commit 4fc18ee08c9d69d586594bd9979d59a0ad7d3ae6 · nekomimi.pet/nixcfg

+7

flake.nix

···

       71
       71
        
                 })

     

       72
       72
        
               ];

     

       73
       73
        
             };

     

       74
       74
       +
       

     

       75
       75
       +
             buer = nixpkgs.lib.nixosSystem {

     

       76
       76
       +
               system = "x86_64-linux";

     

       77
       77
       +
               modules = [

     

       78
       78
       +
                 ./hosts/buer          

     

       79
       79
       +
               ]

     

       80
       80
       +
             }

     

       74
       81
        
             

     

       75
       82
        
             # Easy to add more hosts

     

       76
       83
        
             /*server2 = nixpkgs.lib.nixosSystem {

+68

hosts/buer/default.nix

···

       1
       1
       +
       # hosts/valefar/configuration.nix (or default.nix)

     

       2
       2
       +
       { config, lib, pkgs, modulesPath, ... }:

     

       3
       3
       +
       

     

       4
       4
       +
       {

     

       5
       5
       +
         imports = [

     

       6
       6
       +
           # Host-specific hardware

     

       7
       7
       +
           ./hardware.nix

     

       8
       8
       +
           ./secrets.nix

     

       9
       9
       +
           

     

       10
       10
       +
           # Common modules shared across hosts

     

       11
       11
       +
           ../../modules/common/system.nix

     

       12
       12
       +
           ../../modules/common/users.nix

     

       13
       13
       +
           ../../modules/common/services.nix

     

       14
       14
       +
           

     

       15
       15
       +
           # Services specific to this host

     

       16
       16
       +
           #../../services/garage.nix

     

       17
       17
       +
           #../../services/forgejo.nix

     

       18
       18
       +
       

     

       19
       19
       +
           # Common secrets

     

       20
       20
       +
           ../../host-secrets.nix

     

       21
       21
       +
         ];

     

       22
       22
       +
       

     

       23
       23
       +
         # pin host platform & microcode

     

       24
       24
       +
         nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";

     

       25
       25
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault

     

       26
       26
       +
           config.hardware.enableRedistributableFirmware;

     

       27
       27
       +
       

     

       28
       28
       +
         networking.hostName = "buer";

     

       29
       29
       +
         networking.hostId = "1418d29e";

     

       30
       30
       +
         networking.useDHCP = false;

     

       31
       31
       +
         systemd.network.enable = true;

     

       32
       32
       +
         systemd.network.networks."10-wan" = {

     

       33
       33
       +
           matchConfig.Name = "ens3";

     

       34
       34
       +
           address = [

     

       35
       35
       +
             "103.251.165.107/24"

     

       36
       36
       +
             "2a04:52c0:0135:48d1::2/48"

     

       37
       37
       +
           ];

     

       38
       38
       +
           gateway = [

     

       39
       39
       +
             "103.251.165.1"

     

       40
       40
       +
             "2a04:52c0:0135::1"

     

       41
       41
       +
           ];

     

       42
       42
       +
           dns = [

     

       43
       43
       +
             "2a01:6340:1:20:4::10"

     

       44
       44
       +
             "2a04:52c0:130:2a5c::10"

     

       45
       45
       +
             "185.31.172.240"

     

       46
       46
       +
             "5.255.125.240"

     

       47
       47
       +
           ];

     

       48
       48
       +
         };

     

       49
       49
       +
         

     

       50
       50
       +
         #boot.supportedFilesystems = [ "zfs" ];

     

       51
       51
       +
         #boot.kernelModules = [ "nct6775" "coretemp" ];

     

       52
       52
       +
       

     

       53
       53
       +
         #services.zfs.autoScrub.enable = true;

     

       54
       54
       +
         #services.zfs.trim.enable = true;

     

       55
       55
       +
       

     

       56
       56
       +
         environment.systemPackages = with pkgs; [

     

       57
       57
       +
           #lm_sensors

     

       58
       58
       +
           #code-server

     

       59
       59
       +
         ];

     

       60
       60
       +
       

     

       61
       61
       +
         virtualisation.docker = {

     

       62
       62
       +
           enable = true;

     

       63
       63
       +
           enableOnBoot = true;

     

       64
       64
       +
           package = pkgs.docker.override {

     

       65
       65
       +
             buildGoModule = pkgs.buildGo123Module;

     

       66
       66
       +
           };

     

       67
       67
       +
         };

     

       68
       68
       +
       }

+63

hosts/buer/hardware.nix

···

       1
       1
       +
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       2
       +
       # and may be overwritten by future invocations.  Please make changes

     

       3
       3
       +
       # to /etc/nixos/configuration.nix instead.

