palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

porani migration

Browse source
This commit is contained in:
Ingolf Wagner 2020-01-31 22:40:14 +13:00
parent 49e2f00259
commit aaccab5823
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
8 changed files with 105 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
configs/porani/configuration.nix
View file

@ -16,13 +16,20 @@
networking.hostName = "porani";
# enable initrd ssh
configuration.init-ssh = {
enable = "enabled";
kernelModules = [ "e1000e" ];
hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
backup.services.restic = {
"on-porani.private".enable = false;
"on-workhorse.private".enable = false;
"on-workout.private".enable = false;
};
# not needed because not encrypted
# enable initrd ssh
#configuration.init-ssh = {
# enable = "enabled";
# kernelModules = [ "e1000e" ];
# hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
#};
# programs
programs.custom.vim.enable = true;
environment.systemPackages = [ pkgs.mosh ];

62
configs/porani/hardware-configuration.nix
View file

@ -1,29 +1,28 @@
{ config, lib, pkgs, ... }: {
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
{
# boot loader
# -----------
{
# Use the systemd-boot EFI boot loader, not grub
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#boot.loader.grub = {
# device = "/dev/sda";
# enable = true;
# version = 2;
#};
}
# kernel
# ------
{
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# grub configuration
# ------------------
boot.loader.grub = {
device = "/dev/sda";
enable = true;
version = 2;
};
# lvm volume group
# ----------------
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
}
# automount
@ -54,23 +53,24 @@
# ------------
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/root";
fsType = "ext4";
};
# boot
# ----
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "ext4";
};
# partitions
# ----------
fileSystems."/" =
{ device = "/dev/disk/by-uuid/77a3e839-5a80-4777-93c3-31be7f0cb99d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/FBFB-8DA5";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/192a8bd6-e5f7-4e66-b69e-f3da701da343";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

27
configs/porani/syncthing.nix
View file

@ -17,29 +17,6 @@
key = toString <secrets/syncthing/key.pem>;
overrideFolders = true;
folders = {
# on encrypted device
# -------------------
desktop = {
enable = true;
path = "/var/lib/syncthing/desktop";
};
finance = {
enable = true;
path = "/var/lib/syncthing/finance";
versioning = {
type = "simple";
params.keep = "10";
};
};
fotos = {
enable = true;
path = "/var/lib/syncthing/fotos";
};
lost-fotos = {
enable = true;
path = "/var/lib/syncthing/lost-fotos.ct";
};
# on media hard drive (not encrypted)
# -----------------------------------
movies = {
@ -62,9 +39,9 @@
path = "/media/series";
rescanInterval = 8 * 3600;
};
smartphone-music = {
porn = {
enable = true;
path = "/media/smartphone-music";
path = "/media/porn";
rescanInterval = 8 * 3600;
};
};

5
configs/workhorse/syncthing.nix
View file

@ -70,6 +70,11 @@
path = "/media/syncthing/music-library-free";
rescanInterval = 8 * 3600;
};
porn = {
enable = true;
path = "/media/syncthing/porn";
rescanInterval = 8 * 3600;
};
samples = {
enable = true;
path = "/media/syncthing/samples";

