♻️ consolidate nix configs

nix/hosts/aristotle/configuration.nix

@@ -0,0 +1,37 @@
+{ pkgs, nixos-hardware, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    nixos-hardware.nixosModules.raspberry-pi-4
+    ../../modules/base/nixos.nix
+
+    ../../modules/ipfs/cluster.nix
+    ../../modules/sops
+  ];
+
+  hardware = {
+    raspberry-pi."4".poe-hat.enable = true;
+  };
+
+  time.timeZone = "America/Toronto";
+  networking = {
+    # networking.hostName = "nixos"; # Define your hostname.
+    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    # Per-interface useDHCP will be mandatory in the future, so this generated config
+    # replicates the default behaviour.
+    useDHCP = false;
+    interfaces.eth0.useDHCP = true;
+    interfaces.wlan0.useDHCP = true;
+    firewall.enable = false;
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+  ];
+
+  environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom ];
+}

nix/hosts/aristotle/hardware-configuration.nix

@@ -0,0 +1,18 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+    options = [ "noatime" ];
+  };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

nix/hosts/epicurus/darwin-configuration.nix

@@ -0,0 +1,25 @@
+{ ... }:
+{
+  imports = [
+    ./homebrew.nix
+
+    ../../modules/base/darwin.nix
+    ../../modules/builder
+    ../../modules/dev
+  ];
+
+  # List packages installed in system profile. To search by name, run:
+  # $ nix-env -qaP | grep wget
+  # environment.systemPackages = with pkgs; [ emacs-nox ];
+
+  # Use a custom configuration.nix location.
+  # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
+  # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
+
+  # Auto upgrade nix package and the daemon service.
+  services.nix-daemon.enable = true;
+
+  users.users.walkah.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+  ];
+}

nix/hosts/epicurus/homebrew.nix

@@ -0,0 +1,29 @@
+_:
+
+{
+  homebrew = {
+    taps = [
+      "homebrew/cask"
+      "homebrew/cask-fonts"
+      "homebrew/services"
+    ];
+
+    brews = [ "code-server" "coreutils" "mosh" ];
+
+    casks = [
+      "1password"
+      "docker"
+      "font-jetbrains-mono"
+      "font-jetbrains-mono-nerd-font"
+      "gpg-suite"
+      "plex-media-server"
+      "stats"
+      "synology-drive"
+    ];
+
+    masApps = {
+      Tailscale = 1475387142;
+      Xcode = 497799835;
+    };
+  };
+}

nix/hosts/heraclitus/darwin-configuration.nix

@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./homebrew.nix
+
+    ../../modules/base/darwin.nix
+    ../../modules/dev
+    ../../modules/builder
+  ];
+
+  nixpkgs.config.allowBroken = true;
+
+  # List packages installed in system profile. To search by name, run:
+  # $ nix-env -qaP | grep wget
+  # environment.systemPackages = with pkgs; [ emacs ];
+  environment.systemPackages = with pkgs; [ emacs-macport ];
+
+  # Auto upgrade nix package and the daemon service.
+  services.nix-daemon.enable = true;
+
+  system = {
+    defaults = {
+      dock = {
+        autohide = true;
+        orientation = "left";
+      };
+    };
+  };
+}

