gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

profiles: raspi init, aarch64 init, oracle/common improved, shared

Browse source
This commit is contained in:
kat witch 2021-09-04 02:47:02 +01:00
parent 70e56f4e3f
commit 4102b381f0
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
10 changed files with 118 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -64,7 +64,7 @@ These are the NixOS configurations for my systems. I run nothing other than NixO
- [ ] Eventually refactor recursiveMod to be sane.
- [ ] Extend recursiveMod to allow for merging of structures.
- [ ] Create a “lite” base profile for devices like shinmyoumaru.
- [ ] Add a shared profile that adds user imports.
- [x] Add a shared profile that adds user imports.
- [ ] Migrate some of shinmyoumarus configuration into profiles.hardware.raspi
## Nodes

50
config/hosts/daiyousei/nixos.nix
View file

@ -1,23 +1,10 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
addr_ipv6_nix =
let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in
assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in
{
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; {
imports = with meta; [
profiles.hardware.aarch64
profiles.hardware.oracle.ubuntu
services.nginx
];
deploy.tf.providers.local = { };
nixpkgs.localSystem = systems.examples.aarch64-multiplatform // {
system = "aarch64-linux";
};
kw.oci = {
base = "Canonical Ubuntu";
specs = {
@ -41,37 +28,4 @@ in
networkFilter = [ "public" ];
block.locations."/" = { root = splashy; };
};
networking = {
useDHCP = false;
interfaces.enp0s3 = {
useDHCP = true;
ipv6 = {
addresses = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) [{
address = addr_ipv6_nix;
prefixLength = 64;
}];
routes = [{
address = "::";
prefixLength = 0;
}];
};
};
};
network = {
addresses = {
public = {
enable = true;
# TODO: move into module
nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix;
tf.ipv6.address = tf.resources."${config.networking.hostName}_ipv6".refAttr "ip_address";
};
};
firewall.public.interfaces = singleton "enp0s3";
tf = {
enable = true;
ipv4_attr = "public_ip";
};
};
}

43
config/hosts/rinnosuke/nixos.nix
View file

@ -1,12 +1,4 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
addr_ipv6_nix =
let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in
assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in
{
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; {
imports = with meta; [
profiles.hardware.oracle.ubuntu
services.knot
@ -36,37 +28,4 @@ in
networkFilter = [ "public" ];
block.locations."/" = { root = splashy; };
};
networking = {
useDHCP = false;
interfaces.ens3 = {
useDHCP = true;
ipv6 = {
addresses = mkIf (config.network.addresses.public.nixos.ipv6.enable) [{
address = config.network.addresses.public.nixos.ipv6.address;
prefixLength = 64;
}];
routes = [{
address = "::";
prefixLength = 0;
}];
};
};
};
network = {
dns.enable = false;
addresses = {
public = {
enable = true;
nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix;
tf.ipv6.address = tf.resources.rinnosuke_ipv6.refAttr "ip_address";
};
};
firewall.public.interfaces = singleton "ens3";
tf = {
enable = true;
ipv4_attr = "public_ip";
};
};
}

64
config/hosts/shinmyoumaru/nixos.nix
View file

@ -4,57 +4,15 @@
# Imports
imports = with meta; [
profiles.hardware.raspi
profiles.base
./image.nix
];
nixpkgs.crossOverlays = [
(import ../../../overlays/pi)
];
boot = {
kernelModules = mkForce [ "loop" "atkbd" ];
initrd = {
includeDefaultModules = false;
availableKernelModules = mkForce [
"mmc_block"
"usbhid"
"ext4"
"hid_generic"
"hid_lenovo"
"hid_apple"
"hid_roccat"
"hid_logitech_hidpp"
"hid_logitech_dj"
"hid_microsoft"
];
};
};
home-manager.users.kat.programs.neovim.enable = mkForce false;
home-manager.users.hexchen.programs.vim.enable = mkForce false;
programs.mosh.enable = mkForce false;
# Weird Shit
nixpkgs.crossSystem = systems.examples.raspberryPi // {
system = "armv6l-linux";
};
environment.noXlibs = true;
documentation.info.enable = false;
documentation.man.enable = false;
programs.command-not-found.enable = false;
security.polkit.enable = false;
security.audit.enable = false;
services.udisks2.enable = false;
boot.enableContainers = false;
nix = {
binaryCaches = lib.mkForce [ "https://app.cachix.org/cache/thefloweringash-armv7" ];
binaryCachePublicKeys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ];
};
# Terraform
deploy.tf = {
@ -68,26 +26,6 @@
};
};
# Bootloader
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
consoleLogLevel = lib.mkDefault 7;
kernelPackages = pkgs.linuxPackages_rpi1;
};
# File Systems and Swap
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
# Networking
networking = {

6
config/profiles/base/access.nix
View file

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, meta, ... }:
{
security.sudo.wheelNeedsPassword = lib.mkForce false;
imports = with meta; [
users.kat.base
];
users.users.root = {
hashedPassword =
"$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";

10
config/profiles/base/profiles.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, meta, ... }:
with lib;
@ -7,6 +7,7 @@ with lib;
deploy.profile = {
gui = mkEnableOption "Graphical System";
vfio = mkEnableOption "VFIO";
shared = mkEnableOption "Shared System";
trusted = mkEnableOption "Trusted Submodule";
cross = {
enable = mkEnableOption "cross/emulated compilation";
@ -33,6 +34,7 @@ with lib;
ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW";
raspi = mkEnableOption "Raspberry Pi 1 Model B+";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";
@ -49,7 +51,10 @@ with lib;
options.deploy.profile = {
gui = mkEnableOption "Graphical System";
vfio = mkEnableOption "VFIO";
trusted = mkEnableOption "Trusted Submodule";
shared = mkEnableOption "Shared System";
trusted = mkEnableOption "Trusted Submodule" // {
default = meta.trusted ? secrets;
};
cross = {
enable = mkEnableOption "cross/emulated compilation";
aarch64 = mkOption {
@ -75,6 +80,7 @@ with lib;
ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW";
raspi = mkEnableOption "Raspberry Pi 1 Model B+";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";

5
config/profiles/hardware/aarch64.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
nixpkgs.localSystem = systems.examples.aarch64-multiplatform // {
system = "aarch64-linux";
};
}

42
config/profiles/hardware/oracle/common.nix
View file

@ -56,6 +56,48 @@ in
nixos.oracle
];
config = {
networking.interfaces = let
interface = attrByPath [cfg.specs.shape] (throw "Unsupported shape") {
"VM.Standard.A1.Flex" = "enp0s3";
"VM.Standard.E2.1.Micro" = "ens3";
};
in {
${interface} = {
useDHCP = true;
ipv6 = {
addresses = mkIf (config.network.addresses.public.nixos.ipv6.enable) [{
address = config.network.addresses.public.nixos.ipv6.address;
prefixLength = 64;
}];
routes = [{
address = "::";
prefixLength = 0;
}];
};
};
};
network = {
addresses = {
public = let
addr_ipv6_nix =
let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in
assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in {
enable = true;
nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix;
tf.ipv6.address = tf.resources.rinnosuke_ipv6.refAttr "ip_address";
};
};
firewall.public.interfaces singleton interface;
tf = {
enable = true;
ipv4_attr = "public_ip";
};
};
deploy.tf =
let
compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";

52
config/profiles/hardware/raspi.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, ... }: {
deploy.profil.hardware.raspi = true;
nixpkgs.crossOverlays = [
(import ../../../overlays/pi)
];
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
consoleLogLevel = lib.mkDefault 7;
kernelPackages = pkgs.linuxPackages_rpi1;
kernelModules = mkForce [ "loop" "atkbd" ];
initrd = {
includeDefaultModules = false;
availableKernelModules = mkForce [
"mmc_block"
"usbhid"
"ext4"
"hid_generic"
"hid_lenovo"
"hid_apple"
"hid_roccat"
"hid_logitech_hidpp"
"hid_logitech_dj"
"hid_microsoft"
];
};
};
environment.noXlibs = true;
documentation.info.enable = false;
documentation.man.enable = false;
programs.command-not-found.enable = false;
security.polkit.enable = false;
security.audit.enable = false;
services.udisks2.enable = false;
boot.enableContainers = false;
nixpkgs.crossSystem = systems.examples.raspberryPi // {
system = "armv6l-linux";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
}

1
config/profiles/base/includes.nix → config/profiles/shared.nix
View file

@ -1,6 +1,5 @@
{ config, meta, ... }: {
imports = with meta; [
users.kat.base
users.hexchen
users.arc
];