bchmnn/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: big refactor

Browse source
This commit is contained in:
Jacob Bachmann 2024-09-07 15:10:22 +02:00
parent 2c09c21833
commit ebedec9768
No known key found for this signature in database
GPG key ID: 7753026D577922A6
159 changed files with 1927 additions and 2222 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hosts/APPA/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }@inputs:
{
imports = [
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
./services
./hardware.nix
./network.nix
./system.nix
../../modules
];
bchmnn = {
git = {
signing = {
key = "0x7753026D577922A6";
};
};
collections = {
cli-utils.enable = true;
};
};
}

78
hosts/APPA/hardware.nix Normal file
View file

@ -0,0 +1,78 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/HOME";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"noatime"
];
};
fileSystems."/var/lib" = {
device = "/dev/disk/by-label/HOME";
fsType = "btrfs";
options = [
"subvol=@varlib"
"compress=zstd"
"noatime"
];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/APPA/network.nix Normal file
View file

@ -0,0 +1,29 @@
{
networking = {
firewall.enable = true;
hostName = "APPA";
useDHCP = false;
interfaces.enp0s25 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.2.40";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fdd2:59e7:4ee1:1:2642:c13b:9bbc:7bd3";
prefixLength = 64;
}
];
};
defaultGateway = {
address = "192.168.2.1";
};
defaultGateway6 = {
address = "fdd2:59e7:4ee1:0001::1";
interface = "enp0s25";
};
};
}

73
hosts/APPA/services/adguard-home.nix Normal file
View file

@ -0,0 +1,73 @@
{ config, ... }:
{
services.adguardhome = {
enable = true;
mutableSettings = true;
allowDHCP = true;
host = "127.0.0.1";
port = 8001;
settings = {
users = [
{
name = "admin";
password = "$2a$10$7FLDb/cr3SCtKiojXbFGnOjk6rWC0z9GMafV.YWMvewUcgua1eF/m";
}
];
dns = {
ratelimit = 0;
};
filtering = {
rewrites = [
{
domain = "dryb.org";
answer = "192.168.2.40";
}
{
domain = "speedport.dryb.org";
answer = "192.168.2.1";
}
{
domain = "tplink.dryb.org";
answer = "192.168.2.30";
}
{
domain = "adguard.dryb.org";
answer = "192.168.2.40";
}
{
domain = config.services.gitea.domain;
answer = "192.168.2.40";
}
];
};
dhcp = {
enabled = true;
interface_name = "enp0s25";
local_domain_name = "dryb.org";
dhcpv4 = {
gateway_ip = "192.168.2.1";
subnet_mask = "255.255.255.0";
range_start = "192.168.2.100";
range_end = "192.168.2.255";
lease_duration = 86400;
icmp_timeout_msec = 1000;
};
dhcpv6 = {
range_start = "fdd2::1";
lease_duration = 86400;
ra_slaac_only = true;
ra_allow_slaac = true;
};
};
};
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [
53
67
547
];
};
}

9
hosts/APPA/services/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./adguard-home.nix
./gitea.nix
./homepage-dashboard.nix
./nginx.nix
./postgresql.nix
];
}

26
hosts/APPA/services/gitea.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }:
{
age.secrets.passwords-gitea-db = {
file = ../../../secrets/passwords/gitea/db.age;
mode = "640";
owner = config.services.gitea.user;
group = config.services.gitea.group;
};
services.gitea = rec {
enable = true;
appName = "dryb.org: Gitea Service";
database = {
type = "postgres";
passwordFile = config.age.secrets.passwords-gitea-db.path;
};
domain = "git.dryb.org";
rootUrl = "http://${domain}/";
httpPort = 8003;
settings = {
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

74
hosts/APPA/services/homepage-dashboard.nix Normal file
View file

@ -0,0 +1,74 @@
{
services.homepage-dashboard = {
enable = true;
listenPort = 8002;
settings = {
title = "dryb.org";
layout = {
"Network" = {
style = "row";
columns = 3;
};
"IOT" = {
style = "row";
columns = 3;
};
};
};
services = [
{
"Network" = [
{
"Adguard Home" = {
description = "http://adguard.dryb.org";
href = "http://adguard.dryb.org";
icon = "adguard-home";
};
}
{
"Speedport Smart 4" = {
description = "https://speedport.dryb.org (192.168.2.1)";
href = "https://speedport.dryb.org";
icon = "mdi-router-network-wireless";
};
}
{
"TP-Link TL-SG1016DE" = {
description = "http://tplink.dryb.org (192.168.2.30)";
href = "http://tplink.dryb.org";
icon = "mdi-switch";
};
}
];
}
{
"IOT" = [
{
"Shelly Infra" = {
description = "http://shelly-infra.dryb.org (192.168.2.50)";
href = "http://shelly-infra.dryb.org";
icon = "shelly";
ping = "shelly-infra.dryb.org";
};
}
{
"Shelly Workstation" = {
description = "http://shelly-workstation.dryb.org (192.168.2.51)";
href = "http://shelly-workstation.dryb.org";
icon = "shelly";
ping = "shelly-workstation.dryb.org";
};
}
{
"Shelly Test" = {
description = "http://shelly-test.dryb.org (192.168.2.52)";
href = "http://shelly-test.dryb.org";
icon = "shelly";
ping = "shelly-test.dryb.org";
};
}
];
}
];
};
}

25
hosts/APPA/services/nginx.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts."dryb.org" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
};
};
virtualHosts."adguard.dryb.org" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
};
};
virtualHosts."${config.services.gitea.domain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
};
};
};
networking.firewall = {
allowedTCPPorts = [ 80 ];
};
}

19
hosts/APPA/services/postgresql.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services.postgresql = {
enable = true;
ensureDatabases = [ config.services.gitea.user ];
# type database DBuser auth-method mapping
authentication = ''
local gitea all ident map=gitea-users
'';
# name sysuser dbuser
identMap = ''
gitea-users gitea gitea
'';
};
}

38
hosts/W530/default.nix → hosts/APPA/system.nix
View file

@ -1,16 +1,5 @@
{ ... }@inputs: {
imports = [
./hardware.nix
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
];
networking.hostName = "W530";
{
bchmnn = {
power = {
tlp = {
settings = {
@ -30,32 +19,7 @@
};
};
};
gui = {
enable = true;
greeter.enable = false;
flavour = [ "sway" ];
};
nvidia.enable = false;
audio = {
enable = true;
pipewire-wine-fix.enable = false;
};
bluetooth.enable = true;
printing.enable = true;
vpn.enable = true;
sync.enable = false;
devenv.enable = true;
virtualisation.enable = true;
games.enable = false;
ratbag.enable = true;
ai.enable = false;
};
services.logind.lidSwitch = "ignore";
}

28
hosts/IROH/default.nix Executable file → Normal file
View file

@ -1,17 +1,18 @@
{ ... }@inputs: {
{ ... }@inputs:
{
imports = [
./hardware.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
./hardware.nix
../../modules
];
networking.hostName = "IROH";
bchmnn = {
gui = {
enable = true;
greeter.enable = false;
@ -24,16 +25,21 @@
};
bluetooth.enable = false;
printing.enable = true;
vpn.enable = true;
sync.enable = true;
devenv.enable = true;
virtualisation.enable = true;
games.enable = true;
ratbag.enable = true;
ai.enable = false;
collections = {
cli-utils.enable = true;
profiling.enable = true;
development.enable = true;
vpn.enable = true;
virtualisation.enable = true;
games.enable = true;
};
services = {
flare-solvarr.enable = true;
jackett.enable = true;
syncthing.enable = true;
};
};
}

125
hosts/IROH/hardware.nix
View file

@ -1,10 +1,27 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.kernelModules = [
"kvm-intel"
"nvidia"
"nvidia_modeset"
"nvidia_uvm"
"nvidia_drm"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -16,92 +33,42 @@
"resume_offset=533760"
"nvidia_drm.modeset=1"
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
# "intel_pstate=disable"
];
/*
hardware.nvidia.package =
config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.52.04";
sha256_64bit = "sha256-nVOubb7zKulXhux9AruUTVBQwccFFuYGWrU1ZiakRAI=";
sha256_aarch64 = "sha256-Kt60kTTO3mli66De2d1CAoE3wr0yUbBe7eqCIrYHcWk=";
openSha256 = "sha256-wDimW8/rJlmwr1zQz8+b1uvxxxbOf3Bpk060lfLKuy0=";
settingsSha256 = "sha256-PMh5efbSEq7iqEMBr2+VGQYkBG73TGUh6FuDHZhmwHk=";
persistencedSha256 = "sha256-KAYIvPjUVilQQcD04h163MHmKcQrn2a8oaXujL2Bxro=";
};
*/
/*
hardware.nvidia.package =
config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "560.28.03";
sha256_64bit = "sha256-martv18vngYBJw1IFUCAaYr+uc65KtlHAMdLMdtQJ+Y=";
sha256_aarch64 = "sha256-+u0ZolZcZoej4nqPGmZn5qpyynLvu2QSm9Rd3wLdDmM=";
openSha256 = "sha256-asGpqOpU0tIO9QqceA8XRn5L27OiBFuI9RZ1NjSVwaM=";
settingsSha256 = "sha256-b4nhUMCzZc3VANnNb0rmcEH6H7SK2D5eZIplgPV59c8=";
persistencedSha256 = "sha256-MhITuC8tH/IPhCOUm60SrPOldOpitk78mH0rg+egkTE=";
};
*/
/*
hardware.nvidia.package =
let
rcu_patch = pkgs.fetchpatch {
url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
};
in
config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "535.154.05";
sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg=";
sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k=";
openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo=";
settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10=";
persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE=";
patches = [ rcu_patch ];
};
*/
boot.resumeDevice = "/dev/disk/by-label/ROOT";
fileSystems."/" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/swap" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/HOME";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/HOME";
fsType = "btrfs";
options = [ "subvol=@" ];
};
swapDevices = [{ device = "/swap/swapfile"; }];
swapDevices = [ { device = "/swap/swapfile"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

28
hosts/T430/default.nix Executable file → Normal file
View file

@ -1,17 +1,18 @@
{ ... }@inputs: {
{ ... }@inputs:
{
imports = [
./hardware.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t430
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
./hardware.nix
../../modules
];
networking.hostName = "T430";
bchmnn = {
gui = {
enable = true;
greeter.enable = false;
@ -24,16 +25,21 @@
};
bluetooth.enable = true;
printing.enable = true;
vpn.enable = true;
sync.enable = true;
devenv.enable = true;
virtualisation.enable = true;
games.enable = true;
ratbag.enable = true;
ai.enable = false;
collections = {
cli-utils.enable = true;
profiling.enable = true;
development.enable = true;
vpn.enable = true;
virtualisation.enable = true;
games.enable = true;
};
services = {
flare-solvarr.enable = true;
jackett.enable = true;
syncthing.enable = true;
};
};
}

92
hosts/T430/hardware.nix
View file

@ -1,9 +1,21 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sr_mod"
"sdhci_pci"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -11,47 +23,53 @@
boot.resumeDevice = "/dev/disk/by-label/ROOT";
boot.initrd.luks.devices."cryptlvm".device = "/dev/disk/by-uuid/b7a904b2-cceb-47fc-832a-701e386a95db";
fileSystems."/" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" "noatime" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"noatime"
];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "noatime" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@home"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" "noatime" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/swap" =
{
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "subvol=@swap" "noatime" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [
"subvol=@swap"
"noatime"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
};
swapDevices = [{
device = "/swap/swapfile";
}];
swapDevices = [ { device = "/swap/swapfile"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

83
hosts/W530/hardware.nix
View file

@ -1,83 +0,0 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = [ "resume_offset=9364344" ];
boot.resumeDevice = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
boot.initrd.luks.devices."cryptlvm".device = "/dev/disk/by-uuid/d04a2c58-4116-45d6-aa6e-2002556e6d22";
fileSystems."/" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@root" "compress=zstd" "noatime" ];
};
fileSystems."/srv" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@srv" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@log" "compress=zstd" "noatime" ];
};
fileSystems."/var/cache" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@cache" "compress=zstd" "noatime" ];
};
fileSystems."/tmp" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@tmp" "compress=zstd" "noatime" ];
};
fileSystems."/swap" =
{
device = "/dev/disk/by-uuid/2e6bd7f5-74f0-4047-a0ab-5679b877a9fe";
fsType = "btrfs";
options = [ "subvol=@swap" "noatime" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/A410-7E4F";
fsType = "vfat";
};
swapDevices = [{
device = "/swap/swapfile";
}];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}