aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests1 Projects Releases Packages Wiki Activity Actions

Reformat everything

Browse source
This commit is contained in:
Andrea Ciceri 2024-09-20 11:37:17 +02:00
parent 5f644d0ccd
commit a394b9cefd
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
167 changed files with 2795 additions and 2122 deletions

3
hosts/archer/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.vim
];

5
hosts/beebox/default.nix
View file

@ -1,9 +1,8 @@
{
fleetModules,
pkgs,
lib,
...
}: {
}:
{
imports =
[
./hardware-configuration.nix

19
hosts/beebox/hardware-configuration.nix
View file

@ -7,15 +7,22 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -31,7 +38,7 @@
};
swapDevices = [
{device = "/dev/disk/by-label/swap";}
{ device = "/dev/disk/by-label/swap"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

39
hosts/default.nix
View file

@ -1,16 +1,14 @@
{
self,
lib,
config,
inputs,
...
}: {
imports = [./module.nix];
}:
{
imports = [ ./module.nix ];
fleet = {
darwinHosts.archer = {};
darwinHosts.archer = { };
nixOnDroidHosts.janeway = {};
nixOnDroidHosts.janeway = { };
hosts = {
# thinkpad = {
@ -74,10 +72,11 @@
# };
deltaflyer = {
nixpkgs = let
# keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix
rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4";
in
nixpkgs =
let
# keep in sync with https://github.com/NixOS/mobile-nixos/blob/development/pkgs.nix
rev = "44d0940ea560dee511026a53f0e2e2cde489b4d4";
in
builtins.getFlake "github:NixOS/nixpkgs/${rev}";
extraHmModules = [
# inputs.ccrEmacs.hmModules.default
@ -88,10 +87,10 @@
};
homeManager = builtins.getFlake "github:nix-community/home-manager/670d9ecc3e46a6e3265c203c2d136031a3d3548e";
extraModules = [
(import "${inputs.mobile-nixos}/lib/configuration.nix" {device = "oneplus-fajita";})
(import "${inputs.mobile-nixos}/lib/configuration.nix" { device = "oneplus-fajita"; })
];
secrets = {
"deltaflyer-wireguard-private-key" = {};
"deltaflyer-wireguard-private-key" = { };
"chatgpt-token".owner = "ccr";
};
};
@ -111,12 +110,12 @@
"${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix"
];
secrets = {
"kirk-wireguard-private-key" = {};
"kirk-wireguard-private-key" = { };
"chatgpt-token".owner = "ccr";
"cachix-personal-token".owner = "ccr";
"git-workspace-tokens".owner = "ccr";
"autistici-password".owner = "ccr";
"restic-hetzner-password" = {};
"restic-hetzner-password" = { };
};
};
@ -137,7 +136,7 @@
inputs.vscode-server.nixosModules.home
];
secrets = {
"picard-wireguard-private-key" = {};
"picard-wireguard-private-key" = { };
"chatgpt-token".owner = "ccr";
"cachix-personal-token".owner = "ccr";
"hercules-ci-join-token".owner = "hercules-ci-agent";
@ -145,7 +144,7 @@
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
"git-workspace-tokens".owner = "ccr";
"autistici-password".owner = "ccr";
"restic-hetzner-password" = {};
"restic-hetzner-password" = { };
"aws-credentials".owner = "hercules-ci-agent";
"forgejo-runners-token".owner = "nixuser";
"forgejo-nix-access-tokens".owner = "nixuser";
@ -166,7 +165,7 @@
# rock5b.nixosModules.default
];
secrets = {
"sisko-wireguard-private-key" = {};
"sisko-wireguard-private-key" = { };
"hercules-ci-join-token".owner = "hercules-ci-agent";
"hercules-ci-binary-caches".owner = "hercules-ci-agent";
"hercules-ci-secrets-json".owner = "hercules-ci-agent";
@ -174,8 +173,8 @@
"home-planimetry".owner = "hass";
"home-assistant-token".owner = "prometheus";
"grafana-password".owner = "grafana";
"cloudflare-dyndns-api-token" = {};
"restic-hetzner-password" = {};
"cloudflare-dyndns-api-token" = { };
"restic-hetzner-password" = { };
# "minio-credentials".owner = "minio";
# "aws-credentials".owner = "hercules-ci-agent";
"hass-ssh-key".owner = "hass";

