dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add initial config for tower

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-09-08 20:31:44 +01:00
parent 544fcc3d00
commit 64847d5e8e
24 changed files with 171 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.nix
+1
View File
@@ -98,6 +98,7 @@
# Systems # Systems
nixos/installer.nix nixos/installer.nix
nixos/boxes/colony nixos/boxes/colony
nixos/boxes/tower
# Homes # Homes
home-manager/configs/castle.nix home-manager/configs/castle.nix
nixos/boxes/tower/default.nix
+130
View File
@@ -0,0 +1,130 @@
{ lib, ... }: {
nixos.systems.tower = {
system = "x86_64-linux";
nixpkgs = "mine";
home-manager = "mine";
configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }:
let
inherit (lib) mkIf mkMerge mkForce;
in
{
hardware = {
enableRedistributableFirmware = true;
cpu = {
intel.updateMicrocode = true;
};
};
boot = {
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxKernel.packages.linux_5_19;
kernelModules = [ "kvm-intel" ];
kernelParams = [ "intel_iommu=on" ];
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "thunderbolt" ];
luks = {
reusePassphrases = true;
devices = {
persist = {
device = "/dev/disk/by-uuid/27840c6f-445c-4b95-8c39-e69d07219f33";
allowDiscards = true;
preLVM = false;
};
home = {
device = "/dev/disk/by-uuid/c16c5038-7883-42c3-960a-a085a99364eb";
allowDiscards = true;
preLVM = false;
};
};
};
};
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-partuuid/66bc15d3-83dd-ea47-9753-3fb88eab903f";
fsType = "vfat";
};
"/nix" = {
device = "/dev/disk/by-uuid/cd597ff0-ca72-4a13-84c8-91b9c09e0a29";
fsType = "ext4";
};
"/persist" = {
device = "/dev/disk/by-uuid/1e9b6a54-bd8d-4ff3-8c06-7b214a35db57";
fsType = "ext4";
neededForBoot = true;
};
"/home" = {
device = "/dev/disk/by-uuid/5dc99dd6-0d05-45b3-acb6-03c29a9b9388";
fsType = "ext4";
};
};
console.keyMap = "uk";
services = {
lvm = {
boot.thin.enable = true;
dmeventd.enable = true;
};
fstrim.enable = true;
resolved = {
enable = true;
extraConfig = mkForce "";
};
};
networking = {
networkmanager = {
enable = true;
dns = "systemd-resolved";
wifi = {
backend = "wpa_supplicant";
};
extraConfig = ''
[main]
no-auto-default=*
'';
};
};
environment.systemPackages = with pkgs; [
dhcpcd
pciutils
usbutils
lm_sensors
linuxPackages.cpupower
brightnessctl
];
systemd = {
network = {
links = {
"10-wifi" = {
matchConfig.MACAddress = "8c:f8:c5:55:96:1e";
linkConfig.Name = "wifi";
};
};
};
};
my = {
user = {
tmphome = false;
};
#deploy.generate.system.mode = "boot";
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOU+UxJh8PZoiXV+0CRumv9Xsk6Fks4YMYRZcThmaJkB";
};
firewall = {
enable = true;
};
};
};
};
}
nixos/modules/common.nix
+1
View File
@@ -86,6 +86,7 @@ in
}; };
time.timeZone = mkDefault "Europe/Dublin"; time.timeZone = mkDefault "Europe/Dublin";
i18n.defaultLocale = "en_IE.UTF-8";
boot = { boot = {
# Use latest LTS release by default # Use latest LTS release by default
nixos/modules/tmproot.nix
+3
View File
@@ -337,6 +337,9 @@ in
"/var/lib/cni" "/var/lib/cni"
]; ];
}) })
(mkIf config.networking.networkmanager.enable {
my.tmproot.persistence.config.directories = [ "/var/lib/NetworkManager" ];
})
(mkIf config.my.build.isDevVM { (mkIf config.my.build.isDevVM {
fileSystems = mkVMOverride { fileSystems = mkVMOverride {
# Hijack the "root" device for persistence in the VM # Hijack the "root" device for persistence in the VM
nixos/modules/user.nix
+2 -1
View File
@@ -11,6 +11,7 @@ in
options.my.user = with lib.types; { options.my.user = with lib.types; {
enable = mkBoolOpt' true "Whether to create a primary user."; enable = mkBoolOpt' true "Whether to create a primary user.";
passwordSecret = mkOpt' (nullOr str) "user-passwd.txt" "Name of user password secret."; passwordSecret = mkOpt' (nullOr str) "user-passwd.txt" "Name of user password secret.";
tmphome = mkBoolOpt' true "Whether to persist home directory files under tmproot";
config = mkOption { config = mkOption {
type = options.users.users.type.nestedTypes.elemType; type = options.users.users.type.nestedTypes.elemType;
default = { }; default = { };
@@ -46,7 +47,7 @@ in
_module.args.name = lib.mkForce user'.name; _module.args.name = lib.mkForce user'.name;
}; };
}; };
tmproot = { tmproot = mkIf cfg.tmphome {
unsaved.ignore = [ unsaved.ignore = [
# Auto-generated (on activation?) # Auto-generated (on activation?)
"/home/${user'.name}/.nix-profile" "/home/${user'.name}/.nix-profile"
secrets/chatterbox/nul.ie.signing.key.age
+8 -9
View File
@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 ZB3e6Q iCLxItNihRG7KUDgcUm4vrtWQblN5hdYwvAegw0m5DQ -> ssh-ed25519 ZB3e6Q LYlElJVGV47nZ5AxrU6C8AfCrK3Br1DqMnozUVbzXAY
nQSrxGdOaWjtjYssejOg1DoNRnIYNznRzDJUEcWCUgA DthCj922i2ud9PJrBtVpkF6Mvs0tG/xQViIZxNewI9Q
-> X25519 eE1k40fJ67VXFqUJ8pB2Ll8/s1K0kD3YkfMQnOqKiTw -> X25519 D3YiBnszJ0a/e5VOVEonqGB7T0OWC7p7w3cNU7G3skc
nH9+nHG8pAVLn5krLSNGc18FEMcp6o5NKkf/ciuFPY8 /IQOnNqHGu/nY1g6QijCr5mpfmGEs6SAGK9/jiOqtd4
-> U|8z(Y7-grease n 6 -> $Yg5VBMZ-grease XSfpS" k} (
DNyQQUnKJ9kGTrZY0pj67eeuEMpyn69awH4v0+RZiS9GaVRNPz9dv6VfzI178NDv EPfUi7eQKyf8bB6C9PIvVieDte6X7IR54zhP+CcmAw
wb2gQLYc/5QFlvKo1pYx12AxxF3LvrwhNm8w9nvVjXUzFqn7SvoFxszxtw --- KflE5p2fLkFzlQbOCpF/lZWO6Nq2m273tgE0/UqMeS4
--- bQBm6Njo6zu9+Xwao1BlMfBUXYL8TbytByW27Hde/Tg
ÁÑv€÷ò\ˆ'îì_½­ÍHýºûž‚(=a°ÈJf¤³¼+ïïšRëè»íš,(ã’+¤Wù{?˜ZnßQûæ~Ña´>—º)º¹…gF‰X³rM4•ºy‰
secrets/chatterbox/synapse.yaml.age
BIN
View File
Binary file not shown.
secrets/dhparams.pem.age
BIN
View File
Binary file not shown.
secrets/estuary/netdata/powerdns.conf.age
BIN
View File
Binary file not shown.
secrets/estuary/netdata/powerdns_recursor.conf.age
BIN
View File
Binary file not shown.
secrets/estuary/pdns/auth.conf.age
+9 -9
View File
@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 n8CpUw gSOLNKBwaCiP9TqcaIBrRF7HnQrXziYl13GzjVS1ryk -> ssh-ed25519 n8CpUw +WNV+VmndEK6SO6/M0Mh7XdMSquucY7JCiP1vzoOpzo
kgXnpg8IMVfNnb9meGPbAYGbgkeiWF5USDd7KlJGJmA JnOXYQ14pYWebHAmdkBz916L1CtE6vzQuIq3wi1cQT4
-> X25519 oL6s/UbRmFIcZ62H7766Q0Bu4KoFwzICgGPB/ogTvj0 -> X25519 drGGpRjQ3kFmp61N+iY00xmoBzcXwZm0FQsc6DYp/C0
FTWqAvm3Eq2AzhC+5xAUGMuZYbVtrPt+c1QBtXMdv/A bEHnwq7dkfrFOHGiGWZC4CT9PIndHoaj4Od4U9xpcKs
-> 54{PX{A-grease CyetKe> >}$Pn iQ)-0sK r -> a3$-grease
68Ze/tRYRoVy0x619dD1ibTGYaAGoljMxE2Ll5Sx+V9jRzi/DHtq/xyQTgvJfv3z jvREqtF9g1ba8FTAJ6d6z6AjWLn8+U5dbQ5awJr5VHjIxAKeyP6W1TxtCkOXAXqE
JM7E+KJZetXLLlvpOGKw3GBm d8Yk0M+aZi4
--- TWJdBHQyXz0rCxKloRqmXut0GODBw32Lwjnj9gFJAFI --- KXJZwwgadyYXvRvO2iL3Kz9UtXhVFvJj/GphM24WH94
±Û!= «ÓýƒI0ràÁ°J¿vùé#(è2š¶R´8 [-VI}pç,}v±jþHÙ# qJ?‹¦ï!δv›~PŸ™ ™Ô¨WW¿·ÝÖ5”q–„=öŠÊûb~Møëþ¼J~ú’L ÕÆô¥dBº„¥?Iî…Nm=P ŒïÜÒ0_Yê,^åGÙi³3‘
secrets/estuary/pdns/recursor.conf.age
BIN
View File
Binary file not shown.
secrets/hercules/aws-credentials.ini.age
BIN
View File
Binary file not shown.
secrets/hercules/binary-caches.json.age
BIN
View File
Binary file not shown.
secrets/hercules/cluster-join-token.key.age
BIN
View File
Binary file not shown.
secrets/jackflix/mullvad-privkey.age
BIN
View File
Binary file not shown.
secrets/middleman/cloudflare-credentials.conf.age
BIN
View File
Binary file not shown.
secrets/middleman/nginx-sso.yaml.age
BIN
View File
Binary file not shown.
secrets/minio.env.age
BIN
View File
Binary file not shown.
secrets/nix-cache-gc.ini.age
BIN
View File
Binary file not shown.
secrets/pdns-file-records.key.age
BIN
View File
Binary file not shown.
secrets/user-passwd.txt.age
BIN
View File
Binary file not shown.
secrets/vaultwarden.env.age
+8 -8
View File
@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 HJ/J7A A4ybdNG0bDSIBDnjktzi1DpmGrkvNt0SE+YqCHNokEg -> ssh-ed25519 HJ/J7A NqWZhc47n2idkqNF0eDDxRnSxqVUDjbcO1o0y5BP1zs
gwL+6yhXPM3oFkq3S/4PlWzi1h43yBRW1atvYbg2Ax4 XxVv9/92wbfmVjLkcaPa2a3tG3Sum1BMah76TlwkWDo
-> X25519 R8AIKLRKCLCUmJB3A/z+9iQOfwbqNRm7GgZQX1PgHXM -> X25519 PQawUoZR/P8odnakuANiD412yhi9KUrMUNJqAajHsWU
nP+UagGakkcI4c59CHSldzGvJLzDXJE16u+LggSLUcM 4WfDINFhcVwpUNrauwPHKcj12WUHIsBoDcfwUtfGMDs
-> iS[]-grease -> u-grease s]
NLqKdqlhdrhVyfNihGFsQC+jvA9wu60 jQtjx5qzgSmYzBa1eg
--- KDffMrsRX2L2uqdu0ReWQnIcqkYjWfNh4s7KgXTYpDA --- I1w442aozyjdXob2uZTFHsPllJZvTUOVSYQlAf52Mt8
ÿ-»”)ö¯hèiŽ@X"Ä€eëõ¯Æ©ñq}Ja&rJ â!IÅÛÖ:™7;~çv¼ÕìÏ-µÃãýâ*=úeóN¿ðšKbÔWp#–ñBÍÈmÇuxï´q™¡ÓXnñ+«âBÇGðaLÈ‚ÝDer¢O1•^¸t]c"dšRRû¬ø°G|Q fÔŒ¦£¸ÙΓjJ1Uñ`ÿÕ
secrets/whale2/valheim.env.age
+9 -9
View File
@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 /EJXvg b3pIwQhBXVof+e+HdCC16M5tc0VuUvvKF+Fj2pytlEE -> ssh-ed25519 /EJXvg zqgNJtsJoogjGP75yueFFWd3oe0H64W5CQcujNCWZ0M
NwnBuKXpj9eP1k7D+U2J7Ms7q5kbB4E2zpH34Sx7MzY cVeKmN0jo/y7n5QS2Dp4U0uxK+jGwlQnwXNxR87z020
-> X25519 w3Wk4YORf+FrC94zpv8TqrwEWDJpuC8IE2YWn6TWRns -> X25519 J2MeXbL+kGLV3MePB1RMphd7XUfAiL7BTfRWut5lkTE
xWF9B4SfS2Gun3xMJodwU0WRtd1GmC3NpyW0xb/K2Sw PlaRjS9QfL0R1wTx5XJNhjOn2PCG/6QIT3x8I5QG9wo
-> IuQD#-grease gEpQSQM` -> |#-grease t|Z9XXy p:XF
fjTI1cPFEs0gIqaF5NDOQcqNmfLDStGXaBUjEYa/JjAV7MCTRjpdUU/5DtkH33av LPPVfms2cH4f51GHS7rSwzBOBQulDAANNYGwl22AkZfSNHotvpHdguuJ0S1D+aEj
Ji1k8hfgxQ d7jlo/xce10TcNJwKYNeTn775g
--- UTwjr4FXUeSfijgp5VAZIIGmV/lsfxGwHFUHkC9jHrg --- l2P0/sNogMDU0AmwSuK8BPJnXTj3a7jwwQ0P7ho8Etw
=!béó&W\0Op([ÙË[ÏŸÔ]­_4¹J8¾ö‹A‡Œi9’‰ì3®@°»~I÷§–‰5 52F4ÁbC涹‘¹&à…iKÛÑ/†™§AYÇÕx&Ô­/ŸŒg›ðQ&zIògÌ$dÐÄmdùÙ