From 80097527162638fc8c81c203f186398c18958cbc Mon Sep 17 00:00:00 2001 From: iFargle Date: Sat, 25 Nov 2023 15:17:29 +0900 Subject: [PATCH] Testing framework-server --- flake.nix | 22 +++---- .../desktops/gnome/default.nix | 3 + .../desktops/hyprland/default.nix | 3 + nixos/hosts/framework-server/builder.nix | 15 +++++ nixos/hosts/framework-server/default.nix | 39 +++++++++++++ nixos/hosts/framework-server/disks.nix | 57 +++++++++++++++++++ nixos/hosts/framework-server/docker.nix | 10 ++++ nixos/hosts/framework-server/ssh-luks.nix | 17 ++++++ nixos/hosts/nixos-framework/default.nix | 2 +- nixos/hosts/nixos-framework/disks.nix | 4 +- 10 files changed, 159 insertions(+), 13 deletions(-) create mode 100644 home-manager/hosts/framework-server/desktops/gnome/default.nix create mode 100644 home-manager/hosts/framework-server/desktops/hyprland/default.nix create mode 100644 nixos/hosts/framework-server/builder.nix create mode 100644 nixos/hosts/framework-server/default.nix create mode 100644 nixos/hosts/framework-server/disks.nix create mode 100644 nixos/hosts/framework-server/docker.nix create mode 100644 nixos/hosts/framework-server/ssh-luks.nix diff --git a/flake.nix b/flake.nix index 21f73660..5a1c8533 100644 --- a/flake.nix +++ b/flake.nix @@ -40,22 +40,24 @@ osaka-vultr-01 = libx.mkSmallHost { hostname = "osaka-vultr-01"; }; nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; }; # Physical - nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; }; - nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; }; - nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; - nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; - nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; + nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; }; + nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; }; + framework-server = libx.mkHost { hostname = "framework-server"; }; + nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; + nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; + nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; }; homeConfigurations = { # Virtual "albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; }; "albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; }; # Physical - "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; }; - "albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; }; - "albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; - "albert@nixos-rpi4-02" = libx.mkHome { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; - "albert@nixos-rpi4-03" = libx.mkHome { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; + "albert@framework-server" = libx.mkHome { hostname = "framework-server"; }; + "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; }; + "albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; }; + "albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; + "albert@nixos-rpi4-02" = libx.mkHome { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; + "albert@nixos-rpi4-03" = libx.mkHome { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; }; imageConfigurations = { nixos-rpi4-img = libx.mkImage { hostname = "nixos-rpi4-img"; format = "sd-aarch64"; platform = "aarch64-linux"; }; diff --git a/home-manager/hosts/framework-server/desktops/gnome/default.nix b/home-manager/hosts/framework-server/desktops/gnome/default.nix new file mode 100644 index 00000000..077404aa --- /dev/null +++ b/home-manager/hosts/framework-server/desktops/gnome/default.nix @@ -0,0 +1,3 @@ +{ + +} \ No newline at end of file diff --git a/home-manager/hosts/framework-server/desktops/hyprland/default.nix b/home-manager/hosts/framework-server/desktops/hyprland/default.nix new file mode 100644 index 00000000..077404aa --- /dev/null +++ b/home-manager/hosts/framework-server/desktops/hyprland/default.nix @@ -0,0 +1,3 @@ +{ + +} \ No newline at end of file diff --git a/nixos/hosts/framework-server/builder.nix b/nixos/hosts/framework-server/builder.nix new file mode 100644 index 00000000..5d2bccdb --- /dev/null +++ b/nixos/hosts/framework-server/builder.nix @@ -0,0 +1,15 @@ +{}: { + # Testing remote builldings + users.users.${username}.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/builder-keys.txt ]; + + # For cross-architecture builds + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + "armv7l-linux" + ]; + + environment.systemPackages = with pkgs; [ + # Currently used for building the Linode image + qemu_kvm + ]; +} \ No newline at end of file diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix new file mode 100644 index 00000000..db62880e --- /dev/null +++ b/nixos/hosts/framework-server/default.nix @@ -0,0 +1,39 @@ +{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { + imports = [ + inputs.nixos-hardware.nixosModules.framework-13th-gen-intel + (modulesPath + "/installer/scan/not-detected.nix") + ./disks.nix + ../../common/modules/secureboot.nix + ../../common/services/fwupd.nix + ./builder.nix + ./ssh-luks.nix + ]; + + # steam , etc + nixpkgs.config.allowUnfree = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "acpi_call" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # Set your time zone. + time.timeZone = "Asia/Tokyo"; + + # Set the networking hostname: + networking.hostName = "nixos-framework"; + + hardware = { + opengl = { + enable = true; + driSupport32Bit = true; + driSupport = true; + }; + }; + networking.firewall.allowedTCPPorts = [ 22 ]; +} diff --git a/nixos/hosts/framework-server/disks.nix b/nixos/hosts/framework-server/disks.nix new file mode 100644 index 00000000..7b9311de --- /dev/null +++ b/nixos/hosts/framework-server/disks.nix @@ -0,0 +1,57 @@ +{ + boot.loader.grub.device = "/dev/nvme0n1"; + boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2"; + services.btrfs.autoScrub.enable = true; + services.btrfs.autoScrub.interval = "weekly"; + + disko.devices.disk.nvme0 = { + device = "/dev/nvme0n1"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "BOOT"; + start = "0%"; + end = "550MiB"; + bootable = true; + flags = [ "esp" ]; + fs-type = "fat32"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } # partition 1 (ESP) + { + name = "LUKS"; + start = "550MiB"; + end = "100%"; + content = { + type = "luks"; + name = "ROOT"; + extraOpenArgs = [ "--allow-discards" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # root + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # home + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; # nix + }; # subvolumes + }; # content.content + }; # content + } # partition 2 (/ BTRFS) + ]; # partitions + }; # content + }; # disko.devices.disk.nvme0 +} # root diff --git a/nixos/hosts/framework-server/docker.nix b/nixos/hosts/framework-server/docker.nix new file mode 100644 index 00000000..15865a12 --- /dev/null +++ b/nixos/hosts/framework-server/docker.nix @@ -0,0 +1,10 @@ +{ ... }: { + virtualisation.docker = { + enable = true; + enableOnBoot = true; + autoPrune.enable = true; + autoPrune.dates = "weekly"; + storageDriver = "btrfs"; + liveRestore = true; + }; +} \ No newline at end of file diff --git a/nixos/hosts/framework-server/ssh-luks.nix b/nixos/hosts/framework-server/ssh-luks.nix new file mode 100644 index 00000000..5cfbe533 --- /dev/null +++ b/nixos/hosts/framework-server/ssh-luks.nix @@ -0,0 +1,17 @@ +{ ... }: { + # https://nixos.wiki/wiki/Remote_LUKS_Unlocking + # Unlock command: + # ssh root@ "Password" + + # ssh setup + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + shell = "/bin/cryptsetup-askpass"; + authorizedKeys = [ config.users.users.albert.openssh.authorizedKeys.keyFiles ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + boot.initrd.availableKernelModules = [ "e1000e" ]; + boot.kernelParams = [ "ip=dhcp" ]; +} \ No newline at end of file diff --git a/nixos/hosts/nixos-framework/default.nix b/nixos/hosts/nixos-framework/default.nix index feaa52ea..70a07a82 100644 --- a/nixos/hosts/nixos-framework/default.nix +++ b/nixos/hosts/nixos-framework/default.nix @@ -1,6 +1,6 @@ { inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { imports = [ - inputs.nixos-hardware.nixosModules.framework-13th-gen-intel + inputs.nixos-hardware.nixosModules.framework-7040-amd (modulesPath + "/installer/scan/not-detected.nix") ./disks.nix ../../common/modules/secureboot.nix diff --git a/nixos/hosts/nixos-framework/disks.nix b/nixos/hosts/nixos-framework/disks.nix index ff28b9ae..8685b856 100644 --- a/nixos/hosts/nixos-framework/disks.nix +++ b/nixos/hosts/nixos-framework/disks.nix @@ -26,7 +26,7 @@ { name = "LUKS"; start = "550MiB"; - end = "-128GiB"; + end = "-64GiB"; content = { type = "luks"; name = "ROOT"; @@ -53,7 +53,7 @@ } # partition 2 (/ BTRFS) { name = "SWAP"; - start = "-128GiB"; + start = "-64GiB"; end = "100%"; content = { type = "swap";