use mainline nixpkgs

cleanup config imports
helios64 working
2022-03-07 23:54:02 -05:00 · 2022-03-07 23:53:14 -05:00 · 2022-03-07 23:51:10 -05:00 · 2022-03-07 23:50:39 -05:00 · 2022-03-07 23:49:39 -05:00 · 2022-03-07 23:48:55 -05:00
14 changed files with 103 additions and 211 deletions
--- a/common/auto-update.nix
+++ b/common/auto-update.nix
@ -1,6 +1,6 @@
 { config, lib, ... }:
-# Modify auto-update so that it pulls a flake and much 
+# Modify auto-update so that it pulls a flake
 let
  cfg = config.system.autoUpgrade;
--- a/common/boot/default.nix
+++ b/common/boot/default.nix
@ -0,0 +1,10 @@
 { lib, config, pkgs, ... }:
 {
  imports = [
    ./firmware.nix
    ./efi.nix
    ./bios.nix
    ./luks.nix
  ];
 }
--- a/common/default.nix
+++ b/common/default.nix
@ -6,22 +6,9 @@
    ./pia.nix
    ./zerotier.nix
    ./auto-update.nix
-    ./boot/firmware.nix
+    ./boot
-    ./boot/efi.nix
+    ./server
-    ./boot/bios.nix
+    ./pc
    ./boot/luks.nix
    ./server/nginx.nix
    ./server/thelounge.nix
    ./server/mumble.nix
    ./server/icecast.nix
    ./server/nginx-stream.nix
    ./server/matrix.nix
    ./server/zerobin.nix
    ./server/gitea.nix
    ./server/privatebin/privatebin.nix
    ./server/drastikbot.nix
    ./server/radio.nix
    ./pc/de.nix
  ];
  system.stateVersion = "20.09";
@ -48,4 +35,6 @@
    hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
  };
  nix.trustedUsers = [ "root" "googlebot" ];
  nix.gc.automatic = true;
 }
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
--- a/common/server/default.nix
+++ b/common/server/default.nix
@ -0,0 +1,17 @@
 { config, pkgs, ... }:
 {
  imports = [
    ./nginx.nix
    ./thelounge.nix
    ./mumble.nix
    ./icecast.nix
    ./nginx-stream.nix
    ./matrix.nix
    ./zerobin.nix
    ./gitea.nix
    ./privatebin/privatebin.nix
    ./drastikbot.nix
    ./radio.nix
  ];
 }
--- a/common/ssh.nix
+++ b/common/ssh.nix
@ -4,12 +4,58 @@ rec {
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx" # reg
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSkKiRUUmnErOKGx81nyge/9KqjkPh8BfDk0D3oP586" # nat
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiDbsEB1HXvPDlASKwZxNoQabxikCa8ptvqdqROD1WG" # ray
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeTK1iARlNIKP/DS8/ObBm9yUM/3L1Ub4XI5A2r9OzP" # ray
  ];
  system = {
    liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl";
-    mitty = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE2oSon3hKFqdDbfWXjc72trCWsdi16eEppeXkKRTEn";
+    ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
-    ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKboRF1Nz/bTPs4VB2QcTAIvWER0nlp6E/iG6/B1IzwF";
+    s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4xi9PqTvcA/XB+gTwjFXk+f3sycGSFoioO3e8yDy7H";
    n1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWlhd1Oid5Xf2zdcBrcdrR0TlhObutwcJ8piobRTpRt";
    n2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7bRiRutnI7Bmyt/I238E3Fp5DqiClIXiVibsccipOr";
    n3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+rJEaRrFDGirQC2UoWQkmpzLg4qgTjGJgVqiipWiU5";
    n4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYm2ROIfCeGz6QtDwqAmcj2DX9tq2CZn0eLhskdvB4Z";
    n5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5Qhvwq3PiHEKf+2/4w5ZJkSMNzFLhIRrPOR98m7wW4";
    n6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/P/pa9+qhKAPfvvd8xSO2komJqDW0M1nCK7ZrP6PO7";
    n7 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtOlOvTlMX2mxPaXDJ6VlMe5rmroUXpKmJVNxgV32xL";
  };
-  systems = [ system.liza system.mitty system.ray ];
+
  # groups
  systems = with system; [
    liza
    ray
    s0
    n1
    n2
    n3
    n4
    n5
    n6
    n7
  ];
  personal = with system; [
    ray
  ];
  servers = with system; [
    liza
    s0
    n1
    n2
    n3
    n4
    n5
    n6
    n7
  ];
  compute = with system; [
    n1
    n2
    n3
    n4
    n5
    n6
    n7
  ];
  storage = with system; [
    s0
  ];
 }
--- a/flake.nix
+++ b/flake.nix
