walkah/athens
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

🚨 statix updates

Browse Source
This commit is contained in:
James Walker 2023-09-10 14:27:05 -04:00
parent ccdea6b752
commit 4066c2b6a9
Signed by: walkah
GPG Key ID: 3C127179D6086E93
15 changed files with 235 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock generated
View File

@ -216,11 +216,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1694134858, "lastModified": 1694338541,
"narHash": "sha256-fG/ESauOGmiojKlpJG8gB62dJa5Wd+ZIuiDMKK/HD3g=", "narHash": "sha256-+ZtaNbOwlO1QgYOEvWdhi5wkWjW5Csrboz4xy0WucDg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "19c6a4081b14443420358262f8416149bd79561a", "rev": "f9041d12a90e8bc0c90e03be2ebe26a6c6e6fd70",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -331,11 +331,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694062546, "lastModified": 1694343207,
"narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=", "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547", "rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +356,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1692274144, "lastModified": 1694364351,
"narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=", "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa", "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"type": "github" "type": "github"
}, },
"original": { "original": {

10
flake.nix
View File

@ -40,10 +40,12 @@
# My stuff # My stuff
dotfiles = { dotfiles = {
url = "github:walkah/dotfiles"; url = "github:walkah/dotfiles";
inputs.nixpkgs.follows = "nixpkgs"; inputs = {
inputs.home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; home-manager.follows = "home-manager";
inputs.pre-commit-hooks.follows = "pre-commit-hooks"; flake-utils.follows = "flake-utils";
pre-commit-hooks.follows = "pre-commit-hooks";
};
}; };
workon = { workon = {

39
hosts/aristotle/configuration.nix
View File

@ -11,26 +11,31 @@
../../modules/sops ../../modules/sops
]; ];
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot = {
boot.loader.grub.enable = false; # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
# Enables the generation of /boot/extlinux/extlinux.conf loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; loader.generic-extlinux-compatible.enable = true;
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
};
hardware.enableRedistributableFirmware = true; hardware = {
hardware.raspberry-pi."4".poe-hat.enable = true; enableRedistributableFirmware = true;
raspberry-pi."4".poe-hat.enable = true;
};
networking = {
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.hostName = "nixos"; # Define your hostname. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
# The global useDHCP flag is deprecated, therefore explicitly set to false here. useDHCP = false;
# Per-interface useDHCP will be mandatory in the future, so this generated config interfaces.eth0.useDHCP = true;
# replicates the default behaviour. interfaces.wlan0.useDHCP = true;
networking.useDHCP = false; firewall.enable = false;
networking.interfaces.eth0.useDHCP = true; };
networking.interfaces.wlan0.useDHCP = true;
networking.firewall.enable = false;
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;

13
hosts/aristotle/hardware-configuration.nix
View File

@ -5,11 +5,14 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ "usbhid" ]; initrd = {
boot.initrd.kernelModules = [ ]; availableKernelModules = [ "usbhid" ];
boot.kernelModules = [ ]; kernelModules = [ ];
boot.extraModulePackages = [ ]; };
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

1
hosts/heraclitus/darwin-configuration.nix
View File

@ -18,7 +18,6 @@
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
services.lorri.enable = true; services.lorri.enable = true;
services.ipfs.enable = true;
system = { system = {
defaults = { defaults = {

102
hosts/plato/configuration.nix
View File

@ -15,13 +15,18 @@
../../modules/sops ../../modules/sops
../../modules/traefik ../../modules/traefik
]; ];
boot = {
# Use the systemd-boot EFI boot loader. loader = {
boot.loader.systemd-boot.enable = true; binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.loader.systemd-boot.configurationLimit = 3; efi.canTouchEfiVariables = true;
boot.loader.efi.canTouchEfiVariables = true; systemd-boot = {
boot.tmp.cleanOnBoot = true; # Use the systemd-boot EFI boot loader.
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; enable = true;
configurationLimit = 3;
};
tmp.cleanOnBoot = true;
};
};
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
@ -29,11 +34,21 @@
# Set your time zone. # Set your time zone.
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking = {
networking.hostName = "plato"; # Define your hostname. hostName = "plato"; # Define your hostname.
networking.useDHCP = false; useDHCP = false;
networking.interfaces.enp10s0.useDHCP = true; interfaces = {
networking.interfaces.enp9s0.useDHCP = true; enp10s0.useDHCP = true;
enp9s0.useDHCP = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
@ -44,18 +59,19 @@
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ pinentry weechat ]; environment.systemPackages = with pkgs; [ pinentry weechat ];
fileSystems = {
fileSystems."/mnt/downloads" = { "/mnt/downloads" = {
device = "192.168.6.100:/volume1/Downloads"; device = "192.168.6.100:/volume1/Downloads";
fsType = "nfs"; fsType = "nfs";
}; };
fileSystems."/mnt/music" = { "/mnt/music" = {
device = "192.168.6.100:/volume1/Music"; device = "192.168.6.100:/volume1/Music";
fsType = "nfs"; fsType = "nfs";
}; };
fileSystems."/mnt/video" = { "/mnt/video" = {
device = "192.168.6.100:/volume1/Video"; device = "192.168.6.100:/volume1/Video";
fsType = "nfs"; fsType = "nfs";
};
}; };
power.ups = { power.ups = {
@ -74,31 +90,8 @@
pinentryFlavor = "curses"; pinentryFlavor = "curses";
}; };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
walkah.coredns = { enable = true; };
services = { services = {
openssh.enable = true;
borgbackup.jobs."borgbase" = { borgbackup.jobs."borgbase" = {
paths = [ paths = [
"/var/lib" "/var/lib"
@ -167,5 +160,20 @@
} }
]; ];
}; };
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
};
walkah.coredns = { enable = true; };
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
}; };
} }

31
hosts/plato/hardware-configuration.nix
View File

@ -5,21 +5,22 @@
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ initrd.availableKernelModules = [
"uhci_hcd" "uhci_hcd"
"ehci_pci" "ehci_pci"
"ahci" "ahci"
"xhci_pci" "xhci_pci"
"firewire_ohci" "firewire_ohci"
"usb_storage" "usb_storage"
"usbhid" "usbhid"
"sd_mod" "sd_mod"
"sr_mod" "sr_mod"
]; ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ]; kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2"; device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";

25
hosts/socrates/configuration.nix
View File

@ -23,17 +23,27 @@
# Set your time zone. # Set your time zone.
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking.hostName = "socrates"; networking = {
networking.firewall.allowPing = true; hostName = "socrates";
networking.firewall.allowedTCPPorts = [ 80 443 ]; firewall = {
networking.firewall.trustedInterfaces = [ "tailscale0" ]; allowPing = true;
networking.firewall.checkReversePath = "loose"; allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
};
nix = { nix = {
settings.trusted-users = [ "@wheel" "root" ]; settings.trusted-users = [ "@wheel" "root" ];
}; };
security.sudo.wheelNeedsPassword = false; security = {
sudo.wheelNeedsPassword = false;
security = {
acme.acceptTerms = true;
acme.defaults.email = "walkah@walkah.net";
};
};
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
@ -42,9 +52,6 @@
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
environment.systemPackages = with pkgs; [ ipfs-migrator ]; environment.systemPackages = with pkgs; [ ipfs-migrator ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "walkah@walkah.net";
walkah.coredns = { walkah.coredns = {
enable = true; enable = true;
addr = "100.103.57.96"; addr = "100.103.57.96";

37
modules/akkoma/default.nix
View File

@ -77,24 +77,23 @@ in
databases = [ "akkoma" ]; databases = [ "akkoma" ];
}; };
}; };
sops = {
sops.secrets.akkoma-secret-key-base = { secrets = {
owner = akkoma.user; akkoma-secret-key-base = {
}; owner = akkoma.user;
};
sops.secrets.akkoma-signing-salt = { akkoma-signing-salt = {
owner = akkoma.user; owner = akkoma.user;
}; };
akkoma-vapid-private-key = {
sops.secrets.akkoma-vapid-private-key = { owner = akkoma.user;
owner = akkoma.user; };
}; akkoma-vapid-public-key = {
owner = akkoma.user;
sops.secrets.akkoma-vapid-public-key = { };
owner = akkoma.user; akkoma-joken-signer = {
}; owner = akkoma.user;
};
sops.secrets.akkoma-joken-signer = { };
owner = akkoma.user;
}; };
} }

9
modules/base/darwin.nix
View File

@ -42,10 +42,11 @@
}; };
}; };
home-manager.useGlobalPkgs = true; home-manager = {
home-manager.useUserPackages = true; useGlobalPkgs = true;
home-manager.users.walkah = import "${dotfiles}/home.nix"; useUserPackages = true;
users.walkah = import "${dotfiles}/home.nix";
};
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
haskellPackages = pkgs.haskellPackages.override { haskellPackages = pkgs.haskellPackages.override {

22
modules/builder/default.nix
View File

@ -1,13 +1,15 @@
_: { _: {
nix.distributedBuilds = true; nix = {
nix.buildMachines = [ distributedBuilds = true;
{ buildMachines = [
hostName = "plato"; {
systems = [ "x86_64-linux" "aarch64-linux" ]; hostName = "plato";
maxJobs = 6; systems = [ "x86_64-linux" "aarch64-linux" ];
supportedFeatures = [ "benchmark" "big-parallel" "kvm" ]; maxJobs = 6;
} supportedFeatures = [ "benchmark" "big-parallel" "kvm" ];
]; }
];
nix.linux-builder.enable = true; linux-builder.enable = true;
};
} }

