natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

treewide: format files

Browse Source 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2025-06-29 19:49:39 +05:30
parent 404f35c0b9
commit a9d4f6de5a
62 changed files with 953 additions and 511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
hosts/default.nix
View File

@@ -26,21 +26,23 @@ in
# Desktop
okina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./okina
]
++ desktopModules
++ commonModules;
modules =
[
./okina
]
++ desktopModules
++ commonModules;
};
#Home laptop
satori = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./satori
]
++ desktopModules
++ commonModules;
modules =
[
./satori
]
++ desktopModules
++ commonModules;
};
#Home server (RPi4)
@@ -48,8 +50,7 @@ in
system = "aarch64-linux";
modules = [
./marisa
]
++ commonModules;
] ++ commonModules;
};
#Oracle Cloud VM
@@ -59,8 +60,7 @@ in
./remilia
./x86builder.nix
inputs.mailserver.nixosModules.mailserver
]
++ commonModules;
] ++ commonModules;
};
#Oracle Cloud VM
@@ -69,8 +69,7 @@ in
modules = [
./hina
./x86builder.nix
]
++ commonModules;
] ++ commonModules;
};
#Oracle Cloud VM
@@ -78,8 +77,7 @@ in
system = "aarch64-linux";
modules = [
./suwako
]
++ commonModules;
] ++ commonModules;
};
};
}

14
hosts/hina/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

7
hosts/hina/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix

24
hosts/hina/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
swapDevices = [
{

23
hosts/hina/networking.nix
View File

@@ -1,16 +1,25 @@
{ lib, config, conf, pkgs, ... }:
{
lib,
config,
conf,
pkgs,
...
}:
{
networking = {
useDHCP = false;
hostName = "hina";
firewall =
{
interfaces = {
ens3 = {
allowedTCPPorts = [ 9898 80 443 ];
};
firewall = {
interfaces = {
ens3 = {
allowedTCPPorts = [
9898
80
443
];
};
};
};
interfaces = {
ens3 = {
useDHCP = true;

9
hosts/hina/services.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, conf, ... }:
{
config,
pkgs,
lib,
conf,
...
}:
let
domain = conf.network.addresses.domain.natto;
in
@@ -32,4 +38,3 @@ in
};
};
}

29
hosts/marisa/boot.nix
View File

@@ -2,19 +2,33 @@
{
boot = {
consoleLogLevel = 7;
kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ];
kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
kernelPackages = pkgs.linuxPackages_5_10;
initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "usbhid" "uas" "pcie-brcmstb" "vc4" ];
initrd.availableKernelModules = [
"xhci_pci"
"usb_storage"
"usbhid"
"uas"
"pcie-brcmstb"
"vc4"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
/* raspberryPi= {
/*
raspberryPi= {
version = 4;
firmwareConfig = "dtparam=sd_poll_once=on";
enable = true;
}; */
enable = true;
};
*/
};
/* kernelPatches = [
/*
kernelPatches = [
{
name = "change-pgtable";
patch = null;
@@ -22,6 +36,7 @@
CONFIG_PGTABLE_LEVELS 4
'';
}
];*/
];
*/
};
}

7
hosts/marisa/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix

27
hosts/marisa/hardware.nix
View File

@@ -1,21 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
fileSystems."/" =
{
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/nix/store" =
{
device = "/nix/store";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/nix/store" = {
device = "/nix/store";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [
{

38
hosts/marisa/networking.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
networking = {
hostName = "marisa";
@@ -7,10 +12,10 @@
22 # ssh
80 # http
# 5454
5001 #gitea
4646 #nomad
5001 # gitea
4646 # nomad
# 8500 #vault nomad consul
8000 #simpler-filehost
8000 # simpler-filehost
# 6666 #concourse
# 202 #gitea-ssh
];
@@ -25,16 +30,20 @@
interfaces = {
eth0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.159";
}];
ipv4.addresses = [
{
prefixLength = 24;
address = "192.168.1.159";
}
];
};
wlan0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.159";
}];
ipv4.addresses = [
{
prefixLength = 24;
address = "192.168.1.159";
}
];
};
};
wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
@@ -52,6 +61,9 @@
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

13
hosts/marisa/services/default.nix
View File

@@ -17,19 +17,20 @@
services = {
openssh = {
enable = true;
ports = [ 22 22001 ];
ports = [
22
22001
];
};
postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-map
'';
identMap =
''
gitea-map gitea gitea
'';
identMap = ''
gitea-map gitea gitea
'';
};
};
}

8
hosts/marisa/services/filehost.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, inputs, conf, ... }:
{
config,
pkgs,
inputs,
conf,
...
}:
{
systemd.services.filehost = {
enable = true;

8
hosts/marisa/services/gitea.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
services = {
gitea = rec {
@@ -38,4 +43,3 @@
};
};
}

6
hosts/marisa/services/hashicorp.nix
View File

@@ -6,7 +6,10 @@
enable = true;
enableDocker = true;
dropPrivileges = false;
extraPackages = with pkgs; [ consul cni-plugins ];
extraPackages = with pkgs; [
consul
cni-plugins
];
extraSettingsPaths = [ "/run/nomad/nomad.json" ];
};
vault = {
@@ -27,4 +30,3 @@
};
};
}

28
hosts/okina/boot.nix
View File

@@ -1,20 +1,38 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages;
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelParams = [ "i915.force_probe=56a1" ];
# kernelModules = [ "kvm-intel" "i2c-dev" "ddcci_backlight" ];
kernelModules = [ "kvm-intel" "i2c-dev" ];
kernelModules = [
"kvm-intel"
"i2c-dev"
];
# extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ddcci-driver ];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
r8125
];
blacklistedKernelModules = [ "r8169" ];
extraModprobeConfig = '' options snd-intel-dspcfg dsp_driver=1 '';
extraModprobeConfig = ''options snd-intel-dspcfg dsp_driver=1 '';
resumeDevice = "/dev/disk/by-uuid/3770e3bd-a200-4e36-b3a5-4963d13865f9";

15
hosts/okina/default.nix
View File

@@ -1,12 +1,11 @@
{ lib, config, ... }:
{
imports =
[
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
];
imports = [
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
];
system.stateVersion = "23.05";
}

61
hosts/okina/hardware.nix
View File

@@ -1,42 +1,45 @@
{ config, lib, modulesPath, pkgs, ... }:
{
config,
lib,
modulesPath,
pkgs,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A2E5-006F";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/A2E5-006F";
fsType = "vfat";
};
fileSystems."/media/omghi" =
{
device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c";
fsType = "ext4";
};
fileSystems."/media/omghi" = {
device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c";
fsType = "ext4";
};
fileSystems."/media/real" =
{
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/media/real" = {
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
/* fileSystems."/media/ntfs" =
/*
fileSystems."/media/ntfs" =
{
device = "/dev/disk/by-uuid/54034ca6-d3cd-11ee-9e0c-f020ff87c985";
fsType = "ntfs";
};*/
};
*/
zramSwap = {
enable = true;

61
hosts/okina/networking.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, conf, lib, ... }:
{
config,
pkgs,
conf,
lib,
...
}:
{
networking = {
@@ -10,35 +16,54 @@
};
firewall = {
allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 8096 ];
allowedUDPPorts = [ 22 17840 18172 ];
allowedTCPPorts = [
22
18172
6600
8001
7590
25565
9092
8096
];
allowedUDPPorts = [
22
17840
18172
];
trustedInterfaces = [ "docker0" ];
};
interfaces = {
enp7s0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.106";
}];
};
/*
enp7s0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.106";
}];
};
*/
};
wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
ips = [ okina ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg.key";
peers = [{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}];
peers = [
{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

7
hosts/okina/services.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
services = {
openssh = {

19
hosts/okina/stuff.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
time.timeZone = "Asia/Kolkata";
@@ -9,13 +14,23 @@
polkit.enable = true;
sudo.enable = true;
};
console.useXkbConfig = true;
users.users.natto = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/natto";
extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" "pipewire" ];
extraGroups = [
"wheel"
"adbusers"
"video"
"libvirtd"
"docker"
"networkmanager"
"dialout"
"pipewire"
];
};
virtualisation = {

5
hosts/programs/nix/default.nix
View File

@@ -16,7 +16,10 @@
'';
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"

14
hosts/remilia/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

7
hosts/remilia/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix

24
hosts/remilia/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
swapDevices = [
{

12
hosts/remilia/mailserver.nix
View File

@@ -1,7 +1,15 @@
{ config, pkgs, conf, network, ... }:
{
config,
pkgs,
conf,
network,
...
}:
{
mailserver =
let domain = conf.network.addresses.domain.natto; in
let
domain = conf.network.addresses.domain.natto;
in
rec {
enable = true;
fqdn = "mail.${domain}";

