Flake parts with x64 and ARM support for devshell on both Linux and Mac

2023-07-01 18:30:30 -05:00
parent baf8223799
commit cfe907101d
20 changed files with 137 additions and 96 deletions
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@ -0,0 +1,19 @@
+{ ... }: {
+  age = {
+    secrets = {
+      cache-key.file = ../../secrets/cache-key.age;
+      gitlab-runner.file = ../../secrets/gitlab-runner.age;
+      graf-email = {
+        file = ../../secrets/graf-email.age;
+        mode = "770";
+        owner = "grafana";
+        group = "grafana";
+      };
+      htpasswd-dock.file = ../../secrets/htpasswd-dock.age;
+      keys.file = ../../secrets/keys.age;
+      sezycei.file = ../../secrets/sezycei.age;
+      transmission-env.file = ../../secrets/transmission-env.age;
+    };
+    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+}
--- a/nix/system/dns.nix
+++ b/nix/system/dns.nix
@ -0,0 +1,50 @@
+{ config, ... }: {
+  services = {
+    coredns.enable = true;
+    # https://coredns.io/manual/configuration/  		
+    # https://github.com/coredns/coredns.io/blob/master/content/manual/configuration.md
+    coredns.config = ''
+      		  matri.cx {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 192.168.0.130"
+      		    }
+      		  }
+
+            mail.matri.cx {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 149.28.112.101"
+      		    }
+      		  }
+
+      		  *.matri.cx {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 192.168.0.130"
+      		    }
+      		  }
+
+      		  eversole.co {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 192.168.0.130"
+      		    }
+      		  }
+
+            box.eversole.co {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 149.28.112.101"
+      		    }
+      		  }
+
+      		  *.eversole.co {
+      		    template IN A  {
+      		        answer "{{ .Name }} 0 IN A 192.168.0.130"
+      		    }
+      		  }
+
+      		  . {
+      		    forward . 9.9.9.9 149.112.112.112 84.200.69.80 84.200.70.40
+      		    cache
+      		  }
+
+      		'';
+  };
+}
--- a/nix/system/hardware.nix
+++ b/nix/system/hardware.nix
@ -0,0 +1,42 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules =
+        [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+    "/nix" = {
+      device = "/dev/disk/by-label/SDA-EXT";
+      fsType = "ext4";
+      neededForBoot = true;
+      options = [ "noatime" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nix/system/nix-conf.nix
+++ b/nix/system/nix-conf.nix
@ -0,0 +1,23 @@
+{ config, ... }: {
+  services = {
+    nix-serve = {
+      enable = true;
+      secretKeyFile = config.age.secrets.cache-key.path;
+    };
+  };
+  nix = {
+    buildMachines = [
+      {
+        hostName = "localhost";
+        system = "x86_64-linux";
+        supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+        maxJobs = 8;
+      }
+    ];
+    distributedBuilds = false;
+    settings = {
+      auto-optimise-store = false; # https://github.com/NixOS/nix/issues/7273
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
+}
--- a/nix/system/security.nix
+++ b/nix/system/security.nix
@ -0,0 +1,12 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+  };
+  security = {
+    sudo.wheelNeedsPassword = false;
+    acme = {
+      acceptTerms = true;
+      defaults.email = "james@eversole.co";
+    };
+  };
+}
--- a/nix/system/system.nix
+++ b/nix/system/system.nix
@ -0,0 +1,30 @@
+{ pkgs, ... }: {
+  boot = {
+    kernel.sysctl."net.ipv4.ip_forward" = true;
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+  };
+
+  environment.systemPackages = with pkgs; [ git pciutils vim wget ];
+
+  networking = {
+    hostName = "eve-psr-nix0";
+    firewall = {
+      allowedTCPPorts = [ 22 80 443 ];
+      allowedUDPPorts = [ 22 80 443 53 ];
+    };
+  };
+
+  programs.ssh.knownHosts = {
+    selbeiskami = {
+      hostNames = [ "192.168.0.57" ];
+      publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
+    };
+    matricx = {
+      hostNames = [ "192.168.0.130" "matri.cx" ];
+      publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
+    };
+  };
+
+  time.timeZone = "America/Chicago";
+}
--- a/nix/system/virtualisation.nix
+++ b/nix/system/virtualisation.nix
@ -0,0 +1 @@
+{ ... }: { virtualisation = { oci-containers = { backend = "podman"; }; }; }
				`@ -0,0 +1 @@`
				`{ ... }: { virtualisation = { oci-containers = { backend = "podman"; }; }; }`