44
modules/matrix/nginx.nix
View File

@ -19,27 +19,29 @@
"walkah.chat" = { "walkah.chat" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."= /.well-known/matrix/server".extraConfig = locations = {
let server = { "m.server" = "matrix.walkah.chat:443"; }; "= /.well-known/matrix/server".extraConfig =
in let server = { "m.server" = "matrix.walkah.chat:443"; };
'' in
default_type application/json; ''
add_header Access-Control-Allow-Origin *; default_type application/json;
return 200 '${builtins.toJSON server}'; add_header Access-Control-Allow-Origin *;
''; return 200 '${builtins.toJSON server}';
locations."= /.well-known/matrix/client".extraConfig = '';
let "= /.well-known/matrix/client".extraConfig =
client = { let
"m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; }; client = {
"org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; }; "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
}; "org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; };
in };
'' in
default_type application/json; ''
add_header Access-Control-Allow-Origin *; default_type application/json;
return 200 '${builtins.toJSON client}'; add_header Access-Control-Allow-Origin *;
''; return 200 '${builtins.toJSON client}';
locations."/" = { root = pkgs.element-web; }; '';
"/" = { root = pkgs.element-web; };
};
}; };
}; };
}; };

8
nix/deploy.nix
View File

@ -7,9 +7,11 @@ let
in in
{ {
hostname = address; hostname = address;
profiles.system.user = "root"; profiles.system = {
profiles.system.sshUser = sshUser; user = "root";
profiles.system.path = activate.${type} self."${type}Configurations".${hostName}; inherit sshUser;
path = activate.${type} self."${type}Configurations".${hostName};
};
}; };
in in
{ {

74
services/ipfs-cluster.nix
View File

@ -1,5 +1,5 @@
## From https://github.com/NixOS/nixpkgs/pull/100871 ## From https://github.com/NixOS/nixpkgs/pull/100871
{ config, lib, pkgs, options, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.ipfs-cluster; cfg = config.services.ipfs-cluster;
@ -11,13 +11,9 @@ let
]; ];
in in
{ {
###### interface ###### interface
options = { options = {
services.ipfs-cluster = { services.ipfs-cluster = {
enable = mkEnableOption enable = mkEnableOption
"Pinset orchestration for IPFS - requires ipfs daemon to be useful"; "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
@ -77,46 +73,46 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.ipfs-cluster ]; environment.systemPackages = [ pkgs.ipfs-cluster ];
systemd = {
tmpfiles.rules =
[ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
services.ipfs-cluster-init = {
path = [ "/run/wrappers" pkgs.ipfs-cluster ];
environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "default.target" ];
systemd.tmpfiles.rules = serviceConfig = {
[ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ]; # "" clears exec list (man systemd.service -> execStart)
ExecStart = [
systemd.services.ipfs-cluster-init = { ""
path = [ "/run/wrappers" pkgs.ipfs-cluster ]; "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
environment.IPFS_CLUSTER_PATH = cfg.dataDir; ];
wantedBy = [ "default.target" ]; Type = "oneshot";
RemainAfterExit = true;
serviceConfig = { User = cfg.user;
# "" clears exec list (man systemd.service -> execStart) Group = cfg.group;
ExecStart = [ } // optionalAttrs (cfg.secretFile != null) {
"" EnvironmentFile = cfg.secretFile;
"${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}" };
]; unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
Type = "oneshot";
RemainAfterExit = true;
User = cfg.user;
Group = cfg.group;
} // optionalAttrs (cfg.secretFile != null) {
EnvironmentFile = cfg.secretFile;
}; };
unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
};
systemd.services.ipfs-cluster = { services.ipfs-cluster = {
environment.IPFS_CLUSTER_PATH = cfg.dataDir; environment.IPFS_CLUSTER_PATH = cfg.dataDir;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "ipfs-cluster-init.service" ]; wants = [ "ipfs-cluster-init.service" ];
after = [ "ipfs-cluster-init.service" ]; after = [ "ipfs-cluster-init.service" ];
serviceConfig = { serviceConfig = {
ExecStart = ExecStart =
[ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ]; [ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ];
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
} // optionalAttrs (cfg.secretFile != null) { } // optionalAttrs (cfg.secretFile != null) {
EnvironmentFile = cfg.secretFile; EnvironmentFile = cfg.secretFile;
};
}; };
}; };
networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ]; networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];

9
users/walkah.nix
View File

@ -10,8 +10,9 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
]; ];
}; };
home-manager = {
home-manager.useGlobalPkgs = true; useGlobalPkgs = true;
home-manager.useUserPackages = true; useUserPackages = true;
home-manager.users.walkah = import "${dotfiles}/home.nix"; users.walkah = import "${dotfiles}/home.nix";
};
} }