···

       
1
       
 
       
{ pkgs-per-system }:

     

       
2
       
 
       


     

       
3
       
-
       
{ lib

     

       
0
       
 
       

     

       
4
       
 
       
, ...

     

       
5
       
 
       
}@pkgs:

     

       
6
       
 
       


     

       
7
       
 
       
let

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
8
       
 
       
  apps = {

     

       
9
       
-
       
    flash-installer-iso-x86_64-linux = import ./flash-installer.nix pkgs-per-system.x86_64-linux pkgs;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
10
       
 
       
  };

     

       
11
       
 
       
in

     

       
12
       
-
       


     

       
13
       
 
       
lib.mapAttrs (_: program: { type = "app"; inherit program; }) apps

     

···

       
1
       
 
       
{ pkgs-per-system }:

     

       
2
       
 
       


     

       
3
       
+
       
{ self

     

       
4
       
+
       
, lib

     

       
5
       
 
       
, ...

     

       
6
       
 
       
}@pkgs:

     

       
7
       
 
       


     

       
8
       
 
       
let

     

       
9
       
+
       
  inherit (self.outputs) flake-lib;

     

       
10
       
+
       


     

       
11
       
+
       
  iso-x86_64-linux = flake-lib.nixos.createSystem pkgs-per-system.x86_64-linux [ ../nixos/profiles/installer.nix ];

     

       
12
       
+
       
  path-iso-x86_64-linux = "${iso-x86_64-linux.config.system.build.isoImage}/iso/${iso-x86_64-linux.config.isoImage.isoName}";

     

       
13
       
+
       


     

       
14
       
+
       
  iso-rpi = flake-lib.nixos.createSystem pkgs-per-system.aarch64-linux [ ../nixos/profiles/installer-rpi.nix ];

     

       
15
       
+
       
  path-iso-rpi = "${iso-rpi.config.system.build.sdImage}/iso/${iso-rpi.config.sdImage.isoName}";

     

       
16
       
+
       


     

       
17
       
 
       
  apps = {

     

       
18
       
+
       
    inherit iso-rpi;

     

       
19
       
+
       
  

     

       
20
       
+
       
    installer-iso-x86_64-linux = import ./flash-installer.nix pkgs path-iso-x86_64-linux;

     

       
21
       
+
       
    installer-rpi = import ./flash-installer.nix pkgs path-iso-rpi;

     

       
22
       
 
       
  };

     

       
23
       
 
       
in

     

       
0
       
 
       

     

       
24
       
 
       
lib.mapAttrs (_: program: { type = "app"; inherit program; }) apps

     

···

       
1
       
-
       
targetSystemPkgs:

     

       
2
       
-
       


     

       
3
       
 
       
{ self

     

       
4
       
 
       
, lib

     

       
5
       
 
       


     
···

       
7
       
 
       
, ...

     

       
8
       
 
       
}@pkgs:

     

       
9
       
 
       


     

       
10
       
-
       
let

     

       
11
       
-
       
  inherit (self.outputs) flake-lib;

     

       
12
       
-
       


     

       
13
       
-
       
  iso = flake-lib.nixos.createSystem targetSystemPkgs [ ../nixos/profiles/installer.nix ];

     

       
14
       
-
       
  # Build installer ISO

     

       
15
       
-
       
  isoPath = "${iso.config.system.build.isoImage}/iso/${iso.config.isoImage.isoName}";

     

       
16
       
 
       


     

       
17
       
-
       
in

     

       
18
       
 
       
lib.getExe (writeShellApplication {

     

       
19
       
 
       
  name = "flash-installer";

     

       
20
       
 
       
  runtimeInputs = with pkgs; [ pv fzf ];

     
···

       
31
       
 
       
    echo "Flashing to $dev"

     

       
32
       
 
       
    

     

       
33
       
 
       
    # Format selected disk

     

       
34
       
-
       
    pv -tpreb "${isoPath}" | sudo dd bs=4M of="$dev" iflag=fullblock conv=notrunc,noerror oflag=sync

     

       
35
       
 
       
  '';

     

       
36
       
 
       
})

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
1
       
 
       
{ self

     

       
2
       
 
       
, lib

     

       
3
       
 
       


     
···

       
5
       
 
       
, ...