67
shell.nix
View file

@ -114,7 +114,7 @@ let
ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
};
wetten.file = toString ./wetten;
# wetten.file = toString ./wetten;
};
@ -122,29 +122,45 @@ let
hostPattern = name: "${name}.private";
serverDeployment = name:
{ host ? (hostPattern name), user ? "root" }:
with ops;
jobs "deploy-${name}" "${user}@${host}" [
(populateTmpfs (source.keys name))
(populate (source.secrets name))
(populate (source.system name))
(populate source.modules)
(populate source.nixPkgs)
switch
];
desktopDeployment = name:
deployment = populateCommands: name:
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
, commandPrefix ? "deploy", enableSwitch ? true }:
with ops;
jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
(populate (source.secrets name))
(populate (source.system name))
(populate source.modules)
(populate source.desktopSecrets)
(populate source.nixPkgs)
] ++ (if enableSwitch then [ switch ] else [ ]));
jobs "${commandPrefix}-${name}" "${user}@${host}${target}" (
populateCommands
++ (if enableSwitch then [ switch ] else [ ]));
#serverDeployment = name:
# { host ? (hostPattern name), target ? "/var/src/", user ? "root"
# , commandPrefix ? "deploy", enableSwitch ? true }:
# with ops;
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
# ] ++ (if enableSwitch then [ switch ] else [ ]));
serverDeployment = name: deployment [
(ops.populate source.nixPkgs)
(ops.populate source.modules)
(ops.populate (source.secrets name))
(ops.populate (source.system name))
] name;
#desktopDeployment = name:
# { host ? (hostPattern name), target ? "/var/src/", user ? "root"
# , commandPrefix ? "deploy", enableSwitch ? true }:
# with ops;
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
# (populate source.nixPkgs)
# (populate source.modules)
# (populate (source.secrets name))
# (populate (source.system name))
# (populate source.desktopSecrets)
# ] ++ (if enableSwitch then [ switch ] else [ ]));
desktopDeployment = name: deployment [
(ops.populate source.nixPkgs)
(ops.populate source.modules)
(ops.populate (source.secrets name))
(ops.populate (source.system name))
(ops.populate source.desktopSecrets)
] name;
cleanupNix = name:
let
@ -168,7 +184,14 @@ let
serverList = [ "workhorse" "sputnik" "porani" ];
deployments = flip map serverList (name: serverDeployment name { });
cleanup = flip map serverList (name: cleanupNix name);
in deployments ++ cleanup;
install = flip map serverList (name:
serverDeployment name {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
});
in deployments ++ cleanup ++ install ;
desktops = with lib;
let

9
system/all/sshd-known-hosts-private.nix
View file

@ -9,7 +9,6 @@
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
};
"workout.private" = {
hostNames = [
@ -18,7 +17,6 @@
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjotuQJHDaL0fPY7yA2dIBVWRYOkp7/ablY60psMQ6w";
};
"sputnik.private" = {
hostNames = [
@ -27,7 +25,6 @@
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
};
"workhorse.private" = {
hostNames = [
@ -36,7 +33,6 @@
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
};
"porani.private" = {
hostNames = [
@ -44,9 +40,9 @@
config.module.cluster.services.tinc.private.hosts.porani.tincIp
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWUcI7Oc8iAJx0PABv2jhDTKIxFlOdoREsM6VdCQ8M";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
};
"pepe.private" = {
hostNames = [
"pepe.private"
@ -54,7 +50,6 @@
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
"mobi.private" = {
hostNames = [

23
system/all/syncthing.nix
View file

@ -53,22 +53,22 @@ with lib; {
private = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
devices = [ "workout" "workhorse" "pepe" "sterni" ];
};
desktop = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
devices = [ "workout" "workhorse" "pepe" "sterni" ];
};
finance = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
devices = [ "workout" "workhorse" "pepe" "sterni" ];
};
fotos = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
devices = [ "workout" "workhorse" "pepe" "sterni" ];
};
# no need to be stored on encrypted drives
@ -82,7 +82,7 @@ with lib; {
lost-fotos = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "sterni" "porani" ];
devices = [ "workout" "workhorse" "sterni" ];
};
movies = {
enable = lib.mkDefault false;
@ -135,7 +135,7 @@ with lib; {
enable = lib.mkDefault false;
id = "0vjze-xvs8n";
watch = false;
devices = [ "sterni" "porani" "smartphone" ];
devices = [ "sterni" "smartphone" ];
};
smartphone-fotos = {
enable = lib.mkDefault false;
@ -150,17 +150,6 @@ with lib; {
devices = [ "workout" "workhorse" ];
};
# one on one
porani-workout = {
enable = lib.mkDefault false;
devices = [ "porani" "workout" ];
watch = false;
};
porani-pepe = {
enable = lib.mkDefault false;
devices = [ "porani" "pepe" ];
watch = false;
};
windows-sync = {
enable = lib.mkDefault false;
id = "hcity-p5ikc";

4
system/desktop/remote-install.nix
View file

@ -1,8 +1,8 @@
{ pkgs, ... }: {
services.tor = {
enable = false;
client.enable = false;
enable = true;
client.enable = true;
hiddenServices.liveos.map = [{ port = 1337; }];
};