diff --git a/flake.nix b/flake.nix index c71c5818..a742e66d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "A highly structured configuration database."; + description = "b12f hosts"; nixConfig.extra-experimental-features = "nix-command flakes"; @@ -11,19 +11,13 @@ flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; - digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; - digga.inputs.nixpkgs.follows = "nixos"; - digga.inputs.nixlib.follows = "nixos"; - digga.inputs.home-manager.follows = "home"; - digga.inputs.deploy.follows = "deploy"; - digga.inputs.darwin.follows = "darwin"; - digga.inputs.flake-compat.follows = "flake-compat"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; + nix-darwin.inputs.nixpkgs.follows = "nixos"; + home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager.inputs.nixpkgs.follows = "nixos"; - home.url = "github:nix-community/home-manager/release-23.05"; - home.inputs.nixpkgs.follows = "nixos"; - - darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "nixos"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixos-flake.url = "github:srid/nixos-flake"; deploy.url = "github:serokell/deploy-rs"; deploy.inputs.nixpkgs.follows = "nixos"; @@ -48,6 +42,82 @@ adblock-unbound.inputs.nixpkgs.follows = "nixos"; }; + outputs = inputs@{ self, ... }: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + imports = [ + inputs.nixos-flake.flakeModule + ]; + + perSystem = { config, ... }: { }; + + flake = { + # Configurations for Linux (NixOS) machines + nixosConfigurations = { + biolimo = self.nixos-flake.lib.mkLinuxSystem "x86_64-linux" { + imports = [ + self.nixosModules.linux + self.nixosModules.home-manager + self.nixosModules.agenix + self.nixosModules.musnix + ./hosts/biolimo/default.nix + ]; + }; + }; + + nixosModules = rec { + arduino = import ./modules/arduino/default.nix; + audio = import ./modules/audio/default.nix; + ci-runner = import ./modules/ci-runner/default.nix; + core = import ./modules/core/default.nix; + crypto = import ./modules/crypto/default.nix; + devops = import ./modules/devops/default.nix; + docker = import ./modules/docker/default.nix; + docker-ci-runner = import ./modules/docker-ci-runner/default.nix; + email = import ./modules/email/default.nix; + factorio = import ./modules/factorio/default.nix; + gaming = import ./modules/gaming/default.nix; + graphical = import ./modules/graphical/default.nix; + mobile = import ./modules/mobile/default.nix; + nextcloud = import ./modules/nextcloud/default.nix; + office = import ./modules/office/default.nix; + paperless = import ./modules/paperless/default.nix; + paranoia = import ./modules/paranoia/default.nix; + printing = import ./modules/printing/default.nix; + social = import ./modules/social/default.nix; + sway = import ./modules/sway/default.nix; + terminal-life = import ./modules/terminal-life/default.nix; + uhk = import ./modules/uhk/default.nix; + user = import ./modules/user/default.nix; + virtualisation = import ./modules/virtualisation/default.nix; + + + base = [users.pub-solar users.root]; + iso = base ++ [base-user graphical pub-solar-iso]; + pubsolaros = [full-install base-user users.root]; + anonymous = [pubsolaros users.pub-solar]; + + b12f = pubsolaros ++ [users.b12f social gaming mobile]; + biolimo = b12f ++ [graphical]; + chocolatebar = b12f ++ [graphical virtualisation]; + + yule = pubsolaros ++ [users.yule]; + droppie = yule ++ []; + pie = yule ++ []; + maoam = b12f ++ []; + }; + + homeModules = { }; + }; + }; +} + outputs = { self, digga, diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix deleted file mode 100644 index 97051ded..00000000 --- a/hosts/biolimo/biolimo.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ]; - - config = { - pub-solar.paranoia.enable = true; - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 15296512; - - hardware.cpu.intel.updateMicrocode = true; - - networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - - home.packages = [ - inkscape - ]; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix index d5c70a17..4f0bba60 100644 --- a/hosts/biolimo/configuration.nix +++ b/hosts/biolimo/configuration.nix @@ -1,20 +1,47 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 15296512; + + hardware.cpu.intel.updateMicrocode = true; + + networking.networkmanager.wifi.backend = mkForce "wpa_supplicant"; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + home-manager = with pkgs; + pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + }; + + home.packages = [ + inkscape + ]; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index cbf61ab8..187a1108 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -1,7 +1,6 @@ -{suites, ...}: { - imports = - [ - ./biolimo.nix - ] - ++ suites.biolimo; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; } diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix deleted file mode 100644 index 6de9a7c2..00000000 --- a/hosts/chocolatebar/chocolatebar.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - config, - pkgs, - lib, - self, - inputs, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./virtualisation - ./factorio - ]; - - config = { - hardware.cpu.amd.updateMicrocode = true; - - hardware.opengl.extraPackages = with pkgs; [ - rocm-opencl-icd - rocm-opencl-runtime - ]; - - pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; - pub-solar.core.hibernation.resumeOffset = 115075072; - - pub-solar.paperless.sync.masterNode = true; - - age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; - mode = "400"; - owner = psCfg.user.name; - }; - - pub-solar.docker-ci-runner = { - enable = true; - runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; - }; - - pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; - - services.openssh.openFirewall = true; - networking.firewall.allowedTCPPorts = - [443] - ++ ( - if psCfg.sway.vnc.enable - then [5901] - else [] - ); - networking.firewall.allowedUDPPorts = [43050]; - - environment.systemPackages = with pkgs; [ - wayvnc - drone-docker-runner - stdenv.cc.cc.lib - pkgs.hplip - ]; - - age.secrets."vnc-key.pem" = { - file = "${self}/secrets/vnc-key-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - age.secrets."vnc-cert.pem" = { - file = "${self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "400"; - owner = psCfg.user.name; - }; - pub-solar.sway.vnc.enable = true; - - services.printing.drivers = [ - pkgs.cups-brother-hl3140cw - ]; - - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" - ''; - - home-manager.users."${psCfg.user.name}" = { - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - - home.sessionVariables = { - NIX_CC = "${pkgs.stdenv.cc}"; - }; - - home.packages = with pkgs; [ - lmms - audacity - ]; - }; - - musnix = { - enable = true; - kernel.realtime = true; - }; - - # For OpenProject development with https - security.pki.certificates = [ - (builtins.readFile ./step-roots.pem) - ]; - }; -} diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix index d5c70a17..489d1c22 100644 --- a/hosts/chocolatebar/configuration.nix +++ b/hosts/chocolatebar/configuration.nix @@ -1,20 +1,106 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { + hardware.cpu.amd.updateMicrocode = true; + + hardware.opengl.extraPackages = with pkgs; [ + rocm-opencl-icd + rocm-opencl-runtime ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 115075072; + + pub-solar.paperless.sync.masterNode = true; + + age.secrets."drone-runner-exec-config" = { + file = "${self}/secrets/drone-runner-exec-config"; + mode = "400"; + owner = psCfg.user.name; + }; + + pub-solar.docker-ci-runner = { + enable = true; + runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; + }; + + pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; + + services.openssh.openFirewall = true; + networking.firewall.allowedTCPPorts = + [443] + ++ ( + if psCfg.sway.vnc.enable + then [5901] + else [] + ); + networking.firewall.allowedUDPPorts = [43050]; + + environment.systemPackages = with pkgs; [ + wayvnc + drone-docker-runner + stdenv.cc.cc.lib + pkgs.hplip + ]; + + age.secrets."vnc-key.pem" = { + file = "${self}/secrets/vnc-key-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + age.secrets."vnc-cert.pem" = { + file = "${self}/secrets/vnc-cert-chocolatebar.pem"; + mode = "400"; + owner = psCfg.user.name; + }; + pub-solar.sway.vnc.enable = true; + + services.printing.drivers = [ + pkgs.cups-brother-hl3140cw + ]; + + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0" + ''; + + home-manager.users."${psCfg.user.name}" = { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + + home.sessionVariables = { + NIX_CC = "${pkgs.stdenv.cc}"; + }; + + home.packages = with pkgs; [ + lmms + audacity + ]; + }; + + musnix = { + enable = true; + kernel.realtime = true; + }; + + # For OpenProject development with https + security.pki.certificates = [ + (builtins.readFile ./step-roots.pem) + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix index a39b3ecf..45e4372c 100644 --- a/hosts/chocolatebar/default.nix +++ b/hosts/chocolatebar/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./chocolatebar.nix - ] - ++ suites.chocolatebar; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./virtualisation + ./factorio + ]; } diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 5d58058d..371918a2 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -1,17 +1,13 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { enable = true; @@ -20,6 +16,47 @@ }; boot.loader.efi.canTouchEfiVariables = true; + hardware.cpu.intel.updateMicrocode = true; + + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + + services.ddclient = { + enable = false; + ipv6 = true; + domains = ["backup.b12f.io"]; + server = "ddns.hosting.de"; + username = "b12f"; + use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; + passwordFile = "/run/agenix/dyndns-droppie.key"; + }; + + age.secrets."dyndns-droppie.key" = { + file = "${self}/secrets/dyndns-droppie.key"; + mode = "400"; + owner = "root"; + }; + + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie + age.secrets."droppie-ssh-root.key" = { + file = "${self}/secrets/droppie-ssh-root.key"; + path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; + mode = "400"; + owner = psCfg.user.name; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix index 2b44a0d1..9fd7261a 100644 --- a/hosts/droppie/default.nix +++ b/hosts/droppie/default.nix @@ -1,7 +1,9 @@ -{suites, ...}: { - imports = - [ - ./droppie.nix - ] - ++ suites.droppie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./nextcloud-web-tunnel.nix + ./restic-backup.nix + ]; } diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix deleted file mode 100644 index cb3fe606..00000000 --- a/hosts/droppie/droppie.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./nextcloud-web-tunnel.nix - ./restic-backup.nix - ]; - - config = { - hardware.cpu.intel.updateMicrocode = true; - - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - services.ddclient = { - enable = false; - ipv6 = true; - domains = ["backup.b12f.io"]; - server = "ddns.hosting.de"; - username = "b12f"; - use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; - passwordFile = "/run/agenix/dyndns-droppie.key"; - }; - - age.secrets."dyndns-droppie.key" = { - file = "${self}/secrets/dyndns-droppie.key"; - mode = "400"; - owner = "root"; - }; - - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie - age.secrets."droppie-ssh-root.key" = { - file = "${self}/secrets/droppie-ssh-root.key"; - path = "/home/${psCfg.user.name}/.ssh/id_ed25519"; - mode = "400"; - owner = psCfg.user.name; - }; - }; -} diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index fdc5b953..9686d9d0 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -7,11 +7,11 @@ lib, inputs, ... -}: { - imports = [ - ./hardware-configuration.nix - ]; - +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in { boot.loader.grub.enable = true; boot.loader.grub.efiSupport = true; boot.loader.grub.efiInstallAsRemovable = true; @@ -27,6 +27,33 @@ boot.kernelPackages = pkgs.linuxPackages_6_1; + pub-solar.core.disk-encryption-active = false; + pub-solar.core.lite = true; + + networking.defaultGateway = { + address = "192.168.178.1"; + interface = "enabcm6e4ei0"; + }; + + networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ + { + address = "192.168.178.2"; + prefixLength = 24; + } + ]; + + security.sudo.extraRules = [ + { + users = ["${psCfg.user.name}"]; + commands = [ + { + command = "ALL"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix index 12cc94b9..541edac4 100644 --- a/hosts/pie/default.nix +++ b/hosts/pie/default.nix @@ -1,7 +1,10 @@ -{suites, ...}: { - imports = - [ - ./pie.nix - ] - ++ suites.pie; +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + + ./unbound.nix + ./dhcpd.nix + ./wake-droppie.nix + ]; } diff --git a/hosts/pie/pie.nix b/hosts/pie/pie.nix deleted file mode 100644 index 1aa30624..00000000 --- a/hosts/pie/pie.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./configuration.nix - ./unbound.nix - ./dhcpd.nix - ./wake-droppie.nix - ]; - - config = { - pub-solar.core.disk-encryption-active = false; - pub-solar.core.lite = true; - - networking.defaultGateway = { - address = "192.168.178.1"; - interface = "enabcm6e4ei0"; - }; - - networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ - { - address = "192.168.178.2"; - prefixLength = 24; - } - ]; - - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - }; -}