From 53dc5a9eba5a4ee6e95512c3aca5ab81f1d98239 Mon Sep 17 00:00:00 2001 From: blahai Date: Mon, 17 Feb 2025 22:41:50 +0200 Subject: [PATCH] I lost track so stuffies --- home/default.nix | 2 -- modules/base/users/default.nix | 3 ++ modules/base/users/mkuser.nix | 47 ++++++++++++++++++++++++++ modules/base/users/options.nix | 25 ++++++++++++++ modules/base/users/pingu.nix | 14 ++++++++ systems/default.nix | 10 +++++- systems/nyx/default.nix | 17 ++++++++++ systems/nyx/overrides.nix | 21 ++++++++++++ systems/ptocheia/default.nix | 1 + systems/ptocheia/users.nix | 5 +++ systems/theia/default.nix | 30 ++++++++++++++++ systems/theia/hardware.nix | 20 +++++++++++ systems/theia/networking.nix | 62 ++++++++++++++++++++++++++++++++++ systems/theia/overrides.nix | 62 ++++++++++++++++++++++++++++++++++ systems/theia/services.nix | 8 +++++ systems/theia/users.nix | 29 ++++++++++++++++ 16 files changed, 353 insertions(+), 3 deletions(-) create mode 100644 modules/base/users/mkuser.nix create mode 100644 modules/base/users/options.nix create mode 100644 modules/base/users/pingu.nix create mode 100644 systems/nyx/overrides.nix create mode 100644 systems/ptocheia/users.nix create mode 100644 systems/theia/default.nix create mode 100644 systems/theia/hardware.nix create mode 100644 systems/theia/networking.nix create mode 100644 systems/theia/overrides.nix create mode 100644 systems/theia/services.nix create mode 100644 systems/theia/users.nix diff --git a/home/default.nix b/home/default.nix index 667edc1..8f41b73 100644 --- a/home/default.nix +++ b/home/default.nix @@ -37,8 +37,6 @@ in { # we should define grauntied common modules here sharedModules = [ - inputs.beapkgs.homeManagerModules.default - (self + /modules/home/default.nix) { diff --git a/modules/base/users/default.nix b/modules/base/users/default.nix index f58e484..60231b4 100644 --- a/modules/base/users/default.nix +++ b/modules/base/users/default.nix @@ -1,5 +1,8 @@ { imports = [ + ./mkuser.nix + ./options.nix + ./pingu.nix ./root.nix ]; } diff --git a/modules/base/users/mkuser.nix b/modules/base/users/mkuser.nix new file mode 100644 index 0000000..f4fd5f6 --- /dev/null +++ b/modules/base/users/mkuser.nix @@ -0,0 +1,47 @@ +{ + lib, + config, + haiLib, + ... +}: let + inherit (lib.modules) mkDefault; + inherit (lib.attrsets) genAttrs; + inherit (haiLib) ifTheyExist; +in { + users.users = genAttrs config.olympus.system.users ( + name: let + hm = config.home-manager.users.${name}; + in { + home = "/home/" + name; + #shell = hm.olympus.programs.${hm.olympus.programs.defaults.shell}.package; + uid = mkDefault 1000; + isNormalUser = true; + initialPassword = mkDefault "changeme"; + + # only add groups that exist + extraGroups = + [ + "wheel" + "nix" + ] + ++ ifTheyExist config [ + "network" + "networkmanager" + "systemd-journal" + "audio" + "pipewire" # this give us access to the rt limits + "video" + "input" + "plugdev" + "lp" + "tss" + "power" + "mysql" + "docker" + "git" + "libvirtd" + "cloudflared" + ]; + } + ); +} diff --git a/modules/base/users/options.nix b/modules/base/users/options.nix new file mode 100644 index 0000000..227d663 --- /dev/null +++ b/modules/base/users/options.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + inherit (lib.options) mkOption; + inherit (lib.types) enum listOf str; +in { + options.olympus.system = { + mainUser = mkOption { + type = enum config.olympus.system.users; + description = "The username of the main user for your system"; + default = builtins.elemAt config.olympus.system.users 0; + }; + + users = mkOption { + type = listOf str; + default = ["pingu"]; + description = '' + A list of users that you wish to declare as your non-system users. The first username + in the list will be treated as your main user unless {option}`olympus.system.mainUser` is set. + ''; + }; + }; +} diff --git a/modules/base/users/pingu.nix b/modules/base/users/pingu.nix new file mode 100644 index 0000000..aae6581 --- /dev/null +++ b/modules/base/users/pingu.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + ... +}: let + inherit (builtins) elem; + inherit (lib.modules) mkIf; +in { + config = mkIf (elem "pingu" config.olympus.system.users) { + users.users.pingu.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu" + ]; + }; +} diff --git a/systems/default.nix b/systems/default.nix index 5869629..7e47c6a 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -34,7 +34,7 @@ in { (optionals (class != "iso") [ # import the home module, which is users for configuring users via home-manager - #"${self}/home/default.nix" + "${self}/home/default.nix" # import the base module, this contains the common configurations between all systems "${self}/modules/base/default.nix" @@ -64,6 +64,14 @@ in { graphical ]; }; + + theia = { + deployable = true; + modules = [ + server + headless + ]; + }; }; }; } diff --git a/systems/nyx/default.nix b/systems/nyx/default.nix index 83548c1..b145d14 100644 --- a/systems/nyx/default.nix +++ b/systems/nyx/default.nix @@ -1,5 +1,22 @@ { imports = [ ./hardware.nix + ./overrides.nix ]; + + olympus = { + device = { + cpu = "amd"; + gpu = "amd"; + }; + system = { + boot = { + loader = "systemd-boot"; + loadRecommendedModules = true; + enableKernelTweaks = true; + initrd.enableTweaks = true; + plymouth.enable = false; + }; + }; + }; } diff --git a/systems/nyx/overrides.nix b/systems/nyx/overrides.nix new file mode 100644 index 0000000..787ad11 --- /dev/null +++ b/systems/nyx/overrides.nix @@ -0,0 +1,21 @@ +{ + lib, + pkgs, + config, + ... +}: let + inherit (lib.modules) mkForce; +in { + config = { + boot = { + kernelPackages = mkForce pkgs.linux; + zfs = { + forceImportRoot = false; + extraPools = ["zpool" "zootfs" "zepool"]; + devNodes = "/dev/disk/by-id"; + allowHibernation = true; + package = pkgs.zfs; + }; + }; + }; +} diff --git a/systems/ptocheia/default.nix b/systems/ptocheia/default.nix index e0de5d5..7c0e2f5 100644 --- a/systems/ptocheia/default.nix +++ b/systems/ptocheia/default.nix @@ -1,6 +1,7 @@ { imports = [ ./hardware.nix + ./users.nix ]; olympus = { diff --git a/systems/ptocheia/users.nix b/systems/ptocheia/users.nix new file mode 100644 index 0000000..cf908bc --- /dev/null +++ b/systems/ptocheia/users.nix @@ -0,0 +1,5 @@ +{ + olympus.system = { + mainUser = "pingu"; + }; +} diff --git a/systems/theia/default.nix b/systems/theia/default.nix new file mode 100644 index 0000000..4c0c24b --- /dev/null +++ b/systems/theia/default.nix @@ -0,0 +1,30 @@ +{ + imports = [ + ./hardware.nix + ./networking.nix + ./overrides.nix + ./services.nix + ./users.nix + ]; + + olympus = { + device = { + cpu = "vm-amd"; + gpu = null; + }; + system = { + boot = { + loader = "grub"; + loadRecommendedModules = true; + enableKernelTweaks = true; + initrd.enableTweaks = true; + plymouth.enable = false; + }; + #networking = { + # tailscale = { + # enable = true; + # }; + #}; + }; + }; +} diff --git a/systems/theia/hardware.nix b/systems/theia/hardware.nix new file mode 