v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Merge branch 'new' of ssh://git.0x76.dev:42/v/infrastructure into new

Browse source
This commit is contained in:
Vivian 2024-09-12 21:23:28 +02:00
commit f0380bbe4e
19 changed files with 15 additions and 297 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
common/desktop/home.nix
View file

@ -36,7 +36,6 @@ in
foliate # epub reader foliate # epub reader
gcc gcc
gimp gimp
inputs.attic.packages.${pkgs.system}.attic
comma comma
discord discord
jetbrains.rust-rover jetbrains.rust-rover
@ -70,7 +69,10 @@ in
chromium = { chromium = {
enable = true; enable = true;
package = pkgs.ungoogled-chromium; extensions = [
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
{ id = "nngceckbapebfimnlniiiahkandclblb"; } # bitwarden
];
}; };
direnv = { direnv = {

6
common/hm-modules/nvim/default.nix
View file

@ -219,10 +219,6 @@ with lib;
folder = "daily"; folder = "daily";
}; };
workspaces = [ workspaces = [
{
name = "uni";
path = "~/cloud/Documents/CESE/notes";
}
{ {
name = "notes"; name = "notes";
path = "~/cloud/Notes"; path = "~/cloud/Notes";
@ -282,7 +278,7 @@ with lib;
}; };
# surround.enable = true; # surround.enable = true;
fugitive.enable = true; fugitive.enable = true;
gitgutter.enable = true; # gitgutter.enable = true;
lualine = { lualine = {
enable = true; enable = true;

5
hosts/olympus/bastion/containers/default.nix
View file

@ -3,7 +3,6 @@ let
hostAddress = "10.42.99.1"; hostAddress = "10.42.99.1";
hostAddress6 = "fc00::1"; hostAddress6 = "fc00::1";
in { in {
# TODO: Loop over subdirs, create nixos container for each
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-+" ];
@ -24,7 +23,7 @@ in {
dns = { dns = {
autoStart = true; autoStart = true;
inherit hostAddress hostAddress6; inherit hostAddress hostAddress6;
localAddress = "10.42.99.1"; localAddress = "10.42.99.2";
localAddress6 = "fc00::2"; localAddress6 = "fc00::2";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
@ -32,11 +31,11 @@ in {
config = {pkgs, ...}: { config = {pkgs, ...}: {
imports = [ imports = [
./common.nix ./common.nix
# ./dns.nix
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.gnome-autounlock-keyring.nixosModules.default inputs.gnome-autounlock-keyring.nixosModules.default
inputs.catppuccin.nixosModules.catppuccin inputs.catppuccin.nixosModules.catppuccin
]; ];
}; };
}; };
}; };

7
hosts/olympus/bastion/containers/dns.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
services.v.dns = {
enable = true;
openFirewall = true;
mode = "server";
};
}

1
hosts/olympus/eevee/home/default.nix
View file

@ -4,6 +4,5 @@
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
zoom-us
]; ];
} }

1
hosts/thalassa/aoife/hardware.nix
View file

@ -40,7 +40,6 @@
# Video Driver # Video Driver
xserver = { xserver = {
dpi = 280; dpi = 280;
xkb.options = "caps:swapescape";
}; };
# SSD Trim # SSD Trim

2
hosts/thalassa/aoife/home/default.nix
View file

@ -7,7 +7,7 @@
# Custom dconf settings # Custom dconf settings
dconf.settings."org/gnome/desktop/input-sources" = { dconf.settings."org/gnome/desktop/input-sources" = {
xkb-options = [ "caps:swapescape" ]; # xkb-options = [ "caps:swapescape" ];
}; };
programs.zsh.envExtra = '' programs.zsh.envExtra = ''

38
nixos/hosts/olympus/bastion/configuration.nix
View file

@ -1,38 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, inputs, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./containers
# ./vms.nix
];
programs.nix-ld.enable = true;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
virtualisation.podman.enable = true;
# Additional packages
environment.systemPackages = with pkgs; [ vault ];
networking.useNetworkd = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
}

6
nixos/hosts/olympus/bastion/containers/common.nix
View file

@ -1,6 +0,0 @@
# common container config
{ lib, ... }: {
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
networking.useHostResolvConf = lib.mkForce false;
services.resolved.enable = true;
}

26
nixos/hosts/olympus/bastion/containers/default.nix
View file

@ -1,26 +0,0 @@
{ config, lib, ... }:
let
hostAddress = "10.42.99.1";
hostAddress6 = "fc00::1";
in {
# TODO: Loop over subdirs, create nixos container for each
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "ens18";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
forwardPorts = [
];
};
# Containers network is
# * 10.42.99.0/24
# * fc00:x
containers = {
};
}

