zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

nixpkgs-fmt everything

Browse Source
This commit is contained in:
Zuckerberg 2023-04-04 23:30:28 -06:00
parent 3c683e7b9e
commit f68a4f4431
67 changed files with 400 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/auto-update.nix
View File

@ -4,11 +4,12 @@
let let
cfg = config.system.autoUpgrade; cfg = config.system.autoUpgrade;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
system.autoUpgrade = { system.autoUpgrade = {
flake = "git+https://git.neet.dev/zuckerberg/nix-config.git"; flake = "git+https://git.neet.dev/zuckerberg/nix-config.git";
flags = [ "--recreate-lock-file" ]; # ignore lock file, just pull the latest flags = [ "--recreate-lock-file" ]; # ignore lock file, just pull the latest
}; };
}; };
} }

5
common/boot/bios.nix
View File

@ -3,7 +3,8 @@
with lib; with lib;
let let
cfg = config.bios; cfg = config.bios;
in { in
{
options.bios = { options.bios = {
enable = mkEnableOption "enable bios boot"; enable = mkEnableOption "enable bios boot";
device = mkOption { device = mkOption {
@ -25,4 +26,4 @@ in {
}; };
}; };
}; };
} }

2
common/boot/default.nix
View File

@ -7,4 +7,4 @@
./bios.nix ./bios.nix
./remote-luks-unlock.nix ./remote-luks-unlock.nix
]; ];
} }

5
common/boot/efi.nix
View File

@ -3,7 +3,8 @@
with lib; with lib;
let let
cfg = config.efi; cfg = config.efi;
in { in
{
options.efi = { options.efi = {
enable = mkEnableOption "enable efi boot"; enable = mkEnableOption "enable efi boot";
}; };
@ -19,7 +20,7 @@ in {
version = 2; version = 2;
efiSupport = true; efiSupport = true;
useOSProber = true; useOSProber = true;
# memtest86.enable = true; # memtest86.enable = true;
configurationLimit = 20; configurationLimit = 20;
theme = pkgs.nixos-grub2-theme; theme = pkgs.nixos-grub2-theme;
}; };

5
common/boot/firmware.nix
View File

@ -3,7 +3,8 @@
with lib; with lib;
let let
cfg = config.firmware; cfg = config.firmware;
in { in
{
options.firmware.x86_64 = { options.firmware.x86_64 = {
enable = mkEnableOption "enable x86_64 firmware"; enable = mkEnableOption "enable x86_64 firmware";
}; };
@ -14,4 +15,4 @@ in {
}; };
# services.fwupd.enable = true; # services.fwupd.enable = true;
} }

56
common/boot/remote-luks-unlock.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.remoteLuksUnlock; cfg = config.remoteLuksUnlock;
in { in
{
options.remoteLuksUnlock = { options.remoteLuksUnlock = {
enable = lib.mkEnableOption "enable luks root remote decrypt over ssh/tor"; enable = lib.mkEnableOption "enable luks root remote decrypt over ssh/tor";
enableTorUnlock = lib.mkOption { enableTorUnlock = lib.mkOption {
@ -61,33 +62,38 @@ in {
copy_bin_and_libs ${pkgs.haveged}/bin/haveged copy_bin_and_libs ${pkgs.haveged}/bin/haveged
''; '';
boot.initrd.network.postCommands = lib.mkMerge [ boot.initrd.network.postCommands = lib.mkMerge [
('' (
# Add nice prompt for giving LUKS passphrase over ssh ''
echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile # Add nice prompt for giving LUKS passphrase over ssh
'') echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile
''
(let torRc = (pkgs.writeText "tor.rc" '' )
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 22 127.0.0.1:22
''); in lib.mkIf cfg.enableTorUnlock ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "make sure localhost is up" (
ip a a 127.0.0.1/8 dev lo let torRc = (pkgs.writeText "tor.rc" ''
ip link set lo up DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 22 127.0.0.1:22
''); in
lib.mkIf cfg.enableTorUnlock ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "haveged: starting haveged" echo "make sure localhost is up"
haveged -F & ip a a 127.0.0.1/8 dev lo
ip link set lo up
echo "tor: starting tor" echo "haveged: starting haveged"
tor -f ${torRc} --verify-config haveged -F &
tor -f ${torRc} &
'') echo "tor: starting tor"
tor -f ${torRc} --verify-config
tor -f ${torRc} &
''
)
]; ];
}; };
} }

3
common/default.nix
View File

@ -40,7 +40,8 @@ in
wget wget
kakoune kakoune
htop htop
git git-lfs git
git-lfs
dnsutils dnsutils
tmux tmux
nethogs nethogs

3
common/flakes.nix
View File

@ -2,7 +2,8 @@
with lib; with lib;
let let
cfg = config.nix.flakes; cfg = config.nix.flakes;
in { in
{
options.nix.flakes = { options.nix.flakes = {
enable = mkEnableOption "use nix flakes"; enable = mkEnableOption "use nix flakes";
}; };

2
common/network/default.nix
View File

@ -21,4 +21,4 @@ in
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
}; };
} }

