mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-21 10:50:40 -05:00
flake: onboard slateport (#94)
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
nix-build / default-build (push) Waiting to run
nix-build / fallarbor-build (push) Waiting to run
nix-build / lavaridge-build (push) Waiting to run
nix-build / mauville-build (push) Waiting to run
nix-build / petalburg-build (push) Waiting to run
nix-build / rustboro-build (push) Waiting to run
nix-build / slateport-build (push) Waiting to run
nix-check / fmt-check (push) Waiting to run
nix-check / eval-check (push) Waiting to run
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
nix-build / default-build (push) Waiting to run
nix-build / fallarbor-build (push) Waiting to run
nix-build / lavaridge-build (push) Waiting to run
nix-build / mauville-build (push) Waiting to run
nix-build / petalburg-build (push) Waiting to run
nix-build / rustboro-build (push) Waiting to run
nix-build / slateport-build (push) Waiting to run
nix-check / fmt-check (push) Waiting to run
nix-check / eval-check (push) Waiting to run
* initial commit * slateport: setup k3s * slateport: update README.md
This commit is contained in:
parent
db436c0461
commit
832f7fed95
18
.github/workflows/nix-build.yml
vendored
18
.github/workflows/nix-build.yml
vendored
|
@ -101,4 +101,20 @@ jobs:
|
|||
name: alyraffauf
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
- name: Build rustboro
|
||||
run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
|
||||
run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
|
||||
slateport-build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Free Disk Space (Ubuntu)
|
||||
uses: jlumbroso/free-disk-space@main
|
||||
- uses: actions/checkout@main
|
||||
with:
|
||||
fetch-depth: 1
|
||||
- uses: DeterminateSystems/nix-installer-action@main
|
||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||
- uses: cachix/cachix-action@master
|
||||
with:
|
||||
name: alyraffauf
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
- name: Build slateport
|
||||
run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel
|
|
@ -76,6 +76,7 @@
|
|||
"mauville"
|
||||
"petalburg"
|
||||
"rustboro"
|
||||
"slateport"
|
||||
];
|
||||
in {
|
||||
formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra);
|
||||
|
|
25
hosts/slateport/README.md
Normal file
25
hosts/slateport/README.md
Normal file
|
@ -0,0 +1,25 @@
|
|||
# slateport
|
||||
|
||||
## Overview
|
||||
|
||||
Lenovo ThinkCentre M700.
|
||||
|
||||
## Todo
|
||||
|
||||
- \[ \] configure reverse proxy.
|
||||
- \[ \] upgrade SSD.
|
||||
|
||||
## Specs
|
||||
|
||||
| Model | Lenovo ThinkCentre M700 Tiny |
|
||||
|-------|------------------------------|
|
||||
| CPU | Intel Core i5-6400T |
|
||||
| RAM | 8GB DDR4-2133Mhz |
|
||||
| GPU | Intel HD Graphics 530 |
|
||||
| Disks | 128GB SSD |
|
||||
|
||||
## Filesystems
|
||||
|
||||
### /
|
||||
|
||||
Unencrypted btrfs volume.
|
71
hosts/slateport/default.nix
Normal file
71
hosts/slateport/default.nix
Normal file
|
@ -0,0 +1,71 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}: let
|
||||
domain = "raffauflabs.com";
|
||||
in {
|
||||
imports = [
|
||||
../common
|
||||
./disko.nix
|
||||
./home.nix
|
||||
./secrets.nix
|
||||
./stylix.nix
|
||||
self.inputs.nixhw.nixosModules.common-intel-cpu
|
||||
self.inputs.nixhw.nixosModules.common-intel-gpu
|
||||
self.inputs.nixhw.nixosModules.common-bluetooth
|
||||
self.inputs.nixhw.nixosModules.common-ssd
|
||||
self.inputs.raffauflabs.nixosModules.raffauflabs
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
|
||||
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
networking.hostName = "slateport";
|
||||
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
clusterInit = true;
|
||||
role = "server";
|
||||
tokenFile = config.age.secrets.k3s.path;
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
zramSwap.memoryPercent = 100;
|
||||
|
||||
ar = {
|
||||
apps.podman.enable = true;
|
||||
|
||||
users.aly = {
|
||||
enable = true;
|
||||
password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4";
|
||||
|
||||
syncthing = {
|
||||
enable = true;
|
||||
certFile = config.age.secrets.syncthingCert.path;
|
||||
keyFile = config.age.secrets.syncthingKey.path;
|
||||
syncMusic = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
raffauflabs = {
|
||||
inherit domain;
|
||||
enable = true;
|
||||
|
||||
services.ddclient = {
|
||||
enable = true;
|
||||
passwordFile = config.age.secrets.cloudflare.path;
|
||||
protocol = "cloudflare";
|
||||
};
|
||||
};
|
||||
}
|
58
hosts/slateport/disko.nix
Normal file
58
hosts/slateport/disko.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = "/dev/disk/by-diskseq/1";
