Commit 6b38f4e6732e
Changed files (7)
systems
systems/aion/extra.nix
@@ -1,5 +1,7 @@
{ lib, pkgs, ... }:
{
+ users.users.vincent.linger = true;
+
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "yes";
systems/nagoya/boot.nix
@@ -1,15 +0,0 @@
-{
- lib,
- ...
-}:
-{
- console.keyMap = lib.mkForce "us";
- boot = {
- loader = {
- systemd-boot.enable = lib.mkForce false;
- efi.canTouchEfiVariables = lib.mkForce false;
- };
- };
- # nothing ?
- # system.build.installBootLoader = config.boot.loader.raspberryPi;
-}
systems/nagoya/config.txt.nix
@@ -1,39 +0,0 @@
-{
- lib,
- ...
-}:
-
-{
- hardware.raspberry-pi.config = {
- all = {
- # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
-
- options = {
- camera_auto_detect.enable = false;
- };
-
- # Base DTB parameters
- # https://github.com/raspberrypi/linux/blob/a1d3defcca200077e1e382fe049ca613d16efd2b/arch/arm/boot/dts/overlays/README#L132
- base-dt-params = {
-
- # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#enable-pcie
- pciex1 = {
- enable = true;
- value = "on";
- };
- # PCIe Gen 3.0
- # https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#pcie-gen-3-0
- pciex1_gen = {
- enable = true;
- value = "3";
- };
-
- };
- dt-overlays = {
- # needs to be false otherwise it hangs at boot time
- vc-kms-v3d.enable = lib.mkForce false;
- vc4-kms-v3d.enable = lib.mkForce false;
- };
- };
- };
-}
systems/nagoya/extra.nix
@@ -1,98 +0,0 @@
-{
- config,
- globals,
- lib,
- libx,
- pkgs,
- ...
-}:
-{
- imports = [
- # ../common/services/containers.nix
- ../common/services/docker.nix
- ];
- system.nixos.tags =
- let
- cfg = config.boot.loader.raspberryPi;
- in
- [
- "raspberry-pi-${cfg.variant}"
- cfg.bootloader
- config.boot.kernelPackages.kernel.version
- ];
- # networking.firewall.enable = false;
-
- # TODO make it an option ? (otherwise I'll add it for all)
- users.users.vincent.linger = true;
-
- services = {
- firefly-iii = {
- enable = true;
- virtualHost = "ffiii.nagoya.sbr.pm";
- enableNginx = true;
- settings.APP_KEY_FILE = "/etc/ffiii.keyfile";
- };
- firefly-iii-data-importer = {
- enable = true;
- enableNginx = true;
- virtualHost = "import.ffiii.nagoya.sbr.pm";
- };
- # paperless = {
- # enable = true;
- # domain = "paperless.nagoya.sbr.pm";
- # configureNginx = true;
- # };
-
- wireguard = {
- enable = true;
- ips = libx.wg-ips globals.machines.nagoya.net.vpn.ips;
- endpoint = "${globals.net.vpn.endpoint}";
- endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
- };
- nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedTlsSettings = true;
- recommendedOptimisation = true;
- # TODO: should probably switch to sync.sbr.pm or something maybe ?
- virtualHosts."nagoya.sbr.pm" = {
- locations = lib.attrsets.mapAttrs' (
- name: value:
- lib.attrsets.nameValuePair "/syncthing/${name}/" {
- proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
- recommendedProxySettings = true;
- }
- ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
- # // {
- # "/n8n/" = {
- # proxyPass = "http://127.0.0.1:5678/";
- # recommendedProxySettings = true;
- # };
- # };
- };
- virtualHosts."nagoya.vpn" = {
- locations = lib.attrsets.mapAttrs' (
- name: value:
- lib.attrsets.nameValuePair "/syncthing/${name}/" {
- proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
- recommendedProxySettings = true;
- }
- ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
- };
- virtualHosts."nagoya.home" = {
- locations = lib.attrsets.mapAttrs' (
- name: value:
- lib.attrsets.nameValuePair "/syncthing/${name}/" {
- proxyPass = "http://${builtins.head value.net.ips}:8384/";
- recommendedProxySettings = true;
- }
- ) (lib.attrsets.filterAttrs (_name: value: (libx.hasIps value)) globals.machines);
- };
- };
-
- };
-
- environment.systemPackages = with pkgs; [
- lm_sensors
- ];
-}
systems/nagoya/hardware.nix
@@ -1,136 +0,0 @@
-{
- inputs,
- pkgs,
- lib,
- ...
