diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index e05938dc..30c17b22 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -101,4 +101,20 @@ jobs: name: alyraffauf authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Build rustboro - run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel \ No newline at end of file + run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel + slateport-build: + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + - uses: actions/checkout@main + with: + fetch-depth: 1 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - uses: cachix/cachix-action@master + with: + name: alyraffauf + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - name: Build slateport + run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel \ No newline at end of file diff --git a/flake.nix b/flake.nix index 23d20f89..3d04f570 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,7 @@ "mauville" "petalburg" "rustboro" + "slateport" ]; in { formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra); diff --git a/hosts/slateport/README.md b/hosts/slateport/README.md new file mode 100644 index 00000000..55b68722 --- /dev/null +++ b/hosts/slateport/README.md @@ -0,0 +1,25 @@ +# slateport + +## Overview + +Lenovo ThinkCentre M700. + +## Todo + +- \[ \] configure reverse proxy. +- \[ \] upgrade SSD. + +## Specs + +| Model | Lenovo ThinkCentre M700 Tiny | +|-------|------------------------------| +| CPU | Intel Core i5-6400T | +| RAM | 8GB DDR4-2133Mhz | +| GPU | Intel HD Graphics 530 | +| Disks | 128GB SSD | + +## Filesystems + +### / + +Unencrypted btrfs volume. diff --git a/hosts/slateport/default.nix b/hosts/slateport/default.nix new file mode 100644 index 00000000..ea8a718a --- /dev/null +++ b/hosts/slateport/default.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + self, + ... +}: let + domain = "raffauflabs.com"; +in { + imports = [ + ../common + ./disko.nix + ./home.nix + ./secrets.nix + ./stylix.nix + self.inputs.nixhw.nixosModules.common-intel-cpu + self.inputs.nixhw.nixosModules.common-intel-gpu + self.inputs.nixhw.nixosModules.common-bluetooth + self.inputs.nixhw.nixosModules.common-ssd + self.inputs.raffauflabs.nixosModules.raffauflabs + ]; + + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"]; + + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + }; + + hardware.enableAllFirmware = true; + networking.hostName = "slateport"; + + services.k3s = { + enable = true; + clusterInit = true; + role = "server"; + tokenFile = config.age.secrets.k3s.path; + }; + + system.stateVersion = "24.05"; + zramSwap.memoryPercent = 100; + + ar = { + apps.podman.enable = true; + + users.aly = { + enable = true; + password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4"; + + syncthing = { + enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; + syncMusic = false; + }; + }; + }; + + raffauflabs = { + inherit domain; + enable = true; + + services.ddclient = { + enable = true; + passwordFile = config.age.secrets.cloudflare.path; + protocol = "cloudflare"; + }; + }; +} diff --git a/hosts/slateport/disko.nix b/hosts/slateport/disko.nix new file mode 100644 index 00000000..138f9d8b --- /dev/null +++ b/hosts/slateport/disko.nix @@ -0,0 +1,58 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-diskseq/1"; + + content = { + type = "gpt"; + + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "1024M"; + type = "EF00"; + + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/home"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + + mountpoint = "/partition-root"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/slateport/home.nix b/hosts/slateport/home.nix new file mode 100644 index 00000000..1331eaa5 --- /dev/null +++ b/hosts/slateport/home.nix @@ -0,0 +1,9 @@ +{ + home-manager = { + sharedModules = [ + { + xdg.userDirs.music = "/mnt/Media/Music"; + } + ]; + }; +} diff --git a/hosts/slateport/secrets.nix b/hosts/slateport/secrets.nix new file mode 100644 index 00000000..33f9348c --- /dev/null +++ b/hosts/slateport/secrets.nix @@ -0,0 +1,8 @@ +{ + age.secrets = { + cloudflare.file = ../../secrets/cloudflare.age; + k3s.file = ../../secrets/k3s.age; + syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age; + syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age; + }; +} diff --git a/hosts/slateport/stylix.nix b/hosts/slateport/stylix.nix new file mode 100644 index 00000000..f76dbe12 --- /dev/null +++ b/hosts/slateport/stylix.nix @@ -0,0 +1,54 @@ +{pkgs, ...}: { + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; + + image = let + wallpapers = builtins.fetchGit { + url = "https://github.com/alyraffauf/wallpapers.git"; + rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38"; + ref = "master"; + }; + in "${wallpapers}/wallhaven-mp886k.jpg"; + + imageScalingMode = "fill"; + polarity = "dark"; + + cursor = { + name = "Bibata-Modern-Classic"; + package = pkgs.bibata-cursors; + size = 24; + }; + + fonts = { + monospace = { + name = "UbuntuSansMono Nerd Font"; + package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];}; + }; + + sansSerif = { + name = "UbuntuSans Nerd Font"; + package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];}; + }; + + serif = { + name = "Vegur"; + package = pkgs.vegur; + }; + + sizes = { + applications = 12; + desktop = 11; + popups = 12; + terminal = 13; + }; + }; + + opacity = { + applications = 1.0; + desktop = 0.8; + terminal = 0.8; + popups = 0.8; + }; + }; +} diff --git a/secrets/aly/syncthing/slateport/cert.age b/secrets/aly/syncthing/slateport/cert.age new file mode 100644 index 00000000..27e65676 Binary files /dev/null and b/secrets/aly/syncthing/slateport/cert.age differ diff --git a/secrets/aly/syncthing/slateport/key.age b/secrets/aly/syncthing/slateport/key.age new file mode 100644 index 00000000..942e8b40 Binary files /dev/null and b/secrets/aly/syncthing/slateport/key.age differ diff --git a/secrets/k3s.age b/secrets/k3s.age new file mode 100644 index 00000000..7abde606 Binary files /dev/null and b/secrets/k3s.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f0344638..1db4a3d9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -31,8 +31,11 @@ in { "aly/syncthing/petalburg/key.age".publicKeys = keys; "aly/syncthing/rustboro/cert.age".publicKeys = keys; "aly/syncthing/rustboro/key.age".publicKeys = keys; + "aly/syncthing/slateport/cert.age".publicKeys = keys; + "aly/syncthing/slateport/key.age".publicKeys = keys; "aly/transmissionRemote.age".publicKeys = keys; "cloudflare.age".publicKeys = keys; + "k3s.age".publicKeys = keys; "lastFM/apiKey.age".publicKeys = keys; "lastFM/secret.age".publicKeys = keys; "spotify/clientId.age".publicKeys = keys; diff --git a/userModules/aly/syncthing.nix b/userModules/aly/syncthing.nix index 8bb03aea..5fb31a3e 100644 --- a/userModules/aly/syncthing.nix +++ b/userModules/aly/syncthing.nix @@ -28,10 +28,11 @@ in { "gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air "iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max "lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD - "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/Homelab + "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/homelab b "mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED "petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i "rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p + "slateport" = {id = "MDJFDUG-UJAXQXI-AMEF2AR-PBMD5QK-Z5ZG6AA-RCJCU3M-GZHQQEA-X2JGOAK";}; # homelab a "wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35 "winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet };