flake: onboard slateport (#94)

* initial commit * slateport: setup k3s * slateport: update README.md
2024-11-21 15:13:55 -05:00 · 2024-08-22 06:21:00 -04:00 · 2024-08-22 06:21:00 -04:00 · 832f7fed95
parent db436c0461
commit 832f7fed95
13 changed files with 248 additions and 2 deletions
--- a/.github/workflows/nix-build.yml
+++ b/.github/workflows/nix-build.yml
@ -101,4 +101,20 @@ jobs:
          name: alyraffauf
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - name: Build rustboro
-        run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
+        run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
+  slateport-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+      - uses: actions/checkout@main
+        with:
+          fetch-depth: 1
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: cachix/cachix-action@master
+        with:
+          name: alyraffauf
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Build slateport
+        run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel
--- a/flake.nix
+++ b/flake.nix
@ -76,6 +76,7 @@
      "mauville"
      "petalburg"
      "rustboro"
+      "slateport"
    ];
  in {
    formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra);
--- a/hosts/slateport/README.md
+++ b/hosts/slateport/README.md
@ -0,0 +1,25 @@
+# slateport
+
+## Overview
+
+Lenovo ThinkCentre M700.
+
+## Todo
+
+- \[ \] configure reverse proxy.
+- \[ \] upgrade SSD.
+
+## Specs
+
+| Model | Lenovo ThinkCentre M700 Tiny |
+|-------|------------------------------|
+| CPU   | Intel Core i5-6400T          |
+| RAM   | 8GB DDR4-2133Mhz             |
+| GPU   | Intel HD Graphics 530        |
+| Disks | 128GB SSD                    |
+
+## Filesystems
+
+### /
+
+Unencrypted btrfs volume.
--- a/hosts/slateport/default.nix
+++ b/hosts/slateport/default.nix
@ -0,0 +1,71 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}: let
+  domain = "raffauflabs.com";
+in {
+  imports = [
+    ../common
+    ./disko.nix
+    ./home.nix
+    ./secrets.nix
+    ./stylix.nix
+    self.inputs.nixhw.nixosModules.common-intel-cpu
+    self.inputs.nixhw.nixosModules.common-intel-gpu
+    self.inputs.nixhw.nixosModules.common-bluetooth
+    self.inputs.nixhw.nixosModules.common-ssd
+    self.inputs.raffauflabs.nixosModules.raffauflabs
+  ];
+
+  boot = {
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+  };
+
+  hardware.enableAllFirmware = true;
+  networking.hostName = "slateport";
+
+  services.k3s = {
+    enable = true;
+    clusterInit = true;
+    role = "server";
+    tokenFile = config.age.secrets.k3s.path;
+  };
+
+  system.stateVersion = "24.05";
+  zramSwap.memoryPercent = 100;
+
+  ar = {
+    apps.podman.enable = true;
+
+    users.aly = {
+      enable = true;
+      password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4";
+
+      syncthing = {
+        enable = true;
+        certFile = config.age.secrets.syncthingCert.path;
+        keyFile = config.age.secrets.syncthingKey.path;
+        syncMusic = false;
+      };
+    };
+  };
+
+  raffauflabs = {
+    inherit domain;
+    enable = true;
+
+    services.ddclient = {
+      enable = true;
+      passwordFile = config.age.secrets.cloudflare.path;
+      protocol = "cloudflare";
+    };
+  };
+}
--- a/hosts/slateport/disko.nix
+++ b/hosts/slateport/disko.nix
@ -0,0 +1,58 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-diskseq/1";
+
+        content = {
+          type = "gpt";
+
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "1024M";
+              type = "EF00";
+
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/rootfs" = {
+                    mountpoint = "/";
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/home" = {
+                    mountOptions = ["compress=zstd"];
+                    mountpoint = "/home";
+                  };
+                  # Parent is not mounted so the mountpoint must be set
+                  "/nix" = {
+                    mountOptions = ["compress=zstd" "noatime"];
+                    mountpoint = "/nix";
+                  };
+                };
+
+                mountpoint = "/partition-root";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/slateport/home.nix
+++ b/hosts/slateport/home.nix
@ -0,0 +1,9 @@
+{
+  home-manager = {
+    sharedModules = [
+      {
+        xdg.userDirs.music = "/mnt/Media/Music";
+      }
+    ];
+  };
+}
--- a/hosts/slateport/secrets.nix
+++ b/hosts/slateport/secrets.nix
@ -0,0 +1,8 @@
+{
+  age.secrets = {
+    cloudflare.file = ../../secrets/cloudflare.age;
+    k3s.file = ../../secrets/k3s.age;
+    syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age;
+    syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age;
+  };
+}
--- a/hosts/slateport/stylix.nix
+++ b/hosts/slateport/stylix.nix
@ -0,0 +1,54 @@
+{pkgs, ...}: {
+  stylix = {
+    enable = true;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
+
+    image = let
+      wallpapers = builtins.fetchGit {
+        url = "https://github.com/alyraffauf/wallpapers.git";
+        rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38";
+        ref = "master";
+      };
+    in "${wallpapers}/wallhaven-mp886k.jpg";
+
+    imageScalingMode = "fill";
+    polarity = "dark";
+
+    cursor = {
+      name = "Bibata-Modern-Classic";
+      package = pkgs.bibata-cursors;
+      size = 24;
+    };
+
+    fonts = {
+      monospace = {
+        name = "UbuntuSansMono Nerd Font";
+        package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
+      };
+
+      sansSerif = {
+        name = "UbuntuSans Nerd Font";
+        package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
+      };
+
+      serif = {
+        name = "Vegur";
+        package = pkgs.vegur;
+      };
+
+      sizes = {
+        applications = 12;
+        desktop = 11;
+        popups = 12;
+        terminal = 13;
+      };
+    };
+
+    opacity = {
+      applications = 1.0;
+      desktop = 0.8;
+      terminal = 0.8;
+      popups = 0.8;
+    };
+  };
+}
--- a/secrets/aly/syncthing/slateport/cert.age
+++ b/secrets/aly/syncthing/slateport/cert.age
--- a/secrets/aly/syncthing/slateport/key.age
+++ b/secrets/aly/syncthing/slateport/key.age
--- a/secrets/k3s.age
+++ b/secrets/k3s.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -31,8 +31,11 @@ in {
  "aly/syncthing/petalburg/key.age".publicKeys = keys;
  "aly/syncthing/rustboro/cert.age".publicKeys = keys;
  "aly/syncthing/rustboro/key.age".publicKeys = keys;
+  "aly/syncthing/slateport/cert.age".publicKeys = keys;
+  "aly/syncthing/slateport/key.age".publicKeys = keys;
  "aly/transmissionRemote.age".publicKeys = keys;
  "cloudflare.age".publicKeys = keys;
+  "k3s.age".publicKeys = keys;
  "lastFM/apiKey.age".publicKeys = keys;
  "lastFM/secret.age".publicKeys = keys;
  "spotify/clientId.age".publicKeys = keys;
--- a/userModules/aly/syncthing.nix
+++ b/userModules/aly/syncthing.nix
@ -28,10 +28,11 @@ in {
          "gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air
          "iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max
          "lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD
-          "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/Homelab
+          "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/homelab b
          "mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED
          "petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i
          "rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p
+          "slateport" = {id = "MDJFDUG-UJAXQXI-AMEF2AR-PBMD5QK-Z5ZG6AA-RCJCU3M-GZHQQEA-X2JGOAK";}; # homelab a
          "wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35
          "winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet
        };