update con

2024-09-08 13:39:39 -05:00 · 2024-09-08 13:39:39 -05:00 · 001edf9832
commit 001edf9832
parent d7d5226ed2
15 changed files with 214 additions and 93 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -5,8 +5,10 @@
 }: {
  users.groups.plugdev = {}; # Create plugdev group
  networking.hostName = host.hostName;
+  users.groups.${host.username} = {};
  users.users.${host.username} = {
    isNormalUser = true;
+    group = "${host.username}";
    extraGroups = [
      "wheel"
      "plugdev"
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@ -0,0 +1,67 @@
+{pkgs, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+  ];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = false;
+  swapDevices = [
+    {
+      device = "/var/swapfile";
+      size = 4 * 1024;
+    }
+  ];
+  networking = {
+    hostName = "consensus";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        2022
+        6443
+        25565
+        30001
+        30303
+      ];
+      allowedUDPPorts = [
+        30001
+        30303
+      ];
+      logRefusedConnections = true;
+    };
+  };
+  services = {
+    k3s = {
+      enable = true;
+      role = "server";
+      extraFlags = toString [
+        "--disable=traefik"
+      ];
+    };
+    openssh = {
+      enable = true;
+      ports = [2022];
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "prohibit-password";
+      };
+    };
+  };
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+    e = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      home = "/home/e";
+      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
+    };
+  };
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = ["e"];
+  system.stateVersion = "23.11";
+}
--- a/nixos/consensus/hardware-configuration.nix
+++ b/nixos/consensus/hardware-configuration.nix
@ -0,0 +1,10 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/nvme0n1";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/mapper/vg-root"; fsType = "btrfs"; };
+  fileSystems."/var" = { device = "/dev/mapper/vg-var"; fsType = "btrfs"; };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -26,4 +26,19 @@ in {
        inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
      ];
  };
+  consensus = inputs.nixpkgs.lib.nixosSystem {
+    specialArgs = {
+      inherit inputs system pkgs attrs;
+      host = {
+        hostName = "consensus";
+        inherit (attrs) username;
+      };
+    };
+    modules =
+      defaultModules
+      ++ [
+        ./configuration.nix
+        ./consensus/./configuration.nix
+      ];
+  };
 }
--- a/nixos/t14/configuration.nix
+++ b/nixos/t14/configuration.nix
@ -12,7 +12,6 @@ in {
    ./nano.nix
    ./backups.nix
  ];
-
  environment.systemPackages = with pkgs; [
    cryptsetup
    nfs-utils
@ -116,9 +115,8 @@ in {
    };
  };

-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
-    setLdLibraryPath = true;
    extraPackages = [
      pkgs.mesa.drivers
      pkgs.libGL