Migrated legion over. Started migrating hijiri

2023-09-20 09:47:17 +02:00 · 2023-09-20 09:47:17 +02:00 · f79b3d6ff7
commit f79b3d6ff7
parent 31dd42d37d
40 changed files with 397 additions and 228 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -5,35 +5,54 @@
  lib,
  ...
 }: {
-  builders = {
-    nixos = name: module: let
-      defaultOptions = {
-        username,
-        inputs',
-        lib,
-        ...
-      }: {
-        _file = ./default.nix;
+  imports = [
+    ./kazuki
+    ./hijiri-vm
+    ./hijiri
+    ./legion
+    ./installer
+  ];

-        settei = {
-          username = lib.mkDefault "niko";
-          sane-defaults = {
-            enable = lib.mkDefault true;
-            allSshKeys = config.assets.sshKeys.user;
-          };
-          flake-qol = {
-            enable = true;
-            inputs = inputs // {settei = self;};
-          };
-          user = {
-            enable = true;
-            config = {
-              home.packages = lib.attrValues inputs'.settei.packages;
-            };
+  builders = let
+    sharedOptions = {
+      inputs',
+      lib,
+      ...
+    }: {
+      _file = ./default.nix;
+
+      settei = {
+        username = lib.mkDefault "niko";
+        sane-defaults = {
+          enable = lib.mkDefault true;
+          allSshKeys = config.assets.sshKeys.user;
+        };
+        flake-qol = {
+          enable = true;
+          inputs = inputs // {settei = self;};
+        };
+        user = {
+          enable = true;
+          config = {
+            home.packages = let
+              wrappers = lib.attrValues inputs'.settei.packages;
+              extraPkgs = [inputs'.nh.packages.default];
+            in
+              wrappers ++ extraPkgs;
+
+            programs.git.enable = true;
+            home.sessionVariables.EDITOR = "hx";
          };
        };
+      };
+
+      time.timeZone = lib.mkDefault "Europe/Warsaw";
+    };
+  in {
+    nixos = name: module: let
+      defaultOptions = {
+        _file = ./default.nix;

-        time.timeZone = lib.mkDefault "Europe/Warsaw";
        i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
      };
    in
@ -46,17 +65,29 @@
          inputs.hercules-ci-agent.nixosModules.agent-service
          self.nixosModules.settei
          self.nixosModules.common
+          sharedOptions
+          defaultOptions
+          module
+        ];
+        specialArgs.configurationName = name;
+      };
+
+    darwin = name: module: let
+      defaultOptions = {
+        _file = ./default.nix;
+      };
+    in
+      inputs.darwin.lib.darwinSystem {
+        modules = [
+          inputs.agenix.darwinModules.age
+          inputs.home-manager.darwinModules.home-manager
+          inputs.hercules-ci-agent.darwinModules.agent-service
+          self.darwinModules.settei
+          sharedOptions
          defaultOptions
          module
        ];
        specialArgs.configurationName = name;
      };
  };
-
-  imports = [
-    ./kazuki
-    ./hijiri-vm
-    # ./legion
-    ./installer
-  ];
 }
--- a/hosts/hijiri-vm/default.nix
+++ b/hosts/hijiri-vm/default.nix
@ -1,9 +1,4 @@
 {
-  self,
-  inputs,
-  config,
-  ...
-}: {
  configurations.nixos.hijiri-vm = {
    modulesPath,
    lib,
@ -15,7 +10,7 @@
      ./disks.nix
    ];

-    nixpkgs.system = "aarch64-linux";
+    nixpkgs.hostPlatform = "aarch64-linux";

    boot = {
      loader.systemd-boot.enable = true;
--- a/hosts/hijiri/default.nix
+++ b/hosts/hijiri/default.nix
@ -0,0 +1,5 @@
+{
+  configurations.darwin.hijiri = {
+    nixpkgs.hostPlatform = "aarch64-darwin";
+  };
+}
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@ -1,9 +1,6 @@
 {
-  config,
-  self,
-  ...
-}: {
  configurations.nixos.kazuki = {
+    config,
    modulesPath,
    lib,
    ...
@ -17,7 +14,7 @@
      ./vault.nix
    ];

-    nixpkgs.system = "aarch64-linux";
+    nixpkgs.hostPlatform = "aarch64-linux";

    boot = {
      loader.systemd-boot.enable = true;
@ -26,10 +23,5 @@
    };

    common.hercules.enable = true;
-    age.secrets.kazuki-cachix = {
-      file = ../../secrets/kazuki-cachix.age;
-      owner = config.systemd.services.hercules-ci-agent.serviceConfig.User;
-    };
-    services.hercules-ci-agent.settings.binaryCachesPath = config.age.secrets.kazuki-cachix.path;
  };
 }
--- a/hosts/kazuki/mail.nix
+++ b/hosts/kazuki/mail.nix
@ -1,4 +1,5 @@
 {config, ...}: {
+  # nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
  age.secrets = {
    leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
    alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age;
--- a/hosts/legion/default.nix
+++ b/hosts/legion/default.nix
@ -1,18 +1,17 @@
-{config, ...}: let
-  inherit (config.assets) sshKeys;
-in {
+{
  configurations.nixos.legion = {
    config,
    lib,
+    username,
    ...
  }: {
    imports = [
      ./hardware.nix
      # ./disks.nix
-      ./initrd.nix
+      ./msmtp.nix
    ];

