oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
0
Fork 0
Code Issues Pull Requests Activity

Initialize nixos config for `dosei`

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-26 20:37:40 +02:00
parent 88d776149d
commit 869aa0d285
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
9 changed files with 237 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.sops.yaml
View File

@ -2,6 +2,7 @@ keys:
- &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
- &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
creation_rules:
- path_regex: secrets/common.yaml
@ -11,6 +12,7 @@ creation_rules:
age:
- *host_tsuki
- *host_kasei
- *host_dosei
- path_regex: secrets/kasei.yaml
key_groups:
@ -24,4 +26,11 @@ creation_rules:
- pgp:
- *gpg_h7x4
age:
- *host_tsuki
- *host_tsuki
- path_regex: secrets/dosei.yaml
key_groups:
- pgp:
- *gpg_h7x4
age:
- *host_dosei

1
README.md
View File

@ -22,6 +22,7 @@ Here are some of the interesting files and dirs:
|------|--------------|---------|
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
| `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. Most of the configuration written in `/home` is made specifically for this computer, since `Eisei` is out of service at the moment. |
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
| `Eisei` | HP Laptop | At the moment, this laptop is not in use. I've found that I'm not able to use NixOS quickly enough in a university environment where I need to rapidly install software and maintain project configurations (Makefile, Maven, django, npm, etc...) for several subjects. In addition to the configurations, some of the software is not available on NixOS. As a result, I would the be forced to package or FHS a lot of stuff in order to do anything productive. I might return to using NixOS on my laptop in the future. |
## home-manager configuration

21
flake.nix
View File

@ -97,6 +97,10 @@
config = {
allowUnfree = true;
android_sdk.accept_license = true;
segger-jlink.acceptLicense = true;
permittedInsecurePackages = [
"segger-jlink-qt4-794l"
];
};
overlays = let
@ -218,22 +222,7 @@
tsuki = nixSys "tsuki";
Eisei = nixSys "eisei";
kasei = nixSys "kasei";
home-manager-tester = nixpkgs-unstable.lib.nixosSystem {
inherit system;
pkgs = unstable-pkgs;
inherit (unstable-pkgs) lib;
modules = [
"${home-manager-local}/nixos"
./hosts/special/home-manager-tester/configuration.nix
{
config._module.args = {
pkgs = unstable-pkgs;
# inherit (self) extendedLib;
# secrets = secrets.outputs.settings;
};
}
];
};
dosei = nixSys "dosei";
};
};
}

106
hosts/dosei/configuration.nix Normal file
View File

@ -0,0 +1,106 @@
{ config, lib, pkgs, inputs, specialArgs, ... }:
{
imports = [
./hardware-configuration.nix
./services/avahi.nix
./services/docker.nix
./services/jenkins.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
i18n.defaultLocale = "en_US.UTF-8";
services.udev.packages = with pkgs; [
segger-jlink
];
system.stateVersion = "24.05";
machineVars = {
headless = false;
gaming = false;
development = true;
creative = true;
dataDrives = let
main = "/data";
in {
drives = { inherit main; };
default = main;
};
screens = {
DP-1 = {
primary = true;
frequency = 60;
};
DP-2 = {
frequency = 60;
position = "1920x0";
};
};
};
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# security.pam.services.login.unixAuth = true;
systemd.network = {
enable = true;
# broken
wait-online.enable = false;
};
networking = {
hostName = "dosei";
# networkmanager.enable = true;
# TODO: reenable
firewall.enable = false;
# hostId = "";
};
services = {
openssh = {
enable = true;
settings.X11Forwarding = true;
};
# xserver = {
# # displayManager.gdm.enable = true;
# # desktopManager.gnome.enable = true;
# # videoDrivers = [ "nvidia" ];
# };
# tailscale.enable = true;
};
hardware = {
bluetooth.enable = true;
# cpu.amd.updateMicrocode = true;
enableRedistributableFirmware = true;
keyboard.zsa.enable = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# nvidia = {
# modesetting.enable = true;
# nvidiaSettings = true;
# };
};
programs.usbtop.enable = true;
}

40
hosts/dosei/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e7f7bd86-0634-48f2-ab7c-f19b72ee47ab";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ABFF-19E8";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/28225b33-ef40-4ff3-8d1b-7163d8cc3faa"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/dosei/services/avahi.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
services.avahi = {
enable = true;
publish.enable = true;
publish.addresses = true;
publish.domain = true;
publish.hinfo = true;
publish.userServices = true;
publish.workstation = true;
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
}

4
hosts/dosei/services/docker.nix Normal file
View File

@ -0,0 +1,4 @@
{ config, pkgs, lib, ... }:
{
virtualisation.docker.enable = true;
}

23
hosts/dosei/services/jenkins.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
{
services.jenkins = {
enable = true;
withCLI = true;
# extraJavaOptions = [
# "-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
# ];
packages = with pkgs; [
stdenv
jdk17
nix
docker
git
bashInteractive # 'sh' step requires this
coreutils
which
procps
];
};
users.groups.docker.members = [ "jenkins" ];
}

61
secrets/common.yaml
View File

@ -23,42 +23,51 @@ sops:
- recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmVUbVJLNTcrWElnRFV5
djNBRlg1SUE1UDJHaXRXSkxoZXpZbGpySVhzCnNDVG5iM0VmMmF6NFArNDUweXBq
dFZ1L0RRSVlSa1hlMGNMaXpzdFNTVWsKLS0tIHpFR2dmaTFIaVNaOFZMeVRUejVs
bHJvenMwME1Gd1Z1Qm9kYVNkYkVsVVkKPCph78R5qMrKaofPpW6O5mjEcIPVvlwG
nIv679EhVUgUR3Zln/egICOj20SzzZzmDdBc7VbaZDiz3dyRbe5D8g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTis4dldlaGJmVjN3dUU0
UHZHaXRHWU9wRWo5OVlVRitnV1NrKzBxb1RzCjhhMWxzbGczdDNmSTUvZis5SWp5
b2lTNC9MTFRDSnl2UGVoTjRoRFFSaEUKLS0tIFZkNEk2aGIwZm1XR1BJYUNkZE8z
U0RoMVNmUGwrV0J0UlJTK2ppdzNDMlUKaUuklGVibBHi4OAowm5vwZHTVapcCgfN
y7r2/9aDZ5BGsLu2syTnEaRvbvTwABUUbwLlVR0a27xdvn81m0G5sA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL0tDUDhibEplaERzQThG
ZElwM0V2MTJROEtucWdFdTR5bHE1cktGYkZzCnVDd0lZdmZNWUtYeHV4dG9GVEsy
dzBnd0szakNjZWpSVWtQY0tZTWZncEEKLS0tIE1aWkE4S3VBblFSVjMranNSYWoz
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMFFZbk14YnJvcWNLNGV3
NUhhMXpRWEhoRXZqaDNEMnF0YjYrMWxQTlV3CjBNUEpUeHpiWEVwMHFSMHlNVXNC
V1JxTDhhSWtIcjc2c2NwTWxLS1gxVk0KLS0tIDZFb2hzdEdNbkNkYmxieVVUdmV4
WDdGRUtDWmxIRkNDM0FjMWdFdXFDSDAKPbMyMqNDmpA92Gzpafd3Z+H85Gn/OSz+
GZ1IpfWSdF9RWRmuHxGIqiNXK53Us+YR7GVhqduwY0ueAh3wMCYyGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eml4UFJ1dVdmUjROZGxv
akRzWmV2ZWlNak9IV2hVUnI1YW5Nazk5RzJVCm5ab0YwQTdUWlU5OW9nTlI4N2pK
RXBrQWhYN29OSEVCL21MZ25ZRXN4VjAKLS0tIE5WM2xkaVY0bEVwVUNsUXdnU0ta
UllPc1JCTXoxUERMM05abjhnR0g0d2sK/wyBVH6Dxris4TF05POtYQbWj4DWOeID
RAdf30dDVtmg4qPwsHiIQ8f10gA1DrgIrcae0JS5VZcRLRw5/4+g9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T18:25:28Z"
