feat: add Pie
This commit is contained in:
parent
8ef898f575
commit
632519e041
125
flake.lock
125
flake.lock
|
@ -1,5 +1,43 @@
|
|||
{
|
||||
"nodes": {
|
||||
"adblock-unbound": {
|
||||
"inputs": {
|
||||
"adblockStevenBlack": "adblockStevenBlack",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688055723,
|
||||
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=",
|
||||
"owner": "MayNiklas",
|
||||
"repo": "nixos-adblock-unbound",
|
||||
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "MayNiklas",
|
||||
"repo": "nixos-adblock-unbound",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"adblockStevenBlack": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1665337238,
|
||||
"narHash": "sha256-LYYjWMy4xXXqnM3ROKseS7y0faNLYyyDPqUe1+Uf+RE=",
|
||||
"owner": "StevenBlack",
|
||||
"repo": "hosts",
|
||||
"rev": "ff7d9bed83732bd3980ae452927541c6c4b15382",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "StevenBlack",
|
||||
"repo": "hosts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": [
|
||||
|
@ -47,8 +85,8 @@
|
|||
"inputs": {
|
||||
"devshell": "devshell_3",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"flake-utils": "flake-utils_5",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686513235,
|
||||
|
@ -90,7 +128,7 @@
|
|||
},
|
||||
"devshell": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"digga",
|
||||
"nixpkgs"
|
||||
|
@ -189,7 +227,7 @@
|
|||
"flake-compat": [
|
||||
"flake-compat"
|
||||
],
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils-plus": "flake-utils-plus",
|
||||
"home-manager": [
|
||||
"home"
|
||||
|
@ -283,11 +321,11 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1642700792,
|
||||
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -319,6 +357,21 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1642700792,
|
||||
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
|
@ -333,7 +386,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
|
@ -351,7 +404,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
|
@ -369,7 +422,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"flake-utils_6": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
},
|
||||
|
@ -411,7 +464,7 @@
|
|||
"keycloak-theme-pub-solar": {
|
||||
"inputs": {
|
||||
"devshell": "devshell_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
]
|
||||
|
@ -463,6 +516,24 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"musnix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690426816,
|
||||
"narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=",
|
||||
"owner": "musnix",
|
||||
"repo": "musnix",
|
||||
"rev": "e651b06f8a3ac7d71486984100e8a79334da8329",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "musnix",
|
||||
"repo": "musnix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1693636127,
|
||||
|
@ -496,15 +567,15 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1686412476,
|
||||
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1690272529,
|
||||
"narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "21951114383770f96ae528d0ae68824557768e81",
|
||||
"rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
|
@ -527,6 +598,22 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1686412476,
|
||||
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "21951114383770f96ae528d0ae68824557768e81",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1693158576,
|
||||
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
|
||||
|
@ -544,6 +631,7 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"adblock-unbound": "adblock-unbound",
|
||||
"agenix": "agenix",
|
||||
"darwin": "darwin",
|
||||
"deploy": "deploy",
|
||||
|
@ -555,6 +643,7 @@
|
|||
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
|
||||
"latest": "latest",
|
||||
"master": "master",
|
||||
"musnix": "musnix",
|
||||
"nixos": "nixos",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"scan2paperless": "scan2paperless"
|
||||
|
@ -564,8 +653,8 @@
|
|||
"inputs": {
|
||||
"deno2nix": "deno2nix",
|
||||
"devshell": "devshell_4",
|
||||
"flake-utils": "flake-utils_5",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"flake-utils": "flake-utils_6",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1693298356,
|
||||
|
|
15
flake.nix
15
flake.nix
|
@ -42,6 +42,10 @@
|
|||
fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
|
||||
fix-atomic-container-restarts.url = "github:pub-solar/nixpkgs/fix/atomic-container-restarts";
|
||||
scan2paperless.url = "git+https://git.pub.solar/b12f/scan2paperless.git";
|
||||
musnix.url = "github:musnix/musnix";
|
||||
|
||||
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
|
||||
adblock-unbound.inputs.nixpkgs.follows = "nixos";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
|
@ -53,6 +57,7 @@
|
|||
agenix,
|
||||
deploy,
|
||||
scan2paperless,
|
||||
musnix,
|
||||
...
|
||||
} @ inputs:
|
||||
digga.lib.mkFlake
|
||||
|
@ -108,6 +113,7 @@
|
|||
digga.nixosModules.nixConfig
|
||||
home.nixosModules.home-manager
|
||||
agenix.nixosModules.age
|
||||
musnix.nixosModules.musnix
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -127,6 +133,11 @@
|
|||
#})
|
||||
];
|
||||
};
|
||||
|
||||
pie = {
|
||||
system = "aarch64-linux";
|
||||
modules = [nixos-hardware.nixosModules.raspberry-pi-4];
|
||||
};
|
||||
};
|
||||
importables = rec {
|
||||
profiles =
|
||||
|
@ -179,9 +190,11 @@
|
|||
|
||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||
droppie = {
|
||||
hostname = "backup.b12f.io";
|
||||
sshUser = "yule";
|
||||
};
|
||||
nougat-2 = {
|
||||
|
||||
pie = {
|
||||
sshUser = "yule";
|
||||
};
|
||||
#example = {
|
||||
|
|
37
hosts/pie/configuration.nix
Normal file
37
hosts/pie/configuration.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
boot.loader.grub.device = "nodev";
|
||||
boot.loader.timeout = 5;
|
||||
|
||||
boot.loader.efi.canTouchEfiVariables = false;
|
||||
boot.loader.systemd-boot.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = false;
|
||||
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
networking.hostId = "34234773";
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_6_1;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
}
|
7
hosts/pie/default.nix
Normal file
7
hosts/pie/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{suites, ...}: {
|
||||
imports =
|
||||
[
|
||||
./pie.nix
|
||||
]
|
||||
++ suites.pie;
|
||||
}
|
80
hosts/pie/dhcpd.nix
Normal file
80
hosts/pie/dhcpd.nix
Normal file
|
@ -0,0 +1,80 @@
|
|||
{ pkgs, adblock-unbound, ... }:
|
||||
{
|
||||
services.kea.dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [
|
||||
"enabcm6e4ei0"
|
||||
"wlan0"
|
||||
];
|
||||
};
|
||||
|
||||
lease-database = {
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
persist = true;
|
||||
type = "memfile";
|
||||
};
|
||||
|
||||
rebind-timer = 2000;
|
||||
renew-timer = 1000;
|
||||
valid-lifetime = 4000;
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
subnet = "192.168.178.0/24";
|
||||
pools = [
|
||||
{ pool = "192.168.178.2 - 192.168.178.255"; }
|
||||
];
|
||||
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
space = "dhcp4";
|
||||
csv-format = true;
|
||||
data = "192.168.178.2";
|
||||
always-send = true;
|
||||
}
|
||||
{
|
||||
name = "routers";
|
||||
data = "192.168.178.1";
|
||||
always-send = true;
|
||||
}
|
||||
];
|
||||
|
||||
reservations = [
|
||||
{
|
||||
hostname = "droppie.local";
|
||||
hw-address = "08:F1:EA:97:0F:0C";
|
||||
ip-address = "192.168.178.3";
|
||||
}
|
||||
{
|
||||
hostname = "pie.local";
|
||||
hw-address = "dc:a6:32:5c:31:64";
|
||||
ip-address = "192.168.178.2";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.kea.dhcp6 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [
|
||||
"enabcm6e4ei0"
|
||||
"wlan0"
|
||||
];
|
||||
};
|
||||
lease-database = {
|
||||
name = "/var/lib/kea/dhcp6.leases";
|
||||
persist = true;
|
||||
type = "memfile";
|
||||
};
|
||||
rebind-timer = 2000;
|
||||
renew-timer = 1000;
|
||||
};
|
||||
};
|
||||
}
|
40
hosts/pie/hardware-configuration.nix
Normal file
40
hosts/pie/hardware-configuration.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "zroot/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/DA7C-BE8B";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/8ce4ae9c-2db0-41b0-8468-91bb184707d1"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
47
hosts/pie/pie.nix
Normal file
47
hosts/pie/pie.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
self,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./unbound.nix
|
||||
./dhcpd.nix
|
||||
./wake-droppie.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
pub-solar.core.lite = true;
|
||||
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.178.1";
|
||||
interface = "enabcm6e4ei0";
|
||||
};
|
||||
|
||||
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.178.2";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = ["${psCfg.user.name}"];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = ["NOPASSWD"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
41
hosts/pie/unbound.nix
Normal file
41
hosts/pie/unbound.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ pkgs, inputs, ... }:
|
||||
let
|
||||
adlist = inputs.adblock-unbound.packages.${pkgs.system};
|
||||
in {
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
networking.firewall.allowedTCPPorts = [ 53 ];
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
include = [
|
||||
"\"${adlist.unbound-adblockStevenBlack}\""
|
||||
];
|
||||
interface = [ "0.0.0.0" ];
|
||||
access-control = [ "192.168.178.0/24 allow" ];
|
||||
local-zone = [
|
||||
"\"b12f.io\" static"
|
||||
"\"local\" static"
|
||||
"\"box\" static"
|
||||
];
|
||||
local-data = [
|
||||
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
|
||||
"\"pie.local. 10800 IN A 192.168.178.2\""
|
||||
"\"fritz.box. 10800 IN A 192.168.178.1\""
|
||||
];
|
||||
};
|
||||
forward-zone = [
|
||||
{
|
||||
name = ".";
|
||||
forward-addr = [
|
||||
"9.9.9.9@53#quad9"
|
||||
"2620:fe::fe@53#quad9"
|
||||
];
|
||||
forward-tls-upstream = "no";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
9
hosts/pie/wake-droppie.nix
Normal file
9
hosts/pie/wake-droppie.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
"30 1 * * * wake-droppie ${pkgs.wakeonlan}/bin/wakeonlan 08:F1:EA:97:0F:0C"
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue