rewrite hosts

This commit is contained in:
Hendrik Sokolowski 2023-11-11 01:06:36 +01:00
parent d27c37cc16
commit b682bba164
40 changed files with 159 additions and 153 deletions

View file

@ -1,7 +1,7 @@
{
pkgs,
config,
self,
flake,
...
}: let
containerStateDir = "/var/lib/authelia-gssws";
@ -11,19 +11,19 @@
servicePort = 9091;
in {
age.secrets.authelia_users = {
file = "${self}/secrets/chonk_authelia_users.age";
file = "${flake.self}/secrets/chonk_authelia_users.age";
owner = "999";
group = "999";
};
age.secrets.authelia_storage_encryption_key = {
file = "${self}/secrets/chonk_authelia_storage_encryption_key.age";
file = "${flake.self}/secrets/chonk_authelia_storage_encryption_key.age";
owner = "999";
group = "999";
};
age.secrets.authelia_jwt_secret = {
file = "${self}/secrets/chonk_authelia_jwt_secret.age";
file = "${flake.self}/secrets/chonk_authelia_jwt_secret.age";
owner = "999";
group = "999";
};

View file

@ -1,11 +1,11 @@
{
config,
lib,
self,
flake,
...
}: {
age.secrets.restic_repository_password.file = "${self}/secrets/chonk_restic_repository_password.age";
age.secrets.restic_nextcloud_password.file = "${self}/secrets/chonk_restic_nextcloud_password.age";
age.secrets.restic_repository_password.file = "${flake.self}/secrets/chonk_restic_repository_password.age";
age.secrets.restic_nextcloud_password.file = "${flake.self}/secrets/chonk_restic_nextcloud_password.age";
programs.ssh.extraConfig = ''
Host backup

View file

@ -1,8 +1,8 @@
{
self,
config,
pkgs,
lib,
flake,
...
}: let
psCfg = config.pub-solar;
@ -10,7 +10,7 @@ in {
age.secrets.nix-builder-private-key = {
owner = "builder";
group = "builder";
file = "${self}/secrets/chonk_nix_builder_private_key.age";
file = "${flake.self}/secrets/chonk_nix_builder_private_key.age";
};
nix = {

View file

@ -4,29 +4,6 @@
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./acme.nix
./backup.nix
./drone.nix
./home-assistant.nix
./nextcloud.nix
./wireguard.nix
./builder.nix
./invidious.nix
./factorio.nix
./invoiceplane.nix
#./tang.nix
#./whiteboard.nix
./libvirt-container.nix
./monitoring.nix
./authelia.nix
];
boot.loader.systemd-boot.enable = lib.mkForce false;
time.timeZone = "Europe/Berlin";
@ -41,5 +18,8 @@
networking.firewall.allowedTCPPorts = [80 443 2222];
networking.firewall.allowedUDPPorts = [51899];
pub-solar.server.enable = true;
hardware.ksm.enable = true;
system.stateVersion = "21.05"; # Did you read the comment?
}

View file

@ -2,5 +2,24 @@
imports = [
./configuration.nix
./hardware-configuration.nix
./acme.nix
./backup.nix
./drone.nix
./home-assistant.nix
./nextcloud.nix
./wireguard.nix
./builder.nix
./invidious.nix
./factorio.nix
./invoiceplane.nix
#./tang.nix
#./whiteboard.nix
./libvirt-container.nix
./monitoring.nix
./authelia.nix
];
}

View file

@ -1,11 +1,11 @@
{
self,
config,
pkgs,
flake,
...
}: {
age.secrets.drone_exec_runner_config = {
file = "${self}/secrets/chonk_drone_exec_runner_config.age";
file = "${flake.self}/secrets/chonk_drone_exec_runner_config.age";
owner = "999";
};

View file

@ -1,5 +1,4 @@
{
self,
lib,
config,
pkgs,
@ -152,6 +151,10 @@ with pkgs; let
};
in rec
{
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"factorio-headless"
];
services.factorio = {
enable = true;
package = pkgs.factorio-headless-experimental;

View file

@ -5,13 +5,8 @@
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["raid1"];
boot.kernelModules = ["kvm-intel"];

View file

@ -1,5 +1,4 @@
{
self,
pkgs,
config,
...

View file

@ -1,12 +1,12 @@
{
self,
flake,
config,
pkgs,
...
}: let
domain = "yt.gssws.de";
in {
age.secrets.invidious_db_password.file = "${self}/secrets/chonk_invidious_db_password.age";
age.secrets.invidious_db_password.file = "${flake.self}/secrets/chonk_invidious_db_password.age";
services.invidious = {
inherit domain;

View file

@ -1,5 +1,4 @@
{
self,
config,
pkgs,
...

View file

@ -1,7 +1,7 @@
{
config,
lib,
self,
flake,
...
}: {
pub-solar.monitoring-server = {

View file

@ -1,5 +1,4 @@
{
self,
pkgs,
config,
lib,

View file

@ -1,5 +1,5 @@
{
self,
flake,
pkgs,
config,
lib,
@ -15,13 +15,13 @@ in {
age.secrets.nextcloud_db_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/chonk_nextcloud_db_pass.age";
file = "${flake.self}/secrets/chonk_nextcloud_db_pass.age";
};
age.secrets.nextcloud_admin_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/chonk_nextcloud_admin_pass.age";
file = "${flake.self}/secrets/chonk_nextcloud_admin_pass.age";
};
# HTTP

View file

@ -1,5 +1,4 @@
{
self,
config,
pkgs,
...

View file

@ -1,10 +1,10 @@
{
self,
flake,
config,
pkgs,
...
}: {
age.secrets.home_controller_wireguard.file = "${self}/secrets/chonk_wireguard_key.age";
age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/chonk_wireguard_key.age";
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";

View file

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
flake,
pkgs,
builtins,
config,
@ -10,11 +10,12 @@
...
}: {
imports = [
./hardware-configuration.nix
./home-controller.nix
./home-assistant.nix
];
pub-solar.server.enable = true;
hardware.ksm.enable = true;
boot.loader.timeout = lib.mkForce 0;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
@ -26,7 +27,7 @@
device = "nodev";
extraInstallCommands = ''
cp -r ${inputs.nixpkgs-hensoko.packages.aarch64-linux.raspberrypi4_firmware_uefi}/share/raspberrypi4-firmware-uefi/* /boot/
cp -r ${flake.inputs.nixpkgs-hensoko.packages.aarch64-linux.raspberrypi4_firmware_uefi}/share/raspberrypi4-firmware-uefi/* /boot/
'';
};

View file

@ -8,10 +8,6 @@
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"];
#boot.kernelParams = [ "usb-storage.quirks=2109:0716:u,174c:55aa:u" ];

View file

@ -1,5 +1,5 @@
{
self,
flake,
config,
pkgs,
...

View file

@ -1,11 +1,11 @@
{
self,
flake,
config,
pkgs,
...
}: {
config = {
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_companion_wireguard_key.age";
age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_companion_wireguard_key.age";
pub-solar.home-controller = {
enable = true;

View file

@ -1,5 +1,5 @@
{
self,
flake,
config,
pkgs,
...
@ -10,7 +10,7 @@ let
in
{
age.secrets.backup_restic_htpasswd = {
file = "${self}/secrets/cox_backup_restic_htpasswd.age";
file = "${flake.self}/secrets/cox_backup_restic_htpasswd.age";
owner = "${toString config.ids.uids.restic}";
};

View file

@ -9,7 +9,6 @@
}: {
imports = [
./backup.nix
./hardware-configuration.nix
./home-controller.nix
./paperless.nix
];

View file

@ -1,11 +1,11 @@
{
self,
flake,
config,
pkgs,
...
}: {
config = {
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cox_wireguard_key.age";
age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_cox_wireguard_key.age";
pub-solar.home-controller = {
enable = true;

View file

@ -4,12 +4,8 @@
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home-controller.nix
];
pub-solar.server.enable = true;
hardware.ksm.enable = true;
pub-solar.core.disk-encryption-active = false;
networking.networkmanager.enable = lib.mkForce false;

View file

@ -21,10 +21,10 @@ in
(mkNixosConfig "cube" "x86_64-linux" "iot") //
(mkNixosConfig "falcone" "aarch64-linux" "iot") //
(mkNixosConfig "giggles" "aarch64-linux" "iot") //
(mkNixosConfig "harrison" "x86_64-linux" "iot") //
(mkNixosConfig "norman" "x86_64-linux" "iot") //
(mkNixosConfig "redpanda" "x86_64-linux" "iot") //
(mkNixosConfig "ringo" "x86_64-linux" "iot") //
(mkNixosConfig "surfplace" "x86_64-linux" "iot");
};
(mkNixosConfig "harrison" "x86_64-linux" "hensoko") //
(mkNixosConfig "norman" "x86_64-linux" "hensoko") //
(mkNixosConfig "redpanda" "x86_64-linux" "hensoko") //
(mkNixosConfig "ringo" "x86_64-linux" "hensoko") //
(mkNixosConfig "surfplace" "x86_64-linux" "hensoko");
};
}

View file

@ -5,11 +5,6 @@
{ inputs, pkgs, builtins, config, lib, ... }:
{
imports =
[
./hardware-configuration.nix
];
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
pub-solar.core.disk-encryption-active = false;

View file

@ -16,7 +16,7 @@
#boot.initrd.supportedFilesystems = [ "zfs" ];
#boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_19;
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
fileSystems."/" =
{

View file

@ -5,7 +5,6 @@
...
}: {
imports = [
./hardware-configuration.nix
./network.nix
./network-dhcp.nix
./avahi-reflector.nix
@ -19,6 +18,8 @@
# ./tang-container.nix
];
pub-solar.server.enable = true;
hardware.ksm.enable = true;
boot.loader.timeout = 0;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;

View file

@ -1,5 +1,5 @@
{
self,
flake,
config,
pkgs,
python3Packages,
@ -9,7 +9,7 @@
{
age.secrets.home-assistant_giggles_secrets = {
file = "${self}/secrets/home-assistant_giggles_secrets.age";
file = "${flake.self}/secrets/home-assistant_giggles_secrets.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = config.systemd.services.home-assistant.serviceConfig.User;
group = config.systemd.services.home-assistant.serviceConfig.Group;

View file

@ -1,11 +1,11 @@
{
self,
flake,
config,
pkgs,
...
}: {
config = {
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_giggles_wireguard_key.age";
age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_giggles_wireguard_key.age";
pub-solar.home-controller = {
enable = true;

View file

@ -1,6 +1,8 @@
{pkgs, ...}:
{ pkgs, lib, ...}:
{
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "mongodb" "unifi-controller" ];
networking.firewall.allowedTCPPorts = [8443]; # open unifi web interface port
services.unifi = {

View file

@ -8,12 +8,48 @@ let
psCfg = config.pub-solar;
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# work
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.social.enable = true;
pub-solar.office.enable = true;
systemd.enableUnifiedCgroupHierarchy = true;
environment.systemPackages = with pkgs; [
jetbrains.goland
minicom
openjdk11
putty
remmina
thunderbird
vscode
vscode-extensions.golang.go
vscode-extensions.ms-python.python
wireshark
go_1_20
meld
ardour
helm
];
# unfree
hardware.enableRedistributableFirmware = true;
# graphical
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
# daw
pub-solar.audio.enable = lib.mkForce true;
musnix.enable = true;
services.pipewire.jack.enable = true;
# gaming
pub-solar.gaming.enable = true;
# emulated building for raspi
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
home-manager.users."${psCfg.user.name}".xdg.configFile = lib.mkIf psCfg.sway.enable {
@ -21,7 +57,6 @@ in
};
pub-solar.paranoia.enable = true;
pub-solar.nextcloud.enable = true;
programs.ausweisapp.enable = true;
services.pcscd = {

View file

@ -1,6 +1,6 @@
{ suites, ... }:
{
{ ... }: {
imports = [
./harrison.nix
] ++ suites.harrison;
./configuration.nix
./hardware-configuration.nix
];
}

View file

@ -1,28 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
with pkgs;
let
psCfg = config.pub-solar;
in
{
imports = [
./configuration.nix
];
config = {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
pub-solar.paranoia.enable = true;
pub-solar.nextcloud.enable = true;
programs.ausweisapp.enable = true;
services.pcscd = {
enable = true;
plugins = [ pkgs.pcsc-cyberjack ];
};
};
}

View file

@ -12,15 +12,43 @@ let
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./wireguard.nix
./builder.nix
];
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.social.enable = true;
pub-solar.office.enable = true;
systemd.enableUnifiedCgroupHierarchy = true;
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"goland"
];
environment.systemPackages = with pkgs; [
jetbrains.goland
minicom
openjdk11
putty
remmina
thunderbird
vscode
vscode-extensions.golang.go
vscode-extensions.ms-python.python
wireshark
go_1_20
meld
factorio-experimental
];
hardware.enableRedistributableFirmware = true;
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
boot.binfmt.emulatedSystems = ["aarch64-linux"];
environment.systemPackages = [pkgs.factorio-experimental];
pub-solar.audio.bluetooth.enable = false;

View file

@ -5,12 +5,6 @@
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.loader.systemd-boot.enable = lib.mkForce false;

View file

@ -5,12 +5,6 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
./home-controller.nix
];
pub-solar.core.lite = true;
# Use the systemd-boot EFI boot loader.

View file

@ -4,8 +4,6 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];

View file

@ -5,13 +5,13 @@
{ inputs, pkgs, builtins, config, lib, ... }:
{
imports =
[
./hardware-configuration.nix
];
time.timeZone = "Europe/Berlin";
pub-solar.social.enable = true;
hardware.enableRedistributableFirmware = true;
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

View file

@ -2,6 +2,7 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
inputs,
config,
lib,
pkgs,
@ -9,13 +10,14 @@
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
#(modulesPath + "/installer/scan/not-detected.nix")
#inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.extraModulePackages = [config.boot.kernelPackages.rtl88x2bu];
microsoft-surface.kernelVersion = "6.5.5";
#microsoft-surface.kernelVersion = "6.5.5";
fileSystems."/" = {
device = "/dev/disk/by-label/root";