-    nixpkgs.system = "x86_64-linux";
+    nixpkgs.hostPlatform = "x86_64-linux";

    specialisation = {
      nas.configuration = ./nas;
@ -28,10 +27,15 @@ in {
      hostName = "legion";
      hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
      networkmanager.enable = true;
-      useDHCP = true;
      firewall.trustedInterfaces = ["tailscale0"];
    };
+    systemd.services.NetworkManager-wait-online.enable = false;

    powerManagement.cpuFreqGovernor = "performance";
+
+    age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
+    users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
+
+    common.hercules.enable = true;
  };
 }
--- a/hosts/legion/disks.nix
+++ b/hosts/legion/disks.nix
@ -1,6 +1,10 @@
-args: let
+args:
+/*
+let
  bootDevice = args.bootDevice or "/dev/nvme0n1";
-in {
+in
+*/
+{
  assertions = [
    {
      assertion = false;
--- a/hosts/legion/hardware.nix
+++ b/hosts/legion/hardware.nix
@ -1,9 +1,11 @@
-{...}: {
+{config, ...}: {
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"];
  boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call];
  boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"];
  boot.blacklistedKernelModules = ["nouveau"];

+  # Needed for enableAllFirmware
+  nixpkgs.config.allowUnfree = true;
  hardware = {
    enableAllFirmware = true;
    cpu.intel.updateMicrocode = true;
--- a/hosts/legion/initrd.nix
+++ b/hosts/legion/initrd.nix
@ -1,14 +0,0 @@
-{
-  config,
-  username,
-  ...
-}: {
-  boot.initrd = {
-    availableKernelModules = ["ath10k_pci" "r8169"];
-    network.enable = true;
-    network.ssh = {
-      enable = true;
-      authorizedKeys = config.users.users.${username}.openssh.authorizedKeys.keys;
-    };
-  };
-}
--- a/hosts/legion/machine-id
+++ b/hosts/legion/machine-id
@ -0,0 +1 @@
+524209a432724c7abaf04398cdd6eecd
--- a/hosts/legion/msmtp.nix
+++ b/hosts/legion/msmtp.nix
@ -0,0 +1,34 @@
+# TODO: Potentially make this a common module?
+{
+  pkgs,
+  config,
+  username,
+  ...
+}: let
+  mail = "alert@nrab.lol";
+  aliases = pkgs.writeText "mail-aliases" ''
+    ${username}: nikodem@rabulinski.com
+    root: ${mail}
+  '';
+in {
+  age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
+
+  programs.msmtp = {
+    enable = true;
+    setSendmail = true;
+    defaults = {
+      inherit aliases;
+      tls = "on";
+      auth = "login";
+      tls_starttls = "off";
+    };
+    accounts = {
+      default = {
+        host = "mail.nrab.lol";
+        passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
+        user = mail;
+        from = mail;
+      };
+    };
+  };
+}
--- a/hosts/legion/nas/default.nix
+++ b/hosts/legion/nas/default.nix
@ -1,5 +1,6 @@
 {
  pkgs,
+  lib,
  username,
  ...
 }: {
@ -7,7 +8,7 @@
    ./media.nix
  ];

-  boot.supportedFilesystems = ["zfs"];
+  boot.supportedFilesystems = ["ext4" "zfs"];

  boot.zfs.extraPools = ["yottapool"];
  services.zfs = {
@ -15,7 +16,7 @@
    zed.settings = {
      ZED_DEBUG_LOG = "/tmp/zed.debug.log";
      ZED_EMAIL_ADDR = [username];
-      ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+      ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
      ZED_EMAIL_OPTS = "@ADDRESS@";

      ZED_NOTIFY_INTERVAL_SECS = 3600;
@ -26,8 +27,8 @@
    };
  };

-  fileSystems."/nix-cache" = {
-    device = "/dev/disk/by-label/CACHE";
+  fileSystems."/bulk" = {
+    device = "/dev/disk/by-label/BULK";
    fsType = "ext4";
  };
 }
--- a/hosts/legion/nas/media.nix
+++ b/hosts/legion/nas/media.nix
@ -1,4 +1,4 @@
-{
+{username, ...}: {
  services.jellyfin.enable = true;
  services.radarr.enable = true;
  services.sonarr.enable = true;
@ -13,6 +13,6 @@
    jellyfin.extraGroups = ["radarr" "sonarr"];
    radarr.extraGroups = ["deluge"];
    sonarr.extraGroups = ["deluge"];
-    niko.extraGroups = ["deluge"];
+    ${username}.extraGroups = ["deluge"];
  };
 }