AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove unused machines, some fixes

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-01-26 00:26:40 +03:00
parent 149c9093ab
commit 0f9fd0916d
8 changed files with 69 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
flake.lock generated
View File

@ -130,6 +130,28 @@
"type": "github" "type": "github"
} }
}, },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1668797197,
"narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -174,7 +196,7 @@
"direnv-vscode": { "direnv-vscode": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -266,11 +288,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1648199409,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1", "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -311,6 +333,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-registry": { "flake-registry": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -535,7 +573,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils_2" "utils": "utils_3"
}, },
"locked": { "locked": {
"lastModified": 1670280307, "lastModified": 1670280307,
@ -947,7 +985,7 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -1128,7 +1166,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils_3" "utils": "utils_4"
}, },
"locked": { "locked": {
"lastModified": 1669555118, "lastModified": 1669555118,
@ -1150,8 +1188,9 @@
"base16": "base16", "base16": "base16",
"base16-tokyonight-scheme": "base16-tokyonight-scheme", "base16-tokyonight-scheme": "base16-tokyonight-scheme",
"comma": "comma", "comma": "comma",
"deploy-rs": "deploy-rs",
"direnv-vscode": "direnv-vscode", "direnv-vscode": "direnv-vscode",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-registry": "flake-registry", "flake-registry": "flake-registry",
"flake-utils-plus": "flake-utils-plus_2", "flake-utils-plus": "flake-utils-plus_2",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -1218,7 +1257,7 @@
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-22_05": "nixpkgs-22_05", "nixpkgs-22_05": "nixpkgs-22_05",
"utils": "utils_4" "utils": "utils_5"
}, },
"locked": { "locked": {
"lastModified": 1669807829, "lastModified": 1669807829,
@ -1250,6 +1289,21 @@
} }
}, },
"utils_2": { "utils_2": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -1264,7 +1318,7 @@
"type": "github" "type": "github"
} }
}, },
"utils_3": { "utils_4": {
"locked": { "locked": {
"lastModified": 1656928814, "lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
@ -1279,7 +1333,7 @@
"type": "github" "type": "github"
} }
}, },
"utils_4": { "utils_5": {
"locked": { "locked": {
"lastModified": 1605370193, "lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",

82
machines/Hypervisor-VM/boot.nix
View File

@ -1,82 +0,0 @@
{ config, pkgs, lib, ... }:
let
zfs_arc_max = toString (1 * 1024 * 1024 * 1024);
in {
boot = {
zfs.forceImportAll = lib.mkForce false;
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot/efi";
loader.generationsDir.copyKernels = true;
loader.grub = {
enable = true;
device = "nodev";
version = 2;
efiSupport = true;
enableCryptodisk = true;
zfsSupport = true;
efiInstallAsRemovable = true;
copyKernels = true;
# # extraPrepareConfig = ''
# # '';
};
initrd = {
availableKernelModules = [ "tg3" ]; # for dell-laptop
# postMountCommands = ''
# '';
luks.devices = {
"cryptboot" = {
preLVM = true;
keyFile = "/keyfile0.bin";
allowDiscards = true;
bypassWorkqueues = config.deviceSpecific.isSSD;
fallbackToPassword = true;
# postOpenCommands = "";
# preOpenCommands = "";
};
"cryptroot" = {
preLVM = true;
keyFile = "/keyfile0.bin";
allowDiscards = true;
bypassWorkqueues = config.deviceSpecific.isSSD;
fallbackToPassword = true;
};
};
secrets = {
"keyfile0.bin" = "/etc/secrets/keyfile0.bin";
};
};
kernelPackages = pkgs.linuxPackages_hardened;
kernelModules = [ "tcp_bbr" ];
kernelParams = [
"zfs.zfs_arc_max=${zfs_arc_max}"
"zswap.enabled=0"
"quiet"
"scsi_mod.use_blk_mq=1"
"modeset"
"nofb"
"pti=off"
"spectre_v2=off"
"kvm.ignore_msrs=1"
"rd.systemd.show_status=auto"
"rd.udev.log_priority=3"
];
kernel.sysctl = {
"kernel.sysrq" = false;
"net.core.default_qdisc" = "sch_fq_codel";
"net.ipv4.conf.all.accept_source_route" = false;
"net.ipv4.icmp_ignore_bogus_error_responses" = true;
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_fastopen" = 3;
"net.ipv4.tcp_rfc1337" = true;
"net.ipv4.tcp_syncookies" = true;
"net.ipv6.conf.all.accept_source_route" = false;
# disable ipv6
"net.ipv6.conf.all.disable_ipv6" = true;
"net.ipv6.conf.default.disable_ipv6" = true;
};
kernel.sysctl = {
"vm.swappiness" = if config.deviceSpecific.isSSD then 1 else 10;
};
cleanTmpDir = true;
};
}

131
machines/Hypervisor-VM/default.nix
View File

@ -1,131 +0,0 @@
{ modulesPath, inputs, lib, pkgs, config, options, ... }: {
imports = with inputs.self; [
"${toString modulesPath}/profiles/hardened.nix"
./hardware-configuration.nix
./boot.nix
# ./persistent.nix
nixosRoles.hypervisor
nixosProfiles.direnv
nixosModules.persist
];
fileSystems = {
"/home/alukard/conf" = {
fsType = "virtiofs";
device = "viofs";
options = [
"defaults"
"nofail"
];
};
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 80;
numDevices = 1;
};
# Impermanence
persist = {
enable = true;
cache.clean.enable = true;
state.files = [ "/etc/machine-id" ];
};
fileSystems."/home".neededForBoot = true;
fileSystems."/persistent".neededForBoot = true;
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r rpool/nixos/root@empty
zfs rollback -r rpool/user/home@empty
'';
# build hell
environment.noXlibs = lib.mkForce false;
# minimal profile
documentation.nixos.enable = lib.mkForce false;
programs.command-not-found.enable = lib.mkForce false;
xdg.autostart.enable = lib.mkForce false;
xdg.icons.enable = lib.mkForce false;
xdg.mime.enable = lib.mkForce false;
xdg.sounds.enable = lib.mkForce false;
services.udisks2.enable = lib.mkForce false;
# security.polkit.enable = true;
deviceSpecific.devInfo = {
cpu = {
vendor = "intel";
clock = 2300;
cores = 4;
};
drive = {
type = "ssd";
speed = 500;
size = 500;
};
gpu = {
vendor = "other";
};
bigScreen = false;
ram = 12;
fileSystem = "zfs";
};
deviceSpecific.enableVirtualisation = true;
deviceSpecific.wireguard.enable = false;
deviceSpecific.isServer = true;
services.zfs = {
autoScrub.enable = true;
autoScrub.interval = "daily";
trim.enable = true;
trim.interval = "weekly";
};
# hardened
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [];
networking.firewall.allowedUDPPorts = [];
systemd.coredump.enable = false;
programs.firejail.enable = true;
# scudo memalloc is unstable
# environment.memoryAllocator.provider = "libc";
# environment.memoryAllocator.provider = "graphene-hardened";
networking.wireless.enable = false;
networking.networkmanager.enable = false;
networking.hostName = config.device;
services.timesyncd.enable = false;
services.openntpd.enable = true;
networking.timeServers = [
"0.ru.pool.ntp.org"
"1.ru.pool.ntp.org"
"2.ru.pool.ntp.org"
"3.ru.pool.ntp.org"
"0.europe.pool.ntp.org"
"1.europe.pool.ntp.org"
"2.europe.pool.ntp.org"
"3.europe.pool.ntp.org"
] ++ options.networking.timeServers.default;
# virtualisation
virtualisation.oci-containers.backend = lib.mkForce "podman";
virtualisation.docker.enable = lib.mkForce false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
fonts.enableDefaultFonts = lib.mkForce false;
fonts.fonts = [ (pkgs.nerdfonts.override { fonts = [ "FiraCode" "VictorMono" ]; }) ];
home-manager.users.${config.mainuser} = {
home.packages = with pkgs; [ bat podman-compose ];
xdg.mime.enable = false;
home.stateVersion = "22.11";
};
system.stateVersion = "22.11";
}

98
machines/Hypervisor-VM/hardware-configuration.nix
View File

@ -1,98 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/nixos/root";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/home" =
{ device = "rpool/user/home";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/persistent" =
{ device = "rpool/persistent/impermanence";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/srv" =
{ device = "rpool/persistent/servers";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/etc/secrets" =
{ device = "rpool/persistent/secrets";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/nix" =
{ device = "rpool/persistent/nix";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/var/log" =
{ device = "rpool/persistent/log";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/var/lib/docker" =
{ device = "rpool/persistent/docker";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/media/bittorrent" =
{ device = "rpool/persistent/bittorrent";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/media/libvirt" =
{ device = "rpool/persistent/libvirt";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/boot" =
{ device = "bpool/nixos/boot";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/AFFE-0DF3";
fsType = "vfat";
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/7e8f2ee1-0f2e-4b77-9c4d-916804573ef7";
randomEncryption.enable = true;
randomEncryption.allowDiscards = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking.hostId = "41d97526";
boot.zfs.devNodes = "/dev/disk/by-id";
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices."cryptboot".device = "/dev/disk/by-partuuid/7df4b6a7-13a1-4600-806e-34d3aa1bfd93";
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-partuuid/4c8631b2-c925-49ea-8861-84e3071e0557";
}

1
machines/Hypervisor-VM/system
View File

@ -1 +0,0 @@
x86_64-linux

3
machines/Wayland-VM/default.nix
View File

@ -1,4 +1,4 @@
{ modulesPath, inputs, lib, pkgs, ... }: { { modulesPath, inputs, lib, pkgs, config, ... }: {
imports = [ imports = [
# ./hardware-configuration.nix # ./hardware-configuration.nix
"${toString modulesPath}/profiles/qemu-guest.nix" "${toString modulesPath}/profiles/qemu-guest.nix"
@ -10,6 +10,7 @@
options = { options = {
device = lib.mkOption { type = lib.types.str; }; device = lib.mkOption { type = lib.types.str; };
mainuser = lib.mkOption { type = lib.types.str; };
}; };
config = { config = {

2
profiles/applications/steam.nix
View File

@ -27,7 +27,7 @@
# Type = "oneshot"; # Type = "oneshot";
# }; # };
# Unit = rec { # Unit = rec {
# # After = if config.deviceSpecific.wireguard.enable then [ # # After = if config.deviceSpecific.vpn.mullvad.enable then [
# # "mullvad-daemon.service" # # "mullvad-daemon.service"
# # ] else [ # # ] else [
# # "network-online.target" # # "network-online.target"

1
profiles/workspace/zsh/default.nix
View File

@ -73,6 +73,7 @@
"atree" = "${pkgs.exa}/bin/exa -aT"; "atree" = "${pkgs.exa}/bin/exa -aT";
"latree" = "${pkgs.exa}/bin/exa -lahgFT@ --git"; "latree" = "${pkgs.exa}/bin/exa -lahgFT@ --git";
# "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}"; # "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
"t" = "${pkgs.translate-shell}/bin/trans";
}; };
initExtra = '' initExtra = ''
rga-fzf() { rga-fzf() {