Testing framework-server
This commit is contained in:
parent
164da4ba20
commit
8009752716
10 changed files with 159 additions and 13 deletions
22
flake.nix
22
flake.nix
|
@ -40,22 +40,24 @@
|
||||||
osaka-vultr-01 = libx.mkSmallHost { hostname = "osaka-vultr-01"; };
|
osaka-vultr-01 = libx.mkSmallHost { hostname = "osaka-vultr-01"; };
|
||||||
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
||||||
# Physical
|
# Physical
|
||||||
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; };
|
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; };
|
||||||
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; };
|
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; };
|
||||||
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
framework-server = libx.mkHost { hostname = "framework-server"; };
|
||||||
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
||||||
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
||||||
|
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
||||||
};
|
};
|
||||||
homeConfigurations = {
|
homeConfigurations = {
|
||||||
# Virtual
|
# Virtual
|
||||||
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
|
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
|
||||||
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
|
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
|
||||||
# Physical
|
# Physical
|
||||||
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; };
|
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
|
||||||
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
|
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; };
|
||||||
"albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
|
||||||
"albert@nixos-rpi4-02" = libx.mkHome { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
"albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
||||||
"albert@nixos-rpi4-03" = libx.mkHome { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
"albert@nixos-rpi4-02" = libx.mkHome { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
||||||
|
"albert@nixos-rpi4-03" = libx.mkHome { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
||||||
};
|
};
|
||||||
imageConfigurations = {
|
imageConfigurations = {
|
||||||
nixos-rpi4-img = libx.mkImage { hostname = "nixos-rpi4-img"; format = "sd-aarch64"; platform = "aarch64-linux"; };
|
nixos-rpi4-img = libx.mkImage { hostname = "nixos-rpi4-img"; format = "sd-aarch64"; platform = "aarch64-linux"; };
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
15
nixos/hosts/framework-server/builder.nix
Normal file
15
nixos/hosts/framework-server/builder.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{}: {
|
||||||
|
# Testing remote builldings
|
||||||
|
users.users.${username}.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/builder-keys.txt ];
|
||||||
|
|
||||||
|
# For cross-architecture builds
|
||||||
|
boot.binfmt.emulatedSystems = [
|
||||||
|
"aarch64-linux"
|
||||||
|
"armv7l-linux"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
# Currently used for building the Linode image
|
||||||
|
qemu_kvm
|
||||||
|
];
|
||||||
|
}
|
39
nixos/hosts/framework-server/default.nix
Normal file
39
nixos/hosts/framework-server/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
./disks.nix
|
||||||
|
../../common/modules/secureboot.nix
|
||||||
|
../../common/services/fwupd.nix
|
||||||
|
./builder.nix
|
||||||
|
./ssh-luks.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# steam , etc
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
|
||||||
|
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Asia/Tokyo";
|
||||||
|
|
||||||
|
# Set the networking hostname:
|
||||||
|
networking.hostName = "nixos-framework";
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
driSupport = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
}
|
57
nixos/hosts/framework-server/disks.nix
Normal file
57
nixos/hosts/framework-server/disks.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
{
|
||||||
|
boot.loader.grub.device = "/dev/nvme0n1";
|
||||||
|
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
|
||||||
|
services.btrfs.autoScrub.enable = true;
|
||||||
|
services.btrfs.autoScrub.interval = "weekly";
|
||||||
|
|
||||||
|
disko.devices.disk.nvme0 = {
|
||||||
|
device = "/dev/nvme0n1";
|
||||||
|
content = {
|
||||||
|
type = "table";
|
||||||
|
format = "gpt";
|
||||||
|
partitions = [
|
||||||
|
{
|
||||||
|
name = "BOOT";
|
||||||
|
start = "0%";
|
||||||
|
end = "550MiB";
|
||||||
|
bootable = true;
|
||||||
|
flags = [ "esp" ];
|
||||||
|
fs-type = "fat32";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
} # partition 1 (ESP)
|
||||||
|
{
|
||||||
|
name = "LUKS";
|
||||||
|
start = "550MiB";
|
||||||
|
end = "100%";
|
||||||
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name = "ROOT";
|
||||||
|
extraOpenArgs = [ "--allow-discards" ];
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = [ "-f" ];
|
||||||
|
subvolumes = {
|
||||||
|
"/root" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
}; # root
|
||||||
|
"/home" = {
|
||||||
|
mountpoint = "/home";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
}; # home
|
||||||
|
"/nix" = {
|
||||||
|
mountpoint = "/nix";
|
||||||
|
mountOptions = [ "compress=zstd" "noatime" ];
|
||||||
|
}; # nix
|
||||||
|
}; # subvolumes
|
||||||
|
}; # content.content
|
||||||
|
}; # content
|
||||||
|
} # partition 2 (/ BTRFS)
|
||||||
|
]; # partitions
|
||||||
|
}; # content
|
||||||
|
}; # disko.devices.disk.nvme0
|
||||||
|
} # root
|
10
nixos/hosts/framework-server/docker.nix
Normal file
10
nixos/hosts/framework-server/docker.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ ... }: {
|
||||||
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
enableOnBoot = true;
|
||||||
|
autoPrune.enable = true;
|
||||||
|
autoPrune.dates = "weekly";
|
||||||
|
storageDriver = "btrfs";
|
||||||
|
liveRestore = true;
|
||||||
|
};
|
||||||
|
}
|
17
nixos/hosts/framework-server/ssh-luks.nix
Normal file
17
nixos/hosts/framework-server/ssh-luks.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ ... }: {
|
||||||
|
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
|
||||||
|
# Unlock command:
|
||||||
|
# ssh root@<Local_IP_Address> "Password"
|
||||||
|
|
||||||
|
# ssh setup
|
||||||
|
boot.initrd.network.enable = true;
|
||||||
|
boot.initrd.network.ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 22;
|
||||||
|
shell = "/bin/cryptsetup-askpass";
|
||||||
|
authorizedKeys = [ config.users.users.albert.openssh.authorizedKeys.keyFiles ];
|
||||||
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||||
|
};
|
||||||
|
boot.initrd.availableKernelModules = [ "e1000e" ];
|
||||||
|
boot.kernelParams = [ "ip=dhcp" ];
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
inputs.nixos-hardware.nixosModules.framework-7040-amd
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
./disks.nix
|
./disks.nix
|
||||||
../../common/modules/secureboot.nix
|
../../common/modules/secureboot.nix
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
{
|
{
|
||||||
name = "LUKS";
|
name = "LUKS";
|
||||||
start = "550MiB";
|
start = "550MiB";
|
||||||
end = "-128GiB";
|
end = "-64GiB";
|
||||||
content = {
|
content = {
|
||||||
type = "luks";
|
type = "luks";
|
||||||
name = "ROOT";
|
name = "ROOT";
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
} # partition 2 (/ BTRFS)
|
} # partition 2 (/ BTRFS)
|
||||||
{
|
{
|
||||||
name = "SWAP";
|
name = "SWAP";
|
||||||
start = "-128GiB";
|
start = "-64GiB";
|
||||||
end = "100%";
|
end = "100%";
|
||||||
content = {
|
content = {
|
||||||
type = "swap";
|
type = "swap";
|
||||||
|
|
Loading…
Reference in a new issue