commit 8cbe5f25475c707c0d8e6a672743f432022a3200 · ryan.freumh.org/nixos

+21

flake.lock

···

       102
       102
        
               "type": "github"

     

       103
       103
        
             }

     

       104
       104
        
           },

     

       105
       105
       +
           "disko": {

     

       106
       106
       +
             "inputs": {

     

       107
       107
       +
               "nixpkgs": [

     

       108
       108
       +
                 "nixpkgs"

     

       109
       109
       +
               ]

     

       110
       110
       +
             },

     

       111
       111
       +
             "locked": {

     

       112
       112
       +
               "lastModified": 1743598667,

     

       113
       113
       +
               "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",

     

       114
       114
       +
               "owner": "nix-community",

     

       115
       115
       +
               "repo": "disko",

     

       116
       116
       +
               "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",

     

       117
       117
       +
               "type": "github"

     

       118
       118
       +
             },

     

       119
       119
       +
             "original": {

     

       120
       120
       +
               "owner": "nix-community",

     

       121
       121
       +
               "repo": "disko",

     

       122
       122
       +
               "type": "github"

     

       123
       123
       +
             }

     

       124
       124
       +
           },

     

       105
       125
        
           "eilean": {

     

       106
       126
        
             "inputs": {

     

       107
       127
        
               "eon": [

     
···

       1109
       1129
        
               "agenix": "agenix",

     

       1110
       1130
        
               "alec-website": "alec-website",

     

       1111
       1131
        
               "deploy-rs": "deploy-rs",

     

       1132
       1132
       +
               "disko": "disko",

     

       1112
       1133
        
               "eilean": "eilean",

     

       1113
       1134
        
               "eon": "eon",

     

       1114
       1135
        
               "fn06-website": "fn06-website",

+3 -1

flake.nix

···

       21
       21
        
           nur.url = "github:nix-community/NUR/e9e77b7985ef9bdeca12a38523c63d47555cc89b";

     

       22
       22
        
           timewall.url = "github:bcyran/timewall/";

     

       23
       23
        
           tangled.url = "git+https://tangled.sh/@tangled.sh/core";

     

       24
       24
       +
           disko.url = "github:nix-community/disko";

     

       24
       25
        
       

     

       25
       26
        
           # deduplicate flake inputs

     

       26
       27
        
           eilean.inputs.nixpkgs.follows = "nixpkgs";

     
···

       38
       39
        
           nur.inputs.nixpkgs.follows = "nixpkgs";

     

       39
       40
        
           timewall.inputs.nixpkgs.follows = "nixpkgs";

     

       40
       41
        
           tangled.inputs.nixpkgs.follows = "nixpkgs";

     

       42
       42
       +
           disko.inputs.nixpkgs.follows = "nixpkgs";

     

       41
       43
        
         };

     

       42
       44
        
       

     

       43
       45
        
         outputs =

     
···

       116
       118
        
                       (

     

       117
       119
        
                         { config, ... }:

     

       118
       120
        
                         {

     

       119
       119
       -
                           networking.hostName = "${host}";

     

       121
       121
       +
                           networking.hostName = host-nixpkgs.lib.mkDefault "${host}";

     

       120
       122
        
                           # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       121
       123
        
                           nix.registry.nixpkgs.flake = host-nixpkgs;

     

       122
       124
        
                           system.stateVersion = "24.05";

+27

hosts/hippo/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         disko,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       {

     

       10
       10
       +
         imports = [

     

       11
       11
       +
           ./hardware-configuration.nix

     

       12
       12
       +
           disko.nixosModules.disko

     

       13
       13
       +
           ./disk-config.nix

     

       14
       14
       +
         ];

     

       15
       15
       +
       

     

       16
       16
       +
         custom = {

     

       17
       17
       +
           enable = true;

     

       18
       18
       +
           autoUpgrade.enable = true;

     

       19
       19
       +
           homeManager.enable = true;

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         home-manager.users.${config.custom.username}.config.custom.machineColour = "blue";

     

       23
       23
       +
       

     

       24
       24
       +
         networking.hostName = "iphito";

     

       25
       25
       +
       

     

       26
       26
       +
         services.openssh.openFirewall = true;

     

       27
       27
       +
       }

+33

hosts/hippo/disk-config.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         disko.devices = {

     

       5
       5
       +
           disk.disk1 = {

     

