diff options
Diffstat (limited to '')
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy.nix | 20 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/rivendell.nix | 25 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm.nix | 34 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/hardware/baremetal.nix | 17 | ||||
| -rw-r--r-- | modules/nixos/hardware/default.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/hardware/do-droplet.nix | 71 | ||||
| -rw-r--r-- | modules/nixos/nix.nix | 36 | ||||
| -rw-r--r-- | profiles/defaults.nix | 34 | ||||
| -rw-r--r-- | profiles/hardware/do-droplet.nix | 67 | ||||
| -rw-r--r-- | profiles/hardware/framework-desktop.nix | 30 | ||||
| -rw-r--r-- | profiles/hardware/synology-vm.nix | 22 |
12 files changed, 174 insertions, 191 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix index bac3885..dd20df3 100644 --- a/machines/nixos/x86_64-linux/do-rproxy.nix +++ b/machines/nixos/x86_64-linux/do-rproxy.nix @@ -3,11 +3,19 @@ lib, pkgs, config, - modulesPath, adminUser, ... }: { + imports = [ + ../../../profiles/cgroups.nix + ../../../profiles/defaults.nix + ../../../profiles/disk/basic-vm.nix + ../../../profiles/hardware/do-droplet.nix + ../../../profiles/home-manager.nix + ../../../profiles/server.nix + ]; + age = { secrets = { cloudflare-nginx = { @@ -19,14 +27,6 @@ }; }; - imports = [ - (modulesPath + "/virtualisation/digital-ocean-config.nix") - ../../../profiles/disk/basic-vm.nix - ../../../profiles/defaults.nix - ../../../profiles/server.nix - ../../../profiles/cgroups.nix - ]; - disko.devices.disk.disk1.device = "/dev/vda"; networking.hostName = "do-rproxy"; @@ -57,8 +57,6 @@ networking.firewall.trustedInterfaces = [ "wg0" ]; networking.firewall.allowedUDPPorts = [ 51871 ]; - my.modules.hardware.do-droplet.enable = true; - system.stateVersion = "25.05"; # Did you read the comment? networking.firewall.allowedTCPPorts = [ diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix index 969133c..90fbce3 100644 --- a/machines/nixos/x86_64-linux/rivendell.nix +++ b/machines/nixos/x86_64-linux/rivendell.nix @@ -1,19 +1,17 @@ { lib, config, - modulesPath, - inputs, adminUser, ... }: { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series - ../../../profiles/disk/btrfs-on-luks.nix ../../../profiles/cgroups.nix ../../../profiles/defaults.nix + ../../../profiles/disk/btrfs-on-luks.nix ../../../profiles/forgejo.nix + ../../../profiles/hardware/framework-desktop.nix + ../../../profiles/home-manager.nix ../../../profiles/keycloak.nix ../../../profiles/remote-unlock.nix ../../../profiles/server.nix @@ -31,21 +29,7 @@ }; }; - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usbhid" - "usb_storage" - "sd_mod" - "r8169" # ethernet driver - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; networking.hostName = "rivendell"; networking.useDHCP = lib.mkDefault true; @@ -95,13 +79,12 @@ ]; }; - my.modules.hardware.baremetal.enable = true; - home-manager = { users.${adminUser.name} = { imports = [ ../../../home/profiles/minimal.nix ]; + inherit (adminUser) userinfo; }; }; diff --git a/machines/nixos/x86_64-linux/synology-vm.nix b/machines/nixos/x86_64-linux/synology-vm.nix index 0ffe222..1b9b7e7 100644 --- a/machines/nixos/x86_64-linux/synology-vm.nix +++ b/machines/nixos/x86_64-linux/synology-vm.nix @@ -1,11 +1,18 @@ { - modulesPath, lib, adminUser, config, ... }: { + imports = [ + ../../../profiles/cgroups.nix + ../../../profiles/defaults.nix + ../../../profiles/disk/basic-vm.nix + ../../../profiles/home-manager.nix + ../../../profiles/server.nix + ]; + age = { secrets = { restic_gcs_credentials = { @@ -23,31 +30,6 @@ }; }; - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/installer/scan/not-detected.nix") - ../../../profiles/defaults.nix - ../../../profiles/server.nix - ../../../profiles/cgroups.nix - ../../../profiles/disk/basic-vm.nix - ]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.enable = true; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index c214a72..21f6d26 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,10 +2,8 @@ { imports = [ ./backups.nix - ./hardware ./home-manager.nix ./nas-client.nix - ./nix.nix ./user.nix ]; } diff --git a/modules/nixos/hardware/baremetal.nix b/modules/nixos/hardware/baremetal.nix deleted file mode 100644 index 884fa00..0000000 --- a/modules/nixos/hardware/baremetal.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.my.modules.hardware.baremetal; -in -{ - options.my.modules.hardware.baremetal = { - enable = lib.mkEnableOption "Baremetal hardware defaults"; - }; - - config = lib.mkIf cfg.enable { - services.fwupd.enable = true; - hardware.enableRedistributableFirmware = true; - - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - }; -} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix deleted file mode 100644 index 66ed2ee..0000000 --- a/modules/nixos/hardware/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./baremetal.nix - ./do-droplet.nix - ]; -} diff --git a/modules/nixos/hardware/do-droplet.nix b/modules/nixos/hardware/do-droplet.nix deleted file mode 100644 index 369d600..0000000 --- a/modules/nixos/hardware/do-droplet.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.my.modules.hardware.do-droplet; -in -{ - options.my.modules.hardware.do-droplet = { - enable = lib.mkEnableOption "DigitalOcean Droplet hardware defaults"; - }; - - config = lib.mkIf cfg.enable { - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - networking.useDHCP = lib.mkForce false; - - # this one seems to always be broken - systemd.services.growpart.enable = lib.mkForce false; - - # in order to get networking setup we need to enable it in cloud-init - # Disables all modules that do not work with NixOS - # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix - services.cloud-init = { - enable = true; - network.enable = true; - settings = { - datasource_list = [ - "ConfigDrive" - "Digitalocean" - ]; - datasource.ConfigDrive = { }; - datasource.Digitalocean = { }; - # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl - cloud_init_modules = [ - "seed_random" - "bootcmd" - "write_files" - "growpart" - "resizefs" - "set_hostname" - "update_hostname" - "set_password" - ]; - cloud_config_modules = [ - "ssh-import-id" - "keyboard" - "runcmd" - "disable_ec2_metadata" - ]; - cloud_final_modules = [ - "write_files_deferred" - "puppet" - "chef" - "ansible" - "mcollective" - "salt_minion" - "reset_rmc" - "scripts_per_once" - "scripts_per_boot" - "scripts_user" - "ssh_authkey_fingerprints" - "keys_to_console" - "install_hotplug" - "phone_home" - "final_message" - ]; - }; - }; - }; -} diff --git a/modules/nixos/nix.nix b/modules/nixos/nix.nix deleted file mode 100644 index 34afa21..0000000 --- a/modules/nixos/nix.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, lib, ... }: -{ - nix = { - gc = { - automatic = true; - options = "--delete-older-than 14d"; - }; - - optimise.automatic = true; - - extraOptions = '' - tarball-ttl = 900 - ''; - - package = pkgs.nixVersions.stable; - - settings = { - trusted-substituters = [ - "https://cachix.cachix.org" - "https://nixpkgs.cachix.org" - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - trusted-users = [ "root" ]; - experimental-features = lib.mkDefault [ - "nix-command" - "flakes" - ]; - }; - }; -} diff --git a/profiles/defaults.nix b/profiles/defaults.nix index 7c8a7fb..80292b6 100644 --- a/profiles/defaults.nix +++ b/profiles/defaults.nix @@ -16,6 +16,40 @@ }; }; + nix = { + gc = { + automatic = true; + options = "--delete-older-than 14d"; + }; + + optimise.automatic = true; + + extraOptions = '' + tarball-ttl = 900 + ''; + + package = pkgs.nixVersions.stable; + + settings = { + trusted-substituters = [ + "https://cachix.cachix.org" + "https://nixpkgs.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ "root" ]; + experimental-features = lib.mkDefault [ + "nix-command" + "flakes" + ]; + }; + }; + networking = { useNetworkd = true; # Used by systemd-resolved, not directly by resolv.conf. diff --git a/profiles/hardware/do-droplet.nix b/profiles/hardware/do-droplet.nix new file mode 100644 index 0000000..0744181 --- /dev/null +++ b/profiles/hardware/do-droplet.nix @@ -0,0 +1,67 @@ +{ modulesPath, lib, ... }: +{ + + imports = [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + ]; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.useDHCP = lib.mkForce false; + + # this one seems to always be broken + systemd.services.growpart.enable = lib.mkForce false; + + # in order to get networking setup we need to enable it in cloud-init + # Disables all modules that do not work with NixOS + # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix + services.cloud-init = { + enable = true; + network.enable = true; + settings = { + datasource_list = [ + "ConfigDrive" + "Digitalocean" + ]; + datasource.ConfigDrive = { }; + datasource.Digitalocean = { }; + # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl + cloud_init_modules = [ + "seed_random" + "bootcmd" + "write_files" + "growpart" + "resizefs" + "set_hostname" + "update_hostname" + "set_password" + ]; + cloud_config_modules = [ + "ssh-import-id" + "keyboard" + "runcmd" + "disable_ec2_metadata" + ]; + cloud_final_modules = [ + "write_files_deferred" + "puppet" + "chef" + "ansible" + "mcollective" + "salt_minion" + "reset_rmc" + "scripts_per_once" + "scripts_per_boot" + "scripts_user" + "ssh_authkey_fingerprints" + "keys_to_console" + "install_hotplug" + "phone_home" + "final_message" + ]; + }; + }; +} diff --git a/profiles/hardware/framework-desktop.nix b/profiles/hardware/framework-desktop.nix new file mode 100644 index 0000000..85580d1 --- /dev/null +++ b/profiles/hardware/framework-desktop.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: +{ + imports = [ + inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series + ]; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + + boot.kernelModules = [ + "kvm-amd" + "k10temp" + "nct6775" + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "r8169" # ethernet driver + "sd_mod" + "thunderbolt" + "usb_storage" + "usbhid" + "xhci_pci" + ]; + + services.fwupd.enable = true; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; +} diff --git a/profiles/hardware/synology-vm.nix b/profiles/hardware/synology-vm.nix new file mode 100644 index 0000000..7d784eb --- /dev/null +++ b/profiles/hardware/synology-vm.nix @@ -0,0 +1,22 @@ +{ lib, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} |