Testing framework-server
This commit is contained in:
parent
164da4ba20
commit
8009752716
10 changed files with 159 additions and 13 deletions
|
@ -42,6 +42,7 @@
|
|||
# Physical
|
||||
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; desktop = "hyprland"; gpu = "nvidia"; theme = "gruvbox"; };
|
||||
nixos-framework = libx.mkHost { hostname = "nixos-framework"; desktop = "hyprland"; gpu = "intel"; theme = "green"; };
|
||||
framework-server = libx.mkHost { hostname = "framework-server"; };
|
||||
nixos-rpi4-01 = libx.mkHost { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
||||
nixos-rpi4-02 = libx.mkHost { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; };
|
||||
nixos-rpi4-03 = libx.mkHost { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; };
|
||||
|
@ -51,6 +52,7 @@
|
|||
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
|
||||
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
|
||||
# Physical
|
||||
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
|
||||
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "gruvbox"; };
|
||||
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
|
||||
"albert@nixos-rpi4-01" = libx.mkHome { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; };
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
|
||||
}
|
15
nixos/hosts/framework-server/builder.nix
Normal file
15
nixos/hosts/framework-server/builder.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{}: {
|
||||
# Testing remote builldings
|
||||
users.users.${username}.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/builder-keys.txt ];
|
||||
|
||||
# For cross-architecture builds
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Currently used for building the Linode image
|
||||
qemu_kvm
|
||||
];
|
||||
}
|
39
nixos/hosts/framework-server/default.nix
Normal file
39
nixos/hosts/framework-server/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./disks.nix
|
||||
../../common/modules/secureboot.nix
|
||||
../../common/services/fwupd.nix
|
||||
./builder.nix
|
||||
./ssh-luks.nix
|
||||
];
|
||||
|
||||
# steam , etc
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" "acpi_call" ];
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Asia/Tokyo";
|
||||
|
||||
# Set the networking hostname:
|
||||
networking.hostName = "nixos-framework";
|
||||
|
||||
hardware = {
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
driSupport = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
}
|
57
nixos/hosts/framework-server/disks.nix
Normal file
57
nixos/hosts/framework-server/disks.nix
Normal file
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
boot.loader.grub.device = "/dev/nvme0n1";
|
||||
boot.initrd.luks.devices."nvme0n1p2".device = "/dev/nvme0n1p2";
|
||||
services.btrfs.autoScrub.enable = true;
|
||||
services.btrfs.autoScrub.interval = "weekly";
|
||||
|
||||
disko.devices.disk.nvme0 = {
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "table";
|
||||
format = "gpt";
|
||||
partitions = [
|
||||
{
|
||||
name = "BOOT";
|
||||
start = "0%";
|
||||
end = "550MiB";
|
||||
bootable = true;
|
||||
flags = [ "esp" ];
|
||||
fs-type = "fat32";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
} # partition 1 (ESP)
|
||||
{
|
||||
name = "LUKS";
|
||||
start = "550MiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "ROOT";
|
||||
extraOpenArgs = [ "--allow-discards" ];
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # root
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # home
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
}; # nix
|
||||
}; # subvolumes
|
||||
}; # content.content
|
||||
}; # content
|
||||
} # partition 2 (/ BTRFS)
|
||||
]; # partitions
|
||||
}; # content
|
||||
}; # disko.devices.disk.nvme0
|
||||
} # root
|
10
nixos/hosts/framework-server/docker.nix
Normal file
10
nixos/hosts/framework-server/docker.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ ... }: {
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
enableOnBoot = true;
|
||||
autoPrune.enable = true;
|
||||
autoPrune.dates = "weekly";
|
||||
storageDriver = "btrfs";
|
||||
liveRestore = true;
|
||||
};
|
||||
}
|
17
nixos/hosts/framework-server/ssh-luks.nix
Normal file
17
nixos/hosts/framework-server/ssh-luks.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ ... }: {
|
||||
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
|
||||
# Unlock command:
|
||||
# ssh root@<Local_IP_Address> "Password"
|
||||
|
||||
# ssh setup
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.network.ssh = {
|
||||
enable = true;
|
||||
port = 22;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
authorizedKeys = [ config.users.users.albert.openssh.authorizedKeys.keyFiles ];
|
||||
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||
};
|
||||
boot.initrd.availableKernelModules = [ "e1000e" ];
|
||||
boot.kernelParams = [ "ip=dhcp" ];
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||
inputs.nixos-hardware.nixosModules.framework-7040-amd
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./disks.nix
|
||||
../../common/modules/secureboot.nix
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
{
|
||||
name = "LUKS";
|
||||
start = "550MiB";
|
||||
end = "-128GiB";
|
||||
end = "-64GiB";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "ROOT";
|
||||
|
@ -53,7 +53,7 @@
|
|||
} # partition 2 (/ BTRFS)
|
||||
{
|
||||
name = "SWAP";
|
||||
start = "-128GiB";
|
||||
start = "-64GiB";
|
||||
end = "100%";
|
||||
content = {
|
||||
type = "swap";
|
||||
|
|
Loading…
Reference in a new issue