chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Manage remote systems

Browse source
This commit is contained in:
Charlotte Van Petegem 2020-11-26 22:43:02 +01:00
parent c93bae39fa
commit f211bd408b
No known key found for this signature in database
GPG key ID: 019E764B7184435A
8 changed files with 239 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -46,6 +46,8 @@
nixosConfigurations = {
kharbranth = mkSystem "x86_64-linux" "kharbranth";
kholinar = mkSystem "x86_64-linux" "kholinar";
lasting-integrity = mkSystem "x86_64-linux" "lasting-integrity";
urithiru = mkSystem "x86_64-linux" "urithiru";
};
};
}

54
machines/lasting-integrity/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
imports = [
./hardware.nix
./secret.nix
];
boot.loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI";
};
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "lasting-integrity";
hostId = "b352adfe";
useDHCP = false;
interfaces = {
eno1.useDHCP = false;
eno2.useDHCP = false;
eno3.useDHCP = false;
eno4.useDHCP = false;
};
};
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.charlotte = {
isNormalUser = true;
extraGroups = [ "wheel" "systemd-journal" ];
};
};
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
system.stateVersion = "20.09";
}

62
machines/lasting-integrity/hardware.nix Normal file
View file

@ -0,0 +1,62 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
kernelModules = [ ];
postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/local/root@blank
'';
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};
fileSystems = {
"/" = {
device = "zroot/local/root";
fsType = "zfs";
};
"/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
};
"/nix/store" = {
device = "zroot/local/nix-store";
fsType = "zfs";
};
"/data" = {
device = "zroot/safe/data";
fsType = "zfs";
};
"/cache" = {
device = "zroot/safe/cache";
fsType = "zfs";
};
"/srv/data" = {
device = "zdata/data";
fsType = "zfs";
};
"/boot/ESP0" = {
device = "/dev/disk/by-uuid/BC0C-3065";
fsType = "vfat";
};
"/boot/ESP1" = {
device = "/dev/disk/by-uuid/BC67-2D0D";
fsType = "vfat";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; }
{ device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; }
{ device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; }
{ device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

BIN
machines/lasting-integrity/secret.nix Normal file
View file

Binary file not shown.

54
machines/urithiru/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
imports = [
./hardware.nix
./secret.nix
];
boot.loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/EFI";
};
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "urithiru";
hostId = "079e60ba";
useDHCP = false;
interfaces = {
eno1.useDHCP = false;
eno2.useDHCP = false;
eno3.useDHCP = false;
eno4.useDHCP = false;
};
};
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
users.charlotte = {
isNormalUser = true;
extraGroups = [ "wheel" "systemd-journal" ];
};
};
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
system.stateVersion = "20.09";
}

62
machines/urithiru/hardware.nix Normal file
View file

@ -0,0 +1,62 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
kernelModules = [ ];
postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/local/root@blank
'';
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};
fileSystems = {
"/" = {
device = "zroot/local/root";
fsType = "zfs";
};
"/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
};
"/nix/store" = {
device = "zroot/local/nix-store";
fsType = "zfs";
};
"/data" = {
device = "zroot/safe/data";
fsType = "zfs";
};
"/cache" = {
device = "zroot/safe/cache";
fsType = "zfs";
};
"/srv/data" = {
device = "zdata/data";
fsType = "zfs";
};
"/boot/ESP0" = {
device = "/dev/disk/by-uuid/6ED1-0638";
fsType = "vfat";
};
"/boot/ESP1" = {
device = "/dev/disk/by-uuid/6F25-C8B8";
fsType = "vfat";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; }
{ device = "/dev/disk/by-uuid/e0c10fec-cef8-43ac-8a41-905c9d50609f"; }
{ device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; }
{ device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

BIN
machines/urithiru/secret.nix Normal file
View file

Binary file not shown.

5
remote.sh Executable file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
nixos-rebuild --flake .#$1 --target-host root@$1 --build-host localhost $2