create configs for Rico0 and Rico2

This commit is contained in:
Adithya 2024-06-29 17:52:32 +05:30
parent 4037e9019b
commit 8fc9b6ac4b
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
31 changed files with 542 additions and 3 deletions

View file

@ -85,6 +85,28 @@
} }
]; ];
}; };
Rico0 =
let
hostname = "Rico0";
system = "aarch64-linux";
username = "adtya";
in
nixpkgs.lib.nixosSystem {
inherit system;
pkgs = packages system;
specialArgs = { inherit inputs username; };
modules = [
{
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
networking.hostName = lib.mkDefault hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
lix-module.nixosModules.default
sops-nix.nixosModules.sops
./common
./hosts/rico0
];
};
Rico1 = Rico1 =
let let
hostname = "Rico1"; hostname = "Rico1";
@ -107,6 +129,28 @@
./hosts/rico1 ./hosts/rico1
]; ];
}; };
Rico2 =
let
hostname = "Rico2";
system = "aarch64-linux";
username = "adtya";
in
nixpkgs.lib.nixosSystem {
inherit system;
pkgs = packages system;
specialArgs = { inherit inputs username; };
modules = [
{
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
networking.hostName = lib.mkDefault hostname;
nixpkgs.hostPlatform = lib.mkDefault system;
}
lix-module.nixosModules.default
sops-nix.nixosModules.sops
./common
./hosts/rico2
];
};
}; };
} }
// flake-utils.lib.eachDefaultSystem (system: // flake-utils.lib.eachDefaultSystem (system:

View file

@ -0,0 +1,5 @@
_: {
virtualisation.oci-containers = {
backend = "podman";
};
}

43
hosts/rico0/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }: {
imports = [
./hardware
./programs
./services
./containers
./network.nix
./security.nix
];
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
time.timeZone = "Asia/Kolkata";
system = {
switch = {
enable = false;
enableNg = true;
};
stateVersion = "23.11";
};
}

View file

@ -0,0 +1,13 @@
_: {
imports = [ ./filesystem.nix ./kernel.nix ];
hardware.enableRedistributableFirmware = true;
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
supportedFilesystems = [ "vfat" "btrfs" "ext4" ];
};
}

View file

@ -0,0 +1,36 @@
_: {
fileSystems = {
"/" = {
device = "/dev/disk/by-partlabel/RICO0_ROOT";
fsType = "btrfs";
options = [ "subvol=@root" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/nix" = {
device = "/dev/disk/by-partlabel/RICO0_ROOT";
fsType = "btrfs";
options = [ "subvol=@nix" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-partlabel/RICO0_ROOT";
fsType = "btrfs";
options = [ "subvol=@persist" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/mnt/system" = {
device = "/dev/disk/by-partlabel/RICO0_ROOT";
fsType = "btrfs";
options = [ "subvol=/" "compress-force=zstd" "noatime" ];
};
"/boot" = {
device = "/dev/disk/by-partlabel/RICO0_BOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
}

View file

@ -0,0 +1,18 @@
{ lib
, pkgs
, ...
}: {
boot = {
consoleLogLevel = 3;
kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4;
kernel.sysctl = {
"vm.swappiness" = 10;
"vm.dirty_ratio" = 3;
};
initrd = {
availableKernelModules = [ "xhci_pci" ];
systemd.enable = true;
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

43
hosts/rico0/network.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, ... }: {
networking = {
nameservers = [
"2620:fe::fe#dns.quad9.net"
"9.9.9.9#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
];
networkmanager = {
enable = true;
dhcp = "dhcpcd";
dns = "systemd-resolved";
wifi = {
backend = "iwd";
powersave = false;
};
};
useDHCP = lib.mkDefault false;
wireless.iwd = {
enable = true;
settings = {
General = {
AddressRandomization = "network";
EnableNetworkConfiguration = false;
};
Settings = {
AutoConnect = "yes";
};
};
};
};
services.resolved = {
enable = true;
dnssec = "true";
dnsovertls = "true";
domains = [ "~." ];
fallbackDns = [ ];
};
}

View file

@ -0,0 +1,17 @@
{ pkgs, ... }: {
imports = [
./neovim.nix
./starship.nix
./zsh.nix
];
programs.git.enable = true;
environment.systemPackages = with pkgs; [
sops
age
libraspberrypi
raspberrypi-eeprom
];
}

View file

@ -0,0 +1,8 @@
_: {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
}

View file

@ -0,0 +1,8 @@
_: {
programs.starship = {
enable = true;
settings = {
add_newline = false;
};
};
}

View file

@ -0,0 +1,10 @@
_: {
programs = {
zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
};
environment.pathsToLink = [ "/share/zsh" ];
}

9
hosts/rico0/security.nix Normal file
View file

@ -0,0 +1,9 @@
_: {
security = {
sudo = {
wheelNeedsPassword = false;
};
polkit.enable = true;
rtkit.enable = true;
};
}

View file

@ -0,0 +1,6 @@
_: {
services.btrfs.autoScrub = {
enable = true;
fileSystems = [ "/mnt/system" ];
};
}

