Merge branch 'master' of git.bitlab21.com:sam/nixos

2025-01-25 20:41:50 +00:00 · 2025-01-25 20:41:50 +00:00 · cc765b3372
parent dfa1fcd045 2fede91760
commit cc765b3372
6 changed files with 227 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@ -539,11 +539,11 @@
    },
    "nix-secrets": {
      "locked": {
-        "lastModified": 1737745804,
-        "narHash": "sha256-ix/gu0HJmJISlZM2PjCssg+4fhD1g0CrrpLaKb84dRo=",
+        "lastModified": 1737831370,
+        "narHash": "sha256-SknkmBjTklrzrXaVALsIIOtu1r8TP35NEfhST6zJyH4=",
        "ref": "refs/heads/master",
-        "rev": "3a049490d4853b61e9cf778347ff8fa175488ede",
-        "revCount": 251,
+        "rev": "148154f0b8bdaf085ea16562822f55c810b55bac",
+        "revCount": 255,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -130,6 +130,17 @@
        modules = [
          ./hosts/citadel

+          home-manager.nixosModules.home-manager
+          {
+            home-manager.extraSpecialArgs = specialArgs;
+          }
+        ];
+      };
+      cloudnix = nixpkgs.lib.nixosSystem {
+        inherit specialArgs;
+        modules = [
+          ./hosts/cloudnix
+
          home-manager.nixosModules.home-manager
          {
            home-manager.extraSpecialArgs = specialArgs;
--- a/home/cloudnix.nix
+++ b/home/cloudnix.nix
@ -0,0 +1,11 @@
+{
+  ...
+}: {
+  imports = [
+    ./users/admin
+    ./common/core
+    ./common/optional/git.nix
+    ./common/optional/sops.nix
+  ];
+
+}
--- a/hosts/cloudnix/default.nix
+++ b/hosts/cloudnix/default.nix
@ -0,0 +1,83 @@
+{
+  configVars,
+  outputs,
+  lib,
+
+  ...
+}: let
+  user = "admin";
+  merlinIp = configVars.networking.addresses.merlin.ip;
+  cloudnixIp = configVars.networking.addresses.cloudnix.ip;
+  btrfsMountDevice = "/dev/disk/by-uuid/2aec8052-68fc-4bac-9b8d-c10b9b659ad8";
+in {
+  imports = [
+    # Create users for this host
+    ../common/users/${user}
+
+    # Import core options
+    ./hardware-configuration.nix
+    ../common/core
+
+    # Impermanence
+    ../common/optional/persistence.nix
+    (import ../common/disks/btrfs/impermanence.nix {
+      btrfsMountDevice = btrfsMountDevice;
+      lib = lib;
+    })
+
+    # Import optional options
+    ../common/optional/persistence.nix
+    ../common/optional/openssh.nix
+
+    ../common/optional/distributed-builds/local-machine.nix
+
+    outputs.nixosModules.nixosAutoUpgrade
+  ];
+
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = false;
+      grub = {
+        enable = true;
+        devices = ["/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_57492184"];
+      };
+    };
+  };
+
+  services = {
+    earlyoom = {
+      enable = true;
+      freeMemThreshold = 5; # <%5 free
+    };
+  };
+
+  system.services.nixosAutoUpgrade = {
+    enable = true;
+    persistent = true;
+    remote = "remotebuild@${merlinIp}";
+    reboot = false;
+    pushUpdates = false;
+    configDir = "/etc/nixos";
+    onCalendar = "*-*-* 06:00:00";
+    user = "admin";
+  };
+
+  networking = {
+    hostName = "cloudnix";
+    nameservers = ["8.8.8.8"];
+    firewall.enable = true;
+  };
+
+  systemd.network.networks."10-wan" = {
+    networkConfig.DHCP = "no";
+    address = [
+      "${cloudnixIp}/32"
+    ];
+    routes = [
+      { routeConfig = { Destination = "172.31.1.1"; }; }
+      { routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; }
+    ];
+  };
+
+  services.libinput.enable = true;
+}
--- a/hosts/cloudnix/hardware-configuration.nix
+++ b/hosts/cloudnix/hardware-configuration.nix
@ -0,0 +1,61 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2aec8052-68fc-4bac-9b8d-c10b9b659ad8";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/.swapvol" =
+    { device = "/dev/disk/by-uuid/2aec8052-68fc-4bac-9b8d-c10b9b659ad8";
+      fsType = "btrfs";
+      options = [ "subvol=swap" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1DE3-CACA";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/2aec8052-68fc-4bac-9b8d-c10b9b659ad8";
+      fsType = "btrfs";
+      options = [ "subvol=nix" ];
+    };
+
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/2aec8052-68fc-4bac-9b8d-c10b9b659ad8";
+      fsType = "btrfs";
+      options = [ "subvol=persist" ];
+    };
+
+  swapDevices = [
+    {
+      device = "/.swapvol/swapfile";
+      size = 2 * 1024;
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/hosts/common/disks/btrfs/legacy.nix
+++ b/hosts/common/disks/btrfs/legacy.nix
@ -0,0 +1,57 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            BOOT = {
+              size = "1M";
+              type = "EF02";
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"];
+                subvolumes = {
+                  "/root" = {
+                    mountpoint = "/";
+                  };
+
+                  "/persist" = {
+                    mountOptions = ["subvol=persist"];
+                    mountpoint = "/persist";
+                  };
+
+                  "/nix" = {
+                    mountOptions = ["subvol=nix" "noatime"];
+                    mountpoint = "/nix";
+                  };
+
+                  "/swap" = {
+                    mountOptions = ["noatime"];
+                    mountpoint = "/.swapvol";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}