refactor: start removing digga
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Benjamin Bädorf 2023-09-12 22:07:05 +02:00
parent 3fcb1e3c4e
commit f7f57e4944
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
13 changed files with 320 additions and 330 deletions

View file

@ -1,5 +1,5 @@
{ {
description = "A highly structured configuration database."; description = "b12f hosts";
nixConfig.extra-experimental-features = "nix-command flakes"; nixConfig.extra-experimental-features = "nix-command flakes";
@ -11,19 +11,13 @@
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false; flake-compat.flake = false;
digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; nix-darwin.url = "github:lnl7/nix-darwin/master";
digga.inputs.nixpkgs.follows = "nixos"; nix-darwin.inputs.nixpkgs.follows = "nixos";
digga.inputs.nixlib.follows = "nixos"; home-manager.url = "github:nix-community/home-manager/release-23.05";
digga.inputs.home-manager.follows = "home"; home-manager.inputs.nixpkgs.follows = "nixos";
digga.inputs.deploy.follows = "deploy";
digga.inputs.darwin.follows = "darwin";
digga.inputs.flake-compat.follows = "flake-compat";
home.url = "github:nix-community/home-manager/release-23.05"; flake-parts.url = "github:hercules-ci/flake-parts";
home.inputs.nixpkgs.follows = "nixos"; nixos-flake.url = "github:srid/nixos-flake";
darwin.url = "github:LnL7/nix-darwin";
darwin.inputs.nixpkgs.follows = "nixos";
deploy.url = "github:serokell/deploy-rs"; deploy.url = "github:serokell/deploy-rs";
deploy.inputs.nixpkgs.follows = "nixos"; deploy.inputs.nixpkgs.follows = "nixos";
@ -48,6 +42,82 @@
adblock-unbound.inputs.nixpkgs.follows = "nixos"; adblock-unbound.inputs.nixpkgs.follows = "nixos";
}; };
outputs = inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
imports = [
inputs.nixos-flake.flakeModule
];
perSystem = { config, ... }: { };
flake = {
# Configurations for Linux (NixOS) machines
nixosConfigurations = {
biolimo = self.nixos-flake.lib.mkLinuxSystem "x86_64-linux" {
imports = [
self.nixosModules.linux
self.nixosModules.home-manager
self.nixosModules.agenix
self.nixosModules.musnix
./hosts/biolimo/default.nix
];
};
};
nixosModules = rec {
arduino = import ./modules/arduino/default.nix;
audio = import ./modules/audio/default.nix;
ci-runner = import ./modules/ci-runner/default.nix;
core = import ./modules/core/default.nix;
crypto = import ./modules/crypto/default.nix;
devops = import ./modules/devops/default.nix;
docker = import ./modules/docker/default.nix;
docker-ci-runner = import ./modules/docker-ci-runner/default.nix;
email = import ./modules/email/default.nix;
factorio = import ./modules/factorio/default.nix;
gaming = import ./modules/gaming/default.nix;
graphical = import ./modules/graphical/default.nix;
mobile = import ./modules/mobile/default.nix;
nextcloud = import ./modules/nextcloud/default.nix;
office = import ./modules/office/default.nix;
paperless = import ./modules/paperless/default.nix;
paranoia = import ./modules/paranoia/default.nix;
printing = import ./modules/printing/default.nix;
social = import ./modules/social/default.nix;
sway = import ./modules/sway/default.nix;
terminal-life = import ./modules/terminal-life/default.nix;
uhk = import ./modules/uhk/default.nix;
user = import ./modules/user/default.nix;
virtualisation = import ./modules/virtualisation/default.nix;
base = [users.pub-solar users.root];
iso = base ++ [base-user graphical pub-solar-iso];
pubsolaros = [full-install base-user users.root];
anonymous = [pubsolaros users.pub-solar];
b12f = pubsolaros ++ [users.b12f social gaming mobile];
biolimo = b12f ++ [graphical];
chocolatebar = b12f ++ [graphical virtualisation];
yule = pubsolaros ++ [users.yule];
droppie = yule ++ [];
pie = yule ++ [];
maoam = b12f ++ [];
};
homeModules = { };
};
};
}
outputs = { outputs = {
self, self,
digga, digga,