11
common/network/hosts.nix
View File

@ -22,7 +22,8 @@ let
ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion"; ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion";
s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion"; s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion";
}; };
in { in
{
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
ponyo = { ponyo = {
hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ]; hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ];
@ -56,7 +57,7 @@ in {
# prebuilt cmds for easy ssh LUKS unlock # prebuilt cmds for easy ssh LUKS unlock
environment.shellAliases = environment.shellAliases =
concatMapAttrs (host: addr: {"unlock-over-tor_${host}" = "torsocks ssh root@${addr}";}) unlock-onion-hosts concatMapAttrs (host: addr: { "unlock-over-tor_${host}" = "torsocks ssh root@${addr}"; }) unlock-onion-hosts
// //
concatMapAttrs (host: addr: {"unlock_${host}" = "ssh root@${addr}";}) unlock-clearnet-hosts; concatMapAttrs (host: addr: { "unlock_${host}" = "ssh root@${addr}"; }) unlock-clearnet-hosts;
} }

2
common/network/pia-openvpn.nix
View File

@ -110,4 +110,4 @@ in
}; };
age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf; age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf;
}; };
} }

7
common/network/pia-wireguard.nix
View File

@ -72,7 +72,8 @@ let
portForwarding = cfg.forwardPortForTransmission || cfg.forwardedPort != null; portForwarding = cfg.forwardPortForTransmission || cfg.forwardedPort != null;
containerServiceName = "container@${config.vpn-container.containerName}.service"; containerServiceName = "container@${config.vpn-container.containerName}.service";
in { in
{
options.pia.wireguard = { options.pia.wireguard = {
enable = mkEnableOption "Enable private internet access"; enable = mkEnableOption "Enable private internet access";
badPortForwardPorts = mkOption { badPortForwardPorts = mkOption {
@ -157,7 +158,7 @@ in {
# restart once a month; PIA forwarded port expires after two months # restart once a month; PIA forwarded port expires after two months
# because the container is "PartOf" this unit, it gets restarted too # because the container is "PartOf" this unit, it gets restarted too
RuntimeMaxSec="30d"; RuntimeMaxSec = "30d";
}; };
script = '' script = ''
@ -353,4 +354,4 @@ in {
age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf; age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf;
}; };
} }

33
common/network/ping.nix
View File

@ -11,34 +11,35 @@ let
cfg = config.keepalive-ping; cfg = config.keepalive-ping;
serviceTemplate = host: serviceTemplate = host:
{ {
"keepalive-ping@${host}" = { "keepalive-ping@${host}" = {
description = "Periodic ping keep alive for ${host} connection"; description = "Periodic ping keep alive for ${host} connection";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ]; after = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Restart="always"; serviceConfig.Restart = "always";
path = with pkgs; [ iputils ]; path = with pkgs; [ iputils ];
script = '' script = ''
ping -i ${cfg.delay} ${host} &>/dev/null ping -i ${cfg.delay} ${host} &>/dev/null
''; '';
};
}; };
};
combineAttrs = foldl recursiveUpdate {}; combineAttrs = foldl recursiveUpdate { };
serviceList = map serviceTemplate cfg.hosts; serviceList = map serviceTemplate cfg.hosts;
services = combineAttrs serviceList; services = combineAttrs serviceList;
in { in
{
options.keepalive-ping = { options.keepalive-ping = {
enable = mkEnableOption "Enable keep alive ping task"; enable = mkEnableOption "Enable keep alive ping task";
hosts = mkOption { hosts = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
description = '' description = ''
Hosts to ping periodically Hosts to ping periodically
''; '';
@ -55,4 +56,4 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services = services; systemd.services = services;
}; };
} }

2
common/network/tailscale.nix
View File

@ -17,4 +17,4 @@ in
# exit node # exit node
config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose"; config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose";
config.networking.ip_forward = mkIf cfg.exitNode true; config.networking.ip_forward = mkIf cfg.exitNode true;
} }

6
common/network/vpn.nix
View File

@ -30,7 +30,7 @@ in
config = mkOption { config = mkOption {
type = types.anything; type = types.anything;
default = {}; default = { };
example = '' example = ''
{ {
services.nginx.enable = true; services.nginx.enable = true;
@ -70,7 +70,7 @@ in
localAddress = "172.16.100.2"; localAddress = "172.16.100.2";
config = { config = {
imports = allModules ++ [cfg.config]; imports = allModules ++ [ cfg.config ];
# speeds up evaluation # speeds up evaluation
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
@ -106,4 +106,4 @@ in
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
networking.nat.externalInterface = "eth0"; networking.nat.externalInterface = "eth0";
}; };
} }

25
common/pc/audio.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# enable pulseaudio support for packages # enable pulseaudio support for packages
nixpkgs.config.pulseaudio = true; nixpkgs.config.pulseaudio = true;
@ -28,29 +29,29 @@ in {
# properyty when no other driver is currently active. JACK clients need this. # properyty when no other driver is currently active. JACK clients need this.
factory = "spa-node-factory"; factory = "spa-node-factory";
args = { args = {
"factory.name" = "support.node.driver"; "factory.name" = "support.node.driver";
"node.name" = "Dummy-Driver"; "node.name" = "Dummy-Driver";
"priority.driver" = 8000; "priority.driver" = 8000;
}; };
} }
{ {
factory = "adapter"; factory = "adapter";
args = { args = {
"factory.name" = "support.null-audio-sink"; "factory.name" = "support.null-audio-sink";
"node.name" = "Microphone-Proxy"; "node.name" = "Microphone-Proxy";
"node.description" = "Microphone"; "node.description" = "Microphone";
"media.class" = "Audio/Source/Virtual"; "media.class" = "Audio/Source/Virtual";
"audio.position" = "MONO"; "audio.position" = "MONO";
}; };
} }
{ {
factory = "adapter"; factory = "adapter";
args = { args = {
"factory.name" = "support.null-audio-sink"; "factory.name" = "support.null-audio-sink";
"node.name" = "Main-Output-Proxy"; "node.name" = "Main-Output-Proxy";
"node.description" = "Main Output"; "node.description" = "Main Output";
"media.class" = "Audio/Sink"; "media.class" = "Audio/Sink";
"audio.position" = "FL,FR"; "audio.position" = "FL,FR";
}; };
} }
]; ];

