From b1c275ad643abf03b12305d7383f0f0a04686ecf Mon Sep 17 00:00:00 2001 From: CherryKitten Date: Tue, 17 Sep 2024 12:27:25 +0200 Subject: [PATCH] move hosts into a submodule --- .gitmodules | 3 + hosts | 1 + hosts/bengal/default.nix | 16 ----- hosts/bengal/hardware-configuration.nix | 34 --------- hosts/dinictis/default.nix | 85 ----------------------- hosts/dinictis/hardware-configuration.nix | 76 -------------------- hosts/ocelot/default.nix | 61 ---------------- hosts/ocelot/gotosocial.nix | 57 --------------- hosts/ocelot/website.nix | 17 ----- hosts/serval/default.nix | 65 ----------------- hosts/tabby/default.nix | 52 -------------- hosts/tabby/hardware-configuration.nix | 45 ------------ 12 files changed, 4 insertions(+), 508 deletions(-) create mode 160000 hosts delete mode 100644 hosts/bengal/default.nix delete mode 100644 hosts/bengal/hardware-configuration.nix delete mode 100644 hosts/dinictis/default.nix delete mode 100644 hosts/dinictis/hardware-configuration.nix delete mode 100644 hosts/ocelot/default.nix delete mode 100644 hosts/ocelot/gotosocial.nix delete mode 100644 hosts/ocelot/website.nix delete mode 100644 hosts/serval/default.nix delete mode 100644 hosts/tabby/default.nix delete mode 100644 hosts/tabby/hardware-configuration.nix diff --git a/.gitmodules b/.gitmodules index e0b2a55..81830a2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -5,3 +5,6 @@ [submodule "secrets"] path = secrets url = git@git.cherrykitten.dev:sammy/secret-store +[submodule "hosts"] + path = hosts + url = git@git.cherrykitten.dev:sammy/nix-hosts diff --git a/hosts b/hosts new file mode 160000 index 0000000..f75c0b5 --- /dev/null +++ b/hosts @@ -0,0 +1 @@ +Subproject commit f75c0b5d2238ad0d2c792328f8bae07a6157170e diff --git a/hosts/bengal/default.nix b/hosts/bengal/default.nix deleted file mode 100644 index 816af2e..0000000 --- a/hosts/bengal/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: { - imports = [ - ./hardware-configuration.nix - ../../profiles/desktop - ]; - - boot.loader.systemd-boot.enable = true; - - networking.networkmanager.enable = true; - - services.printing.enable = true; - - hardware.pulseaudio.enable = true; - - system.stateVersion = "23.11"; # Did you read the comment? -} diff --git a/hosts/bengal/hardware-configuration.nix b/hosts/bengal/hardware-configuration.nix deleted file mode 100644 index 47aa8f2..0000000 --- a/hosts/bengal/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/7a713df7-7027-4ae6-b1a3-839dda62dcbc"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/fbd8d597-8cdb-4c6b-9fa0-b05f4cbfce86"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/B4A7-702B"; - fsType = "vfat"; - }; - - swapDevices = [{ device = "/dev/disk/by-uuid/8cca600e-735e-4486-92e3-01ff6c0b7599"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/dinictis/default.nix b/hosts/dinictis/default.nix deleted file mode 100644 index 651a253..0000000 --- a/hosts/dinictis/default.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ pkgs, ... }: { - imports = [ - ../../profiles/desktop - ./hardware-configuration.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.iwd.enable = true; - - # Enable CUPS to print documents. - services.printing.enable = true; - - users.users.sammy.packages = with pkgs; [ - picard - ]; - - home-manager.users.sammy.programs.ssh.includes = [ - "./famedly-config" - ]; - home-manager.users.sammy.programs.git.includes = [ - { - path = "~/famedly/.gitconfig"; - condition = "gitdir:~/famedly/"; - } - ]; - - fileSystems."/mnt/Media" = { - device = "192.168.0.3:/mnt/user/Media"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds) - }; - - system.stateVersion = "23.11"; # Did you read the comment? - - # Famedly compliance foo - stolen from evelyn :3 - - systemd.user.services.usbguard-notifier.enable = true; - - services.clamav = { - daemon = { - enable = true; - }; - updater = { - enable = true; - frequency = 24; - interval = "hourly"; - }; - }; - - deployment.keys."osquery-secret.txt" = { - keyCommand = [ "pass" "work/osquery-secret" ]; - - destDir = "/etc/osquery/"; - uploadAt = "pre-activation"; - }; - - services.osquery = { - enable = true; - flags = { - tls_hostname = "fleet.famedly.de"; - host_identifier = "instance"; - enroll_secret_path = "/etc/osquery/osquery-secret.txt"; - enroll_tls_endpoint = "/api/osquery/enroll"; - config_plugin = "tls"; - config_tls_endpoint = "/api/v1/osquery/config"; - config_refresh = "10"; - disable_distributed = "false"; - distributed_plugin = "tls"; - distributed_interval = "10"; - distributed_tls_max_attempts = "3"; - distributed_tls_read_endpoint = "/api/v1/osquery/distributed/read"; - distributed_tls_write_endpoint = "/api/v1/osquery/distributed/write"; - logger_plugin = "tls"; - logger_tls_endpoint = "/api/v1/osquery/log"; - logger_tls_period = "10"; - disable_carver = "false"; - carver_start_endpoint = "/api/v1/osquery/carve/begin"; - carver_continue_endpoint = "/api/v1/osquery/carve/block"; - carver_block_size = "2000000"; - tls_server_certs = "/etc/ssl/certs/ca-certificates.crt"; - }; - }; -} diff --git a/hosts/dinictis/hardware-configuration.nix b/hosts/dinictis/hardware-configuration.nix deleted file mode 100644 index 85d2415..0000000 --- a/hosts/dinictis/hardware-configuration.nix +++ /dev/null @@ -1,76 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/73e8faf4-a250-4edb-9583-a16dcfff621b"; - boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/4bd4ac67-74a8-4a67-b5eb-e8ebf814d5d7"; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/persist" = - { - device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646"; - fsType = "btrfs"; - options = [ "subvol=persist" ]; - }; - - fileSystems."/var/log" = - { - device = "/dev/disk/by-uuid/a3e601e7-7005-4513-8dff-748d9f384646"; - fsType = "btrfs"; - options = [ "subvol=log" ]; - neededForBoot = true; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/6891-5A39"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/65f4c4dd-57e7-4709-a017-2277874d3917"; }]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - # networking.interfaces.wwp0s20f0u2.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/ocelot/default.nix b/hosts/ocelot/default.nix deleted file mode 100644 index 5cd99ed..0000000 --- a/hosts/ocelot/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib, config, ... }: { - imports = [ - ./gotosocial.nix - ../../profiles/hcloud - ./website.nix - ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - fileSystems."/mnt/gts" = { device = "/dev/sdb1"; fsType = "ext4"; }; - services.restic.backups.default.paths = ["/mnt/gts"]; - cherrykitten.backups.enable = true; - cherrykitten.network = { - public_IPv4 = "128.140.109.125"; - public_IPv6 = "2a01:4f8:c2c:bd32::1"; - internal_IPv4 = "10.69.0.5"; - internal_IPv6 = "fe80::8400:ff:fe8e:470d"; - }; - cherrykitten.prometheus.client.enable = true; - - networking = { - nameservers = [ - "8.8.8.8" - ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { address = config.cherrykitten.network.public_IPv4; prefixLength = 32; } - ]; - ipv6.addresses = [ - { address = config.cherrykitten.network.public_IPv6; prefixLength = 64; } - ]; - ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; - ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; - }; - eth1 = { - ipv4.addresses = [ - { address = config.cherrykitten.network.internal_IPv4; prefixLength = 32; } - ]; - ipv6.addresses = [ - { address = config.cherrykitten.network.internal_IPv6; prefixLength = 64; } - ]; - ipv4.routes = [ - { address = "10.69.0.1"; prefixLength = 32; } - { address = "10.69.0.0"; prefixLength = 24; via = "10.69.0.1"; } - ]; - }; - }; - }; - services.udev.extraRules = '' - ATTR{address}=="96:00:03:24:67:7a", NAME="eth0" - ATTR{address}=="86:00:00:8e:47:0d", NAME="eth1" - ''; - - system.stateVersion = "23.11"; -} diff --git a/hosts/ocelot/gotosocial.nix b/hosts/ocelot/gotosocial.nix deleted file mode 100644 index c499e49..0000000 --- a/hosts/ocelot/gotosocial.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ ... }: -let - bind-address = "127.0.0.1"; - host = "cherrykitten.gay"; - port = 8553; -in -{ - services.gotosocial = { - enable = true; - setupPostgresqlDB = true; - settings = { - inherit bind-address host port; - application-name = "CherryKitten"; - landing-page-user = "sammy"; - - instance-expose-suspended = true; - instance-expose-suspended-web = true; - accounts-registration-open = false; - - media-image-max-size = 41943040; - media-video-max-size = 83886080; - media-description-max-chars = 3000; - media-remote-cache-days = 14; - media-emoji-local-max-size = 204800; - media-emoji-remote-max-size = 204800; - - statuses-max-chars = 69420; - statuses-cw-max-chars = 200; - statuses-poll-max-options = 10; - statuses-poll-option-max-chars = 150; - statuses-media-max-files = 16; - - storage-backend = "local"; - storage-local-base-path = "/mnt/gts"; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx = { - enable = true; - clientMaxBodySize = "80M"; - virtualHosts = { - "${host}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - proxyPass = "http://${bind-address}:${toString port}"; - }; - }; - }; - }; - }; -} - diff --git a/hosts/ocelot/website.nix b/hosts/ocelot/website.nix deleted file mode 100644 index 2506c39..0000000 --- a/hosts/ocelot/website.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ inputs, ... }: { - services.nginx = { - enable = true; - virtualHosts = { - "cherrykitten.dev" = { - extraConfig = "error_page 404 /404.html;"; - addSSL = true; - enableACME = true; - locations = { - "/" = { - root = "${inputs.cherrykitten-website.packages.x86_64-linux.website}/var/www/cherrykitten.dev"; - }; - }; - }; - }; - }; -} diff --git a/hosts/serval/default.nix b/hosts/serval/default.nix deleted file mode 100644 index 5d8af34..0000000 --- a/hosts/serval/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ lib, config, ... }: { - imports = [ ../../profiles/hcloud ]; - - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - cherrykitten.backups.enable = true; - cherrykitten.prometheus = { - server.enable = true; - client.enable = true; - }; - cherrykitten.grafana = { - enable = true; - hostname = "graph.cherrykitten.dev"; - }; - cherrykitten.network = { - public_IPv4 = "116.203.116.228"; - public_IPv6 = "2a01:4f8:1c1b:5db9::1"; - internal_IPv4 = "10.69.0.2"; - internal_IPv6 = "fe80::8400:ff:fe8e:e0a0"; - }; - - networking = { - nameservers = [ - "2a01:4ff:ff00::add:2" - "2a01:4ff:ff00::add:1" - "185.12.64.2" - ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { address = config.cherrykitten.network.public_IPv4; prefixLength = 32; } - ]; - ipv6.addresses = [ - { address = config.cherrykitten.network.public_IPv6; prefixLength = 64; } - ]; - ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; - ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; - }; - ens10 = { - ipv4.addresses = [ - { address = config.cherrykitten.network.internal_IPv4; prefixLength = 32; } - ]; - ipv6.addresses = [ - { address = config.cherrykitten.network.internal_IPv6; prefixLength = 64; } - ]; - ipv4.routes = [ - { address = "10.69.0.1"; prefixLength = 32; } - { address = "10.69.0.0"; prefixLength = 24; via = "10.69.0.1"; } - ]; - }; - }; - }; - services.udev.extraRules = '' - ATTR{address}=="96:00:03:60:ec:55", NAME="eth0" - ATTR{address}=="86:00:00:8e:e0:a0", NAME="ens10" - ''; - - system.stateVersion = "23.11"; -} diff --git a/hosts/tabby/default.nix b/hosts/tabby/default.nix deleted file mode 100644 index f589949..0000000 --- a/hosts/tabby/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ pkgs, pkgs-unstable, lib, inputs, ... }: { - imports = [ - ../../profiles/desktop - ./hardware-configuration.nix - inputs.nixos-hardware.nixosModules.framework-16-7040-amd - ]; - - services.hardware.bolt.enable = true; - cherrykitten.impermanence.enable = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.iwd.enable = true; - - fileSystems."/mnt/Media" = { - device = "192.168.0.3:/mnt/user/Media"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds) - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - services.fwupd.enable = true; - - services.xserver.xkb.layout = lib.mkForce "us"; - - users.users.sammy.packages = with pkgs; [ - picard - discord - inkscape - pkgs-unstable.osu-lazer-bin - ]; - - programs.steam = { - enable = true; - }; - - hardware.steam-hardware.enable = true; - services.usbmuxd.enable = true; - - environment.systemPackages = with pkgs; [ - libimobiledevice - ifuse # optional, to mount using 'ifuse' -]; - - system.stateVersion = "24.05"; # Did you read the comment? -} diff --git a/hosts/tabby/hardware-configuration.nix b/hosts/tabby/hardware-configuration.nix deleted file mode 100644 index ffd80d7..0000000 --- a/hosts/tabby/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "none"; - fsType = "tmpfs"; - options = [ "defaults" "size=50%" "mode=755" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/7BD4-96D5"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/b1377283-89a6-434b-8315-60314dcd56ab"; - fsType = "btrfs"; - neededForBoot = true; - }; - - boot.initrd.luks.devices."nix".device = "/dev/disk/by-uuid/51f9bf11-5b38-4753-b927-2ff3e01dd5e0"; - boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/2c2f9f9d-0eca-4375-b284-108564c48af8"; - - swapDevices = - [{ device = "/dev/mapper/swap"; }]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}