mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00

No description https://gensokyo.zone

Find a file

kat witch d0e82242d5 oracle nodes: Fix buildability		2021-09-04 19:34:44 +01:00
.github/workflows	CI: fixes for armv6+v7	2021-09-02 22:10:51 +01:00
ci	Move to recursiveMod, nixdirfmt	2021-09-04 01:14:17 +01:00
config	oracle nodes: Fix buildability	2021-09-04 19:34:44 +01:00
nix	Revert update, fix weechat	2021-09-04 03:58:50 +01:00
overlays	oracle nodes: Fix buildability	2021-09-04 19:34:44 +01:00
.envrc	shell: Added shell + .envrc for isRemote	2021-04-28 22:06:39 +01:00
.gitignore	remove kairi user, remove wiki submodule, refactor for nixexprs	2021-08-17 01:59:58 +01:00
.gitmodules	hosts/shinmyoumaru: init, cross: armv6+v7 emulated, stripped base, exprs	2021-09-02 21:17:59 +01:00
.rgignore	hosts/shinmyoumaru: Init (buildable)	2021-09-03 05:03:43 +01:00
CODE_OF_CONDUCT.md	project-wide: Added code of conduct	2021-04-19 18:07:22 +01:00
default.nix	meta: Avoid building rbw-bitw for all hosts	2021-09-04 19:34:09 +01:00
meta.nix	meta: Avoid building rbw-bitw for all hosts	2021-09-04 19:34:09 +01:00
README.md	README update	2021-09-04 03:11:00 +01:00
shell.nix	Trusted: remove CI	2021-09-04 01:45:56 +01:00

README.md

nixfiles

This repository on my self hosted git.

This repository on GitHub.

These are the NixOS configurations for my systems. I run nothing other than NixOS on my hardware, aside from virtual machines.

To-do
Nodes
Profiles
User Profiles
Services
Modules
CI
Dependencies
Commands

To-do

Write my own Dynamic DNS updater to replace the removed Glauca one using knsupdate.
Consider reworking kittywitch/nixexprs and kittywitch/nixfiles-base.
- In-housed kittywitch/nixexprs as exprs.
- Merged my local changes with exprs.
- Prioritise modules reusability.
Expand kittywitch/anicca to be a module that helps with impermanence, too.
- Host impermanence enablement check.
- Break anicca-migrator into interface modules.
- Bind mount status list.
- Bind mount start/enabler script.
Migrate any nodes that can be impermanent to impermanence.
- yule
- beltane
- athame’s successor
Move to using arcnmx/screenstub without any patches.
- Check new config options, port current patch to new config options.
Move waybar modules to using signals.
Make waybar module for gammastep toggle.
Investigate how to fix Yule’s PCI-E issues.
Migrate boline to NixOS.
- Look into ARM cross-compilation w/ nixpkgs.
- Look into existing binary caches.
- Write packages & services for DHT22 exporter + the socat.
Migrate athame to OCI.
- Look into ARM cross-compilation w/ nixpkgs.
- Look into existing binary caches.
- Do backups, figure out per-service backup system for state.
- Create a replacement box before any migration on OCI.
Look into alternatives to Yggdrasil and move to them.
Set up IPv6 network handling for my hosts.
- Fix network module tf-nix integrations.
- Rinnosuke IPv6.
- Local node IPv6 configuration.
Add CI building and caching for required architectures.
- aarch64 specific implementation
- ARMv6 specific implementation
- Generalised emulated compiles.
Imports structure refactor.
- Work on the readTree-like modList replacement.
- Eventually refactor recursiveMod to be sane.
- Extend recursiveMod to allow for merging of structures.
- Create a “lite” base profile for devices like shinmyoumaru.
- Add a shared profile that adds user imports.
- Migrate some of shinmyoumaru’s configuration into profiles.hardware.raspi

Nodes

Node	Purpose
athame	Currently the main server. Ad-hoc hetzner cloud box.
daiyousei	Intended athame replacement. Provisioned OCI Ampere box.
rinnosuke	My primary nameserver. Provisioned OCI EPYC box.
shinmyoumaru	My Raspberry Pi 1 Model B+. DHT22 sensors box.
beltane	Home server. NAS + HTPC, does DVB stuff.
samhain	Beloved workstation. Does VFIO.
yule	Main laptop.
ostara	CCTV netbook.

Profiles

See here for additional information on profiles.

Profile	Purpose
base	Base profile, always used. Root access, base16, home-manager, locale, network module, nix, packages, {,neo}vim profiles, secrets, shell and sysctl configuration.
gui	GUI profile. Provides window managers, includes DNSCrypt/dnscrypt-proxy service, filesystem packages, font, NixOS-side GPG, mingetty, NFS, QT, sound (pipewire) and XDG portal configuration.
shared	Shared systems. Provides hexchen and arc users.
vfio	Provides host-unspecific VFIO. Fancy patched QEMU from arcnmx/nixexprs, arcnmx/screenstub (however, patched in-repo for Q35), AMDGPU vendor-reset and ACS override.
hardware	Sub-profiles for my hardware are provided here. Some are reusable. Of note is the Oracle sub-profiles.
cross	Sub-profiles are provided for emulated compiling and build caching.

User Profiles

Profile	Purpose
base	base16, git, inputrc, packages, secrets, kitty terminfo, SSH, tmux, weechat, vim, xdg and zsh configuration.
dev	cookiecutters, rink, doom-emacs (although unused, forced to use PgtkGcc all fancily :3c), packages, rustfmt and (heavier on the node) vim configuration.
gui	firefox+userChrome+tst, font, kitty terminal, dnkl/foot terminal, GTK, packages, QT, ranger and xdg configuration.
media	mpv, obs, packages and syncplay configuration.
personal	arcnmx/rbw (fancier rbw), email via arcnmx/notmuch-vim, home-manager-side GPG, pass, weechat and zsh configuration.
services	User services. weechat and mpd are provided.
sway	sway, i3gopher, swayidle, swaylock-effects, screenshot tool, kittywitch/konawall-rs, mako, wofi, waybar and xkb (custom layout o:) configuration.

Services

Service	Description
dnscrypt-proxy	DNSCrypt Proxy v2, fancy DNS stuffs.
filehost	I sling things in here via SSH/SCP.
fusionpbx	FusionPBX. Fancy PBX.
gitea	Self-hosted git with mail support.
jellyfin	HTPC/NAS stuff.
katsplash	A splash screen for some hosts.
kattv-ingest	Takes data from kattv, slings to RTMP.
kattv	Takes data from a webcam, slings to kattv-ingest.
knot	Knot DNS, authoritative DNS server.
logrotate	Rotates logs!
mail	nixos-mailserver.
matrix	Synapse and some appservices. Need to migrate the appservice configs in.
murmur	Mumble!
nfs	Network filesy stuff.
nginx	Our NGINX preset configs.
postgres	Database of choice.
radicale	CalDAV, integrated with the mail service.
restic	Backups!
syncplay	Watching videos with friends and lovers. Usually, lovers.
taskserver	Taskwarrior server.
transmission	Linux distros, I swear.
tvheadend	DVB-T ingest for Jellyfin and so on!
vaultwarden	Passwords!
website	Our personal website.
xmpp	Prosody.
zfs	ZFS snapshot settings.
znc	IRC bouncer!

Modules

This list will include the modules provided by kittywitch/nixexprs as “katexprs”. They are available within this repo as exprs.

Module	Domain	Description
arcnmx/nixexprs	NixOS + home-manager	I use… a lot of these. Syncplay, modprobe, base16, i3gopher, weechat, konawall, shell and probably more.
arcnmx/tf-nix	Meta + NixOS + home-manager	Deployment, secrets and terraform.
nix-community/impermanence	NixOS + home-manager	Erase your darlings.
kittywitch/anicca	NixOS + home-manager	WIP Helpful modules for impermanence.
katexprs/nftables	NixOS	Uses nftables for the NixOS firewall module.
katexprs/firewall	NixOS + home-manager	Per-“domain” (private, public) -> interface abstractions for the firewall. Easier to remember.
katexprs/network (WIP)	NixOS + home-manager	Network abstractions. Handles DNS + certs, among virtualHosts.
katexprs/fusionpbx (WIP)	NixOS	FusionPBX.
katexprs/swaylock	home-manager	Easier abstractions for using swaylock-effects.
nixfiles/secrets	Meta + NixOS + home-manager	Helper for tf-nix’s secrets.
nixfiles/deploy	Meta + NixOS + home-manager	tf-nix deployment integration
nixfiles/network	Meta	Enables node to host config assignment & NixOS module.
nixfiles/monitoring	NixOS	Grafana, Prometheus, Loki, node-exporter, netdata, promtail, …
nixfiles/theme	home-manager	Abstractions for themes. SASS templating.
hexchen/yggdrasil	NixOS	Yggdrasil ease of use module.

CI

CI for this repository uses arcnmx/ci, is aarch64 emulated build enabled and aims to achieve two goals:

Action	Purpose
nodes	Build and cache host closures, show state of host evaluability/buildability.
niv-cron	Automatically update the dependencies used by the repository, cache them and host closure build results with them.

Dependencies

Dependency	Reasoning
nmattia/niv	Dependency management. Will move to flakes when stable.
nix-community/home-manager	home-manager. Self-explanatory.
nix-community/NUR	Firefox extensions and such.
arcnmx/tf-nix	The deploy system used, also provides DNS, secrets and node provisioning. (Anything terraform can do.)
arcnmx/ci	The CI integration system used.
arcnmx/nixexprs	Packages and modules I heavily make use of.
nix-community/impermanence	Impermanence! Erase your darlings.
kirelagin/nix-dns	A Nix DSL for zone files. For the WIP nameserver.
kittywitch/anicca	A helper for moving to impermanence.
kittywitch/nixexprs	Packages and modules I have made.
nixos-mailserver	The mail server module I use.
hexchen/nixfiles	Yggdrasil module. Yggdrasil nodes.
nix-community/emacs-overlay	An overlay for emacs versions. Currently unused.
vlaci/nix-doom-emacs	Nixified DOOM emacs. Currently unused.

Commands

The commands here aside from the nix build command are provided through the shell. The <target> and <host> commands are runners provided through arcnmx/tf-nix.

Please use nix-shell or direnv/direnv. The shell is not compatible with nix-community/nix-direnv.

Command	Purpose
`nf-update`	Fancier `niv update`.
`nf-actions`	Updates CI integrations.
`nf-test`	Tests CI actions.
`<target>-apply`	Deploys to the provided target.
`<target>-tf`	Provides you a terraform shell for the provided target.
`<host>-ssh`	SSH into the provided host.
`nix build -f . network.nodes.<host>.deploy.system`	Build a system closure for the provided host.

README.md Unescape Escape