linode builds both image and host

time for mcp to build
2026-02-09 00:13:59 -06:00 · 2026-02-08 23:33:15 -06:00
7 changed files with 117 additions and 72 deletions
--- a/.codex/config.toml
+++ b/.codex/config.toml
@@ -18,3 +18,4 @@ cwd = "/home/jawz/Development/NixOS"
 [mcp_servers.nixos]
 command = "nix"
 args = ["run", "github:utensils/mcp-nixos", "--"]
+startup_timeout_sec = 300
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -48,17 +48,21 @@ in
    ./nginx-nextcloud.nix
    ../../config/base.nix
  ];
-  my = import ./toggles.nix { inherit config inputs; } // {
-    secureHost = true;
-    users.nixremote = {
-      enable = true;
-      authorizedKeys = inputs.self.lib.getSshKeys [
-        "nixworkstation"
-        "nixserver"
-        "nixminiserver"
-      ];
+  my =
+    import ./toggles.nix {
+      inherit config inputs lib;
+    }
+    // {
+      secureHost = true;
+      users.nixremote = {
+        enable = true;
+        authorizedKeys = inputs.self.lib.getSshKeys [
+          "nixworkstation"
+          "nixserver"
+          "nixminiserver"
+        ];
+      };
    };
-  };
  sops.age = {
    generateKey = true;
    keyFile = "/var/lib/sops-nix/key.txt";
@@ -151,7 +155,12 @@ in
      www-data = { };
    };
    users = {
-      nginx.extraGroups = [ "www-data" ];
+      nginx = lib.mkIf config.my.secureHost {
+        extraGroups = [
+          "www-data"
+          "lidarr-reports"
+        ];
+      };
      deploy = {
        isSystemUser = true;
        group = "deploy";
--- a/hosts/vps/hardware-configuration.nix
+++ b/hosts/vps/hardware-configuration.nix
@@ -1,5 +1,6 @@
 {
  lib,
+  config,
  modulesPath,
  ...
 }:
@@ -33,11 +34,17 @@
    };
  };
  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
+    device = lib.mkForce (
+      if config.my.build.baseImage then
+        "/dev/sda"
+      else
+        "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"
+    );
    fsType = "ext4";
  };
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
+  swapDevices = lib.mkMerge [
+    [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } ]
+    (lib.mkIf config.my.build.baseImage [ { device = "/dev/sdb"; } ])
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/vps/nginx-nextcloud.nix
+++ b/hosts/vps/nginx-nextcloud.nix
@@ -3,7 +3,7 @@ let
  cfg = config.my.servers.nextcloud;
 in
 {
-  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
    services.nginx.virtualHosts.${cfg.host} = {
      forceSSL = true;
      enableACME = true;
--- a/hosts/vps/toggles.nix
+++ b/hosts/vps/toggles.nix
@@ -1,4 +1,8 @@
-{ config, inputs }:
+{
+  config,
+  inputs,
+  lib,
+}:
 let
  inherit (inputs.self.lib)
    enableList
@@ -16,59 +20,67 @@ let
      ip = wgServerIp;
    };
  };
-in
-{
-  enableProxy = true;
-  enableContainers = true;
-  apps.dictionaries.enable = true;
-  apps.dictionaries.users = "jawz";
-  services = enableList mkEnabled [
-    "network"
-    "wireguard"
-  ];
-  shell = enableList mkEnabledWithUsers [
-    "multimedia"
-    "tools"
-  ];
-  dev = enableList mkEnabledWithUsers [
-    "nix"
-    "sh"
-  ];
-  websites = {
-    portfolio.enableProxy = true;
-    lidarrMbReport.enableProxy = true;
-  };
-  servers =
-    enableList mkEnabledWithProxy [
-      "isso"
-      "microbin"
-    ]
-    // enableList mkEnabledProxySocketIp [
-      "audiobookshelf"
-      "collabora"
-      "jellyfin"
-      "nextcloud"
-      "plausible"
-      "plex"
-    ]
-    // enableList mkEnabledProxyIp [
-      "atticd"
-      "bazarr"
-      "gitea"
-      "homepage"
-      "kavita"
-      "keycloak"
-      "lidarr"
-      "linkwarden"
-      "maloja"
-      "mealie"
-      "metube"
-      "multi-scrobbler"
-      "oauth2-proxy"
-      "prowlarr"
-      "radarr"
-      "sonarr"
-      "vaultwarden"
-      "yamtrack"
+  baseToggles = {
+    services = enableList mkEnabled [
+      "network"
+      "wireguard"
    ];
-}
+    shell = enableList mkEnabledWithUsers [
+      "multimedia"
+      "tools"
+    ];
+    dev = enableList mkEnabledWithUsers [
+      "nix"
+      "sh"
+    ];
+    apps.dictionaries = {
+      enable = true;
+      users = "jawz";
+    };
+  };
+  secureToggles = {
+    enableProxy = true;
+    enableContainers = true;
+    websites = {
+      portfolio.enableProxy = true;
+      lidarrMbReport.enableProxy = true;
+    };
+    servers =
+      enableList mkEnabledWithProxy [
+        "isso"
+        "microbin"
+      ]
+      // enableList mkEnabledProxySocketIp [
+        "audiobookshelf"
+        "collabora"
+        "jellyfin"
+        "nextcloud"
+        "plausible"
+        "plex"
+      ]
+      // enableList mkEnabledProxyIp [
+        "atticd"
+        "bazarr"
+        "gitea"
+        "homepage"
+        "kavita"
+        "keycloak"
+        "lidarr"
+        "linkwarden"
+        "maloja"
+        "mealie"
+        "metube"
+        "multi-scrobbler"
+        "oauth2-proxy"
+        "prowlarr"
+        "radarr"
+        "sonarr"
+        "vaultwarden"
+        "yamtrack"
+      ];
+  };
+in
+lib.mkMerge [
+  baseToggles
+  (lib.mkIf config.my.secureHost secureToggles)
+]
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -130,6 +130,11 @@ in
    };
    enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
    enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
+    build.baseImage = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Whether to enable base image settings for this host build.";
+    };
    toggleUsers = lib.mkOption {
      type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
      default = {
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -26,6 +26,17 @@
          exec ${mcpPython}/bin/python -m mcp_server.server
        '';
      };
+      vpsLinodeConfig = inputs.self.nixosConfigurations.vps.extendModules {
+        modules = [
+          (
+            { lib, ... }:
+            {
+              my.secureHost = lib.mkForce false;
+              my.build.baseImage = true;
+            }
+          )
+        ];
+      };
      mcpTests = pkgs.writeShellApplication {
        name = "mcp-tests";
        runtimeInputs = with pkgs.python3Packages; [
@@ -43,7 +54,7 @@
    {
      packages = (inputs.jawz-scripts.packages.${system} or { }) // {
        emacs-vm = inputs.self.nixosConfigurations.emacs.config.system.build.vm;
-        vps-linode = inputs.self.nixosConfigurations.vps.config.system.build.images.linode;
+        vps-linode = vpsLinodeConfig.config.system.build.images.linode;
        mcp-tests = mcpTests;
        nixos-mcp = nixosMcp;
        nixos-mcp-server = mcpServerPkg;
Author	SHA1	Message	Date
Danilo Reyes	8d62cffc8e	linode builds both image and host Some checks failed MCP Tests / mcp-tests (push) Successful in 23s Details Weekly NixOS Build & Cache / build-and-cache (push) Failing after 9m18s Details	2026-02-09 00:13:59 -06:00
Danilo Reyes	7670f2fa94	time for mcp to build	2026-02-08 23:33:15 -06:00