mac: ENC[AES256_GCM,data:GGjXTEHVHAWrr0QHc3O4bMpGi1wFge6AbK7XEwRiOqh4W1Zow2CEcfGZxW5TLLayfB9lXemeKtrZWsqBOCXtHkd670KbxxKInE3FvJbjME8ZODAMpknYX4BXBGt6ksC03Tm4ri1JIy1OxDVXG4qb8skNtna4YkIiUf+ErTihakA=,iv:YGKnVl9QCLLTqdQfpiTbv31vEGEoolzMWtyEFvJekYI=,tag:8j+dnOqHfupKTAl1GQ09Mg==,type:str]
pgp:
- created_at: "2023-05-08T00:49:52Z"
enc: |
- created_at: "2024-06-26T07:42:59Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ/+Oh1FcH1sA8Rf0R/38u5mFgAW2uRdC2KeUNh2qtBtwmTf
W3r9vmD+9UUlppxk2/o82yIecXsv8Bz4/e/04Xo8b0sfBB+l+odVY72mTBUGYQjQ
+7B9PT5ZGBuWXOTTWmaYX11CFPw7KaPjS7k2Z3VoZXaOMa5vQUUzjCdw9N/y8nnV
Gl3ThHd0CEJ95iemV/CPS72h2Yf4jbk4WVdqDBtYxkv0VWMMOfjeaOPqQJKVDWDv
Bg9TQEoucfi4kYG5pR1NY5S0W73XU4ND+V9laeKdW47TUAtw56ajWAglTUZZ6+I8
xtm25neL90VIKQrKJTzp9IynjdDpuD9ZVNCQLg4UqbxTAcvLNgXGG5iDpr72asUO
kOg1dCT00o++7SsGp9cA3+0Z1H5QKnJ3ekt2XyyD5pEDCdLwbotaDZEdST3usWR7
k80Q5GfkBdE5RwvqfPEIDhwwtLnvI/lgyq1l4S/g3dNzV8vQauBQKcDWy+ZT8Kdk
u5DdfL4hxA04/a7VORFzwQMdm97VRIfOXA2pscDX+83drwtvdmTbvReigLHkS2pz
Xq1IDJSlJjJX0Yb2vbIXwLrfXrIbarnft0tb3TTZAK0B7yvLKbvLT0EZWAndssUw
Utymmi2S6NvomebjAanqlWOTvgFaSBiG/tlILFPSBeAl1/mD9ijVgMq+QfdtoyHS
XAHkesaQ2U2HmuObPQioIYYvfMCSuFEClqgumWSSa4nLNmSulW3DYlvnKZJ17iAI
1p9X1xYS00t3dmbne7Q2DAkPBqB0JbgMBpJ9RNfyJdBAdNrRh3+x1k2mTA0I
=wF/N
hQIMA0av/duuklWYAQ//UQlQMjOkq53Ic8HTVTF+1594HNJKq75t6ewgSNVJy0yd
spwqbnmZooQRvhK0ewnFQMldmsD/7NwnLJmV/ARUaJJRXGTltWnh5oxvPKB7b4Qw
9oxk8gOPyiBHq/oBMsrS1F5uYRd+/HliHcKR37PdXchEpy1CzuASjJ8fv+pUCy/1
jiuHiZEK5yLhjAMb7UsXVZXit1jP+VMBZJk3qzTXTRqewF+Rea2P6BXo5RQAyF9M
xv6q+SItFPHglmyzkHvO1gg7lisohTY9fv51M9tcmPtUWnAeGywik8xT2RA5l5w2
WPf7g0QIqWC6FmybsWdcBAWJCGKvsfCveEtY5J+29BYfCkPlhuKmou8CZwzIB66p
AsQMmu8JwbGSEYe78r/zy379ybQ/H7j/8uGDsJmAJqKvJfG1o6QsAlpj+fSoSU/5
k9E5OyEdRyws4W1CoaAvyTML8gSXBXpA9oIZx5WYYh6mJ+ETNfDlaIAGXY2Sbdr+
IGkLhvGETQGbCW4EZB0hDEE3QmzNolYR6YybL74HtGQT2XOWg0+UkTZZ1ZRw+jHk
bY6XQbloTQpSI6tFCGq5hQeVQDH17lTb/sEh0qAZkdAguvUgPlO6PHV5cS3SXAS7
Ga7vllL8VOq/dbJ5ll7xbnxwBxkDrVqu2fCnS9L3P/biteafB/d0gRhjhFEhaUHS
XAGVZdphiKbcydow/ucviT2TlZVmi7yWLcfk+uEPxf0mb5FMFRSasSmAvp4b7Wcz
lNBuJPjOnYrkootAaLSUAdMukfAin1HGWxmINsybPzuPFlTxR3RSgjBQn/2w
=kNmC
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted