Cleanup racknerd

2024-08-04 22:18:19 -05:00 · 2024-08-04 22:18:19 -05:00 · 58d198e530
commit 58d198e530
parent 0108b1a575
14 changed files with 96 additions and 297 deletions
--- a/flake.nix
+++ b/flake.nix
@ -1,48 +1,22 @@
 {
  description = "Home Manager && NixOS configuration";
-
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nix-index-database.url = "github:nix-community/nix-index-database";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    deploy-rs = {
-      url = "github:serokell/deploy-rs";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/24.05";
+    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
+    sops-nix.url = "github:Mic92/sops-nix";
+    tfa.url = "github:iofq/2fa";
+    treefmt-nix.url = "github:numtide/treefmt-nix";
+
    home-manager = {
      url = "github:nix-community/home-manager";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
    nvim = {
      url = "github:iofq/nvim.nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    tfa = {
-      url = "github:iofq/2fa";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    ethereum-nix = {
-      #url = "github:nix-community/ethereum.nix";
-      url = "git+file:///home/e/dev/ethereum.nix/";
-    };
-    treefmt-nix = {
-      url = "github:numtide/treefmt-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    microvm = {
-      url = "github:astro/microvm.nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    nix-index-database = {
-      url = "github:nix-community/nix-index-database";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
  };
  outputs = {
@ -59,12 +33,13 @@
      inherit system;
      config.allowUnfree = true;
      overlays = [
-        (final: _prev:
-          {
-            inherit (inputs.nvim.packages.${final.system}) full;
-            inherit (inputs.tfa.packages.${final.system}) twofa;
-          }
-          // import ./overlay.nix {inherit pkgs;})
+        (final: _prev: {
+          steam = pkgs.writeShellScriptBin "steam" ''
+            flatpak run com.valvesoftware.Steam -pipewire "$@"
+          '';
+          inherit (inputs.nvim.packages.${final.system}) full;
+          inherit (inputs.tfa.packages.${final.system}) twofa;
+        })
      ];
    };
    eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system});
@ -72,33 +47,13 @@
  in {
    nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;};
    homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;};
-    deploy.nodes = {
-      htz = {
-        hostname = "htz";
-        sshUser = "e";
-        remoteBuild = true;
-        profiles.system = {
-          user = "root";
-          path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz;
-        };
-      };
-      racknerd = {
-        hostname = "racknerd";
-        sshUser = "e";
-        remoteBuild = true;
-        profiles.system = {
-          user = "root";
-          path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd;
-        };
-      };
-    };
    checks = {
      pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
        src = ./.;
        hooks = {
          treefmt.enable = true;
+          treefmt.package = treefmtEval.${system}.config.build.wrapper;
        };
-        settings.treefmt.package = treefmtEval.${system}.config.build.wrapper;
      };
    };
    formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
@ -111,7 +66,6 @@
        pkgs.ssh-to-age
        pkgs.sops
        pkgs.age
-        inputs.deploy-rs.packages.${system}.deploy-rs
        treefmtEval.${system}.config.build.wrapper
      ];
    };
--- a/home-manager/default.nix
+++ b/home-manager/default.nix
@ -29,9 +29,6 @@
        inherit (attrs) username;
      };
    };
-    modules = [
-      ./home.nix
-      ./min.nix
-    ];
+    modules = [./home.nix];
  };
 }
--- a/home-manager/min.nix
+++ b/home-manager/min.nix
@ -1,5 +0,0 @@
-_: {
-  home = {
-    username = "e";
-  };
-}
--- a/home-manager/shared/programs/2fa/default.nix
+++ b/home-manager/shared/programs/2fa/default.nix
@ -4,7 +4,9 @@
  ];
  programs.gpg = {
    enable = true;
-    settings = {pinentry-mode = "loopback";};
+    settings = {
+      pinentry-mode = "loopback";
+    };
  };
  services.gpg-agent = {
    enable = true;
--- a/home-manager/shared/programs/dev/default.nix
+++ b/home-manager/shared/programs/dev/default.nix
@ -12,5 +12,6 @@
    gnumake
    go
    jq
+    awscli
  ];
 }
--- a/home-manager/shared/programs/nvim/default.nix
+++ b/home-manager/shared/programs/nvim/default.nix
@ -1,5 +1,5 @@
 {pkgs, ...}: {
  home.packages = with pkgs; [
-    full
+    neovim
  ];
 }
--- a/home-manager/t14/home.nix
+++ b/home-manager/t14/home.nix
@ -13,20 +13,22 @@
      steam
      prismlauncher
      runelite
-      jdk17
+      jdk21

      # comms
      signal-desktop
      discord

      # apps
-      chromium
+      (chromium.override {commandLineArgs = "--load-media-router-component-extension=1";})
      pcmanfm
      feh
      ffmpeg
      mpv
+      vlc
      wdisplays
      piper
+      calibre

      # font
      spleen
@ -47,6 +49,10 @@
        hostname = "htz.10110110.xyz";
        identityFile = "/home/e/.ssh/id_ed25519";
      };
+      "ocx" = {
+        hostname = "ocx.10110110.xyz";
+        identityFile = "/home/e/.ssh/oracle";
+      };
    };
  };
  fonts.fontconfig.enable = lib.mkForce true;
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -26,19 +26,4 @@ in {
        inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
      ];
  };
-  rknrd = inputs.nixpkgs.lib.nixosSystem {
-    specialArgs = {
-      inherit inputs system pkgs;
-      host = {
-        hostName = "rknrd";
-        inherit (attrs) username;
-      };
-    };
-    modules =
-      defaultModules
-      ++ [
-        ./configuration.nix
-        ./racknerd/configuration.nix
-      ];
-  };
 }
--- a/nixos/racknerd/configuration.nix
+++ b/nixos/racknerd/configuration.nix
@ -1,84 +0,0 @@
-{
-  inputs,
-  pkgs,
-  config,
-  ...
-}: {
-  imports = [
-    ./hardware-configuration.nix
-    ./minecraft.nix
-    inputs.ethereum-nix.nixosModules.default
-  ];
-  environment.systemPackages = with pkgs; [
-    nfs-utils
-    vim
-    inputs.ethereum-nix.packages.${system}.rocketpool
-    docker-compose
-  ];
-  environment.interactiveShellInit = ''
-    alias rp='rocketpool --allow-root'
-  '';
-  virtualisation = {
-    docker = {
-      enable = true;
-    };
-  };
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = false;
-
-  networking = {
-    hostName = "rknrd";
-    nameservers = [
-      "1.1.1.1"
-      "8.8.8.8"
-    ];
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [22];
-      allowedUDPPorts = [];
-      logRefusedConnections = true;
-    };
-  };
-
-  services.openssh.enable = true;
-  services.tailscale.enable = true;
-  users.users = {
-    root = {
-      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
-    };
-    e = {
-      isNormalUser = true;
-      extraGroups = ["wheel" "docker"];
-      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''];
-    };
-  };
-  virtualisation.oci-containers.containers = {
-    signal-api = {
-      image = "bbernhard/signal-cli-rest-api:latest";
-      ports = ["100.73.10.99:8080:8080"];
-      volumes = [
-        "/root/signal-cli:/home/.local/share/signal-cli"
-      ];
-    };
-  };
-  systemd.timers."signal-upload" = {
-    wantedBy = ["timers.target"];
-    timerConfig = {
-      OnCalendar = "*:0/5";
-      Unit = "signal-upload.service";
-    };
-  };
-  systemd.services."signal-upload" = {
-    script = ''
-      ${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-    };
-  };
-  security.sudo.wheelNeedsPassword = false;
-  nix.settings.trusted-users = ["e"];
-  system.stateVersion = "22.11";
-}
--- a/nixos/racknerd/hardware-configuration.nix
+++ b/nixos/racknerd/hardware-configuration.nix
@ -1,16 +0,0 @@
-{
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  boot.loader.grub.device = "/dev/vda";
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
-  boot.initrd.kernelModules = ["nvme"];
-  fileSystems."/" = {
-    device = "/dev/vda1";
-    fsType = "ext4";
-  };
-  swapDevices = [{device = "/dev/vda2";}];
-}
--- a/nixos/racknerd/minecraft.nix
+++ b/nixos/racknerd/minecraft.nix
@ -1,56 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  sops = {
-    defaultSopsFile = ../../secrets/restic.yaml;
-    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    secrets = {
-      "b2-minecraft/env" = {};
-      "b2-minecraft/repo" = {};
-      "b2-minecraft/password" = {};
-      "b2-photos-s3/env" = {};
-    };
-  };
-  services.restic.backups = {
-    b2-minecraft = {
-      initialize = true;
-      environmentFile = config.sops.secrets."b2-minecraft/env".path;
-      repositoryFile = config.sops.secrets."b2-minecraft/repo".path;
-      passwordFile = config.sops.secrets."b2-minecraft/password".path;
-
-      paths = [
-        "/var/lib/minecraft"
-      ];
-      timerConfig = {
-        OnCalendar = "00:05";
-      };
-      pruneOpts = [
-        "--keep-daily 3"
-        "--keep-weekly 1"
-        "--keep-monthly 1"
-      ];
-    };
-  };
-  services.minecraft-server = {
-    enable = true;
-    eula = true;
-    openFirewall = true;
-    declarative = true;
-    package = "${pkgs.minecraft-server}";
-    serverProperties = {
-      white-list = true;
-      server-port = 25565;
-      gamemode = "survival";
-      enable-command-block = "true";
-      motd = "whaa";
-      max-players = "10";
-      view-distance = 16;
-    };
-    whitelist = {
-      cjriddz = "cf36e5f7-6e7f-490a-ba76-65016338e7b4";
-      k359 = "a5ccc07c-144d-4dd0-b07c-48c4d5302b58";
-    };
-  };
-}
--- a/nixos/t14/backups.nix
+++ b/nixos/t14/backups.nix
@ -25,7 +25,9 @@
        OnCalendar = "01:00";
      };
      pruneOpts = [
-        "--keep-last 14"
+        "--keep-daily 14"
+        "--keep-monthly 6"
+        "--keep-yearly 1"
      ];
    };
  };
--- a/nixos/t14/configuration.nix
+++ b/nixos/t14/configuration.nix
@ -1,4 +1,5 @@
 {
+  config,
  pkgs,
  attrs,
  ...
@ -11,8 +12,6 @@ in {
    ./nano.nix
    ./backups.nix
  ];
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;

