europa is kil
This commit is contained in:
parent
68594651ac
commit
f38c03d787
@ -3,7 +3,6 @@ keys:
|
||||
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
|
||||
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
|
||||
- &host_dosei age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r
|
||||
- &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
|
||||
- &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm
|
||||
- &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
|
||||
- &home_dosei age17acs5lw7npma4sughxq3wj3cs5gjkenqdzscyvaks0er33n8gupsce7jlp
|
||||
@ -17,7 +16,6 @@ creation_rules:
|
||||
- *host_tsuki
|
||||
- *host_kasei
|
||||
- *host_dosei
|
||||
- *host_europa
|
||||
- *host_xps16
|
||||
- *home
|
||||
- *home_dosei
|
||||
@ -57,10 +55,3 @@ creation_rules:
|
||||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_dosei
|
||||
|
||||
- path_regex: secrets/europa.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *gpg_h7x4
|
||||
age:
|
||||
- *host_europa
|
||||
|
@ -25,7 +25,6 @@ Here are some of the interesting files and dirs:
|
||||
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
|
||||
| `Kasei` | AMD Zen 2 CPU / AMD GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
|
||||
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
|
||||
| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
|
||||
|
||||
|
||||
## home-manager configuration
|
||||
|
@ -274,14 +274,6 @@
|
||||
nixos-hardware.nixosModules.common-gpu-intel
|
||||
];
|
||||
};
|
||||
europa = nixSys "europa" {
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.common-pc
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
nixos-hardware.nixosModules.common-cpu-intel
|
||||
nixos-hardware.nixosModules.common-gpu-intel
|
||||
];
|
||||
};
|
||||
tsuki = nixSys "tsuki" {
|
||||
modules = [
|
||||
matrix-synapse-next.nixosModules.default
|
||||
|
@ -1,19 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
# TODO: Reproducible certificates
|
||||
services.journald.remote = {
|
||||
enable = true;
|
||||
settings.Remote = {
|
||||
# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
|
||||
# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
|
||||
ServerKeyFile = "/etc/journald-remote-certs/key.pem";
|
||||
ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
|
||||
TrustedCertificateFile = "-";
|
||||
};
|
||||
};
|
||||
|
||||
# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
|
||||
# "key.pem:/etc/journald-remote-certs/key.pem"
|
||||
# "cert.pem:/etc/journald-remote-certs/cert.pem"
|
||||
# ];
|
||||
}
|
@ -1,96 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./services/avahi.nix
|
||||
./services/docker.nix
|
||||
./services/journald-remote.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
services.udev.packages = with pkgs; [
|
||||
segger-jlink
|
||||
];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
machineVars = {
|
||||
headless = true;
|
||||
gaming = false;
|
||||
development = true;
|
||||
creative = false;
|
||||
|
||||
dataDrives = let
|
||||
main = "/data";
|
||||
in {
|
||||
drives = { inherit main; };
|
||||
default = main;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.targets = {
|
||||
sleep.enable = false;
|
||||
suspend.enable = false;
|
||||
hibernate.enable = false;
|
||||
hybrid-sleep.enable = false;
|
||||
};
|
||||
|
||||
# security.pam.services.login.unixAuth = true;
|
||||
|
||||
# systemd.network = {
|
||||
# enable = true;
|
||||
# # broken
|
||||
# wait-online.enable = true;
|
||||
# };
|
||||
|
||||
networking = {
|
||||
hostName = "europa";
|
||||
networkmanager.enable = true;
|
||||
# TODO: reenable
|
||||
firewall.enable = false;
|
||||
# hostId = "007f0201";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = true;
|
||||
settings.PasswordAuthentication = lib.mkForce true;
|
||||
};
|
||||
# xserver = {
|
||||
# # displayManager.gdm.enable = true;
|
||||
# # desktopManager.gnome.enable = true;
|
||||
# # videoDrivers = [ "nvidia" ];
|
||||
# };
|
||||
# tailscale.enable = true;
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.enable = true;
|
||||
# cpu.amd.updateMicrocode = true;
|
||||
enableRedistributableFirmware = true;
|
||||
keyboard.zsa.enable = true;
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
# nvidia = {
|
||||
# modesetting.enable = true;
|
||||
# nvidiaSettings = true;
|
||||
# };
|
||||
};
|
||||
|
||||
programs.usbtop.enable = true;
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/2de4150d-e418-4f22-a516-3f35352eb66a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/12CE-A600";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0077" "dmask=0077" ];
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/8c8bc640-83f4-4eee-909b-457989cebfe4"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
@ -1,4 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
home.stateVersion = "24.05";
|
||||
}
|
@ -1,13 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish.enable = true;
|
||||
publish.addresses = true;
|
||||
publish.domain = true;
|
||||
publish.hinfo = true;
|
||||
publish.userServices = true;
|
||||
publish.workstation = true;
|
||||
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||
};
|
||||
}
|
@ -1,4 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
@ -1,14 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.journald.upload = {
|
||||
enable = true;
|
||||
settings.Upload = {
|
||||
URL = "https://10.250.14.105:19532";
|
||||
# ServerKeyFile = toString ./key.pem;
|
||||
# ServerCertificateFile = toString ./cert.pem;
|
||||
ServerKeyFile = "-";
|
||||
ServerCertificateFile = "-";
|
||||
TrustedCertificateFile = "-";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user