kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Move to orbstack

Browse source
This commit is contained in:
Kat Inskip 2023-07-18 10:31:11 -07:00
parent 524dd5bb64
commit 4d3287535b
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
5 changed files with 121 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
kat/shell/ssh.nix
View file

@ -5,11 +5,5 @@ _: {
controlPersist = "10m";
hashKnownHosts = true;
compression = true;
extraConfig = ''
Host renko
HostName 192.168.64.3
Port 62954
User root
'';
};
}

6
nixos/common/docs.nix
View file

@ -1,3 +1,5 @@
_: {
documentation.nixos.enable = false;
{lib, ...}: let
inherit (lib.modules) mkForce;
in {
documentation.nixos.enable = mkForce false;
}

14
systems/default.nix
View file

@ -138,14 +138,20 @@
user = "root";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name};
};
hostname = "${name}.inskip.me";
sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
sshUser = "root";
user = "root";
#hostname = "${name}.inskip.me";
#sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
hostname = "localhost";
sshOpts = ["-p" "32222"];
sshUser = "kat";
autoRollback = true;
magicRollback = true;
};
})
(set.optional (host.folder == "nixos" && host.arch == "x86_64") {
${name} = {
remoteBuild = true;
};
})
];
"${host.folder}Configurations".${name} = host.builder {

85
systems/renko.nix
View file

@ -2,19 +2,16 @@ _: let
hostConfig = {
lib,
tree,
pkgs,
inputs,
...
}: let
inherit (lib.modules) mkDefault;
inherit (lib.modules) mkDefault mkForce;
in {
imports = with tree.nixos.roles; [
bootable
imports = [
"${inputs.nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
];
boot = {
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["virtio_pci" "xhci_pci" "usb_storage" "usbhid"];
};
virtualisation.rosetta.enable = true;
fileSystems = {
@ -37,11 +34,81 @@ _: let
{device = "/dev/disk/by-uuid/fd7d113e-7fed-44fc-8ad7-82080f27cd07";}
];
networking.interfaces.enp0s1.useDHCP = mkDefault true;
environment.systemPackages = [
pkgs.btop
];
networking.nftables.enable = mkForce false;
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
nixpkgs.hostPlatform = mkDefault "aarch64-linux";
system.stateVersion = "22.11";
security.sudo.extraRules = [
{
users = ["kat"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# add OrbStack CLI tools to PATH
environment.shellInit = ''
. /opt/orbstack-guest/etc/profile-early
# add your customizations here
. /opt/orbstack-guest/etc/profile-late
'';
# faster DHCP - OrbStack uses SLAAC exclusively
networking.dhcpcd.extraConfig = ''
noarp
noipv6
'';
# disable sshd
services.openssh.enable = true;
# systemd
systemd.services."systemd-oomd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-resolved".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-userdbd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-udevd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timesyncd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timedated".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-portabled".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-nspawn@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-networkd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-machined".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-localed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-logind".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-remote".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-upload".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-importd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-hostnamed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-homed".serviceConfig.WatchdogSec = 0;
# package installation: not needed
# ssh config
programs.ssh.extraConfig = ''
Include /opt/orbstack-guest/etc/ssh_config
'';
# extra certificates
security.pki.certificateFiles = [
"/opt/orbstack-guest/run/extra-certs.crt"
];
};
in {
arch = "aarch64";

40
systems/sumireko.nix
View file

@ -3,8 +3,11 @@ _: let
tree,
pkgs,
inputs,
lib,
...
}: {
}: let
inherit (lib.strings) concatStringsSep;
in {
imports = with tree; [
kat.work
];
@ -15,9 +18,10 @@ _: let
enable = true;
extraConfig = ''
Host renko
HostName 192.168.64.5
User root
IdentityFile /Users/kat/.ssh/id_rsa
HostName 127.0.0.1
Port 32222
User kat
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
'';
};
@ -56,10 +60,28 @@ _: let
];
home-manager.users.kat = {
programs.zsh = {
initExtra = ''
source <(kubectl completion zsh)
home.file.".orbstack/ssh/authorized_keys".text =
(concatStringsSep "\n" tree.kat.user.data.keys)
+ ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On
'';
programs = {
zsh = {
initExtra = ''
source <(kubectl completion zsh)
'';
};
ssh = {
enable = true;
extraConfig = ''
Host renko
HostName 127.0.0.1
Port 32222
User kat
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
'';
};
};
};
@ -72,7 +94,6 @@ _: let
"pandoc"
];
casks = [
"utm"
"barrier"
"bitwarden"
"firefox"
@ -80,9 +101,9 @@ _: let
"dozer"
"devtoys"
"cyberduck"
"docker"
"spotify"
"pycharm-ce"
"element"
"slack"
"boop"
"obsidian"
@ -96,6 +117,7 @@ _: let
"anki"
"firefox"
"google-chrome"
"orbstack"
];
taps = [
"pulumi/tap"