53
hosts/deltaflyer/default.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: {
}:
{
imports =
fleetModules [
"common"
@ -41,7 +42,10 @@
# Networking, modem and misc.
{
# Ensures any rndis config from stage-1 is not clobbered by NetworkManager
networking.networkmanager.unmanaged = ["rndis0" "usb0"];
networking.networkmanager.unmanaged = [
"rndis0"
"usb0"
];
# Setup USB gadget networking in initrd...
mobile.boot.stage-1.networking.enable = lib.mkDefault true;
@ -75,13 +79,14 @@
"video"
"wheel"
];
backupPaths = [];
backupPaths = [ ];
};
}
{
system.stateVersion = "24.11";
nixpkgs.config.allowUnfreePredicate = pkg:
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"oneplus-sdm845-firmware-zstd"
"oneplus-sdm845-firmware-xz"
@ -106,21 +111,23 @@
bind = $mod, r, exec, rotate-screen hor
bind = $mod SHIFT, r, exec, rotate-screen ver
'';
home.packages = let
rotateScript = pkgs.writeShellApplication {
name = "rotate-screen";
runtimeInputs = [pkgs.hyprland];
text = ''
if [[ "$1" == "hor" ]]; then
hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1
hyprctl keyword input:touchdevice:transform 1
elif [[ "$1" == "ver" ]]; then
hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0
hyprctl keyword input:touchdevice:transform 0
fi
'';
};
in [rotateScript];
home.packages =
let
rotateScript = pkgs.writeShellApplication {
name = "rotate-screen";
runtimeInputs = [ pkgs.hyprland ];
text = ''
if [[ "$1" == "hor" ]]; then
hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,1
hyprctl keyword input:touchdevice:transform 1
elif [[ "$1" == "ver" ]]; then
hyprctl keyword monitor DSI-1,1080x2340,0x0,2,transform,0
hyprctl keyword input:touchdevice:transform 0
fi
'';
};
in
[ rotateScript ];
services.swayidle.enable = lib.mkForce false;
}
];
@ -138,7 +145,13 @@
zramSwap.enable = lib.mkDefault true;
boot.binfmt.emulatedSystems = lib.mkForce ["x86_64-linux" "i686-linux" "i386-linux" "i486-linux" "i586-linux"];
boot.binfmt.emulatedSystems = lib.mkForce [
"x86_64-linux"
"i686-linux"
"i386-linux"
"i486-linux"
"i586-linux"
];
}
];
}

5
hosts/deltaflyer/plasma-mobile.nix
View file

@ -2,11 +2,10 @@
# Minimum config used to enable Plasma Mobile.
#
{
config,
lib,
pkgs,
...
}: {
}:
{
mobile.beautification = {
silentBoot = lib.mkDefault false;
splash = lib.mkDefault false;

27
hosts/devbox/default.nix
View file

@ -4,7 +4,8 @@
lib,
pkgs,
...
}: {
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
@ -42,17 +43,29 @@
};
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook];
fonts = with pkgs; [
powerline-fonts
dejavu_fonts
fira-code
fira-code-symbols
emacs-all-the-icons-fonts
nerdfonts
joypixels
etBook
];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
serif = ["DejaVu Serif"];
monospace = [ "DejaVu Sans Mono for Powerline" ];
sansSerif = [ "DejaVu Sans" ];
serif = [ "DejaVu Serif" ];
};
};
nixpkgs.config.joypixels.acceptLicense = true;
environment.systemPackages = with pkgs; [waypipe firefox];
environment.systemPackages = with pkgs; [
waypipe
firefox
];
programs.mosh.enable = true;
@ -61,7 +74,7 @@
};
boot.loader.grub = {
devices = ["/dev/sda"];
devices = [ "/dev/sda" ];
efiSupport = true;
efiInstallAsRemovable = true;
};

7
hosts/devbox/disko.nix
View file

@ -1,9 +1,10 @@
# Example to create a bios compatible gpt partition
{
lib,
disks ? ["/dev/sda"],
disks ? [ "/dev/sda" ],
...
}: {
}:
{
disk = lib.genAttrs disks (dev: {
device = dev;
type = "disk";
@ -17,7 +18,7 @@
start = "0";
end = "1M";
part-type = "primary";
flags = ["bios_grub"];
flags = [ "bios_grub" ];
}
{
type = "partition";

69
hosts/hs/default.nix
View file

@ -4,7 +4,8 @@
lib,
config,
...
}: {
}:
{
imports =
[
./hardware-configuration.nix
@ -21,7 +22,7 @@
"shell"
"git"
];
packages = [];
packages = [ ];
extraGroups = [
"wheel"
"fuse"
@ -31,7 +32,7 @@
systemd.services.standby-sdb = {
description = "Set spindown time (sleep) for /dev/sdb ";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdb";
@ -40,7 +41,7 @@
systemd.services.standby-sdc = {
description = "Set spindown time (sleep) for /dev/sdc ";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.hdparm}/bin/hdparm -B 127 -S 241 /dev/sdc";
@ -54,7 +55,7 @@
isSystemUser = true;
group = "amule";
};
users.groups."amule" = {};
users.groups."amule" = { };
services = {
samba-wsdd = {
@ -261,33 +262,35 @@
};
};
systemd.services.ydns = let
ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" ''
USER="andrea.ciceri@autistici.org"
PASSWORD=$(cat /home/ccr/.ydns-password)
DOMAIN="ccr.ydns.eu"
for SUBDOMAIN in "books" "music" "sync" "torrent" "gate"
do
HOST="$SUBDOMAIN.$DOMAIN"
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST
done
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN
'';
in {
description = "YDNS IP updater";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
User = "root";
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater";
systemd.services.ydns =
let
ydnsUpdater = pkgs.writeScriptBin "ydnsUpdater" ''
USER="andrea.ciceri@autistici.org"
PASSWORD=$(cat /home/ccr/.ydns-password)
DOMAIN="ccr.ydns.eu"
for SUBDOMAIN in "books" "music" "sync" "torrent" "gate"
do
HOST="$SUBDOMAIN.$DOMAIN"
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$HOST
done
${pkgs.curl}/bin/curl --basic -u "$USER:$PASSWORD" --silent https://ydns.io/api/v1/update/?host=$DOMAIN
'';
in
{
description = "YDNS IP updater";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "root";
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${ydnsUpdater}/bin/ydnsUpdater";
};
};
};
systemd.services.wstunnel = {
description = "WSTunnel";
wantedBy = ["multi-user.target"];
after = ["network.target"];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "root";
Type = "oneshot";
@ -297,8 +300,8 @@
# TODO It seems to not work
systemd.timers.ydnsUpdater = {
wantedBy = ["timers.target"];
partOf = ["ydnsUpdater.service"];
wantedBy = [ "timers.target" ];
partOf = [ "ydnsUpdater.service" ];
timerConfig = {
OnCalendar = "*-*-* *:00:00"; # hourly
Unit = "ydnsUpdater.service";
@ -330,13 +333,13 @@
networking.nat.enable = true;
networking.nat.externalInterface = "enp0s10";
networking.nat.internalInterfaces = ["wg0"];
networking.nat.internalInterfaces = [ "wg0" ];
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = ["10.100.0.1/24"];
ips = [ "10.100.0.1/24" ];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820;
@ -366,7 +369,7 @@
# Public key of the peer (not a file path).
publicKey = "fCwjd75CefC9A7WqO7s3xfOk2nRcoTKfnAzDT6Lc5AA=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["10.100.0.2/32"];
allowedIPs = [ "10.100.0.2/32" ];
}
];
};

14
hosts/hs/hardware-configuration.nix
View file

@ -1,6 +1,14 @@
{lib, ...}: {
{ lib, ... }:
{
boot = {
initrd.availableKernelModules = ["ohci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
initrd.availableKernelModules = [
"ohci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
loader.grub = lib.mkForce {
enable = true;
version = 2;
@ -23,5 +31,5 @@
};
};
swapDevices = [{device = "/dev/disk/by-label/swap";}];
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
}

99
hosts/janeway/default.nix
View file

@ -1,14 +1,15 @@
{
config,
lib,
pkgs,
fleetFlake,
...
}: let
}:
let
sshdTmpDirectory = "${config.user.home}/sshd-tmp";
sshdDirectory = "${config.user.home}/sshd";
port = 8022;
in {
in
{
# Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
@ -23,54 +24,60 @@ in {
# Set your time zone
time.timeZone = "Europe/Rome";
home-manager.config = {pkgs, ...}: {
home.stateVersion = "24.05";
_module.args = {
hostname = "janeway";
age.secrets = {};
home-manager.config =
{ ... }:
{
home.stateVersion = "24.05";
_module.args = {
hostname = "janeway";
age.secrets = { };
};
imports = [ ../../hmModules/shell ];
};
imports = [../../hmModules/shell];
};
build.activation.sshd = let
keys = (builtins.import ../../lib).keys;
inherit (keys) hosts users;
in ''
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
$DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys"
build.activation.sshd =
let
keys = (builtins.import ../../lib).keys;
inherit (keys) hosts users;
in
''
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
$DRY_RUN_CMD echo ${hosts.picard} > "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${hosts.sisko} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${hosts.kirk} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-ssh} >> "${config.user.home}/.ssh/authorized_keys"
$DRY_RUN_CMD echo ${users.ccr-gpg} >> "${config.user.home}/.ssh/authorized_keys"
if [[ ! -d "${sshdDirectory}" ]]; then
$DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"
if [[ ! -d "${sshdDirectory}" ]]; then
$DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"
$VERBOSE_ECHO "Generating host keys..."
$DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""
$VERBOSE_ECHO "Generating host keys..."
$DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""
$VERBOSE_ECHO "Writing sshd_config..."
$DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"
$VERBOSE_ECHO "Writing sshd_config..."
$DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"
$DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
fi
'';
$DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
fi
'';
environment.packages = let
inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs;
in [
pkgs.bottom
pkgs.helix
pkgs.stress
pkgs.openssh
pkgs.git
pkgs.btop
ccrEmacs
(pkgs.writeScriptBin "sshd-start" ''
#!${pkgs.runtimeShell}
echo "Starting sshd in non-daemonized way on port ${toString port}"
${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
'')
];
environment.packages =
let
inherit (fleetFlake.inputs.ccrEmacs.packages.aarch64-linux) ccrEmacs;
in
[
pkgs.bottom
pkgs.helix
pkgs.stress
pkgs.openssh
pkgs.git
pkgs.btop
ccrEmacs
(pkgs.writeScriptBin "sshd-start" ''
#!${pkgs.runtimeShell}
echo "Starting sshd in non-daemonized way on port ${toString port}"
${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
'')
];
}

10
hosts/kirk/default.nix
View file

@ -1,10 +1,10 @@
{
fleetModules,
lib,
pkgs,
config,
...
}: {
}:
{
imports =
fleetModules [
"common"
@ -67,11 +67,11 @@
"zulip"
"calibre"
];
extraGroups = [];
backupPaths = [];
extraGroups = [ ];
backupPaths = [ ];
};
boot.initrd.kernelModules = ["i915"];
boot.initrd.kernelModules = [ "i915" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"

520
hosts/module.nix
View file

@ -8,107 +8,208 @@
config,
inputs,
...
} @ flakePartsArgs: let
}:
let
cfg = config.fleet;
in {
in
{
options.fleet = {
darwinHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "x86_64-darwin";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [];
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
});
default = [];
};
};
}));
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "x86_64-darwin";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [ ];
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (
lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
}
);
default = [ ];
};
};
}
)
);
};
nixOnDroidHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "aarch64-linux";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [];
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
});
default = [];
};
};
}));
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "aarch64-linux";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [ ];
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (
lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
}
);
default = [ ];
};
};
}
)
);
};
hosts = lib.mkOption {
description = "Host configuration";
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "x86_64-linux";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
homeManager = lib.mkOption {
description = "Used home-manager";
type = lib.types.anything;
default = inputs.homeManager;
};
vpn = {
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
description = "Host name";
type = lib.types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
default = name;
};
system = lib.mkOption {
description = "NixOS architecture (a.k.a. system)";
type = lib.types.str;
default = "x86_64-linux";
};
nixpkgs = lib.mkOption {
description = "Used nixpkgs";
type = lib.types.anything;
default = inputs.nixpkgs;
};
homeManager = lib.mkOption {
description = "Used home-manager";
type = lib.types.anything;
default = inputs.homeManager;
};
vpn = {
ip = lib.mkOption {
description = "Wireguard VPN ip";
type = lib.types.str;
};
publicKey = lib.mkOption {
description = "Wireguard public key";
type = lib.types.str;
};
};
secrets = lib.mkOption {
description = "List of secrets names in the `secrets` folder";
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
owner = lib.mkOption {
type = lib.types.str;
default = "root";
};
group = lib.mkOption {
type = lib.types.str;
default = "root";
};
file = lib.mkOption {
type = lib.types.path;
default = "${self.outPath}/secrets/${name}.age";
};
mode = lib.mkOption {
# TODO improve type
type = lib.types.str;
default = "0440";
};
};
}
)
);
default = { };
};
enableHomeManager = lib.mkOption {
description = "Enable home-manager module";
type = lib.types.bool;
default = true;
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (
lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
}
);
default = [ ];
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [ ];
};
extraHmModules = lib.mkOption {
description = "Extra home-manager modules";
type = lib.types.listOf lib.types.deferredModule;
default = [ ];
};
extraHmModulesUser = lib.mkOption {
description = "User for which to import extraHmModulesUser";
type = lib.types.str;
default = "ccr";
};
};
config.overlays = with inputs; cfg.overlays;
}
)
);
default = { };
};
vpnExtra = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
options = {
ip = lib.mkOption {
description = "Wireguard VPN ip";
type = lib.types.str;
@ -118,138 +219,81 @@ in {
type = lib.types.str;
};
};
secrets = lib.mkOption {
description = "List of secrets names in the `secrets` folder";
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
owner = lib.mkOption {
type = lib.types.str;
default = "root";
};
group = lib.mkOption {
type = lib.types.str;
default = "root";
};
file = lib.mkOption {
type = lib.types.path;
default = "${self.outPath}/secrets/${name}.age";
};
mode = lib.mkOption {
# TODO improve type
type = lib.types.str;
default = "0440";
};
};
}));
default = {};
};
enableHomeManager = lib.mkOption {
description = "Enable home-manager module";
type = lib.types.bool;
default = true;
};
overlays = lib.mkOption {
description = "Enabled Nixpkgs overlays";
type = lib.types.listOf (lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
});
default = [];
};
extraModules = lib.mkOption {
description = "Extra NixOS modules";
type = lib.types.listOf lib.types.deferredModule;
default = [];
};
extraHmModules = lib.mkOption {
description = "Extra home-manager modules";
type = lib.types.listOf lib.types.deferredModule;
default = [];
};
extraHmModulesUser = lib.mkOption {
description = "User for which to import extraHmModulesUser";
type = lib.types.str;
default = "ccr";
};
};
config.overlays = with inputs; cfg.overlays;
}));
default = {};
};
vpnExtra = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
ip = lib.mkOption {
description = "Wireguard VPN ip";
type = lib.types.str;
};
publicKey = lib.mkOption {
description = "Wireguard public key";
type = lib.types.str;
};
};
});
default = {};
}
);
default = { };
};
_mkNixosConfiguration = lib.mkOption {
description = "Function returning a proper NixOS configuration";
type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
internal = true;
default = hostname: config:
default =
hostname: config:
config.nixpkgs.lib.nixosSystem {
inherit (config) system;
modules =
[
({lib, ...}: {
networking.hostName = lib.mkForce hostname;
nixpkgs.overlays = config.overlays;
})
(
{ lib, ... }:
{
networking.hostName = lib.mkForce hostname;
nixpkgs.overlays = config.overlays;
}
)
"${self.outPath}/hosts/${hostname}"
]
++ (lib.optionals (config.secrets != []) [
++ (lib.optionals (config.secrets != [ ]) [
inputs.agenix.nixosModules.default
({lib, ...}: let
allSecrets = lib.mapAttrs' (name: value: {
name = lib.removeSuffix ".age" name;
inherit value;
}) (import "${self.outPath}/secrets/secrets.nix");
filteredSecrets =
lib.filterAttrs
(name: _: builtins.hasAttr name config.secrets)
allSecrets;
in {
age.secrets =
lib.mapAttrs' (name: _: {
(
{ lib, ... }:
let
allSecrets = lib.mapAttrs' (name: value: {
name = lib.removeSuffix ".age" name;
inherit value;
}) (import "${self.outPath}/secrets/secrets.nix");
filteredSecrets = lib.filterAttrs (name: _: builtins.hasAttr name config.secrets) allSecrets;
in
{
age.secrets = lib.mapAttrs' (name: _: {
name = builtins.baseNameOf name;
value = {
inherit (config.secrets.${name}) owner group file mode;
inherit (config.secrets.${name})
owner
group
file
mode
;
};
})
filteredSecrets;
})
}) filteredSecrets;
}
)
])
++ (lib.optionals config.enableHomeManager (let
user = config.extraHmModulesUser;
extraHmModules = config.extraHmModules;
in [
config.homeManager.nixosModule
({
config,
pkgs,
...
}: {
home-manager.users."${user}" = {
imports = extraHmModules;
_module.args = {
age = config.age or {};
fleetFlake = self;
pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system};
};
};
})
]))
++ (lib.optionals config.enableHomeManager (
let
user = config.extraHmModulesUser;
extraHmModules = config.extraHmModules;
in
[
config.homeManager.nixosModule
(
{
config,
pkgs,
...
}:
{
home-manager.users."${user}" = {
imports = extraHmModules;
_module.args = {
age = config.age or { };
fleetFlake = self;
pkgsStable = inputs.nixpkgsStable.legacyPackages.${pkgs.system};
};
};
}
)
]
))
++ config.extraModules;
specialArgs = {
fleetModules = builtins.map (moduleName: "${self.outPath}/modules/${moduleName}");
@ -263,18 +307,21 @@ in {
description = "Function returning a proper Darwin configuration";
type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
internal = true;
default = hostname: config:
default =
hostname: config:
inputs.nixDarwin.lib.darwinSystem {
modules = [
({
lib,
pkgs,
...
}: {
networking.hostName = lib.mkForce hostname;
nixpkgs.overlays = config.overlays;
nixpkgs.hostPlatform = config.system;
})
(
{
lib,
...
}:
{
networking.hostName = lib.mkForce hostname;
nixpkgs.overlays = config.overlays;
nixpkgs.hostPlatform = config.system;
}
)
"${self.outPath}/hosts/${hostname}"
];
};
@ -284,18 +331,20 @@ in {
description = "Function returning a proper nix-on-droid configuration";
type = lib.types.functionTo (lib.types.functionTo lib.types.attrs); # TODO improve this type
internal = true;
default = hostname: config:
default =
hostname: config:
inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux;
modules = [
({
lib,
pkgs,
...
}: {
nixpkgs.overlays = config.overlays;
_module.args.fleetFlake = self;
})
(
{
...
}:
{
nixpkgs.overlays = config.overlays;
_module.args.fleetFlake = self;
}
)
"${self.outPath}/hosts/${hostname}"
];
};
@ -303,19 +352,10 @@ in {
};
config = {
flake.nixosConfigurations =
lib.mapAttrs
config.fleet._mkNixosConfiguration
config.fleet.hosts;
flake.nixosConfigurations = lib.mapAttrs config.fleet._mkNixosConfiguration config.fleet.hosts;
flake.darwinConfigurations =
lib.mapAttrs
config.fleet._mkDarwinConfiguration
config.fleet.darwinHosts;
flake.darwinConfigurations = lib.mapAttrs config.fleet._mkDarwinConfiguration config.fleet.darwinHosts;
flake.nixOnDroidConfigurations =
lib.mapAttrs
config.fleet._mkNixOnDroidConfiguration
config.fleet.nixOnDroidHosts;
flake.nixOnDroidConfigurations = lib.mapAttrs config.fleet._mkNixOnDroidConfiguration config.fleet.nixOnDroidHosts;
};
}

35
hosts/mothership/default.nix
View file

@ -5,7 +5,8 @@
pkgs,
config,
...
}: {
}:
{
imports = fleetModules [
"common"
"wireguard-server"
@ -57,11 +58,20 @@
};
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook];
fonts = with pkgs; [
powerline-fonts
dejavu_fonts
fira-code
fira-code-symbols
emacs-all-the-icons-fonts
nerdfonts
joypixels
etBook
];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
serif = ["DejaVu Serif"];
monospace = [ "DejaVu Sans Mono for Powerline" ];
sansSerif = [ "DejaVu Sans" ];
serif = [ "DejaVu Serif" ];
};
};
@ -69,16 +79,21 @@
nixpkgs.config.joypixels.acceptLicense = true;
environment.systemPackages = with pkgs; [waypipe];
environment.systemPackages = with pkgs; [ waypipe ];
programs.dconf.enable = true;
programs.mosh.enable = true;
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot = {

9
hosts/mothership/disko.nix
View file

@ -1,8 +1,11 @@
{
lib,
disks ? ["/dev/nvme0n1" "/dev/nvme1n1"],
disks ? [
"/dev/nvme0n1"
"/dev/nvme1n1"
],
...
}: {
}:
{
disk = {
x = {
type = "disk";

6
hosts/oneplus5t/default.nix
View file

@ -1,9 +1,7 @@
{
config,
lib,
pkgs,
...
}: {
}:
{
signing.enable = true;
# apps.prebuilt = {

3
hosts/pbp/default.nix
View file

@ -3,7 +3,8 @@
pkgs,
lib,
...
}: {
}:
{
imports =
[
./hardware-configuration.nix

7
hosts/pbp/hardware-configuration.nix
View file

@ -3,11 +3,12 @@
lib,
pkgs,
...
}: {
disko.devices = import ./disko.nix {};
}:
{
disko.devices = import ./disko.nix { };
boot = {
initrd.availableKernelModules = ["usbhid"];
initrd.availableKernelModules = [ "usbhid" ];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];

15
hosts/picard/default.nix
View file

@ -4,7 +4,8 @@
config,
pkgs,
...
}: {
}:
{
imports =
fleetModules [
"common"
@ -85,12 +86,12 @@
"reinstall-magisk-on-lineage"
"vscode-server"
];
extraGroups = [];
backupPaths = [];
extraGroups = [ ];
backupPaths = [ ];
};
boot.kernelParams = ["ip=dhcp"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@ -108,7 +109,7 @@
# https://github.com/NixOS/nixpkgs/issues/328909
boot.extraModulePackages = [
(config.boot.kernelPackages.ddcci-driver.overrideAttrs (old: {
patches = [];
patches = [ ];
src = pkgs.fetchFromGitLab {
owner = "${old.pname}-linux";
repo = "${old.pname}-linux";
@ -154,6 +155,6 @@
# TODO move away from here (how can the interface name be retrieved programmatically?)
networking.interfaces.enp11s0.wakeOnLan = {
enable = true;
policy = ["magic"];
policy = [ "magic" ];
};
}