|
||||
|
||||
content = {
|
||||
type = "gpt";
|
||||
|
||||
partitions = {
|
||||
ESP = {
|
||||
priority = 1;
|
||||
name = "ESP";
|
||||
start = "1M";
|
||||
end = "1024M";
|
||||
type = "EF00";
|
||||
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = ["-f"]; # Override existing partition
|
||||
# Subvolumes must set a mountpoint in order to be mounted,
|
||||
# unless their parent is mounted
|
||||
subvolumes = {
|
||||
# Subvolume name is different from mountpoint
|
||||
"/rootfs" = {
|
||||
mountpoint = "/";
|
||||
};
|
||||
# Subvolume name is the same as the mountpoint
|
||||
"/home" = {
|
||||
mountOptions = ["compress=zstd"];
|
||||
mountpoint = "/home";
|
||||
};
|
||||
# Parent is not mounted so the mountpoint must be set
|
||||
"/nix" = {
|
||||
mountOptions = ["compress=zstd" "noatime"];
|
||||
mountpoint = "/nix";
|
||||
};
|
||||
};
|
||||
|
||||
mountpoint = "/partition-root";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
9
hosts/slateport/home.nix
Normal file
9
hosts/slateport/home.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
home-manager = {
|
||||
sharedModules = [
|
||||
{
|
||||
xdg.userDirs.music = "/mnt/Media/Music";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
8
hosts/slateport/secrets.nix
Normal file
8
hosts/slateport/secrets.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
age.secrets = {
|
||||
cloudflare.file = ../../secrets/cloudflare.age;
|
||||
k3s.file = ../../secrets/k3s.age;
|
||||
syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age;
|
||||
syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age;
|
||||
};
|
||||
}
|
54
hosts/slateport/stylix.nix
Normal file
54
hosts/slateport/stylix.nix
Normal file
|
@ -0,0 +1,54 @@
|
|||
{pkgs, ...}: {
|
||||
stylix = {
|
||||
enable = true;
|
||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
|
||||
|
||||
image = let
|
||||
wallpapers = builtins.fetchGit {
|
||||
url = "https://github.com/alyraffauf/wallpapers.git";
|
||||
rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38";
|
||||
ref = "master";
|
||||
};
|
||||
in "${wallpapers}/wallhaven-mp886k.jpg";
|
||||
|
||||
imageScalingMode = "fill";
|
||||
polarity = "dark";
|
||||
|
||||
cursor = {
|
||||
name = "Bibata-Modern-Classic";
|
||||
package = pkgs.bibata-cursors;
|
||||
size = 24;
|
||||
};
|
||||
|
||||
fonts = {
|
||||
monospace = {
|
||||
name = "UbuntuSansMono Nerd Font";
|
||||
package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
name = "UbuntuSans Nerd Font";
|
||||
package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
|
||||
};
|
||||
|
||||
serif = {
|
||||
name = "Vegur";
|
||||
package = pkgs.vegur;
|
||||
};
|
||||
|
||||
sizes = {
|
||||
applications = 12;
|
||||
desktop = 11;
|
||||
popups = 12;
|
||||
terminal = 13;
|
||||
};
|
||||
};
|
||||
|
||||
opacity = {
|
||||
applications = 1.0;
|
||||
desktop = 0.8;
|
||||
terminal = 0.8;
|
||||
popups = 0.8;
|
||||
};
|
||||
};
|
||||
}
|
BIN
secrets/aly/syncthing/slateport/cert.age
Normal file
BIN
secrets/aly/syncthing/slateport/cert.age
Normal file
Binary file not shown.
BIN
secrets/aly/syncthing/slateport/key.age
Normal file
BIN
secrets/aly/syncthing/slateport/key.age
Normal file
Binary file not shown.
BIN
secrets/k3s.age
Normal file
BIN
secrets/k3s.age
Normal file
Binary file not shown.
|
@ -31,8 +31,11 @@ in {
|
|||
"aly/syncthing/petalburg/key.age".publicKeys = keys;
|
||||
"aly/syncthing/rustboro/cert.age".publicKeys = keys;
|
||||
"aly/syncthing/rustboro/key.age".publicKeys = keys;
|
||||
"aly/syncthing/slateport/cert.age".publicKeys = keys;
|
||||
"aly/syncthing/slateport/key.age".publicKeys = keys;
|
||||
"aly/transmissionRemote.age".publicKeys = keys;
|
||||
"cloudflare.age".publicKeys = keys;
|
||||
"k3s.age".publicKeys = keys;
|
||||
"lastFM/apiKey.age".publicKeys = keys;
|
||||
"lastFM/secret.age".publicKeys = keys;
|
||||
"spotify/clientId.age".publicKeys = keys;
|
||||
|
|
|
@ -28,10 +28,11 @@ in {
|
|||
"gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air
|
||||
"iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max
|
||||
"lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD
|
||||
"mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/Homelab
|
||||
"mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/homelab b
|
||||
"mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED
|
||||
"petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i
|
||||
"rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p
|
||||
"slateport" = {id = "MDJFDUG-UJAXQXI-AMEF2AR-PBMD5QK-Z5ZG6AA-RCJCU3M-GZHQQEA-X2JGOAK";}; # homelab a
|
||||
"wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35
|
||||
"winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue