adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove rico0

Browse source
This commit is contained in:
Adithya 2024-01-04 21:51:31 +05:30
parent bbb4669c1e
commit a26d10f353
Signed by: adtya
GPG key ID: 48FC9915FFD326D0
19 changed files with 1 additions and 449 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,2 +1,2 @@
# NixOS configuration for Skipper, Rico1 and Rico2 # NixOS Configuration

23
flake.nix
View file

@ -27,10 +27,6 @@
}; };
}; };
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
};
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs = { inputs = {
@ -54,7 +50,6 @@
, home-manager , home-manager
, impermanence , impermanence
, lanzaboote , lanzaboote
, nixos-hardware
, nixvim , nixvim
, flake_env , flake_env
, ,
@ -103,24 +98,6 @@
} }
]; ];
}; };
Rico0 = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
pkgs = import nixpkgs {
inherit system;
config = nixpkgs-config;
};
specialArgs = inputs // { inherit secrets; };
modules = [
{
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
}
nixos-hardware.nixosModules.raspberry-pi-4
./common
./hosts/rico0
];
};
}; };
} }
// flake-utils.lib.eachDefaultSystem ( // flake-utils.lib.eachDefaultSystem (

7
hosts/rico0/containers/default.nix
View file

@ -1,7 +0,0 @@
_: {
imports = [ ./pihole.nix ];
virtualisation.oci-containers = {
backend = "podman";
};
}

26
hosts/rico0/containers/pihole.nix
View file

@ -1,26 +0,0 @@
_: {
services.caddy.virtualHosts."http://pihole.local.adtya.xyz" = {
extraConfig = ''
reverse_proxy 127.0.0.1:3000
'';
};
virtualisation.oci-containers.containers = {
pihole = {
image = "pihole/pihole:latest";
hostname = "heimdall";
environmentFiles = [
"/var/lib/pihole/.env"
];
volumes = [
"/var/lib/pihole/etc/pihole:/etc/pihole/"
"/var/lib/pihole/etc/dnsmasq.d:/etc/dnsmasq.d/"
];
ports = [
"53:53/tcp"
"53:53/udp"
"67:67/udp"
"3000:80/tcp"
];
};
};
}

30
hosts/rico0/default.nix
View file

@ -1,30 +0,0 @@
{ ... }: {
imports = [
./hardware
./programs
./services
./containers
./network.nix
./security.nix
];
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
LC_ALL = "en_US.UTF-8";
};
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
time.timeZone = "Asia/Kolkata";
system.stateVersion = "23.11";
}

222
hosts/rico0/hardware/default.nix
View file

@ -1,222 +0,0 @@
{ lib, ... }: {
imports = [ ./filesystem.nix ./kernel.nix ];
hardware = {
raspberry-pi."4".apply-overlays-dtmerge.enable = lib.mkDefault true;
deviceTree = {
filter = "bcm2711-rpi-4*.dtb";
overlays = [
# Combined equivalent to:
# * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-overlay.dts
# * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-plus-overlay.dts
{
name = "rpi-poe-plus-overlay";
dtsText = ''
/*
* Overlay for the Raspberry Pi POE HAT.
*/
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target-path = "/";
__overlay__ {
fan: pwm-fan {
compatible = "pwm-fan";
cooling-levels = <0 1 10 100 255>;
#cooling-cells = <2>;
pwms = <&fwpwm 0 80000>;
};
};
};
fragment@1 {
target = <&cpu_thermal>;
__overlay__ {
polling-delay = <2000>; /* milliseconds */
};
};
fragment@2 {
target = <&thermal_trips>;
__overlay__ {
trip0: trip0 {
temperature = <55000>;
hysteresis = <2000>;
type = "active";
};
trip1: trip1 {
temperature = <58000>;
hysteresis = <2000>;
type = "active";
};
trip2: trip2 {
temperature = <61000>;
hysteresis = <2000>;
type = "active";
};
trip3: trip3 {
temperature = <64000>;
hysteresis = <5000>;
type = "active";
};
};
};
fragment@3 {
target = <&cooling_maps>;
__overlay__ {
map0 {
trip = <&trip0>;
cooling-device = <&fan 0 1>;
};
map1 {
trip = <&trip1>;
cooling-device = <&fan 1 2>;
};
map2 {
trip = <&trip2>;
cooling-device = <&fan 2 3>;
};
map3 {
trip = <&trip3>;
cooling-device = <&fan 3 4>;
};
};
};
fragment@4 {
target-path = "/__overrides__";
params: __overlay__ {
poe_fan_temp0 = <&trip0>,"temperature:0";
poe_fan_temp0_hyst = <&trip0>,"hysteresis:0";
poe_fan_temp1 = <&trip1>,"temperature:0";
poe_fan_temp1_hyst = <&trip1>,"hysteresis:0";
poe_fan_temp2 = <&trip2>,"temperature:0";
poe_fan_temp2_hyst = <&trip2>,"hysteresis:0";
poe_fan_temp3 = <&trip3>,"temperature:0";
poe_fan_temp3_hyst = <&trip3>,"hysteresis:0";
poe_fan_i2c = <&fwpwm>,"status=disabled",
<&poe_mfd>,"status=okay",
<&fan>,"pwms:0=",<&poe_mfd_pwm>;
};
};
fragment@5 {
target = <&firmware>;
__overlay__ {
fwpwm: pwm {
compatible = "raspberrypi,firmware-poe-pwm";
#pwm-cells = <2>;
};
};
};
fragment@6 {
target = <&i2c0>;
i2c_bus: __overlay__ {
#address-cells = <1>;
#size-cells = <0>;
poe_mfd: poe@51 {
compatible = "raspberrypi,poe-core";
reg = <0x51>;
status = "disabled";
poe_mfd_pwm: poe_pwm@f0 {
compatible = "raspberrypi,poe-pwm";
reg = <0xf0>;
status = "okay";
#pwm-cells = <2>;
};
};
};
};
fragment@7 {
target = <&i2c0if>;
__dormant__ {
status = "okay";
};
};
fragment@8 {
target = <&i2c0mux>;
__dormant__ {
status = "okay";
};
};
__overrides__ {
poe_fan_temp0 = <&trip0>,"temperature:0";
poe_fan_temp0_hyst = <&trip0>,"hysteresis:0";
poe_fan_temp1 = <&trip1>,"temperature:0";
poe_fan_temp1_hyst = <&trip1>,"hysteresis:0";
poe_fan_temp2 = <&trip2>,"temperature:0";
poe_fan_temp2_hyst = <&trip2>,"hysteresis:0";
poe_fan_temp3 = <&trip3>,"temperature:0";
poe_fan_temp3_hyst = <&trip3>,"hysteresis:0";
i2c = <0>, "+5+6",
<&fwpwm>,"status=disabled",
<&i2c_bus>,"status=okay",
<&poe_mfd>,"status=okay",
<&fan>,"pwms:0=",<&poe_mfd_pwm>;
};
};
// SPDX-License-Identifier: (GPL-2.0 OR MIT)
// Overlay for the Raspberry Pi PoE+ HAT.
/ {
compatible = "brcm,bcm2711";
fragment@10 {
target-path = "/";
__overlay__ {
rpi_poe_power_supply: rpi-poe-power-supply {
compatible = "raspberrypi,rpi-poe-power-supply";
firmware = <&firmware>;
status = "okay";
};
};
};
fragment@11 {
target = <&poe_mfd>;
__overlay__ {
rpi-poe-power-supply@f2 {
compatible = "raspberrypi,rpi-poe-power-supply";
reg = <0xf2>;
status = "okay";
};
};
};
__overrides__ {
i2c = <0>, "+5+6",
<&fwpwm>,"status=disabled",
<&rpi_poe_power_supply>,"status=disabled",
<&i2c_bus>,"status=okay",
<&poe_mfd>,"status=okay",
<&fan>,"pwms:0=",<&poe_mfd_pwm>;
};
};
&fan {
cooling-levels = <0 32 64 128 255>;
};
&params {
poe_fan_i2c = <&fwpwm>,"status=disabled",
<&rpi_poe_power_supply>,"status=disabled",
<&poe_mfd>,"status=okay",
<&fan>,"pwms:0=",<&poe_mfd_pwm>;
};
'';
}
];
};
};
}

11
hosts/rico0/hardware/filesystem.nix
View file

@ -1,11 +0,0 @@
_: {
fileSystems."/" = {
device = "/dev/disk/by-partlabel/NIXOS_ROOT";
fsType = "btrfs";
options = [ "noatime" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-partlabel/ESP";
fsType = "vfat";
};
}

5
hosts/rico0/hardware/kernel.nix
View file

@ -1,5 +0,0 @@
{ lib
, ...
}: {
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

18
hosts/rico0/network.nix
View file

@ -1,18 +0,0 @@
{ lib, ... }: {
networking = {
hostName = "Rico0";
networkmanager = {
enable = true;
dhcp = "dhcpcd";
appendNameservers = [
"2620:fe::fe"
"9.9.9.9"
"2620:fe::9"
"149.112.112.112"
];
};
useDHCP = lib.mkDefault false;
};
}

13
hosts/rico0/programs/default.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }: {
imports = [
./neovim.nix
./starship.nix
./zsh.nix
];
programs.git.enable = true;
environment.systemPackages = with pkgs; [
git-crypt
];
}

8
hosts/rico0/programs/neovim.nix
View file

@ -1,8 +0,0 @@
_: {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
}

8
hosts/rico0/programs/starship.nix
View file

@ -1,8 +0,0 @@
_: {
programs.starship = {
enable = true;
settings = {
add_newline = false;
};
};
}

10
hosts/rico0/programs/zsh.nix
View file

@ -1,10 +0,0 @@
_: {
programs = {
zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
};
environment.pathsToLink = [ "/share/zsh" ];
}

15
hosts/rico0/security.nix
View file

@ -1,15 +0,0 @@
_: {
security = {
apparmor = {
enable = true;
enableCache = true;
};
audit.enable = true;
auditd.enable = true;
sudo = {
wheelNeedsPassword = false;
};
polkit.enable = true;
rtkit.enable = true;
};
}

6
hosts/rico0/services/btrfs.nix
View file

@ -1,6 +0,0 @@
_: {
services.btrfs.autoScrub = {
enable = true;
interval = "weekly";
};
}

9
hosts/rico0/services/caddy.nix
View file

@ -1,9 +0,0 @@
{ config
, secrets
, ...
}: {
services.caddy = {
enable = true;
inherit (secrets.caddy_config) email;
};
}

9
hosts/rico0/services/default.nix
View file

@ -1,9 +0,0 @@
_: {
imports = [
./btrfs.nix
./caddy.nix
./frpc.nix
./ssh.nix
];
}

19
hosts/rico0/services/frpc.nix
View file

@ -1,19 +0,0 @@
{ secrets, ... }: {
services.frp = {
enable = true;
role = "client";
settings = {
"common" = {
inherit (secrets.frp_config) server_addr token;
server_port = 7000;
authentication_method = "token";
};
"ssh.rico0" = {
type = "tcp";
local_port = 22;
remote_port = 6000;
};
};
};
}

9
hosts/rico0/services/ssh.nix
View file

@ -1,9 +0,0 @@
_: {
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}