refactor: start removing digga
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
3fcb1e3c4e
commit
f7f57e4944
96
flake.nix
96
flake.nix
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
description = "A highly structured configuration database.";
|
description = "b12f hosts";
|
||||||
|
|
||||||
nixConfig.extra-experimental-features = "nix-command flakes";
|
nixConfig.extra-experimental-features = "nix-command flakes";
|
||||||
|
|
||||||
|
@ -11,19 +11,13 @@
|
||||||
flake-compat.url = "github:edolstra/flake-compat";
|
flake-compat.url = "github:edolstra/flake-compat";
|
||||||
flake-compat.flake = false;
|
flake-compat.flake = false;
|
||||||
|
|
||||||
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
digga.inputs.nixpkgs.follows = "nixos";
|
nix-darwin.inputs.nixpkgs.follows = "nixos";
|
||||||
digga.inputs.nixlib.follows = "nixos";
|
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
||||||
digga.inputs.home-manager.follows = "home";
|
home-manager.inputs.nixpkgs.follows = "nixos";
|
||||||
digga.inputs.deploy.follows = "deploy";
|
|
||||||
digga.inputs.darwin.follows = "darwin";
|
|
||||||
digga.inputs.flake-compat.follows = "flake-compat";
|
|
||||||
|
|
||||||
home.url = "github:nix-community/home-manager/release-23.05";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
home.inputs.nixpkgs.follows = "nixos";
|
nixos-flake.url = "github:srid/nixos-flake";
|
||||||
|
|
||||||
darwin.url = "github:LnL7/nix-darwin";
|
|
||||||
darwin.inputs.nixpkgs.follows = "nixos";
|
|
||||||
|
|
||||||
deploy.url = "github:serokell/deploy-rs";
|
deploy.url = "github:serokell/deploy-rs";
|
||||||
deploy.inputs.nixpkgs.follows = "nixos";
|
deploy.inputs.nixpkgs.follows = "nixos";
|
||||||
|
@ -48,6 +42,82 @@
|
||||||
adblock-unbound.inputs.nixpkgs.follows = "nixos";
|
adblock-unbound.inputs.nixpkgs.follows = "nixos";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
outputs = inputs@{ self, ... }:
|
||||||
|
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
|
||||||
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
"x86_64-darwin"
|
||||||
|
"aarch64-darwin"
|
||||||
|
];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
inputs.nixos-flake.flakeModule
|
||||||
|
];
|
||||||
|
|
||||||
|
perSystem = { config, ... }: { };
|
||||||
|
|
||||||
|
flake = {
|
||||||
|
# Configurations for Linux (NixOS) machines
|
||||||
|
nixosConfigurations = {
|
||||||
|
biolimo = self.nixos-flake.lib.mkLinuxSystem "x86_64-linux" {
|
||||||
|
imports = [
|
||||||
|
self.nixosModules.linux
|
||||||
|
self.nixosModules.home-manager
|
||||||
|
self.nixosModules.agenix
|
||||||
|
self.nixosModules.musnix
|
||||||
|
./hosts/biolimo/default.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixosModules = rec {
|
||||||
|
arduino = import ./modules/arduino/default.nix;
|
||||||
|
audio = import ./modules/audio/default.nix;
|
||||||
|
ci-runner = import ./modules/ci-runner/default.nix;
|
||||||
|
core = import ./modules/core/default.nix;
|
||||||
|
crypto = import ./modules/crypto/default.nix;
|
||||||
|
devops = import ./modules/devops/default.nix;
|
||||||
|
docker = import ./modules/docker/default.nix;
|
||||||
|
docker-ci-runner = import ./modules/docker-ci-runner/default.nix;
|
||||||
|
email = import ./modules/email/default.nix;
|
||||||
|
factorio = import ./modules/factorio/default.nix;
|
||||||
|
gaming = import ./modules/gaming/default.nix;
|
||||||
|
graphical = import ./modules/graphical/default.nix;
|
||||||
|
mobile = import ./modules/mobile/default.nix;
|
||||||
|
nextcloud = import ./modules/nextcloud/default.nix;
|
||||||
|
office = import ./modules/office/default.nix;
|
||||||
|
paperless = import ./modules/paperless/default.nix;
|
||||||
|
paranoia = import ./modules/paranoia/default.nix;
|
||||||
|
printing = import ./modules/printing/default.nix;
|
||||||
|
social = import ./modules/social/default.nix;
|
||||||
|
sway = import ./modules/sway/default.nix;
|
||||||
|
terminal-life = import ./modules/terminal-life/default.nix;
|
||||||
|
uhk = import ./modules/uhk/default.nix;
|
||||||
|
user = import ./modules/user/default.nix;
|
||||||
|
virtualisation = import ./modules/virtualisation/default.nix;
|
||||||
|
|
||||||
|
|
||||||
|
base = [users.pub-solar users.root];
|
||||||
|
iso = base ++ [base-user graphical pub-solar-iso];
|
||||||
|
pubsolaros = [full-install base-user users.root];
|
||||||
|
anonymous = [pubsolaros users.pub-solar];
|
||||||
|
|
||||||
|
b12f = pubsolaros ++ [users.b12f social gaming mobile];
|
||||||
|
biolimo = b12f ++ [graphical];
|
||||||
|
chocolatebar = b12f ++ [graphical virtualisation];
|
||||||
|
|
||||||
|
yule = pubsolaros ++ [users.yule];
|
||||||
|
droppie = yule ++ [];
|
||||||
|
pie = yule ++ [];
|
||||||
|
maoam = b12f ++ [];
|
||||||
|
};
|
||||||
|
|
||||||
|
homeModules = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
self,
|
self,
|
||||||
digga,
|
digga,
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
./configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
config = {
|
|
||||||
pub-solar.paranoia.enable = true;
|
|
||||||
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
|
||||||
pub-solar.core.hibernation.resumeOffset = 15296512;
|
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
|
|
||||||
|
|
||||||
services.printing.drivers = [
|
|
||||||
pkgs.cups-brother-hl3140cw
|
|
||||||
];
|
|
||||||
|
|
||||||
home-manager = with pkgs;
|
|
||||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
|
||||||
xdg.configFile = mkIf psCfg.sway.enable {
|
|
||||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
|
||||||
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
|
||||||
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
|
||||||
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
|
||||||
};
|
|
||||||
|
|
||||||
home.packages = [
|
|
||||||
inkscape
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# For OpenProject development with https
|
|
||||||
security.pki.certificates = [
|
|
||||||
(builtins.readFile ./step-roots.pem)
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +1,47 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}:
|
||||||
imports = [
|
with lib; let
|
||||||
# Include the results of the hardware scan.
|
psCfg = config.pub-solar;
|
||||||
./hardware-configuration.nix
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
];
|
in {
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
pub-solar.paranoia.enable = true;
|
||||||
|
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||||
|
pub-solar.core.hibernation.resumeOffset = 15296512;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
|
||||||
|
|
||||||
|
services.printing.drivers = [
|
||||||
|
pkgs.cups-brother-hl3140cw
|
||||||
|
];
|
||||||
|
|
||||||
|
home-manager = with pkgs;
|
||||||
|
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||||
|
xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||||
|
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||||
|
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = [
|
||||||
|
inkscape
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# For OpenProject development with https
|
||||||
|
security.pki.certificates = [
|
||||||
|
(builtins.readFile ./step-roots.pem)
|
||||||
|
];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{suites, ...}: {
|
{...}: {
|
||||||
imports =
|
imports = [
|
||||||
[
|
./configuration.nix
|
||||||
./biolimo.nix
|
./hardware-configuration.nix
|
||||||
]
|
];
|
||||||
++ suites.biolimo;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,109 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
self,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
./configuration.nix
|
|
||||||
./virtualisation
|
|
||||||
./factorio
|
|
||||||
];
|
|
||||||
|
|
||||||
config = {
|
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
|
||||||
|
|
||||||
hardware.opengl.extraPackages = with pkgs; [
|
|
||||||
rocm-opencl-icd
|
|
||||||
rocm-opencl-runtime
|
|
||||||
];
|
|
||||||
|
|
||||||
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
|
||||||
pub-solar.core.hibernation.resumeOffset = 115075072;
|
|
||||||
|
|
||||||
pub-solar.paperless.sync.masterNode = true;
|
|
||||||
|
|
||||||
age.secrets."drone-runner-exec-config" = {
|
|
||||||
file = "${self}/secrets/drone-runner-exec-config";
|
|
||||||
mode = "400";
|
|
||||||
owner = psCfg.user.name;
|
|
||||||
};
|
|
||||||
|
|
||||||
pub-solar.docker-ci-runner = {
|
|
||||||
enable = true;
|
|
||||||
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
|
|
||||||
|
|
||||||
services.openssh.openFirewall = true;
|
|
||||||
networking.firewall.allowedTCPPorts =
|
|
||||||
[443]
|
|
||||||
++ (
|
|
||||||
if psCfg.sway.vnc.enable
|
|
||||||
then [5901]
|
|
||||||
else []
|
|
||||||
);
|
|
||||||
networking.firewall.allowedUDPPorts = [43050];
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wayvnc
|
|
||||||
drone-docker-runner
|
|
||||||
stdenv.cc.cc.lib
|
|
||||||
pkgs.hplip
