Initialize nixos config for `dosei`

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-26 20:37:40 +02:00
parent 88d776149d
commit 869aa0d285
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
9 changed files with 237 additions and 43 deletions

View File

@ -2,6 +2,7 @@ keys:
- &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC - &gpg_h7x4 F7D37890228A907440E1FD4846B9228E814A2AAC
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst - &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
- &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
creation_rules: creation_rules:
- path_regex: secrets/common.yaml - path_regex: secrets/common.yaml
@ -11,6 +12,7 @@ creation_rules:
age: age:
- *host_tsuki - *host_tsuki
- *host_kasei - *host_kasei
- *host_dosei
- path_regex: secrets/kasei.yaml - path_regex: secrets/kasei.yaml
key_groups: key_groups:
@ -25,3 +27,10 @@ creation_rules:
- *gpg_h7x4 - *gpg_h7x4
age: age:
- *host_tsuki - *host_tsuki
- path_regex: secrets/dosei.yaml
key_groups:
- pgp:
- *gpg_h7x4
age:
- *host_dosei

View File

@ -22,6 +22,7 @@ Here are some of the interesting files and dirs:
|------|--------------|---------| |------|--------------|---------|
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** | | `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
| `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. Most of the configuration written in `/home` is made specifically for this computer, since `Eisei` is out of service at the moment. | | `Kasei` | AMD Zen 2 CPU / Nvidia GPU - desktop computer | Semi-daily driver. This is my main computer at home. Most of the configuration written in `/home` is made specifically for this computer, since `Eisei` is out of service at the moment. |
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
| `Eisei` | HP Laptop | At the moment, this laptop is not in use. I've found that I'm not able to use NixOS quickly enough in a university environment where I need to rapidly install software and maintain project configurations (Makefile, Maven, django, npm, etc...) for several subjects. In addition to the configurations, some of the software is not available on NixOS. As a result, I would the be forced to package or FHS a lot of stuff in order to do anything productive. I might return to using NixOS on my laptop in the future. | | `Eisei` | HP Laptop | At the moment, this laptop is not in use. I've found that I'm not able to use NixOS quickly enough in a university environment where I need to rapidly install software and maintain project configurations (Makefile, Maven, django, npm, etc...) for several subjects. In addition to the configurations, some of the software is not available on NixOS. As a result, I would the be forced to package or FHS a lot of stuff in order to do anything productive. I might return to using NixOS on my laptop in the future. |
## home-manager configuration ## home-manager configuration

View File

@ -97,6 +97,10 @@
config = { config = {
allowUnfree = true; allowUnfree = true;
android_sdk.accept_license = true; android_sdk.accept_license = true;
segger-jlink.acceptLicense = true;
permittedInsecurePackages = [
"segger-jlink-qt4-794l"
];
}; };
overlays = let overlays = let
@ -218,22 +222,7 @@
tsuki = nixSys "tsuki"; tsuki = nixSys "tsuki";
Eisei = nixSys "eisei"; Eisei = nixSys "eisei";
kasei = nixSys "kasei"; kasei = nixSys "kasei";
home-manager-tester = nixpkgs-unstable.lib.nixosSystem { dosei = nixSys "dosei";
inherit system;
pkgs = unstable-pkgs;
inherit (unstable-pkgs) lib;
modules = [
"${home-manager-local}/nixos"
./hosts/special/home-manager-tester/configuration.nix
{
config._module.args = {
pkgs = unstable-pkgs;
# inherit (self) extendedLib;
# secrets = secrets.outputs.settings;
};
}
];
};
}; };
}; };
} }

View File

@ -0,0 +1,106 @@
{ config, lib, pkgs, inputs, specialArgs, ... }:
{
imports = [
./hardware-configuration.nix
./services/avahi.nix
./services/docker.nix
./services/jenkins.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
i18n.defaultLocale = "en_US.UTF-8";
services.udev.packages = with pkgs; [
segger-jlink
];
system.stateVersion = "24.05";
machineVars = {
headless = false;
gaming = false;
development = true;
creative = true;
dataDrives = let
main = "/data";
in {
drives = { inherit main; };
default = main;
};
screens = {
DP-1 = {
primary = true;
frequency = 60;
};
DP-2 = {
frequency = 60;
position = "1920x0";
};
};
};
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# security.pam.services.login.unixAuth = true;
systemd.network = {
enable = true;
# broken
wait-online.enable = false;
};
networking = {
hostName = "dosei";
# networkmanager.enable = true;
# TODO: reenable
firewall.enable = false;
# hostId = "";
};
services = {
openssh = {
enable = true;
settings.X11Forwarding = true;
};
# xserver = {
# # displayManager.gdm.enable = true;
# # desktopManager.gnome.enable = true;
# # videoDrivers = [ "nvidia" ];
# };
# tailscale.enable = true;
};
hardware = {
bluetooth.enable = true;
# cpu.amd.updateMicrocode = true;
enableRedistributableFirmware = true;
keyboard.zsa.enable = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# nvidia = {
# modesetting.enable = true;
# nvidiaSettings = true;
# };
};
programs.usbtop.enable = true;
}

