aynish/helm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

holy moly we're almost there

Browse Source
This commit is contained in:
Anish Lakhwara
2022-09-19 08:13:50 +10:00
commit 3693732aac
203 changed files with 17247 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/box/configuration.nix
+95
View File
@@ -0,0 +1,95 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.efi.canTouchEfiVariables = false;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
device = "nodev";
version = 2;
efiSupport = true;
enableCryptodisk = true;
efiInstallAsRemovable = true;
};
boot.initrd.secrets = {
"/keyfile0.bin" = /etc/secrets/initrd/keyfile0.bin;
"/keyfile1.bin" = /etc/secrets/initrd/keyfile1.bin;
};
boot.initrd.luks.devices = {
"root" = {
#name = "root";
device = "/dev/disk/by-uuid/f37f3222-47d7-42d8-b400-363320a31853"; # UUID for /dev/nvme01np2
preLVM = true;
allowDiscards = true;
keyFile = "/keyfile0.bin";
};
};
# Data mount
# fileSystems."/data" = {
# device = "/dev/disk/by-uuid/3276a297-9ee4-4998-b262-1ed100366c06"; # UUID for /dev/mapper/crypted-data
# encrypted = {
# enable = true;
# label = "crypted-data";
# blkDev = "/dev/disk/by-uuid/8a317bf4-fe13-4334-a6df-5fe5a5048b5e"; # UUID for /dev/sda1
# keyFile = "/keyfile1.bin";
# };
# };
networking.interfaces.enp2s0 = {
ipv4.addresses = [{
address = "192.168.1.240";
prefixLength = 24;
}];
ipv4.routes = [{ address = "192.168.1.0"; prefixLength = 24; via = "192.168.1.1"; }];
useDHCP = false;
};
#networking.nameservers = [ "172.16.11.240" ];
networking.nameservers = [ "192.168.1.1" ];
networking.defaultGateway = {
address = "192.168.1.1";
interface = "enp2s0";
};
networking.hostName = "box"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.wlp3s0.useDHCP = true;
# Set your time zone.
time.timeZone = "Australia/Brisbane";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
sound.enable = false;
programs.gnupg.agent.enable = true;
programs.gnupg.agent.pinentryFlavor = "curses";
programs.gnupg.agent.enableSSHSupport = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.09"; # Did you read the comment?
}
hosts/box/default.nix
+49
View File
@@ -0,0 +1,49 @@
{ self, pkgs, profiles, suites, ... }:
{
imports = [
./configuration.nix
] ++ suites.mossnet;
home-manager.users.anish = { self, suites, ... }: {
imports = [ ] ++ suites.hmBase;
};
# For some reason this doesn't work in the profile, but does over here??
# Something weird in the way I'm importing nixpkgs in the profile or something
services."grasp".enable = true;
services."grasp".path = "/home/anish/kitaab/grasp/grasp.wiki";
services."grasp".user = "anish";
# Backups
age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
services.postgresqlBackup = {
enable = true;
databases = [ "wallabag" ];
location = "/var/backup/postgresql";
};
mossnet.backup = {
enable = true;
name = "mossnet";
paths = [
"/var/lib/taskserver" # taskwarrior
"/var/www/shaarli-config" # sharli
"/var/backup/postgresql" # wallabag
"/var/lib/radicale" # radicale
"/home/anish/usr/drawing" # syncthing
"/home/anish/usr/nonfiction" # syncthing
"/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul
];
# seafile
};
age.secrets.box-wg.file = "${self}/secrets/box-wg.age";
age.secrets.box-wg.owner = "anish";
mossnet.wg = {
enable = true;
ips = [ "10.0.69.4/24" ];
privateKeyFile = "/run/agenix/box-wg";
};
services.syncthing.guiAddress = "0.0.0.0:8384"; # public syncthing
system.stateVersion = "19.09";
}
hosts/box/hardware-configuration.nix
+52
View File
@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "thunderbolt" "uas" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/ade0752d-84d3-4e39-865b-9027ba2d5c67";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/1715-278E";
fsType = "vfat";
};
fileSystems."/mnt/one" =
{
device = "/dev/disk/by-uuid/0f857c6e-509d-436f-9e78-bc25f1b0d23b";
fsType = "ext4";
};
fileSystems."/mnt/two" =
{
device = "/dev/disk/by-uuid/5bc894bf-ed87-4c30-aab4-87e154e0cd08";
fsType = "ext4";
};
fileSystems."/mnt/three" =
{
device = "/dev/disk/by-uuid/0be3ded1-9c8b-40aa-94ca-dc2297d5988e";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/b790abb4-ba5f-4476-8f09-b0fc575414aa"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}