  environment.systemPackages = with pkgs; [
    cryptsetup
@ -20,9 +19,16 @@ in {
  ];
  environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";

+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    supportedFilesystems = ["zfs"];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    zfs.forceImportRoot = false;
+  };
  # Networking
  networking = {
-    nameservers = ["1.1.1.1#one.one.one.one"];
+    hostId = "1185c58e";
    networkmanager = {
      enable = true;
      dns = "systemd-resolved";
@ -35,16 +41,6 @@ in {
      logRefusedConnections = true;
    };
  };
-  services.resolved = {
-    enable = true;
-    fallbackDns = [
-      "1.1.1.1#one.one.one.one"
-    ];
-    extraConfig = ''
-      DNSOverTLS=yes
-    '';
-  };
-  services.tailscale.enable = true;

  # Services
  virtualisation = {
@ -53,48 +49,59 @@ in {
      dockerCompat = true;
    };
  };
-  programs.light.enable = true;
+
  security.pam.services.swaylock = {};
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    pulse.enable = true;
-  };
-  programs.ssh = {
-    startAgent = true;
-  };
-  services.flatpak.enable = true;
-  services.dbus.enable = true;
-  programs.hyprland.enable = true;
  xdg.portal = {
    enable = true;
    xdgOpenUsePortal = false;
    extraPortals = [pkgs.xdg-desktop-portal-gtk];
  };
-
-  services.tlp = {
-    enable = true;
-    settings = {
-      WIFI_PWR_ON_BAT = "off";
-      START_CHARGE_THRESH_BAT0 = 80;
-      STOP_CHARGE_THRESH_BAT0 = 85;
-      RADEON_DPM_STATE_ON_AC = "performance";
-      RADEON_DPM_STATE_ON_BAT = "battery";
-      RADEON_POWER_PROFILE_ON_AC = "high";
-      RADEON_POWER_PROFILE_ON_BAT = "low";
+  programs = {
+    light.enable = true;
+    hyprland.enable = true;
+    ssh = {
+      startAgent = true;
    };
  };
+  services = {
+    resolved = {
+      enable = true;
+      fallbackDns = [
+        "1.1.1.1#one.one.one.one"
+      ];
+      extraConfig = ''
+        DNSOverTLS=yes
+      '';
+    };
+    tailscale.enable = true;
+    avahi.enable = true; # chromecast
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      pulse.enable = true;
+    };
+    flatpak.enable = true;
+    dbus.enable = true;

-  services.ratbagd.enable = true; # Logitech
-  services.keyd = {
-    enable = true;
-    keyboards = {
-      default = {
-        ids = ["*"];
-        settings = {
-          main = {
-            pause = "timeout(esc, 150, space)";
-            scrolllock = "layer(shift)";
+    tlp = {
+      enable = true;
+      settings = {
+        WIFI_PWR_ON_BAT = "off";
+        START_CHARGE_THRESH_BAT0 = 80;
+        STOP_CHARGE_THRESH_BAT0 = 85;
+      };
+    };
+    ratbagd.enable = true; # Logitech
+    keyd = {
+      enable = true;
+      keyboards = {
+        default = {
+          ids = ["*"];
+          settings = {
+            main = {
+              pause = "timeout(esc, 150, space)";
+              scrolllock = "layer(shift)";
+            };
          };
        };
      };
@ -115,6 +122,5 @@ in {
    spleen
  ];
  fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"];
-  boot.kernelPackages = pkgs.linuxPackages_latest;
  system.stateVersion = "22.11";
 }
--- a/overlay.nix
+++ b/overlay.nix
@ -1,5 +1,12 @@
-{pkgs, ...}: {
+{
+  inputs,
+  final,
+  pkgs,
+  ...
+}: {
  steam = pkgs.writeShellScriptBin "steam" ''
    flatpak run com.valvesoftware.Steam -pipewire "$@"
  '';
+  inherit (inputs.nvim.packages.${final.system}) full;
+  inherit (inputs.tfa.packages.${final.system}) twofa;
 }