View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e7f7bd86-0634-48f2-ab7c-f19b72ee47ab";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ABFF-19E8";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/28225b33-ef40-4ff3-8d1b-7163d8cc3faa"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
services.avahi = {
enable = true;
publish.enable = true;
publish.addresses = true;
publish.domain = true;
publish.hinfo = true;
publish.userServices = true;
publish.workstation = true;
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
}

View File

@ -0,0 +1,4 @@
{ config, pkgs, lib, ... }:
{
virtualisation.docker.enable = true;
}

View File

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
{
services.jenkins = {
enable = true;
withCLI = true;
# extraJavaOptions = [
# "-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
# ];
packages = with pkgs; [
stdenv
jdk17
nix
docker
git
bashInteractive # 'sh' step requires this
coreutils
which
procps
];
};
users.groups.docker.members = [ "jenkins" ];
}

View File

@ -23,42 +23,51 @@ sops:
- recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst - recipient: age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmVUbVJLNTcrWElnRFV5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTis4dldlaGJmVjN3dUU0
djNBRlg1SUE1UDJHaXRXSkxoZXpZbGpySVhzCnNDVG5iM0VmMmF6NFArNDUweXBq UHZHaXRHWU9wRWo5OVlVRitnV1NrKzBxb1RzCjhhMWxzbGczdDNmSTUvZis5SWp5
dFZ1L0RRSVlSa1hlMGNMaXpzdFNTVWsKLS0tIHpFR2dmaTFIaVNaOFZMeVRUejVs b2lTNC9MTFRDSnl2UGVoTjRoRFFSaEUKLS0tIFZkNEk2aGIwZm1XR1BJYUNkZE8z
bHJvenMwME1Gd1Z1Qm9kYVNkYkVsVVkKPCph78R5qMrKaofPpW6O5mjEcIPVvlwG U0RoMVNmUGwrV0J0UlJTK2ppdzNDMlUKaUuklGVibBHi4OAowm5vwZHTVapcCgfN
nIv679EhVUgUR3Zln/egICOj20SzzZzmDdBc7VbaZDiz3dyRbe5D8g== y7r2/9aDZ5BGsLu2syTnEaRvbvTwABUUbwLlVR0a27xdvn81m0G5sA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc - recipient: age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL0tDUDhibEplaERzQThG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMFFZbk14YnJvcWNLNGV3
ZElwM0V2MTJROEtucWdFdTR5bHE1cktGYkZzCnVDd0lZdmZNWUtYeHV4dG9GVEsy NUhhMXpRWEhoRXZqaDNEMnF0YjYrMWxQTlV3CjBNUEpUeHpiWEVwMHFSMHlNVXNC
dzBnd0szakNjZWpSVWtQY0tZTWZncEEKLS0tIE1aWkE4S3VBblFSVjMranNSYWoz V1JxTDhhSWtIcjc2c2NwTWxLS1gxVk0KLS0tIDZFb2hzdEdNbkNkYmxieVVUdmV4
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX WDdGRUtDWmxIRkNDM0FjMWdFdXFDSDAKPbMyMqNDmpA92Gzpafd3Z+H85Gn/OSz+
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg== GZ1IpfWSdF9RWRmuHxGIqiNXK53Us+YR7GVhqduwY0ueAh3wMCYyGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eml4UFJ1dVdmUjROZGxv
akRzWmV2ZWlNak9IV2hVUnI1YW5Nazk5RzJVCm5ab0YwQTdUWlU5OW9nTlI4N2pK
RXBrQWhYN29OSEVCL21MZ25ZRXN4VjAKLS0tIE5WM2xkaVY0bEVwVUNsUXdnU0ta