       6
       6
       +
             device = lib.mkDefault "/dev/sda";

     

       7
       7
       +
             type = "disk";

     

       8
       8
       +
             content = {

     

       9
       9
       +
               type = "gpt";

     

       10
       10
       +
               partitions = {

     

       11
       11
       +
                 ESP = {

     

       12
       12
       +
                   type = "EF00";

     

       13
       13
       +
                   size = "500M";

     

       14
       14
       +
                   content = {

     

       15
       15
       +
                     type = "filesystem";

     

       16
       16
       +
                     format = "vfat";

     

       17
       17
       +
                     mountpoint = "/boot";

     

       18
       18
       +
                     mountOptions = [ "umask=0077" ];

     

       19
       19
       +
                   };

     

       20
       20
       +
                 };

     

       21
       21
       +
                 root = {

     

       22
       22
       +
                   size = "100%";

     

       23
       23
       +
                   content = {

     

       24
       24
       +
                     type = "filesystem";

     

       25
       25
       +
                     format = "ext4";

     

       26
       26
       +
                     mountpoint = "/";

     

       27
       27
       +
                   };

     

       28
       28
       +
                 };

     

       29
       29
       +
               };

     

       30
       30
       +
             };

     

       31
       31
       +
           };

     

       32
       32
       +
         };

     

       33
       33
       +
       }

+40

hosts/hippo/hardware-configuration.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         modulesPath,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       {

     

       10
       10
       +
         imports = [

     

       11
       11
       +
           (modulesPath + "/installer/scan/not-detected.nix")

     

       12
       12
       +
         ];

     

       13
       13
       +
       

     

       14
       14
       +
         boot.initrd.availableKernelModules = [

     

       15
       15
       +
           "megaraid_sas"

     

       16
       16
       +
           "xhci_pci"

     

       17
       17
       +
           "nvme"

     

       18
       18
       +
           "ahci"

     

       19
       19
       +
           "sd_mod"

     

       20
       20
       +
         ];

     

       21
       21
       +
         boot.initrd.kernelModules = [ "dm-snapshot" ];

     

       22
       22
       +
         boot.kernelModules = [ "kvm-amd" ];

     

       23
       23
       +
         boot.extraModulePackages = [ ];

     

       24
       24
       +
       

     

       25
       25
       +
         networking.useDHCP = lib.mkDefault true;

     

       26
       26
       +
       

     

       27
       27
       +
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       28
       28
       +
         hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       29
       29
       +
       

     

       30
       30
       +
         boot.loader.grub = {

     

       31
       31
       +
           enable = true;

     

       32
       32
       +
           device = "nodev";

     

       33
       33
       +
           efiSupport = true;

     

       34
       34
       +
           efiInstallAsRemovable = true;

     

       35
       35
       +
         };

     

       36
       36
       +
       

     

       37
       37
       +
         boot.kernelParams = [

     

       38
       38
       +
           "console=ttyS1,115200n8"

     

       39
       39
       +
         ];

     

       40
       40
       +
       }

+8 -2

hosts/owl/services.nix

···

       269
       269
        
             proxyWebsockets = true;

     

       270
       270
        
           };

     

       271
       271
        
         };

     

       272
       272
       -
         

     

       272
       272
       +
       

     

       273
       273
        
         services.nginx.virtualHosts."enki.freumh.org" = {

     

       274
       274
        
           forceSSL = true;

     

       275
       275
        
           locations."/" = {

     
···

       391
       391
        
                 value = "vps";

     

       392
       392
        
               }

     

       393
       393
        
       

     

       394
       394
       +
               {

     

       395
       395
       +
                 name = "hippo";

     

       396
       396
       +
                 type = "A";

     

       397
       397
       +
                 value = "128.232.124.251";

     

       398
       398
       +
               }

     

       399
       399
       +
       

     

       394
       400
        
               # generate with

     

       395
       401
        
               #   sudo openssl x509 -in /var/lib/acme/mail.freumh.org/fullchain.pem -pubkey -noout | openssl pkey -pubin -outform der | sha256sum | awk '{print "3 1 1", $1}'

     

       396
       402
        
               {

     
···

       509
       515
        
             ];

     

       510
       516
        
           };

     

       511
       517
        
         };

     

       512
       512
       -
       }
     

       518
       518
       +
       }