diff options
author | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
---|---|---|
committer | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
commit | c4625b175f8200f643fd6e11010932ea44c78433 (patch) | |
tree | bce3f89888c8ac3991fa5569a878a9eab6801ccc /infra/libkookie/roots | |
parent | 49f735974dd103039ddc4cb576bb76555164a9e7 (diff) | |
parent | d661aa56a8843e991261510c1bb28fdc2f6975ae (diff) |
Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'
git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae
Diffstat (limited to 'infra/libkookie/roots')
-rw-r--r-- | infra/libkookie/roots/hyperion.nix | 91 | ||||
-rw-r--r-- | infra/libkookie/roots/tempest.nix | 90 | ||||
-rw-r--r-- | infra/libkookie/roots/uwu.nix | 102 | ||||
-rw-r--r-- | infra/libkookie/roots/uwu/default.nix | 45 | ||||
-rw-r--r-- | infra/libkookie/roots/uwu/part.nix | 44 | ||||
-rw-r--r-- | infra/libkookie/roots/virt/README | 6 | ||||
-rw-r--r-- | infra/libkookie/roots/virt/transmission.nix | 10 |
7 files changed, 388 insertions, 0 deletions
diff --git a/infra/libkookie/roots/hyperion.nix b/infra/libkookie/roots/hyperion.nix new file mode 100644 index 000000000000..bcb9aae740d7 --- /dev/null +++ b/infra/libkookie/roots/hyperion.nix @@ -0,0 +1,91 @@ +/* TOP LEVEL DEVICE CONFIGURATION FOR + * + * hyperion (Hetzner EX41 root server) + * + * This file only contains settings that are specific to this one + * device (hardware and things outside of nix, like partitions). + * + * This file is part of LIBKOOKIE, a collection of nix expressions. + * LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE + */ + +{ lib, config, pkgs, ... }: + +{ + imports = [ + # General machine base setup + <home-manager/nixos> + ../modules/nix + ../modules/base + + # Server base setup + ../modules/server + ../modules/server/nginx + + # Modules enabled on this server + ../modules/server/blog + #../modules/server/gitlab-ci + ../modules/server/prosody + ../modules/server/quassel + #../modules/server/syncthing + ../modules/server/tor + + # Define allowed ssh users + #../modules/users/spacekookie + #../modules/users/qyliss + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.copyKernels = true; + + boot.loader.grub.efiSupport = false; + boot.zfs.devNodes = "/dev"; + boot.loader.grub.zfsSupport = true; + boot.loader.grub.device = "/dev/sdb"; + + hardware.cpu.intel.updateMicrocode = true; + + networking = { + dhcpcd.enable = false; + defaultGateway = "95.216.98.1"; + nameservers = [ "1.1.1.1" ]; + interfaces.enp0s31f6 = { + ipv4.addresses = [ { address = "95.216.98.55"; prefixLength = 26; } ]; + }; + + # NAT settings for wireguard + nat.enable = true; + nat.externalInterface = "eth0"; + nat.internalInterfaces = [ "intranet" ]; + }; + + networking.hostName = "hyperion"; # Define your hostname. + networking.hostId = "d83bebd1"; + + networking.wireguard.interfaces."intranet" = { + ips = [ "10.13.12.1" ]; + listenPort = 51820; + privateKeyFile = "/var/lib/wireguard/keys/private"; + + peers = [ + { publicKey = "NHMpnZW6h/MwxWcjztpwH5NN44jS9lB1b5T5jby1i1A="; + allowedIPs = [ "10.13.12.2/32" ]; } + { publicKey = "U/EmC6uMGqrLOd+lqfquDcUShPHgoulN35Dan6RAqyU="; + allowedIPs = [ "10.13.12.3/32" ]; } + { publicKey = "yh8gU4otkndmSsVBuaPMxxFHem45FE3POvSAWi8LEik="; + allowedIPs = [ "10.13.12.4/32" ]; } + + { publicKey = "cPvj0SPITg1twz3DprtQgehJDOAhOL/hnXlB5ZS6Fi4="; + endpoint = "85.119.82.108:51820"; + allowedIPs = [ "10.172.171.0/24" ]; } + ]; + }; + + # FIXME: Change this, but I wanna know what will break first + time.timeZone = "Europe/Berlin"; + + # TODO: Should this be in here or `users` root? + users.mutableUsers = false; + system.stateVersion = "19.03"; +} diff --git a/infra/libkookie/roots/tempest.nix b/infra/libkookie/roots/tempest.nix new file mode 100644 index 000000000000..40a6aa915687 --- /dev/null +++ b/infra/libkookie/roots/tempest.nix @@ -0,0 +1,90 @@ +/* TOP LEVEL DEVICE CONFIGURATION FOR + * + * tempest (AMD workstation) + * + * This file only contains settings that are specific to this one + * device (hardware and things outside