5
common/pc/chromium.nix
View File

@ -49,7 +49,8 @@ let
]; ];
}; };
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# chromium with specific extensions + settings # chromium with specific extensions + settings
programs.chromium = { programs.chromium = {
@ -92,7 +93,7 @@ in {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau # vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
nvidia-vaapi-driver nvidia-vaapi-driver

11
common/pc/default.nix
View File

@ -2,15 +2,16 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
imports = [ imports = [
./kde.nix ./kde.nix
./xfce.nix ./xfce.nix
./yubikey.nix ./yubikey.nix
./chromium.nix ./chromium.nix
# ./firefox.nix # ./firefox.nix
./audio.nix ./audio.nix
# ./torbrowser.nix # ./torbrowser.nix
./pithos.nix ./pithos.nix
./spotify.nix ./spotify.nix
./vscodium.nix ./vscodium.nix
@ -52,6 +53,10 @@ in {
jellyfin-media-player jellyfin-media-player
joplin-desktop joplin-desktop
config.inputs.deploy-rs.packages.${config.currentSystem}.deploy-rs config.inputs.deploy-rs.packages.${config.currentSystem}.deploy-rs
# For Nix IDE
nixpkgs-fmt
rnix-lsp
]; ];
# Networking # Networking

5
common/pc/discord.nix
View File

@ -2,10 +2,11 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.googlebot.packages = [ users.users.googlebot.packages = [
pkgs.discord pkgs.discord
]; ];
}; };
} }

8
common/pc/firefox.nix
View File

@ -20,7 +20,7 @@ let
}; };
firefox = pkgs.wrapFirefox somewhatPrivateFF { firefox = pkgs.wrapFirefox somewhatPrivateFF {
desktopName = "Sneed Browser"; desktopName = "Sneed Browser";
nixExtensions = [ nixExtensions = [
(pkgs.fetchFirefoxAddon { (pkgs.fetchFirefoxAddon {
@ -71,8 +71,8 @@ let
TopSites = false; TopSites = false;
}; };
UserMessaging = { UserMessaging = {
ExtensionRecommendations = false; ExtensionRecommendations = false;
SkipOnboarding = true; SkipOnboarding = true;
}; };
WebsiteFilter = { WebsiteFilter = {
Block = [ Block = [
@ -92,4 +92,4 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.googlebot.packages = [ firefox ]; users.users.googlebot.packages = [ firefox ];
}; };
} }

5
common/pc/kde.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# kde plasma # kde plasma
services.xserver = { services.xserver = {
@ -19,5 +20,5 @@ in {
# plasma5Packages.kmail-account-wizard # plasma5Packages.kmail-account-wizard
kate kate
]; ];
}; };
} }

17
common/pc/mount-samba.nix
View File

@ -14,22 +14,23 @@ let
version_opts = "vers=3.1.1"; version_opts = "vers=3.1.1";
opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}"; opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}";
in { in
{
options.services.mount-samba = { options.services.mount-samba = {
enable = lib.mkEnableOption "enable mounting samba shares"; enable = lib.mkEnableOption "enable mounting samba shares";
}; };
config = lib.mkIf (cfg.enable && config.services.tailscale.enable) { config = lib.mkIf (cfg.enable && config.services.tailscale.enable) {
fileSystems."/mnt/public" = { fileSystems."/mnt/public" = {
device = "//s0.koi-bebop.ts.net/public"; device = "//s0.koi-bebop.ts.net/public";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = [ opts ];
}; };
fileSystems."/mnt/private" = { fileSystems."/mnt/private" = {
device = "//s0.koi-bebop.ts.net/googlebot"; device = "//s0.koi-bebop.ts.net/googlebot";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = [ opts ];
}; };
age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age; age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;
@ -44,4 +45,4 @@ in {
vault_lock = "umount /mnt/vault/"; vault_lock = "umount /mnt/vault/";
}; };
}; };
} }

5
common/pc/pithos.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {
@ -11,7 +12,7 @@ in {
version = "1.5.1"; version = "1.5.1";
src = super.fetchFromGitHub { src = super.fetchFromGitHub {
owner = pname; owner = pname;
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "il7OAALpHFZ6wjco9Asp04zWHCD8Ni+iBdiJWcMiQA4="; sha256 = "il7OAALpHFZ6wjco9Asp04zWHCD8Ni+iBdiJWcMiQA4=";
}; };

8
common/pc/spotify.nix
View File

@ -4,7 +4,7 @@ with lib;
let let
cfg = config.services.spotifyd; cfg = config.services.spotifyd;
toml = pkgs.formats.toml {}; toml = pkgs.formats.toml { };
spotifydConf = toml.generate "spotify.conf" cfg.settings; spotifydConf = toml.generate "spotify.conf" cfg.settings;
in in
{ {
@ -17,7 +17,7 @@ in
enable = mkEnableOption "spotifyd, a Spotify playing daemon"; enable = mkEnableOption "spotifyd, a Spotify playing daemon";
settings = mkOption { settings = mkOption {
default = {}; default = { };
type = toml.type; type = toml.type;
example = { global.bitrate = 320; }; example = { global.bitrate = 320; };
description = '' description = ''
@ -28,7 +28,7 @@ in
users = mkOption { users = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = '' description = ''
Usernames to be added to the "spotifyd" group, so that they Usernames to be added to the "spotifyd" group, so that they
can start and interact with the userspace daemon. can start and interact with the userspace daemon.
@ -83,4 +83,4 @@ in
}; };
}; };
}; };
} }

5
common/pc/steam.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.steam.enable = true; programs.steam.enable = true;
hardware.steam-hardware.enable = true; # steam controller hardware.steam-hardware.enable = true; # steam controller
@ -11,4 +12,4 @@ in {
pkgs.steam pkgs.steam
]; ];
}; };
} }

3
common/pc/torbrowser.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { (self: super: {

3
common/pc/touchpad.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de.touchpad; cfg = config.de.touchpad;
in { in
{
options.de.touchpad = { options.de.touchpad = {
enable = lib.mkEnableOption "enable touchpad"; enable = lib.mkEnableOption "enable touchpad";
}; };

4
common/pc/vscodium.nix
View File

@ -4,8 +4,8 @@ let
cfg = config.de; cfg = config.de;
extensions = with pkgs.vscode-extensions; [ extensions = with pkgs.vscode-extensions; [
# bbenoist.Nix # nix syntax support # bbenoist.Nix # nix syntax support
# arrterian.nix-env-selector # nix dev envs # arrterian.nix-env-selector # nix dev envs
]; ];
vscodium-with-extensions = pkgs.vscode-with-extensions.override { vscodium-with-extensions = pkgs.vscode-with-extensions.override {

3
common/pc/xfce.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.xserver = { services.xserver = {
enable = true; enable = true;

3
common/pc/yubikey.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.de; cfg = config.de;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# yubikey # yubikey
services.pcscd.enable = true; services.pcscd.enable = true;

10
common/server/ceph.nix
View File

@ -3,13 +3,13 @@
with lib; with lib;
let let
cfg = config.ceph; cfg = config.ceph;
in { in
options.ceph = { {
}; options.ceph = { };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# ceph.enable = true; # ceph.enable = true;
## S3 Object gateway ## S3 Object gateway
#ceph.rgw.enable = true; #ceph.rgw.enable = true;
#ceph.rgw.daemons = [ #ceph.rgw.daemons = [
@ -40,4 +40,4 @@ in {
ceph.global.fsid = "925773DC-D95F-476C-BBCD-08E01BF0865F"; ceph.global.fsid = "925773DC-D95F-476C-BBCD-08E01BF0865F";
}; };
} }

2
common/server/default.nix
View File

@ -19,4 +19,4 @@
./iodine.nix ./iodine.nix
./searx.nix ./searx.nix
]; ];
} }

5
common/server/gitea.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.services.gitea; cfg = config.services.gitea;
in { in
{
options.services.gitea = { options.services.gitea = {
hostname = lib.mkOption { hostname = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -40,4 +41,4 @@ in {
}; };
}; };
}; };
} }

4
common/server/hydra.nix
View File

@ -20,6 +20,6 @@ in
hydraURL = "https://${domain}"; hydraURL = "https://${domain}";
useSubstitutes = true; useSubstitutes = true;
notificationSender = notifyEmail; notificationSender = notifyEmail;
buildMachinesFiles = []; buildMachinesFiles = [ ];
}; };
} }

3
common/server/icecast.nix
View File

@ -7,7 +7,8 @@
let let
cfg = config.services.icecast; cfg = config.services.icecast;
in { in
{
options.services.icecast = { options.services.icecast = {
mount = lib.mkOption { mount = lib.mkOption {
type = lib.types.str; type = lib.types.str;

5
common/server/iodine.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.services.iodine.server; cfg = config.services.iodine.server;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# iodine DNS-based vpn # iodine DNS-based vpn
services.iodine.server = { services.iodine.server = {
@ -17,4 +18,4 @@ in {
"dns0" # iodine "dns0" # iodine
]; ];
}; };
} }

15
common/server/mailserver.nix
View File

@ -15,7 +15,8 @@ let
"bsd.ninja" "bsd.ninja"
"bsd.rocks" "bsd.rocks"
]; ];
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# kresd doesn't work with tailscale MagicDNS # kresd doesn't work with tailscale MagicDNS
mailserver.localDnsResolver = false; mailserver.localDnsResolver = false;
@ -60,10 +61,12 @@ in {
sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay"; sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay";
smtp_sender_dependent_authentication = "yes"; smtp_sender_dependent_authentication = "yes";
}; };
services.postfix.mapFiles.sender_relay = let services.postfix.mapFiles.sender_relay =
relayHost = "[smtp.mailgun.org]:587"; let
in pkgs.writeText "sender_relay" relayHost = "[smtp.mailgun.org]:587";
(concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains)); in
pkgs.writeText "sender_relay"
(concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains));
services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd"; services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd";
age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age; age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age;
@ -80,4 +83,4 @@ in {
''; '';
}; };
}; };
} }

20
common/server/matrix.nix
View File

@ -3,7 +3,8 @@
let let
cfg = config.services.matrix; cfg = config.services.matrix;
certs = config.security.acme.certs; certs = config.security.acme.certs;
in { in
{
options.services.matrix = { options.services.matrix = {
enable = lib.mkEnableOption "enable matrix"; enable = lib.mkEnableOption "enable matrix";
element-web = { element-web = {
@ -62,15 +63,15 @@ in {
settings = { settings = {
server_name = cfg.host; server_name = cfg.host;
enable_registration = cfg.enable_registration; enable_registration = cfg.enable_registration;
listeners = [ { listeners = [{
bind_addresses = ["127.0.0.1"]; bind_addresses = [ "127.0.0.1" ];
port = cfg.port; port = cfg.port;
tls = false; tls = false;
resources = [ { resources = [{
compress = true; compress = true;
names = [ "client" "federation" ]; names = [ "client" "federation" ];
} ]; }];
} ]; }];
turn_uris = [ turn_uris = [
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp" "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp"
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp" "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp"
@ -120,7 +121,7 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.${cfg.host} = { virtualHosts.${cfg.host} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
listen = [ listen = [
@ -137,7 +138,8 @@ in {
]; ];
locations."/".proxyPass = "http://localhost:${toString cfg.port}"; locations."/".proxyPass = "http://localhost:${toString cfg.port}";
}; };
virtualHosts.${cfg.turn.host} = { # get TLS cert for TURN server virtualHosts.${cfg.turn.host} = {
# get TLS cert for TURN server
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
@ -214,4 +216,4 @@ in {
openFirewall = true; openFirewall = true;
}; };
}; };
} }

3
common/server/mumble.nix
View File

@ -3,7 +3,8 @@
let let
cfg = config.services.murmur; cfg = config.services.murmur;
certs = config.security.acme.certs; certs = config.security.acme.certs;
in { in
{
options.services.murmur.domain = lib.mkOption { options.services.murmur.domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };

5
common/server/nextcloud.nix
View File

@ -3,7 +3,8 @@
let let
cfg = config.services.nextcloud; cfg = config.services.nextcloud;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
https = true; https = true;
@ -24,4 +25,4 @@ in {
forceSSL = true; forceSSL = true;
}; };
}; };
} }

5
common/server/nginx-stream.nix
View File

@ -5,7 +5,8 @@ let
nginxWithRTMP = pkgs.nginx.override { nginxWithRTMP = pkgs.nginx.override {
modules = [ pkgs.nginxModules.rtmp ]; modules = [ pkgs.nginxModules.rtmp ];
}; };
in { in
{
options.services.nginx.stream = { options.services.nginx.stream = {
enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming"; enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming";
port = lib.mkOption { port = lib.mkOption {
@ -72,4 +73,4 @@ in {
cfg.port cfg.port
]; ];
}; };
} }

5
common/server/nginx.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.services.nginx; cfg = config.services.nginx;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx = { services.nginx = {
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -13,4 +14,4 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
}; };
} }

5
common/server/owncast.nix
View File

@ -4,7 +4,8 @@ with lib;
let let
cfg = config.services.owncast; cfg = config.services.owncast;
in { in
{
options.services.owncast = { options.services.owncast = {
hostname = lib.mkOption { hostname = lib.mkOption {
type = types.str; type = types.str;
@ -28,4 +29,4 @@ in {
}; };
}; };
}; };
} }

7
common/server/privatebin/privatebin.nix
View File

@ -14,7 +14,8 @@ let
cp -ar $src $out cp -ar $src $out
''; '';
}; };
in { in
{
options.services.privatebin = { options.services.privatebin = {
enable = lib.mkEnableOption "enable privatebin"; enable = lib.mkEnableOption "enable privatebin";
host = lib.mkOption { host = lib.mkOption {
@ -30,7 +31,7 @@ in {
group = "privatebin"; group = "privatebin";
isSystemUser = true; isSystemUser = true;
}; };
users.groups.privatebin = {}; users.groups.privatebin = { };
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts.${cfg.host} = { services.nginx.virtualHosts.${cfg.host} = {
@ -53,7 +54,7 @@ in {
"d '/var/lib/privatebin' 0750 privatebin privatebin - -" "d '/var/lib/privatebin' 0750 privatebin privatebin - -"
]; ];
services.phpfpm.pools.privatebin = { services.phpfpm.pools.privatebin = {
user = "privatebin"; user = "privatebin";
group = "privatebin"; group = "privatebin";
phpEnv = { phpEnv = {

11
common/server/radio.nix
View File

@ -3,7 +3,8 @@
let let
cfg = config.services.radio; cfg = config.services.radio;
radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio; radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio;
in { in
{
options.services.radio = { options.services.radio = {
enable = lib.mkEnableOption "enable radio"; enable = lib.mkEnableOption "enable radio";
user = lib.mkOption { user = lib.mkOption {
@ -56,11 +57,11 @@ in {
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
}; };
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
systemd.services.radio = { systemd.services.radio = {
enable = true; enable = true;
after = ["network.target"]; after = [ "network.target" ];
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500"; serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500";
serviceConfig.User = cfg.user; serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group; serviceConfig.Group = cfg.group;
@ -71,4 +72,4 @@ in {
''; '';
}; };
}; };
} }

4
common/server/samba.nix
View File

@ -110,6 +110,6 @@
# samba user for share # samba user for share
users.users.cris.isSystemUser = true; users.users.cris.isSystemUser = true;
users.users.cris.group = "cris"; users.users.cris.group = "cris";
users.groups.cris = {}; users.groups.cris = { };
}; };
} }