|
|
||||||
];
|
|
||||||
|
|
||||||
age.secrets."vnc-key.pem" = {
|
|
||||||
file = "${self}/secrets/vnc-key-chocolatebar.pem";
|
|
||||||
mode = "400";
|
|
||||||
owner = psCfg.user.name;
|
|
||||||
};
|
|
||||||
age.secrets."vnc-cert.pem" = {
|
|
||||||
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
|
|
||||||
mode = "400";
|
|
||||||
owner = psCfg.user.name;
|
|
||||||
};
|
|
||||||
pub-solar.sway.vnc.enable = true;
|
|
||||||
|
|
||||||
services.printing.drivers = [
|
|
||||||
pkgs.cups-brother-hl3140cw
|
|
||||||
];
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
home-manager.users."${psCfg.user.name}" = {
|
|
||||||
xdg.configFile = mkIf psCfg.sway.enable {
|
|
||||||
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
|
||||||
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
|
||||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
|
||||||
};
|
|
||||||
|
|
||||||
home.sessionVariables = {
|
|
||||||
NIX_CC = "${pkgs.stdenv.cc}";
|
|
||||||
};
|
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
lmms
|
|
||||||
audacity
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
musnix = {
|
|
||||||
enable = true;
|
|
||||||
kernel.realtime = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# For OpenProject development with https
|
|
||||||
security.pki.certificates = [
|
|
||||||
(builtins.readFile ./step-roots.pem)
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +1,106 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}:
|
||||||
imports = [
|
with lib; let
|
||||||
# Include the results of the hardware scan.
|
psCfg = config.pub-solar;
|
||||||
./hardware-configuration.nix
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in {
|
||||||
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
|
hardware.opengl.extraPackages = with pkgs; [
|
||||||
|
rocm-opencl-icd
|
||||||
|
rocm-opencl-runtime
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
pub-solar.paranoia.enable = true;
|
||||||
|
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||||
|
pub-solar.core.hibernation.resumeOffset = 115075072;
|
||||||
|
|
||||||
|
pub-solar.paperless.sync.masterNode = true;
|
||||||
|
|
||||||
|
age.secrets."drone-runner-exec-config" = {
|
||||||
|
file = "${self}/secrets/drone-runner-exec-config";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
|
||||||
|
pub-solar.docker-ci-runner = {
|
||||||
|
enable = true;
|
||||||
|
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
|
||||||
|
|
||||||
|
services.openssh.openFirewall = true;
|
||||||
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[443]
|
||||||
|
++ (
|
||||||
|
if psCfg.sway.vnc.enable
|
||||||
|
then [5901]
|
||||||
|
else []
|
||||||
|
);
|
||||||
|
networking.firewall.allowedUDPPorts = [43050];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wayvnc
|
||||||
|
drone-docker-runner
|
||||||
|
stdenv.cc.cc.lib
|
||||||
|
pkgs.hplip
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets."vnc-key.pem" = {
|
||||||
|
file = "${self}/secrets/vnc-key-chocolatebar.pem";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
age.secrets."vnc-cert.pem" = {
|
||||||
|
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
pub-solar.sway.vnc.enable = true;
|
||||||
|
|
||||||
|
services.printing.drivers = [
|
||||||
|
pkgs.cups-brother-hl3140cw
|
||||||
|
];
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
home-manager.users."${psCfg.user.name}" = {
|
||||||
|
xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||||
|
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||||
|
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.sessionVariables = {
|
||||||
|
NIX_CC = "${pkgs.stdenv.cc}";
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
lmms
|
||||||
|
audacity
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
musnix = {
|
||||||
|
enable = true;
|
||||||
|
kernel.realtime = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# For OpenProject development with https
|
||||||
|
security.pki.certificates = [
|
||||||
|
(builtins.readFile ./step-roots.pem)
|
||||||
|
];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
{suites, ...}: {
|
{...}: {
|
||||||
imports =
|
imports = [
|
||||||
[
|
./configuration.nix
|
||||||
./chocolatebar.nix
|
./hardware-configuration.nix
|
||||||
]
|
|
||||||
++ suites.chocolatebar;
|
./virtualisation
|
||||||
|
./factorio
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,13 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: {
|
}:
|
||||||
imports = [
|
with lib; let
|
||||||
# Include the results of the hardware scan.
|
psCfg = config.pub-solar;
|
||||||
./hardware-configuration.nix
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
];
|
in {
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -20,6 +16,47 @@
|
||||||
};
|
};
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
pub-solar.core.lite = true;
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = ["${psCfg.user.name}"];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = false;
|
||||||
|
ipv6 = true;
|
||||||
|
domains = ["backup.b12f.io"];
|
||||||
|
server = "ddns.hosting.de";
|
||||||
|
username = "b12f";
|
||||||
|
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
|
||||||
|
passwordFile = "/run/agenix/dyndns-droppie.key";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."dyndns-droppie.key" = {
|
||||||
|
file = "${self}/secrets/dyndns-droppie.key";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
|
||||||
|
age.secrets."droppie-ssh-root.key" = {
|
||||||
|
file = "${self}/secrets/droppie-ssh-root.key";
|
||||||
|
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
|
||||||
|
mode = "400";
|
||||||
|
owner = psCfg.user.name;
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
{suites, ...}: {
|
{...}: {
|
||||||
imports =
|
imports = [
|
||||||
[
|
./configuration.nix
|
||||||
./droppie.nix
|
./hardware-configuration.nix
|
||||||
]
|
|
||||||
++ suites.droppie;
|
./nextcloud-web-tunnel.nix
|
||||||
|
./restic-backup.nix
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
self,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
./configuration.nix
|
|
||||||
./nextcloud-web-tunnel.nix
|
|
||||||
./restic-backup.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
config = {
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
pub-solar.core.disk-encryption-active = false;
|
|
||||||
pub-solar.core.lite = true;
|
|
||||||
|
|
||||||
security.sudo.extraRules = [
|
|
||||||
{
|
|
||||||
users = ["${psCfg.user.name}"];
|
|
||||||
commands = [
|
|
||||||
{
|
|
||||||
command = "ALL";
|
|
||||||
options = ["NOPASSWD"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
services.ddclient = {
|
|
||||||
enable = false;
|
|
||||||
ipv6 = true;
|
|
||||||
domains = ["backup.b12f.io"];
|
|
||||||
server = "ddns.hosting.de";
|
|
||||||
username = "b12f";
|
|
||||||
use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'";
|
|
||||||
passwordFile = "/run/agenix/dyndns-droppie.key";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets."dyndns-droppie.key" = {
|
|
||||||
file = "${self}/secrets/dyndns-droppie.key";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
|
|
||||||
age.secrets."droppie-ssh-root.key" = {
|
|
||||||
file = "${self}/secrets/droppie-ssh-root.key";
|
|
||||||
path = "/home/${psCfg.user.name}/.ssh/id_ed25519";
|
|
||||||
mode = "400";
|
|
||||||
owner = psCfg.user.name;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -7,11 +7,11 @@
|
||||||
lib,
|
lib,
|
||||||
inputs,
|
inputs,
|
||||||
...
|
...
|
||||||
}: {
|
}:
|
||||||
imports = [
|
with lib; let
|
||||||
./hardware-configuration.nix
|
psCfg = config.pub-solar;
|
||||||
];
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in {
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.efiSupport = true;
|
boot.loader.grub.efiSupport = true;
|
||||||
boot.loader.grub.efiInstallAsRemovable = true;
|
boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
@ -27,6 +27,33 @@
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_6_1;
|
boot.kernelPackages = pkgs.linuxPackages_6_1;
|
||||||
|
|
||||||
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
pub-solar.core.lite = true;
|
||||||
|
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.178.1";
|
||||||
|
interface = "enabcm6e4ei0";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.178.2";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = ["${psCfg.user.name}"];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
{suites, ...}: {
|
{...}: {
|
||||||
imports =
|
imports = [
|
||||||
[
|
./configuration.nix
|
||||||
./pie.nix
|
./hardware-configuration.nix
|
||||||
]
|
|
||||||
++ suites.pie;
|
./unbound.nix
|
||||||
|
./dhcpd.nix
|
||||||
|
./wake-droppie.nix
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
self,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
./configuration.nix
|
|
||||||
./unbound.nix
|
|
||||||
./dhcpd.nix
|
|
||||||
./wake-droppie.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
config = {
|
|
||||||
pub-solar.core.disk-encryption-active = false;
|
|
||||||
pub-solar.core.lite = true;
|
|
||||||
|
|
||||||
networking.defaultGateway = {
|
|
||||||
address = "192.168.178.1";
|
|
||||||
interface = "enabcm6e4ei0";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.178.2";
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
security.sudo.extraRules = [
|
|
||||||
{
|
|
||||||
users = ["${psCfg.user.name}"];
|
|
||||||
commands = [
|
|
||||||
{
|
|
||||||
command = "ALL";
|
|
||||||
options = ["NOPASSWD"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue