Refactored modules, updated flake, added ci effects, and more.

Settei modules now should be reusable by others. Started migrating legion (home server) over to the new config. Added initial setup for hercules-ci. Updated all flake inputs.
2023-09-16 17:18:17 +02:00 · 2023-09-16 17:18:17 +02:00 · ef44ff6943
commit ef44ff6943
parent ee7223ca36
15 changed files with 466 additions and 169 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -7,50 +7,53 @@
 }: {
  builders = {
    nixos = name: module: let
-      combinedInputs = inputs // {settei = self;};
-      baseOptions = {
-        settei.flake-qol = {
-          enable = true;
-          inputs = combinedInputs;
-        };
-      };
-      base = inputs.nixpkgs.lib.nixosSystem {
-        modules = [
-          inputs.agenix.nixosModules.age
-          inputs.disko.nixosModules.disko
-          inputs.mailserver.nixosModules.default
-          self.nixosModules.settei
-          baseOptions
-        ];
-      };
      defaultOptions = {
        username,
        inputs',
        lib,
        ...
      }: {
+        _file = ./default.nix;
+
        settei = {
          username = lib.mkDefault "niko";
-          sane-defaults.enable = lib.mkDefault true;
+          sane-defaults = {
+            enable = lib.mkDefault true;
+            allSshKeys = config.assets.sshKeys.user;
+          };
+          flake-qol = {
+            enable = true;
+            inputs = inputs // {settei = self;};
+          };
+          user = {
+            enable = true;
+            config = {
+              home.packages = lib.attrValues inputs'.settei.packages;
+            };
+          };
        };

-        users.users.${username}.packages = lib.attrValues inputs'.settei.packages;
+        time.timeZone = lib.mkDefault "Europe/Warsaw";
+        i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
      };
    in
-      base.extendModules {
+      inputs.nixpkgs.lib.nixosSystem {
        modules = [
+          inputs.agenix.nixosModules.age
+          inputs.disko.nixosModules.disko
+          inputs.mailserver.nixosModules.default
+          inputs.home-manager.nixosModules.home-manager
+          self.nixosModules.settei
          defaultOptions
          module
        ];
-        specialArgs = {
-          prev = base;
-          configurationName = name;
-        };
+        specialArgs.configurationName = name;
      };
  };

  imports = [
    ./kazuki
    ./hijiri-vm
+    # ./legion
  ];
 }
--- a/hosts/hijiri-vm/default.nix
+++ b/hosts/hijiri-vm/default.nix
@ -10,23 +10,17 @@
    username,
    ...
  }: {
-    _file = ./default.nix;
-
    imports = [
      "${modulesPath}/profiles/qemu-guest.nix"
      ./disks.nix
    ];
-    boot = {
-      supportedFilesystems = ["btrfs"];
-      loader.systemd-boot.enable = true;
-      loader.systemd-boot.configurationLimit = 1;
-      loader.efi.canTouchEfiVariables = true;
-    };

    nixpkgs.system = "aarch64-linux";

-    users.users.${username} = {
-      openssh.authorizedKeys.keys = lib.attrValues config.assets.sshKeys.user;
+    boot = {
+      loader.systemd-boot.enable = true;
+      loader.systemd-boot.configurationLimit = 1;
+      loader.efi.canTouchEfiVariables = true;
    };

    networking.domain = "hijiri";
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@ -6,7 +6,6 @@
  configurations.nixos.kazuki = {
    modulesPath,
    lib,
-    username,
    ...
  }: {
    imports = [
@ -20,10 +19,7 @@

    nixpkgs.system = "aarch64-linux";

