feat: migrate tara to ami

This commit is contained in:
buffet 2024-03-29 21:56:26 +01:00
parent cefd39de8e
commit e71905be35
14 changed files with 119 additions and 103 deletions

View file

@ -47,6 +47,26 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713406758,
"narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "1efd500e9805a9efbce401ed5999006d397b9f11",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -153,6 +173,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

View file

@ -13,6 +13,11 @@
}; };
}; };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -49,8 +54,8 @@
}; };
in { in {
nixosConfigurations = { nixosConfigurations = {
ami = makeSystem "aarch64-linux" ./hosts/ami;
alice = makeSystem "x86_64-linux" ./hosts/alice; alice = makeSystem "x86_64-linux" ./hosts/alice;
tara = makeSystem "x86_64-linux" ./hosts/tara;
}; };
}; };
} }

View file

@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: let }: let
host = "11967@prio.ch-s011.rsync.net"; host = "zh4250@zh4250.rsync.net";
in { in {
age.secrets.borgpassword.file = ../../secrets/borgpassword.age; age.secrets.borgpassword.file = ../../secrets/borgpassword.age;

View file

@ -1,26 +1,25 @@
{ {
pkgs, pkgs,
agenix, agenix,
disko,
... ...
}: { }: {
imports = [ imports = [
./hardware-configuration.nix
./system.nix ./system.nix
agenix.nixosModules.default agenix.nixosModules.default
disko.nixosModules.disko
./acme.nix ./acme.nix
./bitwarden.nix ./bitwarden.nix
./borg.nix ./borg.nix
./mosh.nix ./disk-config.nix
./forgejo.nix
./website.nix ./website.nix
./weechat.nix
../../users/maintainer ../../users/maintainer
]; ];
# TODO: put somewhere age.identityPaths = [ "/root/.ssh/id_agenix" ];
age.identityPaths = ["/home/buffet/.ssh/id_agenix"];
networking.hostName = "tara";
users = { users = {
mutableUsers = false; mutableUsers = false;
@ -33,6 +32,4 @@
neovim neovim
tree tree
]; ];
services.syncthing.enable = true;
} }

37
hosts/ami/disk-config.nix Normal file
View file

@ -0,0 +1,37 @@
_: {
disko.devices = {
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

41
hosts/ami/forgejo.nix Normal file
View file

@ -0,0 +1,41 @@
_: let
port = 3000;
in {
services = {
forgejo = {
enable = true;
settings = {
DEFAULT = {
APP_NAME = "buffet's kitchen";
};
server = {
DOMAIN = "buffets.kitchen";
HTTP_PORT = port;
};
service.DISABLE_REGISTRATION = true;
cron.ENABLED = true;
federation.ENABLED = true;
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."buffets.kitchen" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}

View file

@ -1,28 +1,24 @@
{...}: { {modulesPath, ...}: {
imports = [ imports = [
./linode.nix (modulesPath + "/profiles/qemu-guest.nix")
]; ];
# Don't change! # Don't change!
system.stateVersion = "22.05"; system.stateVersion = "23.11";
time.timeZone = "UTC"; time.timeZone = "UTC";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
boot = { boot.loader.grub = {
loader.grub.forceInstall = true; efiSupport = true;
loader.grub.device = "nodev"; efiInstallAsRemovable = true;
loader.timeout = 10;
tmp.cleanOnBoot = true;
}; };
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
services.openssh.enable = true; services.openssh.enable = true;
networking = { networking = {
hostName = "tara"; hostName = "ami";
firewall.allowPing = true; firewall.allowPing = true;
usePredictableInterfaceNames = false;
}; };
nix = { nix = {

View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/sdb";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,17 +0,0 @@
{pkgs, ...}: {
boot = {
kernelParams = ["console=ttyS0,19200n8"];
loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
};
# packages used for maintanence
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
}

View file

@ -1,5 +0,0 @@
_: {
programs.mosh = {
enable = true;
};
}

View file

@ -1,22 +0,0 @@
{pkgs, ...}: let
port = 4124;
in {
networking.firewall.allowedTCPPorts = [port];
environment.systemPackages = with pkgs; [
screen
];
systemd.services.weechat = {
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
Restart = "always";
User = "maintainer";
Group = "users";
};
script = "exec ${pkgs.screen}/bin/screen -Dm -S weechat ${pkgs.weechat}/bin/weechat";
};
}