gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(gengetsu): common nixos.hw.c4130

Browse source
This commit is contained in:
arcnmx 2024-11-24 13:51:35 -08:00
parent 64efbaf503
commit 3c5e7179bb
18 changed files with 217 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/extern/nixos/kyuuto.nix vendored
View file

@ -104,7 +104,8 @@
]; ];
nfs.fstabOptions = [ nfs.fstabOptions = [
"noauto" "noauto"
"lazytime" "noatime" "lazytime"
"noatime"
#"nfsvers=4" #"nfsvers=4"
"soft" "soft"
"nocto" "nocto"
@ -116,7 +117,8 @@
]; ];
smb.fstabOptions = [ smb.fstabOptions = [
"noauto" "noauto"
"lazytime" "noatime" "lazytime"
"noatime"
(mkIf (config.smb.user != null) "user=${config.smb.user}") (mkIf (config.smb.user != null) "user=${config.smb.user}")
]; ];
automount.fstabOptions = [ automount.fstabOptions = [
@ -129,7 +131,8 @@
cfg, cfg,
nfsSubpath, nfsSubpath,
smbSubpath, smbSubpath,
}: mkIf cfg.enable { }:
mkIf cfg.enable {
device = mkMerge [ device = mkMerge [
(mkIf config.nfs.enable "nfs.${config.domain}:/srv/fs/${nfsSubpath}") (mkIf config.nfs.enable "nfs.${config.domain}:/srv/fs/${nfsSubpath}")
(mkIf config.smb.enable ''\\smb.${config.domain}\${smbSubpath}'') (mkIf config.smb.enable ''\\smb.${config.domain}\${smbSubpath}'')
@ -150,7 +153,8 @@
"/mnt/kyuuto-media" = mkKyuutoFs { "/mnt/kyuuto-media" = mkKyuutoFs {
cfg = config.media; cfg = config.media;
nfsSubpath = "kyuuto/media"; nfsSubpath = "kyuuto/media";
smbSubpath = if config.smb.user != null && access.local.enable smbSubpath =
if config.smb.user != null && access.local.enable
then "kyuuto-media" then "kyuuto-media"
else if config.smb.user != null else if config.smb.user != null
then "kyuuto-library-net" then "kyuuto-library-net"

23
nixos/base/access.nix
View file

@ -2,11 +2,20 @@
config, config,
pkgs, pkgs,
meta, meta,
lib,
... ...
}: { }: let
security.sudo.wheelNeedsPassword = false; inherit (lib.modules) mkIf mkDefault;
in {
imports = let
inherit (meta) nixos;
in [
nixos.users
];
security.polkit.extraConfig = '' security.sudo.wheelNeedsPassword = mkDefault false;
security.polkit.extraConfig = mkIf (!config.security.sudo.wheelNeedsPassword) ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
if (subject.isInGroup("wheel")) { if (subject.isInGroup("wheel")) {
return polkit.Result.YES; return polkit.Result.YES;
@ -14,12 +23,6 @@
}); });
''; '';
imports = let
inherit (meta) nixos;
in [
nixos.users
];
users.motd = '' users.motd = ''
${config.networking.hostName}.${config.networking.domain} ${config.networking.hostName}.${config.networking.domain}
@ -27,7 +30,7 @@
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
users.users.root = { users.users.root = {
hashedPassword = "$6$SLue7utn4qXtW1TE$yQOliCPKgkiFST5H6iqCCwT2dn3o4e/h39MaCbhOXVreFQrkWe7ZzJUOzC0u28/0.Hzs6xKSiJnGjbLXvGstr1"; hashedPassword = mkDefault "$6$SLue7utn4qXtW1TE$yQOliCPKgkiFST5H6iqCCwT2dn3o4e/h39MaCbhOXVreFQrkWe7ZzJUOzC0u28/0.Hzs6xKSiJnGjbLXvGstr1";
openssh.authorizedKeys.keys = with pkgs.lib; (concatLists (mapAttrsToList openssh.authorizedKeys.keys = with pkgs.lib; (concatLists (mapAttrsToList
(name: user: (name: user:
if elem "wheel" user.extraGroups if elem "wheel" user.extraGroups

9
nixos/base/ssh.nix
View file

@ -1,10 +1,11 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: let }: let
inherit (lib.modules) mkDefault; inherit (lib.modules) mkIf mkDefault;
inherit (lib.lists) head;
cfg = config.services.openssh;
publicPort = 62954; publicPort = 62954;
in { in {
/* /*
@ -33,4 +34,8 @@ in {
}; };
programs.mosh.enable = true; programs.mosh.enable = true;
boot.initrd.network.ssh = mkIf cfg.enable {
port = mkDefault (head cfg.ports);
};
} }

7
nixos/base/system.nix
View file

@ -1,9 +1,11 @@
{ {
config, config,
gensokyo-zone,
lib, lib,
pkgs, pkgs,
... ...
}: let }: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault;
in { in {
hardware.enableRedistributableFirmware = mkDefault true; hardware.enableRedistributableFirmware = mkDefault true;
@ -23,7 +25,8 @@ in {
services.journald.extraConfig = "SystemMaxUse=512M"; services.journald.extraConfig = "SystemMaxUse=512M";
users.mutableUsers = mkDefault false; users.mutableUsers = mkDefault false;
boot.tmp = { boot.tmp = {
useTmpfs = mkDefault true; cleanOnBoot = mkAlmostOptionDefault true;
tmpfsSize = mkDefault "80%"; useTmpfs = mkAlmostOptionDefault true;
tmpfsSize = mkAlmostOptionDefault "80%";
}; };
} }

6
nixos/hw/c4130.nix
View file

@ -4,16 +4,14 @@
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkIf mkMerge mkDefault; inherit (lib.modules) mkIf mkMerge;
in { in {
imports = [ imports = [
./headless.nix
./metal.nix ./metal.nix
]; ];
boot = { boot = {
loader = {
systemd-boot.enable = mkDefault true;
};
initrd = { initrd = {
systemd.network = mkIf config.networking.useNetworkd { systemd.network = mkIf config.networking.useNetworkd {
networks."40-eno1" = { networks."40-eno1" = {

14
nixos/hw/headless.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
...
}: let
inherit (lib.modules) mkDefault;
in {
boot = {
initrd.systemd.emergencyAccess = mkDefault true;
consoleLogLevel = mkDefault 5;
};
services.getty.autologinUser = mkDefault "root";
documentation.enable = mkDefault false;
}

12
nixos/hw/metal.nix
View file

@ -1,9 +1,19 @@
{ {
pkgs, pkgs,
config, config,
gensokyo-zone,
lib, lib,
... ...
}: { }: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
in {
boot = {
loader = {
systemd-boot.enable = mkAlmostOptionDefault true;
efi.canTouchEfiVariables = mkAlmostOptionDefault true;
};
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.pciutils pkgs.pciutils
pkgs.usbutils pkgs.usbutils

50
nixos/kyuuto/nfs.nix
View file

@ -15,7 +15,13 @@
data = "${nfsRoot}/kyuuto/data"; data = "${nfsRoot}/kyuuto/data";
systems = "${nfsRoot}/kyuuto/systems"; systems = "${nfsRoot}/kyuuto/systems";
}; };
mkSystemExport = { name, fsid, machine, flags ? ["async"], machineFlags ? flagSets.metal }: { mkSystemExport = {
name,
fsid,
machine,
flags ? ["async"],
machineFlags ? flagSets.metal,
}: {
flags = flagSets.common ++ ["fsid=${toString fsid}"] ++ flags; flags = flagSets.common ++ ["fsid=${toString fsid}"] ++ flags;
clients = { clients = {
${name} = { ${name} = {
@ -28,12 +34,18 @@
}; };
}; };
}; };
mkSystemExports = name: { machine, fileSystems }: let mkSystemExports = name: {
machine,
fileSystems,
}: let
systemRoot = "${nfsRoot.systems}/${name}"; systemRoot = "${nfsRoot.systems}/${name}";
mapSystemExport = fsName: fs: nameValuePair "${systemRoot}/${fsName}" (mkSystemExport ({ mapSystemExport = fsName: fs:
nameValuePair "${systemRoot}/${fsName}" (mkSystemExport ({
inherit name machine; inherit name machine;
} // fs)); }
in mapAttrs' mapSystemExport fileSystems; // fs));
in
mapAttrs' mapSystemExport fileSystems;
exportedSystems = { exportedSystems = {
gengetsu = { gengetsu = {
machine = flagSets.gengetsuClients; machine = flagSets.gengetsuClients;
@ -105,21 +117,33 @@ in {
"nfs-mountd.service" "nfs-mountd.service"
]; ];
before = wantedBy; before = wantedBy;
mkMount = { what, where, ... }@args: { mkMount = {
what,
where,
...
} @ args:
{
inherit type options wantedBy before; inherit type options wantedBy before;
} // args; }
mkSystemMount = { name, fsName }: let // args;
mkSystemMount = {
name,
fsName,
}: let
systemRoot = "${nfsRoot.systems}/${name}"; systemRoot = "${nfsRoot.systems}/${name}";
in mkMount { in
mkMount {
what = "${kyuuto.dataDir}/systems/${name}/fs/${fsName}"; what = "${kyuuto.dataDir}/systems/${name}/fs/${fsName}";
where = "${systemRoot}/${fsName}"; where = "${systemRoot}/${fsName}";
}; };
mapSystemMounts = name: { fileSystems, ... }: let mapSystemMounts = name: {fileSystems, ...}: let
mapFileSystem = fsName: fs: mkSystemMount { inherit name fsName; }; mapFileSystem = fsName: fs: mkSystemMount {inherit name fsName;};
in mapAttrsToList mapFileSystem fileSystems; in
mapAttrsToList mapFileSystem fileSystems;
systemMounts = let systemMounts = let
systemMounts = mapAttrsToList mapSystemMounts exportedSystems; systemMounts = mapAttrsToList mapSystemMounts exportedSystems;
in concatLists systemMounts; in
concatLists systemMounts;
exportMounts = map mkMount [ exportMounts = map mkMount [
{ {
what = kyuuto.mountDir; what = kyuuto.mountDir;

22
nixos/netboot/kyuuto.nix
View file

@ -29,7 +29,8 @@ in {
default = [ default = [
"nolock" # required in order to mount in initrd when statd daemon isn't running "nolock" # required in order to mount in initrd when statd daemon isn't running
"nocto" "nocto"
"lazytime" "noatime" "lazytime"
"noatime"
"actimeo=${toString defaultCacheTimeoutMax}" "actimeo=${toString defaultCacheTimeoutMax}"
"acregmin=${toString defaultCacheTimeoutMin}" "acregmin=${toString defaultCacheTimeoutMin}"
"acdirmin=${toString defaultCacheTimeoutMin}" "acdirmin=${toString defaultCacheTimeoutMin}"
@ -47,7 +48,8 @@ in {
}; };
}; };
availableKernelModules = mkIf nfsEnabled [ availableKernelModules = mkIf nfsEnabled [
"nfsv4" "nfsv3" "nfsv4"
"nfsv3"
]; ];
extraUtilsCommands = mkIf (nfsEnabled && !config.boot.initrd.systemd.enable) '' extraUtilsCommands = mkIf (nfsEnabled && !config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${cfg.nfs.package}/sbin/mount.nfs copy_bin_and_libs ${cfg.nfs.package}/sbin/mount.nfs
@ -60,7 +62,7 @@ in {
(mkIf config.boot.initrd.network.enable [ (mkIf config.boot.initrd.network.enable [
pkgs.iproute2 pkgs.iproute2
]) ])
[ pkgs.util-linux pkgs.gnugrep ] [pkgs.util-linux pkgs.gnugrep]
]; ];
network = mkIf config.networking.useNetworkd { network = mkIf config.networking.useNetworkd {
enable = mkDefault true; enable = mkDefault true;
@ -69,20 +71,24 @@ in {
}; };
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = false; efi.canTouchEfiVariables = mkIf cfg.boot.enable false;
}; };
}; };
fileSystems = let fileSystems = let
nfsUrl = access.proxyUrlFor { nfsUrl =
access.proxyUrlFor {
serviceName = "nfs"; serviceName = "nfs";
scheme = ""; scheme = "";
defaultPort = 2049; defaultPort = 2049;
# XXX: consider using dns hostname here instead? (does this require the dns_resolver kernel module?) # XXX: consider using dns hostname here instead? (does this require the dns_resolver kernel module?)
getAddressFor = "getAddress4For"; getAddressFor = "getAddress4For";
} + ":/srv/fs/kyuuto/systems/${systemConfig.name}"; }
nfsOpts = [ + ":/srv/fs/kyuuto/systems/${systemConfig.name}";
nfsOpts =
[
"sec=${cfg.nfs.security}" "sec=${cfg.nfs.security}"
] ++ cfg.nfs.flags; ]
++ cfg.nfs.flags;
in { in {
"/" = { "/" = {
device = "${nfsUrl}/root"; device = "${nfsUrl}/root";

10
nixos/nfs.nix
View file

@ -63,9 +63,11 @@ in {
optional (local.enable or false && local.address4 != null) "${local.address4}/32" optional (local.enable or false && local.address4 != null) "${local.address4}/32"
++ optional (local.enable or false && local.address6 != null) "${local.address6}/128"; ++ optional (local.enable or false && local.address6 != null) "${local.address6}/128";
allowed = allowed =
if addrs != [] then addrs if addrs != []
then addrs
else lib.warn "${name} NFS: falling back to all LAN" cidrForNetwork.allLan.all; else lib.warn "${name} NFS: falling back to all LAN" cidrForNetwork.allLan.all;
in allowed; in
allowed;
mkC4130Client = name: mkMetalClient name ++ mkMetalClient "idrac-${name}"; mkC4130Client = name: mkMetalClient name ++ mkMetalClient "idrac-${name}";
in { in {
common = [ common = [
@ -91,7 +93,9 @@ in {
"ro" "ro"
]; ];
metal = [ metal = [
"sec=sys" "no_root_squash" "rw" "sec=sys"
"no_root_squash"
"rw"
]; ];
# client machines # client machines
clientGroups = [ clientGroups = [

12
nixos/reisen-ct/proxmox.nix
View file

@ -3,6 +3,7 @@
gensokyo-zone, gensokyo-zone,
lib, lib,
modulesPath, modulesPath,
meta,
... ...
}: let }: let
inherit (gensokyo-zone.lib) unmerged; inherit (gensokyo-zone.lib) unmerged;
@ -10,17 +11,20 @@
inherit (lib.attrsets) mapAttrsToList; inherit (lib.attrsets) mapAttrsToList;
inherit (systemConfig) proxmox; inherit (systemConfig) proxmox;
in { in {
imports = [ imports = let
inherit (meta) nixos;
in [
nixos.hw.headless
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
]; ];
services.getty.autologinUser = mkDefault "root";
documentation.enable = mkDefault false;
environment.variables = { environment.variables = {
# nix default is way too big # nix default is way too big
GC_INITIAL_HEAP_SIZE = mkDefault "8M"; GC_INITIAL_HEAP_SIZE = mkDefault "8M";
}; };
# XXX: this might be okay if the nix daemon's tmp is overridden
# (but still avoid since containers are usually low on provisioned memory)
boot.tmp.useTmpfs = mkDefault false;
proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true; proxmoxLXC.privileged = mkIf (proxmox.container.enable && proxmox.container.privileged) true;

