hosts/europa: init
This commit is contained in:
parent
881aaedd4a
commit
221e425235
|
@ -3,6 +3,7 @@ keys:
|
|||
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
|
||||
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
|
||||
- &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
|
||||
- &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
|
||||
- &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
|
||||
|
||||
creation_rules:
|
||||
|
@ -14,6 +15,7 @@ creation_rules:
|
|||
- *host_tsuki
|
||||
- *host_kasei
|
||||
- *host_dosei
|
||||
- *host_europa
|
||||
- *home
|
||||
|
||||
- path_regex: secrets/home.yaml
|
||||
|
@ -43,3 +45,10 @@ creation_rules:
|
|||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_dosei
|
||||
|
||||
- path_regex: secrets/europa.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_europa
|
||||
|
|
|
@ -23,6 +23,7 @@ Here are some of the interesting files and dirs:
|
|||
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
|
||||
| `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
|
||||
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
|
||||
| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
|
||||
|
||||
## home-manager configuration
|
||||
|
||||
|
|
|
@ -213,6 +213,7 @@
|
|||
in {
|
||||
dosei = nixSys "dosei" { };
|
||||
kasei = nixSys "kasei" { };
|
||||
europa = nixSys "europa" { };
|
||||
tsuki = nixSys "tsuki" {
|
||||
modules = [
|
||||
matrix-synapse-next.nixosModules.default
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./services/avahi.nix
|
||||
./services/docker.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
services.udev.packages = with pkgs; [
|
||||
segger-jlink
|
||||
];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
machineVars = {
|
||||
headless = true;
|
||||
gaming = false;
|
||||
development = true;
|
||||
creative = false;
|
||||
|
||||
dataDrives = let
|
||||
main = "/data";
|
||||
in {
|
||||
drives = { inherit main; };
|
||||
default = main;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.targets = {
|
||||
sleep.enable = false;
|
||||
suspend.enable = false;
|
||||
hibernate.enable = false;
|
||||
hybrid-sleep.enable = false;
|
||||
};
|
||||
|
||||
# security.pam.services.login.unixAuth = true;
|
||||
|
||||
# systemd.network = {
|
||||
# enable = true;
|
||||
# # broken
|
||||
# wait-online.enable = true;
|
||||
# };
|
||||
|
||||
networking = {
|
||||
hostName = "europa";
|
||||
networkmanager.enable = true;
|
||||
# TODO: reenable
|
||||
firewall.enable = false;
|
||||
# hostId = "007f0201";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = true;
|
||||
settings.PasswordAuthentication = lib.mkForce true;
|
||||
};
|
||||
# xserver = {
|
||||
# # displayManager.gdm.enable = true;
|
||||
# # desktopManager.gnome.enable = true;
|
||||
# # videoDrivers = [ "nvidia" ];
|
||||
# };
|
||||
# tailscale.enable = true;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.enable = true;
|
||||
# cpu.amd.updateMicrocode = true;
|
||||
enableRedistributableFirmware = true;
|
||||
keyboard.zsa.enable = true;
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
# nvidia = {
|
||||
# modesetting.enable = true;
|
||||
# nvidiaSettings = true;
|
||||
# };
|
||||
};
|
||||
|
||||
programs.usbtop.enable = true;
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/2de4150d-e418-4f22-a516-3f35352eb66a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/12CE-A600";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/8c8bc640-83f4-4eee-909b-457989cebfe4"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{ ... }:
|
||||
{
|
||||
home.stateVersion = "24.05";
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish.enable = true;
|
||||
publish.addresses = true;
|
||||
publish.domain = true;
|
||||
publish.hinfo = true;
|
||||
publish.userServices = true;
|
||||
publish.workstation = true;
|
||||
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
|
@ -23,60 +23,69 @@ sops:
|
|||
- recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweE1kMlFnZVZxZ0dhblVn
|
||||
SjBrU3lUSlFtL2lCWm1VRUtocTdCWVg2aUJFCmc5dEJNdlpGSnFJSjhCNEZmQVc2
|
||||
VVplaldBUlV6TSt1V0lJdTNGWEJpL0kKLS0tIGVhVng4c28wVTdpVXdrdll6N3dj
|
||||
S0N3UldMUWl3VTBBajZkbTFQSzJVNzQKkjgkwjVL3tTJGL4raaRRAflyen6lrCjf
|
||||
qIDU6yVaRPoeg4PMQyjT8B7Lvw/MAAir+v4dO+Wq+026YwEqasWmRg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjRzYzVQelFCejYvbUdu
|
||||
RDJSemN0VjJMNXh3ayttNTFiN3JSOGpEbzA0CkVtNmw5cTZTNnM2NlBnS2VuWTRN
|
||||
S3VIKzA1VGE4aUxEWWdYNnBIbGMzMDAKLS0tIE9CaVdJQ1RGZVh4VktXWTZNRnBO
|
||||
Qjc3cVNiVEkzK3g0dFptZWx4VUsvTFEK5f9MFIMBCKZzTz8N9ojOKI9VJ9R+m3Ln
|
||||
wVIRMHSWSRoMrIFVhOq24qFPvKJ2y8c9j42N/AYETYZ1MaQkTVeAvQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RStsMFU2VkJzelpSMnZr
|
||||
VEd0ZTYvMG9rbGtTellidnhBU3ZqSXJyOGl3ClJEOXdlVXBIZStIZkF1aHVqM1Jr
|
||||
RVI1WXhCWVo4ODZRR3dXdDBSWE4xckUKLS0tIGtjNXJmYSszTVRQcDlmWnlwZ0pL
|
||||
MXlQczBBZVpYdzhoRmowZHdiUWN0WWsKTf3WPqKO68UkgJiaN2WpiKqzRhlrfZB2
|
||||
XX1g3GzOXBubWsbJXM7ibxSWhZj2XRIZF3i4kkLpaIF/wB+df0iagQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZSsvZjU0Q2U0R2ZqZ0NO
|
||||
NW1YVUFieDYvZ3k0dW9vd0NhT3NiQXdFNWxRClRXMWpTdHZ6d2c3alpVcXU0SXpZ
|
||||
ZE9NZnY0dFRJcEkxa2NuZ0tUNHVqNTQKLS0tIC81SVdsQ25ZQ0hxQkZlM0VkVGJX
|
||||
S0kyZzYxNDdHVy92NFVVVnpYT29MVXMKfGgQZvp8nZBjs7ToWsODwia0tT40h99X
|
||||
ZOQitYNJKPQ6CAtruWUrRi00OuvChEg+oJJ+U0gfwcWJKBkUKuT2Qw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RVIzVFlVVDdqU2tFZ3lD
|
||||
T2NtdjBabmU1cVc3QlRkWnU5ZldodmlHZkJRCjZIcFllSGVoSEVtUkFFVXI1eXd6
|
||||
cjhRbVhLM25HQjlobnNOK0ZiNGE3R1EKLS0tIGdES2I4Y3ZCWWtOVkNyZDZ3V0d3
|
||||
V3NFU3ZuUjFxeHNyUGZXdW9aUElKM1UKutap6vQBYUAuDrnFKBa1J6PcjeTV03a1
|
||||
G6+jlJsBhMlUkiavWiqZ4JuGtSF3tCPZwf+NzuOZfGfjD3YOVHqY/w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERjM5bEpySWMzUFdidkk4
|
||||
cDJUVGUralN4RjZoN0E1QTh2eGVHazZiQmxjClB1QnB2ZmVvbVo3SnZLNnlPejV1
|
||||
eGZjUDhDVVRNUVlXdVJDWSsxQlR4S00KLS0tIGtDU1R4UnRwcEJJcmtYei9nWHFH
|
||||
M0VPbTdsTU4xRll1ZG1LcndTZmx3NHcKwA6fUauOTUHadUaion9dfjQPvUxwUIdt
|
||||
ZaHSpuj8usrKd901BvDRxVGv23FAxBb9Ylr2Az+MhHYaVGU/kbQ9mA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZGk1TVVFZ3NxV0NqUEtD
|
||||
bUNaWFpic0JBQTY3YXRRNmM2SmVzRVdlS1YwCmx1R2tCSndFU2VnU2VFNC9TNEVt
|
||||
R3diVE5LK2Q0Y2FrZUpUUDQyQldNYUkKLS0tIEE2SWU1NmlkcE8xMHJhaHNhRHhT
|
||||
enl1ZlNhNjZIU2o5ejh6TjJUWVJQLzAKhhm88Am5Dfng4SRmEGEbsYne/9SrtNxW
|
||||
5ntmc8AEMN3v1g8hEIOvllms5gqiZP1LUrTAvYddI0+ykwPuTY06Jw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJelFCVGo4L0QrUnNqdWRm
|
||||
cTR4TnJNdGx5SE82cEYzMk9ybmVzeUQ1MHlJCmFEbXZCVFBQUmVFMXFlVnQ1OFdI
|
||||
R0RDNU5XYVNUbmRZSUJUU1VQQk1SdlEKLS0tIG02Q0dIdlJiRWt2cFJTN1VSbTVW
|
||||
MGo3NEZyVlVWUDlVdGZyT2dVV3lxeUEKZGLbJ/PAmHdzfUfDvAQD/Nq179ooElth
|
||||
mfF8FLeFoydSYAxXCDAw/JgjUPXckyjPXEjo3dnSBVec1Q6qHhPBpQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBka0tVODhFWHo4Q3RSZG5h
|
||||
K0dwMEg1SVVtTUljamxCNEMxdGg5a1IvRVhnCmpnNEdEc3BPcVRVS1VzOUFNZFBU
|
||||
bEtqNlgzWGM0Um5RMHNKUWdRZS95TFkKLS0tIFNKZ2dDS1Nnb2JKeW92djhUOWRG
|
||||
cm15UjQ4S0xoclpLV0pYcmJzM1g2eDAKAjJUhGgicEG3dj8BdMjPvr9MC/c+oIGx
|
||||
kPxtKQ5REb5UolEuBBsWapKhKeXLFtTsV/qGOokO34HT1PqZI37Ikw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-08T12:29:09Z"
|
||||
mac: ENC[AES256_GCM,data:z7J2kMlnqp6RJJj//O8j8W6O7HJkTGAbW0LW4Z6F4m0Fj18bylMQJ7kbNmf7mK5PHnItdHFnWJ/kY1vaXN7gD1SJccZ+jJcWI+nR3i5nr5GpQKoVlB1zYvBir5+CY6C7jJHpJim8WhfXG/hagSZrJ8Hz3hQon8j377g4XSTaHm0=,iv:2kg8iBuv3FWbWs3E5l5XTXzZ8i3tGCAK/PhJI4zWnNI=,tag:a/gNiM7zDqdf/arYNGeAIQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-07-08T12:38:34Z"
|
||||
- created_at: "2024-07-17T14:18:35Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYARAAvyl5qLP6x5yEGccj6rvoDwvY4G28bFKu5J+xS9UnKp5O
|
||||
/ANlKgglGGJ3Sym2Mya4g9Lr49GmZDXSSWcWyktTbn8m1zL4bNdwVyRLLzCthYuG
|
||||
piZeFgzzlAve2rUT38QvTjeLqPgmAtoUGgkLzjl7kWJ3a28Fdx4BaGqKdFgd3u/J
|
||||
ZjTudSRj6xOUv/9qyh/bs6eT4vJYZxMf31n3Y+v5njnWPWTxYb2EgtBdH/KM/uuB
|
||||
gcFQRtBWHKhaNNDQpHZ8nKivFhyyzmkW98FkGX53+RjdkxtS1PznbpkQDR/HDfBJ
|
||||
R+a09EAc0ac/0A++KGLR2UQ5szpGsiYrTrcGFrd8diCBOUMeszRxPgTWQK0PdRli
|
||||
UP12HHHwESmzeZCji/gjsa31c+4fCdyEoHm924/Z+OhVoC2R+oGU+sVDBpLrPSKa
|
||||
Y9EPRmjF63oUm9QIELomke61ylswET372RQyBOOHw2dsPq8AK02wmMKkyHnMN/wG
|
||||
Dhjv+rti97h42xe5X6q/UC2yis5YWB17Zhf51zo1XujB40TFAwQfhfh3F1s1+dKj
|
||||
aVoyvEp5Fk7ryY4YN/D7Eq1qJfwE73ycwoLcZvkeNzIf3839vQJ5ferWkATeQ3qm
|
||||
f8mb/uhQzxMYJsUcBz9UzMVzX5t7WNo3zAWddnHg1/WypbPi2ettn4C9lXYLV27S
|
||||
XAHSfXSeC2ylzWVQeWESFd2U+/8kkYNsv0g5f97ktF7e4PV+F/4Xz2Mc30iAJ4AE
|
||||
3jbC0rVpmBmQeo4OkiyuPT5LEwdEzNQXXBTqdUTuF+LEK6ORUyAY72jRWRkX
|
||||
=n0Ia
|
||||
hQIMA0av/duuklWYAQ//bUJNyi/KLucLpVhBV8ehdWQcJ2U4M6JEQRaJH9QOmkXw
|
||||
TG/KH0AumC5jl8u6yCoK98nslsETRSWufpSGfgsotqs9gxMXb8KT28bKR2ZwJ+oJ
|
||||
KCiFn7YMma04bWjdezrNgOlIy8slGkNzeeJkqbPqcz77hRZUgzMxigXH6FphKmqN
|
||||
kZgBQTXavnDYvMUplUvm13fuHu93jONxwSD9lqkaDTPL5l0OLJoDxvVlslDVu4Wm
|
||||
9bK0a170veBEfpKCcz6RnGvXIbKhASm8WBnWLkD+TrISkAywTMX7/YdRboPRZMGk
|
||||
EGdibq+8Vh117ohgIVrWYGuW/1HrdJj6EO7Wc2F59xmELN+Zc64dIvIVLXLNj5ir
|
||||
jJ5UjQhJ99IYC3b9iLXumMIYCFVwoozyJCAzEx70JhCj0tUSuG+q7JEu3xfJSUsi
|
||||
rAukG6isHJ2ENULbX7fKdWLGzi7bHbv7ObPqc7iKSlQxsKuVY0uKZ90LsPfA2mln
|
||||
9eYzeSeec/0XpDG/0ipmdjsZUu0ZGSwehBHX7BGJG0CS6cj9hgiTliUWZ1kCm7js
|
||||
wFDWDbkVT7ypNcnkqZ1HfHPxlXNvoMTDRQT9AJTLATCaf8QHZ/D5GQ8nqcGig5wb
|
||||
I3roxkITIV4R8Y6eGFU+VJEImEcGTelSNuXV5/POddBkegBrzUmt9aqtgDHSa1jS
|
||||
XgFJQeZzZq8mDnzhupP06stS+oDeZdC82IhmPnGg/PVrq8cgFqobDWBsNY+yK4tV
|
||||
3ozDdn28623shx0i0+uangfl7L5BYK9oi1NJD5qsCgzFXCvs/HKcbiJXFKkqDcE=
|
||||
=smFv
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
|
Loading…
Reference in New Issue