aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[WIP] New hosts

Browse source
This commit is contained in:
Andrea Ciceri 2022-10-08 17:37:56 +02:00
parent c40493fe2a
commit 6d8b757919
No known key found for this signature in database
GPG key ID: A1FC89532D1C5654
14 changed files with 632 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/build.yaml vendored
View file

@ -38,3 +38,20 @@ jobs:
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix --print-build-logs --verbose build --allow-import-from-derivation .#nixosConfigurations.thinkpad.config.system.build.toplevel - run: nix --print-build-logs --verbose build --allow-import-from-derivation .#nixosConfigurations.thinkpad.config.system.build.toplevel
build-hs:
if: ${{ always() }}
needs: check
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: cachix/install-nix-action@v17
- uses: cachix/cachix-action@v10
with:
name: aciceri-fleet
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix --print-build-logs --verbose build --allow-import-from-derivation .#nixosConfigurations.hs.config.system.build.toplevel

10
flake.lock generated
View file

@ -366,15 +366,15 @@
}, },
"nixosHardware": { "nixosHardware": {
"locked": { "locked": {
"lastModified": 1664784436, "lastModified": 1665040200,
"narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "narHash": "sha256-glqL6yj3aUm40y92inzRmowGt9aIrUrpBX7eBAMic4I=",
"owner": "aciceri", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "27cc372c162529cebfbac91a56e7e22756f37435", "rev": "47fd70289491c1f0c0d9a1f44fb5a9e2801120c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "aciceri", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"type": "github" "type": "github"
} }

2
flake.nix
View file

@ -4,7 +4,7 @@
inputs = { inputs = {
nixpkgsUnstable.url = github:NixOS/nixpkgs/nixos-unstable; nixpkgsUnstable.url = github:NixOS/nixpkgs/nixos-unstable;
nixpkgsStable.url = github:NixOS/nixpkgs/nixos-22.05; nixpkgsStable.url = github:NixOS/nixpkgs/nixos-22.05;
nixosHardware.url = github:aciceri/nixos-hardware; nixosHardware.url = github:NixOS/nixos-hardware;
homeManager = { homeManager = {
url = github:nix-community/home-manager; url = github:nix-community/home-manager;
inputs.nixpkgs.follows = "nixpkgsUnstable"; inputs.nixpkgs.follows = "nixpkgsUnstable";

3
hmModules/xdg/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
xdg.enable = true;
}

363
hosts/hs/default.nix Normal file
View file

@ -0,0 +1,363 @@
{
fleetModules,
pkgs,
lib,
...
}: {
imports =
[
./hardware-configuration.nix
]
++ fleetModules [
"common"
"ccr"
"ssh"
];
ccr = {
enable = true;
modules = [
"shell"
"git"
];
packages = [];
extraGroups = [
"wheel"
"fuse"
"networkmanager"
];
};
systemd.services.standby-sdb = {
description = "Set spindown time (sleep) for /dev/sdb ";
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdb";
};
};
systemd.services.standby-sdc = {
description = "Set spindown time (sleep) for /dev/sdc ";
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdc";
};
};
systemd.services.amuled.serviceConfig.Restart = pkgs.lib.mkForce "always";
users.users.amule = {
isNormalUser = false;
isSystemUser = true;
group = "amule";
};
users.groups."amule" = {};
services = {
samba-wsdd = {
enable = true;
workgroup = "WORKGROUP";
hostname = "nas";
discovery = true;
};
samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = nas
netbios name = nas
security = user
map to guest = bad user
vfs objects = recycle
recycle:repository = .recycle
recycle:keeptree = yes
recycle:versions = yes
'';
shares = {
archivio = {
path = "/mnt/archivio/archivio";
comment = "archivio";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
film = {
path = "/mnt/film/film";
comment = "film";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
transmission = {
path = "/mnt/archivio/transmission";
comment = "transmission";
"force user" = "transmission";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
amule = {
path = "/mnt/archivio/amule";
comment = "amule";
"force user" = "ccr";
browseable = "yes";
writeable = "yes";
"guest ok" = "yes";
"read only" = "no";
};
musica = {
path = "/mnt/film/musica";
comment = "music";
"force user" = "ccr";
browseable = "yes";
writeable = "no";
"guest ok" = "yes";
"read only" = "no";
};
};
};
transmission = {
enable = true;
# the following json is merged to this attrset, it must have `rpc-username` and `rpc-password`
credentialsFile = "/mnt/archivio/transmission/credentials.json";
settings = {
download-dir = "/mnt/archivio/transmission/";
incomplete-dir = "/mnt/archivio/transmission/.incomplete";
incomplete-dir-enabled = true;
rpc-port = 9091;
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
rpc-authentication-required = true;
};
};
amule = {
dataDir = "/mnt/archivio/amule";
enable = true;
user = "amule";
};
calibre-web = {
enable = true;
listen = {
ip = "0.0.0.0";
port = 9092;
};
options.calibreLibrary = "/mnt/archivio/calibre/";
openFirewall = true;
};
syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
dataDir = "/mnt/archivio/syncthing";
user = "ccr";
overrideDevices = false;
overrideFolders = false;
folders = {
"/mnt/archivio/syncthing/camera" = {
id = "camera";
};
"/mnt/archivio/syncthing/orgzly" = {
id = "orgzly";
};
"/mnt/archivio/syncthing/roam" = {
id = "roam";
};
"/mnt/archivio/syncthing/whatsapp" = {
id = "whatsapp";
};
"/mnt/archivio/syncthing/calls" = {
id = "calls";
};
};
};
navidrome = {
enable = false;
settings = {
Address = "0.0.0.0";
Port = 9093;
MusicFolder = "/mnt/film/musica";
DataFolder = "/mnt/film/musica/.navidrome";
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "10G"; # max file size for uploads
commonHttpConfig = ''
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
'';
virtualHosts = {
"torrent.ccr.ydns.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9091";
};
};
"sync.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:8384";
};
};
"books.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:9092";
};
};
"music.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:9093";
};
};
"gate.ccr.ydns.eu" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://192.168.1.71:80";
};
};
};
};
};
systemd.services.ydns = let
ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" ''
USER="andrea.ciceri@autistici.org"
PASSWORD=$(cat /home/ccr/.ydns-password)
DOMAIN="ccr.ydns.eu"
for SUBDOMAIN in "books" "music" "sync" "torrent" "gate"
do
HOST="$SUBDOMAIN.$DOMAIN"
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST
done
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN
'';
in {
description = "YDNS IP updater";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
User = "root";
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater";
};
};
# TODO It seems to not work
systemd.timers.ydnsUpdater = {
wantedBy = ["timers.target"];
partOf = ["ydnsUpdater.service"];
timerConfig = {
OnCalendar = "*-*-* *:00:00"; # hourly
Unit = "ydnsUpdater.service";
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
80 # http
139 # samba
443 # https
445 # samba
4712 # amule
4711 # amule web gui
8384 # syncthing
];
allowedUDPPorts = [
137 # samba
138 # samba
51820 # wireguard
];
};
networking.nat.enable = true;
networking.nat.externalInterface = "enp0s10";
networking.nat.internalInterfaces = ["wg0"];
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = ["10.100.0.1/24"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp0s10 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp0s10 -j MASQUERADE
'';
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/home/ccr/wireguard-keys/private";
peers = [
# List of allowed peers.
{
# Feel free to give a meaning full name
# Public key of the peer (not a file path).
publicKey = "fCwjd75CefC9A7WqO7s3xfOk2nRcoTKfnAzDT6Lc5AA=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["10.100.0.2/32"];
}
];
};
};
security.acme = {
acceptTerms = true;
defaults.email = "andrea.ciceri@autistici.org";
};
nix = {
gc = {
automatic = true;
options = lib.mkForce "--delete-older-than 3d";
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

