I lost track so stuffies

2025-02-17 22:41:50 +02:00 · 2025-02-17 22:41:50 +02:00 · 53dc5a9eba
commit 53dc5a9eba
parent d9c7ea6255
16 changed files with 353 additions and 3 deletions
--- a/home/default.nix
+++ b/home/default.nix
@ -37,8 +37,6 @@ in {

      # we should define grauntied common modules here
      sharedModules = [
-        inputs.beapkgs.homeManagerModules.default
-
        (self + /modules/home/default.nix)

        {
--- a/modules/base/users/default.nix
+++ b/modules/base/users/default.nix
@ -1,5 +1,8 @@
 {
  imports = [
+    ./mkuser.nix
+    ./options.nix
+    ./pingu.nix
    ./root.nix
  ];
 }
--- a/modules/base/users/mkuser.nix
+++ b/modules/base/users/mkuser.nix
@ -0,0 +1,47 @@
+{
+  lib,
+  config,
+  haiLib,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+  inherit (lib.attrsets) genAttrs;
+  inherit (haiLib) ifTheyExist;
+in {
+  users.users = genAttrs config.olympus.system.users (
+    name: let
+      hm = config.home-manager.users.${name};
+    in {
+      home = "/home/" + name;
+      #shell = hm.olympus.programs.${hm.olympus.programs.defaults.shell}.package;
+      uid = mkDefault 1000;
+      isNormalUser = true;
+      initialPassword = mkDefault "changeme";
+
+      # only add groups that exist
+      extraGroups =
+        [
+          "wheel"
+          "nix"
+        ]
+        ++ ifTheyExist config [
+          "network"
+          "networkmanager"
+          "systemd-journal"
+          "audio"
+          "pipewire" # this give us access to the rt limits
+          "video"
+          "input"
+          "plugdev"
+          "lp"
+          "tss"
+          "power"
+          "mysql"
+          "docker"
+          "git"
+          "libvirtd"
+          "cloudflared"
+        ];
+    }
+  );
+}
--- a/modules/base/users/options.nix
+++ b/modules/base/users/options.nix
@ -0,0 +1,25 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.types) enum listOf str;
+in {
+  options.olympus.system = {
+    mainUser = mkOption {
+      type = enum config.olympus.system.users;
+      description = "The username of the main user for your system";
+      default = builtins.elemAt config.olympus.system.users 0;
+    };
+
+    users = mkOption {
+      type = listOf str;
+      default = ["pingu"];
+      description = ''
+        A list of users that you wish to declare as your non-system users. The first username
+        in the list will be treated as your main user unless {option}`olympus.system.mainUser` is set.
+      '';
+    };
+  };
+}
--- a/modules/base/users/pingu.nix
+++ b/modules/base/users/pingu.nix
@ -0,0 +1,14 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (builtins) elem;
+  inherit (lib.modules) mkIf;
+in {
+  config = mkIf (elem "pingu" config.olympus.system.users) {
+    users.users.pingu.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+    ];
+  };
+}
--- a/systems/default.nix
+++ b/systems/default.nix
@ -34,7 +34,7 @@ in {

        (optionals (class != "iso") [
          # import the home module, which is users for configuring users via home-manager
-          #"${self}/home/default.nix"
+          "${self}/home/default.nix"

          # import the base module, this contains the common configurations between all systems
          "${self}/modules/base/default.nix"
@ -64,6 +64,14 @@ in {
          graphical
        ];
      };
+
+      theia = {
+        deployable = true;
+        modules = [
+          server
+          headless
+        ];
+      };
    };
  };
 }
--- a/systems/nyx/default.nix
+++ b/systems/nyx/default.nix
@ -1,5 +1,22 @@
 {
  imports = [
    ./hardware.nix
+    ./overrides.nix
  ];
+
+  olympus = {
+    device = {
+      cpu = "amd";
+      gpu = "amd";
+    };
+    system = {
+      boot = {
+        loader = "systemd-boot";
+        loadRecommendedModules = true;
+        enableKernelTweaks = true;
+        initrd.enableTweaks = true;
+        plymouth.enable = false;
+      };
+    };
+  };
 }
--- a/systems/nyx/overrides.nix
+++ b/systems/nyx/overrides.nix
@ -0,0 +1,21 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkForce;
+in {
+  config = {
+    boot = {
+      kernelPackages = mkForce pkgs.linux;
+      zfs = {
+        forceImportRoot = false;
+        extraPools = ["zpool" "zootfs" "zepool"];
+        devNodes = "/dev/disk/by-id";
+        allowHibernation = true;
+        package = pkgs.zfs;
+      };
+    };
+  };
+}
--- a/systems/ptocheia/default.nix
+++ b/systems/ptocheia/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./hardware.nix
+    ./users.nix
  ];

  olympus = {
--- a/systems/ptocheia/users.nix
+++ b/systems/ptocheia/users.nix
@ -0,0 +1,5 @@
+{
+  olympus.system = {
+    mainUser = "pingu";
+  };
+}
--- a/systems/theia/default.nix
+++ b/systems/theia/default.nix
@ -0,0 +1,30 @@
+{
+  imports = [
+    ./hardware.nix
+    ./networking.nix
+    ./overrides.nix
+    ./services.nix
+    ./users.nix
+  ];
+
+  olympus = {
+    device = {
+      cpu = "vm-amd";
+      gpu = null;
+    };
+    system = {
+      boot = {
+        loader = "grub";
+        loadRecommendedModules = true;
+        enableKernelTweaks = true;
+        initrd.enableTweaks = true;
+        plymouth.enable = false;
+      };
+      #networking = {
+      # tailscale = {
+      #    enable = true;
+      #  };
+      #};
+    };
+  };
+}
--- a/systems/theia/hardware.nix
+++ b/systems/theia/hardware.nix
@ -0,0 +1,20 @@
+{
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/09e65ff9-2195-41d8-b6a4-671c306742c3";
+      fsType = "ext4";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/FED3-A372";
+      fsType = "vfat";
+      options = ["fmask=0022" "dmask=0022"];
+    };
+  };
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 16 * 1024;
+    }
+  ];
+}
--- a/systems/theia/networking.nix
+++ b/systems/theia/networking.nix
@ -0,0 +1,62 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+in {
+  networking = {
+    enableIPv6 = true;
+    firewall = {
+      allowedTCPPorts = [
+        25565 # minecraft
+      ];
+      allowedUDPPorts = [
+        25565 # minecraft
+      ];
+    };
+    hostName = "theia";
+    nameservers = ["1.1.1.1" "8.8.8.8" "9.9.9.9"];
+    domain = "blahai.gay";
+    useDHCP = mkForce false;
+    defaultGateway = {
+      address = "178.63.247.183";
+      interface = "ens3";
+    };
+    defaultGateway6 = {
+      address = "2a01:4f8:2201:f900:2::2";
+      interface = "ens3";
+    };
+
+    interfaces = {
+      ens3 = {
+        ipv4 = {
+          addresses = [
+            {
+              address = "178.63.118.252";
+              prefixLength = 32;
+            }
+          ];
+
+          routes = [
+            {
+              address = "178.63.247.183";
+              prefixLength = 32;
+            }
+          ];
+        };
+        ipv6 = {
+          addresses = [
+            {
+              address = "2a01:4f8:2201:f912::a";
+              prefixLength = 64;
+            }
+          ];
+
+          routes = [
+            {
+              address = "fe80::1";
+              prefixLength = 128;
+            }
+          ];
+        };
+      };
+    };
+  };
+}
--- a/systems/theia/overrides.nix
+++ b/systems/theia/overrides.nix
@ -0,0 +1,62 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (lib.modules) mkForce mkIf;
+in {
+  config = {
+    services = {
+      smartd.enable = mkForce false; # Unavailable - device lacks SMART capability.
+      qemuGuest.enable = true;
+
+      networkd-dispatcher = mkIf config.olympus.system.networking.tailscale.enable {
+        enable = true;
+        rules."50-tailscale" = {
+          onState = ["routable"];
+          script = ''
+            ${
+              lib.getExe pkgs.ethtool
+            } -K ens3 rx-udp-gro-forwarding on rx-gro-list off
+          '';
+        };
+      };
+    };
+    systemd.services.qemu-guest-agent.path = [pkgs.shadow];
+
+    system.stateVersion = mkForce "25.05";
+
+    boot = {
+      kernelParams = ["net.ifnames=0"];
+      kernel.sysctl = {
+        "net.ipv4.ip_forward" = true;
+        "net.ipv6.conf.all.forwarding" = true;
+      };
+
+      initrd = {
+        availableKernelModules = [
+          "ata_piix"
+          "uhci_hcd"
+          "virtio_pci"
+          "virtio_scsi"
+          "ahci"
+          "sr_mod"
+          "virtio_blk"
+        ];
+        kernelModules = ["dm-snapshot"];
+      };
+
+      loader.grub = {
+        enable = true;
+        useOSProber = mkForce false;
+        efiSupport = mkForce false;
+        enableCryptodisk = false;
+        theme = mkForce null;
+        backgroundColor = mkForce null;
+        splashImage = mkForce null;
+        device = mkForce "/dev/vda";
+      };
+    };
+  };
+}
--- a/systems/theia/services.nix
+++ b/systems/theia/services.nix
@ -0,0 +1,8 @@
+{
+  olympus.services = {
+    caddy.enable = true;
+    forgejo.enable = true;
+    uptime-kuma.enable = true;
+    vaultwarden.enable = true;
+  };
+}
--- a/systems/theia/users.nix
+++ b/systems/theia/users.nix
@ -0,0 +1,29 @@
+{pkgs, ...}: {
+  olympus.system = {
+    mainUser = "pingu";
+    useHomeManager = false;
+  };
+
+  users = {
+    users.pingu = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu"
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    curl
+    bat
+    neovim
+    btop
+    zip
+    jq
+    fish
+    ethtool
+    networkd-dispatcher
+  ];
+}