Introduced ARM hosts to flake; Reintegrated Caenus hosts back to config updated for current conventions

flake.nix

@@ -134,7 +134,12 @@
     {
       overlays = import ./overlays { inherit inputs; };
 
-      nixosConfigurations = mkHostConfigs (readHosts "nixos") false;
+      nixosConfigurations =
+        # Generate X86 configurations
+        (mkHostConfigs (readHosts "nixos") false)
+        //
+          # Generate ARM configurations
+          (mkHostConfigs (readHosts "arm") true);
 
       packages = forAllSystems (
         system:

hosts/arm/caenus/config/default.nix

@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  imports = lib.custom.scanPaths ./.;
+}

hosts/arm/caenus/config/frp.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+let
+  frp-token = config.secretsSpec.api.frp;
+in
+{
+  services.frp = {
+    enable = true;
+    role = "server";
+    settings = {
+      bindPort = 4040;
+      auth = {
+        method = "token";
+        token = frp-token;
+      };
+    };
+  };
+}

hosts/arm/caenus/default.nix

@@ -0,0 +1,65 @@
+###############################################################
+#
+#  Caenus - Oracle VPS
+#  NixOS VPS, ____, ____
+#
+#  Public IP
+#
+###############################################################
+
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  username = "toph";
+  user = config.secretsSpec.users.${username};
+  firewall = config.secretsSpec.firewall.caenus;
+in
+{
+  imports = lib.flatten [
+    ## Caenus Only ##
+    ./config
+
+    ## Hardware ##
+    ./hardware.nix
+
+    (map lib.custom.relativeToRoot [
+      ## Required Configs ##
+      "hosts/global/core"
+
+      ## Optional Configs ##
+      "hosts/global/common/docker.nix"
+    ])
+  ];
+
+  ## Host Specifications ##
+  hostSpec = {
+    hostName = "caenus";
+    username = username;
+    hashedPassword = user.hashedPassword;
+    email = user.email;
+    handle = user.handle;
+    userFullName = user.fullName;
+    isServer = true;
+    isMinimal = true;
+  };
+
+  networking = {
+    enableIPv6 = false;
+    firewall.allowedTCPPorts = firewall.allowedTCPPorts;
+    firewall.allowedUDPPorts = firewall.allowedUDPPorts;
+  };
+
+  ## System-wide packages ##
+  programs.nix-ld.enable = true;
+  environment.systemPackages = with pkgs; [
+    lazydocker
+  ];
+
+  # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "24.11";
+}

hosts/arm/caenus/hardware.nix

@@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  username = config.hostSpec.username;
+in
+{
+  imports = lib.flatten [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    # (map lib.custom.relativeToRoot [
+    #   "hosts/global/common/system/pool.nix"
+    # ])
+  ];
+
+  ## Boot ##
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        device = "/dev/vda";
+        useOSProber = true;
+      };
+      efi.canTouchEfiVariables = true;
+      timeout = 3;
+    };
+
+    # use latest kernel
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    initrd = {
+      availableKernelModules = [
+        "ahci"
+        "xhci_pci"
+        "virtio_pci"
+        "sr_mod"
+        "virtio_blk"
+      ];
+      systemd.enable = true;
+      verbose = false;
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/467be3e2-75cb-439f-8255-e1ed3a00c2d8";
+    fsType = "ext4";
+  };
+
+  fileSystems."/storage" = {
+    device = "/dev/disk/by-uuid/a3666a64-591c-45ab-8393-3dd1a0a51d79";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E12E-D69C";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  # networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

hosts/global/common/acme/default.nix

@@ -34,13 +34,13 @@ in
       #   extraDomainNames = [ "*.kwahson.com" ];
       # };
 
-      # "kwahson.xyz" = {
-      #   extraDomainNames = [ "*.kwahson.xyz" ];
-      # };
+      "kwahson.xyz" = {
+        extraDomainNames = [ "*.kwahson.xyz" ];
+      };
 
-      # "toph.cc" = {
-      #   extraDomainNames = [ "*.toph.cc" ];
-      # };
+      "toph.cc" = {
+        extraDomainNames = [ "*.toph.cc" ];
+      };
 
       "ryot.foo" = {
         extraDomainNames = [ "*.ryot.foo" ];

hosts/nixos/komo/config/caddy.nix

@@ -2,12 +2,17 @@
   services.caddy = {
     enable = true;
     virtualHosts = {
-      # "ryot.foo" = {
-      #   useACMEHost = "ryot.foo";
-      #   extraConfig = ''
-      #     reverse_proxy 104.40.3.44:80
-      #   '';
-      # };
+
+      ## TOPH.CC ##
+
+      "blog.toph.cc" = {
+        useACMEHost = "toph.cc";
+        extraConfig = ''
+          reverse_proxy localhost:2368
+        '';
+      };
+
+      ## RYOT.FOO ##
 
       "auth.ryot.foo" = {
         useACMEHost = "ryot.foo";

hosts/nixos/proxy/config/dnsmasq.nix

@@ -19,7 +19,7 @@
       ];
 
       # INFO: Why this setup for services?
-      # - OpenWRT forwards every *.ryot.foo query to this DNS server
+      # - OpenWRT forwards every *ryot.foo and *toph.cc query to this DNS server
       # - dnsmasq hands out fixed IPs for those subdomains.
       # - Each target host runs Caddy to serve its site.
       # No Docker labels, no discovery magic—just reliable routing clearly documented with Nix.
@@ -48,6 +48,8 @@
         "/outline.ryot.foo/104.40.3.44"
         "/plane.ryot.foo/104.40.3.44"
 
+        "/blog.toph.cc/104.40.3.44"
+
         ## SOCK ##
         "/upsnap.ryot.foo/104.40.3.54"
         "/sock.ryot.foo/104.40.3.54"