9
common/server/searx.nix
View File

@ -2,19 +2,20 @@
let let
cfg = config.services.searx; cfg = config.services.searx;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.searx = { services.searx = {
environmentFile = "/run/agenix/searx"; environmentFile = "/run/agenix/searx";
settings = { settings = {
server.port = 43254; server.port = 43254;
server.secret_key = "@SEARX_SECRET_KEY@"; server.secret_key = "@SEARX_SECRET_KEY@";
engines = [ { engines = [{
name = "wolframalpha"; name = "wolframalpha";
shortcut = "wa"; shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@"; api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api"; engine = "wolframalpha_api";
} ]; }];
}; };
}; };
services.nginx.virtualHosts."search.neet.space" = { services.nginx.virtualHosts."search.neet.space" = {
@ -26,4 +27,4 @@ in {
}; };
age.secrets.searx.file = ../../secrets/searx.age; age.secrets.searx.file = ../../secrets/searx.age;
}; };
} }

5
common/server/thelounge.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.services.thelounge; cfg = config.services.thelounge;
in { in
{
options.services.thelounge = { options.services.thelounge = {
fileUploadBaseUrl = lib.mkOption { fileUploadBaseUrl = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -28,7 +29,7 @@ in {
reverseProxy = true; reverseProxy = true;
maxHistory = -1; maxHistory = -1;
https.enable = false; https.enable = false;
# theme = "thelounge-theme-solarized"; # theme = "thelounge-theme-solarized";
prefetch = false; prefetch = false;
prefetchStorage = false; prefetchStorage = false;
fileUpload = { fileUpload = {

51
common/server/video-stream.nix
View File

@ -15,14 +15,14 @@ let
in in
{ {
networking.firewall.allowedUDPPorts = [ rtp-port ]; networking.firewall.allowedUDPPorts = [ rtp-port ];
networking.firewall.allowedTCPPortRanges = [ { networking.firewall.allowedTCPPortRanges = [{
from = webrtc-peer-lower-port; from = webrtc-peer-lower-port;
to = webrtc-peer-upper-port; to = webrtc-peer-upper-port;
} ]; }];
networking.firewall.allowedUDPPortRanges = [ { networking.firewall.allowedUDPPortRanges = [{
from = webrtc-peer-lower-port; from = webrtc-peer-lower-port;
to = webrtc-peer-upper-port; to = webrtc-peer-upper-port;
} ]; }];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@ -49,12 +49,12 @@ in
ports = [ ports = [
"${toStr ingest-port}:8084" "${toStr ingest-port}:8084"
]; ];
# imageFile = pkgs.dockerTools.pullImage { # imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/ingest"; # imageName = "projectlightspeed/ingest";
# finalImageTag = "version-0.1.4"; # finalImageTag = "version-0.1.4";
# imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc"; # imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
# sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5"; # sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
# }; # };
}; };
"lightspeed-react" = { "lightspeed-react" = {
workdir = "/var/lib/lightspeed-react"; workdir = "/var/lib/lightspeed-react";
@ -62,12 +62,12 @@ in
ports = [ ports = [
"${toStr web-port}:80" "${toStr web-port}:80"
]; ];
# imageFile = pkgs.dockerTools.pullImage { # imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/react"; # imageName = "projectlightspeed/react";
# finalImageTag = "version-0.1.3"; # finalImageTag = "version-0.1.3";
# imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6"; # imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
# sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js"; # sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
# }; # };
}; };
"lightspeed-webrtc" = { "lightspeed-webrtc" = {
workdir = "/var/lib/lightspeed-webrtc"; workdir = "/var/lib/lightspeed-webrtc";
@ -79,15 +79,18 @@ in
"${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp" "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp"
]; ];
cmd = [ cmd = [
"lightspeed-webrtc" "--addr=0.0.0.0" "--ip=${domain}" "lightspeed-webrtc"
"--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" "run" "--addr=0.0.0.0"
"--ip=${domain}"
"--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}"
"run"
]; ];
# imageFile = pkgs.dockerTools.pullImage { # imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/webrtc"; # imageName = "projectlightspeed/webrtc";
# finalImageTag = "version-0.1.2"; # finalImageTag = "version-0.1.2";
# imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf"; # imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
# sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i"; # sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
# }; # };
}; };
}; };
}; };

12
common/server/vscode/modules/vscode-server/default.nix
View File

@ -1,8 +1,8 @@
import ./module.nix ({ name, description, serviceConfig }: import ./module.nix ({ name, description, serviceConfig }:
{ {
systemd.user.services.${name} = { systemd.user.services.${name} = {
inherit description serviceConfig; inherit description serviceConfig;
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
}; };
}) })

20
common/server/vscode/modules/vscode-server/home.nix
View File

@ -1,15 +1,15 @@
import ./module.nix ({ name, description, serviceConfig }: import ./module.nix ({ name, description, serviceConfig }:
{ {
systemd.user.services.${name} = { systemd.user.services.${name} = {
Unit = { Unit = {
Description = description; Description = description;
}; };
Service = serviceConfig; Service = serviceConfig;
Install = { Install = {
WantedBy = [ "default.target" ]; WantedBy = [ "default.target" ];
};
}; };
}; })
})

3
common/server/zerobin.nix
View File

@ -2,7 +2,8 @@
let let
cfg = config.services.zerobin; cfg = config.services.zerobin;
in { in
{
options.services.zerobin = { options.services.zerobin = {
host = lib.mkOption { host = lib.mkOption {
type = lib.types.str; type = lib.types.str;

