kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Move to orbstack

Browse source
This commit is contained in:
Kat Inskip 2023-07-18 10:31:11 -07:00
parent 524dd5bb64
commit 4d3287535b
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
5 changed files with 121 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
kat/shell/ssh.nix
View file

@ -5,11 +5,5 @@ _: {
controlPersist = "10m"; controlPersist = "10m";
hashKnownHosts = true; hashKnownHosts = true;
compression = true; compression = true;
extraConfig = ''
Host renko
HostName 192.168.64.3
Port 62954
User root
'';
}; };
} }

6
nixos/common/docs.nix
View file

@ -1,3 +1,5 @@
_: { {lib, ...}: let
documentation.nixos.enable = false; inherit (lib.modules) mkForce;
in {
documentation.nixos.enable = mkForce false;
} }

14
systems/default.nix
View file

@ -138,14 +138,20 @@
user = "root"; user = "root";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name}; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name};
}; };
hostname = "${name}.inskip.me"; #hostname = "${name}.inskip.me";
sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"]; #sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
sshUser = "root"; hostname = "localhost";
user = "root"; sshOpts = ["-p" "32222"];
sshUser = "kat";
autoRollback = true; autoRollback = true;
magicRollback = true; magicRollback = true;
}; };
}) })
(set.optional (host.folder == "nixos" && host.arch == "x86_64") {
${name} = {
remoteBuild = true;
};
})
]; ];
"${host.folder}Configurations".${name} = host.builder { "${host.folder}Configurations".${name} = host.builder {

85
systems/renko.nix
View file

@ -2,19 +2,16 @@ _: let
hostConfig = { hostConfig = {
lib, lib,
tree, tree,
pkgs,
inputs,
... ...
}: let }: let
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault mkForce;
in { in {
imports = with tree.nixos.roles; [ imports = [
bootable "${inputs.nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
]; ];
boot = {
loader.systemd-boot.enable = true;
initrd.availableKernelModules = ["virtio_pci" "xhci_pci" "usb_storage" "usbhid"];
};
virtualisation.rosetta.enable = true; virtualisation.rosetta.enable = true;
fileSystems = { fileSystems = {
@ -37,11 +34,81 @@ _: let
{device = "/dev/disk/by-uuid/fd7d113e-7fed-44fc-8ad7-82080f27cd07";} {device = "/dev/disk/by-uuid/fd7d113e-7fed-44fc-8ad7-82080f27cd07";}
]; ];
networking.interfaces.enp0s1.useDHCP = mkDefault true; environment.systemPackages = [
pkgs.btop
];
networking.nftables.enable = mkForce false;
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
nixpkgs.hostPlatform = mkDefault "aarch64-linux"; nixpkgs.hostPlatform = mkDefault "aarch64-linux";
system.stateVersion = "22.11"; system.stateVersion = "22.11";
security.sudo.extraRules = [
{
users = ["kat"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# add OrbStack CLI tools to PATH
environment.shellInit = ''
. /opt/orbstack-guest/etc/profile-early
# add your customizations here
. /opt/orbstack-guest/etc/profile-late
'';
# faster DHCP - OrbStack uses SLAAC exclusively
networking.dhcpcd.extraConfig = ''
noarp
noipv6
'';
# disable sshd
services.openssh.enable = true;
# systemd
systemd.services."systemd-oomd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-resolved".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-userdbd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-udevd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timesyncd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timedated".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-portabled".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-nspawn@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-networkd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-machined".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-localed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-logind".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-remote".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-upload".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-importd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-hostnamed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-homed".serviceConfig.WatchdogSec = 0;
# package installation: not needed
# ssh config
programs.ssh.extraConfig = ''
Include /opt/orbstack-guest/etc/ssh_config
'';
# extra certificates
security.pki.certificateFiles = [
"/opt/orbstack-guest/run/extra-certs.crt"
];
}; };
in { in {
arch = "aarch64"; arch = "aarch64";

40
systems/sumireko.nix
View file

@ -3,8 +3,11 @@ _: let
tree, tree,
pkgs, pkgs,
inputs, inputs,
lib,
... ...
}: { }: let
inherit (lib.strings) concatStringsSep;
in {
imports = with tree; [ imports = with tree; [
kat.work kat.work
]; ];
@ -15,9 +18,10 @@ _: let
enable = true; enable = true;
extraConfig = '' extraConfig = ''
Host renko Host renko
HostName 192.168.64.5 HostName 127.0.0.1
User root Port 32222
IdentityFile /Users/kat/.ssh/id_rsa User kat
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
''; '';
}; };
@ -56,10 +60,28 @@ _: let
]; ];
home-manager.users.kat = { home-manager.users.kat = {
programs.zsh = { home.file.".orbstack/ssh/authorized_keys".text =
initExtra = '' (concatStringsSep "\n" tree.kat.user.data.keys)
source <(kubectl completion zsh) + ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On
''; '';
programs = {
zsh = {
initExtra = ''
source <(kubectl completion zsh)
'';
};
ssh = {
enable = true;
extraConfig = ''
Host renko
HostName 127.0.0.1
Port 32222
User kat
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
'';
};
}; };
}; };
@ -72,7 +94,6 @@ _: let
"pandoc" "pandoc"
]; ];
casks = [ casks = [
"utm"
"barrier" "barrier"
"bitwarden" "bitwarden"
"firefox" "firefox"
@ -80,9 +101,9 @@ _: let
"dozer" "dozer"
"devtoys" "devtoys"
"cyberduck" "cyberduck"
"docker"
"spotify" "spotify"
"pycharm-ce" "pycharm-ce"
"element"
"slack" "slack"
"boop" "boop"
"obsidian" "obsidian"
@ -96,6 +117,7 @@ _: let
"anki" "anki"
"firefox" "firefox"
"google-chrome" "google-chrome"
"orbstack"
]; ];
taps = [ taps = [
"pulumi/tap" "pulumi/tap"