feat: migrate tara to ami

2024-03-29 21:56:26 +01:00 · 2024-03-29 21:56:26 +01:00 · e71905be35
commit e71905be35
parent cefd39de8e
14 changed files with 119 additions and 103 deletions
--- a/flake.lock
+++ b/flake.lock
@ -47,6 +47,26 @@
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1713406758,
        "narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=",
        "owner": "nix-community",
        "repo": "disko",
        "rev": "1efd500e9805a9efbce401ed5999006d397b9f11",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "disko",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -153,6 +173,7 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
        "disko": "disko",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
        "nixos-hardware": "nixos-hardware",
--- a/flake.nix
+++ b/flake.nix
@ -13,6 +13,11 @@
      };
    };
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    home-manager = {
      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
@ -49,8 +54,8 @@
      };
  in {
    nixosConfigurations = {
      ami = makeSystem "aarch64-linux" ./hosts/ami;
      alice = makeSystem "x86_64-linux" ./hosts/alice;
      tara = makeSystem "x86_64-linux" ./hosts/tara;
    };
  };
 }
--- a/hosts/tara/acme.nix
+++ b/hosts/tara/acme.nix
--- a/hosts/tara/bitwarden.nix
+++ b/hosts/tara/bitwarden.nix
--- a/hosts/tara/borg.nix
+++ b/hosts/tara/borg.nix
@ -3,7 +3,7 @@
  pkgs,
  ...
 }: let
-  host = "11967@prio.ch-s011.rsync.net";
+  host = "zh4250@zh4250.rsync.net";
 in {
  age.secrets.borgpassword.file = ../../secrets/borgpassword.age;
--- a/hosts/tara/default.nix
+++ b/hosts/tara/default.nix
@ -1,26 +1,25 @@
 {
  pkgs,
  agenix,
  disko,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ./system.nix
    agenix.nixosModules.default
    disko.nixosModules.disko
    ./acme.nix
    ./bitwarden.nix
    ./borg.nix
-    ./mosh.nix
+    ./disk-config.nix
    ./forgejo.nix
    ./website.nix
    ./weechat.nix
    ../../users/maintainer
  ];
-  # TODO: put somewhere
+  age.identityPaths = [ "/root/.ssh/id_agenix" ];
  age.identityPaths = ["/home/buffet/.ssh/id_agenix"];
  networking.hostName = "tara";
  users = {
    mutableUsers = false;
@ -33,6 +32,4 @@
    neovim
    tree
  ];
  services.syncthing.enable = true;
 }
--- a/hosts/ami/disk-config.nix
+++ b/hosts/ami/disk-config.nix
@ -0,0 +1,37 @@
 _: {
  disko.devices = {
    disk.main = {
      device = "/dev/sda";
      type = "disk";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            name = "boot";
            size = "1M";
            type = "EF02";
          };
          esp = {
            name = "esp";
            size = "512M";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
            };
          };
          root = {
            name = "root";
            size = "100%";
            content = {
              type = "filesystem";
              format = "ext4";
              mountpoint = "/";
            };
          };
        };
      };
    };
  };
 }
--- a/hosts/ami/forgejo.nix
+++ b/hosts/ami/forgejo.nix
@ -0,0 +1,41 @@
 _: let
  port = 3000;
 in {
  services = {
    forgejo = {
      enable = true;
      settings = {
        DEFAULT = {
          APP_NAME = "buffet's kitchen";
        };
        server = {
          DOMAIN = "buffets.kitchen";
          HTTP_PORT = port;
        };
        service.DISABLE_REGISTRATION = true;
        cron.ENABLED = true;
        federation.ENABLED = true;
      };
    };
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts."buffets.kitchen" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://localhost:${toString port}";
        };
      };
    };
  };
 }
--- a/hosts/tara/system.nix
+++ b/hosts/tara/system.nix
@ -1,28 +1,24 @@
-{...}: {
+{modulesPath, ...}: {
  imports = [
-    ./linode.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  # Don't change!
-  system.stateVersion = "22.05";
+  system.stateVersion = "23.11";
  time.timeZone = "UTC";
  i18n.defaultLocale = "en_US.UTF-8";
-  boot = {
+      boot.loader.grub = {
-    loader.grub.forceInstall = true;
+        efiSupport = true;
-    loader.grub.device = "nodev";
+        efiInstallAsRemovable = true;
-    loader.timeout = 10;
+      };
    tmp.cleanOnBoot = true;
  };
  security.sudo.wheelNeedsPassword = false;
  services.openssh.enable = true;
  networking = {
-    hostName = "tara";
+    hostName = "ami";
    firewall.allowPing = true;
    usePredictableInterfaceNames = false;
  };
  nix = {
--- a/hosts/tara/website.nix
+++ b/hosts/tara/website.nix
--- a/hosts/tara/hardware-configuration.nix
+++ b/hosts/tara/hardware-configuration.nix
@ -1,37 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = [];
  boot.extraModulePackages = [];
  fileSystems."/" = {
    device = "/dev/sda";
    fsType = "ext4";
  };
  swapDevices = [
    {device = "/dev/sdb";}
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/tara/linode.nix
+++ b/hosts/tara/linode.nix
@ -1,17 +0,0 @@
 {pkgs, ...}: {
  boot = {
    kernelParams = ["console=ttyS0,19200n8"];
    loader.grub.extraConfig = ''
      serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
      terminal_input serial;
      terminal_output serial
    '';
  };
  # packages used for maintanence
  environment.systemPackages = with pkgs; [
    inetutils
    mtr
    sysstat
  ];
 }
--- a/hosts/tara/mosh.nix
+++ b/hosts/tara/mosh.nix
@ -1,5 +0,0 @@
 _: {
  programs.mosh = {
    enable = true;
  };
 }
--- a/hosts/tara/weechat.nix
+++ b/hosts/tara/weechat.nix
@ -1,22 +0,0 @@
 {pkgs, ...}: let
  port = 4124;
 in {
  networking.firewall.allowedTCPPorts = [port];
  environment.systemPackages = with pkgs; [
    screen
  ];
  systemd.services.weechat = {
    after = ["network-online.target"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      Type = "simple";
      Restart = "always";
      User = "maintainer";
      Group = "users";
    };
    script = "exec ${pkgs.screen}/bin/screen -Dm -S weechat ${pkgs.weechat}/bin/weechat";
  };
 }