iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup racknerd

Browse source
This commit is contained in:
iofq 2024-08-04 22:18:19 -05:00
parent 0108b1a575
commit 58d198e530
14 changed files with 96 additions and 297 deletions
Download patch file Download diff file Expand all files Collapse all files

82
flake.nix
View file

@ -1,48 +1,22 @@
{ {
description = "Home Manager && NixOS configuration"; description = "Home Manager && NixOS configuration";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nix-index-database.url = "github:nix-community/nix-index-database";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
deploy-rs = { nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
url = "github:serokell/deploy-rs"; nixpkgs.url = "github:nixos/nixpkgs/24.05";
inputs.nixpkgs.follows = "nixpkgs"; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
}; sops-nix.url = "github:Mic92/sops-nix";
pre-commit-hooks = { tfa.url = "github:iofq/2fa";
url = "github:cachix/pre-commit-hooks.nix"; treefmt-nix.url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
nvim = { nvim = {
url = "github:iofq/nvim.nix"; url = "github:iofq/nvim.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
};
tfa = {
url = "github:iofq/2fa";
inputs.nixpkgs.follows = "nixpkgs";
};
ethereum-nix = {
#url = "github:nix-community/ethereum.nix";
url = "git+file:///home/e/dev/ethereum.nix/";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { outputs = {
@ -59,12 +33,13 @@
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ overlays = [
(final: _prev: (final: _prev: {
{ steam = pkgs.writeShellScriptBin "steam" ''
inherit (inputs.nvim.packages.${final.system}) full; flatpak run com.valvesoftware.Steam -pipewire "$@"
inherit (inputs.tfa.packages.${final.system}) twofa; '';
} inherit (inputs.nvim.packages.${final.system}) full;
// import ./overlay.nix {inherit pkgs;}) inherit (inputs.tfa.packages.${final.system}) twofa;
})
]; ];
}; };
eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system}); eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system});
@ -72,33 +47,13 @@
in { in {
nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;}; nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;};
homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;}; homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;};
deploy.nodes = {
htz = {
hostname = "htz";
sshUser = "e";
remoteBuild = true;
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
};
};
racknerd = {
hostname = "racknerd";
sshUser = "e";
remoteBuild = true;
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
};
};
};
checks = { checks = {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.; src = ./.;
hooks = { hooks = {
treefmt.enable = true; treefmt.enable = true;
treefmt.package = treefmtEval.${system}.config.build.wrapper;
}; };
settings.treefmt.package = treefmtEval.${system}.config.build.wrapper;
}; };
}; };
formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
@ -111,7 +66,6 @@
pkgs.ssh-to-age pkgs.ssh-to-age
pkgs.sops pkgs.sops
pkgs.age pkgs.age
inputs.deploy-rs.packages.${system}.deploy-rs
treefmtEval.${system}.config.build.wrapper treefmtEval.${system}.config.build.wrapper
]; ];
}; };

5
home-manager/default.nix
View file

@ -29,9 +29,6 @@
inherit (attrs) username; inherit (attrs) username;
}; };
}; };
modules = [ modules = [./home.nix];
./home.nix
./min.nix
];
}; };
} }

5
home-manager/min.nix
View file

@ -1,5 +0,0 @@
_: {
home = {
username = "e";
};
}

4
home-manager/shared/programs/2fa/default.nix
View file

@ -4,7 +4,9 @@
]; ];
programs.gpg = { programs.gpg = {
enable = true; enable = true;
settings = {pinentry-mode = "loopback";}; settings = {
pinentry-mode = "loopback";
};
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;

1
home-manager/shared/programs/dev/default.nix
View file

@ -12,5 +12,6 @@
gnumake gnumake
go go
jq jq
awscli
]; ];
} }

2
home-manager/shared/programs/nvim/default.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
home.packages = with pkgs; [ home.packages = with pkgs; [
full neovim
]; ];
} }

10
home-manager/t14/home.nix
View file

@ -13,20 +13,22 @@
steam steam
prismlauncher prismlauncher
runelite runelite
jdk17 jdk21
# comms # comms
signal-desktop signal-desktop
discord discord
# apps # apps
chromium (chromium.override {commandLineArgs = "--load-media-router-component-extension=1";})
pcmanfm pcmanfm
feh feh
ffmpeg ffmpeg
mpv mpv
vlc
wdisplays wdisplays
piper piper
calibre
# font # font
spleen spleen
@ -47,6 +49,10 @@
hostname = "htz.10110110.xyz"; hostname = "htz.10110110.xyz";
identityFile = "/home/e/.ssh/id_ed25519"; identityFile = "/home/e/.ssh/id_ed25519";
}; };
"ocx" = {
hostname = "ocx.10110110.xyz";
identityFile = "/home/e/.ssh/oracle";
};
}; };
}; };
fonts.fontconfig.enable = lib.mkForce true; fonts.fontconfig.enable = lib.mkForce true;

15
nixos/default.nix
View file

@ -26,19 +26,4 @@ in {
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
]; ];
}; };
rknrd = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs system pkgs;
host = {
hostName = "rknrd";
inherit (attrs) username;
};
};
modules =
defaultModules
++ [
./configuration.nix
./racknerd/configuration.nix
];
};
} }

84
nixos/racknerd/configuration.nix
View file

@ -1,84 +0,0 @@
{
inputs,
pkgs,
config,
...
}: {
imports = [
./hardware-configuration.nix
./minecraft.nix
inputs.ethereum-nix.nixosModules.default
];
environment.systemPackages = with pkgs; [
nfs-utils
vim
inputs.ethereum-nix.packages.${system}.rocketpool
docker-compose
];
environment.interactiveShellInit = ''
alias rp='rocketpool --allow-root'
'';
virtualisation = {
docker = {
enable = true;
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking = {
hostName = "rknrd";
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [];
logRefusedConnections = true;
};
};
services.openssh.enable = true;
services.tailscale.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
e = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
};
virtualisation.oci-containers.containers = {
signal-api = {
image = "bbernhard/signal-cli-rest-api:latest";
ports = ["100.73.10.99:8080:8080"];
volumes = [
"/root/signal-cli:/home/.local/share/signal-cli"
];
};
};
systemd.timers."signal-upload" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*:0/5";
Unit = "signal-upload.service";
};
};
systemd.services."signal-upload" = {
script = ''
${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = ["e"];
system.stateVersion = "22.11";
}

16
nixos/racknerd/hardware-configuration.nix
View file

@ -1,16 +0,0 @@
{
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
swapDevices = [{device = "/dev/vda2";}];
}

56
nixos/racknerd/minecraft.nix
View file

@ -1,56 +0,0 @@
{
config,
pkgs,
...
}: {
sops = {
defaultSopsFile = ../../secrets/restic.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
secrets = {
"b2-minecraft/env" = {};
"b2-minecraft/repo" = {};
"b2-minecraft/password" = {};
"b2-photos-s3/env" = {};
};
};
services.restic.backups = {
b2-minecraft = {
initialize = true;
environmentFile = config.sops.secrets."b2-minecraft/env".path;
repositoryFile = config.sops.secrets."b2-minecraft/repo".path;
passwordFile = config.sops.secrets."b2-minecraft/password".path;
paths = [
"/var/lib/minecraft"
];
timerConfig = {
OnCalendar = "00:05";
};
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 1"
"--keep-monthly 1"
];
};
};
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
declarative = true;
package = "${pkgs.minecraft-server}";
serverProperties = {
white-list = true;
server-port = 25565;
gamemode = "survival";
enable-command-block = "true";
motd = "whaa";
max-players = "10";
view-distance = 16;
};
whitelist = {
cjriddz = "cf36e5f7-6e7f-490a-ba76-65016338e7b4";
k359 = "a5ccc07c-144d-4dd0-b07c-48c4d5302b58";
};
};
}

4
nixos/t14/backups.nix
View file

@ -25,7 +25,9 @@
OnCalendar = "01:00"; OnCalendar = "01:00";
}; };
pruneOpts = [ pruneOpts = [
"--keep-last 14" "--keep-daily 14"
"--keep-monthly 6"
"--keep-yearly 1"
]; ];
}; };
}; };

100
nixos/t14/configuration.nix
View file

@ -1,4 +1,5 @@
{ {
config,
pkgs, pkgs,
attrs, attrs,
... ...
@ -11,8 +12,6 @@ in {
./nano.nix ./nano.nix
./backups.nix ./backups.nix
]; ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cryptsetup cryptsetup
@ -20,9 +19,16 @@ in {
]; ];
environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test"; environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = ["zfs"];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
zfs.forceImportRoot = false;
};
# Networking # Networking
networking = { networking = {
nameservers = ["1.1.1.1#one.one.one.one"]; hostId = "1185c58e";
networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "systemd-resolved"; dns = "systemd-resolved";
@ -35,16 +41,6 @@ in {
logRefusedConnections = true; logRefusedConnections = true;
}; };
}; };
services.resolved = {
enable = true;
fallbackDns = [
"1.1.1.1#one.one.one.one"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
services.tailscale.enable = true;
# Services # Services
virtualisation = { virtualisation = {
@ -53,48 +49,59 @@ in {
dockerCompat = true; dockerCompat = true;
}; };
}; };
programs.light.enable = true;
security.pam.services.swaylock = {}; security.pam.services.swaylock = {};
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
programs.ssh = {
startAgent = true;
};
services.flatpak.enable = true;
services.dbus.enable = true;
programs.hyprland.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
xdgOpenUsePortal = false; xdgOpenUsePortal = false;
extraPortals = [pkgs.xdg-desktop-portal-gtk]; extraPortals = [pkgs.xdg-desktop-portal-gtk];
}; };
programs = {
services.tlp = { light.enable = true;
enable = true; hyprland.enable = true;
settings = { ssh = {
WIFI_PWR_ON_BAT = "off"; startAgent = true;
START_CHARGE_THRESH_BAT0 = 80;
STOP_CHARGE_THRESH_BAT0 = 85;
RADEON_DPM_STATE_ON_AC = "performance";
RADEON_DPM_STATE_ON_BAT = "battery";
RADEON_POWER_PROFILE_ON_AC = "high";
RADEON_POWER_PROFILE_ON_BAT = "low";
}; };
}; };
services = {
resolved = {
enable = true;
fallbackDns = [
"1.1.1.1#one.one.one.one"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
tailscale.enable = true;
avahi.enable = true; # chromecast
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
flatpak.enable = true;
dbus.enable = true;
services.ratbagd.enable = true; # Logitech tlp = {
services.keyd = { enable = true;
enable = true; settings = {
keyboards = { WIFI_PWR_ON_BAT = "off";
default = { START_CHARGE_THRESH_BAT0 = 80;
ids = ["*"]; STOP_CHARGE_THRESH_BAT0 = 85;
settings = { };
main = { };
pause = "timeout(esc, 150, space)"; ratbagd.enable = true; # Logitech
scrolllock = "layer(shift)"; keyd = {
enable = true;
keyboards = {
default = {
ids = ["*"];
settings = {
main = {
pause = "timeout(esc, 150, space)";
scrolllock = "layer(shift)";
};
}; };
}; };
}; };
@ -115,6 +122,5 @@ in {
spleen spleen
]; ];
fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"]; fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"];
boot.kernelPackages = pkgs.linuxPackages_latest;
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

9
overlay.nix
View file

@ -1,5 +1,12 @@
{pkgs, ...}: { {
inputs,
final,
pkgs,
...
}: {
steam = pkgs.writeShellScriptBin "steam" '' steam = pkgs.writeShellScriptBin "steam" ''
flatpak run com.valvesoftware.Steam -pipewire "$@" flatpak run com.valvesoftware.Steam -pipewire "$@"
''; '';
inherit (inputs.nvim.packages.${final.system}) full;
inherit (inputs.tfa.packages.${final.system}) twofa;
} }