52
hosts/remilia/networking.nix
View File

@@ -1,27 +1,43 @@
{ lib, config, conf, pkgs, ... }:
{
lib,
config,
conf,
pkgs,
...
}:
{
networking = {
useDHCP = false;
hostName = "remilia";
firewall =
{
interfaces = {
ens3 = {
allowedTCPPorts = [ 80 81 443 444 993 465 143 25 22 22001 22002 4444 ]
++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
allowedUDPPorts = [ 17840 ];
};
firewall = {
interfaces = {
ens3 = {
allowedTCPPorts = [
80
81
443
444
993
465
143
25
22
22001
22002
4444
] ++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
allowedUDPPorts = [ 17840 ];
};
extraCommands = lib.concatMapStringsSep "\n"
(x:
let
t = lib.splitString ":" x.destination;
in
with lib;
"iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
)
config.networking.nat.forwardPorts;
};
extraCommands = lib.concatMapStringsSep "\n" (
x:
let
t = lib.splitString ":" x.destination;
in
with lib;
"iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
) config.networking.nat.forwardPorts;
};
interfaces = {
ens3 = {
useDHCP = true;

56
hosts/remilia/services.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, conf, ... }:
{
config,
pkgs,
lib,
conf,
...
}:
let
domain = conf.network.addresses.domain.natto;
in
@@ -8,7 +14,10 @@ in
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
ports = [ 22 22002 ];
ports = [
22
22002
];
};
nginx = {
enable = true;
@@ -24,20 +33,29 @@ in
'';
virtualHosts =
let
genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig = ''
expires $expires;
proxy_set_header Host $host;
'' + conf;
genericHttpRProxy =
{
addr,
ssl ? true,
conf ? "",
}:
{
enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig =
''
expires $expires;
proxy_set_header Host $host;
''
+ conf;
};
};
};
in
with conf.network.addresses.wireguard.ips; {
with conf.network.addresses.wireguard.ips;
{
"${domain}" = {
addSSL = true;
enableACME = true;
@@ -51,7 +69,8 @@ in
# "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; };
"f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8000"; };
"radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; };
/* "radio.${domain}" = {
/*
"radio.${domain}" = {
addSSL = true;
enableACME = true;
locations."/" = {
@@ -62,13 +81,15 @@ in
'';
};
locations."= /".return = "301 /radio";
};*/
};
*/
"git.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:5001";
conf = "client_max_body_size 64M;";
};
/*"nomad.${domain}" = genericHttpRProxy {
/*
"nomad.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:4646";
conf = ''
proxy_buffering off;
@@ -80,4 +101,3 @@ in
};
};
}

41
hosts/satori/boot.nix
View File

@@ -1,22 +1,49 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "vfio-pci" ];
/* preDeviceCommands = ''
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"vfio-pci"
];
/*
preDeviceCommands = ''
DEVS="0000:01:00.0 0000:01:00.1 0000:01:00.2 0000:01:00.3"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
'';*/
'';
*/
kernelModules = [ ];
};
kernelParams = [ "intel_pstate=active" "intel_iommu=on" "nvidia_drm.modeset=1" "clearcpuid=512" ];
kernelModules = [ "kvm-intel" "snd-seq" "snd-rawmidi" "joydev" ];
extraModulePackages = with config.boot.kernelPackages; [ nvidia_x11 v4l2loopback ];
kernelParams = [
"intel_pstate=active"
"intel_iommu=on"
"nvidia_drm.modeset=1"
"clearcpuid=512"
];
kernelModules = [
"kvm-intel"
"snd-seq"
"snd-rawmidi"
"joydev"
];
extraModulePackages = with config.boot.kernelPackages; [
nvidia_x11
v4l2loopback
];
loader = {
efi = {
canTouchEfiVariables = true;

17
hosts/satori/default.nix
View File

@@ -1,13 +1,12 @@
{ lib, config, ... }:
{
imports =
[
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
./graphics.nix
];
imports = [
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
./graphics.nix
];
system.stateVersion = "23.05";
}

15
hosts/satori/graphics.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
nvidia-offload = pkgs.writeShellScriptBin "nvi" ''
export __NV_PRIME_RENDER_OFFLOAD=1
@@ -23,11 +28,15 @@ in
package = config.boot.kernelPackages.nvidia_x11;
prime = {
# sync.enable = true;
offload = { enable = true; };
offload = {
enable = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
modesetting = { enable = true; };
modesetting = {
enable = true;
};
powerManagement = {
enable = true;
finegrained = true;

48
hosts/satori/hardware.nix
View File

@@ -1,29 +1,30 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/59af143c-1a87-4654-9b31-7594ac8ba530";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/59af143c-1a87-4654-9b31-7594ac8ba530";
fsType = "ext4";
};
fileSystems."/media/real" =
{
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/media/real" = {
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/2424-5639";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/2424-5639";
fsType = "vfat";
};
zramSwap = {
enable = true;
@@ -33,7 +34,10 @@
};
swapDevices = [
{ device = "/var/swap"; size = 4096; }
{
device = "/var/swap";
size = 4096;
}
];
powerManagement = {

