diff --git a/components/hm/ssh.nix b/components/hm/ssh.nix index 22eb107..111daa0 100644 --- a/components/hm/ssh.nix +++ b/components/hm/ssh.nix @@ -132,6 +132,17 @@ in hostname = "10.20.40.1"; user = "luser"; }; + "l003_" = { + identityFile = age.secrets.nix2l002.path; + hostname = "172.234.26.141"; + user = "luser"; + }; + # TODO + # "l003" = { + # identityFile = age.secrets.nix2l002.path; + # hostname = "10.20.40.TODO"; + # user = "luser"; + # }; }; }; } diff --git a/hosts/l003/configuration.nix b/hosts/l003/configuration.nix new file mode 100644 index 0000000..d648982 --- /dev/null +++ b/hosts/l003/configuration.nix @@ -0,0 +1,8 @@ +{ + ... +}: +{ + networking.hostName = "l003"; + boot.loader.grub.enable = true; + system.stateVersion = "24.11"; +} diff --git a/hosts/l003/flake.nix b/hosts/l003/flake.nix new file mode 100644 index 0000000..5e58f8a --- /dev/null +++ b/hosts/l003/flake.nix @@ -0,0 +1,77 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + + mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; + mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_common.inputs.ragenix.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + ... + }@inputs: + let + configuration_name = "l003"; + lib = nixpkgs.lib; + in + { + nixosConfigurations = { + nixos = self.nixosConfigurations.${configuration_name}; + "${configuration_name}" = + let + auto_modules = builtins.concatMap ( + input: + lib.optionals + (builtins.hasAttr "nixosModules" input && builtins.hasAttr "default" input.nixosModules) + [ + input.nixosModules.default + ] + ) (builtins.attrValues inputs); + in + (lib.nixosSystem { + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ./linode.nix + ./common.nix + ( + { pkgs, ... }: + { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" + ]; + mods = { + common = { + flakeLocationOverride = "/home/luser/.config/nixos-config"; + disableRemoteBuildsOnLio = true; + systemName = configuration_name; + allowUnfree = true; + primaryUser = "luser"; + docker = true; + users = { + luser = { + extraGroups = [ + "wheel" + "networkmanager" + ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLBVLiPbhVG+riNNpkvXnNtOioByV3CQwtY9gu8pstp nix2l002" + ]; + }; + }; + }; + }; + } + ) + ] ++ auto_modules; + specialArgs = { + inherit inputs; + }; + }); + }; + }; +} diff --git a/hosts/l003/hardware-configuration.nix b/hosts/l003/hardware-configuration.nix new file mode 100644 index 0000000..6507949 --- /dev/null +++ b/hosts/l003/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/3612d65e-719c-4b33-af08-561b790d6d33"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} + diff --git a/hosts/l003/linode.nix b/hosts/l003/linode.nix new file mode 100644 index 0000000..2fca20d --- /dev/null +++ b/hosts/l003/linode.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: +{ + # https://www.linode.com/docs/guides/install-nixos-on-linode/#configure-nixos + boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.loader.grub.extraConfig = '' + serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; + terminal_input serial; + terminal_output serial + ''; + + boot.loader.grub.forceInstall = true; + boot.loader.grub.device = "nodev"; + boot.loader.timeout = 10; + + # TODO disable after first startup with ssh keys + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + }; + users.users.root.openssh.authorizedKeys.keys = config.users.users.luser.openssh.authorizedKeys.keys; + + networking.usePredictableInterfaceNames = false; + networking.useDHCP = false; # Disable DHCP globally as we will not need it. + # required for ssh? + networking.interfaces.eth0.useDHCP = true; + + environment.systemPackages = with pkgs; [ + inetutils + mtr + sysstat + ]; +} diff --git a/hosts/l003/readme.md b/hosts/l003/readme.md new file mode 100644 index 0000000..234dbb7 --- /dev/null +++ b/hosts/l003/readme.md @@ -0,0 +1,17 @@ +# Linode setup + +https://www.linode.com/docs/guides/install-nixos-on-linode/#prepare-your-linode +https://nixos.org/download/ + +`export HOSTNAME=NAME && sudo nixos-rebuild switch --flake ~/.config/nixos-config` + +# My config + +```sh +rsync -e "ssh -i /run/agenix/nix2l002" -Pahz \ + --delete-after \ + --exclude 'flake.lock' \ + ~/.config/nixos-config/hosts/l003/ \ + luser@172.234.26.141:~/.config/nixos-config/ +``` + diff --git a/hosts/lio/containers_test.nix b/hosts/lio/containers_test.nix index 5e398cc..badfb16 100644 --- a/hosts/lio/containers_test.nix +++ b/hosts/lio/containers_test.nix @@ -5,10 +5,10 @@ }: { -# NOTE some useful links -# nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html -# https://nixos.wiki/wiki/NixOS_Containers -# + # NOTE some useful links + # nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html + # https://nixos.wiki/wiki/NixOS_Containers + # options.services.librechat = let @@ -73,6 +73,7 @@ # librechat librechat = { + user = "root"; image = "ghcr.io/danny-avila/librechat-dev:latest"; ports = [ "${toString config.services.librechat.port}:${toString config.services.librechat.port}" @@ -99,6 +100,7 @@ }; librechat_mongodb = { + user = "root"; image = "mongo"; volumes = [ "${config.services.librechat.dataDir}/data-node:/data/db" @@ -111,6 +113,7 @@ }; librechat_meilisearch = { + user = "root"; image = "getmeili/librechat_meilisearch:v1.7.3"; environment = { MEILI_HOST = "http://librechat_meilisearch:7700"; @@ -123,6 +126,7 @@ }; librechat_vectordb = { + user = "root"; image = "ankane/pgvector:latest"; environment = { POSTGRES_DB = "mydatabase"; @@ -136,6 +140,7 @@ }; librechat_rag_api = { + user = "root"; image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest"; environment = { DB_HOST = "librechat_vectordb"; @@ -149,6 +154,7 @@ # TODO revisit local whisper, for now I am using groq free for STT # librechat_whisper = { + # user = "root"; # image = "onerahmet/openai-whisper-asr-webservice:latest"; # # ports = [ "8080:8080" ]; # environment = { diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index ddb1d14..f075fd0 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -3,9 +3,9 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "nixpkgs" ], @@ -36,14 +36,14 @@ "mod_de_cosmic", "nixpkgs-stable" ], - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1735868220, - "narHash": "sha256-/2fV5/nf+v/7IY3N/hvVmnfwDmLbqRLNqKTB0954EW0=", + "lastModified": 1736188510, + "narHash": "sha256-9gUz9t43aPHHPNfSnqqb5R1ZLs4nd5DWFeJwJS4Y+L0=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "ee7f797d293e1956e3df90b748d9992dbb3c82ad", + "rev": "e127ad3374836982730aa094d2b3f7268c025b02", "type": "github" }, "original": { @@ -70,7 +70,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "mod_common", + "mod_secrets", "ragenix", "agenix", "nixpkgs" @@ -126,29 +126,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "mod_common", - "ragenix", - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "mod_home-manager", @@ -170,6 +147,29 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "mod_secrets", + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "mod_boot_systemd": { "locked": { "lastModified": 1735793935, @@ -190,15 +190,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "ragenix": "ragenix" + ] }, "locked": { - "lastModified": 1735934181, - "narHash": "sha256-FuIaDsoyBOU8L0842gU9VKGs2wQ3ATRXAZe8LY/HEtY=", + "lastModified": 1736191002, + "narHash": "sha256-t39PCeJFgIXzniqjUIIFnbv6AE15WyoPTCE3k3Xuyz0=", "ref": "mod_common", - "rev": "f10210d958d9d27bbd61fda8b72fe10106a1b8c0", - "revCount": 2, + "rev": "ac3c0c2422842edba1887279bddd02b895ec5ed2", + "revCount": 4, "type": "git", "url": "https://git.joshuabell.xyz/dotfiles" }, @@ -235,7 +234,7 @@ }, "mod_home-manager": { "inputs": { - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" ] @@ -290,6 +289,25 @@ "url": "https://git.joshuabell.xyz/dotfiles" } }, + "mod_secrets": { + "inputs": { + "ragenix": "ragenix" + }, + "locked": { + "lastModified": 1736190878, + "narHash": "sha256-Unmqhmyn4z4a5za2jH0hfedpIDNdY2ndSHFLfDUGQgg=", + "ref": "mod_secrets", + "rev": "ced4cfd2fa2f18b32e59cfb0df4a964c8c388588", + "revCount": 6, + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + }, + "original": { + "ref": "mod_secrets", + "type": "git", + "url": "https://git.joshuabell.xyz/dotfiles" + } + }, "nix-filter": { "locked": { "lastModified": 1710156097, @@ -323,11 +341,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", "type": "github" }, "original": { @@ -337,7 +371,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1735854365, "narHash": "sha256-pNb03vdsQmn0jS5dKAdx2DFZ2QH4RRvrIzZxqpfMcS8=", @@ -1269,11 +1303,8 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": [ - "mod_common", - "nixpkgs" - ], - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1726755133, @@ -1293,7 +1324,7 @@ "inputs": { "nix-filter": "nix-filter", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1735420577, @@ -1317,13 +1348,14 @@ "mod_home-manager": "mod_home-manager", "mod_nebula": "mod_nebula", "mod_ros_stormd": "mod_ros_stormd", - "nixpkgs": "nixpkgs_2", + "mod_secrets": "mod_secrets", + "nixpkgs": "nixpkgs_3", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1400,17 +1432,17 @@ "rust-overlay": { "inputs": { "nixpkgs": [ - "mod_common", - "ragenix", + "mod_de_cosmic", + "cosmic", "nixpkgs" ] }, "locked": { - "lastModified": 1725675754, - "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "lastModified": 1736044260, + "narHash": "sha256-DTAr0mAd8AZwWgRtU9ZZFPz3DwNeoH/Oi/1QMSqc9YQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "rev": "c8ed24cc104ebbc218d992e208131e9f024b69f0", "type": "github" }, "original": { @@ -1420,28 +1452,6 @@ } }, "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "mod_de_cosmic", - "cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735784864, - "narHash": "sha256-tIl5p3ueaPw7T5T1UXkLc8ISMk6Y8CI/D/rd0msf73I=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "04d5f1836721461b256ec452883362c5edc5288e", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { "inputs": { "nixpkgs": [ "mod_ros_stormd", @@ -1463,6 +1473,28 @@ "type": "github" } }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "mod_secrets", + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725675754, + "narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "rust-overlay_4": { "inputs": { "nixpkgs": [ diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 5906885..9f4b7d6 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -5,6 +5,7 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; mod_common.inputs.nixpkgs.follows = "nixpkgs"; + mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; mod_de_cosmic.inputs.nixpkgs-stable.follows = "nixpkgs"; @@ -61,6 +62,7 @@ mods = { common = { + disableRemoteBuildsOnLio = true; systemName = configuration_name; allowUnfree = true; primaryUser = "josh"; @@ -87,7 +89,6 @@ google-chrome discordo discord - # nautilus qimgv # file browsing (not needed in cosmic) firefox-esr # freecad # openscad @@ -107,7 +108,6 @@ ../../components/hm/atuin.nix ../../components/hm/direnv.nix ../../components/hm/git.nix - # ../../components/hm/launcher_rofi.nix # not needed in cosmic ../../components/hm/nix_deprecations.nix ../../components/hm/obs.nix ../../components/hm/postgres.nix @@ -118,15 +118,6 @@ ../../components/hm/zsh.nix ]; }; - # root = { - # imports = [ - # ../../components/hm/nix_deprecations.nix - # ../../components/hm/postgres.nix - # ../../components/hm/starship.nix - # ../../components/hm/zoxide.nix - # ../../components/hm/zsh.nix - # ]; - # }; }; }; };