27
hosts/hs/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
boot = {
initrd.availableKernelModules = ["ohci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
loader.grub = lib.mkForce {
enable = true;
version = 2;
device = "/dev/disk/by-id/ata-OCZ-VERTEX_TMHAK8OARSURAIF6N1A5";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
};
"/mnt/archivio" = {
device = "/dev/disk/by-label/archivio";
fsType = "ext4";
};
"/mnt/film" = {
device = "/dev/disk/by-label/film";
fsType = "ext4";
};
};
swapDevices = [{device = "/dev/disk/by-label/swap";}];
}

20
hosts/pbp/default.nix Normal file
View file

@ -0,0 +1,20 @@
{
fleetModules,
pkgs,
lib,
...
}: {
imports =
[
./hardware-configuration.nix
]
++ fleetModules [
"common"
"ssh"
"ccr"
#"mara"
];
ccr.enable = true;
# mara.enable = true;
}

67
hosts/pbp/hardware-configuration.nix Normal file
View file

@ -0,0 +1,67 @@
{
config,
lib,
pkgs,
...
}: {
boot = {
initrd.availableKernelModules = ["usbhid"];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
hardware = {
opengl.enable = true;
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true;
settings = {
General = {
MultiProfile = "multiple";
ControllerMode = "dual";
AutoConnect = true;
};
Policy = {
AutoEnable = true;
};
};
};
};
services.blueman.enable = true;
networking = {
useDHCP = false;
interfaces.wlan0.useDHCP = true;
networkmanager.enable = true;
};
time.timeZone = "Europe/Rome";
fileSystems = {
"/" = {
device = "/dev/nvme0n1p1";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/C406-2AFC";
fsType = "vfat";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/e236d328-496e-4cf8-ba54-857789ca258f";}];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
services.logind.extraConfig = ''
HandlePowerKey=ignore
'';
}

42
hosts/thinkpad/default.nix
View file

@ -12,10 +12,10 @@
] ]
++ fleetModules [ ++ fleetModules [
"common" "common"
"ccr"
"fonts" "fonts"
"dbus" "dbus"
"audio" "audio"
"ccr"
"battery" "battery"
"ssh" "ssh"
"adb" "adb"
@ -24,13 +24,53 @@
"docker" "docker"
"transmission" "transmission"
"fprintd" "fprintd"
"binfmt"
]; ];
ccr = {
enable = true;
autologin = true;
modules = [
"shell"
"sway"
"emacs"
"mpv"
"firefox"
"qutebrowser"
"git"
"gpg"
"password-store"
"slack"
"chrome"
"vscode"
"element"
"udiskie"
"discord"
"cura"
"xdg"
];
packages = with pkgs; [
comma
];
extraGroups = [
"wheel"
"fuse"
"video"
"adbusers"
"docker"
"networkmanager"
"dialout"
"bluetooth"
"camera"
];
};
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

11
modules/binfmt/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
config,
lib,
pkgs,
...
}: {
boot.binfmt.emulatedSystems = ["aarch64-linux"];
nix.extraOptions = ''
extra-platforms = aarch64-linux arm-linux
'';
}