44
hosts/satori/networking.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
networking = {
@@ -10,8 +15,20 @@
};
firewall = {
allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 ];
allowedUDPPorts = [ 22 17840 18172 ];
allowedTCPPorts = [
22
18172
6600
8001
7590
25565
9092
];
allowedUDPPorts = [
22
17840
18172
];
trustedInterfaces = [ "docker0" ];
};
@@ -19,16 +36,21 @@
ips = [ satori ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg.key";
peers = [{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}];
peers = [
{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

7
hosts/satori/services.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
services = {
openssh = {

18
hosts/satori/stuff.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
time.timeZone = "Asia/Kolkata";
@@ -11,12 +16,19 @@
};
console.useXkbConfig = true;
users.users.natto = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/natto";
extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" ];
extraGroups = [
"wheel"
"adbusers"
"video"
"libvirtd"
"docker"
"networkmanager"
"dialout"
];
};
virtualisation = {

14
hosts/suwako/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

7
hosts/suwako/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix

24
hosts/suwako/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf ";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf ";
fsType = "ext4";
};
swapDevices = [
{

23
hosts/suwako/networking.nix
View File

@@ -1,16 +1,25 @@
{ lib, config, conf, pkgs, ... }:
{
lib,
config,
conf,
pkgs,
...
}:
{
networking = {
useDHCP = false;
hostName = "suwako";
firewall =
{
interfaces = {
enp0s6 = {
allowedTCPPorts = [ 22 443 80 ];
};
firewall = {
interfaces = {
enp0s6 = {
allowedTCPPorts = [
22
443
80
];
};
};
};
interfaces = {
enp0s6 = {
useDHCP = true;

9
hosts/suwako/services.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, conf, ... }:
{
config,
pkgs,
lib,
conf,
...
}:
let
domain = conf.network.addresses.domain.natto;
in
@@ -13,4 +19,3 @@ in
};
};
}

86
hosts/vault-agent.nix
View File

@@ -1,5 +1,10 @@
#Taken from https://github.com/MagicRB/dotfiles/blob/master/nix/nixos-modules/vault-agent.nix
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.vault-agent;
@@ -59,48 +64,49 @@ in
};
};
config = mkIf cfg.enable
({
config = mkIf cfg.enable ({
users = {
users = {
users = {
"${cfg.userName}" = {
group = cfg.groupName;
uid = cfg.uid;
isSystemUser = true;
description = "Vault-Agent User";
};
};
groups = {
"${cfg.groupName}" = {
gid = cfg.gid;
};
"${cfg.userName}" = {
group = cfg.groupName;
uid = cfg.uid;
isSystemUser = true;
description = "Vault-Agent User";
};
};
systemd.tmpfiles.rules = mkIf (cfg.secretsDir != null) [
"d ${cfg.secretsDir} 6755 vault-agent ${cfg.groupName} 0"
];
systemd.services.vault-agent = {
description = "Vault Agent";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = (with pkgs; [
groups = {
"${cfg.groupName}" = {
gid = cfg.gid;
};
};
};
systemd.tmpfiles.rules = mkIf (cfg.secretsDir != null) [
"d ${cfg.secretsDir} 6755 vault-agent ${cfg.groupName} 0"
];
systemd.services.vault-agent = {
description = "Vault Agent";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = (
with pkgs;
[
glibc
]);
serviceConfig = {
User = cfg.userName;
Group = cfg.groupName;
ExecReload = "${pkgs.busybox}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/vault agent -config=${json.generate "vault.json" cfg.settings}";
KillMode = "process";
KillSignal = "SIGINT";
Restart = "on-failure";
TimeoutStopSec = "30s";
RestartSec = 2;
ConfigurationDirectory = "vault-agent";
ConfigurationDirectoryMode = "0600";
};
]
);
serviceConfig = {
User = cfg.userName;
Group = cfg.groupName;
ExecReload = "${pkgs.busybox}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/vault agent -config=${json.generate "vault.json" cfg.settings}";
KillMode = "process";
KillSignal = "SIGINT";
Restart = "on-failure";
TimeoutStopSec = "30s";
RestartSec = 2;
ConfigurationDirectory = "vault-agent";
ConfigurationDirectoryMode = "0600";
};
});
};
});
}

24
hosts/x86builder.nix
View File

@@ -4,13 +4,23 @@
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [{
hostName = "okina";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}];
buildMachines = [
{
hostName = "okina";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
distributedBuilds = true;
};
}