zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:63902fcb46e2028beb522a5bbae2dd5b26baf754
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
..
compare: zuckerberg:b8c9278f37c2ccb571c8efae660e9e66be77165f
Branches Tags
zuckerberg:stage
zuckerberg:master
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

No commits in common. "63902fcb46e2028beb522a5bbae2dd5b26baf754" and "b8c9278f37c2ccb571c8efae660e9e66be77165f" have entirely different histories.
63902fcb46 ... b8c9278f37

6 changed files with 9 additions and 90 deletions
Show Stats Expand all files Collapse all files

1
common/pc/default.nix
View File

@ -42,6 +42,7 @@ in {
nextcloud-client nextcloud-client
signal-desktop signal-desktop
minecraft minecraft
sauerbraten
gparted gparted
libreoffice-fresh libreoffice-fresh
thunderbird thunderbird

6
common/pc/mount-samba.nix
View File

@ -12,7 +12,7 @@ let
auth_opts = "credentials=/run/agenix/smb-secrets"; auth_opts = "credentials=/run/agenix/smb-secrets";
version_opts = "vers=2.1"; version_opts = "vers=2.1";
opts = "${network_opts},${user_opts},${version_opts},${auth_opts}"; opts = "${network_opts},${user_opts},${version_opts}";
in { in {
options.services.mount-samba = { options.services.mount-samba = {
enable = lib.mkEnableOption "enable mounting samba shares"; enable = lib.mkEnableOption "enable mounting samba shares";
@ -22,13 +22,13 @@ in {
fileSystems."/mnt/public" = { fileSystems."/mnt/public" = {
device = "//s0.zt.neet.dev/public"; device = "//s0.zt.neet.dev/public";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = ["guest,${opts}"];
}; };
fileSystems."/mnt/private" = { fileSystems."/mnt/private" = {
device = "//s0.zt.neet.dev/googlebot"; device = "//s0.zt.neet.dev/googlebot";
fsType = "cifs"; fsType = "cifs";
options = [ opts ]; options = ["${auth_opts},${opts}"];
}; };
age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age; age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;

2
common/server/samba.nix
View File

@ -35,7 +35,7 @@
path = "/data/samba/Public"; path = "/data/samba/Public";
browseable = "yes"; browseable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "no"; "guest ok" = "yes";
"create mask" = "0644"; "create mask" = "0644";
"directory mask" = "0755"; "directory mask" = "0755";
"force user" = "public_data"; "force user" = "public_data";

16
flake.nix
View File

@ -32,10 +32,13 @@
archivebox.inputs.flake-utils.follows = "flake-utils"; archivebox.inputs.flake-utils.follows = "flake-utils";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs: { outputs = inputs: {
nixosConfigurations = nixosConfigurations =
let let
nixpkgs = inputs.nixpkgs;
nixpkgs-unstable = inputs.nixpkgs-unstable;
modules = system: [ modules = system: [
./common ./common
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
@ -116,16 +119,5 @@
"n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix; "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix;
"n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix; "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix;
}; };
packages = let
mkKexec = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/kexec.nix ];
}).config.system.build.kexec_tarball;
in {
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
};
}; };
} }

72
machines/kexec.nix
View File

@ -1,72 +0,0 @@
# From https://mdleom.com/blog/2021/03/09/nixos-oracle/#Build-a-kexec-tarball
# Builds a kexec img
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/netboot/netboot.nix")
(modulesPath + "/profiles/qemu-guest.nix")
];
# stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
system.build = rec {
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
mkdir $out
if [ -f ${config.system.build.kernel}/bzImage ]; then
cp ${config.system.build.kernel}/bzImage $out/kernel
else
cp ${config.system.build.kernel}/Image $out/kernel
fi
cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
nuke-refs $out/kernel
'';
kexec_script = pkgs.writeTextFile {
executable = true;
name = "kexec-nixos";
text = ''
#!${pkgs.stdenv.shell}
set -e
${pkgs.kexectools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
sync
echo "executing kernel, filesystems will be improperly umounted"
${pkgs.kexectools}/bin/kexec -e
'';
};
kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") {
storeContents = [
{
object = config.system.build.kexec_script;
symlink = "/kexec_nixos";
}
];
contents = [ ];
};
};
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0" # enable serial console
"console=tty1"
];
boot.kernel.sysctl."vm.overcommit_memory" = "1";
environment.systemPackages = with pkgs; [
cryptsetup
btrfs-progs
];
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
networking.useDHCP = true;
networking.hostName = "kexec";
services.openssh = {
enable = true;
challengeResponseAuthentication = false;
passwordAuthentication = false;
};
services.getty.autologinUser = "root";
users.users.root.openssh.authorizedKeys.keys = (import ../common/ssh.nix).users;
}

2
machines/ray/configuration.nix
View File

@ -17,8 +17,6 @@
allowDiscards = true; allowDiscards = true;
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
networking.hostName = "ray"; networking.hostName = "ray";
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;