Testing framework-server

This commit is contained in:
iFargle 2023-11-25 15:17:29 +09:00
parent 164da4ba20
commit 8009752716
10 changed files with 159 additions and 13 deletions

View file

@ -42,6 +42,7 @@
# Physical # Physical
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; }; nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; };
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; }; nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; };
framework-server = libx.mkHost { hostname = "framework-server"; };
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
@ -51,6 +52,7 @@
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; }; "albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; }; "albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
# Physical # Physical
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; }; "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; };
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; }; "albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
"albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; "albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };

View file

@ -0,0 +1,3 @@
{
}

View file

@ -0,0 +1,3 @@
{
}

View file

@ -0,0 +1,15 @@
{}: {
# Testing remote builldings
users.users.${username}.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/builder-keys.txt ];
# For cross-architecture builds
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
environment.systemPackages = with pkgs; [
# Currently used for building the Linode image
qemu_kvm
];
}

View file

@ -0,0 +1,39 @@
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
imports = [
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
(modulesPath + "/installer/scan/not-detected.nix")
./disks.nix
../../common/modules/secureboot.nix
../../common/services/fwupd.nix
./builder.nix
./ssh-luks.nix
];
# steam , etc
nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Set your time zone.
time.timeZone = "Asia/Tokyo";
# Set the networking hostname:
networking.hostName = "nixos-framework";
hardware = {
opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
};
};
networking.firewall.allowedTCPPorts = [ 22 ];
}

View file

@ -0,0 +1,57 @@
{
boot.loader.grub.device = "/dev/nvme0n1";
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
services.btrfs.autoScrub.enable = true;
services.btrfs.autoScrub.interval = "weekly";
disko.devices.disk.nvme0 = {
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "BOOT";
start = "0%";
end = "550MiB";
bootable = true;
flags = [ "esp" ];
fs-type = "fat32";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
} # partition 1 (ESP)
{
name = "LUKS";
start = "550MiB";
end = "100%";
content = {
type = "luks";
name = "ROOT";
extraOpenArgs = [ "--allow-discards" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
}; # root
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
}; # home
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
}; # nix
}; # subvolumes
}; # content.content
}; # content
} # partition 2 (/ BTRFS)
]; # partitions
}; # content
}; # disko.devices.disk.nvme0
} # root

View file

@ -0,0 +1,10 @@
{ ... }: {
virtualisation.docker = {
enable = true;
enableOnBoot = true;
autoPrune.enable = true;
autoPrune.dates = "weekly";
storageDriver = "btrfs";
liveRestore = true;
};
}

View file

@ -0,0 +1,17 @@
{ ... }: {
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
# ssh setup
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
authorizedKeys = [ config.users.users.albert.openssh.authorizedKeys.keyFiles ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
boot.initrd.availableKernelModules = [ "e1000e" ];
boot.kernelParams = [ "ip=dhcp" ];
}

View file

@ -1,6 +1,6 @@
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { { inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel inputs.nixos-hardware.nixosModules.framework-7040-amd
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./disks.nix ./disks.nix
../../common/modules/secureboot.nix ../../common/modules/secureboot.nix

View file

@ -26,7 +26,7 @@
{ {
name = "LUKS"; name = "LUKS";
start = "550MiB"; start = "550MiB";
end = "-128GiB"; end = "-64GiB";
content = { content = {
type = "luks"; type = "luks";
name = "ROOT"; name = "ROOT";
@ -53,7 +53,7 @@
} # partition 2 (/ BTRFS) } # partition 2 (/ BTRFS)
{ {
name = "SWAP"; name = "SWAP";
start = "-128GiB"; start = "-64GiB";
end = "100%"; end = "100%";
content = { content = {
type = "swap"; type = "swap";