     

       
6
       
 
       
}@pkgs:

     

       
7
       
 
       


     

       
8
       
+
       
image-path:

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
9
       
 
       


     

       
0
       
 
       

     

       
10
       
 
       
lib.getExe (writeShellApplication {

     

       
11
       
 
       
  name = "flash-installer";

     

       
12
       
 
       
  runtimeInputs = with pkgs; [ pv fzf ];

     
···

       
23
       
 
       
    echo "Flashing to $dev"

     

       
24
       
 
       
    

     

       
25
       
 
       
    # Format selected disk

     

       
26
       
+
       
    pv -tpreb "${image-path}" | sudo dd bs=4M of="$dev" iflag=fullblock conv=notrunc,noerror oflag=sync

     

       
27
       
 
       
  '';

     

       
28
       
 
       
})

     

···

       
19
       
 
       


     

       
20
       
 
       
    # Servers

     

       
21
       
 
       
    "weird-row-server" = createSystem pkgs [

     

       
22
       
-
       
      (system "weird-row-server" "server")

     

       
23
       
 
       
      (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; })

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
24
       
 
       
      (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; })

     

       
25
       
 
       
    ];

     

       
26
       
 
       
  };

     

···

       
19
       
 
       


     

       
20
       
 
       
    # Servers

     

       
21
       
 
       
    "weird-row-server" = createSystem pkgs [

     

       
22
       
+
       
      (system "weird-row-server" "main-server")

     

       
23
       
 
       
      (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; })

     

       
24
       
+
       
      (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; })

     

       
25
       
+
       
    ];

     

       
26
       
+
       


     

       
27
       
+
       
    "wiroprint-server" = createSystem pkgs [

     

       
28
       
+
       
      (system "wiroprint-server" "print-server")

     

       
29
       
+
       
      # (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; })

     

       
30
       
 
       
      (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; })

     

       
31
       
 
       
    ];

     

       
32
       
 
       
  };

     

···

       
73
       
 
       
        # that depends on fish internal ls wrappers and can be overridden by

     

       
74
       
 
       
        # bad configuration. (e.g. NixOS `environment.shellAliases` default)

     

       
75
       
 
       
        ls = "${lib.getExe pkgs.eza} --color=auto --icons=auto --hyperlink";

     

       
76
       
-
       


     

       
77
       
-
       
        pasters = "${lib.getExe pkgs.curl} --data-binary @- https://paste.rs/";

     

       
78
       
 
       
      };

     

       
79
       
 
       


     

       
80
       
 
       
      shellAbbrs = {

     

···

       
73
       
 
       
        # that depends on fish internal ls wrappers and can be overridden by

     

       
74
       
 
       
        # bad configuration. (e.g. NixOS `environment.shellAliases` default)

     

       
75
       
 
       
        ls = "${lib.getExe pkgs.eza} --color=auto --icons=auto --hyperlink";

     

       
0
       
 
       

     

       
0
       
 
       

     

       
76
       
 
       
      };

     

       
77
       
 
       


     

       
78
       
 
       
      shellAbbrs = {

     

···

       
46
       
 
       
      openssl

     

       
47
       
 
       
      ouch

     

       
48
       
 
       
      parallel

     

       
0
       
 
       

     

       
49
       
 
       
      pv

     

       
50
       
 
       
      restic

     

       
51
       
 
       
      ripgrep

     

···

       
46
       
 
       
      openssl

     

       
47
       
 
       
      ouch

     

       
48
       
 
       
      parallel

     

       
49
       
+
       
      lpkgs.paste-rs

     

       
50
       
 
       
      pv

     

       
51
       
 
       
      restic

     

       
52
       
 
       
      ripgrep

     

···

       
143
       
 
       
    programs.ssh = {

     

       
144
       
 
       
      enable = true;

     

       
145
       
 
       


     

       
146
       
-
       
      matchBlocks."weird-row-server" = {

     

       
147
       
-
       
        hostname = "weird-row.portal.wiro.world";

     

       
148
       
-
       
        # TODO: reduce automated load on ssh port by changing to a random port

     

       
149
       
-
       
        # port = ""

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
150
       
 
       
      };

     

       
151
       
 
       
    };

     

       
152
       
 
       


     

···

       
143
       
 
       
    programs.ssh = {

     

       
144
       
 
       
      enable = true;

     

       
145
       
 
       


     

       
146
       
+
       
      matchBlocks = {

     

       
147
       
+
       
        "weird-row-server" = {

     

       
148
       
+
       
          hostname = "weird-row.portal.wiro.world";

     

       
149
       
+
       
          # TODO: reduce automated load on ssh port by changing to a random port

     

       
150
       
+
       
          # port = ""

     

       
151
       
+
       
        };

     

       
152
       
+
       


     

       
153
       
+
       
        "wiroprint" = {

     

       
154
       
+
       
          hostname = "wiroprint.portal.wiro.world";

     

       
155
       
+
       
          # this machine is not accessible on the public network via SSH

     

       
156
       
+
       
          # port = "";

     

       
157
       
+
       
        };

     

       
158
       
 
       
      };

     

       
159
       
 
       
    };

     

       
160
       
 
       


     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{ config

     

       
2
       
+
       
, ...

     

       
3
       
+
       
}:

     

       
4
       
+
       


     

       
5
       
+
       
let

     

       
6
       
+
       
  cfg = config.local.disk;

     

       
7
       
+
       
in

     

       
8
       
+
       
{

     

       
9
       
+
       
  config.disko.devices.disk.primary = {

     

       
10
       
+
       
    type = "disk";

     

       
11
       
+
       
    device = cfg.device;

     

       
12
       
+
       
    content = {

     

       
13
       
+
       
      type = "gpt";

     

       
14
       
+
       
      partitions = {

     

       
15
       
+
       
        boot = {

     

       
16
       
+
       
          size = "1M";

     

       
17
       
+
       
          type = "EF02";

     

       
18
       
+
       
          priority = 1;

     

       
19
       
+
       
        };

     

       
20
       
+
       
        ESP = {

     

       
21
       
+
       
          size = "512M";

     

       
22
       
+
       
          type = "EF00";

     

       
23
       
+
       
          content = {

     

       
24
       
+
       
            type = "filesystem";

     

       
25
       
+
       
            format = "vfat";

     

       
26
       
+
       
            mountpoint = "/boot";

     

       
27
       
+
       
          };

     

       
28
       
+
       
        };

     

       
29
       
+
       
        root = {

     

       
30
       
+
       
          size = "100%";

     

       
31
       
+
       
          content = {

     

       
32
       
+
       
            type = "filesystem";

     

       
33
       
+
       
            format = "ext4";

     

       
34
       
+
       
            mountpoint = "/";

     

       
35
       
+
       
          };

     

       
36
       
+
       
        };

     

       
37
       
+
       
      };

     

       
38
       
+
       
    };

     

       
39
       
+
       
  };

     

       
40
       
+
       
}

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{ self

     

       
2
       
+
       
, lib

     

       
3
       
+
       
, pkgs

     

       
4
       
+
       
, lpkgs

     

       
5
       
+
       


     

       
6
       
+
       
, modulesPath

     

       
7
       
+
       
, ...

     

       
8
       
+
       
}:

     

       
9
       
+
       


     

       
10
       
+
       
let

     

       
11
       
+
       
  inherit (self.inputs) nixos-hardware;

     

       
12
       
+
       


     

       
13
       
+
       
  keys = import ../../secrets/keys.nix;

     

       
14
       
+
       


     

       
15
       
+
       
  binName = drv: drv.meta.mainProgram;

     

       
16
       
+
       


     

       
17
       
+
       
  flakeUri = "github:mrnossiom/dotfiles";

     

       
18
       
+
       


     

       
19
       
+
       
  ## Formatting related

     

       
20
       
+
       


     

       
21
       
+
       
  # Does the whole destroy, format, mount disko cycle

     

       
22
       
+
       
  # disko-cycle <hostname>

     

       
23
       
+
       
  disko-cycle = pkgs.writeShellScriptBin "disko-cycle" ''

     

       
24
       
+
       
    if [ -z "$1" ]; then echo "Hostname unset"; exit; fi

     

       
25
       
+
       


     

       
26
       
+
       
    echo "Running disko destroy, format and mount script for $1"

     

       
27
       
+
       
    nix build ${flakeUri}#nixosConfigurations.$1.config.system.build.diskoScript

     

       
28
       
+
       
    sudo bash result

     

       
29
       
+
       
  '';

     

       
30
       
+
       


     

       
31
       
+
       
  ## NixOS install related

     

       
32
       
+
       


     

       
33
       
+
       
  # Generates hardware related config and uploads it to a paste service

     

       
34
       
+
       
  # link-hardware-config [root]

     

       
35
       
+
       
  link-hardware-config = pkgs.writeShellScriptBin "link-hardware-config" ''

     

       
36
       
+
       
    nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe lpkgs.paste-rs}

     

       
37
       
+
       
  '';

     

       
38
       
+
       


     

       
39
       
+
       
  # Install specified flake system to /mnt

     

       
40
       
+
       
  # install-system <hostname>

     

       
41
       
+
       
  install-system = pkgs.writeShellScriptBin "install-system" ''

     

       
42
       
+
       
    if [ -z "$1" ]; then echo "Hostname unset"; exit; fi

     

       
43
       
+
       


     

       
44
       
+
       
    echo "Installing $1"

     

       
45
       
+
       
    nixos-install --system ${flakeUri}#$1

     

       
46
       
+
       
  '';

     

       
47
       
+
       
in

     

       
48
       
+
       
{

     

       
49
       
+
       
  imports = [

     

       
50
       
+
       
    nixos-hardware.nixosModules.raspberry-pi-4

     

       
51
       
+
       
    "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"

     

       
52
       
+
       
  ];

     

       
53
       
+
       


     

       
54
       
+
       
  config = {

     

       
55
       
+
       
    sdImage.compressImage = false;

     

       
56
       
+
       


     

       
57
       
+
       
    boot.kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4;

     

       
58
       
+
       


     

       
59
       
+
       
    nix.settings = {

     

       
60
       
+
       
      experimental-features = [ "nix-command" "flakes" ];

     

       
61
       
+
       
      extra-substituters = [

     

       
62
       
+
       
        "https://nix-community.cachix.org"

     

       
63
       
+
       
        "https://mrnossiom.cachix.org"

     

       
64
       
+
       
      ];

     

       
65
       
+
       
      extra-trusted-public-keys = [

     

       
66
       
+
       
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="

     

       
67
       
+
       
        "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg="

     

       
68
       
+
       
      ];

     

       
69
       
+
       
    };

     

       
70
       
+
       


     

       
71
       
+
       
    users.users.nixos = {

     

       
72
       
+
       
      isNormalUser = true;

     

       
73
       
+
       
      extraGroups = [ "wheel" ];

     

       
74
       
+
       
      # Add our keys to default users for better remote experience

     

       
75
       
+
       
      openssh.authorizedKeys.keys = keys.users;

     

       
76
       
+
       
    };

     

       
77
       
+
       


     

       
78
       
+
       
    # Start wpa_supplicant right away

     

       
79
       
+
       
    systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];

     

       
80
       
+
       


     

       
81
       
+
       
    services.getty.helpLine = ''

     

       
82
       
+
       
      Available custom tools:

     

       
83
       
+
       
      - File System: ${binName disko-cycle}

     

       
84
       
+
       
      - Installation: ${binName link-hardware-config}, ${binName install-system}

     

       
85
       
+
       


     

       
86
       
+
       
      Troubleshoot:

     

       
87
       
+
       
      - If the disko installer fails to finish due to a dark error just wipe the disk table

     

       
88
       
+
       
        $ parted /dev/<disk-id> -- mklabel gpt

     

       
89
       
+
       
    '';

     

       
90
       
+
       


     

       
91
       
+
       
    environment.systemPackages = [

     

       
92
       
+
       
      disko-cycle

     

       
93
       
+
       
      link-hardware-config

     

       
94
       
+
       
      install-system

     

       
95
       
+
       
    ];

     

       
96
       
+
       


     

       
97
       
+
       
    services.openssh.enable = true;

     

       
98
       
+
       


     

       
99
       
+
       
    security.sudo.wheelNeedsPassword = false;

     

       
100
       
+
       
  };

     

       
101
       
+
       
}

     

···

       
1
       
 
       
{ lib

     

       
2
       
 
       
, pkgs

     

       
0
       
 
       

     

       
3
       
 
       


     

       
4
       
 
       
, modulesPath

     

       
5
       
 
       
, ...

     

       
6
       
 
       
}:

     

       
7
       
 
       


     

       
8
       
 
       
let

     

       
9
       
-
       
  inherit (pkgs) writeShellScriptBin pastebinit;

     

       
10
       
-
       


     

       
11
       
 
       
  keys = import ../../secrets/keys.nix;

     

       
12
       
 
       


     

       
13
       
 
       
  binName = drv: drv.meta.mainProgram;

     

       
14
       
 
       


     

       
15
       
-
       
  flakeUri = "github:mrnossiom/dotfiles/nixos";

     

       
16
       
 
       


     

       
17
       
 
       
  ## Wireless related

     

       
18
       
 
       


     

       
19
       
 
       
  # connect-wifi <interface> <BSSID>

     

       
20
       
-
       
  connect-wifi = writeShellScriptBin "connect-wifi" ''

     

       
21
       
 
       
    if [ -z "$1" ]; then echo "Interface unset"; exit; fi

     

       
22
       
 
       
    if [ -z "$2" ]; then echo "SSID unset"; exit; fi

     

       
23
       
 
       
    

     
···

       
30
       
 
       


     

       
31
       
 
       
  # Does the whole destroy, format, mount disko cycle

     

       
32
       
 
       
  # disko-cycle <hostname>

     

       
33
       
-
       
  disko-cycle = writeShellScriptBin "disko-cycle" ''

     

       
34
       
 
       
    if [ -z "$1" ]; then echo "Hostname unset"; exit; fi

     

       
35
       
 
       


     

       
36
       
 
       
    echo "Running disko destroy, format and mount script for $1"

     
···

       
40
       
 
       


     

       
41
       
 
       
  ## NixOS install related

     

       
42
       
 
       


     

       
43
       
-
       
  # Generates hardware related config and uploads it to pastebin

     

       
44
       
 
       
  # link-hardware-config [root]

     

       
45
       
-
       
  link-hardware-config = writeShellScriptBin "link-hardware-config" ''

     

       
46
       
-
       
    nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe' pastebinit "pastebinit"}

     

       
47
       
 
       
  '';

     

       
48
       
 
       


     

       
49
       
 
       
  # Install specified flake system to /mnt

     
···

       
54
       
 
       
    echo "Installing $1"

     

       
55
       
 
       
    nixos-install --system ${flakeUri}#$1

     

       
56
       
 
       
  '';

     

       
57
       
-
       


     

       
58
       
 
       
in

     

       
59
       
 
       
{

     

       
60
       
 
       
  imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" ];

     

···

       
1
       
 
       
{ lib

     

       
2
       
 
       
, pkgs

     

       
3
       
+
       
, lpkgs

     

       
4
       
 
       


     

       
5
       
 
       
, modulesPath

     

       
6
       
 
       
, ...

     

       
7
       
 
       
}:

     

       
8
       
 
       


     

       
9
       
 
       
let

     

       
0
       
 
       

     

       
0
       
 
       

     

       
10
       
 
       
  keys = import ../../secrets/keys.nix;

     

       
11
       
 
       


     

       
12
       
 
       
  binName = drv: drv.meta.mainProgram;

     

       
13
       
 
       


     

       
14
       
+
       
  flakeUri = "github:mrnossiom/dotfiles";

     

       
15
       
 
       


     

       
16
       
 
       
  ## Wireless related

     

       
17
       
 
       


     

       
18
       
 
       
  # connect-wifi <interface> <BSSID>

     

       
19
       
+
       
  connect-wifi = pkgs.writeShellScriptBin "connect-wifi" ''

     

       
20
       
 
       
    if [ -z "$1" ]; then echo "Interface unset"; exit; fi

     

       
21
       
 
       
    if [ -z "$2" ]; then echo "SSID unset"; exit; fi

     

       
22
       
 
       
    

     
···

       
29
       
 
       


     

       
30
       
 
       
  # Does the whole destroy, format, mount disko cycle

     

       
31
       
 
       
  # disko-cycle <hostname>

     

       
32
       
+
       
  disko-cycle = pkgs.writeShellScriptBin "disko-cycle" ''

     

       
33
       
 
       
    if [ -z "$1" ]; then echo "Hostname unset"; exit; fi

     

       
34
       
 
       


     

       
35
       
 
       
    echo "Running disko destroy, format and mount script for $1"

     
···

       
39
       
 
       


     

       
40
       
 
       
  ## NixOS install related

     

       
41
       
 
       


     

       
42
       
+
       
  # Generates hardware related config and uploads it to a paste service

     

       
43
       
 
       
  # link-hardware-config [root]

     

       
44
       
+
       
  link-hardware-config = pkgs.writeShellScriptBin "link-hardware-config" ''

     

       
45
       
+
       
    nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe lpkgs.paste-rs}

     

       
46
       
 
       
  '';

     

       
47
       
 
       


     

       
48
       
 
       
  # Install specified flake system to /mnt

     
···

       
53
       
 
       
    echo "Installing $1"

     

       
54
       
 
       
    nixos-install --system ${flakeUri}#$1

     

       
55
       
 
       
  '';

     

       
0
       
 
       

     

       
56
       
 
       
in

     

       
57
       
 
       
{

     

       
58
       
 
       
  imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" ];

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{ self

     

       
2
       
+
       
, config

     

       
3
       
+
       
, upkgs

     

       
4
       
+
       
, ...

     

       
5
       
+
       
}:

     

       
6
       
+
       


     

       
7
       
+
       
let

     

       
8
       
+
       
  inherit (self.inputs) srvos agenix tangled;

     

       
9
       
+
       


     

       
10
       
+
       
  all-secrets = import ../../secrets;

     

       
11
       
+
       


     

       
12
       
+
       
  ext-if = "eth0";

     

       
13
       
+
       
  external-ip = "91.99.55.74";

     

       
14
       
+
       
  external-netmask = 27;

     

       
15
       
+
       
  external-gw = "144.x.x.255";

     

       
16
       
+
       
  external-ip6 = "2a01:4f8:c2c:76d2::1";

     

       
17
       
+
       
  external-netmask6 = 64;

     

       
18
       
+
       
  external-gw6 = "fe80::1";

     

       
19
       
+
       


     

       
20
       
+
       
  octoprint-hostname = "print.wiro.world";

     

       
21
       
+
       
  octoprint-port = 3000;

     

       
22
       
+
       
in

     

       
23
       
+
       
{

     

       
24
       
+
       
  imports = [

     

       
25
       
+
       
    srvos.nixosModules.server

     

       
26
       
+
       
    srvos.nixosModules.hardware-hetzner-cloud

     

       
27
       
+
       
    srvos.nixosModules.mixins-terminfo

     

       
28
       
+
       


     

       
29
       
+
       
    agenix.nixosModules.default

     

       
30
       
+
       


     

       
31
       
+
       
    tangled.nixosModules.knotserver

     

       
32
       
+
       
  ];

     

       
33
       
+
       


     

       
34
       
+
       
  config = {

     

       
35
       
+
       
    age.secrets = all-secrets.deploy;

     

       
36
       
+
       


     

       
37
       
+
       
    boot.loader.grub.enable = true;

     

       
38
       
+
       
    boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "ext4" ];

     

       
39
       
+
       


     

       
40
       
+
       
    # Single network card is `eth0`

     

       
41
       
+
       
    networking.usePredictableInterfaceNames = false;

     

       
42
       
+
       


     

       
43
       
+
       
    networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ];

     

       
44
       
+
       


     

       
45
       
+
       
    networking = {

     

       
46
       
+
       
      interfaces.${ext-if} = {

     

       
47
       
+
       
        ipv4.addresses = [{ address = external-ip; prefixLength = external-netmask; }];

     

       
48
       
+
       
        ipv6.addresses = [{ address = external-ip6; prefixLength = external-netmask6; }];

     

       
49
       
+
       
      };

     

       
50
       
+
       
      defaultGateway = { interface = ext-if; address = external-gw; };

     

       
51
       
+
       
      defaultGateway6 = { interface = ext-if; address = external-gw6; };

     

       
52
       
+
       


     

       
53
       
+
       
      firewall.allowedTCPPorts = [ 22 80 443 ];

     

       
54
       
+
       
    };

     

       
55
       
+
       


     

       
56
       
+
       
    services.openssh.enable = true;

     

       
57
       
+
       


     

       
58
       
+
       
    services.fail2ban = {

     

       
59
       
+
       
      enable = true;

     

       
60
       
+
       


     

       
61
       
+
       
      maxretry = 5;

     

       
62
       
+
       
      ignoreIP = [ ];

     

       
63
       
+
       


     

       
64
       
+
       
      bantime = "24h";

     

       
65
       
+
       
      bantime-increment = {

     

       
66
       
+
       
        enable = true;

     

       
67
       
+
       
        multipliers = "1 2 4 8 16 32 64";

     

       
68
       
+
       
        maxtime = "168h";

     

       
69
       
+
       
        overalljails = true;

     

       
70
       
+
       
      };

     

       
71
       
+
       


     

       
72
       
+
       
      jails = { };

     

       
73
       
+
       
    };

     

       
74
       
+
       


     

       
75
       
+
       
    services.caddy = {

     

       
76
       
+
       
      enable = true;

     

       
77
       
+
       
      package = upkgs.caddy;

     

       
78
       
+
       


     

       
79
       
+
       
      globalConfig = ''

     

       
80
       
+
       
        metrics { per_host }

     

       
81
       
+
       
      '';

     

       
82
       
+
       


     

       
83
       
+
       
      virtualHosts.${octoprint-hostname}.extraConfig = ''

     

       
84
       
+
       
        reverse_proxy http://localhost:${toString octoprint-port}

     

       
85
       
+
       
      '';

     

       
86
       
+
       
    };

     

       
87
       
+
       


     

       
88
       
+
       
    services.octoprint = {

     

       
89
       
+
       
      enable = true;

     

       
90
       
+
       
      host = octoprint-hostname;

     

       
91
       
+
       
      port = octoprint-port;

     

       
92
       
+
       
    };

     

       
93
       
+
       


     

       
94
       
+
       
    security.sudo.wheelNeedsPassword = false;

     

       
95
       
+
       


     

       
96
       
+
       
    local.fragment.nix.enable = true;

     

       
97
       
+
       


     

       
98
       
+
       
    programs.fish.enable = true;

     

       
99
       
+
       
  };

     

       
100
       
+
       
}

     

···

       
9
       
 
       
  find-unicode = pkgs.callPackage ./find-unicode.nix { };

     

       
10
       
 
       
  names = pkgs.callPackage ./names.nix { };

     

       
11
       
 
       
  otree = pkgs.callPackage ./otree.nix { };

     

       
0
       
 
       

     

       
12
       
 
       
  probe-rs-udev-rules = pkgs.callPackage ./probe-rs-udev-rules.nix { };

     

       
13
       
 
       


     

       
14
       
 
       
  # Import packages defined in foreign repositories

     

···

       
9
       
 
       
  find-unicode = pkgs.callPackage ./find-unicode.nix { };

     

       
10
       
 
       
  names = pkgs.callPackage ./names.nix { };

     

       
11
       
 
       
  otree = pkgs.callPackage ./otree.nix { };

     

       
12
       
+
       
  paste-rs = pkgs.callPackage ./paste-rs.nix { };

     

       
13
       
 
       
  probe-rs-udev-rules = pkgs.callPackage ./probe-rs-udev-rules.nix { };

     

       
14
       
 
       


     

       
15
       
 
       
  # Import packages defined in foreign repositories

     

···

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

···

       
1
       
+
       
{ writeShellApplication

     

       
2
       
+
       


     

       
3
       
+
       
, curl

     

       
4
       
+
       
}:

     

       
5
       
+
       


     

       
6
       
+
       
writeShellApplication {

     

       
7
       
+
       
  name = "pasters";

     

       
8
       
+
       
  runtimeInputs = [ curl ];

     

       
9
       
+
       
  text = ''

     

       
10
       
+
       
    curl --data-binary @- https://paste.rs/

     

       
11
       
+
       
  '';

     

       
12
       
+
       
}