10
systems/gengetsu/default.nix
View file

@ -6,12 +6,10 @@ _: {
modules = [ modules = [
./nixos.nix ./nixos.nix
]; ];
deploy.hostname = "10.1.1.204"; exports = {
deploy.sshOpts = []; services = {
#exports = { };
#services = { };
#};
#};
network.networks = { network.networks = {
local = { local = {
macAddress = "54:48:10:f3:fe:aa"; macAddress = "54:48:10:f3:fe:aa";

47
systems/gengetsu/hardware-configuration.nix Normal file
View file

@ -0,0 +1,47 @@
{
meta,
config,
...
}: {
imports = let
inherit (meta) nixos;
in [
nixos.hw.c4130
#nixos.netboot.kyuuto
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/bf317f5d-ffc2-45fd-9621-b645ff7223fc";
fsType = "xfs";
options = ["lazytime" "noatime"];
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
};
networking.useNetworkd = true;
systemd.network = {
networks."40-eno1" = {
inherit (config.systemd.network.links.eno1) matchConfig;
address = ["10.1.1.61/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
networkConfig = {
IPv6AcceptRA = true;
};
linkConfig = {
Multicast = true;
};
};
links.eno1 = {
matchConfig = {
Type = "ether";
MACAddress = "54:48:10:f3:fe:aa";
};
};
};
}

40
systems/gengetsu/nixos.nix
View file

@ -1,47 +1,11 @@
{ {meta, ...}: {
meta,
config,
lib,
modulesPath,
pkgs,
...
}: {
imports = let imports = let
inherit (meta) nixos; inherit (meta) nixos;
in [ in [
./hardware-configuration.nix
#nixos.sops #nixos.sops
nixos.base nixos.base
]; ];
boot = {
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
kernelModules = [];
systemd.emergencyAccess = true;
};
kernelModules = [];
extraModulePackages = [];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/bf317f5d-ffc2-45fd-9621-b645ff7223fc";
fsType = "xfs";
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
};
environment.systemPackages = [
pkgs.ipmitool
];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

9
systems/logistics/hardware-configuration.nix
View file

@ -2,12 +2,19 @@
config, config,
pkgs, pkgs,
lib, lib,
meta,
... ...
}: let }: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
opengl32 = false; opengl32 = false;
opencl = false; opencl = false;
in { in {
imports = let
inherit (meta) nixos;
in [
nixos.hw.metal
];
boot = { boot = {
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
kernelModules = ["kvm-intel"]; kernelModules = ["kvm-intel"];
@ -41,4 +48,6 @@ in {
]; ];
}; };
}; };
networking.networkmanager.enable = true;
} }

5
systems/logistics/nixos.nix
View file

@ -21,11 +21,6 @@ in {
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.lightdm.enable = true; displayManager.lightdm.enable = true;

1
systems/mugetsu/hardware-configuration.nix
View file

@ -7,6 +7,7 @@
inherit (meta) nixos; inherit (meta) nixos;
in [ in [
nixos.hw.c4130 nixos.hw.c4130
nixos.netboot.kyuuto
]; ];
fileSystems = { fileSystems = {

6
systems/mugetsu/nixos.nix
View file

@ -1,14 +1,10 @@
{ {meta, ...}: {
meta,
...
}: {
imports = let imports = let
inherit (meta) nixos; inherit (meta) nixos;
in [ in [
./hardware-configuration.nix ./hardware-configuration.nix
#nixos.sops #nixos.sops
nixos.base nixos.base
nixos.netboot.kyuuto
]; ];
system.stateVersion = "24.11"; system.stateVersion = "24.11";