diff --git a/flake.nix b/flake.nix index e55679c..31b0449 100644 --- a/flake.nix +++ b/flake.nix @@ -238,8 +238,6 @@ nixosConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.lists.forEach [ "nixos-desk" - "nixos-he4" - "nixos-karl-kvm-guest" "nixos-pulse" "nixos-fw16" "rescue-iso" diff --git a/systems/nixos-he4/default.nix b/systems/nixos-he4/default.nix deleted file mode 100644 index 6253502..0000000 --- a/systems/nixos-he4/default.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config -, lib -, pkgs -, modulesPath -, system -, inputs -, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - ../../os-mods/cachix - ../../os-mods/common - ../../os-mods/netdata - ../../os-mods/network - ../../os-mods/virt - ./disko.nix - ]; - - config = { - system.stateVersion = "23.11"; - - environment.systemPackages = with pkgs; [ - cryptsetup - ]; - - users.groups.git = { - gid = 974; - }; - users.users = { - root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1" - ]; - - git = { - uid = 974; - group = "git"; - isSystemUser = true; - homeMode = "700"; - createHome = true; - home = "/home/git"; - shell = "/home/git/ssh-shell"; - }; - tristand = { - isNormalUser = true; - description = "tristand"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; - hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s.."; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" - ]; - }; - - taq = { - isNormalUser = true; - description = "taq"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; - hashedPassword = "$6$rkCVbHd2sV36Y38p$e5WTTK58ha7RDDYnfjxAdbzYyNJ2miMD2tkE9.8BHCGyb5vjPNYslClrzYIhxOmujEOllmREXcIgGiUpiMv8Y."; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1" - ]; - }; - }; - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users.tristand = import ../../users/admin-shell.nix { - username = "tristand"; - - inherit pkgs config inputs system lib; - }; - users.git = { - home = { - stateVersion = "23.11"; - username = "git"; - homeDirectory = "/home/git"; - file."ssh-shell" = { - enable = true; - executable = true; - text = '' - #!/bin/sh - shift - ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@" - ''; - }; - }; - }; - }; - - nix.settings.system-features = [ - "benchmark" - "big-parallel" - "kvm" - "nixos-test" - # "gccarch-x86-64-v3" - # "gccarch-znver3" - ]; - boot = { - kernelPackages = pkgs.linuxPackages_latest; - extraModulePackages = [ ]; - kernelParams = [ - # "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none" - "ip=dhcp" - ]; - - supportedFilesystems = [ "bcachefs" ]; - - loader = { - systemd-boot = { - enable = true; - configurationLimit = 16; - }; - efi.canTouchEfiVariables = true; - }; - - initrd = { - availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ]; - kernelModules = [ "igb" ]; - systemd.enable = true; - - network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ - /etc/nixos/ext/ssh/ssh_host_ed25519_key - /etc/nixos/ext/ssh/ssh_host_rsa_key - ]; - authorizedKeys = with lib; - concatLists (mapAttrsToList - (name: user: - if elem "wheel" user.extraGroups - then user.openssh.authorizedKeys.keys - else [ ]) - config.users.users); - }; - # postCommands = '' - # echo 'cryptsetup-askpass' >> /root/.profile - # ''; - }; - }; - }; - - networking = { - hostName = "nixos-he4"; - useDHCP = lib.mkDefault true; - }; - - hardware = { - enableRedistributableFirmware = true; - }; - - services.netdata.config = { - web = { - "bind to" = "0.0.0.0"; - "allow connections from" = "172.*"; - }; - }; - - zramSwap.enable = true; - }; -} diff --git a/systems/nixos-he4/disko.nix b/systems/nixos-he4/disko.nix deleted file mode 100644 index 82c9af3..0000000 --- a/systems/nixos-he4/disko.nix +++ /dev/null @@ -1,375 +0,0 @@ -############################################################################### -# WARNING -# -# This is only a tempalte used on system setup -# due to relatively early bachefs support in disko.nix -# everything was partitioned manually, this conf is here for reference -# but not used in the live system -# -############################################################################### -############################################################################### -# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko systems/nixos-he4/disko.nix -# -# pci-0000:2c:00.0-nvme-1 -> ../../nmve1n1 -> crypted_ssd0 -# pci-0000:2d:00.0-nvme-1 -> ../../nvme0n1 -> crypted_ssd1 -# pci-0000:01:00.0-ata-1 -> ../../sda -> crypted_hdd_0 -# pci-0000:01:00.0-ata-2 -> ../../sdb -> crypted_hdd_1 -# pci-0000:01:00.0-ata-3 -> ../../sdc -> crypted_hdd_2 -# pci-0000:01:00.0-ata-4 -> ../../sdd -> crypted_hdd_3 -# pci-0000:02:00.1-ata-3 -> ../../sde -> crypted_hdd_4 -# pci-0000:02:00.1-ata-4 -> ../../sdf -> crypted_hdd_5 -# pci-0000:25:00.0-ata-1 -> ../../sdg -> crypted_hdd_6 -# pci-0000:25:00.0-ata-2 -> ../../sdh -> crypted_hdd_7 -# pci-0000:25:00.0-ata-3 -> ../../sdi -> crypted_hdd_8 -# pci-0000:25:00.0-ata-4 -> ../../sdj -> crypted_hdd_9 -# -# FORMAT: -# bcachefs format \ -# --label=hdd.hdd0 /dev/mapper/crypted_hdd0 \ -# --label=hdd.hdd1 /dev/mapper/crypted_hdd1 \ -# --label=hdd.hdd2 /dev/mapper/crypted_hdd2 \ -# --label=hdd.hdd3 /dev/mapper/crypted_hdd3 \ -# --label=hdd.hdd4 /dev/mapper/crypted_hdd4 \ -# --label=hdd.hdd5 /dev/mapper/crypted_hdd5 \ -# --label=hdd.hdd6 /dev/mapper/crypted_hdd6 \ -# --label=hdd.hdd7 /dev/mapper/crypted_hdd7 \ -# --label=hdd.hdd8 /dev/mapper/crypted_hdd8 \ -# --label=hdd.hdd9 /dev/mapper/crypted_hdd9 \ -# --label=ssd.ssd0 /dev/mapper/crypted_ssd0 \ -# --label=ssd.ssd1 /dev/mapper/crypted_ssd1 \ -# --replicas=2 \ -# --erasure_code \ -# --background_compression=zstd \ -# --foreground_target=ssd \ -# --promote_target=ssd \ -# --background_target=hdd -# -############################## -############################## -# MOUNT -# -# mount -t bcachefs \ -# /dev/mapper/crypted_ssd0:\ -# /dev/mapper/crypted_ssd1:\ -# /dev/mapper/crypted_hdd0:\ -# /dev/mapper/crypted_hdd1:\ -# /dev/mapper/crypted_hdd2:\ -# /dev/mapper/crypted_hdd3:\ -# /dev/mapper/crypted_hdd4:\ -# /dev/mapper/crypted_hdd5:\ -# /dev/mapper/crypted_hdd6:\ -# /dev/mapper/crypted_hdd7:\ -# /dev/mapper/crypted_hdd8:\ -# /dev/mapper/crypted_hdd9\ -# /mnt -# -############################## -let - cryptOpenArgs = [ - "--allow-discards" - "--perf-same_cpu_crypt" - "--perf-submit_from_crypt_cpus" - "--perf-no_read_workqueue" - "--perf-no_write_workqueue" - ]; -in -{ - # The manual definitions are generated by nixos-generate-config - # the commented out stuff are partitions created by disko - # bcachefs is not handled well by disko so it is handled seperately - - fileSystems."/" = { - device = "UUID=22d3e827-0ac1-4c66-ab88-bcd8b1cfd788"; - fsType = "bcachefs"; - }; - - # fileSystems."/boot" = { - # device = "/dev/disk/by-uuid/2877-9E1D"; - # fsType = "vfat"; - # }; - - #swapDevices = [ - # { device = "/dev/disk/by-uuid/82221e84-072a-4f68-a78b-59eb368f684f"; } - # { device = "/dev/disk/by-uuid/cc0792e2-c67c-44af-af28-6645f6e5dda2"; } - # ]; - - disko.devices = { - disk = { - crypt_ssd0 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:2c:00.0-nvme-1"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "fake_EFI"; - name = "fake_ESP"; - size = "1024M"; - type = "8300"; - }; - luks = { - end = "-96G"; - content = { - type = "luks"; - name = "crypted_ssd0"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - luksSwap = { - end = "-32G"; - content = { - type = "luks"; - name = "crypted_swap0"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - content = { - type = "swap"; - }; - }; - }; - }; - }; - }; - crypt_ssd1 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:2d:00.0-nvme-1"; - content = { - type = "gpt"; - partitions = { - ESP = { - label = "real_EFI"; - name = "ESP"; - size = "1024M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; - }; - }; - luks = { - end = "-96G"; - content = { - type = "luks"; - name = "crypted_ssd1"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - luksSwap = { - end = "-32G"; - content = { - type = "luks"; - name = "crypted_swap1"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key "; - additionalKeyFiles = [ ]; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - }; - }; - }; - }; - crypt_hdd0 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-ata-1"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd0"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd1 