ivabus/nixos
1
0
Fork 0
mirror of https://github.com/ivabus/nixos synced 2024-09-20 00:30:48 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

minor changes

Browse source 
- add celerrime-x (don't work)
- minor changes (code pretty)

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
Ivan Bushchik 2023-09-08 21:07:54 +03:00
parent 057174d7f1
commit 6889a37771
No known key found for this signature in database
GPG key ID: 2F16FBF3262E090C
10 changed files with 176 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -31,8 +31,10 @@ Apple Silicon hosts require additional `--impure` flag for firmware installation
- stella (Random Ryzen 3 3250U laptop)
- vetus (iMac 27" 2017)
- celerrime (MacBook Air M2)
- celerrime-x (MacBook Air M2 under Darwin) (Needs unifying)
- rubusidaeus (Raspberry Pi 4B)
## Modules
Module example:

28
common/base.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
nix = {
@ -8,35 +8,29 @@
'';
settings = {
auto-optimise-store = true;
allowed-users = [ "root" "@wheel" ];
trusted-users = [ "root" "@wheel" ];
sandbox = true;
};
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
documentation = {
doc.enable = false;
info.enable = false;
man.enable = true;
nixos.enable = false;
};
environment.systemPackages = with pkgs; [
wget
curl
usbutils
pciutils
coreutils-full
killall
git
git-crypt
neovim
python3Minimal
];
environment.systemPackages = with pkgs;
[ wget curl git git-crypt neovim python3Minimal nixfmt ]
++ lib.optionals pkgs.stdenv.isLinux [
usbutils
pciutils
coreutils-full
killall
];
boot.tmp.cleanOnBoot = true;
}

6
common/remote-access.nix
View file

@ -1,6 +1,7 @@
{ ... }:
{ cfg, lib, ... }:
{
let my = import ../.;
in {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
@ -14,4 +15,5 @@
'';
};
programs.ssh.startAgent = true;
}

14
common/user.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let my = import ../.;
in rec {
@ -12,16 +12,14 @@ in rec {
uid = 1000;
packages = with pkgs; [
tree
cargo
rustc
neofetch # I use NixOS BTW
duf
htop
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# Air M2 macOS
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
# celerrime-x
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE= ivabus@celerrime-x"
# Stella
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
@ -38,7 +36,11 @@ in rec {
users.users.ivabus.openssh.authorizedKeys.keys;
};
programs.zsh = { enable = true; };
environment.shells = [ pkgs.zsh ];
programs.zsh = {
enable = true;
promptInit = "";
};
programs.gnupg.agent.enable = true;
programs.ssh.startAgent = true;

51
flake.lock
View file

@ -42,19 +42,39 @@
]
},
"locked": {
"lastModified": 1693399033,
"narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=",
"lastModified": 1693208669,
"narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10",
"rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1692248770,
"narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b",
"type": "github"
},
"original": {
"owner": "LnL7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1692913444,
@ -73,11 +93,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1693377291,
"narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=",
"lastModified": 1694062546,
"narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7f38be3775bab9659575f192ece011c033655f0",
"rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-23.05-darwin",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
"type": "github"
},
"original": {
@ -91,7 +127,8 @@
"inputs": {
"apple-silicon-support": "apple-silicon-support",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {

20
flake.nix
View file

@ -4,15 +4,22 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon";
nix-darwin = {
url = "github:LnL7/nix-darwin/master";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
};
};
outputs =
{ self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: {
outputs = { self, nixpkgs, home-manager, nix-darwin, apple-silicon-support
, ... }@inputs: {
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@ -45,6 +52,13 @@
];
};
# Celerrime under macOS
darwinConfigurations."celerrime-x" = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
modules =
[ home-manager.darwinModules.home-manager ./machines/celerrime-x ];
};
# These machines will be configured later.
/* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {

60
machines/celerrime-x/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ pkgs, home, lib, ... }: {
# Cannot use "my" for a while. Need to adapt it not to be linux-only
imports = [ ../../common/base.nix ../../common/git.nix ];
nixpkgs.config.allowUnfree = true;
environment.systemPackages = lib.mkForce (with pkgs; [
neofetch
vscode
rustc
cargo
clang
llvm
lld
python3Full
gnumake
automake
autoconf
meson
ninja
picocom
screen
hyperfine
]);
security.pam.enableSudoTouchIdAuth = true;
networking = {
dns = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
knownNetworkServices = [ "USB 10/100/1000 LAN" "Wi-Fi" "iPhone USB" ];
hostName = "celerrime-x"; # ugly
computerName = "cellerime on X"; # pretty
};
my.git.enable = true;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
promptInit = "";
};
users.users.ivabus.home = "/Users/ivabus";
users.users.ivabus.openssh.authorizedKeys.keys = [
# i should somehow reuse it from common/user.nix
# celerrime-x
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
# Stella
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella"
# Celerrime
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime"
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
services.nix-daemon.enable = true;
nix.package = lib.mkForce pkgs.nix;
}

26
machines/rubusidaeus/default.nix
View file

@ -1,6 +1,12 @@
{ config, pkgs, lib, ... }:
let my = import ../..;
let
my = import ../..;
ipv6_subnet = "2a05:3580:e41a:d600";
ipv6_prefix = 64;
ipv4_gateway = "192.168.1.1";
ipv4_address = "192.168.1.3";
ipv4_prefix = 24;
in {
imports = [ my.modules ../../hardware/rpi4.nix ];
@ -23,7 +29,23 @@ in {
server = { ivabus-dev.enable = true; };
};
networking.useDHCP = true;
networking = {
useNetworkd = false;
useDHCP = false;
interfaces = {
end0 = {
ipv6.addresses = [{
address = "${ipv6_subnet}::1337";
prefixLength = ipv6_prefix;
}];
ipv4.addresses = [{
address = ipv4_address; # Ughhhhh yep, flat network
prefixLength = ipv4_prefix;
}];
};
};
defaultGateway = ipv4_gateway; # should set this things through let...
};
hardware.enableRedistributableFirmware = true;
system.stateVersion = "23.05";

12
roles/devel.nix
View file

@ -35,14 +35,12 @@ in {
(lib.mkIf (!pkgs.stdenv.isx86_64) {
boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];
})
# Remove CLion from builds while I'm semi-online
# Install CLion only if we are on x86_64
/* (lib.mkIf (pkgs.stdenv.isx86_64) {
environment.systemPackages = with pkgs; [
jetbrains.clion
];
})
*/
(lib.mkIf (pkgs.stdenv.isx86_64) {
environment.systemPackages = with pkgs; [ jetbrains.clion ];
})
# Install vscode only if we are on x86_64 or aarch64 or aarch32
(lib.mkIf
(pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {

1
roles/server/ivabus-dev.nix
View file

@ -15,6 +15,7 @@ in {
extraConfig = ''
error_page 404 /404.html;
'';
serverAliases = [ "www.ivabus.dev" ];
};
};
};