2
common/shell.nix
View File

@ -47,4 +47,4 @@
}); });
}) })
]; ];
} }

2
common/ssh.nix
View File

@ -37,4 +37,4 @@ rec {
storage = with system; [ storage = with system; [
s0 s0
]; ];
} }

136
flake.nix
View File

@ -47,75 +47,78 @@
outputs = { self, nixpkgs, ... }@inputs: { outputs = { self, nixpkgs, ... }@inputs: {
nixosConfigurations = nixosConfigurations =
let let
modules = system: with inputs; [ modules = system: with inputs; [
./common ./common
simple-nixos-mailserver.nixosModule simple-nixos-mailserver.nixosModule
agenix.nixosModules.default agenix.nixosModules.default
dailybuild_modules.nixosModule dailybuild_modules.nixosModule
archivebox.nixosModule archivebox.nixosModule
nix-index-database.nixosModules.nix-index nix-index-database.nixosModules.nix-index
({ lib, ... }: { ({ lib, ... }: {
config.environment.systemPackages = [ config.environment.systemPackages = [
agenix.packages.${system}.agenix agenix.packages.${system}.agenix
];
# because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
options.inputs = lib.mkOption { default = inputs; };
options.currentSystem = lib.mkOption { default = system; };
})
];
mkSystem = system: nixpkgs: path:
let
allModules = modules system;
# allow patching nixpkgs, remove this hack once this is solved: https://github.com/NixOS/nix/issues/3920
patchedNixpkgsSrc = nixpkgs.legacyPackages.${system}.applyPatches {
name = "nixpkgs-patched";
src = nixpkgs;
patches = [
inputs.nixpkgs-hostapd-pr
]; ];
# because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
options.inputs = lib.mkOption { default = inputs; };
options.currentSystem = lib.mkOption { default = system; };
})
];
mkSystem = system: nixpkgs: path:
let
allModules = modules system;
# allow patching nixpkgs, remove this hack once this is solved: https://github.com/NixOS/nix/issues/3920
patchedNixpkgsSrc = nixpkgs.legacyPackages.${system}.applyPatches {
name = "nixpkgs-patched";
src = nixpkgs;
patches = [
inputs.nixpkgs-hostapd-pr
];
};
patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; });
in
patchedNixpkgs.lib.nixosSystem {
inherit system;
modules = allModules ++ [ path ];
specialArgs = {
inherit allModules;
};
}; };
patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self=nixpkgs; }); in
{
"ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
# "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
"ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix;
"router" = mkSystem "x86_64-linux" nixpkgs ./machines/router/configuration.nix;
"s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
};
in patchedNixpkgs.lib.nixosSystem { packages =
inherit system; let
modules = allModules ++ [path]; mkKexec = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/ephemeral/kexec.nix ];
}).config.system.build.kexec_tarball;
mkIso = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/ephemeral/iso.nix ];
}).config.system.build.isoImage;
in
{
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
"x86_64-linux"."iso" = mkIso "x86_64-linux";
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
"aarch64-linux"."iso" = mkIso "aarch64-linux";
};
specialArgs = { deploy.nodes =
inherit allModules;
};
};
in
{
"ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
# "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
"ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix;
"router" = mkSystem "x86_64-linux" nixpkgs ./machines/router/configuration.nix;
"s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
};
packages = let
mkKexec = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/ephemeral/kexec.nix ];
}).config.system.build.kexec_tarball;
mkIso = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/ephemeral/iso.nix ];
}).config.system.build.isoImage;
in {
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
"x86_64-linux"."iso" = mkIso "x86_64-linux";
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
"aarch64-linux"."iso" = mkIso "aarch64-linux";
};
deploy.nodes =
let let
mkDeploy = configName: hostname: { mkDeploy = configName: hostname: {
inherit hostname; inherit hostname;
@ -124,7 +127,8 @@
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configName}; profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configName};
}; };
in { in
{
s0 = mkDeploy "s0" "s0"; s0 = mkDeploy "s0" "s0";
router = mkDeploy "router" "router"; router = mkDeploy "router" "router";
ponyo = mkDeploy "ponyo" "ponyo.neet.dev"; ponyo = mkDeploy "ponyo" "ponyo.neet.dev";

2
machines/ephemeral/iso.nix
View File

@ -9,4 +9,4 @@
isoImage.makeUsbBootable = true; isoImage.makeUsbBootable = true;
networking.hostName = "iso"; networking.hostName = "iso";
} }

2
machines/ephemeral/kexec.nix
View File

@ -45,4 +45,4 @@
contents = [ ]; contents = [ ];
}; };
}; };
} }

8
machines/ephemeral/minimal.nix
View File

@ -7,7 +7,8 @@
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
boot.kernelParams = [ boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues "panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0,115200" # enable serial console "console=ttyS0,115200" # enable serial console
"console=tty1" "console=tty1"
]; ];
@ -21,7 +22,8 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cryptsetup cryptsetup
btrfs-progs btrfs-progs
git git-lfs git
git-lfs
wget wget
htop htop
dnsutils dnsutils
@ -42,4 +44,4 @@
services.getty.autologinUser = "root"; services.getty.autologinUser = "root";
users.users.root.openssh.authorizedKeys.keys = (import ../../common/ssh.nix).users; users.users.root.openssh.authorizedKeys.keys = (import ../../common/ssh.nix).users;
} }

8
machines/nat/hardware-configuration.nix
View File

@ -12,14 +12,16 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779"; {
device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779";
fsType = "btrfs"; fsType = "btrfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0C95-1290"; {
device = "/dev/disk/by-uuid/0C95-1290";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];
} }

6
machines/ponyo/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports =[ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -61,7 +61,7 @@
host = "radio.runyan.org"; host = "radio.runyan.org";
}; };
}; };
pia.wireguard.badPortForwardPorts = []; pia.wireguard.badPortForwardPorts = [ ];
services.nginx.virtualHosts."radio.runyan.org" = { services.nginx.virtualHosts."radio.runyan.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -135,4 +135,4 @@
# owncast live streaming # owncast live streaming
services.owncast.enable = true; services.owncast.enable = true;
services.owncast.hostname = "live.neet.dev"; services.owncast.hostname = "live.neet.dev";
} }

11
machines/ponyo/hardware-configuration.nix
View File

@ -2,7 +2,8 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
@ -22,12 +23,14 @@
boot.initrd.luks.devices."enc-pv2".device = "/dev/disk/by-uuid/e52b01b3-81c8-4bb2-ae7e-a3d9c793cb00"; # expanded disk boot.initrd.luks.devices."enc-pv2".device = "/dev/disk/by-uuid/e52b01b3-81c8-4bb2-ae7e-a3d9c793cb00"; # expanded disk
fileSystems."/" = fileSystems."/" =
{ device = "/dev/mapper/enc-pv"; {
device = "/dev/mapper/enc-pv";
fsType = "btrfs"; fsType = "btrfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd"; {
device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd";
fsType = "ext4"; fsType = "ext4";
}; };
@ -39,4 +42,4 @@
]; ];
networking.interfaces.eth0.useDHCP = true; networking.interfaces.eth0.useDHCP = true;
} }

15
machines/ray/hardware-configuration.nix
View File

@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
# boot # boot
@ -40,22 +41,24 @@
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/vg/root"; {
device = "/dev/vg/root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=root" ]; options = [ "subvol=root" ];
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/vg/root"; {
device = "/dev/vg/root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" ]; options = [ "subvol=home" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2C85-2B59"; {
device = "/dev/disk/by-uuid/2C85-2B59";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/vg/swap"; } [{ device = "/dev/vg/swap"; }];
];
# high-resolution display # high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true; hardware.video.hidpi.enable = lib.mkDefault true;

2
machines/router/configuration.nix
View File

@ -37,4 +37,4 @@
# externalInterface = "eth0"; # externalInterface = "eth0";
# internalIPs = [ "br0" ]; # internalIPs = [ "br0" ];
# }; # };
} }

12
machines/router/hardware-configuration.nix
View File

@ -10,7 +10,8 @@
# Enable serial output # Enable serial output
boot.kernelParams = [ boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues "panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0,115200n8" # enable serial console "console=ttyS0,115200n8" # enable serial console
]; ];
boot.loader.grub.extraConfig = " boot.loader.grub.extraConfig = "
@ -33,16 +34,17 @@
remoteLuksUnlock.enable = true; remoteLuksUnlock.enable = true;
boot.initrd.luks.devices."enc-pv".device = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c"; boot.initrd.luks.devices."enc-pv".device = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c";
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce"; {
device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
fsType = "btrfs"; fsType = "btrfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689"; {
device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
fsType = "ext3"; fsType = "ext3";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; } [{ device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }];
];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
} }

10
machines/router/router.nix
View File

@ -97,11 +97,11 @@ in
channel = 6; channel = 6;
countryCode = "US"; countryCode = "US";
wifi4 = { wifi4 = {
capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+"]; capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+" ];
}; };
wifi5 = { wifi5 = {
operatingChannelWidth = "20or40"; operatingChannelWidth = "20or40";
capabilities = ["MAX-A-MPDU-LEN-EXP0"]; capabilities = [ "MAX-A-MPDU-LEN-EXP0" ];
}; };
wifi6 = { wifi6 = {
enable = true; enable = true;
@ -137,11 +137,11 @@ in
channel = 128; channel = 128;
countryCode = "US"; countryCode = "US";
wifi4 = { wifi4 = {
capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-"]; capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-" ];
}; };
wifi5 = { wifi5 = {
operatingChannelWidth = "160"; operatingChannelWidth = "160";
capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; capabilities = [ "RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7" ];
}; };
wifi6 = { wifi6 = {
enable = true; enable = true;
@ -202,4 +202,4 @@ in
}) })
]; ];
}; };
} }

2
machines/storage/s0/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports =[ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];

36
machines/storage/s0/hardware-configuration.nix
View File

@ -2,7 +2,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
# boot # boot
@ -31,28 +32,39 @@
# mounts # mounts
fileSystems."/" = fileSystems."/" =
{ device = "rpool/nixos/root"; {
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; device = "rpool/nixos/root";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "rpool/nixos/home"; {
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; device = "rpool/nixos/home";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ device = "rpool/nixos/var/lib"; {
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; device = "rpool/nixos/var/lib";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/var/log" = fileSystems."/var/log" =
{ device = "rpool/nixos/var/log"; {
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; device = "rpool/nixos/var/log";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/data" = fileSystems."/data" =
{ device = "rpool/nixos/data"; {
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; device = "rpool/nixos/data";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4FB4-738E"; {
device = "/dev/disk/by-uuid/4FB4-738E";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];