gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: restructure project to remove profiles, users, ...

Browse source
This commit is contained in:
Kat Inskip 2022-07-10 12:59:40 -07:00
parent cb3ae5f434
commit 53655a05fc
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
177 changed files with 544 additions and 2877 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hardware/aarch64-darwin.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, lib, ... }: with lib; {
nixpkgs.system = "aarch64-darwin";
}

5
hardware/aarch64-linux.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, ... }: with lib; {
nixpkgs.localSystem = systems.examples.aarch64-multiplatform // {
system = "aarch64-linux";
};
}

8
hardware/amdgpu.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
with lib;
{
boot.initrd.availableKernelModules = [ "amdgpu" ];
hardware.opengl.extraPackages = with pkgs; [ libvdpau-va-gl vaapiVdpau ];
}

30
hardware/bamboo.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }: with lib; {
options = {
hardware.bamboo.display = mkOption {
type = types.str;
};
home-manager.users = let
userBambooExtend = { config, nixos, ... }: {
config = mkIf config.wayland.windowManager.sway.enable {
wayland.windowManager.sway.config.input = {
"1386:215:Wacom_BambooPT_2FG_Small_Pen" = {
map_to_output = nixos.hardware.bamboo.display;
};
"1386:215:Wacom_BambooPT_2FG_Small_Finger" = {
natural_scroll = "enabled";
middle_emulation = "enabled";
tap = "enabled";
dwt = "enabled";
accel_profile = "flat";
pointer_accel = "0.05";
};
};
};
};
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = singleton userBambooExtend;
});
};
};
}

44
hardware/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, tree, ... }: with lib; let
profiles = tree.prev;
appendedProfiles = with profiles; {
ms-7b86 = {
imports = [
ms-7b86
ryzen
amdgpu
];
};
rm-310 = {
imports = [
rm-310
intel
];
};
v330-14arr = {
imports = [
v330-14arr
ryzen
amdgpu
laptop
networkmanager
];
};
x270 = {
imports = [
x270
intel
laptop
networkmanager
intel-gpu
];
};
eeepc-1015pem = {
imports = [
eeepc-1015pem
intel
laptop
];
};
};
in
profiles // appendedProfiles

17
hardware/eeepc-1015pem.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
{
boot = {
initrd = {
availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
kernelParams = [
"usbcore.autosuspend=-1"
"acpi_osi=Linux"
"acpi_enforce_resources=lax"
];
};
}

11
hardware/intel-gpu.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, pkgs, ... }: {
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
}

13
hardware/intel.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, ... }:
/*
This hardware profile corresponds to any machine which has an Intel processor.
*/
{
hardware.cpu.intel.updateMicrocode = true;
boot = {
kernelModules = [ "kvm-intel" ];
};
}

5
hardware/laptop.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
programs.light.enable = true;
}

12
hardware/ms-7b86.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, ... }:
/*
This hardware profile corresponds to the MSI B450-A PRO MAX system.
*/
with lib;
{
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.kernelModules = [ "nct6775" ];
}

59
hardware/networkmanager.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }: with lib; {
options = {
home-manager.users = let
applets = { config, nixos, ... }: {
xsession.preferStatusNotifierItems = true;
services = {
network-manager-applet.enable = true;
blueman-applet.enable = true;
};
};
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = singleton applets;
});
};
};
config = {
systemd.services.NetworkManager-wait-online = {
serviceConfig.ExecStart = [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
};
hardware.bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
services.blueman.enable = true;
services.pipewire.media-session.config.bluez-monitor = {
properties = { };
rules = [
{
actions = {
update-props = {
"bluez5.a2dp-source-role" = "input";
"bluez5.auto-connect" = [ "hfp_hf" "hsp_hs" "a2dp_sink" "a2dp_source" "hsp_ag" "hfp_ag" ];
};
};
matches = [ { "device.name" = "~bluez_card.*"; } ];
}
{
actions = {
update-props = { "node.pause-on-idle" = false; };
};
matches = [ { "node.name" = "~bluez_input.*"; } { "node.name" = "~bluez_output.*"; } ];
}
];
};
networking = {
networkmanager = {
enable = true;
connectionConfig = {
"ipv6.ip6-privacy" = mkForce 0;
};
};
};
};
}

