From 3a44ed191587d57de7c869f49007cb3e016a6065 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Wed, 21 Aug 2024 21:54:49 -0400 Subject: [PATCH] initial commit --- .github/workflows/nix-build.yml | 18 ++++++- flake.nix | 1 + hosts/slateport/README.md | 18 +++++++ hosts/slateport/default.nix | 63 +++++++++++++++++++++++ hosts/slateport/disko.nix | 58 +++++++++++++++++++++ hosts/slateport/home.nix | 9 ++++ hosts/slateport/secrets.nix | 7 +++ hosts/slateport/stylix.nix | 54 +++++++++++++++++++ secrets/aly/syncthing/slateport/cert.age | Bin 0 -> 1996 bytes secrets/aly/syncthing/slateport/key.age | Bin 0 -> 1490 bytes secrets/secrets.nix | 2 + userModules/aly/syncthing.nix | 3 +- 12 files changed, 231 insertions(+), 2 deletions(-) create mode 100644 hosts/slateport/README.md create mode 100644 hosts/slateport/default.nix create mode 100644 hosts/slateport/disko.nix create mode 100644 hosts/slateport/home.nix create mode 100644 hosts/slateport/secrets.nix create mode 100644 hosts/slateport/stylix.nix create mode 100644 secrets/aly/syncthing/slateport/cert.age create mode 100644 secrets/aly/syncthing/slateport/key.age diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index e05938dc..30c17b22 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -101,4 +101,20 @@ jobs: name: alyraffauf authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Build rustboro - run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel \ No newline at end of file + run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel + slateport-build: + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + - uses: actions/checkout@main + with: + fetch-depth: 1 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - uses: cachix/cachix-action@master + with: + name: alyraffauf + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - name: Build slateport + run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel \ No newline at end of file diff --git a/flake.nix b/flake.nix index 23d20f89..3d04f570 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,7 @@ "mauville" "petalburg" "rustboro" + "slateport" ]; in { formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra); diff --git a/hosts/slateport/README.md b/hosts/slateport/README.md new file mode 100644 index 00000000..2a5c78bf --- /dev/null +++ b/hosts/slateport/README.md @@ -0,0 +1,18 @@ +# slateport + +## Overview + +Lenovo ThinkCentre M700. + +## Todo + +- \[ \] configure reverse proxy. +- \[ \] upgrade SSD. + +## Specs + +## Filesystems + +### / + +Unencrypted btrfs volume. \ No newline at end of file diff --git a/hosts/slateport/default.nix b/hosts/slateport/default.nix new file mode 100644 index 00000000..da176b32 --- /dev/null +++ b/hosts/slateport/default.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + pkgs, + self, + ... +}: let + domain = "raffauflabs.com"; +in { + imports = [ + ../common + ./disko.nix + ./home.nix + ./secrets.nix + ./stylix.nix + self.inputs.nixhw.nixosModules.common-intel-cpu + self.inputs.nixhw.nixosModules.common-intel-gpu + self.inputs.nixhw.nixosModules.common-bluetooth + self.inputs.nixhw.nixosModules.common-ssd + self.inputs.raffauflabs.nixosModules.raffauflabs + ]; + + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"]; + + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + }; + + hardware.enableAllFirmware = true; + networking.hostName = "slateport"; + system.stateVersion = "24.05"; + zramSwap.memoryPercent = 100; + + ar = { + apps.podman.enable = true; + + users.aly = { + enable = true; + password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4"; + + syncthing = { + enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; + syncMusic = false; + }; + }; + }; + + raffauflabs = { + inherit domain; + enable = true; + + services.ddclient = { + enable = true; + passwordFile = config.age.secrets.cloudflare.path; + protocol = "cloudflare"; + }; + }; +} diff --git a/hosts/slateport/disko.nix b/hosts/slateport/disko.nix new file mode 100644 index 00000000..138f9d8b --- /dev/null +++ b/hosts/slateport/disko.nix @@ -0,0 +1,58 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-diskseq/1"; + + content = { + type = "gpt"; + + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "1024M"; + type = "EF00"; + + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/home"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + + mountpoint = "/partition-root"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/slateport/home.nix b/hosts/slateport/home.nix new file mode 100644 index 00000000..1331eaa5 --- /dev/null +++ b/hosts/slateport/home.nix @@ -0,0 +1,9 @@ +{ + home-manager = { + sharedModules = [ + { + xdg.userDirs.music = "/mnt/Media/Music"; + } + ]; + }; +} diff --git a/hosts/slateport/secrets.nix b/hosts/slateport/secrets.nix new file mode 100644 index 00000000..d00e9cdb --- /dev/null +++ b/hosts/slateport/secrets.nix @@ -0,0 +1,7 @@ +{ + age.secrets = { + cloudflare.file = ../../secrets/cloudflare.age; + syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age; + syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age; + }; +} diff --git a/hosts/slateport/stylix.nix b/hosts/slateport/stylix.nix new file mode 100644 index 00000000..f76dbe12 --- /dev/null +++ b/hosts/slateport/stylix.nix @@ -0,0 +1,54 @@ +{pkgs, ...}: { + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; + + image = let + wallpapers = builtins.fetchGit { + url = "https://github.com/alyraffauf/wallpapers.git"; + rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38"; + ref = "master"; + }; + in "${wallpapers}/wallhaven-mp886k.jpg"; + + imageScalingMode = "fill"; + polarity = "dark"; + + cursor = { + name = "Bibata-Modern-Classic"; + package = pkgs.bibata-cursors; + size = 24; + }; + + fonts = { + monospace = { + name = "UbuntuSansMono Nerd Font"; + package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];}; + }; + + sansSerif = { + name = "UbuntuSans Nerd Font"; + package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];}; + }; + + serif = { + name = "Vegur"; + package = pkgs.vegur; + }; + + sizes = { + applications = 12; + desktop = 11; + popups = 12; + terminal = 13; + }; + }; + + opacity = { + applications = 1.0; + desktop = 0.8; + terminal = 0.8; + popups = 0.8; + }; + }; +} diff --git a/secrets/aly/syncthing/slateport/cert.age b/secrets/aly/syncthing/slateport/cert.age new file mode 100644 index 0000000000000000000000000000000000000000..27e65676bd8ef1456cb86c9fb61d1f32f0df51a3 GIT binary patch literal 1996 zcmZY7d34i;0mpGz$tWfvtfMJV2 zfj~-P1e55n+wG{t2mM--RtR8R#EJyq59$&@r?)`x5iaCug^{e*ftA%z0#oHtO^~;N z{=QmF70Lx;N*&@b0-QgUD-r>!T*~4o9?O7Skd#e=Di`-M2`-*S3=}Op6**d~RZAWx zq_P)N9B*u;Bnv@D6S!nTtyno=!y*J|;kaZ{(^nIjP+4bIrbuhJIS<+rf?Bj`K?53* z%Z5@&ECBYr3&1eBS zWxSdF$v3Q!!oy}|lnLeXA`s4)?0Ex16)_vaW(bu#PGX>BG}z-=6_|hngrLq%#&rgO%I7SE zFJEkKjsR&HrwlMog;Nw0qG*7(sbH;Bk)mBmoY86B)>w)yrQ&HB1{ojM8io*?V3xF6 zTxEt!@p#eA_ti3mjASY+!zqo1juOtKMqdB~885?bcc4%%>6{jAI%{xe*aTxhGs%3S ztNfsW>-WJ|CNEmBgTx zayrp)GYpbJf@Q;?uCIp2;`Y=NjWr}vbe;37>P2TCxd4J#_!P)TmUkV1&3e8f_6wS!1{=*=#a?18jud^bY-OpB6JW5 z7znxm*$XfQguOwdK=CQmBt2=(3#&OlLz^8wkDvepm@gU48dWr*QrogPWJ*I|!UGkX zu?(u0r92ijJ19>x>HA3~);PuGNhORr)FCV2B{LSl6xOLic8e#A@Oo8*gaQZ>$zc>< zvM0+I}q%wP!e+KkJtO|{M;q3M&` zM$TV1=u~k^0M(exc++26+Tlq%U$Asv3MdcGZNKllv3y$7m;e0`?7jTd;ME6=-f5)` z*rfIH!uZL#Gt*VGY;Qr6A8ZWrcNe_;zof7Co5!y_{N1)6Zn#=nhKMuwEgCm_>kR9P z)5Ynbs?9Tlhk>=9*cvSlcHKMT!|yD*zJXXaf7#pq_l!Y*Mj`{vp16Zd6Luqj*KZ94k6qJ2)+ z@lmzo%8^gGuDxS*4WH$_pYdxYrd#leE0O%cP`40Hh;6c^O57>ywU?|&&N%3`J7nM-ZAoF z*ZH0sz76W_m#H6Tiv2fVXw=_ZaC%lPWBf{iH1uCeeZBi=|EJbe*HwH!eRtSET>f`u z3%&pKbNeT6JN4TPa<}pe{hngy{_~S->-u%PB;Fi8V)Y%?9^vZ$E{{f-K{D%Ml literal 0 HcmV?d00001 diff --git a/secrets/aly/syncthing/slateport/key.age b/secrets/aly/syncthing/slateport/key.age new file mode 100644 index 0000000000000000000000000000000000000000..942e8b402d9a47d538623ac5d6fa95d75964a9bc GIT binary patch literal 1490 zcmZY7`LELi00(e1Cg?OO-pS*cMU;rkdp*|f;2ELowywL|b=^9_*mXU&UTeE{?bPss zydNY+AtWZ^4@LzQqY)vBa;OOegP;f+2)85>f8ZyBfIVZ`C+tOKb(s zr#hHo%a$GicwUie0teNMTpl)AyJE;aNC@SNDPWk*B8o&n1)_t|6&8frYQ^ZGQJEtt zuP5k&E0-gK|7C;pCV~vZdL-Tl9M`P6M7+&*dT@G_%(r4vKUee20Zb%yfyQG6zT=yr zA*E&lxQehXnPs>FST>OaY_tn_y`iCMSFEvqHWM2{w#bcV%POpBQDJ!yb)#Z!ScsR! zK7DI+W0bB7oW*ctmZ*CLdlYZCVNmemSP zM4@bo=Li71^^&Qnuvc>fo=!E;fWU?P0LDg~tB8EpRQebP!hDsadYPnOBN-~Rc>X6R z&SQHg9?IW*U}nY6-8a5{<-Rbw^z80?wb!$6FTCw7YT30jOE)E**oM&7$w_L4m^|26 z^X}!Z&M&3Tt~j~9eQ@3v))SRr>&9y9u4C}zkHdYNKU%#8zOa&eX5qGNtG+%nb9}L; zZb^rJJ-O@EIrrS=JK7s}{~oqxA3qX4K2@0R|Kdo0$S-`{idy*tdmG}G>F+PFg{|#9 zOFo>v|HON*J^kg~6N_FxmHqsY(+e&xj7(Dp4AokH_}@kQ&d#G}?d#ad1*b1Oy7s3j zsc8pq&c&YGdFs;-R?Tdv&NcS!`0Qc(&ZGCx=ayfRN)yP{f1*FXKe7JM?R(mnFYUbX z=izm=jo%%)zH9E