25
nixos/hosts/olympus/bastion/hardware-configuration.nix
View file

@ -1,25 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
}

32
nixos/hosts/olympus/bastion/vms.nix
View file

@ -1,32 +0,0 @@
{ config, pkgs, inputs, ... }: {
imports = [
inputs.microvm.nixosModules.host
];
microvm.vms = {
test-vm = {
inherit pkgs;
# (Optional) A set of special arguments to be passed to the MicroVM's NixOS modules.
#specialArgs = {};
# The configuration for the MicroVM.
# Multiple definitions will be merged as expected.
config = {
# It is highly recommended to share the host's nix-store
# with the VMs to prevent building huge images.
microvm.hypervisor = "crosvm";
microvm.shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}];
# Any other configuration for your MicroVM
# [...]
};
};
};
}

3
nixos/hosts/olympus/dhcp/configuration.nix
View file

@ -41,8 +41,6 @@ in
controlSocketPaths = [ "/tmp/kea-dhcp4.socket" ]; controlSocketPaths = [ "/tmp/kea-dhcp4.socket" ];
}; };
# To make sure the control socket is accesible
services.kea.dhcp4 = { services.kea.dhcp4 = {
enable = true; enable = true;
settings = { settings = {
@ -57,7 +55,6 @@ in
socket-type = "unix"; socket-type = "unix";
socket-name = "/tmp/kea-dhcp4.socket"; socket-name = "/tmp/kea-dhcp4.socket";
}; };
# failed to initialize Kea server: configuration error using file '/etc/kea/dhcp4-server.conf': cannot create socket lockfile, /run/kea/kea-dhcp4.socket.lock, : No such file or directory
lease-database = { lease-database = {
name = "/var/lib/kea/dhcp4.leases"; name = "/var/lib/kea/dhcp4.leases";

53
nixos/hosts/olympus/eevee/configuration.nix
View file

@ -1,53 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, ... }: {
imports = [ ./hardware-configuration.nix ./hardware.nix ];
# Bootloader.
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd = {
kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
};
loader.systemd-boot.configurationLimit = 5;
};
fileSystems."/".options = [ "compress=zstd" ];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "nl_NL.UTF-8";
LC_IDENTIFICATION = "nl_NL.UTF-8";
LC_MEASUREMENT = "nl_NL.UTF-8";
LC_MONETARY = "nl_NL.UTF-8";
LC_NAME = "nl_NL.UTF-8";
LC_NUMERIC = "nl_NL.UTF-8";
LC_PAPER = "nl_NL.UTF-8";
LC_TELEPHONE = "nl_NL.UTF-8";
LC_TIME = "nl_NL.UTF-8";
};
# Enable CUPS to print documents.
services.printing.enable = true;
environment.systemPackages = with pkgs; [ wireguard-tools ];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
home-manager = {
users.vivian = import ./home;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

42
nixos/hosts/olympus/eevee/hardware-configuration.nix
View file

@ -1,42 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/D883-F146";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
nixos/hosts/olympus/eevee/hardware.nix
View file

@ -1,48 +0,0 @@
{ pkgs, ... }: {
hardware = {
enableAllFirmware = true;
nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.stable;
# Open drivers cause gdm to crash
# open = true;
# nvidia-drm.modeset=1
modesetting.enable = true;
powerManagement.enable = false;
};
# Hardware acceleration
opengl = {
enable = true;
# Vulkan
driSupport = true;
driSupport32Bit = true;
};
logitech.wireless = {
enable = true;
enableGraphical = true;
};
};
services = {
hardware.bolt.enable = true;
xserver.videoDrivers = [ "nvidia" ];
# udev
udev.packages = with pkgs; [
android-udev-rules
logitech-udev-rules
wooting-udev-rules
];
# SSD Trim
fstrim.enable = true;
};
# FS
fileSystems."/".options = [ "compress=zstd" ];
}

1
nixos/hosts/olympus/eevee/home/.gitignore vendored
View file

@ -1 +0,0 @@
*dconf_dump*

9
nixos/hosts/olympus/eevee/home/default.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }: {
dconf.settings."org/gnome/desktop/peripherals/mouse" = {
accel-profile = "flat";
};
home.packages = with pkgs; [
zoom-us
];
}

1
nixos/hosts/olympus/nginx/configuration.nix
View file

@ -172,7 +172,6 @@ in {
}; };
security = { security = {
acme = { acme = {
defaults.email = "vivian@0x76.dev"; defaults.email = "vivian@0x76.dev";
acceptTerms = true; acceptTerms = true;
preliminarySelfsigned = true; preliminarySelfsigned = true;