diff --git a/flake.lock b/flake.lock index fc46670..35c21fb 100644 --- a/flake.lock +++ b/flake.lock @@ -47,6 +47,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1713406758, + "narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=", + "owner": "nix-community", + "repo": "disko", + "rev": "1efd500e9805a9efbce401ed5999006d397b9f11", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -153,6 +173,7 @@ "root": { "inputs": { "agenix": "agenix", + "disko": "disko", "home-manager": "home-manager", "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 229cd62..63636ec 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,11 @@ }; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -49,8 +54,8 @@ }; in { nixosConfigurations = { + ami = makeSystem "aarch64-linux" ./hosts/ami; alice = makeSystem "x86_64-linux" ./hosts/alice; - tara = makeSystem "x86_64-linux" ./hosts/tara; }; }; } diff --git a/hosts/tara/acme.nix b/hosts/ami/acme.nix similarity index 100% rename from hosts/tara/acme.nix rename to hosts/ami/acme.nix diff --git a/hosts/tara/bitwarden.nix b/hosts/ami/bitwarden.nix similarity index 100% rename from hosts/tara/bitwarden.nix rename to hosts/ami/bitwarden.nix diff --git a/hosts/tara/borg.nix b/hosts/ami/borg.nix similarity index 94% rename from hosts/tara/borg.nix rename to hosts/ami/borg.nix index f91f384..8924796 100644 --- a/hosts/tara/borg.nix +++ b/hosts/ami/borg.nix @@ -3,7 +3,7 @@ pkgs, ... }: let - host = "11967@prio.ch-s011.rsync.net"; + host = "zh4250@zh4250.rsync.net"; in { age.secrets.borgpassword.file = ../../secrets/borgpassword.age; diff --git a/hosts/tara/default.nix b/hosts/ami/default.nix similarity index 63% rename from hosts/tara/default.nix rename to hosts/ami/default.nix index e5b65d7..87ccfef 100644 --- a/hosts/tara/default.nix +++ b/hosts/ami/default.nix @@ -1,26 +1,25 @@ { pkgs, agenix, + disko, ... }: { imports = [ - ./hardware-configuration.nix ./system.nix agenix.nixosModules.default + disko.nixosModules.disko ./acme.nix ./bitwarden.nix ./borg.nix - ./mosh.nix + ./disk-config.nix + ./forgejo.nix ./website.nix - ./weechat.nix ../../users/maintainer ]; - # TODO: put somewhere - age.identityPaths = ["/home/buffet/.ssh/id_agenix"]; - networking.hostName = "tara"; + age.identityPaths = [ "/root/.ssh/id_agenix" ]; users = { mutableUsers = false; @@ -33,6 +32,4 @@ neovim tree ]; - - services.syncthing.enable = true; } diff --git a/hosts/ami/disk-config.nix b/hosts/ami/disk-config.nix new file mode 100644 index 0000000..e24d074 --- /dev/null +++ b/hosts/ami/disk-config.nix @@ -0,0 +1,37 @@ +_: { + disko.devices = { + disk.main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "esp"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/ami/forgejo.nix b/hosts/ami/forgejo.nix new file mode 100644 index 0000000..2ee7c60 --- /dev/null +++ b/hosts/ami/forgejo.nix @@ -0,0 +1,41 @@ +_: let + port = 3000; +in { + services = { + forgejo = { + enable = true; + settings = { + DEFAULT = { + APP_NAME = "buffet's kitchen"; + }; + + server = { + DOMAIN = "buffets.kitchen"; + HTTP_PORT = port; + }; + + service.DISABLE_REGISTRATION = true; + cron.ENABLED = true; + federation.ENABLED = true; + }; + }; + + nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."buffets.kitchen" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + }; + }; +} diff --git a/hosts/tara/system.nix b/hosts/ami/system.nix similarity index 66% rename from hosts/tara/system.nix rename to hosts/ami/system.nix index 5b095c0..b95f8a3 100644 --- a/hosts/tara/system.nix +++ b/hosts/ami/system.nix @@ -1,28 +1,24 @@ -{...}: { +{modulesPath, ...}: { imports = [ - ./linode.nix + (modulesPath + "/profiles/qemu-guest.nix") ]; - # Don't change! - system.stateVersion = "22.05"; + system.stateVersion = "23.11"; time.timeZone = "UTC"; i18n.defaultLocale = "en_US.UTF-8"; - boot = { - loader.grub.forceInstall = true; - loader.grub.device = "nodev"; - loader.timeout = 10; - tmp.cleanOnBoot = true; - }; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; security.sudo.wheelNeedsPassword = false; services.openssh.enable = true; networking = { - hostName = "tara"; + hostName = "ami"; firewall.allowPing = true; - usePredictableInterfaceNames = false; }; nix = { diff --git a/hosts/tara/website.nix b/hosts/ami/website.nix similarity index 100% rename from hosts/tara/website.nix rename to hosts/ami/website.nix diff --git a/hosts/tara/hardware-configuration.nix b/hosts/tara/hardware-configuration.nix deleted file mode 100644 index cbf5c7c..0000000 --- a/hosts/tara/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/sda"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/sdb";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/tara/linode.nix b/hosts/tara/linode.nix deleted file mode 100644 index e4b07ea..0000000 --- a/hosts/tara/linode.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - boot = { - kernelParams = ["console=ttyS0,19200n8"]; - loader.grub.extraConfig = '' - serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; - terminal_input serial; - terminal_output serial - ''; - }; - - # packages used for maintanence - environment.systemPackages = with pkgs; [ - inetutils - mtr - sysstat - ]; -} diff --git a/hosts/tara/mosh.nix b/hosts/tara/mosh.nix deleted file mode 100644 index 903c356..0000000 --- a/hosts/tara/mosh.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - programs.mosh = { - enable = true; - }; -} diff --git a/hosts/tara/weechat.nix b/hosts/tara/weechat.nix deleted file mode 100644 index 53266ba..0000000 --- a/hosts/tara/weechat.nix +++ /dev/null @@ -1,22 +0,0 @@ -{pkgs, ...}: let - port = 4124; -in { - networking.firewall.allowedTCPPorts = [port]; - - environment.systemPackages = with pkgs; [ - screen - ]; - - systemd.services.weechat = { - after = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "simple"; - Restart = "always"; - User = "maintainer"; - Group = "users"; - }; - - script = "exec ${pkgs.screen}/bin/screen -Dm -S weechat ${pkgs.weechat}/bin/weechat"; - }; -}