@ -1,8 +1,7 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
-    nixpkgs-peertube.url = "github:GoogleBot42/nixpkgs/add-peertube-service";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
    agenix.url = "github:ryantm/agenix";
    # radio
@ -24,13 +23,12 @@
    nixosConfigurations =
    let
      nixpkgs = inputs.nixpkgs;
      nixpkgs-peertube = inputs.nixpkgs-peertube;
      mkSystem = system: nixpkgs: path:
        nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
            path
-            ./common/common.nix
+            ./common
            inputs.simple-nixos-mailserver.nixosModule
            inputs.agenix.nixosModules.age
            ({ lib, ... }: {
@ -48,9 +46,8 @@
      "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
      "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
      "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
      "mitty" = mkSystem "x86_64-linux" nixpkgs ./machines/mitty/configuration.nix;
      "neetdev" = mkSystem "x86_64-linux" nixpkgs ./machines/neet.dev/configuration.nix;
-      "liza" = mkSystem "x86_64-linux" nixpkgs-peertube ./machines/liza/configuration.nix;
+      "liza" = mkSystem "x86_64-linux" nixpkgs ./machines/liza/configuration.nix;
      "s0" = mkSystem "aarch64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
      "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
      "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;
--- a/machines/liza/configuration.nix
+++ b/machines/liza/configuration.nix
@ -219,6 +219,12 @@ in {
    };
  };
  services.nginx.virtualHosts."tmp.neet.dev" = {
    enableACME = true;
    forceSSL = true;
    root = "/var/www/tmp";
  };
  mailserver = {
    enable = true;
    fqdn = "mail.neet.dev";
--- a/machines/mitty/configuration.nix
+++ b/machines/mitty/configuration.nix
@ -1,130 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  imports =[
    ./hardware-configuration.nix
  ];
  # cuxhh3ei2djpgf2zdkboceuhaxavgr3ipu3d7a2swx4giy2wosfxspyd.onion
  nix.flakes.enable = true;
  firmware.x86_64.enable = true;
  bios = {
    enable = true;
    device = "/dev/vda";
  };
  luks = {
    enable = true;
    device.path = "/dev/disk/by-uuid/6dcf23ea-cb5e-4329-a88b-832209918c40";
  };
  networking.hostName = "mitty";
  networking.interfaces.ens3.useDHCP = true;
  services.nginx.enable = true;
  containers.jellyfin = {
    ephemeral = true;
    autoStart = true;
    bindMounts = {
      "/var/lib" = {
        hostPath = "/var/lib/";
        isReadOnly = false;
      };
    };
    bindMounts = {
      "/run/secrets" = {
        hostPath = "/run/secrets";
        isReadOnly = true;
      };
    };
    enableTun = true;
    privateNetwork = true;
    hostAddress = "172.16.100.1";
    localAddress = "172.16.100.2";
    config = {
      imports = [
        ../../common/common.nix
        config.inputs.agenix.nixosModules.age
      ];
      # because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
      options.inputs = lib.mkOption { default = config.inputs; };
      options.currentSystem = lib.mkOption { default = config.currentSystem; };
      config = {
        pia.enable = true;
        nixpkgs.pkgs = pkgs;
        services.radarr.enable = true;
        services.radarr.openFirewall = true;
        services.bazarr.enable = true;
        services.bazarr.openFirewall = true;
        services.sonarr.enable = true;
        services.sonarr.openFirewall = true;
        services.jackett.enable = true;
        services.jackett.openFirewall = true;
        services.jellyfin.enable = true;
        services.jellyfin.openFirewall = true;
        services.deluge.enable = true;
        services.deluge.web.enable = true;
        services.deluge.web.openFirewall = true;
      };
    };
  };
  services.nginx.virtualHosts."radarr.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:7878";
    };
  };
  services.nginx.virtualHosts."sonarr.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:8989";
    };
  };
  services.nginx.virtualHosts."bazarr.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:6767";
    };
  };
  services.nginx.virtualHosts."jellyfin.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:8096";
    };
  };
  services.nginx.virtualHosts."deluge.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:8112";
    };
  };
  services.nginx.virtualHosts."jackett.neet.cloud" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://172.16.100.2:9117";
    };
  };
  # load the secret on behalf of the container
  age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf;
  networking.nat.enable = true;
  networking.nat.internalInterfaces = [ "ve-jellyfin" ];
  networking.nat.externalInterface = "ens3";
  security.acme.acceptTerms = true;
  security.acme.email = "letsencrypt+5@tar.ninja";
 }
--- a/machines/mitty/hardware-configuration.nix
+++ b/machines/mitty/hardware-configuration.nix
@ -1,37 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/mapper/vg-root";
      fsType = "btrfs";
      options = [ "subvol=root" ];
    };
  fileSystems."/home" =
    { device = "/dev/mapper/vg-root";
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/78f9b9a3-40f6-4c6c-a599-5d5067ffa214";
      fsType = "ext3";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/26252a81-8a98-45d0-8507-494ecb3901e7"; }
    ];
 }
--- a/machines/ray/configuration.nix
+++ b/machines/ray/configuration.nix
@ -24,7 +24,7 @@ in
  efi.enable = true;
  boot.initrd.luks.devices."enc-pv" = {
-    device = "/dev/disk/by-uuid/d71ebe1f-7c49-454d-b28b-1dc54cf280e5";
+    device = "/dev/disk/by-uuid/c1822e5f-4137-44e1-885f-954e926583ce";
    allowDiscards = true;
  };
@ -32,11 +32,6 @@ in
  hardware.enableAllFirmware = true;
  boot.blacklistedKernelModules = [ "btusb" ];
  # fix backlight
  boot.kernelParams = [ "amdgpu.backlight=0" ];
  # newer kernel for wifi
  boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
--- a/machines/ray/hardware-configuration.nix
+++ b/machines/ray/hardware-configuration.nix
@ -14,26 +14,28 @@
  boot.extraModulePackages = [ ];
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4ba62b93-d30e-4638-b68f-c830e6edde48";
+    { device = "/dev/vg/root";
      fsType = "btrfs";
      options = [ "subvol=root" ];
    };
  fileSystems."/home" =
-    { device = "/dev/disk/by-uuid/4ba62b93-d30e-4638-b68f-c830e6edde48";
+    { device = "/dev/vg/root";
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4CD3-6ED6";
+    { device = "/dev/disk/by-uuid/2C85-2B59";
      fsType = "vfat";
    };
  swapDevices =
-    [ { device = "/dev/disk/by-uuid/2aee96fd-5132-480f-a798-c6b87be2ffd9"; }
+    [ { device = "/dev/vg/swap"; }
    ];
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
 }
--- a/machines/storage/s0/configuration.nix
+++ b/machines/storage/s0/configuration.nix
@ -12,12 +12,9 @@
  networking.hostName = "s0";
-  luks = {
+  boot.initrd.luks.devices."enc-pv" = {
-    enable = true;
+    device = "/dev/disk/by-uuid/96b216e1-071b-4c02-899e-29e2eeced7a8";
-    device = {
+    allowDiscards = true;
      path = "/dev/disk/by-uuid/96b216e1-071b-4c02-899e-29e2eeced7a8";
      allowDiscards = true;
    };
  };
  boot.loader.grub.enable = false;
--- a/machines/storage/s0/hardware-configuration.nix
+++ b/machines/storage/s0/hardware-configuration.nix
@ -31,7 +31,7 @@
    };
  swapDevices =
-    [ { device = "/dev/disk/by-uuid/c7156f71-68f3-4f7a-bec0-06bdfa63f6c0"; }
+    [ { device = "/dev/mapper/vg-swap"; }
    ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
Author	SHA1	Message	Date
zuckerberg	065830ac0d	use mainline nixpkgs	2022-03-07 23:54:02 -05:00
zuckerberg	7a08a607e4	cleanup config imports	2022-03-07 23:53:14 -05:00
zuckerberg	50ea80ad32	helios64 working	2022-03-07 23:51:10 -05:00
zuckerberg	6bd288a97d	reinstall ray	2022-03-07 23:50:39 -05:00
zuckerberg	ee86a616a9	tmp file serve	2022-03-07 23:49:39 -05:00
zuckerberg	48c2917d5b	Update ssh keys	2022-03-07 23:48:55 -05:00
zuckerberg	d6c23d2bc4	Remove mitty	2022-03-07 23:47:46 -05:00