porani migration
This commit is contained in:
parent
49e2f00259
commit
aaccab5823
GPG key ID:
76BF5F1928B9618B
|
|
@ -16,13 +16,20 @@
|
|||
|
||||
networking.hostName = "porani";
|
||||
|
||||
# enable initrd ssh
|
||||
configuration.init-ssh = {
|
||||
enable = "enabled";
|
||||
kernelModules = [ "e1000e" ];
|
||||
hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
|
||||
backup.services.restic = {
|
||||
"on-porani.private".enable = false;
|
||||
"on-workhorse.private".enable = false;
|
||||
"on-workout.private".enable = false;
|
||||
};
|
||||
|
||||
# not needed because not encrypted
|
||||
# enable initrd ssh
|
||||
#configuration.init-ssh = {
|
||||
# enable = "enabled";
|
||||
# kernelModules = [ "e1000e" ];
|
||||
# hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
|
||||
#};
|
||||
|
||||
# programs
|
||||
programs.custom.vim.enable = true;
|
||||
environment.systemPackages = [ pkgs.mosh ];
|
||||
|
|
|
|||
|
|
@ -1,29 +1,28 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
{
|
||||
|
||||
# boot loader
|
||||
# -----------
|
||||
{
|
||||
# Use the systemd-boot EFI boot loader, not grub
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
#boot.loader.grub = {
|
||||
# device = "/dev/sda";
|
||||
# enable = true;
|
||||
# version = 2;
|
||||
#};
|
||||
}
|
||||
|
||||
# kernel
|
||||
# ------
|
||||
{
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# grub configuration
|
||||
# ------------------
|
||||
boot.loader.grub = {
|
||||
device = "/dev/sda";
|
||||
enable = true;
|
||||
version = 2;
|
||||
};
|
||||
|
||||
# lvm volume group
|
||||
# ----------------
|
||||
boot.initrd.luks.devices = [{
|
||||
name = "vg";
|
||||
device = "/dev/sda2";
|
||||
preLVM = true;
|
||||
}];
|
||||
}
|
||||
|
||||
# automount
|
||||
|
|
@ -54,23 +53,24 @@
|
|||
# ------------
|
||||
environment.systemPackages = [ pkgs.ntfs3g ];
|
||||
|
||||
# root
|
||||
# ----
|
||||
fileSystems."/" = {
|
||||
options = [ "noatime" "nodiratime" "discard" ];
|
||||
device = "/dev/vg/root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
# boot
|
||||
# ----
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
# partitions
|
||||
# ----------
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/77a3e839-5a80-4777-93c3-31be7f0cb99d";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/FBFB-8DA5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/192a8bd6-e5f7-4e66-b69e-f3da701da343";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,29 +17,6 @@
|
|||
key = toString <secrets/syncthing/key.pem>;
|
||||
overrideFolders = true;
|
||||
folders = {
|
||||
# on encrypted device
|
||||
# -------------------
|
||||
desktop = {
|
||||
enable = true;
|
||||
path = "/var/lib/syncthing/desktop";
|
||||
};
|
||||
finance = {
|
||||
enable = true;
|
||||
path = "/var/lib/syncthing/finance";
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "10";
|
||||
};
|
||||
};
|
||||
fotos = {
|
||||
enable = true;
|
||||
path = "/var/lib/syncthing/fotos";
|
||||
};
|
||||
lost-fotos = {
|
||||
enable = true;
|
||||
path = "/var/lib/syncthing/lost-fotos.ct";
|
||||
};
|
||||
|
||||
# on media hard drive (not encrypted)
|
||||
# -----------------------------------
|
||||
movies = {
|
||||
|
|
@ -62,9 +39,9 @@
|
|||
path = "/media/series";
|
||||
rescanInterval = 8 * 3600;
|
||||
};
|
||||
smartphone-music = {
|
||||
porn = {
|
||||
enable = true;
|
||||
path = "/media/smartphone-music";
|
||||
path = "/media/porn";
|
||||
rescanInterval = 8 * 3600;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -70,6 +70,11 @@
|
|||
path = "/media/syncthing/music-library-free";
|
||||
rescanInterval = 8 * 3600;
|
||||
};
|
||||
porn = {
|
||||
enable = true;
|
||||
path = "/media/syncthing/porn";
|
||||
rescanInterval = 8 * 3600;
|
||||
};
|
||||
samples = {
|
||||
enable = true;
|
||||
path = "/media/syncthing/samples";
|
||||
|
|
|
|||
67
shell.nix
67
shell.nix
|
|
@ -114,7 +114,7 @@ let
|
|||
ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
|
||||
};
|
||||
|
||||
wetten.file = toString ./wetten;
|
||||
# wetten.file = toString ./wetten;
|
||||
|
||||
};
|
||||
|
||||
|
|
@ -122,29 +122,45 @@ let
|
|||
|
||||
hostPattern = name: "${name}.private";
|
||||
|
||||
serverDeployment = name:
|
||||
{ host ? (hostPattern name), user ? "root" }:
|
||||
with ops;
|
||||
jobs "deploy-${name}" "${user}@${host}" [
|
||||
(populateTmpfs (source.keys name))
|
||||
(populate (source.secrets name))
|
||||
(populate (source.system name))
|
||||
(populate source.modules)
|
||||
(populate source.nixPkgs)
|
||||
switch
|
||||
];
|
||||
|
||||
desktopDeployment = name:
|
||||
deployment = populateCommands: name:
|
||||
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
|
||||
, commandPrefix ? "deploy", enableSwitch ? true }:
|
||||
with ops;
|
||||
jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
|
||||
(populate (source.secrets name))
|
||||
(populate (source.system name))
|
||||
(populate source.modules)
|
||||
(populate source.desktopSecrets)
|
||||
(populate source.nixPkgs)
|
||||
] ++ (if enableSwitch then [ switch ] else [ ]));
|
||||
jobs "${commandPrefix}-${name}" "${user}@${host}${target}" (
|
||||
populateCommands
|
||||
++ (if enableSwitch then [ switch ] else [ ]));
|
||||
|
||||
#serverDeployment = name:
|
||||
# { host ? (hostPattern name), target ? "/var/src/", user ? "root"
|
||||
# , commandPrefix ? "deploy", enableSwitch ? true }:
|
||||
# with ops;
|
||||
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
|
||||
# ] ++ (if enableSwitch then [ switch ] else [ ]));
|
||||
serverDeployment = name: deployment [
|
||||
(ops.populate source.nixPkgs)
|
||||
(ops.populate source.modules)
|
||||
(ops.populate (source.secrets name))
|
||||
(ops.populate (source.system name))
|
||||
] name;
|
||||
|
||||
#desktopDeployment = name:
|
||||
# { host ? (hostPattern name), target ? "/var/src/", user ? "root"
|
||||
# , commandPrefix ? "deploy", enableSwitch ? true }:
|
||||
# with ops;
|
||||
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
|
||||
# (populate source.nixPkgs)
|
||||
# (populate source.modules)
|
||||
# (populate (source.secrets name))
|
||||
# (populate (source.system name))
|
||||
# (populate source.desktopSecrets)
|
||||
# ] ++ (if enableSwitch then [ switch ] else [ ]));
|
||||
desktopDeployment = name: deployment [
|
||||
(ops.populate source.nixPkgs)
|
||||
(ops.populate source.modules)
|
||||
(ops.populate (source.secrets name))
|
||||
(ops.populate (source.system name))
|
||||
(ops.populate source.desktopSecrets)
|
||||
] name;
|
||||
|
||||
cleanupNix = name:
|
||||
let
|
||||
|
|
@ -168,7 +184,14 @@ let
|
|||
serverList = [ "workhorse" "sputnik" "porani" ];
|
||||
deployments = flip map serverList (name: serverDeployment name { });
|
||||
cleanup = flip map serverList (name: cleanupNix name);
|
||||
in deployments ++ cleanup;
|
||||
install = flip map serverList (name:
|
||||
serverDeployment name {
|
||||
commandPrefix = "install";
|
||||
host = installHost;
|
||||
target = "/mnt/var/src";
|
||||
enableSwitch = false;
|
||||
});
|
||||
in deployments ++ cleanup ++ install ;
|
||||
|
||||
desktops = with lib;
|
||||
let
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@
|
|||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
|
||||
|
||||
};
|
||||
"workout.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -18,7 +17,6 @@
|
|||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjotuQJHDaL0fPY7yA2dIBVWRYOkp7/ablY60psMQ6w";
|
||||
|
||||
};
|
||||
"sputnik.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -27,7 +25,6 @@
|
|||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
|
||||
|
||||
};
|
||||
"workhorse.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -36,7 +33,6 @@
|
|||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
|
||||
|
||||
};
|
||||
"porani.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -44,9 +40,9 @@
|
|||
config.module.cluster.services.tinc.private.hosts.porani.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWUcI7Oc8iAJx0PABv2jhDTKIxFlOdoREsM6VdCQ8M";
|
||||
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
|
||||
};
|
||||
|
||||
"pepe.private" = {
|
||||
hostNames = [
|
||||
"pepe.private"
|
||||
|
|
@ -54,7 +50,6 @@
|
|||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||
|
||||
};
|
||||
"mobi.private" = {
|
||||
hostNames = [
|
||||
|
|
|
|||
|
|
@ -53,22 +53,22 @@ with lib; {
|
|||
private = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" ];
|
||||
};
|
||||
desktop = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" ];
|
||||
};
|
||||
finance = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" ];
|
||||
};
|
||||
fotos = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ];
|
||||
devices = [ "workout" "workhorse" "pepe" "sterni" ];
|
||||
};
|
||||
|
||||
# no need to be stored on encrypted drives
|
||||
|
|
@ -82,7 +82,7 @@ with lib; {
|
|||
lost-fotos = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
devices = [ "workout" "workhorse" "sterni" "porani" ];
|
||||
devices = [ "workout" "workhorse" "sterni" ];
|
||||
};
|
||||
movies = {
|
||||
enable = lib.mkDefault false;
|
||||
|
|
@ -135,7 +135,7 @@ with lib; {
|
|||
enable = lib.mkDefault false;
|
||||
id = "0vjze-xvs8n";
|
||||
watch = false;
|
||||
devices = [ "sterni" "porani" "smartphone" ];
|
||||
devices = [ "sterni" "smartphone" ];
|
||||
};
|
||||
smartphone-fotos = {
|
||||
enable = lib.mkDefault false;
|
||||
|
|
@ -150,17 +150,6 @@ with lib; {
|
|||
devices = [ "workout" "workhorse" ];
|
||||
};
|
||||
|
||||
# one on one
|
||||
porani-workout = {
|
||||
enable = lib.mkDefault false;
|
||||
devices = [ "porani" "workout" ];
|
||||
watch = false;
|
||||
};
|
||||
porani-pepe = {
|
||||
enable = lib.mkDefault false;
|
||||
devices = [ "porani" "pepe" ];
|
||||
watch = false;
|
||||
};
|
||||
windows-sync = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "hcity-p5ikc";
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
services.tor = {
|
||||
enable = false;
|
||||
client.enable = false;
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
hiddenServices.liveos.map = [{ port = 1337; }];
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue