From 76d227f72120247640559e96bf82b51fbab69b0e Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 21 Jul 2025 08:09:23 -0700 Subject: move machines definitions to top-level --- machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix | 61 ++++++++++++++++++++++ machines/darwin/aarch64-darwin/mba-m2.nix | 65 ++++++++++++++++++++++++ machines/nixos/x86_64-linux/vm-synology.nix | 53 +++++++++++++++++++ 3 files changed, 179 insertions(+) create mode 100644 machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix create mode 100644 machines/darwin/aarch64-darwin/mba-m2.nix create mode 100644 machines/nixos/x86_64-linux/vm-synology.nix (limited to 'machines') diff --git a/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix b/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix new file mode 100644 index 0000000..dd38c6f --- /dev/null +++ b/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix @@ -0,0 +1,61 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + "${self}/nix/profiles/nix.nix" + ]; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ grpcurl ]; + imports = [ + "${self}/nix/users/profiles/mac.nix" + "${self}/nix/users/profiles/work.nix" + ]; + inherit (adminUser) userinfo; + programs.git.userEmail = "fcuny@roblox.com"; + }; +} diff --git a/machines/darwin/aarch64-darwin/mba-m2.nix b/machines/darwin/aarch64-darwin/mba-m2.nix new file mode 100644 index 0000000..a97327b --- /dev/null +++ b/machines/darwin/aarch64-darwin/mba-m2.nix @@ -0,0 +1,65 @@ +{ + adminUser, + pkgs, + self, + ... +}: +{ + imports = [ + "${self}/nix/profiles/home-manager.nix" + "${self}/nix/profiles/darwin.nix" + "${self}/nix/profiles/nix.nix" + ]; + + system.primaryUser = adminUser.name; + + # https://github.com/nix-darwin/nix-darwin/issues/1339 + ids.gids.nixbld = 30000; + + networking.hostName = "mba-m2"; + + fonts.packages = with pkgs; [ + source-code-pro + ]; + + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users = { + users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; + shell = pkgs.fish; + }; + }; + + environment.shells = [ pkgs.fish ]; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + programs.ssh.knownHosts = { + "github.com".publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; + }; + + home-manager.users.${adminUser.name} = { + home.stateVersion = "23.05"; + home.username = "${adminUser.name}"; + home.homeDirectory = "/Users/${adminUser.name}"; + home.packages = with pkgs; [ + element-desktop + vlc-bin + zoom-us + ]; + imports = [ + "${self}/nix/users/profiles/mac.nix" + "${self}/nix/users/profiles/media.nix" + ]; + inherit (adminUser) userinfo; + }; +} diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix new file mode 100644 index 0000000..9896ebb --- /dev/null +++ b/machines/nixos/x86_64-linux/vm-synology.nix @@ -0,0 +1,53 @@ +{ self, ... }: +{ + age = { + secrets = { + restic_gcs_credentials = { + file = "${self}/secrets/restic_gcs_credentials.age"; + }; + restic_password = { + file = "${self}/secrets/restic_password.age"; + }; + cloudflared-tunnel = { + file = "${self}/secrets/cloudflared_cragmont.age"; + }; + cloudflared-cert = { + file = "${self}/secrets/cloudflared_cert.age"; + }; + }; + }; + + imports = [ + "${self}/nix/profiles/git-server.nix" + "${self}/nix/profiles/hardware/synology.nix" + "${self}/nix/profiles/disk/vm.nix" + "${self}/nix/profiles/server.nix" + # ./backups.nix + # ./ingress.nix + # ./nginx.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "vm-synology"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.mutableUsers = false; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; + services.openssh.settings.PermitRootLogin = "no"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} -- cgit v1.2.3