linode builds both image and host

time for mcp to build
2026-02-09 00:13:59 -06:00 · 2026-02-08 23:33:15 -06:00
7 changed files with 117 additions and 72 deletions
--- a/.codex/config.toml
+++ b/.codex/config.toml
@@ -18,3 +18,4 @@ cwd = "/home/jawz/Development/NixOS"
 [mcp_servers.nixos]
 command = "nix"
 args = ["run", "github:utensils/mcp-nixos", "--"]
+startup_timeout_sec = 300
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -48,7 +48,11 @@ in
    ./nginx-nextcloud.nix
    ../../config/base.nix
  ];
-  my = import ./toggles.nix { inherit config inputs; } // {
+  my =
+    import ./toggles.nix {
+      inherit config inputs lib;
+    }
+    // {
      secureHost = true;
      users.nixremote = {
        enable = true;
@@ -151,7 +155,12 @@ in
      www-data = { };
    };
    users = {
-      nginx.extraGroups = [ "www-data" ];
+      nginx = lib.mkIf config.my.secureHost {
+        extraGroups = [
+          "www-data"
+          "lidarr-reports"
+        ];
+      };
      deploy = {
        isSystemUser = true;
        group = "deploy";
--- a/hosts/vps/hardware-configuration.nix
+++ b/hosts/vps/hardware-configuration.nix
@@ -1,5 +1,6 @@
 {
  lib,
+  config,
  modulesPath,
  ...
 }:
@@ -33,11 +34,17 @@
    };
  };
  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
+    device = lib.mkForce (
+      if config.my.build.baseImage then
+        "/dev/sda"
+      else
+        "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"
+    );
    fsType = "ext4";
  };
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; }
+  swapDevices = lib.mkMerge [
+    [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } ]
+    (lib.mkIf config.my.build.baseImage [ { device = "/dev/sdb"; } ])
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/vps/nginx-nextcloud.nix
+++ b/hosts/vps/nginx-nextcloud.nix
@@ -3,7 +3,7 @@ let
  cfg = config.my.servers.nextcloud;
 in
 {
-  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+  config = lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
    services.nginx.virtualHosts.${cfg.host} = {
      forceSSL = true;
      enableACME = true;
--- a/hosts/vps/toggles.nix
+++ b/hosts/vps/toggles.nix
@@ -1,4 +1,8 @@
-{ config, inputs }:
+{
+  config,
+  inputs,
+  lib,
+}:
 let
  inherit (inputs.self.lib)
    enableList
@@ -16,12 +20,7 @@ let
      ip = wgServerIp;
    };
  };
-in
-{
-  enableProxy = true;
-  enableContainers = true;
-  apps.dictionaries.enable = true;
-  apps.dictionaries.users = "jawz";
+  baseToggles = {
    services = enableList mkEnabled [
      "network"
      "wireguard"
@@ -34,6 +33,14 @@ in
      "nix"
      "sh"
    ];
+    apps.dictionaries = {
+      enable = true;
+      users = "jawz";
+    };
+  };
+  secureToggles = {
+    enableProxy = true;
+    enableContainers = true;
    websites = {
      portfolio.enableProxy = true;
      lidarrMbReport.enableProxy = true;
@@ -71,4 +78,9 @@ in
        "vaultwarden"
        "yamtrack"
      ];
-}
+  };
+in
+lib.mkMerge [
+  baseToggles
+  (lib.mkIf config.my.secureHost secureToggles)
+]
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -130,6 +130,11 @@ in
    };
    enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
    enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
+    build.baseImage = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Whether to enable base image settings for this host build.";
+    };
    toggleUsers = lib.mkOption {
      type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
      default = {
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -26,6 +26,17 @@
          exec ${mcpPython}/bin/python -m mcp_server.server
        '';
      };
+      vpsLinodeConfig = inputs.self.nixosConfigurations.vps.extendModules {
+        modules = [
+          (
+            { lib, ... }:
+            {
+              my.secureHost = lib.mkForce false;
+              my.build.baseImage = true;
+            }
+          )
+        ];
+      };
      mcpTests = pkgs.writeShellApplication {
        name = "mcp-tests";
        runtimeInputs = with pkgs.python3Packages; [
@@ -43,7 +54,7 @@
    {
      packages = (inputs.jawz-scripts.packages.${system} or { }) // {
        emacs-vm = inputs.self.nixosConfigurations.emacs.config.system.build.vm;
-        vps-linode = inputs.self.nixosConfigurations.vps.config.system.build.images.linode;
+        vps-linode = vpsLinodeConfig.config.system.build.images.linode;
        mcp-tests = mcpTests;
        nixos-mcp = nixosMcp;
        nixos-mcp-server = mcpServerPkg;
Author	SHA1	Message	Date
Danilo Reyes	8d62cffc8e	linode builds both image and host Some checks failed MCP Tests / mcp-tests (push) Successful in 23s Details Weekly NixOS Build & Cache / build-and-cache (push) Failing after 9m18s Details	2026-02-09 00:13:59 -06:00
Danilo Reyes	7670f2fa94	time for mcp to build	2026-02-08 23:33:15 -06:00