UllPc1JCTXoxUERMM05abjhnR0g0d2sK/wyBVH6Dxris4TF05POtYQbWj4DWOeID
RAdf30dDVtmg4qPwsHiIQ8f10gA1DrgIrcae0JS5VZcRLRw5/4+g9Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T18:25:28Z" lastmodified: "2024-06-25T18:25:28Z"
mac: ENC[AES256_GCM,data:GGjXTEHVHAWrr0QHc3O4bMpGi1wFge6AbK7XEwRiOqh4W1Zow2CEcfGZxW5TLLayfB9lXemeKtrZWsqBOCXtHkd670KbxxKInE3FvJbjME8ZODAMpknYX4BXBGt6ksC03Tm4ri1JIy1OxDVXG4qb8skNtna4YkIiUf+ErTihakA=,iv:YGKnVl9QCLLTqdQfpiTbv31vEGEoolzMWtyEFvJekYI=,tag:8j+dnOqHfupKTAl1GQ09Mg==,type:str] mac: ENC[AES256_GCM,data:GGjXTEHVHAWrr0QHc3O4bMpGi1wFge6AbK7XEwRiOqh4W1Zow2CEcfGZxW5TLLayfB9lXemeKtrZWsqBOCXtHkd670KbxxKInE3FvJbjME8ZODAMpknYX4BXBGt6ksC03Tm4ri1JIy1OxDVXG4qb8skNtna4YkIiUf+ErTihakA=,iv:YGKnVl9QCLLTqdQfpiTbv31vEGEoolzMWtyEFvJekYI=,tag:8j+dnOqHfupKTAl1GQ09Mg==,type:str]
pgp: pgp:
- created_at: "2023-05-08T00:49:52Z" - created_at: "2024-06-26T07:42:59Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ/+Oh1FcH1sA8Rf0R/38u5mFgAW2uRdC2KeUNh2qtBtwmTf hQIMA0av/duuklWYAQ//UQlQMjOkq53Ic8HTVTF+1594HNJKq75t6ewgSNVJy0yd
W3r9vmD+9UUlppxk2/o82yIecXsv8Bz4/e/04Xo8b0sfBB+l+odVY72mTBUGYQjQ spwqbnmZooQRvhK0ewnFQMldmsD/7NwnLJmV/ARUaJJRXGTltWnh5oxvPKB7b4Qw
+7B9PT5ZGBuWXOTTWmaYX11CFPw7KaPjS7k2Z3VoZXaOMa5vQUUzjCdw9N/y8nnV 9oxk8gOPyiBHq/oBMsrS1F5uYRd+/HliHcKR37PdXchEpy1CzuASjJ8fv+pUCy/1
Gl3ThHd0CEJ95iemV/CPS72h2Yf4jbk4WVdqDBtYxkv0VWMMOfjeaOPqQJKVDWDv jiuHiZEK5yLhjAMb7UsXVZXit1jP+VMBZJk3qzTXTRqewF+Rea2P6BXo5RQAyF9M
Bg9TQEoucfi4kYG5pR1NY5S0W73XU4ND+V9laeKdW47TUAtw56ajWAglTUZZ6+I8 xv6q+SItFPHglmyzkHvO1gg7lisohTY9fv51M9tcmPtUWnAeGywik8xT2RA5l5w2
xtm25neL90VIKQrKJTzp9IynjdDpuD9ZVNCQLg4UqbxTAcvLNgXGG5iDpr72asUO WPf7g0QIqWC6FmybsWdcBAWJCGKvsfCveEtY5J+29BYfCkPlhuKmou8CZwzIB66p
kOg1dCT00o++7SsGp9cA3+0Z1H5QKnJ3ekt2XyyD5pEDCdLwbotaDZEdST3usWR7 AsQMmu8JwbGSEYe78r/zy379ybQ/H7j/8uGDsJmAJqKvJfG1o6QsAlpj+fSoSU/5
k80Q5GfkBdE5RwvqfPEIDhwwtLnvI/lgyq1l4S/g3dNzV8vQauBQKcDWy+ZT8Kdk k9E5OyEdRyws4W1CoaAvyTML8gSXBXpA9oIZx5WYYh6mJ+ETNfDlaIAGXY2Sbdr+
u5DdfL4hxA04/a7VORFzwQMdm97VRIfOXA2pscDX+83drwtvdmTbvReigLHkS2pz IGkLhvGETQGbCW4EZB0hDEE3QmzNolYR6YybL74HtGQT2XOWg0+UkTZZ1ZRw+jHk
Xq1IDJSlJjJX0Yb2vbIXwLrfXrIbarnft0tb3TTZAK0B7yvLKbvLT0EZWAndssUw bY6XQbloTQpSI6tFCGq5hQeVQDH17lTb/sEh0qAZkdAguvUgPlO6PHV5cS3SXAS7
Utymmi2S6NvomebjAanqlWOTvgFaSBiG/tlILFPSBeAl1/mD9ijVgMq+QfdtoyHS Ga7vllL8VOq/dbJ5ll7xbnxwBxkDrVqu2fCnS9L3P/biteafB/d0gRhjhFEhaUHS
XAHkesaQ2U2HmuObPQioIYYvfMCSuFEClqgumWSSa4nLNmSulW3DYlvnKZJ17iAI XAGVZdphiKbcydow/ucviT2TlZVmi7yWLcfk+uEPxf0mb5FMFRSasSmAvp4b7Wcz
1p9X1xYS00t3dmbne7Q2DAkPBqB0JbgMBpJ9RNfyJdBAdNrRh3+x1k2mTA0I lNBuJPjOnYrkootAaLSUAdMukfAin1HGWxmINsybPzuPFlTxR3RSgjBQn/2w
=wF/N =kNmC
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted