mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-24 21:51:55 -05:00
flake: onboard slateport (#94)
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
nix-build / default-build (push) Waiting to run
nix-build / fallarbor-build (push) Waiting to run
nix-build / lavaridge-build (push) Waiting to run
nix-build / mauville-build (push) Waiting to run
nix-build / petalburg-build (push) Waiting to run
nix-build / rustboro-build (push) Waiting to run
nix-build / slateport-build (push) Waiting to run
nix-check / fmt-check (push) Waiting to run
nix-check / eval-check (push) Waiting to run
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
nix-build / default-build (push) Waiting to run
nix-build / fallarbor-build (push) Waiting to run
nix-build / lavaridge-build (push) Waiting to run
nix-build / mauville-build (push) Waiting to run
nix-build / petalburg-build (push) Waiting to run
nix-build / rustboro-build (push) Waiting to run
nix-build / slateport-build (push) Waiting to run
nix-check / fmt-check (push) Waiting to run
nix-check / eval-check (push) Waiting to run
* initial commit * slateport: setup k3s * slateport: update README.md
This commit is contained in:
parent
db436c0461
commit
832f7fed95
16
.github/workflows/nix-build.yml
vendored
16
.github/workflows/nix-build.yml
vendored
|
@ -102,3 +102,19 @@ jobs:
|
||||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||||
- name: Build rustboro
|
- name: Build rustboro
|
||||||
run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
|
run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
|
||||||
|
slateport-build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Free Disk Space (Ubuntu)
|
||||||
|
uses: jlumbroso/free-disk-space@main
|
||||||
|
- uses: actions/checkout@main
|
||||||
|
with:
|
||||||
|
fetch-depth: 1
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
- uses: cachix/cachix-action@master
|
||||||
|
with:
|
||||||
|
name: alyraffauf
|
||||||
|
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||||
|
- name: Build slateport
|
||||||
|
run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel
|
|
@ -76,6 +76,7 @@
|
||||||
"mauville"
|
"mauville"
|
||||||
"petalburg"
|
"petalburg"
|
||||||
"rustboro"
|
"rustboro"
|
||||||
|
"slateport"
|
||||||
];
|
];
|
||||||
in {
|
in {
|
||||||
formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra);
|
formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra);
|
||||||
|
|
25
hosts/slateport/README.md
Normal file
25
hosts/slateport/README.md
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# slateport
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
Lenovo ThinkCentre M700.
|
||||||
|
|
||||||
|
## Todo
|
||||||
|
|
||||||
|
- \[ \] configure reverse proxy.
|
||||||
|
- \[ \] upgrade SSD.
|
||||||
|
|
||||||
|
## Specs
|
||||||
|
|
||||||
|
| Model | Lenovo ThinkCentre M700 Tiny |
|
||||||
|
|-------|------------------------------|
|
||||||
|
| CPU | Intel Core i5-6400T |
|
||||||
|
| RAM | 8GB DDR4-2133Mhz |
|
||||||
|
| GPU | Intel HD Graphics 530 |
|
||||||
|
| Disks | 128GB SSD |
|
||||||
|
|
||||||
|
## Filesystems
|
||||||
|
|
||||||
|
### /
|
||||||
|
|
||||||
|
Unencrypted btrfs volume.
|
71
hosts/slateport/default.nix
Normal file
71
hosts/slateport/default.nix
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
domain = "raffauflabs.com";
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
../common
|
||||||
|
./disko.nix
|
||||||
|
./home.nix
|
||||||
|
./secrets.nix
|
||||||
|
./stylix.nix
|
||||||
|
self.inputs.nixhw.nixosModules.common-intel-cpu
|
||||||
|
self.inputs.nixhw.nixosModules.common-intel-gpu
|
||||||
|
self.inputs.nixhw.nixosModules.common-bluetooth
|
||||||
|
self.inputs.nixhw.nixosModules.common-ssd
|
||||||
|
self.inputs.raffauflabs.nixosModules.raffauflabs
|
||||||
|
];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
|
||||||
|
|
||||||
|
loader = {
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
networking.hostName = "slateport";
|
||||||
|
|
||||||
|
services.k3s = {
|
||||||
|
enable = true;
|
||||||
|
clusterInit = true;
|
||||||
|
role = "server";
|
||||||
|
tokenFile = config.age.secrets.k3s.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
zramSwap.memoryPercent = 100;
|
||||||
|
|
||||||
|
ar = {
|
||||||
|
apps.podman.enable = true;
|
||||||
|
|
||||||
|
users.aly = {
|
||||||
|
enable = true;
|
||||||
|
password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4";
|
||||||
|
|
||||||
|
syncthing = {
|
||||||
|
enable = true;
|
||||||
|
certFile = config.age.secrets.syncthingCert.path;
|
||||||
|
keyFile = config.age.secrets.syncthingKey.path;
|
||||||
|
syncMusic = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
raffauflabs = {
|
||||||
|
inherit domain;
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = true;
|
||||||
|
passwordFile = config.age.secrets.cloudflare.path;
|
||||||
|
protocol = "cloudflare";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
58
hosts/slateport/disko.nix
Normal file
58
hosts/slateport/disko.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
main = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/disk/by-diskseq/1";
|
||||||
|
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
priority = 1;
|
||||||
|
name = "ESP";
|
||||||
|
start = "1M";
|
||||||
|
end = "1024M";
|
||||||
|
type = "EF00";
|
||||||
|
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = ["-f"]; # Override existing partition
|
||||||
|
# Subvolumes must set a mountpoint in order to be mounted,
|
||||||
|
# unless their parent is mounted
|
||||||
|
subvolumes = {
|
||||||
|
# Subvolume name is different from mountpoint
|
||||||
|
"/rootfs" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
# Subvolume name is the same as the mountpoint
|
||||||
|
"/home" = {
|
||||||
|
mountOptions = ["compress=zstd"];
|
||||||
|
mountpoint = "/home";
|
||||||
|
};
|
||||||
|
# Parent is not mounted so the mountpoint must be set
|
||||||
|
"/nix" = {
|
||||||
|
mountOptions = ["compress=zstd" "noatime"];
|
||||||
|
mountpoint = "/nix";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mountpoint = "/partition-root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
9
hosts/slateport/home.nix
Normal file
9
hosts/slateport/home.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
home-manager = {
|
||||||
|
sharedModules = [
|
||||||
|
{
|
||||||
|
xdg.userDirs.music = "/mnt/Media/Music";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
8
hosts/slateport/secrets.nix
Normal file
8
hosts/slateport/secrets.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
age.secrets = {
|
||||||
|
cloudflare.file = ../../secrets/cloudflare.age;
|
||||||
|
k3s.file = ../../secrets/k3s.age;
|
||||||
|
syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age;
|
||||||
|
syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age;
|
||||||
|
};
|
||||||
|
}
|
54
hosts/slateport/stylix.nix
Normal file
54
hosts/slateport/stylix.nix
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
stylix = {
|
||||||
|
enable = true;
|
||||||
|
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
|
||||||
|
|
||||||
|
image = let
|
||||||
|
wallpapers = builtins.fetchGit {
|
||||||
|
url = "https://github.com/alyraffauf/wallpapers.git";
|
||||||
|
rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38";
|
||||||
|
ref = "master";
|
||||||
|
};
|
||||||
|
in "${wallpapers}/wallhaven-mp886k.jpg";
|
||||||
|
|
||||||
|
imageScalingMode = "fill";
|
||||||
|
polarity = "dark";
|
||||||
|
|
||||||
|
cursor = {
|
||||||
|
name = "Bibata-Modern-Classic";
|
||||||
|
package = pkgs.bibata-cursors;
|
||||||
|
size = 24;
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
monospace = {
|
||||||
|
name = "UbuntuSansMono Nerd Font";
|
||||||
|
package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
|
||||||
|
};
|
||||||
|
|
||||||
|
sansSerif = {
|
||||||
|
name = "UbuntuSans Nerd Font";
|
||||||
|
package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
|
||||||
|
};
|
||||||
|
|
||||||
|
serif = {
|
||||||
|
name = "Vegur";
|
||||||
|
package = pkgs.vegur;
|
||||||
|
};
|
||||||
|
|
||||||
|
sizes = {
|
||||||
|
applications = 12;
|
||||||
|
desktop = 11;
|
||||||
|
popups = 12;
|
||||||
|
terminal = 13;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
opacity = {
|
||||||
|
applications = 1.0;
|
||||||
|
desktop = 0.8;
|
||||||
|
terminal = 0.8;
|
||||||
|
popups = 0.8;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
secrets/aly/syncthing/slateport/cert.age
Normal file
BIN
secrets/aly/syncthing/slateport/cert.age
Normal file
Binary file not shown.
BIN
secrets/aly/syncthing/slateport/key.age
Normal file
BIN
secrets/aly/syncthing/slateport/key.age
Normal file
Binary file not shown.
BIN
secrets/k3s.age
Normal file
BIN
secrets/k3s.age
Normal file
Binary file not shown.
|
@ -31,8 +31,11 @@ in {
|
||||||
"aly/syncthing/petalburg/key.age".publicKeys = keys;
|
"aly/syncthing/petalburg/key.age".publicKeys = keys;
|
||||||
"aly/syncthing/rustboro/cert.age".publicKeys = keys;
|
"aly/syncthing/rustboro/cert.age".publicKeys = keys;
|
||||||
"aly/syncthing/rustboro/key.age".publicKeys = keys;
|
"aly/syncthing/rustboro/key.age".publicKeys = keys;
|
||||||
|
"aly/syncthing/slateport/cert.age".publicKeys = keys;
|
||||||
|
"aly/syncthing/slateport/key.age".publicKeys = keys;
|
||||||
"aly/transmissionRemote.age".publicKeys = keys;
|
"aly/transmissionRemote.age".publicKeys = keys;
|
||||||
"cloudflare.age".publicKeys = keys;
|
"cloudflare.age".publicKeys = keys;
|
||||||
|
"k3s.age".publicKeys = keys;
|
||||||
"lastFM/apiKey.age".publicKeys = keys;
|
"lastFM/apiKey.age".publicKeys = keys;
|
||||||
"lastFM/secret.age".publicKeys = keys;
|
"lastFM/secret.age".publicKeys = keys;
|
||||||
"spotify/clientId.age".publicKeys = keys;
|
"spotify/clientId.age".publicKeys = keys;
|
||||||
|
|
|
@ -28,10 +28,11 @@ in {
|
||||||
"gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air
|
"gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air
|
||||||
"iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max
|
"iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max
|
||||||
"lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD
|
"lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD
|
||||||
"mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/Homelab
|
"mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/homelab b
|
||||||
"mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED
|
"mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED
|
||||||
"petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i
|
"petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i
|
||||||
"rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p
|
"rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p
|
||||||
|
"slateport" = {id = "MDJFDUG-UJAXQXI-AMEF2AR-PBMD5QK-Z5ZG6AA-RCJCU3M-GZHQQEA-X2JGOAK";}; # homelab a
|
||||||
"wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35
|
"wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35
|
||||||
"winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet
|
"winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue