Initialize nixos config for dosei
This commit is contained in:
parent
88d776149d
commit
869aa0d285
11
.sops.yaml
11
.sops.yaml
@ -2,6 +2,7 @@ keys:
|
||||
- &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
|
||||
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
|
||||
- &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/common.yaml
|
||||
@ -11,6 +12,7 @@ creation_rules:
|
||||
age:
|
||||
- *host_tsuki
|
||||
- *host_kasei
|
||||
- *host_dosei
|
||||
|
||||
- path_regex: secrets/kasei.yaml
|
||||
key_groups:
|
||||
@ -24,4 +26,11 @@ creation_rules:
|
||||
- pgp:
|
||||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_tsuki
|
||||
- *host_tsuki
|
||||
|
||||
- path_regex: secrets/dosei.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_dosei
|
||||
|
@ -22,6 +22,7 @@ Here are some of the interesting files and dirs:
|
||||
|------|--------------|---------|
|
||||
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
|
||||
| `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. Most of the configuration written in `/home` is made specifically for this computer, since `Eisei` is out of service at the moment. |
|
||||
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
|
||||
| `Eisei` | HP Laptop | At the moment, this laptop is not in use. I've found that I'm not able to use NixOS quickly enough in a university environment where I need to rapidly install software and maintain project configurations (Makefile, Maven, django, npm, etc...) for several subjects. In addition to the configurations, some of the software is not available on NixOS. As a result, I would the be forced to package or FHS a lot of stuff in order to do anything productive. I might return to using NixOS on my laptop in the future. |
|
||||
|
||||
## home-manager configuration
|
||||
|
21
flake.nix
21
flake.nix
@ -97,6 +97,10 @@
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
android_sdk.accept_license = true;
|
||||
segger-jlink.acceptLicense = true;
|
||||
permittedInsecurePackages = [
|
||||
"segger-jlink-qt4-794l"
|
||||
];
|
||||
};
|
||||
|
||||
overlays = let
|
||||
@ -218,22 +222,7 @@
|
||||
tsuki = nixSys "tsuki";
|
||||
Eisei = nixSys "eisei";
|
||||
kasei = nixSys "kasei";
|
||||
home-manager-tester = nixpkgs-unstable.lib.nixosSystem {
|
||||
inherit system;
|
||||
pkgs = unstable-pkgs;
|
||||
inherit (unstable-pkgs) lib;
|
||||
modules = [
|
||||
"${home-manager-local}/nixos"
|
||||
./hosts/special/home-manager-tester/configuration.nix
|
||||
{
|
||||
config._module.args = {
|
||||
pkgs = unstable-pkgs;
|
||||
# inherit (self) extendedLib;
|
||||
# secrets = secrets.outputs.settings;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
dosei = nixSys "dosei";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
106
hosts/dosei/configuration.nix
Normal file
106
hosts/dosei/configuration.nix
Normal file
@ -0,0 +1,106 @@
|
||||
{ config, lib, pkgs, inputs, specialArgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./services/avahi.nix
|
||||
./services/docker.nix
|
||||
./services/jenkins.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
services.udev.packages = with pkgs; [
|
||||
segger-jlink
|
||||
];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
machineVars = {
|
||||
headless = false;
|
||||
gaming = false;
|
||||
development = true;
|
||||
creative = true;
|
||||
|
||||
dataDrives = let
|
||||
main = "/data";
|
||||
in {
|
||||
drives = { inherit main; };
|
||||
default = main;
|
||||
};
|
||||
|
||||
screens = {
|
||||
DP-1 = {
|
||||
primary = true;
|
||||
frequency = 60;
|
||||
};
|
||||
DP-2 = {
|
||||
frequency = 60;
|
||||
position = "1920x0";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.targets = {
|
||||
sleep.enable = false;
|
||||
suspend.enable = false;
|
||||
hibernate.enable = false;
|
||||
hybrid-sleep.enable = false;
|
||||
};
|
||||
|
||||
# security.pam.services.login.unixAuth = true;
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
# broken
|
||||
wait-online.enable = false;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "dosei";
|
||||
# networkmanager.enable = true;
|
||||
# TODO: reenable
|
||||
firewall.enable = false;
|
||||
# hostId = "";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = true;
|
||||
};
|
||||
# xserver = {
|
||||
# # displayManager.gdm.enable = true;
|
||||
# # desktopManager.gnome.enable = true;
|
||||
# # videoDrivers = [ "nvidia" ];
|
||||
# };
|
||||
# tailscale.enable = true;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.enable = true;
|
||||
# cpu.amd.updateMicrocode = true;
|
||||
enableRedistributableFirmware = true;
|
||||
keyboard.zsa.enable = true;
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
# nvidia = {
|
||||
# modesetting.enable = true;
|
||||
# nvidiaSettings = true;
|
||||
# };
|
||||
};
|
||||
|
||||
programs.usbtop.enable = true;
|
||||
}
|
40
hosts/dosei/hardware-configuration.nix
Normal file
40
hosts/dosei/hardware-configuration.nix
Normal file
@ -0,0 +1,40 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/e7f7bd86-0634-48f2-ab7c-f19b72ee47ab";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/ABFF-19E8";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/28225b33-ef40-4ff3-8d1b-7163d8cc3faa"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
13
hosts/dosei/services/avahi.nix
Normal file
13
hosts/dosei/services/avahi.nix
Normal file
@ -0,0 +1,13 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish.enable = true;
|
||||
publish.addresses = true;
|
||||
publish.domain = true;
|
||||
publish.hinfo = true;
|
||||
publish.userServices = true;
|
||||
publish.workstation = true;
|
||||
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||
};
|
||||
}
|
4
hosts/dosei/services/docker.nix
Normal file
4
hosts/dosei/services/docker.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
23
hosts/dosei/services/jenkins.nix
Normal file
23
hosts/dosei/services/jenkins.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
services.jenkins = {
|
||||
enable = true;
|
||||
withCLI = true;
|
||||
# extraJavaOptions = [
|
||||
# "-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
|
||||
# ];
|
||||
packages = with pkgs; [
|
||||
stdenv
|
||||
jdk17
|
||||
nix
|
||||
docker
|
||||
git
|
||||
bashInteractive # 'sh' step requires this
|
||||
coreutils
|
||||
which
|
||||
procps
|
||||
];
|
||||
};
|
||||
|
||||
users.groups.docker.members = [ "jenkins" ];
|
||||
}
|
@ -23,42 +23,51 @@ sops:
|
||||
- recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmVUbVJLNTcrWElnRFV5
|
||||
djNBRlg1SUE1UDJHaXRXSkxoZXpZbGpySVhzCnNDVG5iM0VmMmF6NFArNDUweXBq
|
||||
dFZ1L0RRSVlSa1hlMGNMaXpzdFNTVWsKLS0tIHpFR2dmaTFIaVNaOFZMeVRUejVs
|
||||
bHJvenMwME1Gd1Z1Qm9kYVNkYkVsVVkKPCph78R5qMrKaofPpW6O5mjEcIPVvlwG
|
||||
nIv679EhVUgUR3Zln/egICOj20SzzZzmDdBc7VbaZDiz3dyRbe5D8g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTis4dldlaGJmVjN3dUU0
|
||||
UHZHaXRHWU9wRWo5OVlVRitnV1NrKzBxb1RzCjhhMWxzbGczdDNmSTUvZis5SWp5
|
||||
b2lTNC9MTFRDSnl2UGVoTjRoRFFSaEUKLS0tIFZkNEk2aGIwZm1XR1BJYUNkZE8z
|
||||
U0RoMVNmUGwrV0J0UlJTK2ppdzNDMlUKaUuklGVibBHi4OAowm5vwZHTVapcCgfN
|
||||
y7r2/9aDZ5BGsLu2syTnEaRvbvTwABUUbwLlVR0a27xdvn81m0G5sA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL0tDUDhibEplaERzQThG
|
||||
ZElwM0V2MTJROEtucWdFdTR5bHE1cktGYkZzCnVDd0lZdmZNWUtYeHV4dG9GVEsy
|
||||
dzBnd0szakNjZWpSVWtQY0tZTWZncEEKLS0tIE1aWkE4S3VBblFSVjMranNSYWoz
|
||||
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
||||
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMFFZbk14YnJvcWNLNGV3
|
||||
NUhhMXpRWEhoRXZqaDNEMnF0YjYrMWxQTlV3CjBNUEpUeHpiWEVwMHFSMHlNVXNC
|
||||
V1JxTDhhSWtIcjc2c2NwTWxLS1gxVk0KLS0tIDZFb2hzdEdNbkNkYmxieVVUdmV4
|
||||
WDdGRUtDWmxIRkNDM0FjMWdFdXFDSDAKPbMyMqNDmpA92Gzpafd3Z+H85Gn/OSz+
|
||||
GZ1IpfWSdF9RWRmuHxGIqiNXK53Us+YR7GVhqduwY0ueAh3wMCYyGw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eml4UFJ1dVdmUjROZGxv
|
||||
akRzWmV2ZWlNak9IV2hVUnI1YW5Nazk5RzJVCm5ab0YwQTdUWlU5OW9nTlI4N2pK
|
||||
RXBrQWhYN29OSEVCL21MZ25ZRXN4VjAKLS0tIE5WM2xkaVY0bEVwVUNsUXdnU0ta
|
||||
UllPc1JCTXoxUERMM05abjhnR0g0d2sK/wyBVH6Dxris4TF05POtYQbWj4DWOeID
|
||||
RAdf30dDVtmg4qPwsHiIQ8f10gA1DrgIrcae0JS5VZcRLRw5/4+g9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-25T18:25:28Z"
|
||||
mac: ENC[AES256_GCM,data:GGjXTEHVHAWrr0QHc3O4bMpGi1wFge6AbK7XEwRiOqh4W1Zow2CEcfGZxW5TLLayfB9lXemeKtrZWsqBOCXtHkd670KbxxKInE3FvJbjME8ZODAMpknYX4BXBGt6ksC03Tm4ri1JIy1OxDVXG4qb8skNtna4YkIiUf+ErTihakA=,iv:YGKnVl9QCLLTqdQfpiTbv31vEGEoolzMWtyEFvJekYI=,tag:8j+dnOqHfupKTAl1GQ09Mg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-08T00:49:52Z"
|
||||
enc: |
|
||||
- created_at: "2024-06-26T07:42:59Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA0av/duuklWYAQ/+Oh1FcH1sA8Rf0R/38u5mFgAW2uRdC2KeUNh2qtBtwmTf
|
||||
W3r9vmD+9UUlppxk2/o82yIecXsv8Bz4/e/04Xo8b0sfBB+l+odVY72mTBUGYQjQ
|
||||
+7B9PT5ZGBuWXOTTWmaYX11CFPw7KaPjS7k2Z3VoZXaOMa5vQUUzjCdw9N/y8nnV
|
||||
Gl3ThHd0CEJ95iemV/CPS72h2Yf4jbk4WVdqDBtYxkv0VWMMOfjeaOPqQJKVDWDv
|
||||
Bg9TQEoucfi4kYG5pR1NY5S0W73XU4ND+V9laeKdW47TUAtw56ajWAglTUZZ6+I8
|
||||
xtm25neL90VIKQrKJTzp9IynjdDpuD9ZVNCQLg4UqbxTAcvLNgXGG5iDpr72asUO
|
||||
kOg1dCT00o++7SsGp9cA3+0Z1H5QKnJ3ekt2XyyD5pEDCdLwbotaDZEdST3usWR7
|
||||
k80Q5GfkBdE5RwvqfPEIDhwwtLnvI/lgyq1l4S/g3dNzV8vQauBQKcDWy+ZT8Kdk
|
||||
u5DdfL4hxA04/a7VORFzwQMdm97VRIfOXA2pscDX+83drwtvdmTbvReigLHkS2pz
|
||||
Xq1IDJSlJjJX0Yb2vbIXwLrfXrIbarnft0tb3TTZAK0B7yvLKbvLT0EZWAndssUw
|
||||
Utymmi2S6NvomebjAanqlWOTvgFaSBiG/tlILFPSBeAl1/mD9ijVgMq+QfdtoyHS
|
||||
XAHkesaQ2U2HmuObPQioIYYvfMCSuFEClqgumWSSa4nLNmSulW3DYlvnKZJ17iAI
|
||||
1p9X1xYS00t3dmbne7Q2DAkPBqB0JbgMBpJ9RNfyJdBAdNrRh3+x1k2mTA0I
|
||||
=wF/N
|
||||
hQIMA0av/duuklWYAQ//UQlQMjOkq53Ic8HTVTF+1594HNJKq75t6ewgSNVJy0yd
|
||||
spwqbnmZooQRvhK0ewnFQMldmsD/7NwnLJmV/ARUaJJRXGTltWnh5oxvPKB7b4Qw
|
||||
9oxk8gOPyiBHq/oBMsrS1F5uYRd+/HliHcKR37PdXchEpy1CzuASjJ8fv+pUCy/1
|
||||
jiuHiZEK5yLhjAMb7UsXVZXit1jP+VMBZJk3qzTXTRqewF+Rea2P6BXo5RQAyF9M
|
||||
xv6q+SItFPHglmyzkHvO1gg7lisohTY9fv51M9tcmPtUWnAeGywik8xT2RA5l5w2
|
||||
WPf7g0QIqWC6FmybsWdcBAWJCGKvsfCveEtY5J+29BYfCkPlhuKmou8CZwzIB66p
|
||||
AsQMmu8JwbGSEYe78r/zy379ybQ/H7j/8uGDsJmAJqKvJfG1o6QsAlpj+fSoSU/5
|
||||
k9E5OyEdRyws4W1CoaAvyTML8gSXBXpA9oIZx5WYYh6mJ+ETNfDlaIAGXY2Sbdr+
|
||||
IGkLhvGETQGbCW4EZB0hDEE3QmzNolYR6YybL74HtGQT2XOWg0+UkTZZ1ZRw+jHk
|
||||
bY6XQbloTQpSI6tFCGq5hQeVQDH17lTb/sEh0qAZkdAguvUgPlO6PHV5cS3SXAS7
|
||||
Ga7vllL8VOq/dbJ5ll7xbnxwBxkDrVqu2fCnS9L3P/biteafB/d0gRhjhFEhaUHS
|
||||
XAGVZdphiKbcydow/ucviT2TlZVmi7yWLcfk+uEPxf0mb5FMFRSasSmAvp4b7Wcz
|
||||
lNBuJPjOnYrkootAaLSUAdMukfAin1HGWxmINsybPzuPFlTxR3RSgjBQn/2w
|
||||
=kNmC
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
Loading…
Reference in New Issue
Block a user