8
hosts/sisko/default.nix
View file

@ -1,10 +1,10 @@
{
fleetModules,
pkgs,
fleetFlake,
config,
...
}: {
}:
{
imports =
fleetModules [
"common"
@ -71,7 +71,7 @@
nixpkgs.hostPlatform = "aarch64-linux";
swapDevices = [];
swapDevices = [ ];
boot.loader = {
systemd-boot.enable = true;
@ -128,7 +128,7 @@
fileSystems."/mnt/hd" = {
device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1";
fsType = "ext4";
options = ["nofail"];
options = [ "nofail" ];
};
environment.systemPackages = with pkgs; [

17
hosts/sisko/disko.nix
View file

@ -1,15 +1,18 @@
let
emmc = "/dev/disk/by-id/mmc-SLD64G_0xf6be3ba0";
ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C";
# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550";
# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530";
hd = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550-part1";
# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU";
in {
in
# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550";
# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530";
# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU";
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = ["size=1024M" "defaults" "mode=755"];
mountOptions = [
"size=1024M"
"defaults"
"mode=755"
];
};
disk = {
ssd = {

6
hosts/test/default.nix
View file

@ -1,10 +1,8 @@
{
fleetModules,
lib,
config,
pkgs,
...
}: {
}:
{
imports =
fleetModules [
"common"

25
hosts/thinkpad/default.nix
View file

@ -1,10 +1,10 @@
{
config,
lib,
pkgs,
fleetModules,
...
}: {
}:
{
imports =
[
./zfs.nix
@ -97,10 +97,15 @@
];
};
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
# boot.kernelPackages = pkgs.linuxPackages_zen;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -126,8 +131,8 @@
useXkbConfig = true; # use xkbOptions in tty.
};
services.joycond.enable = true; #FIXME not here
services.udev.packages = [pkgs.joycond];
services.joycond.enable = true; # FIXME not here
services.udev.packages = [ pkgs.joycond ];
# Enable the X11 windowing system.
# services.xserver.enable = true;
@ -183,7 +188,7 @@
# services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [8000];
networking.firewall.allowedTCPPorts = [ 8000 ];
# networking.firewall.allowedUDPPorts = [ 5000 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -214,7 +219,7 @@
];
};
users.groups.input.members = ["ccr"];
users.groups.input.members = [ "ccr" ];
services.udev.extraRules = ''
Sunshine
KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"

44
hosts/thinkpad/hardware-configuration.nix
View file

@ -4,47 +4,67 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["uinput"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "uinput" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/nixos/root";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/home" = {
device = "rpool/nixos/home";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib" = {
device = "rpool/nixos/var/lib";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/log" = {
device = "rpool/nixos/var/log";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot" = {
device = "bpool/nixos/root";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot/efis/nvme-INTEL_SSDPEKKF010T8L_PHHP938405741P0D-part1" = {
@ -64,7 +84,7 @@
# };
swapDevices = [
{device = "/dev/disk/by-label/swap";}
{ device = "/dev/disk/by-label/swap"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

8
hosts/thinkpad/zfs.nix
View file

@ -1,10 +1,10 @@
{
config,
pkgs,
lib,
...
}: {
boot.supportedFilesystems = ["zfs"];
}:
{
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "adf0b5e7";
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.efi.canTouchEfiVariables = false;
@ -23,7 +23,7 @@
mount /boot/efi
'';
boot.loader.grub.extraInstallCommands = ''
export PATH=$PATH:${lib.makeBinPath [pkgs.coreutils]}
export PATH=$PATH:${lib.makeBinPath [ pkgs.coreutils ]}
ESP_MIRROR=$(mktemp -d)
cp -r /boot/efi/EFI $ESP_MIRROR
for i in /boot/efis/*; do