101
modules/ccr/default.nix
View file

@ -5,63 +5,68 @@
fleetHmModules, fleetHmModules,
... ...
}: { }: {
users.users.ccr = { options.ccr = {
uid = 1000; enable = lib.mkOption {
hashedPassword = "$6$JGOefuRk7kL$fK9.5DFnLLoW08GL4eKRyf958jyZdw//hLMaz4pp28jJuSFb24H6R3dgt1.sMs0huPY85rludSw4dnQJG5xSw1"; # mkpasswd -m sha-512 type = lib.types.bool;
description = "Andrea Ciceri"; default = false;
isNormalUser = true; };
extraGroups = [
"wheel" modules = lib.mkOption {
"fuse" type = with lib.types; listOf str;
"video" default = ["shell" "git"];
"adbusers" };
"docker"
"networkmanager" packages = lib.mkOption {
"dialout" type = with lib.types; listOf package;
"bluetooth" default = [];
"camera" };
];
shell = pkgs.zsh; autologin = lib.mkOption {
openssh.authorizedKeys.keys = [ type = lib.types.bool;
default = false;
};
authorizedKeys = lib.mkOption {
type = with lib.types; listOf str;
default = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmn7H6wxrxCHypvY74Z6pBr5G6v564NaUZb9xIILV92JEdpZzuTLLlP+JkMx/8MLRy+pC7prMwR+FhH+LaTm/9x3T6FYP/q9UIAL3cFwBAwj5XQXQKzx9f6pX/7iJrMfAUQ+ZrRUNJHt5Gl+8UypmDgnQLuv5vmQSMRzKnUPuu4lCJtWOpSPhXffz3Ec1tm5nAMuxIMRPY91PYu1fMLlFrjB1FX1goVHKB1uWx16GjJszYCVbN6xcPac0sgUg+qNGBhWkUh0F073rhepQJeWp5FtwIxe2zRsZBxxTy5qxNLmHzBeNDxlOkcy2/Lr+BxVy+mhF/2fJziX80/bWSEA1" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmn7H6wxrxCHypvY74Z6pBr5G6v564NaUZb9xIILV92JEdpZzuTLLlP+JkMx/8MLRy+pC7prMwR+FhH+LaTm/9x3T6FYP/q9UIAL3cFwBAwj5XQXQKzx9f6pX/7iJrMfAUQ+ZrRUNJHt5Gl+8UypmDgnQLuv5vmQSMRzKnUPuu4lCJtWOpSPhXffz3Ec1tm5nAMuxIMRPY91PYu1fMLlFrjB1FX1goVHKB1uWx16GjJszYCVbN6xcPac0sgUg+qNGBhWkUh0F073rhepQJeWp5FtwIxe2zRsZBxxTy5qxNLmHzBeNDxlOkcy2/Lr+BxVy+mhF/2fJziX80/bWSEA1"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDynKeHTnXOTCi+MH2agM4k5uBkTL+W5xkL/ep3DKuTIb9MbKjHkRIquSdVRAit4ZQVQN+S3yoCXCRdLLurM3/a6C7vc/a3UfGPyV/oDYDCdHNsOwimqIQg8Pc0WtnevLpZTC2VR4UU8zzaD/mmEWqxNszaNNUve+Fy0lwg6jn6vTnQCupbyMnghherozPJu94H/JLuDEcPT0wZUmBjhjT+yHp65Yk8hKVb1jRqEdjAHM4yZf6ceIxI9NMGeSnAKf/b8IsO6y7A93NZ75CnD6AW9Rclemi+nOqZo9zQ2m2LRtMTHSoNOLLkNQCCD+l2G4w1wPMONw4mz1vR917iJdd+5BXDtEVwScDfOmqVewynxkfztSvB+qTDzdqde3NO8fFA8jMk3rUXXfIl/Yb0G87wVT/Jcl7+ZBch8s+ljPsmyy5RY+uXLgKgE1tne0KJuzeJtxSAzTrPUhILB/A8PuJUzVGVWAdGRcusOc/0SdsluFsa11E0D946JcgNo72bWm0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDynKeHTnXOTCi+MH2agM4k5uBkTL+W5xkL/ep3DKuTIb9MbKjHkRIquSdVRAit4ZQVQN+S3yoCXCRdLLurM3/a6C7vc/a3UfGPyV/oDYDCdHNsOwimqIQg8Pc0WtnevLpZTC2VR4UU8zzaD/mmEWqxNszaNNUve+Fy0lwg6jn6vTnQCupbyMnghherozPJu94H/JLuDEcPT0wZUmBjhjT+yHp65Yk8hKVb1jRqEdjAHM4yZf6ceIxI9NMGeSnAKf/b8IsO6y7A93NZ75CnD6AW9Rclemi+nOqZo9zQ2m2LRtMTHSoNOLLkNQCCD+l2G4w1wPMONw4mz1vR917iJdd+5BXDtEVwScDfOmqVewynxkfztSvB+qTDzdqde3NO8fFA8jMk3rUXXfIl/Yb0G87wVT/Jcl7+ZBch8s+ljPsmyy5RY+uXLgKgE1tne0KJuzeJtxSAzTrPUhILB/A8PuJUzVGVWAdGRcusOc/0SdsluFsa11E0D946JcgNo72bWm0="
]; ];
}; };
services.getty.autologinUser = "ccr"; hashedPassword = lib.mkOption {
type = lib.types.str;
default = "$6$JGOefuRk7kL$fK9.5DFnLLoW08GL4eKRyf958jyZdw//hLMaz4pp28jJuSFb24H6R3dgt1.sMs0huPY85rludSw4dnQJG5xSw1"; # mkpasswd -m sha-512
};
extraGroups = lib.mkOption {
type = with lib.types; listOf str;
default = ["wheel" "fuse" "networkmanager" "dialout"];
};
};
config = lib.mkIf config.ccr.enable {
users.users.ccr = {
uid = 1000;
hashedPassword = config.ccr.hashedPassword;
description = "Andrea Ciceri";
isNormalUser = true;
extraGroups = config.ccr.extraGroups;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = config.ccr.authorizedKeys;
};
services.getty.autologinUser =
if config.ccr.autologin
then "ccr"
else null;
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.ccr = { home-manager.users.ccr = {
imports = fleetHmModules [ imports = fleetHmModules config.ccr.modules;
"shell" home.packages = config.ccr.packages;
"sway"
"emacs"
"mpv"
"firefox"
"qutebrowser"
"git"
"gpg"
"password-store"
"slack"
"chrome"
"vscode"
"element"
"udiskie"
"discord"
"cura"
];
home.packages = with pkgs; [
comma
];
home.stateVersion = config.system.stateVersion; home.stateVersion = config.system.stateVersion;
# TODO move away from here };
xdg.enable = true;
# home.pointerCursor = {
# x11.enable = true;
# size = 32;
# package = pkgs.vanilla-dmz;
# name = "Vanilla-DMZ";
# };
}; };
} }

1
modules/common/default.nix
View file

@ -11,6 +11,7 @@
time.timeZone = lib.mkDefault "Europe/Rome"; time.timeZone = lib.mkDefault "Europe/Rome";
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
users.mutableUsers = false; users.mutableUsers = false;
# TODO remove
users.users.root.password = "password"; users.users.root.password = "password";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";

3
modules/ssh/default.nix
View file

@ -1,3 +1,6 @@
{ {
services.sshd.enable = true; services.sshd.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmn7H6wxrxCHypvY74Z6pBr5G6v564NaUZb9xIILV92JEdpZzuTLLlP+JkMx/8MLRy+pC7prMwR+FhH+LaTm/9x3T6FYP/q9UIAL3cFwBAwj5XQXQKzx9f6pX/7iJrMfAUQ+ZrRUNJHt5Gl+8UypmDgnQLuv5vmQSMRzKnUPuu4lCJtWOpSPhXffz3Ec1tm5nAMuxIMRPY91PYu1fMLlFrjB1FX1goVHKB1uWx16GjJszYCVbN6xcPac0sgUg+qNGBhWkUh0F073rhepQJeWp5FtwIxe2zRsZBxxTy5qxNLmHzBeNDxlOkcy2/Lr+BxVy+mhF/2fJziX80/bWSEA1"
];
} }

14
utils/default.nix
View file

@ -8,7 +8,10 @@
comma, comma,
... ...
}: let }: let
supportedSystems = {x86_64-linux = "x86_64-linux";}; supportedSystems = {
x86_64-linux = "x86_64-linux";
aarch64-linux = "aarch64-linux";
};
pkgsFor = lib.genAttrs (lib.attrValues supportedSystems) (system: nixpkgsUnstable.legacyPackages.${system}); pkgsFor = lib.genAttrs (lib.attrValues supportedSystems) (system: nixpkgsUnstable.legacyPackages.${system});
@ -52,6 +55,15 @@
system = supportedSystems.x86_64-linux; system = supportedSystems.x86_64-linux;
modules = [nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen]; modules = [nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen];
}; };
hs = mkConfiguration {
name = "hs";
system = supportedSystems.x86_64-linux;
};
pbp = mkConfiguration {
name = "pbp";
system = supportedSystems.aarch64-linux;
modules = ["${nixosHardware}/pine64/pinebook-pro"];
};
}; };
mkVmApp = system: configuration: let mkVmApp = system: configuration: let