feat: migrate tara to ami

2024-03-29 21:56:26 +01:00 · 2024-03-29 21:56:26 +01:00 · e71905be35
commit e71905be35
parent cefd39de8e
14 changed files with 119 additions and 103 deletions
--- a/flake.lock
+++ b/flake.lock
@ -47,6 +47,26 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1713406758,
+        "narHash": "sha256-kwZvhmx+hSZvjzemKxsAqzEqWmXZS47VVwQhNrINORQ=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "1efd500e9805a9efbce401ed5999006d397b9f11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -153,6 +173,7 @@
    "root": {
      "inputs": {
        "agenix": "agenix",
+        "disko": "disko",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
        "nixos-hardware": "nixos-hardware",
--- a/flake.nix
+++ b/flake.nix
@ -13,6 +13,11 @@
      };
    };

+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    home-manager = {
      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
@ -49,8 +54,8 @@
      };
  in {
    nixosConfigurations = {
+      ami = makeSystem "aarch64-linux" ./hosts/ami;
      alice = makeSystem "x86_64-linux" ./hosts/alice;
-      tara = makeSystem "x86_64-linux" ./hosts/tara;
    };
  };
 }
--- a/hosts/tara/acme.nix
+++ b/hosts/tara/acme.nix
--- a/hosts/tara/bitwarden.nix
+++ b/hosts/tara/bitwarden.nix
--- a/hosts/tara/borg.nix
+++ b/hosts/tara/borg.nix
@ -3,7 +3,7 @@
  pkgs,
  ...
 }: let
-  host = "11967@prio.ch-s011.rsync.net";
+  host = "zh4250@zh4250.rsync.net";
 in {
  age.secrets.borgpassword.file = ../../secrets/borgpassword.age;

--- a/hosts/tara/default.nix
+++ b/hosts/tara/default.nix
@ -1,26 +1,25 @@
 {
  pkgs,
  agenix,
+  disko,
  ...
 }: {
  imports = [
-    ./hardware-configuration.nix
    ./system.nix
    agenix.nixosModules.default
+    disko.nixosModules.disko

    ./acme.nix
    ./bitwarden.nix
    ./borg.nix
-    ./mosh.nix
+    ./disk-config.nix
+    ./forgejo.nix
    ./website.nix
-    ./weechat.nix

    ../../users/maintainer
  ];

-  # TODO: put somewhere
-  age.identityPaths = ["/home/buffet/.ssh/id_agenix"];
-  networking.hostName = "tara";
+  age.identityPaths = [ "/root/.ssh/id_agenix" ];

  users = {
    mutableUsers = false;
@ -33,6 +32,4 @@
    neovim
    tree
  ];
-
-  services.syncthing.enable = true;
 }
--- a/hosts/ami/disk-config.nix
+++ b/hosts/ami/disk-config.nix
@ -0,0 +1,37 @@
+_: {
+  disko.devices = {
+    disk.main = {
+      device = "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "esp";
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/ami/forgejo.nix
+++ b/hosts/ami/forgejo.nix
@ -0,0 +1,41 @@
+_: let
+  port = 3000;
+in {
+  services = {
+    forgejo = {
+      enable = true;
+      settings = {
+        DEFAULT = {
+          APP_NAME = "buffet's kitchen";
+        };
+
+        server = {
+          DOMAIN = "buffets.kitchen";
+          HTTP_PORT = port;
+        };
+
+        service.DISABLE_REGISTRATION = true;
+        cron.ENABLED = true;
+        federation.ENABLED = true;
+      };
+    };
+
+    nginx = {
+      enable = true;
+
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+
+      virtualHosts."buffets.kitchen" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/" = {
+          proxyPass = "http://localhost:${toString port}";
+        };
+      };
+    };
+  };
+}
--- a/hosts/tara/system.nix
+++ b/hosts/tara/system.nix
@ -1,28 +1,24 @@
-{...}: {
+{modulesPath, ...}: {
  imports = [
-    ./linode.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
  ];
-
  # Don't change!
-  system.stateVersion = "22.05";
+  system.stateVersion = "23.11";

  time.timeZone = "UTC";
  i18n.defaultLocale = "en_US.UTF-8";

-  boot = {
-    loader.grub.forceInstall = true;
-    loader.grub.device = "nodev";
-    loader.timeout = 10;
-    tmp.cleanOnBoot = true;
+      boot.loader.grub = {
+        efiSupport = true;
+        efiInstallAsRemovable = true;
      };

  security.sudo.wheelNeedsPassword = false;
  services.openssh.enable = true;

  networking = {
-    hostName = "tara";
+    hostName = "ami";
    firewall.allowPing = true;
-    usePredictableInterfaceNames = false;
  };

  nix = {
--- a/hosts/tara/website.nix
+++ b/hosts/tara/website.nix
--- a/hosts/tara/hardware-configuration.nix
+++ b/hosts/tara/hardware-configuration.nix
@ -1,37 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/sda";
-    fsType = "ext4";
-  };
-
-  swapDevices = [
-    {device = "/dev/sdb";}
-  ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/hosts/tara/linode.nix
+++ b/hosts/tara/linode.nix
@ -1,17 +0,0 @@
-{pkgs, ...}: {
-  boot = {
-    kernelParams = ["console=ttyS0,19200n8"];
-    loader.grub.extraConfig = ''
-      serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
-      terminal_input serial;
-      terminal_output serial
-    '';
-  };
-
-  # packages used for maintanence
-  environment.systemPackages = with pkgs; [
-    inetutils
-    mtr
-    sysstat
-  ];
-}
--- a/hosts/tara/mosh.nix
+++ b/hosts/tara/mosh.nix
@ -1,5 +0,0 @@
-_: {
-  programs.mosh = {
-    enable = true;
-  };
-}
--- a/hosts/tara/weechat.nix
+++ b/hosts/tara/weechat.nix
@ -1,22 +0,0 @@
-{pkgs, ...}: let
-  port = 4124;
-in {
-  networking.firewall.allowedTCPPorts = [port];
-
-  environment.systemPackages = with pkgs; [
-    screen
-  ];
-
-  systemd.services.weechat = {
-    after = ["network-online.target"];
-    wantedBy = ["multi-user.target"];
-    serviceConfig = {
-      Type = "simple";
-      Restart = "always";
-      User = "maintainer";
-      Group = "users";
-    };
-
-    script = "exec ${pkgs.screen}/bin/screen -Dm -S weechat ${pkgs.weechat}/bin/weechat";
-  };
-}