diff options
| -rw-r--r-- | flake.lock | 18 | ||||
| -rw-r--r-- | flake.nix | 38 | ||||
| -rw-r--r-- | machines/renard/default.nix | 14 | ||||
| -rw-r--r-- | machines/renard/devices.nix | 13 | ||||
| -rw-r--r-- | machines/renard/hardware.nix | 33 | ||||
| -rw-r--r-- | machines/renard/home.nix | 9 | ||||
| -rw-r--r-- | modules/common.nix | 21 | ||||
| -rw-r--r-- | modules/www.nix | 31 | ||||
| -rw-r--r-- | util.nix | 7 |
9 files changed, 158 insertions, 26 deletions
diff --git a/flake.lock b/flake.lock index 66c938b..a7105a6 100644 --- a/flake.lock +++ b/flake.lock @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729691686, - "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", + "lastModified": 1730327045, + "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", + "rev": "080166c15633801df010977d9d7474b4a6c549d7", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "oisd": { "flake": false, "locked": { - "lastModified": 1729966322, - "narHash": "sha256-3Qnz98SRzzFZ8n5oKcpsW4PqGHkfk+Ef+5WKxeY68BI=", + "lastModified": 1730668406, + "narHash": "sha256-3VuzSnkJVEBBAu1VhYXlY1uPu/rFz6N91wYDFJMpN9Y=", "owner": "sjhgvr", "repo": "oisd", - "rev": "7634ebcc1036111300e5f0436cbea18c281a9151", + "rev": "07186bcabbf2de4e320a6d4c4f3d558b0d844e52", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c0adac4..3b0b980 100644 --- a/flake.nix +++ b/flake.nix @@ -19,43 +19,51 @@ outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, home-manager, ... }: let - system = "x86_64-linux"; + systems = { + x86 = "x86_64-linux"; + arm = "aarch64-linux"; + }; - machines = [ - "corsac" + machines = with systems; [ + { name = "corsac"; system = x86; } + { name = "lapin"; system = arm; } + { name = "renard"; system = x86; } ]; - packageSets = let + packageSetsForSystem = system: let pkgsInputs = { inherit system; config = import ./config.nix; }; in rec { pkgs = import nixpkgs pkgsInputs; unstablePkgs = import nixpkgs-unstable pkgsInputs; - auxiliaryPkgs = import ./pkgs { inherit pkgs unstablePkgs; }; + auxiliaryPkgs = import ./pkgs { inherit system pkgs unstablePkgs; }; }; + inherit (nixpkgs) lib; in { - nixosConfigurations = nixpkgs.lib.genAttrs machines - (machine: nixpkgs.lib.nixosSystem { - inherit system; + nixosConfigurations = lib.mergeAttrsList (map (machine: { + ${machine.name} = nixpkgs.lib.nixosSystem { + inherit (machine) system; - specialArgs = inputs // packageSets // { - me = machine; + specialArgs = inputs // (packageSetsForSystem machine.system) // { + me = machine.name; security = import ./security.nix; + util = import ./util.nix { inherit lib; }; }; modules = [ - ./machines/${machine} + ./machines/${machine.name} home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.mel = import ./machines/${machine}/home.nix; + home-manager.users.mel = import ./machines/${machine.name}/home.nix; } ]; - } - ); + }; + }) machines); # compatibility wrapper for nixos-option - legacyPackages.${system} = with packageSets; pkgs.recurseIntoAttrs pkgs; + legacyPackages = lib.genAttrs (lib.attrValues systems) + (system: with packageSetsForSystem system; pkgs.recurseIntoAttrs pkgs); }; } diff --git a/machines/renard/default.nix b/machines/renard/default.nix new file mode 100644 index 0000000..680e2cd --- /dev/null +++ b/machines/renard/default.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + imports = [ + ../../modules/common.nix + + ./hardware.nix + ./devices.nix + + ../../modules/www.nix + ]; + + system.stateVersion = "24.05"; +} diff --git a/machines/renard/devices.nix b/machines/renard/devices.nix new file mode 100644 index 0000000..e54f622 --- /dev/null +++ b/machines/renard/devices.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + boot.initrd = { + availableKernelModules = [ "virtio_pci" "virtio_scsi" ]; + kernelModules = [ "dm-snapshot" ]; + }; + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + }; +} diff --git a/machines/renard/hardware.nix b/machines/renard/hardware.nix new file mode 100644 index 0000000..5db9ce8 --- /dev/null +++ b/machines/renard/hardware.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/258bcc4c-22a7-4c4c-a264-568b7194dffc"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a0b48c9b-9885-4722-a6e1-0e30e657669c"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/renard/home.nix b/machines/renard/home.nix new file mode 100644 index 0000000..dce0783 --- /dev/null +++ b/machines/renard/home.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + imports = [ + ../../modules/home/common.nix + ]; + + home.stateVersion = "24.05"; +} diff --git a/modules/common.nix b/modules/common.nix index f035db5..2f2b141 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,4 +1,4 @@ -{ me, config, lib, pkgs, ... }: +{ me, util, config, lib, pkgs, ... }: { imports = [ @@ -9,8 +9,25 @@ ]; boot.kernelPackages = pkgs.linuxPackages_latest; + + + users.motd = '' + +/^ /^ +\ ' ' 7 < Hi, I'm ${util.titleCase me} +/ \ + + ''; - networking.hostName = me; + networking = { + hostName = me; + + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + trustedInterfaces = [ "tailscale0" ]; + }; + }; services.envfs.enable = true; virtualisation.libvirtd.enable = true; diff --git a/modules/www.nix b/modules/www.nix new file mode 100644 index 0000000..1df69cf --- /dev/null +++ b/modules/www.nix @@ -0,0 +1,31 @@ +{ me, ... }: + +let + rnrdUrl = + if me == "renard" + then "rnrd.eu" + else "${me}.rnrd.eu"; +in +{ + security.acme = { + acceptTerms = true; + defaults.email = "einebeere@gmail.com"; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + default = { default = true; }; + ${rnrdUrl} = { + root = "/var/www/html"; + forceSSL = true; + enableACME = true; + }; + }; + }; +} diff --git a/util.nix b/util.nix new file mode 100644 index 0000000..e783f3b --- /dev/null +++ b/util.nix @@ -0,0 +1,7 @@ +{ lib }: +{ + titleCase = str: with lib.strings; let + firstCharUpper = s: concatStrings [(toUpper (substring 0 1 s)) (substring 1 (stringLength s) s)]; + in + concatStringsSep " " (map firstCharUpper (splitString " " str)); +} |