nixpkgs-mozilla", + "rev": "f233fdc4ff6ba2ffeb1e3e3cd6d63bb1297d6996", + "sha256": "1rzz03h0b38l5sg61rmfvzpbmbd5fn2jsi1ccvq22rb76s1nbh8i", + "type": "tarball", + "url": "https://github.com/mozilla/nixpkgs-mozilla/archive/f233fdc4ff6ba2ffeb1e3e3cd6d63bb1297d6996.tar.gz", + "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" + } +} diff --git a/nix/sources.nix b/nix/sources.nix new file mode 100644 index 0000000..1938409 --- /dev/null +++ b/nix/sources.nix @@ -0,0 +1,174 @@ +# This file has been generated by Niv. + +let + + # + # The fetchers. fetch_<type> fetches specs of type <type>. + # + + fetch_file = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchurl { inherit (spec) url sha256; name = name'; } + else + pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; + + fetch_tarball = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchTarball { name = name'; inherit (spec) url sha256; } + else + pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + + fetch_git = name: spec: + let + ref = + if spec ? ref then spec.ref else + if spec ? branch then "refs/heads/${spec.branch}" else + if spec ? tag then "refs/tags/${spec.tag}" else + abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; + in + builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; + + fetch_local = spec: spec.path; + + fetch_builtin-tarball = name: throw + ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; + + fetch_builtin-url = name: throw + ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; + + # + # Various helpers + # + + # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 + sanitizeName = name: + ( + concatMapStrings (s: if builtins.isList s then "-" else s) + ( + builtins.split "[^[:alnum:]+._?=-]+" + ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) + ) + ); + + # The set of packages used when specs are fetched using non-builtins. + mkPkgs = sources: system: + let + sourcesNixpkgs = + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = <nixpkgs> == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then + import <nixpkgs> {} + else + abort + '' + Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; + + # The actual fetching function. + fetch = pkgs: name: spec: + + if ! builtins.hasAttr "type" spec then + abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" then fetch_file pkgs name spec + else if spec.type == "tarball" then fetch_tarball pkgs name spec + else if spec.type == "git" then fetch_git name spec + else if spec.type == "local" then fetch_local spec + else if spec.type == "builtin-tarball" then fetch_builtin-tarball name + else if spec.type == "builtin-url" then fetch_builtin-url name + else + abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + + # If the environment variable NIV_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + replace = name: drv: + let + saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; + ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; + in + if ersatz == "" then drv else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; + + # Ports of functions for older nix versions + + # a Nix version of mapAttrs if the built-in doesn't exist + mapAttrs = builtins.mapAttrs or ( + f: set: with builtins; + listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) + ); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatMapStrings = f: list: concatStrings (map f list); + concatStrings = builtins.concatStringsSep ""; + + # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 + optionalAttrs = cond: as: if cond then as else {}; + + # fetchTarball version that is compatible between all the versions of Nix + builtins_fetchTarball = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" then + fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchTarball attrs; + + # fetchurl version that is compatible between all the versions of Nix + builtins_fetchurl = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" then + fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchurl attrs; + + # Create the final "sources" from the config + mkSources = config: + mapAttrs ( + name: spec: + if builtins.hasAttr "outPath" spec + then abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); } + ) config.sources; + + # The "config" used by the fetchers + mkConfig = + { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) + , system ? builtins.currentSystem + , pkgs ? mkPkgs sources system + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; + + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; + +in +mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..dfd7db7 --- /dev/null +++ b/shell.nix @@ -0,0 +1,16 @@ +{ pkgs ? import <nixpkgs> {} }: + +let + sources = import ./nix/sources.nix; + pkgs = import sources.nixpkgs {}; + rust = import ./nix/rust.nix { inherit sources; }; +in +pkgs.mkShell { + buildInputs = [ + pkgs.hello + rust + + # keep this line if you use bash + pkgs.bashInteractive + ]; +} diff --git a/src/main.rs b/src/main.rs index a83c1ae..21eac18 100644 --- a/src/main.rs +++ b/src/main.rs @@ -25,6 +25,7 @@ async fn main() -> Result<()> { let state = Arc::new(internal::init().await?); let index = warp::get().and(path::end().and_then(misc::handlers::index)); + let about = warp::path!("about").and_then(misc::handlers::about); let blog_index = warp::path!("blog") .and(give_site_state(state.clone())) @@ -35,7 +36,7 @@ async fn main() -> Result<()> { .and_then(blog::handlers::post); let static_files = warp::path("static").and(warp::fs::dir("./statics")); - let site = index + let site = index.or(about) .or(blog_index.or(blog_post)) .or(static_files) .with(warp::log("site")); diff --git a/src/misc/mod.rs b/src/misc/mod.rs index c2992cc..b5b3262 100644 --- a/src/misc/mod.rs +++ b/src/misc/mod.rs @@ -6,4 +6,8 @@ pub mod handlers { pub async fn index() -> Result<impl Reply, Rejection> { Response::builder().html(|o| templates::index_html(o)) } + + pub async fn about() -> Result<impl Reply, Rejection> { + Response::builder().html(|o| templates::about_html(o)) + } } diff --git a/templates/about.rs.html b/templates/about.rs.html new file mode 100644 index 0000000..95fb994 --- /dev/null +++ b/templates/about.rs.html @@ -0,0 +1,43 @@ +@use super::{header_html, footer_html}; + +@() + +@:header_html(None, None) + +<h1>Contact</h1> + +<div class="two-column"> + <div class="inner-column"> + <h3>Email</h3> + <p>The best way to reach me is via email: [my name] [at] [this site]. I + try to respond as soon as I can but please understand that I am a + college student who is also busy with maintaining her own systems that + other people depend on.</p> + </div> + <div class="inner-column"> + <h3>Social Media</h3> + <ul> + <li>Mastodon: <a + href="https://lgbt.io/@@muirrum">muirrum@@lgbt.io</a></li> + <li>GitHub: <a href="https://github.com/Muirrum">Muirrum</a></li> + <li>SourceHut: <a href="https://sr.ht/~muirrum">~muirrum</a></li> + <li>Personal Gitea: <a + href="https://git.carathe.dev/muirrum">muirrum</a></li> + </div> +</div> + +<h1>Selected Projects</h1> +<div class="two-column"> + <div class="inner-column"> + <h3>Campmaster-Constantine (Discontinued)</h3> + <p>Discord bot written in Rust, then Python. Discontinued after + discord.py was retired.</p> + </div> + <div class="inner-column"> + <h3>WG-Manager</h3> + <p>Enables automatic provisioning of new peers across a Wireguard + network based on a management server.</p> + </div> +</div> + +@:footer_html() diff --git a/templates/index.rs.html b/templates/index.rs.html index cc597de..31ed504 100644 --- a/templates/index.rs.html +++ b/templates/index.rs.html @@ -28,7 +28,19 @@ Among other things. <br/><br/> I am currently pursuing a Bachelors degree in Computer Science at - Worcester Polytechnic Institute. + Worcester Polytechnic Institute.<br/><br/> + + My past projects are, in no particular order: + <ul> + <li><a href="https://sr.ht/~muirrum/wg-manager">WG-manager</li> + <li><a + href="https://sr.ht/~muirrum/Campmaster-Constantine">Campmaster + Constantine</a> + </li> + <li><a + href="https://sr.ht/~muirrum/gompei-verification/">Gompei-Verification</a></li> + <li><a href="https://github.com/WPI-LNL/LNLDB">LNL DB</a></li> + </ul> </div> <div class="inner-column"> |