lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

chore: moved all config out of hive.nix and full nixfmt

Browse source
This commit is contained in:
catvayor 2024-10-27 10:47:35 +01:00
parent bc23fda1c2
commit 7f5761a250
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
18 changed files with 366 additions and 352 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

204
hive.nix
View file

@ -3,6 +3,11 @@ let
users = import ./users; users = import ./users;
sources = import ./npins; sources = import ./npins;
mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc; mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc;
lib =
(import (mkNixpkgsSrc {
src = sources.nixpkgs;
version = "unstable";
}) { }).lib;
in in
{ {
meta = { meta = {
@ -20,204 +25,15 @@ in
}; };
defaults = defaults =
{ {
nodes,
name, name,
pkgs,
lib,
config,
... ...
}: }:
{ {
imports = [ imports = [ ./kat ];
./kat
];
networking.hostName = name; networking.hostName = name;
}; };
kat-probook =
{ users, ... }:
{
deployment.allowLocalDeployment = true;
imports = [
./machines/kat-probook
users.catvayor
];
nix.settings.trusted-users = [
"root"
"@wheel"
];
};
kat-manah =
{ users, ... }:
{
deployment.targetHost = "manah.kat";
services.openssh.enable = true;
kat.fqdn = "manah.katvayor.net";
imports = [
./machines/kat-manah
];
};
kat-watcher =
{ users, ... }:
{
deployment.targetHost = "watcher.kat";
services.openssh.enable = true;
kat.fqdn = "watcher.katvayor.net";
imports = [
./machines/kat-watcher
];
};
kat-virt =
{ ssh-keys, ... }:
{
deployment = {
targetHost = "virt.kat";
tags = [ "kat-vms" ];
};
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "degette.katvayor.net";
imports = [
./machines/kat-virt
];
users.users.root.openssh.authorizedKeys.keys = with ssh-keys; sylvain ++ gaby;
};
kat-mail-test =
{ ssh-keys, ... }:
{
deployment = {
targetHost = "mail-test.kat";
tags = [ "kat-vms" ];
};
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "betamail.katvayor.net";
imports = [
./machines/kat-mail-test
];
users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
};
kat-son =
{ users, ... }:
{
deployment = {
targetHost = "son.kat";
tags = [ "kat-vms" ];
};
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "son.katvayor.net";
imports = [
./machines/kat-son
];
};
kat-orchid =
{ users, ... }:
{
deployment = {
targetHost = "orchid.kat";
tags = [ "kat-vms" ];
};
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "orchid.katvayor.net";
imports = [
./machines/kat-orchid
];
};
kat-iso =
{
users,
pkgs,
modulesPath,
lib,
...
}:
{
deployment = {
allowLocalDeployment = false;
targetHost = null;
};
imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix")
];
networking = {
networkmanager.enable = true;
wireless.enable = false;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
perl
git
];
programs.zsh.enable = true;
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
boot.kernelParams = [ "console=ttyS0" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
services.getty.autologinUser = lib.mkForce "root";
system.stateVersion = lib.mkForce "24.11";
};
kat-kexec =
{
users,
pkgs,
modulesPath,
lib,
...
}:
{
deployment = {
allowLocalDeployment = false;
targetHost = null;
};
imports = [
("${sources.nixos-images}/nix/kexec-installer/module.nix")
];
networking = {
networkmanager.enable = false;
wireless.enable = false;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
perl
git
];
programs.zsh.enable = true;
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
services.getty.autologinUser = lib.mkForce "root";
system.stateVersion = lib.mkForce "24.11";
};
} }
// lib.mapAttrs' (name: _: {
name = lib.removeSuffix ".nix" name;
value = import ./machines/${name};
}) (builtins.readDir ./machines)

23
kat/users/default.nix
View file

@ -5,13 +5,18 @@ let
in in
{ {
imports = [ (import ./zsh.nix).system ]; imports = [ (import ./zsh.nix).system ];
home-manager.sharedModules = [{ home-manager.sharedModules = [
imports = [ zsh.user ./neovim ]; {
# options.kat = { imports = [
# ssh = mkEnableOption "ssh configuration"; zsh.user
# }; ./neovim
config = { ];
home.stateVersion = config.system.stateVersion; # options.kat = {
}; # ssh = mkEnableOption "ssh configuration";
}]; # };
config = {
home.stateVersion = config.system.stateVersion;
};
}
];
} }

44
machines/kat-iso.nix Normal file
View file

@ -0,0 +1,44 @@
{
pkgs,
modulesPath,
lib,
...
}:
{
deployment = {
allowLocalDeployment = false;
targetHost = null;
};
imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix")
];
boot = {
supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
kernelParams = [ "console=ttyS0" ];
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
};
networking = {
networkmanager.enable = true;
wireless.enable = false;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
perl
git
];
programs.zsh.enable = true;
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = lib.mkForce "root";
};
system.stateVersion = lib.mkForce "24.11";
}

45
machines/kat-kexec.nix Normal file
View file

@ -0,0 +1,45 @@
{
pkgs,
modulesPath,
lib,
sources,
...
}:
{
deployment = {
allowLocalDeployment = false;
targetHost = null;
};
imports = [
("${sources.nixos-images}/nix/kexec-installer/module.nix")
];
boot = {
kernelParams = [ "console=ttyS0" ];
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
};
networking = {
networkmanager.enable = false;
wireless.enable = false;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
perl
git
];
programs.zsh.enable = true;
services = {
openssh.enable = true;
qemuGuest.enable = true;
getty.autologinUser = lib.mkForce "root";
};
system.stateVersion = lib.mkForce "24.11";
}

76
machines/kat-mail-test/default.nix
View file

@ -4,12 +4,17 @@
pkgs, pkgs,
nodes, nodes,
sources, sources,
ssh-keys,
... ...
}: }:
let let
host = "catvayor.sh"; host = "catvayor.sh";
in in
{ {
deployment = {
targetHost = "mail-test.kat";
tags = [ "kat-vms" ];
};
imports = [ imports = [
"${sources.nixos-mailserver}" "${sources.nixos-mailserver}"
./hardware-configuration.nix ./hardware-configuration.nix
@ -17,26 +22,34 @@ in
./modo.nix ./modo.nix
]; ];
kat.proxies = { users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ]; kat = {
open-tcp = [ fqdn = "betamail.katvayor.net";
{ wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
internal = 22; proxies = {
external = 22002; ip = "192.168.122.3";
} aliases = [ "catvayor.sh" ];
25 open-tcp = [
465 {
993 internal = 22;
]; external = 22002;
}
25
465
993
];
};
}; };
boot.loader = { boot = {
systemd-boot.enable = true; loader = {
efi.canTouchEfiVariables = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
}; };
kat.wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
systemd.network = { systemd.network = {
networks = { networks = {
"10-enp1s0" = { "10-enp1s0" = {
@ -87,25 +100,28 @@ in
}; };
}; };
networking.useDHCP = false; networking = {
useDHCP = false;
services.openssh.enable = true; firewall.enable = false;
};
networking.firewall.enable = false;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
}; };
services.nginx = { services = {
enable = true; openssh.enable = true;
virtualHosts."catvayor.sh".enableACME = true; qemuGuest.enable = true;
virtualHosts."betamail.katvayor.net" = { nginx = {
enableACME = true; enable = true;
addSSL = true; virtualHosts."catvayor.sh".enableACME = true;
locations."/" = { virtualHosts."betamail.katvayor.net" = {
recommendedProxySettings = true; enableACME = true;
proxyPass = "http://localhost:8000/"; addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
}; };
}; };
}; };

5
machines/kat-mail-test/disks.nix
View file

@ -22,7 +22,10 @@
type = "filesystem"; type = "filesystem";
format = "bcachefs"; format = "bcachefs";
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "fsck" "fix_errors" ]; mountOptions = [
"fsck"
"fix_errors"
];
}; };
}; };
}; };

45
machines/kat-manah/default.nix
View file

@ -6,6 +6,8 @@
... ...
}: }:
{ {
deployment.targetHost = "manah.kat";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -22,7 +24,24 @@
]; ];
}; };
kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; kat = {
fqdn = "manah.katvayor.net";
proxies = {
ip = "10.42.0.1";
open-tcp = [
9000
9500
];
redirects = [
"kat-orchid"
"kat-son"
"kat-virt"
"kat-mail-test"
];
};
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
};
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
@ -60,8 +79,6 @@
tcpdump tcpdump
]; ];
services.openssh.enable = true;
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
@ -69,23 +86,13 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
}; };
kat.proxies = {
ip = "10.42.0.1";
open-tcp = [
9000
9500
];
redirects = [
"kat-orchid"
"kat-son"
"kat-virt"
"kat-mail-test"
];
};
services.weechat = { services = {
enable = true; openssh.enable = true;
binary = "${pkgs.weechat}/bin/weechat-headless"; weechat = {
enable = true;
binary = "${pkgs.weechat}/bin/weechat-headless";
};
}; };
networking.firewall = { networking.firewall = {

