pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Use Colmena for deployment

Browse source
This commit is contained in:
Pim Kunis 2024-11-11 20:43:36 +01:00
parent 51312397b5
commit cca6d259a7
9 changed files with 203 additions and 173 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
flake.nix
View file

@ -75,24 +75,17 @@
formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper));
nixosConfigurations = nixpkgs.lib.mapAttrs (
name: {
nixosModule,
homeManagerModule,
}:
name: nixosModule:
nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs system;
flake = self;
inherit inputs system self;
};
modules = [
nixosModule
./nixos
{
home-manager.users.pim.imports = [homeManagerModule];
}
];
}
) (import ./machines);
@ -115,5 +108,53 @@
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {
inherit inputs self;
};
nodeSpecialArgs = {
sue = {};
};
};
sue = {
name,
nodes,
...
}: {
deployment = {
allowLocalDeployment = true;
targetHost = null;
};
imports = [
(import ./machines).sue
./nixos
];
};
gamepc = {
name,
nodes,
...
}: {
deployment = {
targetHost = "gamepc.lan";
targetUser = "root";
};
imports = [
(import ./machines).gamepc
./nixos
];
};
};
};
}

4
home-manager/default.nix
View file

@ -2,7 +2,7 @@
lib,
config,
inputs,
flake,
self,
...
}: {
imports = [
@ -248,7 +248,7 @@
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/pim.yaml";
defaultSopsFile = "${self}/secrets/pim.yaml";
secrets = {
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";

4
home-manager/gnome.nix
View file

@ -1,7 +1,7 @@
{
pkgs,
lib,
flake,
self,
config,
...
}: let
@ -88,7 +88,7 @@ in {
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${self}/wallpapers";
};
};
}

98
machines/gamepc/configuration.nix
View file

@ -1,98 +0,0 @@
{
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "gamepc";
services = {
openssh.enable = true;
tailscale.enable = true;
};
users.users = {
root.password = "";
pim = {
openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
password = "";
};
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

96
machines/gamepc/default.nix
View file

@ -1,4 +1,96 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "gamepc";
home-manager.users.pim.imports = [./home.nix];
services = {
openssh.enable = true;
tailscale.enable = true;
};
users.users = {
root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
pim.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

50
machines/sue/configuration.nix
View file

@ -1,50 +0,0 @@
{inputs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sops.enable = true;
};
services.tailscale.enable = true;
facter.reportPath = ./facter.json;
networking.hostName = "xps-9315";
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic.configuration = {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
};
}

52
machines/sue/default.nix
View file

@ -1,4 +1,50 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
{inputs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sops.enable = true;
};
services.tailscale.enable = true;
facter.reportPath = ./facter.json;
home-manager.users.pim.imports = [./home.nix];
networking.hostName = "sue";
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic.configuration = {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
};
}

9
nixos/default.nix
View file

@ -3,8 +3,7 @@
config,
lib,
inputs,
flake,
system,
self,
...
}: {
imports = [
@ -140,7 +139,7 @@
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit system;
inherit (pkgs) system;
config.allowUnfree = true;
};
})
@ -170,8 +169,8 @@
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit flake inputs;};
extraSpecialArgs = {inherit self inputs;};
users.pim.imports = ["${flake}/home-manager"];
users.pim.imports = ["${self}/home-manager"];
};
}

4
nixos/sops.nix
View file

@ -1,7 +1,7 @@
{
inputs,
pkgs,
flake,
self,
config,
lib,
...
@ -16,7 +16,7 @@ in {
sops = {
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/secrets.yaml";
defaultSopsFile = "${self}/secrets/secrets.yaml";
};
};
}