     

       4
       4
       +
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       5
       +
       

     

       6
       6
       +
       {

     

       7
       7
       +
         imports =

     

       8
       8
       +
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       9
       +
           ];

     

       10
       10
       +
       

     

       11
       11
       +
         boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" ];

     

       12
       12
       +
         boot.initrd.kernelModules = [ ];

     

       13
       13
       +
         boot.kernelModules = [ "kvm-intel" ];

     

       14
       14
       +
         boot.extraModulePackages = [ ];

     

       15
       15
       +
       

     

       16
       16
       +
         fileSystems."/" = {

     

       17
       17
       +
           device = "/dev/disk/by-uuid/17b399da-2210-4493-9ae3-c65b20b992a0";

     

       18
       18
       +
           fsType = "ext4";

     

       19
       19
       +
         };

     

       20
       20
       +
       

     

       21
       21
       +
         fileSystems."/boot" =

     

       22
       22
       +
           { device = "/dev/disk/by-uuid/6340-211B";

     

       23
       23
       +
             fsType = "vfat";

     

       24
       24
       +
             options = [ "fmask=0022" "dmask=0022" ];

     

       25
       25
       +
           };

     

       26
       26
       +
       

     

       27
       27
       +
         fileSystems."/garage" = {

     

       28
       28
       +
           device = "garage";

     

       29
       29
       +
           fsType = "zfs";

     

       30
       30
       +
         };

     

       31
       31
       +
       

     

       32
       32
       +
         fileSystems."/storage" = {

     

       33
       33
       +
           device = "storage";

     

       34
       34
       +
           fsType = "zfs";

     

       35
       35
       +
         };

     

       36
       36
       +
       

     

       37
       37
       +
         swapDevices = [ ];

     

       38
       38
       +
       

     

       39
       39
       +
         # Fan Control

     

       40
       40
       +
         hardware.fancontrol = {

     

       41
       41
       +
           enable = true;

     

       42
       42
       +
           config = ''

     

       43
       43
       +
       INTERVAL=10

     

       44
       44
       +
       DEVPATH=hwmon1=devices/platform/nct6775.2592 hwmon2=devices/platform/coretemp.0

     

       45
       45
       +
       DEVNAME=hwmon1=nct6795 hwmon2=coretemp

     

       46
       46
       +
       FCTEMPS=hwmon1/pwm2=hwmon2/temp1_input hwmon1/pwm3=hwmon2/temp1_input

     

       47
       47
       +
       FCFANS=hwmon1/pwm2=hwmon1/fan2_input hwmon1/pwm3=hwmon1/fan3_input

     

       48
       48
       +
       MINTEMP=hwmon1/pwm2=20 hwmon1/pwm3=20

     

       49
       49
       +
       MAXTEMP=hwmon1/pwm2=65 hwmon1/pwm3=60

     

       50
       50
       +
       MINSTART=hwmon1/pwm2=38 hwmon1/pwm3=75

     

       51
       51
       +
       MINSTOP=hwmon1/pwm2=28 hwmon1/pwm3=75

     

       52
       52
       +
       MINPWM=hwmon1/pwm2=28 hwmon1/pwm3=75

     

       53
       53
       +
       MAXPWM=hwmon1/pwm2=150 hwmon1/pwm3=105

     

       54
       54
       +
           '';

     

       55
       55
       +
         };

     

       56
       56
       +
       

     

       57
       57
       +
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       58
       58
       +
         # (the default) this is the recommended approach. When using systemd-networkd it's

     

       59
       59
       +
         # still possible to use this option, but it's recommended to use it in conjunction

     

       60
       60
       +
         # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

     

       61
       61
       +
         networking.useDHCP = lib.mkDefault true;

     

       62
       62
       +
         # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;

     

       63
       63
       +
       }

+3

hosts/buer/secrets.nix

+18

hosts/focalor/default.nix

···

       33
       33
        
       

     

       34
       34
        
         networking.hostName = "focalor";

     

       35
       35
        
         networking.hostId = "84bdc587";

     

       36
       36
       +
       

     

       37
       37
       +
         networking = {

     

       38
       38
       +
           firewall.enable = false;

     

       39
       39
       +
           firewall.trustedInterfaces = [

     

       40
       40
       +
       	    "tailscale0"

     

       41
       41
       +
           ];

     

       42
       42
       +
           nameservers   = [ "192.168.4.3" "1.1.1.1" ];

     

       43
       43
       +
           useDHCP       = true;

     

       44
       44
       +
           firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 

     

       45
       45
       +
         };

     

       46
       46
       +
       

     

       47
       47
       +
         services.resolved = {

     

       48
       48
       +
           enable      = true;

     

       49
       49
       +
           dnssec      = "true";

     

       50
       50
       +
           domains     = [ "~." ];

     

       51
       51
       +
           fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];

     

       52
       52
       +
           dnsovertls  = "true";

     

       53
       53
       +
         };

     

       36
       54
        
         

     

       37
       55
        
         #boot.supportedFilesystems = [ "zfs" ];

     

       38
       56
        
         #boot.kernelModules = [ "nct6775" "coretemp" ];

+18

hosts/valefar/default.nix

···

       27
       27
        
       

     

       28
       28
        
         networking.hostName = "valefar";

     

       29
       29
        
         networking.hostId = "2a07da90";

     

       30
       30
       +
       

     

       31
       31
       +
         networking = {

     

       32
       32
       +
           firewall.enable = false;

     

       33
       33
       +
           firewall.trustedInterfaces = [

     

       34
       34
       +
       	    "tailscale0"

     

       35
       35
       +
           ];

     

       36
       36
       +
           nameservers   = [ "192.168.4.3" "1.1.1.1" ];

     

       37
       37
       +
           useDHCP       = true;

     

       38
       38
       +
           firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 

     

       39
       39
       +
         };

     

       40
       40
       +
       

     

       41
       41
       +
         services.resolved = {

     

       42
       42
       +
           enable      = true;

     

       43
       43
       +
           dnssec      = "true";

     

       44
       44
       +
           domains     = [ "~." ];

     

       45
       45
       +
           fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];

     

       46
       46
       +
           dnsovertls  = "true";

     

       47
       47
       +
         };

     

       30
       48
        
         

     

       31
       49
        
         boot.supportedFilesystems = [ "zfs" ];

     

       32
       50
        
         boot.kernelModules = [ "nct6775" "coretemp" ];

-18

modules/common/system.nix

···

       10
       10
        
       

     

       11
       11
        
         nix.settings.experimental-features = [ "nix-command" "flakes" ];

     

       12
       12
        
       

     

       13
       13
       -
         networking = {

     

       14
       14
       -
           firewall.enable = false;

     

       15
       15
       -
           firewall.trustedInterfaces = [

     

       16
       16
       -
       	    "tailscale0"

     

       17
       17
       -
           ];

     

       18
       18
       -
           nameservers   = [ "192.168.4.3" "1.1.1.1" ];

     

       19
       19
       -
           useDHCP       = true;

     

       20
       20
       -
           firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 

     

       21
       21
       -
         };

     

       22
       22
       -
       

     

       23
       23
       -
         services.resolved = {

     

       24
       24
       -
           enable      = true;

     

       25
       25
       -
           dnssec      = "true";

     

       26
       26
       -
           domains     = [ "~." ];

     

       27
       27
       -
           fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];

     

       28
       28
       -
           dnsovertls  = "true";

     

       29
       29
       -
         };

     

       30
       30
       -
       

     

       31
       13
        
         environment.variables.EDITOR = "vim";

     

       32
       14
        
       

     

       33
       15
        
         time.timeZone     = "America/New_York";

+4

modules/common/users.nix

···

       4
       4
        
           isNormalUser    = true;

     

       5
       5
        
           extraGroups     = [ "docker" "wheel" ];

     

       6
       6
        
           packages        = with pkgs; [ tree ];

     

       7
       7
       +
           openssh.authorizedKeys.keys = [

     

       8
       8
       +
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTESAAAAIJ0pUS@lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb"

     

       9
       9
       +
             "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCS9VBRE13jojnqVjuUZWTcOK8GokDDlk2U0i61vEJizVzNowGnIAbwq0cOaFEBX4JBkOa4I8Ku2Pw7fODuoehSK/t7FrfXExk2PBT3k0mfzqQYxfq5bzae7AWr7n/sKUBTtvHSACfidxzQpV7VSgW68jqdOt6h7FHSeS2jac7wUNPobL0uCkFB4FiEQOnIqlRGSSabVemL7bC9H9lUyOODSTthiq9S3pPYknyHDRKUtSCSw4pfpasr4bxDVSW99h3GBcW0hZbpw5bwlxQlwbclxQDnn7XJhWpq6zL/2ScVGJgd94z7FshKoF5IFTk6e7a/Ouv4Ato4hRLxEe5u70CH ssh-key-2023-07-11"

     

       10
       10
       +
           ];

     

       7
       11
        
         };

     

       8
       12
        
       

     

       9
       13
        
         programs.git = {