View file

@ -1,47 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
];
config = {
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true;
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
};
}

View file

@ -1,20 +1,47 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
pkgs, pkgs,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
]; in {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true;
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,6 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./biolimo.nix ./hardware-configuration.nix
] ];
++ suites.biolimo;
} }

View file

@ -1,109 +0,0 @@
{
config,
pkgs,
lib,
self,
inputs,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./virtualisation
./factorio
];
config = {
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
];
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
file = "${self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true;
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
file = "${self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
home.sessionVariables = {
NIX_CC = "${pkgs.stdenv.cc}";
};
home.packages = with pkgs; [
lmms
audacity
];
};
musnix = {
enable = true;
kernel.realtime = true;
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
};
}

View file

@ -1,20 +1,106 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
pkgs, pkgs,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
file = "${self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
services.openssh.openFirewall = true;
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
file = "${self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.printing.drivers = [
pkgs.cups-brother-hl3140cw
];
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
home.sessionVariables = {
NIX_CC = "${pkgs.stdenv.cc}";
};
home.packages = with pkgs; [
lmms
audacity
];
};
musnix = {
enable = true;
kernel.realtime = true;
};
# For OpenProject development with https
security.pki.certificates = [
(builtins.readFile ./step-roots.pem)
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,9 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./chocolatebar.nix ./hardware-configuration.nix
]
++ suites.chocolatebar; ./virtualisation
./factorio
];
} }

View file

@ -1,17 +1,13 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ {
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: { }:
imports = [ with lib; let
# Include the results of the hardware scan. psCfg = config.pub-solar;
./hardware-configuration.nix xdg = config.home-manager.users."${psCfg.user.name}".xdg;
]; in {
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
@ -20,6 +16,47 @@
}; };
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
hardware.cpu.intel.updateMicrocode = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
services.ddclient = {
enable = false;
ipv6 = true;
domains = ["backup.b12f.io"];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
age.secrets."droppie-ssh-root.key" = {
file = "${self}/secrets/droppie-ssh-root.key";
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
mode = "400";
owner = psCfg.user.name;
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,9 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./droppie.nix ./hardware-configuration.nix
]
++ suites.droppie; ./nextcloud-web-tunnel.nix
./restic-backup.nix
];
} }

View file

@ -1,60 +0,0 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./nextcloud-web-tunnel.nix
./restic-backup.nix
];
config = {
hardware.cpu.intel.updateMicrocode = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
services.ddclient = {
enable = false;
ipv6 = true;
domains = ["backup.b12f.io"];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
age.secrets."droppie-ssh-root.key" = {
file = "${self}/secrets/droppie-ssh-root.key";
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
mode = "400";
owner = psCfg.user.name;
};
};
}

View file

@ -7,11 +7,11 @@
lib, lib,
inputs, inputs,
... ...
}: { }:
imports = [ with lib; let
./hardware-configuration.nix psCfg = config.pub-solar;
]; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true; boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true; boot.loader.grub.efiInstallAsRemovable = true;
@ -27,6 +27,33 @@
boot.kernelPackages = pkgs.linuxPackages_6_1; boot.kernelPackages = pkgs.linuxPackages_6_1;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,7 +1,10 @@
{suites, ...}: { {...}: {
imports = imports = [
[ ./configuration.nix
./pie.nix ./hardware-configuration.nix
]
++ suites.pie; ./unbound.nix
./dhcpd.nix
./wake-droppie.nix
];
} }

View file

@ -1,47 +0,0 @@
{
config,
pkgs,
lib,
self,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
imports = [
./configuration.nix
./unbound.nix
./dhcpd.nix
./wake-droppie.nix
];
config = {
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}