adding h001 host
This commit is contained in:
RingOfStorms (Joshua Bell)
parent
e671f877d9
commit
cafc84e17e
30 changed files with 2173 additions and 614 deletions
7
hosts/h001/configuration.nix
Normal file
7
hosts/h001/configuration.nix
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
system.stateVersion = "24.11"; # Did you read the comment?
|
||||
}
|
||||
1320
hosts/h001/flake.lock
generated
Normal file
1320
hosts/h001/flake.lock
generated
Normal file
File diff suppressed because it is too large
Load diff
101
hosts/h001/flake.nix
Normal file
101
hosts/h001/flake.nix
Normal file
|
|
@ -0,0 +1,101 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
|
||||
# Use relative to get current version for testing
|
||||
# common.url = "path:../../common";
|
||||
common.url = "git+https://git.joshuabell.xyz/dotfiles";
|
||||
|
||||
ros_neovim.url = "git+https://git.joshuabell.xyz/nvim";
|
||||
};
|
||||
|
||||
outputs =
|
||||
{
|
||||
nixpkgs,
|
||||
common,
|
||||
ros_neovim,
|
||||
...
|
||||
}:
|
||||
let
|
||||
configuration_name = "h001";
|
||||
lib = nixpkgs.lib;
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
"${configuration_name}" = (
|
||||
lib.nixosSystem {
|
||||
modules = [
|
||||
common.nixosModules.default
|
||||
ros_neovim.nixosModules.default
|
||||
./configuration.nix
|
||||
./hardware-configuration.nix
|
||||
(
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
lua
|
||||
];
|
||||
|
||||
ringofstorms_common = {
|
||||
systemName = configuration_name;
|
||||
boot.grub.enable = true;
|
||||
secrets.enable = true;
|
||||
programs = {
|
||||
tailnet.enable = true;
|
||||
ssh.enable = true;
|
||||
docker.enable = true;
|
||||
};
|
||||
users = {
|
||||
admins = [ "luser" ]; # First admin is also the primary user owning nix config
|
||||
users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001"
|
||||
];
|
||||
};
|
||||
luser = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001"
|
||||
];
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"video"
|
||||
"input"
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
packages = with pkgs; [
|
||||
bitwarden
|
||||
vaultwarden
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
homeManager = {
|
||||
users = {
|
||||
luser = {
|
||||
imports = with common.homeManagerModules; [
|
||||
kitty
|
||||
tmux
|
||||
atuin
|
||||
direnv
|
||||
git
|
||||
nix_deprecations
|
||||
postgres
|
||||
ssh
|
||||
starship
|
||||
zoxide
|
||||
zsh
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
49
hosts/h001/hardware-configuration.nix
Normal file
49
hosts/h001/hardware-configuration.nix
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"ahci"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"usbhid"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIXROOT";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-label/NIXBOOT";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0077"
|
||||
"dmask=0077"
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/.swapfile";
|
||||
size = 64 * 1024; # 64GB
|
||||
}
|
||||
];
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
@ -40,9 +40,6 @@
|
|||
ringofstorms_common = {
|
||||
systemName = configuration_name;
|
||||
boot.grub.enable = true;
|
||||
general = {
|
||||
disableRemoteBuildsOnLio = true;
|
||||
};
|
||||
secrets.enable = true;
|
||||
desktopEnvironment.gnome.enable = true;
|
||||
programs = {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.64.0.2:6610";
|
||||
proxyPass = "http://100.64.0.1";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
streamConfig = ''
|
||||
server {
|
||||
listen 3032;
|
||||
proxy_pass 100.64.0.2:6611;
|
||||
proxy_pass 100.64.0.1:3032;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
|
|
@ -75,6 +75,13 @@
|
|||
# return = "404"; # or 444 for drop
|
||||
# };
|
||||
# };
|
||||
"git.joshuabell.xyz" = {
|
||||
# GIT passthrough
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.0.2:3000";
|
||||
};
|
||||
};
|
||||
|
||||
"_" = {
|
||||
default = true;
|
||||
locations."/" = {
|
||||
|
|
@ -82,6 +89,15 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
# STREAMS
|
||||
streamConfig = ''
|
||||
server {
|
||||
listen 3032;
|
||||
proxy_pass 10.0.0.2:3032;
|
||||
}
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
|
|
|||
2
hosts/lio/flake.lock
generated
2
hosts/lio/flake.lock
generated
|
|
@ -32,7 +32,7 @@
|
|||
},
|
||||
"locked": {
|
||||
"lastModified": 1,
|
||||
"narHash": "sha256-PLiddkpkHZxcS8MiVlI8k3rbBWNqDb0mrHWdRvadANI=",
|
||||
"narHash": "sha256-2l+RB3fWLb8NnFYLsrljODAx2GEtRv7JL9a4RBlPACc=",
|
||||
"path": "../../common",
|
||||
"type": "path"
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue