From 9207580a39670e2c16d3d97770837bad0e8ac6a1 Mon Sep 17 00:00:00 2001 From: Gabriel DORIATH DOHLER Date: Wed, 28 Jul 2021 23:12:58 +0200 Subject: [PATCH] Add remote-builder-01 --- machines/remote-builder-01/configuration.nix | 84 +++++++++++++++++++ .../hardware-configuration.nix | 35 ++++++++ machines/remote-builder-01/programs.nix | 24 ++++++ machines/remote-builder-01/pubkeys/gdd.keys | 2 + .../pubkeys/hackens-milieu.keys | 1 + machines/remote-builder-01/pubkeys/raito.keys | 4 + machines/remote-builder-01/system.nix | 28 +++++++ machines/remote-builder-01/vim.nix | 31 +++++++ 8 files changed, 209 insertions(+) create mode 100644 machines/remote-builder-01/configuration.nix create mode 100644 machines/remote-builder-01/hardware-configuration.nix create mode 100644 machines/remote-builder-01/programs.nix create mode 100644 machines/remote-builder-01/pubkeys/gdd.keys create mode 100644 machines/remote-builder-01/pubkeys/hackens-milieu.keys create mode 100644 machines/remote-builder-01/pubkeys/raito.keys create mode 100644 machines/remote-builder-01/system.nix create mode 100644 machines/remote-builder-01/vim.nix diff --git a/machines/remote-builder-01/configuration.nix b/machines/remote-builder-01/configuration.nix new file mode 100644 index 0000000..199ae19 --- /dev/null +++ b/machines/remote-builder-01/configuration.nix @@ -0,0 +1,84 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./programs.nix + ./system.nix + # TODO monitoring + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.supportedFilesystems = [ "zfs" ]; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostName = "remote-builder-01"; + networking.hostId = "11894198"; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.ens18.useDHCP = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + services.zfs.autoScrub.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ./pubkeys/gdd.keys + ./pubkeys/raito.keys + ./pubkeys/hackens-milieu.keys + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + +} + diff --git a/machines/remote-builder-01/hardware-configuration.nix b/machines/remote-builder-01/hardware-configuration.nix new file mode 100644 index 0000000..f80b2c7 --- /dev/null +++ b/machines/remote-builder-01/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3341-A3B9"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1f624fe3-1fc5-44f4-9529-812558ffba42"; } + ]; + +} diff --git a/machines/remote-builder-01/programs.nix b/machines/remote-builder-01/programs.nix new file mode 100644 index 0000000..e7e4afc --- /dev/null +++ b/machines/remote-builder-01/programs.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +let pkgsList = with pkgs; [ + nix-prefetch-git + dnsutils + + unzip + zip + ripgrep + + niv + nixfmt + ]; +in +{ + imports = [ + ./vim.nix + ]; + programs = { + tmux.enable = true; + mosh.enable = true; + }; + + environment.systemPackages = pkgsList; +} diff --git a/machines/remote-builder-01/pubkeys/gdd.keys b/machines/remote-builder-01/pubkeys/gdd.keys new file mode 100644 index 0000000..b5d4e40 --- /dev/null +++ b/machines/remote-builder-01/pubkeys/gdd.keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ diff --git a/machines/remote-builder-01/pubkeys/hackens-milieu.keys b/machines/remote-builder-01/pubkeys/hackens-milieu.keys new file mode 100644 index 0000000..c79c039 --- /dev/null +++ b/machines/remote-builder-01/pubkeys/hackens-milieu.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3+w4+nyJG8lr2mh0S9Zf8j2/6H5smlO87s6KNLlhkF hackens@hackens-milieu diff --git a/machines/remote-builder-01/pubkeys/raito.keys b/machines/remote-builder-01/pubkeys/raito.keys new file mode 100644 index 0000000..0f48a59 --- /dev/null +++ b/machines/remote-builder-01/pubkeys/raito.keys @@ -0,0 +1,4 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKIIcqryU28FkV+UpiTnGCOfwKO5jFhkdvU7a7Ew2KoZ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLf6B8VV//BhOWihYK8Zy1CJ3sg4w2bP0aBO0VPs4hS +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr diff --git a/machines/remote-builder-01/system.nix b/machines/remote-builder-01/system.nix new file mode 100644 index 0000000..f2c68d1 --- /dev/null +++ b/machines/remote-builder-01/system.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: +{ + # # Auto upgrades + # system.autoUpgrade = { + # enable = false; # TODO(Ryan): do not enable, it will break deployments. + # allowReboot = false; + # }; + + # Auto GC and store optimizations + nix = { + trustedUsers = [ "root" "gab" ]; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 90d"; + }; + optimise.automatic = true; + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; + + services.locate = { + enable = true; + interval = "04:05"; + }; +} diff --git a/machines/remote-builder-01/vim.nix b/machines/remote-builder-01/vim.nix new file mode 100644 index 0000000..bed8752 --- /dev/null +++ b/machines/remote-builder-01/vim.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: +{ + environment.variables = { EDITOR = "vim"; }; + + environment.systemPackages = with pkgs; [ + nixfmt + git + (neovim.override { + vimAlias = true; + configure = { + packages.myPlugins = with pkgs.vimPlugins; { + start = [ vim-lastplace vim-nix ]; + opt = []; + }; + customRC = '' + set encoding=utf-8 + set wildmenu + + set nocompatible + set backspace=indent,eol,start + set cursorline + hi CursorLine term=bold cterm=bold ctermbg=darkgrey + set number + set relativenumber + set tabstop=4 + set expandtab + ''; + }; + } + )]; +}