palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

porani migration

Browse source
This commit is contained in:
Ingolf Wagner 2020-01-31 22:40:14 +13:00
parent 49e2f00259
commit aaccab5823
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
8 changed files with 105 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
configs/porani/configuration.nix
View file

@ -16,13 +16,20 @@
networking.hostName = "porani"; networking.hostName = "porani";
# enable initrd ssh backup.services.restic = {
configuration.init-ssh = { "on-porani.private".enable = false;
enable = "enabled"; "on-workhorse.private".enable = false;
kernelModules = [ "e1000e" ]; "on-workout.private".enable = false;
hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
}; };
# not needed because not encrypted
# enable initrd ssh
#configuration.init-ssh = {
# enable = "enabled";
# kernelModules = [ "e1000e" ];
# hostECDSAKey = <secrets/init-ssh/host_ecdsa_key>;
#};
# programs # programs
programs.custom.vim.enable = true; programs.custom.vim.enable = true;
environment.systemPackages = [ pkgs.mosh ]; environment.systemPackages = [ pkgs.mosh ];

54
configs/porani/hardware-configuration.nix
View file

@ -1,29 +1,28 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
imports = [ imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
{
# boot loader
# -----------
{
# Use the systemd-boot EFI boot loader, not grub
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#boot.loader.grub = {
# device = "/dev/sda";
# enable = true;
# version = 2;
#};
}
# kernel
# ------
{
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# grub configuration
# ------------------
boot.loader.grub = {
device = "/dev/sda";
enable = true;
version = 2;
};
# lvm volume group
# ----------------
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
} }
# automount # automount
@ -54,18 +53,18 @@
# ------------ # ------------
environment.systemPackages = [ pkgs.ntfs3g ]; environment.systemPackages = [ pkgs.ntfs3g ];
# root # partitions
# ---- # ----------
fileSystems."/" = { fileSystems."/" =
options = [ "noatime" "nodiratime" "discard" ]; { device = "/dev/disk/by-uuid/77a3e839-5a80-4777-93c3-31be7f0cb99d";
device = "/dev/vg/root";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" =
# boot { device = "/dev/disk/by-uuid/FBFB-8DA5";
# ---- fsType = "vfat";
fileSystems."/boot" = { };
device = "/dev/sda1"; fileSystems."/home" =
{ device = "/dev/disk/by-uuid/192a8bd6-e5f7-4e66-b69e-f3da701da343";
fsType = "ext4"; fsType = "ext4";
}; };
@ -73,4 +72,5 @@
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
} }

27
configs/porani/syncthing.nix
View file

@ -17,29 +17,6 @@
key = toString <secrets/syncthing/key.pem>; key = toString <secrets/syncthing/key.pem>;
overrideFolders = true; overrideFolders = true;
folders = { folders = {
# on encrypted device
# -------------------
desktop = {
enable = true;
path = "/var/lib/syncthing/desktop";
};
finance = {
enable = true;
path = "/var/lib/syncthing/finance";
versioning = {
type = "simple";
params.keep = "10";
};
};
fotos = {
enable = true;
path = "/var/lib/syncthing/fotos";
};
lost-fotos = {
enable = true;
path = "/var/lib/syncthing/lost-fotos.ct";
};
# on media hard drive (not encrypted) # on media hard drive (not encrypted)
# ----------------------------------- # -----------------------------------
movies = { movies = {
@ -62,9 +39,9 @@
path = "/media/series"; path = "/media/series";
rescanInterval = 8 * 3600; rescanInterval = 8 * 3600;
}; };
smartphone-music = { porn = {
enable = true; enable = true;
path = "/media/smartphone-music"; path = "/media/porn";
rescanInterval = 8 * 3600; rescanInterval = 8 * 3600;
}; };
}; };

5
configs/workhorse/syncthing.nix
View file

@ -70,6 +70,11 @@
path = "/media/syncthing/music-library-free"; path = "/media/syncthing/music-library-free";
rescanInterval = 8 * 3600; rescanInterval = 8 * 3600;
}; };
porn = {
enable = true;
path = "/media/syncthing/porn";
rescanInterval = 8 * 3600;
};
samples = { samples = {
enable = true; enable = true;
path = "/media/syncthing/samples"; path = "/media/syncthing/samples";

67
shell.nix
View file

@ -114,7 +114,7 @@ let
ref = "76260ad60cd99d40ab25df1400b0663d48e736db"; ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
}; };
wetten.file = toString ./wetten; # wetten.file = toString ./wetten;
}; };
@ -122,29 +122,45 @@ let
hostPattern = name: "${name}.private"; hostPattern = name: "${name}.private";
serverDeployment = name: deployment = populateCommands: name:
{ host ? (hostPattern name), user ? "root" }:
with ops;
jobs "deploy-${name}" "${user}@${host}" [
(populateTmpfs (source.keys name))
(populate (source.secrets name))
(populate (source.system name))
(populate source.modules)
(populate source.nixPkgs)
switch
];
desktopDeployment = name:
{ host ? (hostPattern name), target ? "/var/src/", user ? "root" { host ? (hostPattern name), target ? "/var/src/", user ? "root"
, commandPrefix ? "deploy", enableSwitch ? true }: , commandPrefix ? "deploy", enableSwitch ? true }:
with ops; with ops;
jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([ jobs "${commandPrefix}-${name}" "${user}@${host}${target}" (
(populate (source.secrets name)) populateCommands
(populate (source.system name)) ++ (if enableSwitch then [ switch ] else [ ]));
(populate source.modules)
(populate source.desktopSecrets) #serverDeployment = name:
(populate source.nixPkgs) # { host ? (hostPattern name), target ? "/var/src/", user ? "root"
] ++ (if enableSwitch then [ switch ] else [ ])); # , commandPrefix ? "deploy", enableSwitch ? true }:
# with ops;
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
# ] ++ (if enableSwitch then [ switch ] else [ ]));
serverDeployment = name: deployment [
(ops.populate source.nixPkgs)
(ops.populate source.modules)
(ops.populate (source.secrets name))
(ops.populate (source.system name))
] name;
#desktopDeployment = name:
# { host ? (hostPattern name), target ? "/var/src/", user ? "root"
# , commandPrefix ? "deploy", enableSwitch ? true }:
# with ops;
# jobs "${commandPrefix}-${name}" "${user}@${host}${target}" ([
# (populate source.nixPkgs)
# (populate source.modules)
# (populate (source.secrets name))
# (populate (source.system name))
# (populate source.desktopSecrets)
# ] ++ (if enableSwitch then [ switch ] else [ ]));
desktopDeployment = name: deployment [
(ops.populate source.nixPkgs)
(ops.populate source.modules)
(ops.populate (source.secrets name))
(ops.populate (source.system name))
(ops.populate source.desktopSecrets)
] name;
cleanupNix = name: cleanupNix = name:
let let
@ -168,7 +184,14 @@ let
serverList = [ "workhorse" "sputnik" "porani" ]; serverList = [ "workhorse" "sputnik" "porani" ];
deployments = flip map serverList (name: serverDeployment name { }); deployments = flip map serverList (name: serverDeployment name { });
cleanup = flip map serverList (name: cleanupNix name); cleanup = flip map serverList (name: cleanupNix name);
in deployments ++ cleanup; install = flip map serverList (name:
serverDeployment name {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
});
in deployments ++ cleanup ++ install ;
desktops = with lib; desktops = with lib;
let let

9
system/all/sshd-known-hosts-private.nix
View file

@ -9,7 +9,6 @@
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
}; };
"workout.private" = { "workout.private" = {
hostNames = [ hostNames = [
@ -18,7 +17,6 @@
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjotuQJHDaL0fPY7yA2dIBVWRYOkp7/ablY60psMQ6w"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjotuQJHDaL0fPY7yA2dIBVWRYOkp7/ablY60psMQ6w";
}; };
"sputnik.private" = { "sputnik.private" = {
hostNames = [ hostNames = [
@ -27,7 +25,6 @@
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
}; };
"workhorse.private" = { "workhorse.private" = {
hostNames = [ hostNames = [
@ -36,7 +33,6 @@
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
}; };
"porani.private" = { "porani.private" = {
hostNames = [ hostNames = [
@ -44,9 +40,9 @@
config.module.cluster.services.tinc.private.hosts.porani.tincIp config.module.cluster.services.tinc.private.hosts.porani.tincIp
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWUcI7Oc8iAJx0PABv2jhDTKIxFlOdoREsM6VdCQ8M"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
}; };
"pepe.private" = { "pepe.private" = {
hostNames = [ hostNames = [
"pepe.private" "pepe.private"
@ -54,7 +50,6 @@
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
}; };
"mobi.private" = { "mobi.private" = {
hostNames = [ hostNames = [

23
system/all/syncthing.nix
View file

@ -53,22 +53,22 @@ with lib; {
private = { private = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
watch = false; watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; devices = [ "workout" "workhorse" "pepe" "sterni" ];
}; };
desktop = { desktop = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
watch = false; watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; devices = [ "workout" "workhorse" "pepe" "sterni" ];
}; };
finance = { finance = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
watch = false; watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; devices = [ "workout" "workhorse" "pepe" "sterni" ];
}; };
fotos = { fotos = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
watch = false; watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" "porani" ]; devices = [ "workout" "workhorse" "pepe" "sterni" ];
}; };
# no need to be stored on encrypted drives # no need to be stored on encrypted drives
@ -82,7 +82,7 @@ with lib; {
lost-fotos = { lost-fotos = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
watch = false; watch = false;
devices = [ "workout" "workhorse" "sterni" "porani" ]; devices = [ "workout" "workhorse" "sterni" ];
}; };
movies = { movies = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
@ -135,7 +135,7 @@ with lib; {
enable = lib.mkDefault false; enable = lib.mkDefault false;
id = "0vjze-xvs8n"; id = "0vjze-xvs8n";
watch = false; watch = false;
devices = [ "sterni" "porani" "smartphone" ]; devices = [ "sterni" "smartphone" ];
}; };
smartphone-fotos = { smartphone-fotos = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
@ -150,17 +150,6 @@ with lib; {
devices = [ "workout" "workhorse" ]; devices = [ "workout" "workhorse" ];
}; };
# one on one
porani-workout = {
enable = lib.mkDefault false;
devices = [ "porani" "workout" ];
watch = false;
};
porani-pepe = {
enable = lib.mkDefault false;
devices = [ "porani" "pepe" ];
watch = false;
};
windows-sync = { windows-sync = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
id = "hcity-p5ikc"; id = "hcity-p5ikc";

4
system/desktop/remote-install.nix
View file

@ -1,8 +1,8 @@
{ pkgs, ... }: { { pkgs, ... }: {
services.tor = { services.tor = {
enable = false; enable = true;
client.enable = false; client.enable = true;
hiddenServices.liveos.map = [{ port = 1337; }]; hiddenServices.liveos.map = [{ port = 1337; }];
}; };