10
machines/kat-manah/hardware-configuration.nix
View file

@ -26,7 +26,10 @@
fileSystems."/" = { fileSystems."/" = {
device = "UUID=2d6f7d3a-936d-457c-86c7-f49d816ff5b7"; device = "UUID=2d6f7d3a-936d-457c-86c7-f49d816ff5b7";
fsType = "bcachefs"; fsType = "bcachefs";
options = [ "fsck" "fix_errors" ]; options = [
"fsck"
"fix_errors"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
@ -37,7 +40,10 @@
fileSystems."/.ssd" = { fileSystems."/.ssd" = {
device = "UUID=b4fc22f8-aecd-4cde-b77d-79825fae65eb"; device = "UUID=b4fc22f8-aecd-4cde-b77d-79825fae65eb";
fsType = "bcachefs"; fsType = "bcachefs";
options = [ "fsck" "fix_errors" ]; options = [
"fsck"
"fix_errors"
];
neededForBoot = true; neededForBoot = true;
}; };

105
machines/kat-orchid/default.nix
View file

@ -9,33 +9,47 @@
... ...
}: }:
{ {
deployment = {
targetHost = "orchid.kat";
tags = [ "kat-vms" ];
};
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disks.nix ./disks.nix
]; ];
boot.loader = { boot = {
systemd-boot.enable = true; loader = {
efi.canTouchEfiVariables = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
}; };
kat.proxies = { kat = {
ip = "192.168.122.6"; fqdn = "orchid.katvayor.net";
aliases = [ proxies = {
"simply-wise.fr" ip = "192.168.122.6";
"www.simply-wise.fr" aliases = [
]; "simply-wise.fr"
open-tcp = [ "www.simply-wise.fr"
{ ];
internal = 22; open-tcp = [
external = 22042; {
} internal = 22;
]; external = 22042;
}
];
};
}; };
systemd.network.enable = lib.mkForce false; systemd.network.enable = lib.mkForce false;
networking = { networking = {
useNetworkd = lib.mkForce false; useNetworkd = lib.mkForce false;
firewall.allowedTCPPorts = [
80
443
];
interfaces."enp1s0" = { interfaces."enp1s0" = {
useDHCP = false; useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
@ -64,13 +78,6 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [
80
443
];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
@ -79,33 +86,37 @@
"www.simply-wise.fr" "www.simply-wise.fr"
]; ];
}; };
services.nginx = { services = {
enable = true; openssh.enable = true;
virtualHosts = { qemuGuest.enable = true;
"orchid.katvayor.net" = { nginx = {
enableACME = true; enable = true;
forceSSL = true; virtualHosts = {
locations = { "orchid.katvayor.net" = {
"/static/".alias = "/srv/orchid/"; enableACME = true;
"/" = { forceSSL = true;
recommendedProxySettings = true; locations = {
proxyPass = "https://192.168.123.2/"; "/static/".alias = "/srv/orchid/";
"/" = {
recommendedProxySettings = true;
proxyPass = "https://192.168.123.2/";
};
}; };
}; };
}; "simply-wise.fr" = {
"simply-wise.fr" = { useACMEHost = "orchid.katvayor.net";
useACMEHost = "orchid.katvayor.net"; forceSSL = true;
forceSSL = true; serverAliases = [ "www.simply-wise.fr" ];
serverAliases = [ "www.simply-wise.fr" ]; locations."/" = {
locations."/" = { root = pkgs.runCommand "building" { } ''
root = pkgs.runCommand "building" { } '' mkdir -p $out
mkdir -p $out ln -nsf ${./building.html} $out/building.html
ln -nsf ${./building.html} $out/building.html '';
''; extraConfig = ''
extraConfig = '' internal;
internal; error_page 404 =503 /building.html;
error_page 404 =503 /building.html; '';
''; };
}; };
}; };
}; };

5
machines/kat-orchid/disks.nix
View file

@ -22,7 +22,10 @@
type = "filesystem"; type = "filesystem";
format = "bcachefs"; format = "bcachefs";
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "fsck" "fix_errors" ]; mountOptions = [
"fsck"
"fix_errors"
];
}; };
}; };
}; };

9
machines/kat-probook/default.nix
View file

@ -5,12 +5,15 @@
mods, mods,
sources, sources,
nodes, nodes,
users,
... ...
}: }:
{ {
deployment.allowLocalDeployment = true;
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
users.catvayor
# ./router.nix # ./router.nix
]; ];
@ -30,6 +33,10 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
nix.settings.trusted-users = [
"root"
"@wheel"
];
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
unmanaged = [ unmanaged = [

37
machines/kat-son/default.nix
View file

@ -5,17 +5,28 @@
... ...
}: }:
{ {
deployment = {
targetHost = "son.kat";
tags = [ "kat-vms" ];
};
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disks.nix ./disks.nix
]; ];
boot.loader = { boot = {
systemd-boot.enable = true; loader = {
efi.canTouchEfiVariables = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelParams = [ "console=ttyS0" ];
}; };
kat.proxies.ip = "192.168.122.5"; kat = {
fqdn = "son.katvayor.net";
proxies.ip = "192.168.122.5";
};
systemd.network.enable = lib.mkForce false; systemd.network.enable = lib.mkForce false;
networking = { networking = {
@ -46,20 +57,22 @@
]; ];
}; };
services.openssh.enable = true;
networking.firewall.enable = false; networking.firewall.enable = false;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
}; };
services.nginx = { services = {
enable = true; openssh.enable = true;
virtualHosts = { qemuGuest.enable = true;
"son.katvayor.net" = { nginx = {
enableACME = true; enable = true;
addSSL = true; virtualHosts = {
"son.katvayor.net" = {
enableACME = true;
addSSL = true;
};
}; };
}; };
}; };

5
machines/kat-son/disks.nix
View file

@ -22,7 +22,10 @@
type = "filesystem"; type = "filesystem";
format = "bcachefs"; format = "bcachefs";
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "fsck" "fix_errors" ]; mountOptions = [
"fsck"
"fix_errors"
];
}; };
}; };
}; };

67
machines/kat-virt/default.nix
View file

@ -2,24 +2,36 @@
config, config,
lib, lib,
pkgs, pkgs,
ssh-keys,
... ...
}: }:
{ {
imports = [ ./hardware-configuration.nix ]; deployment = {
targetHost = "virt.kat";
boot.loader = { tags = [ "kat-vms" ];
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
}; };
kat.proxies = { imports = [ ./hardware-configuration.nix ];
ip = "192.168.122.2";
open-tcp = [ boot = {
{ loader = {
internal = 22; systemd-boot.enable = true;
external = 22000; efi.canTouchEfiVariables = true;
} };
]; kernelParams = [ "console=ttyS0" ];
};
kat = {
fqdn = "degette.katvayor.net";
proxies = {
ip = "192.168.122.2";
open-tcp = [
{
internal = 22;
external = 22000;
}
];
};
}; };
systemd.network.enable = lib.mkForce false; systemd.network.enable = lib.mkForce false;
@ -51,23 +63,28 @@
]; ];
}; };
services.openssh.enable = true; services = {
openssh.enable = true;
qemuGuest.enable = true;
nginx = {
enable = true;
virtualHosts."degette.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
};
users.users.root.openssh.authorizedKeys.keys = with ssh-keys; sylvain ++ gaby;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
}; };
services.nginx = {
enable = true;
virtualHosts."degette.katvayor.net" = {
enableACME = true;
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://localhost:8000/";
};
};
};
networking.firewall.enable = false; networking.firewall.enable = false;

5
machines/kat-virt/hardware-configuration.nix
View file

@ -26,7 +26,10 @@
fileSystems."/" = { fileSystems."/" = {
device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa"; device = "UUID=301a23cf-1aa3-4c53-a174-1a97592da5fa";
fsType = "bcachefs"; fsType = "bcachefs";
options = [ "fsck" "fix_errors" ]; options = [
"fsck"
"fix_errors"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {

21
machines/kat-watcher/default.nix
View file

@ -6,19 +6,27 @@
... ...
}: }:
{ {
deployment.targetHost = "watcher.kat";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disks.nix ./disks.nix
]; ];
boot.loader.grub = { boot = {
enable = true; loader.grub = {
efiSupport = true; enable = true;
efiInstallAsRemovable = true; efiSupport = true;
efiInstallAsRemovable = true;
};
kernel.sysctl."net.ipv4.ip_forward" = true;
}; };
boot.kernel.sysctl."net.ipv4.ip_forward" = true; kat = {
kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
fqdn = "watcher.katvayor.net";
proxies.redirects = [ "kat-manah" ];
};
networking = { networking = {
useDHCP = false; useDHCP = false;
@ -100,7 +108,6 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "root@katvayor.net"; defaults.email = "root@katvayor.net";
}; };
kat.proxies.redirects = [ "kat-manah" ];
environment.systemPackages = with pkgs; [ tcpdump ]; environment.systemPackages = with pkgs; [ tcpdump ];

5
machines/kat-watcher/disks.nix
View file

@ -28,7 +28,10 @@
format = "bcachefs"; format = "bcachefs";
mountpoint = "/"; mountpoint = "/";
extraArgs = [ "--compression=zstd" ]; extraArgs = [ "--compression=zstd" ];
mountOptions = [ "fsck" "fix_errors" ]; mountOptions = [
"fsck"
"fix_errors"
];
}; };
}; };
}; };

7
shell.nix
View file

@ -2,4 +2,9 @@ let
sources = import ./npins; sources = import ./npins;
pkgs = import sources.nixpkgs { }; pkgs = import sources.nixpkgs { };
in in
pkgs.mkShell { packages = with pkgs; [ npins colmena ]; } pkgs.mkShell {
packages = with pkgs; [
npins
colmena
];
}