feat: add Pie

This commit is contained in:
Benjamin Bädorf 2023-09-11 23:51:13 +02:00
parent 8ef898f575
commit 632519e041
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
9 changed files with 382 additions and 19 deletions

View file

@ -1,5 +1,43 @@
{
"nodes": {
"adblock-unbound": {
"inputs": {
"adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1688055723,
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=",
"owner": "MayNiklas",
"repo": "nixos-adblock-unbound",
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc",
"type": "github"
},
"original": {
"owner": "MayNiklas",
"repo": "nixos-adblock-unbound",
"type": "github"
}
},
"adblockStevenBlack": {
"flake": false,
"locked": {
"lastModified": 1665337238,
"narHash": "sha256-LYYjWMy4xXXqnM3ROKseS7y0faNLYyyDPqUe1+Uf+RE=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "ff7d9bed83732bd3980ae452927541c6c4b15382",
"type": "github"
},
"original": {
"owner": "StevenBlack",
"repo": "hosts",
"type": "github"
}
},
"agenix": {
"inputs": {
"darwin": [
@ -47,8 +85,8 @@
"inputs": {
"devshell": "devshell_3",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs"
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1686513235,
@ -90,7 +128,7 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"digga",
"nixpkgs"
@ -189,7 +227,7 @@
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"flake-utils-plus": "flake-utils-plus",
"home-manager": [
"home"
@ -283,11 +321,11 @@
},
"flake-utils": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@ -319,6 +357,21 @@
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -333,7 +386,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_2"
},
@ -351,7 +404,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"inputs": {
"systems": "systems_4"
},
@ -369,7 +422,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
@ -411,7 +464,7 @@
"keycloak-theme-pub-solar": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixos"
]
@ -463,6 +516,24 @@
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1690426816,
"narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=",
"owner": "musnix",
"repo": "musnix",
"rev": "e651b06f8a3ac7d71486984100e8a79334da8329",
"type": "github"
},
"original": {
"owner": "musnix",
"repo": "musnix",
"type": "github"
}
},
"nixos": {
"locked": {
"lastModified": 1693636127,
@ -496,15 +567,15 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1686412476,
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
"owner": "nixos",
"lastModified": 1690272529,
"narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "21951114383770f96ae528d0ae68824557768e81",
"rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c",
"type": "github"
},
"original": {
"owner": "nixos",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@ -527,6 +598,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1686412476,
"narHash": "sha256-inl9SVk6o5h75XKC79qrDCAobTD1Jxh6kVYTZKHzewA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "21951114383770f96ae528d0ae68824557768e81",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1693158576,
"narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=",
@ -544,6 +631,7 @@
},
"root": {
"inputs": {
"adblock-unbound": "adblock-unbound",
"agenix": "agenix",
"darwin": "darwin",
"deploy": "deploy",
@ -555,6 +643,7 @@
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
"latest": "latest",
"master": "master",
"musnix": "musnix",
"nixos": "nixos",
"nixos-hardware": "nixos-hardware",
"scan2paperless": "scan2paperless"
@ -564,8 +653,8 @@
"inputs": {
"deno2nix": "deno2nix",
"devshell": "devshell_4",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_2"
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1693298356,

View file

@ -42,6 +42,10 @@
fix-yubikey-agent.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
fix-atomic-container-restarts.url = "github:pub-solar/nixpkgs/fix/atomic-container-restarts";
scan2paperless.url = "git+https://git.pub.solar/b12f/scan2paperless.git";
musnix.url = "github:musnix/musnix";
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
adblock-unbound.inputs.nixpkgs.follows = "nixos";
};
outputs = {
@ -53,6 +57,7 @@
agenix,
deploy,
scan2paperless,
musnix,
...
} @ inputs:
digga.lib.mkFlake
@ -108,6 +113,7 @@
digga.nixosModules.nixConfig
home.nixosModules.home-manager
agenix.nixosModules.age
musnix.nixosModules.musnix
];
};
@ -127,6 +133,11 @@
#})
];
};
pie = {
system = "aarch64-linux";
modules = [nixos-hardware.nixosModules.raspberry-pi-4];
};
};
importables = rec {
profiles =
@ -179,9 +190,11 @@
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
droppie = {
hostname = "backup.b12f.io";
sshUser = "yule";
};
nougat-2 = {
pie = {
sshUser = "yule";
};
#example = {

View file

@ -0,0 +1,37 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
inputs,
...
}: {
imports = [
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 5;
boot.loader.efi.canTouchEfiVariables = false;
boot.loader.systemd-boot.enable = false;
boot.loader.generic-extlinux-compatible.enable = false;
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "34234773";
boot.kernelPackages = pkgs.linuxPackages_6_1;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

7
hosts/pie/default.nix Normal file
View file

@ -0,0 +1,7 @@
{suites, ...}: {
imports =
[
./pie.nix
]
++ suites.pie;
}

80
hosts/pie/dhcpd.nix Normal file
View file

@ -0,0 +1,80 @@
{ pkgs, adblock-unbound, ... }:
{
services.kea.dhcp4 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [
"enabcm6e4ei0"
"wlan0"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 4000;
subnet4 = [
{
subnet = "192.168.178.0/24";
pools = [
{ pool = "192.168.178.2 - 192.168.178.255"; }
];
option-data = [
{
name = "domain-name-servers";
space = "dhcp4";
csv-format = true;
data = "192.168.178.2";
always-send = true;
}
{
name = "routers";
data = "192.168.178.1";
always-send = true;
}
];
reservations = [
{
hostname = "droppie.local";
hw-address = "08:F1:EA:97:0F:0C";
ip-address = "192.168.178.3";
}
{
hostname = "pie.local";
hw-address = "dc:a6:32:5c:31:64";
ip-address = "192.168.178.2";
}
];
}
];
};
};
services.kea.dhcp6 = {
enable = true;
settings = {
interfaces-config = {
interfaces = [
"enabcm6e4ei0"
"wlan0"
];
};
lease-database = {
name = "/var/lib/kea/dhcp6.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
};
};
}

View file

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DA7C-BE8B";
fsType = "vfat";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/8ce4ae9c-2db0-41b0-8468-91bb184707d1"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

47
hosts/pie/pie.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./unbound.nix
./dhcpd.nix
./wake-droppie.nix
];
config = {
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}

41
hosts/pie/unbound.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, inputs, ... }:
let
adlist = inputs.adblock-unbound.packages.${pkgs.system};
in {
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.unbound = {
enable = true;
settings = {
server = {
include = [
"\"${adlist.unbound-adblockStevenBlack}\""
];
interface = [ "0.0.0.0" ];
access-control = [ "192.168.178.0/24 allow" ];
local-zone = [
"\"b12f.io\" static"
"\"local\" static"
"\"box\" static"
];
local-data = [
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
"\"pie.local. 10800 IN A 192.168.178.2\""
"\"fritz.box. 10800 IN A 192.168.178.1\""
];
};
forward-zone = [
{
name = ".";
forward-addr = [
"9.9.9.9@53#quad9"
"2620:fe::fe@53#quad9"
];
forward-tls-upstream = "no";
}
];
};
};
}

View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
services.cron = {
enable = true;
systemCronJobs = [
"30 1 * * * wake-droppie ${pkgs.wakeonlan}/bin/wakeonlan 08:F1:EA:97:0F:0C"
];
};
}