Big readme update and more

Updated readme with tons of information. Made kazuki a hercules agent. Fixed secrets ownerships. Started working on a custom installer iso. Changed helix theme.
2023-09-16 21:51:35 +02:00 · 2023-09-16 21:51:35 +02:00 · fb0c1a4451
commit fb0c1a4451
parent ef44ff6943
17 changed files with 164 additions and 39 deletions
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./hercules.nix
+  ];
+}
--- a/hosts/common/hercules.nix
+++ b/hosts/common/hercules.nix
@ -0,0 +1,24 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  options.common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
+
+  config = lib.mkIf config.common.hercules.enable {
+    age.secrets.hercules-token = {
+      file = ../../secrets/hercules-token.age;
+      owner = config.systemd.services.hercules-ci-agent.serviceConfig.User;
+    };
+
+    services.hercules-ci-agent = {
+      enable = true;
+      settings = {
+        clusterJoinTokenPath = config.age.secrets.hercules-token.path;
+        concurrentTasks = lib.mkDefault 4;
+        binaryCachesPath = pkgs.writeText "empty-caches.json" "{}";
+      };
+    };
+  };
+}
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -43,7 +43,9 @@
          inputs.disko.nixosModules.disko
          inputs.mailserver.nixosModules.default
          inputs.home-manager.nixosModules.home-manager
+          inputs.hercules-ci-agent.nixosModules.agent-service
          self.nixosModules.settei
+          ./common
          defaultOptions
          module
        ];
@ -55,5 +57,6 @@
    ./kazuki
    ./hijiri-vm
    # ./legion
+    ./installer
  ];
 }
--- a/hosts/installer/default.nix
+++ b/hosts/installer/default.nix
@ -0,0 +1,15 @@
+{lib, ...}: {
+  configurations.nixos = let
+    mkInstaller = system: ({pkgs, ...}: {
+      nixpkgs = {inherit system;};
+
+      environment.systemPackages = [pkgs.nixos-install-tools];
+
+      # Make nixos-anywhere treat this as a installer iso
+      system.nixos.variant_id = "installer";
+    });
+    systems = ["aarch64-linux" "x86_64-linux"];
+    installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems;
+  in
+    lib.listToAttrs installers;
+}
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@ -24,5 +24,7 @@
      loader.systemd-boot.configurationLimit = 1;
      loader.efi.canTouchEfiVariables = true;
    };
+
+    common.hercules.enable = true;
  };
 }
--- a/hosts/kazuki/vault.nix
+++ b/hosts/kazuki/vault.nix
@ -1,5 +1,8 @@
 {config, ...}: {
-  age.secrets.vault-cert-env.file = ../../secrets/vault-cert-env.age;
+  age.secrets.vault-cert-env = {
+    file = ../../secrets/vault-cert-env.age;
+    owner = config.services.nginx.user;
+  };

  services.vaultwarden = {
    enable = true;
--- a/hosts/legion/default.nix
+++ b/hosts/legion/default.nix
@ -9,6 +9,7 @@ in {
    imports = [
      ./hardware.nix
      # ./disks.nix
+      ./initrd.nix
    ];

    nixpkgs.system = "x86_64-linux";
--- a/hosts/legion/initrd.nix
+++ b/hosts/legion/initrd.nix
@ -0,0 +1,14 @@
+{
+  config,
+  username,
+  ...
+}: {
+  boot.initrd = {
+    availableKernelModules = ["ath10k_pci" "r8169"];
+    network.enable = true;
+    network.ssh = {
+      enable = true;
+      authorizedKeys = config.users.users.${username}.openssh.authorizedKeys.keys;
+    };
+  };
+}