nix/hosts/heraclitus/homebrew.nix

@@ -0,0 +1,68 @@
+_:
+
+{
+  homebrew = {
+    taps = [
+      "homebrew/cask"
+      "homebrew/cask-fonts"
+      "homebrew/cask-versions"
+      "homebrew/services"
+      "1password/tap"
+      "fission-codes/fission"
+    ];
+
+    brews = [ "coreutils" "fontconfig" "ipfs" ];
+
+    casks = [
+      "1password"
+      "1password-cli"
+      "android-studio"
+      "balenaetcher"
+      "beeper"
+      "brave-browser"
+      "bunch"
+      "calibre"
+      "discord"
+      "docker"
+      "element"
+      "fantastical"
+      "figma"
+      "firefox@developer-edition"
+      "font-jetbrains-mono"
+      "font-jetbrains-mono-nerd-font"
+      "google-chrome"
+      "gpg-suite"
+      "hazel"
+      "iterm2"
+      "jordanbaird-ice"
+      "logi-options+"
+      "logitech-camera-settings"
+      "microsoft-edge"
+      "microsoft-office"
+      "minecraft"
+      "obsidian"
+      "opal-composer"
+      "plexamp"
+      "raycast"
+      "slack"
+      "sonos"
+      "spotify"
+      "stats"
+      "steam"
+      "synology-drive"
+      "todoist"
+      "visual-studio-code"
+      "zoom"
+    ];
+
+    masApps = {
+      OnePasswordSafari = 1569813296;
+      Bumpr = 1166066070;
+      DayOne = 1055511498;
+      Drafts = 1435957248;
+      HomeAssistant = 1099568401;
+      Tailscale = 1475387142;
+      Xcode = 497799835;
+    };
+  };
+}

nix/hosts/plato/configuration.nix

@@ -0,0 +1,187 @@
+{ pkgs, config, ... }:
+let
+  automount_opts = "uid=1000,gid=1000,x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+  inherit (config.sops) secrets;
+in
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ../../users
+    ../../modules/base/nixos.nix
+
+    ../../modules/coredns
+    ../../modules/drone
+    ../../modules/drone/runner-docker.nix
+    ../../modules/gitea
+    ../../modules/matrix
+    ../../modules/minecraft
+    ../../modules/postgresql
+    ../../modules/sops
+    ../../modules/traefik
+  ];
+  boot = {
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot = {
+        # Use the systemd-boot EFI boot loader.
+        enable = true;
+        configurationLimit = 3;
+      };
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+  networking = {
+    hostName = "plato"; # Define your hostname.
+    useDHCP = false;
+    interfaces = {
+      enp10s0.useDHCP = true;
+      enp9s0.useDHCP = true;
+    };
+
+    # Open ports in the firewall.
+    # networking.firewall.allowedTCPPorts = [ ... ];
+    # networking.firewall.allowedUDPPorts = [ ... ];
+    # Or disable the firewall altogether.
+    firewall.enable = false;
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
+  ];
+
+  environment.systemPackages = with pkgs; [ cifs-utils pinentry weechat ];
+  fileSystems = {
+    "/mnt/downloads" = {
+      device = "//parthenon/Downloads";
+      fsType = "cifs";
+      options = [
+        "${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
+      ];
+    };
+
+    "/mnt/music" = {
+      device = "//parthenon/Music";
+      fsType = "cifs";
+      options = [
+        "${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
+      ];
+    };
+    "/mnt/video" = {
+      device = "//parthenon/Video";
+      fsType = "cifs";
+      options = [
+        "${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
+      ];
+    };
+  };
+
+
+  power.ups = {
+    enable = true;
+    mode = "netserver";
+    ups."cyberpower" = {
+      description = "Cyberpower EC650LCD";
+      driver = "usbhid-ups";
+      port = "auto";
+    };
+    upsd = {
+      enable = true;
+      listen = [
+        { address = "0.0.0.0"; }
+      ];
+    };
+    users.upsmon = {
+      passwordFile = secrets.upsmon.path;
+      upsmon = "primary";
+    };
+
+    upsmon.monitor."cyberpower".user = "upsmon";
+  };
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  sops.secrets = {
+    filesystems-parthenon = { };
+    upsmon = { };
+  };
+
+  services = {
+    borgbackup.jobs."borgbase" = {
+      paths = [
+        "/var/backup"
+      ];
+      repo = "ssh://fk0o7077@fk0o7077.repo.borgbase.com/./repo";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat /root/borgbackup/passphrase";
+      };
+      environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
+      compression = "auto,lzma";
+      startAt = "daily";
+    };
+
+    grafana = {
+      enable = true;
+      settings = {
+        server = {
+          domain = "plato.walkah.lab";
+          http_port = 2342;
+          http_addr = "0.0.0.0";
+        };
+      };
+    };
+    prometheus = {
+      scrapeConfigs = [
+        {
+          job_name = "node";
+          static_configs = [{
+            targets = [
+              "plato:9100"
+              "agent:9100"
+              "form:9100"
+              "matter:9100"
+              "purpose:9100"
+              "socrates:9100"
+            ];
+          }];
+        }
+        {
+          job_name = "coredns";
+          static_configs = [{ targets = [ "plato:9153" ]; }];
+        }
+        {
+          job_name = "ipfs";
+          metrics_path = "/debug/metrics/prometheus";
+          static_configs = [{
+            targets = [ "agent:5001" "form:5001" "matter:5001" "purpose:5001" ];
+          }];
+        }
+      ];
+    };
+    tailscale = {
+      useRoutingFeatures = "server";
+    };
+  };
+
+  walkah.coredns = { enable = true; };
+
+  virtualisation.docker = {
+    enable = true;
+    # Clean docker images periodically
+    autoPrune = {
+      enable = true;
+      flags = [ "--all" ];
+    };
+  };
+}