100644 index 0000000..b650f93 --- /dev/null +++ b/systems/theia/hardware.nix @@ -0,0 +1,20 @@ +{ + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/09e65ff9-2195-41d8-b6a4-671c306742c3"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/FED3-A372"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 16 * 1024; + } + ]; +} diff --git a/systems/theia/networking.nix b/systems/theia/networking.nix new file mode 100644 index 0000000..f79931c --- /dev/null +++ b/systems/theia/networking.nix @@ -0,0 +1,62 @@ +{lib, ...}: let + inherit (lib.modules) mkForce; +in { + networking = { + enableIPv6 = true; + firewall = { + allowedTCPPorts = [ + 25565 # minecraft + ]; + allowedUDPPorts = [ + 25565 # minecraft + ]; + }; + hostName = "theia"; + nameservers = ["1.1.1.1" "8.8.8.8" "9.9.9.9"]; + domain = "blahai.gay"; + useDHCP = mkForce false; + defaultGateway = { + address = "178.63.247.183"; + interface = "ens3"; + }; + defaultGateway6 = { + address = "2a01:4f8:2201:f900:2::2"; + interface = "ens3"; + }; + + interfaces = { + ens3 = { + ipv4 = { + addresses = [ + { + address = "178.63.118.252"; + prefixLength = 32; + } + ]; + + routes = [ + { + address = "178.63.247.183"; + prefixLength = 32; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a01:4f8:2201:f912::a"; + prefixLength = 64; + } + ]; + + routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + }; +} diff --git a/systems/theia/overrides.nix b/systems/theia/overrides.nix new file mode 100644 index 0000000..f0d528b --- /dev/null +++ b/systems/theia/overrides.nix @@ -0,0 +1,62 @@ +{ + lib, + pkgs, + config, + ... +}: let + inherit (lib.modules) mkForce mkIf; +in { + config = { + services = { + smartd.enable = mkForce false; # Unavailable - device lacks SMART capability. + qemuGuest.enable = true; + + networkd-dispatcher = mkIf config.olympus.system.networking.tailscale.enable { + enable = true; + rules."50-tailscale" = { + onState = ["routable"]; + script = '' + ${ + lib.getExe pkgs.ethtool + } -K ens3 rx-udp-gro-forwarding on rx-gro-list off + ''; + }; + }; + }; + systemd.services.qemu-guest-agent.path = [pkgs.shadow]; + + system.stateVersion = mkForce "25.05"; + + boot = { + kernelParams = ["net.ifnames=0"]; + kernel.sysctl = { + "net.ipv4.ip_forward" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + + initrd = { + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "ahci" + "sr_mod" + "virtio_blk" + ]; + kernelModules = ["dm-snapshot"]; + }; + + loader.grub = { + enable = true; + useOSProber = mkForce false; + efiSupport = mkForce false; + enableCryptodisk = false; + theme = mkForce null; + backgroundColor = mkForce null; + splashImage = mkForce null; + device = mkForce "/dev/vda"; + }; + }; + }; +} diff --git a/systems/theia/services.nix b/systems/theia/services.nix new file mode 100644 index 0000000..17e4dda --- /dev/null +++ b/systems/theia/services.nix @@ -0,0 +1,8 @@ +{ + olympus.services = { + caddy.enable = true; + forgejo.enable = true; + uptime-kuma.enable = true; + vaultwarden.enable = true; + }; +} diff --git a/systems/theia/users.nix b/systems/theia/users.nix new file mode 100644 index 0000000..01e4388 --- /dev/null +++ b/systems/theia/users.nix @@ -0,0 +1,29 @@ +{pkgs, ...}: { + olympus.system = { + mainUser = "pingu"; + useHomeManager = false; + }; + + users = { + users.pingu = { + isNormalUser = true; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + git + curl + bat + neovim + btop + zip + jq + fish + ethtool + networkd-dispatcher + ]; +}