gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(systems): config -> default, nixos

Browse source
This commit is contained in:
Kat Inskip 2024-01-28 10:30:47 -08:00
parent be0028c3d9
commit acbc8b852c
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
20 changed files with 550 additions and 541 deletions
Download patch file Download diff file Expand all files Collapse all files

17
systems/ct/config.nix
View file

@ -1,17 +0,0 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
({
meta,
lib,
...
}: {
imports = with meta; [
nixos.reisen-ct
];
system.stateVersion = "23.11";
})
];
}

7
systems/ct/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

11
systems/ct/nixos.nix Normal file
View file

@ -0,0 +1,11 @@
{
meta,
lib,
...
}: {
imports = with meta; [
nixos.reisen-ct
];
system.stateVersion = "23.11";
}

2
systems/default.nix
View file

@ -137,7 +137,7 @@
machine = name;
};
})
(set.map (_: c: c.config) tree.systems);
(set.map (_: c: c) tree.systems);
processHost = name: cfg: let
host = cfg.config;
in {

133
systems/hakurei/config.nix
View file

@ -1,133 +0,0 @@
_: {
deploy.hostname = "hakurei.local.gensokyo.zone";
arch = "x86_64";
type = "NixOS";
modules = [
({
config,
meta,
lib,
access,
...
}: let
inherit (lib.modules) mkIf mkMerge;
mediabox = access.systemFor "mediabox";
tei = access.systemFor "tei";
inherit (mediabox.services) plex;
inherit (tei.services) kanidm;
in {
imports = let
inherit (meta) nixos;
in [
nixos.sops
nixos.base
nixos.reisen-ct
nixos.tailscale
nixos.cloudflared
nixos.ddclient
nixos.acme
nixos.nginx
nixos.access.nginx
nixos.access.global
nixos.access.gensokyo
nixos.access.kanidm
nixos.access.proxmox
nixos.access.plex
./reisen-ssh.nix
];
sops.secrets.cloudflared-tunnel-hakurei = {
owner = config.services.cloudflared.user;
};
services.cloudflared = let
tunnelId = "964121e3-b3a9-4cc1-8480-954c4728b604";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflared-tunnel-hakurei.path;
ingress = {
"prox.${config.networking.domain}".service = "http://localhost";
${config.networking.domain}.service = "http://localhost";
};
};
};
security.acme.certs = let
inherit (config.services) nginx tailscale;
inherit (nginx) access;
in {
${access.kanidm.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[access.kanidm.localDomain]
(mkIf kanidm.server.ldap.enable [
access.kanidm.ldapDomain
access.kanidm.ldapLocalDomain
])
(mkIf tailscale.enable [
access.kanidm.tailDomain
])
(mkIf (kanidm.server.ldap.enable && tailscale.enable) [
access.kanidm.ldapTailDomain
])
];
};
${access.proxmox.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[access.proxmox.localDomain]
(mkIf config.services.tailscale.enable [
access.proxmox.tailDomain
])
];
};
${access.plex.domain} = {
inherit (nginx) group;
extraDomainNames = [access.plex.localDomain];
};
};
services.nginx = let
inherit (config.services.nginx) access;
in {
access.plex = assert plex.enable; {
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
};
access.kanidm = assert kanidm.enableServer; {
inherit (kanidm.server.frontend) domain port;
host = tei.networking.access.hostnameForNetwork.local;
ldapPort = kanidm.server.ldap.port;
ldapEnable = kanidm.server.ldap.enable;
};
virtualHosts = {
${access.kanidm.domain} = {
useACMEHost = access.kanidm.domain;
};
${access.proxmox.domain} = {
useACMEHost = access.proxmox.domain;
};
${access.plex.domain} = {
addSSL = true;
useACMEHost = access.plex.domain;
};
};
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A7";
Type = "ether";
};
address = ["10.1.1.41/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";
})
];
}

8
systems/hakurei/default.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
deploy.hostname = "hakurei.local.gensokyo.zone";
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

126
systems/hakurei/nixos.nix Normal file
View file

@ -0,0 +1,126 @@
{
config,
meta,
lib,
access,
...
}: let
inherit (lib.modules) mkIf mkMerge;
mediabox = access.systemFor "mediabox";
tei = access.systemFor "tei";
inherit (mediabox.services) plex;
inherit (tei.services) kanidm;
in {
imports = let
inherit (meta) nixos;
in [
nixos.sops
nixos.base
nixos.reisen-ct
nixos.tailscale
nixos.cloudflared
nixos.ddclient
nixos.acme
nixos.nginx
nixos.access.nginx
nixos.access.global
nixos.access.gensokyo
nixos.access.kanidm
nixos.access.proxmox
nixos.access.plex
./reisen-ssh.nix
];
sops.secrets.cloudflared-tunnel-hakurei = {
owner = config.services.cloudflared.user;
};
services.cloudflared = let
tunnelId = "964121e3-b3a9-4cc1-8480-954c4728b604";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflared-tunnel-hakurei.path;
ingress = {
"prox.${config.networking.domain}".service = "http://localhost";
${config.networking.domain}.service = "http://localhost";
};
};
};
security.acme.certs = let
inherit (config.services) nginx tailscale;
inherit (nginx) access;
in {
${access.kanidm.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[access.kanidm.localDomain]
(mkIf kanidm.server.ldap.enable [
access.kanidm.ldapDomain
access.kanidm.ldapLocalDomain
])
(mkIf tailscale.enable [
access.kanidm.tailDomain
])
(mkIf (kanidm.server.ldap.enable && tailscale.enable) [
access.kanidm.ldapTailDomain
])
];
};
${access.proxmox.domain} = {
inherit (nginx) group;
extraDomainNames = mkMerge [
[access.proxmox.localDomain]
(mkIf config.services.tailscale.enable [
access.proxmox.tailDomain
])
];
};
${access.plex.domain} = {
inherit (nginx) group;
extraDomainNames = [access.plex.localDomain];
};
};
services.nginx = let
inherit (config.services.nginx) access;
in {
access.plex = assert plex.enable; {
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
};
access.kanidm = assert kanidm.enableServer; {
inherit (kanidm.server.frontend) domain port;
host = tei.networking.access.hostnameForNetwork.local;
ldapPort = kanidm.server.ldap.port;
ldapEnable = kanidm.server.ldap.enable;
};
virtualHosts = {
${access.kanidm.domain} = {
useACMEHost = access.kanidm.domain;
};
${access.proxmox.domain} = {
useACMEHost = access.proxmox.domain;
};
${access.plex.domain} = {
addSSL = true;
useACMEHost = access.plex.domain;
};
};
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:C4:66:A7";
Type = "ether";
};
address = ["10.1.1.41/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";
}

98
systems/kuwubernetes/config.nix
View file

@ -1,98 +0,0 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
({
config,
meta,
lib,
modulesPath,
...
}: let
inherit (lib.attrsets) genAttrs nameValuePair;
inherit (builtins) listToAttrs;
dexFiles = [
"ca-key.pem"
"ca.pem"
"ca.srl"
"csr.pem"
"key.pem"
"req.cnf"
];
in {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
nixos.sops
nixos.cloudflared
nixos.k8s
];
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
loader.grub.device = "/dev/sda";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/5ab5efe2-0250-4bf1-8fd6-3725cdd15031";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/b374e454-7af5-46fc-b949-24e38a2216d5";}
];
networking.interfaces.ens18.useDHCP = true;
sops.secrets = let
dexCommon = {
owner = "kubernetes";
};
in
{
cloudflare_kubernetes_tunnel = {
owner = config.services.cloudflared.user;
};
}
// (genAttrs (map (name: "dex-${name}") dexFiles) (_: dexCommon));
environment.etc = listToAttrs (map (name: nameValuePair "dex-ssl/${name}" {source = config.sops.secrets."dex-${name}".path;}) dexFiles);
services.cloudflared = let
tunnelId = "3dde2376-1dd1-4282-b5a4-aba272594976";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflare_kubernetes_tunnel.path;
ingress = {
"k8s.gensokyo.zone" = {
service = "https://localhost:6443";
originRequest.noTLSVerify = true;
};
};
};
};
systemd.network.networks.ens18 = {
name = "ens18";
matchConfig = {
MACAddress = "BC:24:11:49:FE:DC";
Type = "ether";
};
address = ["10.1.1.42/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";
})
];
}

7
systems/kuwubernetes/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

92
systems/kuwubernetes/nixos.nix Normal file
View file

@ -0,0 +1,92 @@
{
config,
meta,
lib,
modulesPath,
...
}: let
inherit (lib.attrsets) genAttrs nameValuePair;
inherit (builtins) listToAttrs;
dexFiles = [
"ca-key.pem"
"ca.pem"
"ca.srl"
"csr.pem"
"key.pem"
"req.cnf"
];
in {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
nixos.sops
nixos.cloudflared
nixos.k8s
];
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
loader.grub.device = "/dev/sda";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/5ab5efe2-0250-4bf1-8fd6-3725cdd15031";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/b374e454-7af5-46fc-b949-24e38a2216d5";}
];
networking.interfaces.ens18.useDHCP = true;
sops.secrets = let
dexCommon = {
owner = "kubernetes";
};
in
{
cloudflare_kubernetes_tunnel = {
owner = config.services.cloudflared.user;
};
}
// (genAttrs (map (name: "dex-${name}") dexFiles) (_: dexCommon));
environment.etc = listToAttrs (map (name: nameValuePair "dex-ssl/${name}" {source = config.sops.secrets."dex-${name}".path;}) dexFiles);
services.cloudflared = let
tunnelId = "3dde2376-1dd1-4282-b5a4-aba272594976";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflare_kubernetes_tunnel.path;
ingress = {
"k8s.gensokyo.zone" = {
service = "https://localhost:6443";
originRequest.noTLSVerify = true;
};
};
};
};
systemd.network.networks.ens18 = {
name = "ens18";
matchConfig = {
MACAddress = "BC:24:11:49:FE:DC";
Type = "ether";
};
address = ["10.1.1.42/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "23.11";
}

130
systems/mediabox/config.nix
View file

@ -1,130 +0,0 @@
_: {
deploy.hostname = "mediabox.local.gensokyo.zone";
arch = "x86_64";
type = "NixOS";
modules = [
({
config,
meta,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (lib.attrsets) mapAttrs mapAttrsToList;
inherit (lib.strings) removePrefix;
inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
kyuuto = "/mnt/kyuuto-media";
kyuuto-library = kyuuto + "/library";
plexLibrary = {
"/mnt/Anime".hostPath = kyuuto-library + "/anime";
"/mnt/Shows".hostPath = kyuuto-library + "/tv";
"/mnt/Movies".hostPath = kyuuto-library + "/movies";
"/mnt/Music".hostPath = kyuuto-library + "/music";
};
in {
imports = let
inherit (meta) nixos;
in [
nixos.reisen-ct
nixos.sops
nixos.nginx
nixos.access.plex
nixos.cloudflared
# media
nixos.plex
nixos.tautulli
nixos.ombi
nixos.deluge
nixos.mediatomb
# yarr harr fiddle dee dee >w<
nixos.radarr
nixos.sonarr
nixos.bazarr
nixos.lidarr
nixos.readarr
nixos.prowlarr
];
services.mediatomb = {
serverName = "tewi";
mediaDirectories = let
mkLibraryDir = dir: {
path = kyuuto-library + "/${dir}";
mountPoint = kyuuto-library;
};
libraryDir = {
path = kyuuto-library;
mountPoint = kyuuto-library;
subdirectories =
mapAttrsToList (
_: {hostPath, ...}:
removePrefix "${kyuuto-library}/" hostPath
)
plexLibrary
++ ["tlmc" "music-raw"];
};
in
[libraryDir] ++ map mkLibraryDir ["tlmc" "music-raw" "lewd"];
};
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [mesa.drivers vaapiVdpau libvdpau-va-gl];
};
fileSystems = let
bind = {
fsType = "none";
options = ["bind" "nofail"];
};
fsPlex = mapAttrs (_: {hostPath, ...}:
mkMerge [
bind
{
device = hostPath;
}
])
plexLibrary;
fsDeluge = {
"${deluge.downloadDir}" = mkIf deluge.enable (mkMerge [
bind
{
device = kyuuto + "/downloads/deluge/download";
}
]);
};
in
mkMerge [
fsPlex
(mkIf deluge.enable fsDeluge)
];
systemd.services.deluged = mkIf deluge.enable {
unitConfig.RequiresMountsFor = [
"${deluge.downloadDir}"
];
};
systemd.services.plex = mkIf plex.enable {
unitConfig.RequiresMountsFor = mapAttrsToList (path: _: path) plexLibrary;
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:34:F4:A8";
Type = "ether";
};
address = ["10.1.1.44/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "21.05";
})
];
}

8
systems/mediabox/default.nix Normal file
View file

@ -0,0 +1,8 @@
_: {
deploy.hostname = "mediabox.local.gensokyo.zone";
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