of nix, like partitions). + * + * This file is part of LIBKOOKIE, a collection of nix expressions. + * LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE + */ + +{ lib, config, pkgs, ... }: + +{ + nixpkgs.config.allowUnfree = true; + + imports = [ + ../modules/nix + ../modules/nix/home-manager.nix + + ../modules/base + ../modules/docker + ../modules/workstation + ../modules/workstation/hardware/yubikey + ../modules/workstation/hardware/xkblayout + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_500GB_S2RBNB0J340787H"; + enableCryptodisk = true; + zfsSupport = true; + version = 2; + }; + + hardware.cpu.amd.updateMicrocode = true; + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = []; + + services.zfs.autoSnapshot.enable = true; + + fileSystems."/" = { + device = "zroot"; + fsType = "zfs"; + + encrypted = { + enable = true; + label = "lvm"; + blkDev = "/dev/disk/by-uuid/e01e1473-ea51-4ec7-a5a9-44d673396644"; + }; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0583b1a0-88c1-4e1c-855e-2df948272cbf"; + fsType = "ext4"; + }; + + swapDevices = []; + nix.maxJobs = 16; + + ## From Mass Effect: Andromeda + networking.hostName = "tempest"; + networking.hostId = "01fd342c"; + networking.firewall.allowedTCPPorts = [ 9000 ]; + + networking.useDHCP = false; + networking.interfaces.enp7s0.useDHCP = true; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + programs.sway.enable = true; + programs.mtr.enable = true; + programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + services.openssh.enable = true; + + # users.users.spacekookie.hashedPassword = "$6$rounds=1000000$22ypycQ2AlCCv8iC$RrzyAbCX3D518nCgfR3MTqZhfK.GAclme7EQlKTlqH4oV1YvGd/aHdTfe59iMpf/J18tqEO2aSXsevTVQz2yW."; + users.users.spacekookie.hashedPassword = "$6$rounds=1000000$IncTbazL/YhUV5$brzwb3Xa0cmmazpxJGPPo93wfs6jAomL1NYJ7Amw3WSyTjXGXGbedIMmm06nkeCnJfJzoZ.Jd47q88ot3USZi/"; + system.stateVersion = "19.09"; +} + diff --git a/infra/libkookie/roots/uwu.nix b/infra/libkookie/roots/uwu.nix new file mode 100644 index 000000000000..e430b793f4c5 --- /dev/null +++ b/infra/libkookie/roots/uwu.nix @@ -0,0 +1,102 @@ +/* TOP LEVEL DEVICE CONFIGURATION FOR + * + * uwu (Thinkpad X230) + * + * This file only contains settings that are specific to this one + * device (hardware and things outside of nix, like partitions). + * + * This file is part of LIBKOOKIE, a collection of nix expressions. + * LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE + */ + +{ lib, config, pkgs, ... }: + + +let + forActiveUsers = (attrs: + lib.listToAttrs (map (u: lib.nameValuePair "${u}" ({ ... }: attrs)) + [ "spacekookie" ])); +in +{ + nixpkgs.config.allowUnfree = true; + + imports = [ + <home-manager/nixos> + <modules> + ../config/nix + ../config/base + ../config/docker + ../config/workstation + ../config/workstation/hardware/trackpoint + ]; + + # libkookie.ui.i3.enable = true; + + home-manager.users = forActiveUsers { + imports = []; + }; + + boot.kernelModules = [ "kvm-intel" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sdhci_pci" ]; + hardware.enableRedistributableFirmware = true; + + boot.loader.grub = { + copyKernels = true; + device = "/dev/sda"; + zfsSupport = true; + enableCryptodisk = true; + }; + + boot.extraModprobeConfig = "options kvm_item nested=1"; + boot.zfs.devNodes = "/dev"; # FIXME: Why do I set this? + boot.cleanTmpDir = true; + boot.tmpOnTmpfs = true; + boot.supportedFilesystems = [ "zfs" "exfat" ]; + + services.zfs.autoSnapshot.enable = true; + + fileSystems."/" = { + device = "zroot"; + fsType = "zfs"; + + encrypted = { + enable = true; + label = "lvm"; + blkDev = "/dev/disk/by-uuid/f1440abd-99e3-46a8-aa36-7824972fee54"; + }; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/672c497c-18aa-4b00-ac95-78e810363d81"; + fsType = "ext3"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/bd3d5c22-eed0-4371-ae25-456b8dfe9356"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + services.mullvad.enable = true; + programs.java.enable = true; + + # owo + networking.hostName = "uwu"; + networking.hostId = "a82ecf29"; + networking.wireguard.interfaces."intranet" = { + ips = [ "10.13.12.3" ]; + privateKeyFile = "/var/lib/wg/private"; + peers = [ + { publicKey = "ugHG/NOqM/9hde9EmWpu7XsCpjT3WQbjLK99IGHtdjQ="; + allowedIPs = [ "10.13.12.0/24" "10.172.171.0/24" ]; + endpoint = "hyperion.kookie.space:51820"; + persistentKeepalive = 25; } + ]; + }; + + system.stateVersion = "19.03"; + users.users.spacekookie.hashedPassword = "$6$rounds=1000000$22ypycQ2AlCCv8iC$RrzyAbCX3D518nCgfR3MTqZhfK.GAclme7EQlKTlqH4oV1YvGd/aHdTfe59iMpf/J18tqEO2aSXsevTVQz2yW."; + +} diff --git a/infra/libkookie/roots/uwu/default.nix b/infra/libkookie/roots/uwu/default.nix new file mode 100644 index 000000000000..a09ca365ce13 --- /dev/null +++ b/infra/libkookie/roots/uwu/default.nix @@ -0,0 +1,45 @@ +/* TOP LEVEL DEVICE CONFIGURATION FOR + * + * uwu (Thinkpad X230) + * + * This file is part of LIBKOOKIE, a collection of nix expressions. + * LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE + */ + +{ lib, config, pkgs, ... }: + +{ + + imports = [ + ./part.nix + ] ++ [ + <home-manager/nixos> + <modules/nix> + <modules/base> + <modules/users> + <modules/workstation> + <modules/workstation/hardware/trackpoint> + ]; + + libkookie.activeUsers = [ "spacekookie" ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # owo + networking.hostName = "uwu"; + networking.hostId = "a82ecf29"; + networking.wireguard.interfaces."intranet" = { + ips = [ "10.13.12.3" ]; + privateKeyFile = "/var/lib/wg/private"; + peers = [ + { publicKey = "ugHG/NOqM/9hde9EmWpu7XsCpjT3WQbjLK99IGHtdjQ="; + allowedIPs = [ "10.13.12.0/24" "10.172.171.0/24" ]; + endpoint = "hyperion.kookie.space:51820"; + persistentKeepalive = 25; } + ]; + }; + + system.stateVersion = "19.03"; + users.users.spacekookie.hashedPassword = "$6$rounds=1000000$22ypycQ2AlCCv8iC$RrzyAbCX3D518nCgfR3MTqZhfK.GAclme7EQlKTlqH4oV1YvGd/aHdTfe59iMpf/J18tqEO2aSXsevTVQz2yW."; +} diff --git a/infra/libkookie/roots/uwu/part.nix b/infra/libkookie/roots/uwu/part.nix new file mode 100644 index 000000000000..945bd2a29a2a --- /dev/null +++ b/infra/libkookie/roots/uwu/part.nix @@ -0,0 +1,44 @@ +{ lib, config, ... }: + +{ + hardware.enableRedistributableFirmware = true; + + boot = { + kernelModules = [ "kvm-intel" ]; + initrd.availableKernelModules = [ "sdhci_pci" "xhci_pci" + "ehci_pci" "sd_mod" "ahci" ]; + + extraModprobeConfig = "options kvm_item nested=1"; + zfs.devNodes = "/dev"; + cleanTmpDir = true; + tmpOnTmpfs = true; + supportedFilesystems = [ "zfs" "exfat" ]; + + loader.grub = { + copyKernels = true; + device = "/dev/sda"; + zfsSupport = true; + enableCryptodisk = true; + }; + }; + + fileSystems."/" = { + device = "zroot"; + fsType = "zfs"; + + encrypted = { + enable = true; + label = "lvm"; + blkDev = "/dev/disk/by-uuid/f1440abd-99e3-46a8-aa36-7824972fee54"; + }; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/672c497c-18aa-4b00-ac95-78e810363d81"; + fsType = "ext3"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/bd3d5c22-eed0-4371-ae25-456b8dfe9356"; } + ]; +} diff --git a/infra/libkookie/roots/virt/README b/infra/libkookie/roots/virt/README new file mode 100644 index 000000000000..dc47b816aca1 --- /dev/null +++ b/infra/libkookie/roots/virt/README @@ -0,0 +1,6 @@ +# Virtual Roots + +This directory contains virtual device configurations, such as VMs, +containers, and build utilities. Some are meant for desktop use, +others to run on a server. Usage is documented in the head comment of +each file.
\ No newline at end of file diff --git a/infra/libkookie/roots/virt/transmission.nix b/infra/libkookie/roots/virt/transmission.nix new file mode 100644 index 000000000000..1b92c4e7f9c5 --- /dev/null +++ b/infra/libkookie/roots/virt/transmission.nix @@ -0,0 +1,10 @@ +/* VIRTUAL DEVICE CONFIGURATION FOR + * + * transmission-cli & mulvad + * + * This file only contains settings that are specific to this one + * device (hardware and things outside of nix, like partitions). + * + * This file is part of LIBKOOKIE, a collection of nix expressions. + * LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE + */ |