iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup racknerd

Browse source
This commit is contained in:
iofq 2024-08-04 22:18:19 -05:00
parent 0108b1a575
commit 58d198e530
14 changed files with 96 additions and 297 deletions
Download patch file Download diff file Expand all files Collapse all files

78
flake.nix
View file

@ -1,48 +1,22 @@
{
description = "Home Manager && NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-index-database.url = "github:nix-community/nix-index-database";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/24.05";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
sops-nix.url = "github:Mic92/sops-nix";
tfa.url = "github:iofq/2fa";
treefmt-nix.url = "github:numtide/treefmt-nix";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nvim = {
url = "github:iofq/nvim.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
tfa = {
url = "github:iofq/2fa";
inputs.nixpkgs.follows = "nixpkgs";
};
ethereum-nix = {
#url = "github:nix-community/ethereum.nix";
url = "git+file:///home/e/dev/ethereum.nix/";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = {
@ -59,12 +33,13 @@
inherit system;
config.allowUnfree = true;
overlays = [
(final: _prev:
{
(final: _prev: {
steam = pkgs.writeShellScriptBin "steam" ''
flatpak run com.valvesoftware.Steam -pipewire "$@"
'';
inherit (inputs.nvim.packages.${final.system}) full;
inherit (inputs.tfa.packages.${final.system}) twofa;
}
// import ./overlay.nix {inherit pkgs;})
})
];
};
eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system});
@ -72,33 +47,13 @@
in {
nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;};
homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;};
deploy.nodes = {
htz = {
hostname = "htz";
sshUser = "e";
remoteBuild = true;
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
};
};
racknerd = {
hostname = "racknerd";
sshUser = "e";
remoteBuild = true;
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
};
};
};
checks = {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
treefmt.enable = true;
treefmt.package = treefmtEval.${system}.config.build.wrapper;
};
settings.treefmt.package = treefmtEval.${system}.config.build.wrapper;
};
};
formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
@ -111,7 +66,6 @@
pkgs.ssh-to-age
pkgs.sops
pkgs.age
inputs.deploy-rs.packages.${system}.deploy-rs
treefmtEval.${system}.config.build.wrapper
];
};

5
home-manager/default.nix
View file

@ -29,9 +29,6 @@
inherit (attrs) username;
};
};
modules = [
./home.nix
./min.nix
];
modules = [./home.nix];
};
}

5
home-manager/min.nix
View file

@ -1,5 +0,0 @@
_: {
home = {
username = "e";
};
}

4
home-manager/shared/programs/2fa/default.nix
View file

@ -4,7 +4,9 @@
];
programs.gpg = {
enable = true;
settings = {pinentry-mode = "loopback";};
settings = {
pinentry-mode = "loopback";
};
};
services.gpg-agent = {
enable = true;

1
home-manager/shared/programs/dev/default.nix
View file

@ -12,5 +12,6 @@
gnumake
go
jq
awscli
];
}

2
home-manager/shared/programs/nvim/default.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
full
neovim
];
}

10
home-manager/t14/home.nix
View file

@ -13,20 +13,22 @@
steam
prismlauncher
runelite
jdk17
jdk21
# comms
signal-desktop
discord
# apps
chromium
(chromium.override {commandLineArgs = "--load-media-router-component-extension=1";})
pcmanfm
feh
ffmpeg
mpv
vlc
wdisplays
piper
calibre
# font
spleen
@ -47,6 +49,10 @@
hostname = "htz.10110110.xyz";
identityFile = "/home/e/.ssh/id_ed25519";
};
"ocx" = {
hostname = "ocx.10110110.xyz";
identityFile = "/home/e/.ssh/oracle";
};
};
};
fonts.fontconfig.enable = lib.mkForce true;

15
nixos/default.nix
View file

@ -26,19 +26,4 @@ in {
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
];
};
rknrd = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs system pkgs;
host = {
hostName = "rknrd";
inherit (attrs) username;
};
};
modules =
defaultModules
++ [
./configuration.nix
./racknerd/configuration.nix
];
};
}

84
nixos/racknerd/configuration.nix
View file

@ -1,84 +0,0 @@
{
inputs,
pkgs,
config,
...
}: {
imports = [
./hardware-configuration.nix
./minecraft.nix
inputs.ethereum-nix.nixosModules.default
];
environment.systemPackages = with pkgs; [
nfs-utils
vim
inputs.ethereum-nix.packages.${system}.rocketpool
docker-compose
];
environment.interactiveShellInit = ''
alias rp='rocketpool --allow-root'
'';
virtualisation = {
docker = {
enable = true;
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking = {
hostName = "rknrd";
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [];
logRefusedConnections = true;
};
};
services.openssh.enable = true;
services.tailscale.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
e = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
};
};
virtualisation.oci-containers.containers = {
signal-api = {
image = "bbernhard/signal-cli-rest-api:latest";
ports = ["100.73.10.99:8080:8080"];
volumes = [
"/root/signal-cli:/home/.local/share/signal-cli"
];
};
};
systemd.timers."signal-upload" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*:0/5";
Unit = "signal-upload.service";
};
};
systemd.services."signal-upload" = {
script = ''
${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = ["e"];
system.stateVersion = "22.11";
}

16
nixos/racknerd/hardware-configuration.nix
View file

@ -1,16 +0,0 @@
{
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
swapDevices = [{device = "/dev/vda2";}];
}

56
nixos/racknerd/minecraft.nix
View file

@ -1,56 +0,0 @@
{
config,
pkgs,
...
}: {
sops = {
defaultSopsFile = ../../secrets/restic.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
secrets = {
"b2-minecraft/env" = {};
"b2-minecraft/repo" = {};
"b2-minecraft/password" = {};
"b2-photos-s3/env" = {};
};
};
services.restic.backups = {
b2-minecraft = {
initialize = true;
environmentFile = config.sops.secrets."b2-minecraft/env".path;
repositoryFile = config.sops.secrets."b2-minecraft/repo".path;
passwordFile = config.sops.secrets."b2-minecraft/password".path;
paths = [
"/var/lib/minecraft"
];
timerConfig = {
OnCalendar = "00:05";
};
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 1"
"--keep-monthly 1"
];
};
};
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
declarative = true;
package = "${pkgs.minecraft-server}";
serverProperties = {
white-list = true;
server-port = 25565;
gamemode = "survival";
enable-command-block = "true";
motd = "whaa";
max-players = "10";
view-distance = 16;
};
whitelist = {
cjriddz = "cf36e5f7-6e7f-490a-ba76-65016338e7b4";
k359 = "a5ccc07c-144d-4dd0-b07c-48c4d5302b58";
};
};
}

4
nixos/t14/backups.nix
View file

@ -25,7 +25,9 @@
OnCalendar = "01:00";
};
pruneOpts = [
"--keep-last 14"
"--keep-daily 14"
"--keep-monthly 6"
"--keep-yearly 1"
];
};
};

74
nixos/t14/configuration.nix
View file

@ -1,4 +1,5 @@
{
config,
pkgs,
attrs,
...
@ -11,8 +12,6 @@ in {
./nano.nix
./backups.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
environment.systemPackages = with pkgs; [
cryptsetup
@ -20,9 +19,16 @@ in {
];
environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = ["zfs"];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
zfs.forceImportRoot = false;
};
# Networking
networking = {
nameservers = ["1.1.1.1#one.one.one.one"];
hostId = "1185c58e";
networkmanager = {
enable = true;
dns = "systemd-resolved";
@ -35,16 +41,6 @@ in {
logRefusedConnections = true;
};
};
services.resolved = {
enable = true;
fallbackDns = [
"1.1.1.1#one.one.one.one"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
services.tailscale.enable = true;
# Services
virtualisation = {
@ -53,40 +49,50 @@ in {
dockerCompat = true;
};
};
programs.light.enable = true;
security.pam.services.swaylock = {};
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
programs.ssh = {
startAgent = true;
};
services.flatpak.enable = true;
services.dbus.enable = true;
programs.hyprland.enable = true;
xdg.portal = {
enable = true;
xdgOpenUsePortal = false;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
programs = {
light.enable = true;
hyprland.enable = true;
ssh = {
startAgent = true;
};
};
services = {
resolved = {
enable = true;
fallbackDns = [
"1.1.1.1#one.one.one.one"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
tailscale.enable = true;
avahi.enable = true; # chromecast
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
flatpak.enable = true;
dbus.enable = true;
services.tlp = {
tlp = {
enable = true;
settings = {
WIFI_PWR_ON_BAT = "off";
START_CHARGE_THRESH_BAT0 = 80;
STOP_CHARGE_THRESH_BAT0 = 85;
RADEON_DPM_STATE_ON_AC = "performance";
RADEON_DPM_STATE_ON_BAT = "battery";
RADEON_POWER_PROFILE_ON_AC = "high";
RADEON_POWER_PROFILE_ON_BAT = "low";
};
};
services.ratbagd.enable = true; # Logitech
services.keyd = {
ratbagd.enable = true; # Logitech
keyd = {
enable = true;
keyboards = {
default = {
@ -100,6 +106,7 @@ in {
};
};
};
};
hardware.opengl = {
enable = true;
@ -115,6 +122,5 @@ in {
spleen
];
fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"];
boot.kernelPackages = pkgs.linuxPackages_latest;
system.stateVersion = "22.11";
}

9
overlay.nix
View file

@ -1,5 +1,12 @@
{pkgs, ...}: {
{
inputs,
final,
pkgs,
...
}: {
steam = pkgs.writeShellScriptBin "steam" ''
flatpak run com.valvesoftware.Steam -pipewire "$@"
'';
inherit (inputs.nvim.packages.${final.system}) full;
inherit (inputs.tfa.packages.${final.system}) twofa;
}