View file

@ -0,0 +1,7 @@
_: {
imports = [
./btrfs.nix
./ssh.nix
];
}

View file

@ -0,0 +1,21 @@
_: {
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
hostKeys = [
{
path = "/persist/secrets/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/secrets/ssh/keys/ssh_host_rsa_key";
type = "rsa";
bits = "4096";
}
];
};
}

View file

@ -8,6 +8,13 @@
./security.nix ./security.nix
]; ];
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { extraLocaleSettings = {

View file

@ -4,13 +4,13 @@
}: { }: {
boot = { boot = {
consoleLogLevel = 3; consoleLogLevel = 3;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4;
kernel.sysctl = { kernel.sysctl = {
"vm.swappiness" = 10; "vm.swappiness" = 10;
"vm.dirty_ratio" = 3; "vm.dirty_ratio" = 3;
}; };
initrd = { initrd = {
availableKernelModules = ["xhci_pci"]; availableKernelModules = [ "xhci_pci" ];
systemd.enable = true; systemd.enable = true;
}; };
}; };

View file

@ -0,0 +1,5 @@
_: {
virtualisation.oci-containers = {
backend = "podman";
};
}

43
hosts/rico2/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }: {
imports = [
./hardware
./programs
./services
./containers
./network.nix
./security.nix
];
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
time.timeZone = "Asia/Kolkata";
system = {
switch = {
enable = false;
enableNg = true;
};
stateVersion = "23.11";
};
}

View file

@ -0,0 +1,13 @@
_: {
imports = [ ./filesystem.nix ./kernel.nix ];
hardware.enableRedistributableFirmware = true;
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
supportedFilesystems = [ "vfat" "btrfs" "ext4" ];
};
}

View file

@ -0,0 +1,36 @@
_: {
fileSystems = {
"/" = {
device = "/dev/disk/by-partlabel/RICO2_ROOT";
fsType = "btrfs";
options = [ "subvol=@root" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/nix" = {
device = "/dev/disk/by-partlabel/RICO2_ROOT";
fsType = "btrfs";
options = [ "subvol=@nix" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-partlabel/RICO2_ROOT";
fsType = "btrfs";
options = [ "subvol=@persist" "compress-force=zstd" "noatime" ];
neededForBoot = true;
};
"/mnt/system" = {
device = "/dev/disk/by-partlabel/RICO2_ROOT";
fsType = "btrfs";
options = [ "subvol=/" "compress-force=zstd" "noatime" ];
};
"/boot" = {
device = "/dev/disk/by-partlabel/RICO2_BOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
}

View file

@ -0,0 +1,18 @@
{ lib
, pkgs
, ...
}: {
boot = {
consoleLogLevel = 3;
kernelPackages = lib.mkDefault pkgs.linuxPackages_rpi4;
kernel.sysctl = {
"vm.swappiness" = 10;
"vm.dirty_ratio" = 3;
};
initrd = {
availableKernelModules = [ "xhci_pci" ];
systemd.enable = true;
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

43
hosts/rico2/network.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, ... }: {
networking = {
nameservers = [
"2620:fe::fe#dns.quad9.net"
"9.9.9.9#dns.quad9.net"
"2620:fe::9#dns.quad9.net"
"149.112.112.112#dns.quad9.net"
];
networkmanager = {
enable = true;
dhcp = "dhcpcd";
dns = "systemd-resolved";
wifi = {
backend = "iwd";
powersave = false;
};
};
useDHCP = lib.mkDefault false;
wireless.iwd = {
enable = true;
settings = {
General = {
AddressRandomization = "network";
EnableNetworkConfiguration = false;
};
Settings = {
AutoConnect = "yes";
};
};
};
};
services.resolved = {
enable = true;
dnssec = "true";
dnsovertls = "true";
domains = [ "~." ];
fallbackDns = [ ];
};
}

View file

@ -0,0 +1,17 @@
{ pkgs, ... }: {
imports = [
./neovim.nix
./starship.nix
./zsh.nix
];
programs.git.enable = true;
environment.systemPackages = with pkgs; [
sops
age
libraspberrypi
raspberrypi-eeprom
];
}

View file

@ -0,0 +1,8 @@
_: {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
}

View file

@ -0,0 +1,8 @@
_: {
programs.starship = {
enable = true;
settings = {
add_newline = false;
};
};
}

View file

@ -0,0 +1,10 @@
_: {
programs = {
zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
};
environment.pathsToLink = [ "/share/zsh" ];
}

9
hosts/rico2/security.nix Normal file
View file

@ -0,0 +1,9 @@
_: {
security = {
sudo = {
wheelNeedsPassword = false;
};
polkit.enable = true;
rtkit.enable = true;
};
}

View file

@ -0,0 +1,6 @@
_: {
services.btrfs.autoScrub = {
enable = true;
fileSystems = [ "/mnt/system" ];
};
}

View file

@ -0,0 +1,7 @@
_: {
imports = [
./btrfs.nix
./ssh.nix
];
}

View file

@ -0,0 +1,21 @@
_: {
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
hostKeys = [
{
path = "/persist/secrets/ssh/keys/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/secrets/ssh/keys/ssh_host_rsa_key";
type = "rsa";
bits = "4096";
}
];
};
}