nix/hosts/plato/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  boot = {
+    initrd.availableKernelModules = [
+      "uhci_hcd"
+      "ehci_pci"
+      "ahci"
+      "xhci_pci"
+      "firewire_ohci"
+      "usb_storage"
+      "usbhid"
+      "sd_mod"
+      "sr_mod"
+    ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-intel" "wl" ];
+    extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/FB06-AB48";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; }];
+
+}

nix/hosts/socrates/configuration.nix

@@ -0,0 +1,66 @@
+{ pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+    ../../users
+    ../../modules/base/nixos.nix
+
+    ../../modules/akkoma
+    ../../modules/akkoma/nginx.nix
+    ../../modules/coredns
+    ../../modules/code-server/nginx.nix
+    ../../modules/drone/nginx.nix
+    ../../modules/gitea/nginx.nix
+    ../../modules/home-assistant/nginx.nix
+    ../../modules/ipfs/gateway.nix
+    ../../modules/matrix/nginx.nix
+    ../../modules/minecraft/proxy.nix
+    ../../modules/sops
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  networking = {
+    hostName = "socrates";
+    firewall = {
+      allowPing = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+      checkReversePath = "loose";
+    };
+  };
+
+  nix = {
+    settings.trusted-users = [ "@wheel" "root" ];
+  };
+
+  security = {
+    sudo.wheelNeedsPassword = false;
+    acme.acceptTerms = true;
+    acme.defaults.email = "walkah@walkah.net";
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+  ];
+
+  environment.systemPackages = with pkgs; [ ipfs-migrator ];
+
+  walkah.coredns = {
+    enable = true;
+    addr = "100.103.57.96";
+  };
+
+  services = {
+    nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+}

nix/hosts/socrates/hardware-configuration.nix

@@ -0,0 +1,6 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+}

nix/hosts/socrates/networking.nix

@@ -0,0 +1,47 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    defaultGateway = "167.99.176.1";
+    defaultGateway6 = "2604:a880:cad:d0::1";
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce true;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "167.99.176.10";
+            prefixLength = 20;
+          }
+          {
+            address = "10.20.0.5";
+            prefixLength = 16;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2604:a880:cad:d0::cda:5001";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::b885:79ff:fe71:134e";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [{
+          address = "167.99.176.1";
+          prefixLength = 32;
+        }];
+        ipv6.routes = [{
+          address = "2604:a880:cad:d0::1";
+          prefixLength = 32;
+        }];
+      };
+
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="ba:85:79:71:13:4e", NAME="eth0"
+    ATTR{address}=="3e:02:2b:ed:5d:22", NAME="eth1"
+  '';
+}