287
hardware/oracle/common.nix Normal file
View file

@ -0,0 +1,287 @@
{ config, tf, meta, kw, pkgs, lib, inputs, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
cfg = config.kw.oci;
in
{
options.kw.oci = {
base = mkOption {
description = ''
Canonical Ubuntu provides an EXT4 root filesystem.
Oracle Linux provides an XFS root filesystem.
'';
type = with types; enum [
"Canonical Ubuntu"
"Oracle Linux"
];
default = "Canonical Ubuntu";
};
specs = {
shape = mkOption {
type = with types; nullOr str;
default = null;
};
cores = mkOption {
type = with types; nullOr int;
default = null;
};
ram = mkOption {
type = with types; nullOr int;
default = null;
};
space = mkOption {
type = with types; nullOr int;
default = null;
};
};
network = {
privateV4 = mkOption {
type = with types; nullOr int;
default = null;
};
publicV6 = mkOption {
type = with types; nullOr int;
default = null;
};
};
ad = mkOption {
description = ''
Availability Domain.
Important because, for example: EPYC instances can only be provisioned on AD2 in London.
'';
type = with types; nullOr int;
default = null;
};
};
imports = with import (inputs.tf-nix + "/modules"); [
nixos.oracle
];
config =
let
interface = attrByPath [ cfg.specs.shape ] (throw "Unsupported shape") {
"VM.Standard.A1.Flex" = "enp0s3";
"VM.Standard.E2.1.Micro" = "ens3";
};
in
{
networking.interfaces =
{
${interface} = {
useDHCP = true;
ipv6 = {
addresses = mkIf (config.network.addresses.public.nixos.ipv6.enable) [{
address = config.network.addresses.public.nixos.ipv6.address;
prefixLength = 64;
}];
routes = [{
address = "::";
prefixLength = 0;
}];
};
};
};
network = {
addresses = {
public =
let
addr_ipv6_nix =
let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in
assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in
{
enable = true;
nixos.ipv6.address = mkIf tf.state.enable addr_ipv6_nix;
nixos.ipv6.selfaddress = mkIf tf.state.enable addr_ipv6_nix;
tf.ipv6.address = tf.resources."${config.networking.hostName}_ipv6".refAttr "ip_address";
};
};
firewall.public.interfaces = singleton interface;
tf = {
enable = true;
ipv4_attr = "public_ip";
};
};
deploy.tf =
let
compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";
inherit (tf.lib.tf) terraformExpr;
in
{
deploy.systems."${config.networking.hostName}" = {
lustrate = {
enable = true;
connection = tf.resources."${config.networking.hostName}".connection.set;
};
connection = {
port = head config.services.openssh.ports;
};
};
providers.oci = {
inputs = {
tenancy_ocid = oci-root.outputs.oci_tenancy.import;
user_ocid = oci-root.resources.oci_kw_user.importAttr "id";
fingerprint = oci-root.resources.oci_kw_apikey.importAttr "fingerprint";
region = oci-root.outputs.oci_region.import;
private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
};
};
resources = mkMerge [{
cloudinit = {
provider = "cloudinit";
type = "config";
dataSource = true;
inputs = {
part = singleton {
content_type = "text/cloud-config";
content = "#cloud-config\n" + builtins.toJSON {
disable_root = false;
};
};
};
};
availability_domain = {
provider = "oci";
type = "identity_availability_domain";
dataSource = true;
inputs = {
inherit compartment_id;
ad_number = cfg.ad;
};
};
generic_image = {
provider = "oci";
type = "core_images";
dataSource = true;
inputs = {
inherit compartment_id;
inherit (tf.resources."${config.networking.hostName}".inputs) shape;
operating_system = cfg.base;
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
"${config.networking.hostName}_vnic" = {
provider = "oci";
type = "core_vnic_attachments";
dataSource = true;
inputs = {
inherit compartment_id;
instance_id = tf.resources."${config.networking.hostName}".refAttr "id";
};
};
"${config.networking.hostName}_ipv6" = {
provider = "oci";
type = "core_ipv6";
inputs = {
vnic_id = tf.resources."${config.networking.hostName}_vnic".refAttr "vnic_attachments[0].vnic_id";
display_name = config.networking.hostName;
ip_address = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"}", ${toString cfg.network.publicV6})'';
};
};
"${config.networking.hostName}" = {
provider = "oci";
type = "core_instance";
inputs = {
inherit compartment_id;
extended_metadata = { };
metadata = {
ssh_authorized_keys = concatStringsSep "\n" config.users.users.root.openssh.authorizedKeys.keys;
user_data = tf.resources.cloudinit.refAttr "rendered";
};
shape = cfg.specs.shape;
shape_config = {
ocpus = cfg.specs.cores;
memory_in_gbs = cfg.specs.ram;
};
source_details = {
source_type = "image";
source_id = tf.resources.generic_image.refAttr "images[0].id";
boot_volume_size_in_gbs = cfg.specs.space; # min 50GB, up to 200GB free
};
create_vnic_details = [
{
assign_public_ip = true;
subnet_id = oci-root.resources.oci_kw_subnet.importAttr "id";
private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "cidr_block"}", ${toString cfg.network.privateV4})'';
nsg_ids = [
(tf.resources.firewall_group.refAttr "id")
];
}
];
availability_domain = tf.resources.availability_domain.refAttr "name";
};
lifecycle.ignoreChanges = [
"source_details[0].source_id"
"create_vnic_details[0].defined_tags"
"defined_tags"
"metadata"
];
connection = {
type = "ssh";
user = "root";
host = tf.lib.tf.terraformSelf "public_ip";
timeout = "5m";
};
};
firewall_group = {
provider = "oci";
type = "core_network_security_group";
inputs = {
display_name = "${config.networking.hostName} firewall group";
inherit compartment_id;
vcn_id = oci-root.resources.oci_vcn.importAttr "id";
};
};
}
(
let
protoValues = {
TCP = 6;
UDP = 17;
};
inherit (config.networking) firewall;
ipv4 = "0.0.0.0/0";
ipv6 = "::/0";
mapPort = source: protocol: port: {
provider = "oci";
type = "core_network_security_group_security_rule";
inputs = {
network_security_group_id = tf.resources.firewall_group.refAttr "id";
inherit protocol source;
direction = "INGRESS";
${if protocol == protoValues.TCP then "tcp_options" else "udp_options"} = {
destination_port_range =
if isAttrs port then {
min = port.from;
max = port.to;
} else {
min = port;
max = port;
};
};
};
};
sourceProtos = cartesianProductOfSets {
source = [ ipv4 ipv6 ];
protocol = [ protoValues.TCP protoValues.UDP ];
};
mapPortswheeee = port: map ({ source, protocol }: mapPort source protocol port) sourceProtos;
rules = mapPortswheeee { from = 1; to = 65535; };
/*mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
mapAllForInterface =
let
protos = [ "TCP" "UDP" ];
types = [ "Ports" "PortRanges" ];
in
interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);*/
# TODO: use `count` and index into a fancy json or something?
in
listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)
)];
};
};
}

20
hardware/oracle/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ lib, inputs, tree, ... }: with lib; let
profiles = tree.prev;
appendedProfiles = with profiles; {
ubuntu = { config, ... }: {
kw.oci.base = "Canonical Ubuntu";
imports = with import (inputs.tf-nix + "/modules"); [
nixos.ubuntu-linux
common
];
};
oracle = { config, ... }: {
kw.oci.base = "Oracle Linux";
imports = with import (inputs.tf-nix + "/modules"); [
nixos.oracle-linux
common
];
};
};
in
profiles // appendedProfiles

20
hardware/razer.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }: with lib; {
options = {
home-manager.users = let
userRazerExtend = { config, nixos, ... }: {
config = mkIf (config.wayland.windowManager.sway.enable && nixos.hardware.openrazer.enable) {
wayland.windowManager.sway.config.input = {
"5426:103:Razer_Razer_Naga_Trinity" = {
accel_profile = "adaptive";
pointer_accel = "-0.5";
};
};
};
};
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = singleton userRazerExtend;
});
};
};
}

12
hardware/rm-310.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, ... }:
/*
This hardware profile corresponds with the RM DESKTOP 310 system, which is actually just an Intel DQ67OW motherboard.
*/
{
boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
}

54
hardware/ryzen.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, pkgs, lib, ... }: with lib; {
/*
This hardware profile corresponds to any machine which has an AMD Ryzen processor.
*/
options.home-manager.users = let
waybarExtend = { config, ... }: {
options = {
programs.waybar.settings = mkOption {
type = with types; listOf (submodule waybarExtend2);
};
};
};
waybarExtend2 = { config, ... }: {
config = {
modules."temperature#icon".hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp2_input";
modules.temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp2_input";
};
};
polybarExtend = { config, ... }: {
services.polybar.settings."module/temp".hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp1_input";
};
/*
polybarExtend2 = { config, ... }: {
config = {
modules."temperature#icon".hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp2_input";
modules.temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp2_input";
};
};*/
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = [ waybarExtend polybarExtend ];
});
};
config = {
boot = {
kernelModules = [
"msr"
"ryzen_smu"
"kvm-amd"
];
kernelParams = [ "amd_iommu=on" ];
};
hardware.cpu.amd.updateMicrocode = true;
environment.systemPackages = with pkgs; [
lm_sensors
ryzen-smu-monitor_cpu
ryzen-monitor
];
};
}

31
hardware/wifi.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, tf, lib, ... }: with lib;
{
kw.secrets.variables = mapListToAttrs
(field:
nameValuePair "wireless-${field}" {
path = "secrets/wifi";
inherit field;
}) [ "ssid" "psk" ];
deploy.tf.resources = {
wireless-credentials = {
provider = "null";
type = "data_source";
dataSource = true;
inputs.inputs = {
ssid = tf.variables.wireless-ssid.ref;
psk = tf.variables.wireless-psk.ref;
};
};
};
networking.wireless = {
enable = true;
networks = mkIf (builtins.getEnv "TF_IN_AUTOMATION" != "" || tf.state.enable) {
${builtins.unsafeDiscardStringContext (tf.resources.wireless-credentials.getAttr "outputs.ssid")} = {
pskRaw = tf.resources.wireless-credentials.getAttr "outputs.psk";
};
};
};
}

43
hardware/x270.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, ... }: with lib;
/*
This hardware profile corresponds to the Lenovo Thinkpad x270.
*/
{
options.home-manager.users = let
userTouchpadExtend = { config, nixos, ... }: {
wayland.windowManager.sway.config.input."2:7:SynPS/2_Synaptics_TouchPad" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
click_method = "clickfinger";
};
};
waybarExtend = { config, ... }: {
options = {
programs.waybar.settings = mkOption {
type = with types; either (listOf (submodule waybarExtend2)) (attrsOf (submodule waybarExtend2));
};
};
};
waybarExtend2 = { config, ... }: {
config = {
modules.temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon2/temp2_input";
};
};
in mkOption {
type = types.attrsOf (types.submoduleWith {
modules = [ userTouchpadExtend waybarExtend ];
});
};
config = {
boot = {
initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ];
kernelModules = [ "kvm-intel" ];
};
};
}