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-ata-2"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd1"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd2 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-ata-3"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd2"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd3 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-ata-4"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd3"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd4 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:02:00.1-ata-3"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd4"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd5 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:02:00.1-ata-4"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd5"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd6 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:25:00.0-ata-1"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd6"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd7 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:25:00.0-ata-2"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd7"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd8 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:25:00.0-ata-3"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd8"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - crypt_hdd9 = { - type = "disk"; - device = "/dev/disk/by-path/pci-0000:25:00.0-ata-4"; - content = { - type = "gpt"; - partitions = { - luks = { - end = "-64G"; - content = { - type = "luks"; - name = "crypted_hdd9"; - extraOpenArgs = cryptOpenArgs; - passwordFile = "/tmp/secret.key"; - additionalKeyFiles = [ ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/systems/nixos-karl-kvm-guest/default.nix b/systems/nixos-karl-kvm-guest/default.nix deleted file mode 100644 index 2abb182..0000000 --- a/systems/nixos-karl-kvm-guest/default.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ config -, pkgs -, modulesPath -, lib -, inputs -, system -, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ../../os-mods/common - ../../os-mods/cachix - ../../os-mods/desktop - ../../os-mods/desktop/audio.nix - ../../os-mods/desktop/printing.nix - ../../os-mods/netdata - ../../os-mods/network - ]; - - # Bootloader. - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - }; - - initrd = { - availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; - - environment.systemPackages = with pkgs; [ - netmaker - ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - zramSwap.enable = true; - - networking.hostName = "nixos-karl-kvm-guest"; - - fileSystems."/etc/nixos" = { - device = lib.mkForce "/home/reopen5194/nix"; - fsType = "none"; - options = [ "bind" ]; - }; - - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.login1.suspend" || - action.id == "org.freedesktop.login1.suspend-multiple-sessions" || - action.id == "org.freedesktop.login1.hibernate" || - action.id == "org.freedesktop.login1.hibernate-multiple-sessions") - { - return polkit.Result.NO; - } - }); - ''; - - services.qemuGuest.enable = true; - - services.netdata.configDir = { - "stream.conf" = pkgs.writeText "stream.conf" '' - [8fcb63b3-8361-4339-a010-fc459c2132b0] - enabled = yes - default history = 36000 - default memory mode = dbengine - health enabled by default = auto - allow from = 192.* - ''; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.reopen5194 = { - isNormalUser = true; - description = "reopen5194"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" - ]; - }; - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users.reopen5194 = import ../../users/admin-thin.nix { - username = "reopen5194"; - - inherit pkgs config inputs system lib; - }; - }; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - - # Virtualization - virtualisation.docker = { - enable = true; - package = pkgs.docker; - # rootless = { - # enable = true; - # setSocketVariable = true; - # }; - daemon.settings = { - # fixed-cidr-v6 = "fd00::/80"; - # ipv6 = true; - dns = [ "9.9.9.9" "149.112.112.112" ]; - }; - }; - # allow to bind to priv ports - # boot.kernel.sysctl = { - # "net.ipv4.ip_unprivileged_port_start" = 79; - # }; - - system.stateVersion = "23.05"; # Did you read the comment? -}