-}:
-let
- firmwarePartition = lib.recursiveUpdate {
- # label = "FIRMWARE";
- priority = 1;
-
- type = "0700"; # Microsoft basic data
- attributes = [
- 0 # Required Partition
- ];
-
- size = "1024M";
- content = {
- type = "filesystem";
- format = "vfat";
- # mountpoint = "/boot/firmware";
- mountOptions = [
- "noatime"
- "noauto"
- "x-systemd.automount"
- "x-systemd.idle-timeout=1min"
- ];
- };
- };
-
- espPartition = lib.recursiveUpdate {
- # label = "ESP";
-
- type = "EF00"; # EFI System Partition (ESP)
- attributes = [
- 2 # Legacy BIOS Bootable, for U-Boot to find extlinux config
- ];
-
- size = "1024M";
- content = {
- type = "filesystem";
- format = "vfat";
- # mountpoint = "/boot";
- mountOptions = [
- "noatime"
- "noauto"
- "x-systemd.automount"
- "x-systemd.idle-timeout=1min"
- "umask=0077"
- ];
- };
- };
- kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
-in
-{
- imports = [
- inputs.disko.nixosModules.disko
- ./config.txt.nix
- ];
- boot = {
- loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
- loader.raspberryPi.bootloader = "kernel";
- kernelPackages = kernelBundle.linuxPackages_rpi5;
- };
-
- nixpkgs.overlays = lib.mkAfter [
- (_self: _super: {
- # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
- # enableRedistributableFirmware is enabled
- # I know no easier way to override this package
- inherit (kernelBundle) raspberrypiWirelessFirmware;
- # Some derivations want to use it as an input,
- # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
- inherit (kernelBundle) raspberrypifw;
- })
- ];
-
- disko.devices = {
- disk.root = {
- type = "disk";
- device = "/dev/nvme0n1";
- content = {
- type = "gpt";
- partitions = {
-
- FIRMWARE = firmwarePartition {
- label = "FIRMWARE";
- content.mountpoint = "/boot/firmware";
- };
-
- ESP = espPartition {
- label = "ESP";
- content.mountpoint = "/boot";
- };
-
- root = {
- size = "100%";
- content = {
- type = "filesystem";
- format = "ext4";
- mountpoint = "/";
- mountOptions = [
- "noatime"
- "nodiratime"
- "discard"
- ];
- };
- };
- };
-
- };
- };
- };
- # fileSystems = {
- # "/boot/firmware" = {
- # device = "/dev/disk/by-uuid/2175-794E";
- # fsType = "vfat";
- # options = [
- # "noatime"
- # "noauto"
- # "x-systemd.automount"
- # "x-systemd.idle-timeout=1min"
- # ];
- # };
- # # "/" = {
- # # device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
- # # fsType = "ext4";
- # # options = [ "noatime" ];
- # # };
- # "/" = {
- # device = "/dev/disk/by-uuid/e769fd8d-1fed-4a59-a987-e21f35294d5f";
- # fsType = "ext4";
- # options = [ "noatime" ];
- # };
- # };
-}
systems/nagoya/home.nix
@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
- imports = [
- ../../home/common/dev/base.nix
- # ../../home/common/dev/emacs.nix
- ../../home/common/dev/containers.nix
- ];
- systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
- home.packages = with pkgs; [
- ntfy-sh
- ];
-}
systems/rhea/extra.nix
@@ -1,5 +1,7 @@
{ lib, pkgs, ... }:
{
+ users.users.vincent.linger = true;
+
services.openssh.enable = true;
services.openssh.settings = {
PermitRootLogin = "yes";