## Fan Control `hwmon2/pwm1` => harddrives bay top `hwmon2/pwm2` => CPU fan `hwmon2/pwm4` => harddrives bay bottom `hwmon2/pwm7` => mainboard bay top | Name | Location | Start | Stop | | ---- | -------- | ----- | ---- | | PWM1 | HDD Top | 20 | 0 | | PWM4 | HDD Bottom | 80 | 60 | | PWM2 | CPU Fan | 150? | 0? | | PWM7 | Main Top | 65 | 60 | ``` nix run github:nix-community/nixos-anywhere -- \ --disko-mode mount \ --flake .#odin \ --target-host root@192.168.178.41 ``` ## Containers odin runs several services inside NixOS containers. Each container is a standalone `nixosConfiguration` in the flake. ### Gogs (git.t5.st) Self-hosted Git service accessible at `https://git.t5.st` via Cloudflare tunnel. **Container config:** `hosts/odin/containers/gogs.nix` **Module:** `modules/nixos/gogs.nix` **Features:** - Dark theme with accent color variants (configure via `services.gogs.theme`) - Registration disabled, admin user provisioned via age secret on first start - SSH server on port 2222 (`git@git.t5.st`) - SQLite3 database (persisted on `@services` Btrfs subvolume) **Deploy:** ```bash # Rebuild and restart the host nixos-rebuild switch --flake .#odin # Enter the container nixos-container root-login gogs # Check service status systemctl status gogs ``` **Config example:** ```nix services.gogs = { enable = true; theme = "dark-blue"; adminUser = { name = "control"; email = "admin@t5.st"; passwordFile = "/run/secrets/gogs-admin"; }; settings = { auth.DISABLE_REGISTRATION = true; server = { DOMAIN = "git.t5.st"; EXTERNAL_URL = "https://git.t5.st/"; HTTP_PORT = 3000; SSH_PORT = 2222; START_SSH_SERVER = true; }; }; }; ``` #### Push-to-Mirror To mirror a repository on Gogs to an upstream (e.g., Codeberg), set up a **post-receive hook** per-repo via the Gogs web UI: `https://git.t5.st/{owner}/{repo}/settings/hooks/git/post-receive` **Hook script using a Codeberg PAT:** ```sh #!/bin/sh while read oldrev newrev refname; do branch=$(git rev-parse --symbolic --abbrev-ref "$refname") if [ "master" = "$branch" ]; then PAT=$(cat /run/secrets/codeberg-pat) git push --quiet --force --mirror \ "https://x-access-token:${PAT}@codeberg.org/{owner}/{repo}.git" fi done ``` **Prerequisites:** 1. Generate a Codeberg PAT with `repo` scope at `codeberg.org` → Settings → Applications 2. Add the PAT as an age secret in `hosts/odin/system/age.nix`: ```nix "odin/services/codeberg-pat" = { file = secrets."odin/services/codeberg-pat.age"; mode = "0444"; }; ``` 3. Bind-mount the secret into the container in `hosts/odin/default.nix`: ```nix containers.gogs.bindMounts."/run/secrets/codeberg-pat" = { hostPath = config.age.secrets."odin/services/codeberg-pat".path; isReadOnly = true; }; ``` 4. Create the age-encrypted file with the PAT as content: ```bash echo -n "YOUR_CODEGERG_PAT" | agenix -e secrets/odin/services/codeberg-pat.age ``` ### Grist (grist.odin.t5.st) Spreadsheet server accessible at `https://grist.odin.t5.st` via Caddy reverse proxy. **Container config:** `hosts/odin/containers/grist.nix` **Deploy:** ```bash nixos-container create grist --flake .#grist --host-address 192.168.1.1 --local-address 192.168.1.2 nixos-container start grist ``` ## Fan Control ```bash #!/usr/bin/env bash # Create a temporary directory temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { rm -rf "$temp" } trap cleanup EXIT # Create the directory where sshd expects to find the host keys install -d -m755 "$temp/persist/etc/ssh" install -d -m755 "$temp/etc/ssh" # Decrypt your private key from the password store and copy it to the temporary directory cat ./ssh_host_ed25519_key.txt > "$temp/persist/etc/ssh/ssh_host_ed25519_key" cat ./ssh_host_rsa_key.txt > "$temp/persist/etc/ssh/ssh_host_rsa_key" cat ./ssh_host_ed25519_key.txt > "$temp/etc/ssh/ssh_host_ed25519_key" cat ./ssh_host_rsa_key.txt > "$temp/etc/ssh/ssh_host_rsa_key" # Set the correct permissions so sshd will accept the key chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key" chmod 600 "$temp/persist/etc/ssh/ssh_host_rsa_key" chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key" chmod 600 "$temp/etc/ssh/ssh_host_rsa_key" # Install NixOS to the host system with our secrets nix run github:nix-community/nixos-anywhere -- \ --disko-mode mount \ --extra-files "$temp" \ --build-on-remote \ --flake .#odin \ root@[NIXOS-IP] ```