🚨 statix updates

This commit is contained in:
James Walker 2023-09-10 14:27:05 -04:00
parent ccdea6b752
commit 4066c2b6a9
Signed by: walkah
GPG Key ID: 3C127179D6086E93
15 changed files with 235 additions and 207 deletions

18
flake.lock generated
View File

@ -216,11 +216,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1694134858, "lastModified": 1694338541,
"narHash": "sha256-fG/ESauOGmiojKlpJG8gB62dJa5Wd+ZIuiDMKK/HD3g=", "narHash": "sha256-+ZtaNbOwlO1QgYOEvWdhi5wkWjW5Csrboz4xy0WucDg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "19c6a4081b14443420358262f8416149bd79561a", "rev": "f9041d12a90e8bc0c90e03be2ebe26a6c6e6fd70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -331,11 +331,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694062546, "lastModified": 1694343207,
"narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=", "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547", "rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +356,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1692274144, "lastModified": 1694364351,
"narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=", "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa", "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -40,10 +40,12 @@
# My stuff # My stuff
dotfiles = { dotfiles = {
url = "github:walkah/dotfiles"; url = "github:walkah/dotfiles";
inputs.nixpkgs.follows = "nixpkgs"; inputs = {
inputs.home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; home-manager.follows = "home-manager";
inputs.pre-commit-hooks.follows = "pre-commit-hooks"; flake-utils.follows = "flake-utils";
pre-commit-hooks.follows = "pre-commit-hooks";
};
}; };
workon = { workon = {

View File

@ -11,26 +11,31 @@
../../modules/sops ../../modules/sops
]; ];
boot = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default) # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false; loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf # Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true; loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
};
hardware.enableRedistributableFirmware = true;
hardware.raspberry-pi."4".poe-hat.enable = true;
hardware = {
enableRedistributableFirmware = true;
raspberry-pi."4".poe-hat.enable = true;
};
networking = {
# networking.hostName = "nixos"; # Define your hostname. # networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour. # replicates the default behaviour.
networking.useDHCP = false; useDHCP = false;
networking.interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = true; interfaces.wlan0.useDHCP = true;
networking.firewall.enable = false; firewall.enable = false;
};
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;

View File

@ -5,11 +5,14 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ "usbhid" ]; initrd = {
boot.initrd.kernelModules = [ ]; availableKernelModules = [ "usbhid" ];
boot.kernelModules = [ ]; kernelModules = [ ];
boot.extraModulePackages = [ ]; };
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

View File

@ -18,7 +18,6 @@
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
services.lorri.enable = true; services.lorri.enable = true;
services.ipfs.enable = true;
system = { system = {
defaults = { defaults = {

View File

@ -15,13 +15,18 @@
../../modules/sops ../../modules/sops
../../modules/traefik ../../modules/traefik
]; ];
boot = {
loader = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
efi.canTouchEfiVariables = true;
systemd-boot = {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; enable = true;
boot.loader.systemd-boot.configurationLimit = 3; configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true; };
boot.tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; };
};
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
@ -29,11 +34,21 @@
# Set your time zone. # Set your time zone.
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking = {
networking.hostName = "plato"; # Define your hostname. hostName = "plato"; # Define your hostname.
networking.useDHCP = false; useDHCP = false;
networking.interfaces.enp10s0.useDHCP = true; interfaces = {
networking.interfaces.enp9s0.useDHCP = true; enp10s0.useDHCP = true;
enp9s0.useDHCP = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
@ -44,19 +59,20 @@
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ pinentry weechat ]; environment.systemPackages = with pkgs; [ pinentry weechat ];
fileSystems = {
fileSystems."/mnt/downloads" = { "/mnt/downloads" = {
device = "192.168.6.100:/volume1/Downloads"; device = "192.168.6.100:/volume1/Downloads";
fsType = "nfs"; fsType = "nfs";
}; };
fileSystems."/mnt/music" = { "/mnt/music" = {
device = "192.168.6.100:/volume1/Music"; device = "192.168.6.100:/volume1/Music";
fsType = "nfs"; fsType = "nfs";
}; };
fileSystems."/mnt/video" = { "/mnt/video" = {
device = "192.168.6.100:/volume1/Video"; device = "192.168.6.100:/volume1/Video";
fsType = "nfs"; fsType = "nfs";
}; };
};
power.ups = { power.ups = {
enable = true; enable = true;
@ -74,31 +90,8 @@
pinentryFlavor = "curses"; pinentryFlavor = "curses";
}; };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
walkah.coredns = { enable = true; };
services = { services = {
openssh.enable = true;
borgbackup.jobs."borgbase" = { borgbackup.jobs."borgbase" = {
paths = [ paths = [
"/var/lib" "/var/lib"
@ -167,5 +160,20 @@
} }
]; ];
}; };
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
};
walkah.coredns = { enable = true; };
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
}; };
} }

View File

@ -5,8 +5,8 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ initrd.availableKernelModules = [
"uhci_hcd" "uhci_hcd"
"ehci_pci" "ehci_pci"
"ahci" "ahci"
@ -17,9 +17,10 @@
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ]; kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2"; device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";

View File

@ -23,17 +23,27 @@
# Set your time zone. # Set your time zone.
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking.hostName = "socrates"; networking = {
networking.firewall.allowPing = true; hostName = "socrates";
networking.firewall.allowedTCPPorts = [ 80 443 ]; firewall = {
networking.firewall.trustedInterfaces = [ "tailscale0" ]; allowPing = true;
networking.firewall.checkReversePath = "loose"; allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
};
nix = { nix = {
settings.trusted-users = [ "@wheel" "root" ]; settings.trusted-users = [ "@wheel" "root" ];
}; };
security.sudo.wheelNeedsPassword = false; security = {
sudo.wheelNeedsPassword = false;
security = {
acme.acceptTerms = true;
acme.defaults.email = "walkah@walkah.net";
};
};
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
@ -42,9 +52,6 @@
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ ipfs-migrator ]; environment.systemPackages = with pkgs; [ ipfs-migrator ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "walkah@walkah.net";
walkah.coredns = { walkah.coredns = {
enable = true; enable = true;
addr = "100.103.57.96"; addr = "100.103.57.96";

View File

@ -77,24 +77,23 @@ in
databases = [ "akkoma" ]; databases = [ "akkoma" ];
}; };
}; };
sops = {
sops.secrets.akkoma-secret-key-base = { secrets = {
akkoma-secret-key-base = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-signing-salt = {
sops.secrets.akkoma-signing-salt = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-vapid-private-key = {
sops.secrets.akkoma-vapid-private-key = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-vapid-public-key = {
sops.secrets.akkoma-vapid-public-key = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-joken-signer = {
sops.secrets.akkoma-joken-signer = {
owner = akkoma.user; owner = akkoma.user;
}; };
};
};
} }

View File

@ -42,10 +42,11 @@
}; };
}; };
home-manager.useGlobalPkgs = true; home-manager = {
home-manager.useUserPackages = true; useGlobalPkgs = true;
home-manager.users.walkah = import "${dotfiles}/home.nix"; useUserPackages = true;
users.walkah = import "${dotfiles}/home.nix";
};
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
haskellPackages = pkgs.haskellPackages.override { haskellPackages = pkgs.haskellPackages.override {

View File

@ -1,6 +1,7 @@
_: { _: {
nix.distributedBuilds = true; nix = {
nix.buildMachines = [ distributedBuilds = true;
buildMachines = [
{ {
hostName = "plato"; hostName = "plato";
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
@ -9,5 +10,6 @@ _: {
} }
]; ];
nix.linux-builder.enable = true; linux-builder.enable = true;
};
} }

View File

@ -19,7 +19,8 @@
"walkah.chat" = { "walkah.chat" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."= /.well-known/matrix/server".extraConfig = locations = {
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "matrix.walkah.chat:443"; }; let server = { "m.server" = "matrix.walkah.chat:443"; };
in in
'' ''
@ -27,7 +28,7 @@
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON server}'; return 200 '${builtins.toJSON server}';
''; '';
locations."= /.well-known/matrix/client".extraConfig = "= /.well-known/matrix/client".extraConfig =
let let
client = { client = {
"m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; }; "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
@ -39,7 +40,8 @@
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}'; return 200 '${builtins.toJSON client}';
''; '';
locations."/" = { root = pkgs.element-web; }; "/" = { root = pkgs.element-web; };
};
}; };
}; };
}; };

View File

@ -7,9 +7,11 @@ let
in in
{ {
hostname = address; hostname = address;
profiles.system.user = "root"; profiles.system = {
profiles.system.sshUser = sshUser; user = "root";
profiles.system.path = activate.${type} self."${type}Configurations".${hostName}; inherit sshUser;
path = activate.${type} self."${type}Configurations".${hostName};
};
}; };
in in
{ {

View File

@ -1,5 +1,5 @@
## From https://github.com/NixOS/nixpkgs/pull/100871 ## From https://github.com/NixOS/nixpkgs/pull/100871
{ config, lib, pkgs, options, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.ipfs-cluster; cfg = config.services.ipfs-cluster;
@ -11,13 +11,9 @@ let
]; ];
in in
{ {
###### interface ###### interface
options = { options = {
services.ipfs-cluster = { services.ipfs-cluster = {
enable = mkEnableOption enable = mkEnableOption
"Pinset orchestration for IPFS - requires ipfs daemon to be useful"; "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
@ -77,12 +73,11 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ipfs-cluster ]; environment.systemPackages = [ pkgs.ipfs-cluster ];
systemd = {
tmpfiles.rules =
systemd.tmpfiles.rules =
[ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ]; [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
systemd.services.ipfs-cluster-init = { services.ipfs-cluster-init = {
path = [ "/run/wrappers" pkgs.ipfs-cluster ]; path = [ "/run/wrappers" pkgs.ipfs-cluster ];
environment.IPFS_CLUSTER_PATH = cfg.dataDir; environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
@ -103,7 +98,7 @@ in
unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}"; unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
}; };
systemd.services.ipfs-cluster = { services.ipfs-cluster = {
environment.IPFS_CLUSTER_PATH = cfg.dataDir; environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -119,6 +114,7 @@ in
EnvironmentFile = cfg.secretFile; EnvironmentFile = cfg.secretFile;
}; };
}; };
};
networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ]; networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];
}; };
} }

View File

@ -10,8 +10,9 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
]; ];
}; };
home-manager = {
home-manager.useGlobalPkgs = true; useGlobalPkgs = true;
home-manager.useUserPackages = true; useUserPackages = true;
home-manager.users.walkah = import "${dotfiles}/home.nix"; users.walkah = import "${dotfiles}/home.nix";
};
} }