walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

🚨 statix updates

Browse Source
This commit is contained in:
James Walker
2023-09-10 14:27:05 -04:00
parent ccdea6b752
commit 4066c2b6a9
15 changed files with 235 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
hosts/aristotle/configuration.nix
View File

@ -11,26 +11,31 @@
../../modules/sops
];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
boot = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
loader.generic-extlinux-compatible.enable = true;
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
};
hardware.enableRedistributableFirmware = true;
hardware.raspberry-pi."4".poe-hat.enable = true;
hardware = {
enableRedistributableFirmware = true;
raspberry-pi."4".poe-hat.enable = true;
};
networking = {
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = true;
networking.firewall.enable = false;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
useDHCP = false;
interfaces.eth0.useDHCP = true;
interfaces.wlan0.useDHCP = true;
firewall.enable = false;
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;

13
hosts/aristotle/hardware-configuration.nix
View File

@ -5,11 +5,14 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot = {
initrd = {
availableKernelModules = [ "usbhid" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";

1
hosts/heraclitus/darwin-configuration.nix
View File

@ -18,7 +18,6 @@
services.nix-daemon.enable = true;
services.lorri.enable = true;
services.ipfs.enable = true;
system = {
defaults = {

102
hosts/plato/configuration.nix
View File

@ -15,13 +15,18 @@
../../modules/sops
../../modules/traefik
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.cleanOnBoot = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot = {
loader = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
efi.canTouchEfiVariables = true;
systemd-boot = {
# Use the systemd-boot EFI boot loader.
enable = true;
configurationLimit = 3;
};
tmp.cleanOnBoot = true;
};
};
nix.extraOptions = ''
experimental-features = nix-command flakes
@ -29,11 +34,21 @@
# Set your time zone.
time.timeZone = "America/Toronto";
networking = {
networking.hostName = "plato"; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.enp10s0.useDHCP = true;
networking.interfaces.enp9s0.useDHCP = true;
hostName = "plato"; # Define your hostname.
useDHCP = false;
interfaces = {
enp10s0.useDHCP = true;
enp9s0.useDHCP = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
security.sudo.wheelNeedsPassword = false;
@ -44,18 +59,19 @@
system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ pinentry weechat ];
fileSystems."/mnt/downloads" = {
device = "192.168.6.100:/volume1/Downloads";
fsType = "nfs";
};
fileSystems."/mnt/music" = {
device = "192.168.6.100:/volume1/Music";
fsType = "nfs";
};
fileSystems."/mnt/video" = {
device = "192.168.6.100:/volume1/Video";
fsType = "nfs";
fileSystems = {
"/mnt/downloads" = {
device = "192.168.6.100:/volume1/Downloads";
fsType = "nfs";
};
"/mnt/music" = {
device = "192.168.6.100:/volume1/Music";
fsType = "nfs";
};
"/mnt/video" = {
device = "192.168.6.100:/volume1/Video";
fsType = "nfs";
};
};
power.ups = {
@ -74,31 +90,8 @@
pinentryFlavor = "curses";
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
walkah.coredns = { enable = true; };
services = {
openssh.enable = true;
borgbackup.jobs."borgbase" = {
paths = [
"/var/lib"
@ -167,5 +160,20 @@
}
];
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
};
walkah.coredns = { enable = true; };
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
}

31
hosts/plato/hardware-configuration.nix
View File

@ -5,21 +5,22 @@
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"xhci_pci"
"firewire_ohci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
boot = {
initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"xhci_pci"
"firewire_ohci"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" "wl" ];
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";

25
hosts/socrates/configuration.nix
View File

@ -23,17 +23,27 @@
# Set your time zone.
time.timeZone = "America/Toronto";
networking.hostName = "socrates";
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.checkReversePath = "loose";
networking = {
hostName = "socrates";
firewall = {
allowPing = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
};
nix = {
settings.trusted-users = [ "@wheel" "root" ];
};
security.sudo.wheelNeedsPassword = false;
security = {
sudo.wheelNeedsPassword = false;
security = {
acme.acceptTerms = true;
acme.defaults.email = "walkah@walkah.net";
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
@ -42,9 +52,6 @@
system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ ipfs-migrator ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "walkah@walkah.net";
walkah.coredns = {
enable = true;
addr = "100.103.57.96";