-    users.users.${username}.openssh.authorizedKeys.keys = lib.attrValues config.assets.sshKeys.user;
-
    boot = {
-      supportedFilesystems = ["btrfs"];
      loader.systemd-boot.enable = true;
      loader.systemd-boot.configurationLimit = 1;
      loader.efi.canTouchEfiVariables = true;
--- a/hosts/legion/default.nix
+++ b/hosts/legion/default.nix
@ -0,0 +1,36 @@
+{config, ...}: let
+  inherit (config.assets) sshKeys;
+in {
+  configurations.nixos.legion = {
+    config,
+    lib,
+    ...
+  }: {
+    imports = [
+      ./hardware.nix
+      # ./disks.nix
+    ];
+
+    nixpkgs.system = "x86_64-linux";
+
+    specialisation = {
+      nas.configuration = ./nas;
+    };
+
+    boot = {
+      kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+      loader.systemd-boot.enable = true;
+      loader.efi.canTouchEfiVariables = true;
+    };
+
+    networking = {
+      hostName = "legion";
+      hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
+      networkmanager.enable = true;
+      useDHCP = true;
+      firewall.trustedInterfaces = ["tailscale0"];
+    };
+
+    powerManagement.cpuFreqGovernor = "performance";
+  };
+}
--- a/hosts/legion/disks.nix
+++ b/hosts/legion/disks.nix
@ -0,0 +1,10 @@
+args: let
+  bootDevice = args.bootDevice or "/dev/nvme0n1";
+in {
+  assertions = [
+    {
+      assertion = false;
+      message = "Disko config TODO";
+    }
+  ];
+}
--- a/hosts/legion/hardware.nix
+++ b/hosts/legion/hardware.nix
@ -0,0 +1,58 @@
+{...}: {
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"];
+  boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call];
+  boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"];
+  boot.blacklistedKernelModules = ["nouveau"];
+
+  hardware = {
+    enableAllFirmware = true;
+    cpu.intel.updateMicrocode = true;
+  };
+
+  services.smartd.enable = true;
+
+  # TODO: Move to disko only
+  # TODO: Actually set up impermanence
+  boot.supportedFilesystems = ["btrfs"];
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/LINUX";
+    fsType = "btrfs";
+    options = ["subvol=root" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-label/LINUX";
+    fsType = "btrfs";
+    options = ["subvol=home" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/LINUX";
+    fsType = "btrfs";
+    options = ["subvol=nix" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-label/LINUX";
+    fsType = "btrfs";
+    options = ["subvol=persist" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/disk/by-label/LINUX";
+    fsType = "btrfs";
+    options = ["subvol=log" "compress=zstd" "noatime"];
+    neededForBoot = true;
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/BOOT";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-label/SWAP";}
+  ];
+}
--- a/hosts/legion/nas/default.nix
+++ b/hosts/legion/nas/default.nix
@ -0,0 +1,33 @@
+{
+  pkgs,
+  username,
+  ...
+}: {
+  imports = [
+    ./media.nix
+  ];
+
+  boot.supportedFilesystems = ["zfs"];
+
+  boot.zfs.extraPools = ["yottapool"];
+  services.zfs = {
+    autoScrub.enable = true;
+    zed.settings = {
+      ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+      ZED_EMAIL_ADDR = [username];
+      ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+      ZED_EMAIL_OPTS = "@ADDRESS@";
+
+      ZED_NOTIFY_INTERVAL_SECS = 3600;
+      ZED_NOTIFY_VERBOSE = true;
+
+      ZED_USE_ENCLOSURE_LEDS = true;
+      ZED_SCRUB_AFTER_RESILVER = true;
+    };
+  };
+
+  fileSystems."/nix-cache" = {
+    device = "/dev/disk/by-label/CACHE";
+    fsType = "ext4";
+  };
+}
--- a/hosts/legion/nas/media.nix
+++ b/hosts/legion/nas/media.nix
@ -0,0 +1,18 @@
+{
+  services.jellyfin.enable = true;
+  services.radarr.enable = true;
+  services.sonarr.enable = true;
+  services.prowlarr.enable = true;
+  services.deluge = {
+    enable = true;
+    web.enable = true;
+    config.download_location = "/media/deluge";
+  };
+
+  users.users = {
+    jellyfin.extraGroups = ["radarr" "sonarr"];
+    radarr.extraGroups = ["deluge"];
+    sonarr.extraGroups = ["deluge"];
+    niko.extraGroups = ["deluge"];
+  };
+}