123
systems/mediabox/nixos.nix Normal file
View file

@ -0,0 +1,123 @@
{
config,
meta,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (lib.attrsets) mapAttrs mapAttrsToList;
inherit (lib.strings) removePrefix;
inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
kyuuto = "/mnt/kyuuto-media";
kyuuto-library = kyuuto + "/library";
plexLibrary = {
"/mnt/Anime".hostPath = kyuuto-library + "/anime";
"/mnt/Shows".hostPath = kyuuto-library + "/tv";
"/mnt/Movies".hostPath = kyuuto-library + "/movies";
"/mnt/Music".hostPath = kyuuto-library + "/music";
};
in {
imports = let
inherit (meta) nixos;
in [
nixos.reisen-ct
nixos.sops
nixos.nginx
nixos.access.plex
nixos.cloudflared
# media
nixos.plex
nixos.tautulli
nixos.ombi
nixos.deluge
nixos.mediatomb
# yarr harr fiddle dee dee >w<
nixos.radarr
nixos.sonarr
nixos.bazarr
nixos.lidarr
nixos.readarr
nixos.prowlarr
];
services.mediatomb = {
serverName = "tewi";
mediaDirectories = let
mkLibraryDir = dir: {
path = kyuuto-library + "/${dir}";
mountPoint = kyuuto-library;
};
libraryDir = {
path = kyuuto-library;
mountPoint = kyuuto-library;
subdirectories =
mapAttrsToList (
_: {hostPath, ...}:
removePrefix "${kyuuto-library}/" hostPath
)
plexLibrary
++ ["tlmc" "music-raw"];
};
in
[libraryDir] ++ map mkLibraryDir ["tlmc" "music-raw" "lewd"];
};
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [mesa.drivers vaapiVdpau libvdpau-va-gl];
};
fileSystems = let
bind = {
fsType = "none";
options = ["bind" "nofail"];
};
fsPlex = mapAttrs (_: {hostPath, ...}:
mkMerge [
bind
{
device = hostPath;
}
])
plexLibrary;
fsDeluge = {
"${deluge.downloadDir}" = mkIf deluge.enable (mkMerge [
bind
{
device = kyuuto + "/downloads/deluge/download";
}
]);
};
in
mkMerge [
fsPlex
(mkIf deluge.enable fsDeluge)
];
systemd.services.deluged = mkIf deluge.enable {
unitConfig.RequiresMountsFor = [
"${deluge.downloadDir}"
];
};
systemd.services.plex = mkIf plex.enable {
unitConfig.RequiresMountsFor = mapAttrsToList (path: _: path) plexLibrary;
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:34:F4:A8";
Type = "ether";
};
address = ["10.1.1.44/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
sops.defaultSopsFile = ./secrets.yaml;
system.stateVersion = "21.05";
}

76
systems/tei/config.nix
View file

@ -1,76 +0,0 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
({
config,
lib,
meta,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (config.services) kanidm mosquitto home-assistant;
in {
imports = let
inherit (meta) nixos;
in [
nixos.reisen-ct
nixos.sops
nixos.tailscale
nixos.cloudflared
nixos.postgres
nixos.nginx
nixos.access.zigbee2mqtt
nixos.access.home-assistant
nixos.vouch
nixos.kanidm
nixos.mosquitto
nixos.home-assistant
nixos.zigbee2mqtt
nixos.syncplay
./cloudflared.nix
];
sops.defaultSopsFile = ./secrets.yaml;
services.kanidm = {
package =
lib.warnIf
(pkgs.kanidm.version != "1.1.0-rc.15")
"upstream kanidm may have localhost oauth2 support now!"
pkgs.kanidm-develop;
};
networking.firewall = {
interfaces.local.allowedTCPPorts = mkMerge [
(mkIf kanidm.enableServer [
kanidm.server.frontend.port
(mkIf kanidm.server.ldap.enable kanidm.server.ldap.port)
])
(mkIf home-assistant.enable [
home-assistant.config.http.server_port
])
(mkIf mosquitto.enable (map (
listener:
listener.port
)
mosquitto.listeners))
];
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:CC:66:57";
Type = "ether";
};
address = ["10.1.1.39/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
})
];
}

7
systems/tei/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

70
systems/tei/nixos.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
lib,
meta,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (config.services) kanidm mosquitto home-assistant;
in {
imports = let
inherit (meta) nixos;
in [
nixos.reisen-ct
nixos.sops
nixos.tailscale
nixos.cloudflared
nixos.postgres
nixos.nginx
nixos.access.zigbee2mqtt
nixos.access.home-assistant
nixos.vouch
nixos.kanidm
nixos.mosquitto
nixos.home-assistant
nixos.zigbee2mqtt
nixos.syncplay
./cloudflared.nix
];
sops.defaultSopsFile = ./secrets.yaml;
services.kanidm = {
package =
lib.warnIf
(pkgs.kanidm.version != "1.1.0-rc.15")
"upstream kanidm may have localhost oauth2 support now!"
pkgs.kanidm-develop;
};
networking.firewall = {
interfaces.local.allowedTCPPorts = mkMerge [
(mkIf kanidm.enableServer [
kanidm.server.frontend.port
(mkIf kanidm.server.ldap.enable kanidm.server.ldap.port)
])
(mkIf home-assistant.enable [
home-assistant.config.http.server_port
])
(mkIf mosquitto.enable (map (
listener:
listener.port
)
mosquitto.listeners))
];
};
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {
MACAddress = "BC:24:11:CC:66:57";
Type = "ether";
};
address = ["10.1.1.39/24"];
gateway = ["10.1.1.1"];
DHCP = "no";
};
system.stateVersion = "23.11";
}

86
systems/tewi/config.nix
View file

@ -1,86 +0,0 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
({
meta,
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = with meta; [
(modulesPath + "/installer/scan/not-detected.nix")
nixos.sops
nixos.tailscale
];
services.kanidm.serverSettings.db_fs_type = "zfs";
services.tailscale.advertiseExitNode = true;
services.postgresql.package = pkgs.postgresql_14;
sops.defaultSopsFile = ./secrets.yaml;
networking = {
useNetworkd = true;
useDHCP = false;
};
services.resolved.enable = true;
boot = {
loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
initrd = {
availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
};
kernelModules = ["kvm-intel"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6c5d82b1-5d11-4c72-96c6-5f90e6ce57f5";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/85DC-72FA";
fsType = "vfat";
};
};
systemd = {
network = {
networks.eno1 = {
inherit (config.systemd.network.links.eno1) matchConfig;
networkConfig = {
DHCP = "yes";
DNSDefaultRoute = true;
MulticastDNS = true;
};
linkConfig.Multicast = true;
};
links.eno1 = {
matchConfig = {
Type = "ether";
Driver = "e1000e";
};
linkConfig = {
WakeOnLan = "magic";
};
};
};
};
swapDevices = lib.singleton {
device = "/dev/disk/by-uuid/137605d3-5e3f-47c8-8070-6783ce651932";
};
system.stateVersion = "21.05";
})
];
}

7
systems/tewi/default.nix Normal file
View file

@ -0,0 +1,7 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
}

80
systems/tewi/nixos.nix Normal file
View file

@ -0,0 +1,80 @@
{
meta,
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = with meta; [
(modulesPath + "/installer/scan/not-detected.nix")
nixos.sops
nixos.tailscale
];
services.kanidm.serverSettings.db_fs_type = "zfs";
services.tailscale.advertiseExitNode = true;
services.postgresql.package = pkgs.postgresql_14;
sops.defaultSopsFile = ./secrets.yaml;
networking = {
useNetworkd = true;
useDHCP = false;
};
services.resolved.enable = true;
boot = {
loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
initrd = {
availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
};
kernelModules = ["kvm-intel"];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6c5d82b1-5d11-4c72-96c6-5f90e6ce57f5";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/85DC-72FA";
fsType = "vfat";
};
};
systemd = {
network = {
networks.eno1 = {
inherit (config.systemd.network.links.eno1) matchConfig;
networkConfig = {
DHCP = "yes";
DNSDefaultRoute = true;
MulticastDNS = true;
};
linkConfig.Multicast = true;
};
links.eno1 = {
matchConfig = {
Type = "ether";
Driver = "e1000e";
};
linkConfig = {
WakeOnLan = "magic";
};
};
};
};
swapDevices = lib.singleton {
device = "/dev/disk/by-uuid/137605d3-5e3f-47c8-8070-6783ce651932";
};
system.stateVersion = "21.05";
}

3
tree.nix
View file

@ -20,6 +20,9 @@
"default"
];
};
"systems/*" = {
aliasDefault = true;
};
"modules/nixos" = {
functor = {
external = with (import (inputs.arcexprs + "/modules")).nixos; [