gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit.

Browse source
This commit is contained in:
kat witch 2020-11-01 20:04:42 +00:00 committed by kat
commit 25be5d58d9
26 changed files with 931 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
result
secrets.nix

7
README.md Normal file
View file

@ -0,0 +1,7 @@
# Proto readme
* export NIX_SSHOPTS="-p 62954"
* export NIX_SSHOPTS="-p 22"
* nix build -f . deploy.all && ./result
* nix build -f . deploy.$group && ./result
* nix build -f . deploy.$hostname && ./result

77
configuration/common/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, lib, pkgs, ... }:
let
home-manager = fetchGit {
url = "https://github.com/nix-community/home-manager";
rev = "a98ec6ec158686387d66654ea96153ec06be33d7";
};
in {
imports = [
../../modules
"${home-manager}/nixos"
./pbb.nix
./users.nix
];
nixpkgs.overlays = [
(self: super: import ../../pkgs { nixpkgs = super.path; })
];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
boot.kernelParams = [ "quiet" ];
nixpkgs.config = {
allowUnfree = true;
};
services.journald.extraConfig = "SystemMaxUse=512M";
nix.gc.automatic = lib.mkDefault true;
nix.gc.options = lib.mkDefault "--delete-older-than 1w";
nix.trustedUsers = [ "root" "@wheel" ];
environment.variables.EDITOR = "neovim";
services.openssh.enable = true;
services.openssh.ports = lib.mkDefault [ 62954 ];
services.openssh.passwordAuthentication = false;
services.openssh.challengeResponseAuthentication = false;
services.openssh.permitRootLogin = lib.mkDefault "prohibit-password";
services.openssh.extraConfig = "StreamLocalBindUnlink yes";
security.sudo.wheelNeedsPassword = lib.mkForce false;
i18n.defaultLocale = "en_GB.UTF-8";
time.timeZone = "Europe/London";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
};
fonts.fontconfig.enable = true;
fonts.fonts = [
pkgs.nerdfonts
pkgs.corefonts
];
environment.systemPackages = with pkgs; [
smartmontools
lm_sensors
htop
neovim
ripgrep
git
wget
rsync
pv
progress
bc
zstd
file
whois
fd
exa
socat
tmux
gnupg
];
}

13
configuration/common/pbb.nix Normal file
View file

@ -0,0 +1,13 @@
let
pbbNixfiles = fetchGit {
url = "https://git.petabyte.dev/petabyteboy/nixfiles";
rev = "4b0275db7842fda45dcc007d87b6274c4e63382b";
};
in {
imports = [
"${pbbNixfiles}/modules"
];
nixpkgs.overlays = [
(self: super: import "${pbbNixfiles}/pkgs" { nixpkgs = super.path; })
];
}

79
configuration/common/users.nix Normal file
View file

@ -0,0 +1,79 @@
{ config, pkgs, ... }:
{
users.users.root = {
openssh.authorizedKeys.keys = with pkgs.lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
};
users.users.kat = {
uid = 1000;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDX2x9eT02eJn2lAc7zA3c84+FXkft1f3hbTXKZ6+q/F kat@yule"
];
shell = pkgs.fish;
extraGroups = [ "wheel" ];
};
home-manager.useGlobalPkgs = true;
home-manager.users.kat = {
programs.firefox = {
enable = true;
};
programs.fish = {
enable = true;
plugins = [
{
name = "bass";
src = pkgs.fetchFromGitHub {
owner = "edc";
repo = "bass";
rev = "d63054b24c2f63aaa3a08fb9ec9d0da4c70ab922";
sha256 = "0pwci5xxm8308nrb52s5nyxijk0svar8nqrdfvkk2y34z1cg319b";
};
}
];
};
programs.starship = {
enable = true;
enableFishIntegration = true;
};
programs.git = {
enable = true;
userName = "katrin fénix";
userEmail = "me@dork.dev";
};
programs.ssh = {
enable = true;
controlMaster = "auto";
controlPersist = "10m";
hashKnownHosts = true;
matchBlocks = let
kat = {
forwardAgent = true;
extraOptions = {
RemoteForward = "/run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
};
port = 62954;
};
in {
"beltane" = {
hostname = "beltane.dork.dev";
} // kat;
"samhain" = {
hostname = "192.168.1.135";
} // kat;
"yule" = {
hostname = "192.168.1.92";
} // kat;
};
};
programs.bat.enable = true;
programs.tmux.enable = true;
};
}

63
configuration/desktop/default.nix Normal file
View file

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
{
nixpkgs.config = {
mumble.speechdSupport = true;
};
home-manager.users.kat = {
home.packages = [
pkgs._1password
pkgs.mpv
pkgs.mumble
pkgs.syncplay
pkgs.youtube-dl
pkgs.jdk11
pkgs.lm_sensors
pkgs.discord
pkgs.tdesktop
pkgs.dino
pkgs.dconf2nix
pkgs.vscode
pkgs.neofetch
pkgs.htop
pkgs.jetbrains.clion
pkgs.jetbrains.idea-ultimate
pkgs.jetbrains.goland
pkgs.gnome3.gnome-tweak-tool
pkgs.gnomeExtensions.caffeine
pkgs.gnomeExtensions.emoji-selector
pkgs.gnomeExtensions.gsconnect
pkgs.gnomeExtensions.dash-to-panel
pkgs.gnomeExtensions.appindicator
pkgs.gnomeExtensions.dash-to-dock
pkgs.gnomeExtensions.arc-menu
];
gtk = {
enable = true;
iconTheme = {
name = "Arc";
package = pkgs.numix-icon-theme-square;
};
theme = {
name = "Arc";
package = pkgs.arc-theme;
};
};
};
fonts.fontconfig.enable = true;
fonts.fonts = [
pkgs.nerdfonts
pkgs.corefonts
];
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.opengl.enable = true;
services.xserver.libinput.enable = true;
}

33
configuration/hosts/beltane/configuration.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
let unstable = import <nixos-unstable> {}; in {
imports =
[
../../common
./hardware-configuration.nix
#./services/postgres.nix
./services/znc.nix
./services/weechat.nix
#./services/gitea.nix
#./services/matrix.nix
#./services/nextcloud.nix
#./services/bitwarden.nix
./services/nginx.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking = {
hostName = "beltane";
useDHCP = false;
interfaces.enp1s0.useDHCP = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "20.09";
}

26
configuration/hosts/beltane/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/126049c0-34bd-4d96-a8db-276c5d172abe";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1f19daed-1c51-4b14-bfe8-bd7ea075ed96"; }
];
nix.maxJobs = lib.mkDefault 3;
}

14
configuration/hosts/beltane/services/bitwarden.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
let secrets = ( import ../secrets.nix ); in {
bitwarden_rs = {
enable = true;
config = {
rocketPort = 4000;
websocketEnabled = true;
signupsAllowed = false;
adminToken = secrets.bitwarden.token;
domain = "https://pw.dork.dev";
};
};
}

10
configuration/hosts/beltane/services/gitea.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
gitea = {
enable = true;
disableRegistration = true; # TODO change for initial setup
domain = "git.dork.dev";
rootUrl = "https://git.dork.dev";
};
}

24
configuration/hosts/beltane/services/matrix.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
let secrets = ( import ../secrets.nix ); in {
matrix-synapse = {
enable = true;
registration_shared_secret = secrets.matrix.secret;
server_name = "dork.dev";
listeners = [
{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
}

23
configuration/hosts/beltane/services/nextcloud.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
{
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.nextcloud = {
enable = true;
hostName = "fs.dork.dev";
https = true;
nginx.enable = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminpassFile = "/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management
adminuser = "root";
};
};
}

87
configuration/hosts/beltane/services/nginx.nix Normal file
View file

@ -0,0 +1,87 @@
{ config, pkgs, ... }:
let common = {
enableACME = true;
forceSSL = true;
}; in {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts = {
"beltane.dork.dev" = {
root = "/var/www/beltane";
} // common;
"dork.dev" = {
root = "/var/www/dork";
/*locations = {
"/_matrix" = {
proxyPass = "http://[::1]:8008";
};
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "dork.dev:443"; }; in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let client = {
"m.homeserver" = { "base_url" = "https://dork.dev"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
}; in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};*/
} // common;
/*"pw.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:4000";
"/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
};
} // common;
"git.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:3000";
};
} // common;*/
"znc.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:5000";
};
} // common;
"irc.dork.dev" = {
locations = {
"/" = {
root = pkgs.glowing-bear;
};
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
};
} // common;
};
};
security.acme = {
email = "dorkdev99+acme@gmail.com";
acceptTerms = true;
};
}

19
configuration/hosts/beltane/services/postgres.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
}

17
configuration/hosts/beltane/services/weechat.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.weechat = {
binary = let new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
scripts = [ pkgs.weechatScripts.weechat-matrix ];
plugins = [ availablePlugins.perl ( availablePlugins.python.withPackages (ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ])) ]; };
}; in "${new-weechat}/bin/weechat";
enable = true;
};
programs.screen.screenrc = ''
multiuser on
acladd kat
'';
}

50
configuration/hosts/beltane/services/znc.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, pkgs, ... }:
let secrets = import ../secrets.nix; in {
services.znc = {
enable = true;
mutable = false;
useLegacyConfig = false;
openFirewall = false;
config = {
Listener.l = {
Port = 5000;
SSL = false;
AllowWeb = true;
};
modules = [ "webadmin" "adminlog" ];
User.kat = {
Admin = true;
Nick = "kat";
AltNick = "katrin";
Network.freenode = {
Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}";
Chan = secrets.znc.freenode.channels;
Nick = secrets.znc.freenode.nick;
AltNick = secrets.znc.freenode.altNick;
JoinDelay = 2;
LoadModule = [
"simple_away"
"nickserv"
];
};
Network.espernet = {
Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}";
Chan = secrets.znc.espernet.channels;
Nick = secrets.znc.espernet.nick;
AltNick = secrets.znc.espernet.altNick;
JoinDelay = 2;
LoadModule = [
"simple_away"
"nickserv"
];
};
Pass.password = {
Method = secrets.znc.password.method;
Hash = secrets.znc.password.hash;
Salt = secrets.znc.password.salt;
};
};
};
};
}

25
configuration/hosts/default.nix Normal file
View file

@ -0,0 +1,25 @@
let
hosts = {
yule = {
ssh.host = "kat@yule";
groups = [ "desktop" "personal" ];
};
beltane = {
ssh.host = "kat@beltane";
groups = [ "server" "personal" ];
};
samhain = {
ssh.host = "kat@samhain";
groups = [ "desktop" "personal" ];
};
};
pkgs = import <nixpkgs> {};
evalConfig = import <nixpkgs/nixos/lib/eval-config.nix>;
lib = pkgs.lib;
in lib.mapAttrs (name: host: host // {
config = if (host ? config) then host.config else (evalConfig {
modules = [
(import "${toString ./.}/${name}/configuration.nix")
];
}).config;
}) hosts

29
configuration/hosts/samhain/configuration.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../common
../../desktop
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
home-manager.users.kat = {
imports = [
./dconf.nix
];
};
networking.hostName = "samhain";
networking.hostId = "617050fc";
networking.useDHCP = false;
networking.interfaces.enp34s0.useDHCP = true;
system.stateVersion = "20.09";
}

143
configuration/hosts/samhain/dconf.nix Normal file
View file

@ -0,0 +1,143 @@
# Generated via dconf2nix: https://github.com/gvolpe/dconf2nix
{ lib, ... }:
let
mkTuple = lib.hm.gvariant.mkTuple;
in
{
dconf.settings = {
"org/gnome/control-center" = {
"last-panel" = "network";
};
"org/gnome/desktop/input-sources" = {
"current" = "uint32 0";
"sources" = [ (mkTuple [ "xkb" "gb" ]) ];
"xkb-options" = [ "terminate:ctrl_alt_bksp" ];
};
"org/gnome/desktop/interface" = {
"clock-show-seconds" = true;
"clock-show-weekday" = true;
"enable-hot-corners" = false;
"gtk-im-module" = "gtk-im-context-simple";
};
"org/gnome/desktop/notifications" = {
"application-children" = [ "im-dino-dino" "telegramdesktop" "discord" "mumble" "firefox" ];
};
"org/gnome/desktop/notifications/application/discord" = {
"application-id" = "discord.desktop";
};
"org/gnome/desktop/notifications/application/firefox" = {
"application-id" = "firefox.desktop";
};
"org/gnome/desktop/notifications/application/im-dino-dino" = {
"application-id" = "im.dino.Dino.desktop";
};
"org/gnome/desktop/notifications/application/mumble" = {
"application-id" = "mumble.desktop";
};
"org/gnome/desktop/notifications/application/telegramdesktop" = {
"application-id" = "telegramdesktop.desktop";
};
"org/gnome/desktop/privacy" = {
"report-technical-problems" = true;
};
"org/gnome/desktop/wm/keybindings" = {
"panel-main-menu" = [ "<Alt>F1" ];
};
"org/gnome/desktop/wm/preferences" = {
"button-layout" = "appmenu:minimize,maximize,close";
};
"org/gnome/evolution-data-server" = {
"migrated" = true;
"network-monitor-gio-name" = "";
};
"org/gnome/mutter" = {
"attach-modal-dialogs" = true;
"dynamic-workspaces" = true;
"edge-tiling" = true;
"focus-change-on-pointer-rest" = true;
"overlay-key" = "Super_L";
"workspaces-only-on-primary" = true;
};
"org/gnome/nautilus/preferences" = {
"default-folder-viewer" = "icon-view";
"search-filter-time-type" = "last_modified";
};
"org/gnome/nautilus/window-state" = {
"initial-size" = mkTuple [ 890 550 ];
"maximized" = false;
};
"org/gnome/settings-daemon/plugins/color" = {
#"night-light-last-coordinates" = mkTuple [ 51.579800719942405 -2.47e-2 ];
};
"org/gnome/settings-daemon/plugins/xsettings" = {
"antialiasing" = "grayscale";
"hinting" = "slight";
};
"org/gnome/shell" = {
"disabled-extensions" = "@as []";
"enabled-extensions" = [ "arc-menu@linxgem33.com" "caffeine@patapon.info" "dash-to-panel@jderose9.github.com" "emoji-selector@maestroschan.fr" "appindicatorsupport@rgcjonas.gmail.com" ];
};
"org/gnome/shell/extensions/arc-menu" = {
"arc-menu-icon" = 3;
"dtp-dtd-state" = [ true false ];
"menu-button-icon" = "Arc_Menu_Icon";
"menu-hotkey" = "Super_L";
"pinned-app-list" = [ "Firefox" "firefox" "firefox.desktop" "Terminal" "utilities-terminal" "org.gnome.Terminal.desktop" "Arc Menu Settings" "ArcMenu_ArcMenuIcon" "gnome-extensions prefs arc-menu@linxgem33.com" ];
};
"org/gnome/shell/extensions/dash-to-panel" = {
"available-monitors" = [ 1 0 2 ];
"group-apps" = false;
"hotkeys-overlay-combo" = "TEMPORARILY";
"multi-monitors" = false;
#"panel-element-positions" = "'{"0":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"1":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"2":[{"element":"showAppsButton","visible":false,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}]}'";
#"panel-positions" = "'{"0":"TOP","1":"TOP","2":"TOP"}'";
"panel-size" = 32;
"primary-monitor" = 1;
};
"org/gnome/shell/world-clocks" = {
"locations" = "@av []";
};
"org/gnome/system/location" = {
"enabled" = true;
};
"org/gtk/settings/file-chooser" = {
"date-format" = "regular";
"location-mode" = "path-bar";
"show-hidden" = false;
"show-size-column" = true;
"show-type-column" = true;
"sidebar-width" = 164;
"sort-column" = "name";
"sort-directories-first" = false;
"sort-order" = "ascending";
"type-format" = "category";
"window-position" = mkTuple [ 358 907 ];
"window-size" = mkTuple [ 1203 902 ];
};
};
}

35
configuration/hosts/samhain/hardware-configuration.nix Normal file
View file

@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/safe/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zroot/safe/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/BADB-92F5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; }
];
}

23
configuration/hosts/yule/configuration.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../common
../../desktop
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostId = "dddbb888";
networking.hostName = "yule";
networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
system.stateVersion = "20.09";
}

36
configuration/hosts/yule/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zpool/safe/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zpool/safe/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4683-4139";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/7e6f47fd-bedb-4012-8072-5e3a556e2f45"; }
];
}

4
default.nix Normal file
View file

@ -0,0 +1,4 @@
{
inherit (import ./lib/deploy.nix) deploy;
pkgs = import ./pkgs;
}

76
lib/deploy.nix Normal file
View file

@ -0,0 +1,76 @@
let
pkgs = import <nixpkgs> {};
lib = pkgs.lib;
hosts = import ../configuration/hosts;
nixosHosts = lib.filterAttrs (name: host: host ? ssh) hosts;
allGroups = lib.unique (
lib.flatten (
lib.mapAttrsToList (
name: host: host.groups
) hosts
)
);
hostsInGroup = group:
lib.filterAttrs (
k: v: builtins.elem group v.groups
) hosts;
hostsInAllGroups = lib.listToAttrs (
map (
group: lib.nameValuePair group (
lib.attrNames (hostsInGroup group)
)
) allGroups );
mkDeploy = hostnames: pkgs.writeScript "deploy-${lib.concatStringsSep "-" hostnames}" ''
#!${pkgs.stdenv.shell}
set -e -o pipefail
export PATH=/run/wrappers/bin/:${with pkgs; lib.makeBinPath [
coreutils
openssh
nix
gnutar
findutils
nettools
gzip
git
]}
MODE=$1
shift || true
ARGS=$@
[ "$MODE" == "" ] && MODE="switch"
${lib.concatMapStrings (hostname: let
hostAttrs = nixosHosts.${hostname};
nixosSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
"${toString ../configuration}/hosts/${hostname}/configuration.nix"
];
system = if hostAttrs ? system then hostAttrs.system else "x86_64-linux";
}).config.system.build.toplevel;
in ''
(
echo "deploying ${hostname}..."
nix copy --no-check-sigs --to ssh://${hostAttrs.ssh.host} ${nixosSystem}
ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo nix-env -p /nix/var/nix/profiles/system -i ${nixosSystem}"
ssh $NIX_SSHOPTS ${hostAttrs.ssh.host} "sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $MODE"
) &
PID_LIST+=" $!"
'') hostnames}
echo "deploys started, waiting for them to finish..."
trap "kill $PID_LIST" SIGINT
wait $PID_LIST
'';
in {
deploy = (lib.mapAttrs (hostname: hostAttrs: mkDeploy [ hostname ]) nixosHosts)
// (lib.mapAttrs (group: hosts: mkDeploy hosts) hostsInAllGroups)
// { all = mkDeploy (lib.attrNames nixosHosts); };
}

6
modules/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
];
}

10
pkgs/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ nixpkgs ? <nixpkgs>, ... }:
let
pkgs = import nixpkgs {};
callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);
newpkgs = {
};
in newpkgs