karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add jupiter base

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-02-23 23:50:06 +00:00
parent 709ed4b9ac
commit d90ad86c16
17 changed files with 383 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -43,3 +43,4 @@ Below is a table of all hosts, with links to their respective README files, whic
| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | | `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) |
| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | | `elara` | [hosts/elara/README.md](./hosts/elara/README.md) |
| `himalia` | [hosts/himalia/README.md](./hosts/himalia/README.md) | | `himalia` | [hosts/himalia/README.md](./hosts/himalia/README.md) |
| `jupiter` | [hosts/jupiter/README.md](./hosts/jupiter/README.md) |

6
flake.nix
View File

@@ -154,6 +154,12 @@
modules = [ ./hosts/himalia ]; modules = [ ./hosts/himalia ];
specialArgs = { inherit inputs system; }; specialArgs = { inherit inputs system; };
}; };
jupiter = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [ ./hosts/jupiter ];
specialArgs = { inherit inputs system; };
};
}; };
} }
// inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] ( // inputs.flake-utils.lib.eachSystem [ "x86_64-linux" ] (

1
hosts/common/configs/system/ssh/default.nix
View File

@@ -5,5 +5,6 @@
eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub;
jupiter.publicKeyFile = ../../../../jupiter/secrets/ssh_host_ed25519_key.pub;
}; };
} }

12
hosts/eirene/users/nick/configs/console/ssh/default.nix
View File

@@ -17,6 +17,16 @@ in
"ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
}; };
programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; programs = {
ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
};
clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;
};
}; };
} }

6
hosts/elara/users/nikara/configs/console/ssh/default.nix
View File

@@ -53,6 +53,12 @@ in
programs = { programs = {
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"cldlgn.fyi.sas.com" = { "cldlgn.fyi.sas.com" = {
inherit user; inherit user;
hostname = "cldlgn.fyi.sas.com"; hostname = "cldlgn.fyi.sas.com";

21
hosts/installer/users/nick/configs/console/ssh/default.nix
View File

@@ -4,13 +4,22 @@
}: }:
{ ... }: { ... }:
{ {
home-manager.users.${user}.sops.secrets = { home-manager.users.${user} = {
"ssh/key" = { sops.secrets = {
sopsFile = ../../../../../../../secrets/personal/secrets.yaml; "ssh/key" = {
path = "${home}/.ssh/ssh_personal_ed25519_key"; sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
}; };
"ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; programs.ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
};
}; };
} }

26
hosts/jupiter/README.md Normal file
View File

@@ -0,0 +1,26 @@
# jupiter
## Post-Install Checklist
## RAID Management
Remember to update [format.nix](format.nix).
### Adding a new drive
```
parted /dev/sdd -- mklabel gpt
parted /dev/sdd -- mkpart primary 0% 100%
cryptsetup luksFormat /dev/sdd
cryptsetup open /dev/sdd storage2
btrfs device add /dev/mapper/storage2 /mnt/storage
btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/storage
```
### Removing an old drive
```
sudo btrfs device remove /dev/mapper/storage1 /mnt/storage
btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/storage
sudo cryptsetup close storage1
```

54
hosts/jupiter/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{ lib, inputs, ... }:
{
imports = [
../../lib
inputs.disko.nixosModules.disko
./format.nix
./hardware
../common/configs/system/boot
../common/configs/system/btrfs
../common/configs/system/documentation
../common/configs/system/git
../common/configs/system/impermanence
../common/configs/system/neovim
../common/configs/system/networkmanager
../common/configs/system/nix
../common/configs/system/nix-cleanup
../common/configs/system/nixpkgs
../common/configs/system/ntp
../common/configs/system/podman
../common/configs/system/smartmontools
../common/configs/system/sops
../common/configs/system/sshd
../common/configs/system/sudo
../common/configs/system/system
../common/configs/system/users
../common/configs/system/zsh
./users/storm
./users/nick
];
fileSystems."/mnt/storage" = {
label = "storage";
fsType = "btrfs";
options = [
"x-initrd.mount"
"defaults"
"subvol=@"
"compress=zstd:5"
"noatime"
];
};
networking = {
hostName = "jupiter";
extraHosts = lib.strings.concatStringsSep "\n" [ "127.0.0.1 karaolidis.local" ];
};
i18n.defaultLocale = "en_US.UTF-8";
sops.defaultSopsFile = ./secrets/secrets.yaml;
}

137
hosts/jupiter/format.nix Normal file
View File

@@ -0,0 +1,137 @@
{
disko.devices = {
disk = {
main = {
# TODO: Set to correct device
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
# TODO: Set correct swap size and enable
# swap = {
# name = "swap";
# size = "64G";
# content = {
# type = "swap";
# resumeDevice = true;
# };
# };
root = {
name = "root";
size = "100%";
content = {
name = "main";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd:1"
"noatime"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
"@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
"@cache" = {
mountpoint = "/cache";
inherit mountOptions;
};
};
};
};
};
};
};
};
storage0 = {
# TODO: Set to correct device
device = "/dev/vdb";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
name = "root";
size = "100%";
content = {
name = "storage0";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
};
};
};
};
};
storage1 = {
# TODO: Set to correct device
device = "/dev/vdc";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
name = "root";
size = "100%";
content = {
name = "storage1";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
# storageN content must be placed on last alphabetical drive
content = {
type = "btrfs";
extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ];
subvolumes = {
"@" = { };
};
};
};
};
};
};
};
};
};
}

18
hosts/jupiter/hardware/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ ... }:
{
# TODO Remove
hardware.enableAllHardware = true;
# TODO Update
boot.initrd.kernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"virtio_blk"
"virtio_console"
"sd_mod"
];
services.fstrim.enable = true;
}

1
hosts/jupiter/secrets/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQoqvM5g/0e/UAH+GHsp0IegTd+Y1WZ+H5TRvypUv03 root@jupiter

62
hosts/jupiter/users/nick/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{ config, lib, ... }:
let
# FIXME: https://github.com/NixOS/nixpkgs/issues/24570
# FIXME: https://github.com/NixOS/nixpkgs/issues/305643
user = "nick";
home = "/home/nick";
in
{
imports = [
../../../common/configs/user/options.nix
(import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; })
(import ../../../common/configs/user/console/git { inherit user home; })
(import ../../../common/configs/user/console/home-manager { inherit user home; })
(import ../../../common/configs/user/console/ip { inherit user home; })
(import ../../../common/configs/user/console/jq { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; })
(import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
(import ../../../common/configs/user/console/nix-direnv { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/ranger { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/unzip { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; })
];
# echo "password" | mkpasswd -s
sops.secrets."${user}-password" = {
sopsFile = ../../../../secrets/personal/secrets.yaml;
key = "password";
neededForUsers = true;
};
users.users.${user} = {
inherit home;
isNormalUser = true;
email = "nick@karaolidis.com";
fullName = "Nikolaos Karaolidis";
description = "Nikolaos Karaolidis";
hashedPasswordFile = config.sops.secrets."${user}-password".path;
extraGroups = [ "wheel" ];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
];
};
home-manager.users.${user}.home = {
username = user;
homeDirectory = home;
};
}

1
hosts/jupiter/users/nick/uid Normal file
View File

@@ -0,0 +1 @@
1000

33
hosts/jupiter/users/storm/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ lib, ... }:
let
# FIXME: https://github.com/NixOS/nixpkgs/issues/24570
# FIXME: https://github.com/NixOS/nixpkgs/issues/305643
user = "storm";
home = "/home/storm";
in
{
imports = [
../../../common/configs/user/options.nix
(import ../../../common/configs/user/console/home-manager { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; })
];
users.users.${user} = {
inherit home;
createHome = true;
isSystemUser = true;
description = "Container Runner";
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
group = user;
};
users.groups.${user}.gid = lib.strings.toInt (builtins.readFile ./uid);
home-manager.users.${user}.home = {
username = user;
homeDirectory = home;
};
}

1
hosts/jupiter/users/storm/uid Normal file
View File

@@ -0,0 +1 @@
999

11
lib/scripts/add-host.sh
View File

@@ -190,12 +190,19 @@ cat <<EOF > "./hosts/$host/README.md"
# $host # $host
EOF EOF
sed -i "/nixosConfigurations = {/a\\
$host = nixpkgs.lib.nixosSystem rec {\\
system = \"x86_64-linux\";\\
modules = [ ./hosts/$host ];\\
specialArgs = { inherit inputs system; };\\
};\n\n" flake.nix
sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
new_entry="| \`$host\` | [hosts/$host/README.md](./hosts/$host/README.md) |" new_entry="| \`$host\` | [hosts/$host/README.md](./hosts/$host/README.md) |"
last_table_line=$(grep -n "^| " README.md | tail -n 1 | cut -d: -f1) last_table_line=$(grep -n "^| " README.md | tail -n 1 | cut -d: -f1)
sed -i "${last_table_line}a$new_entry" README.md sed -i "${last_table_line}a$new_entry" README.md
sed -i "/knownHosts = {/a\\ $host.publicKeyFile = ../../../../$host/secrets/ssh_host_ed25519_key.pub;" ./hosts/common/configs/system/ssh/default.nix
nix fmt nix fmt
echo "Host $host has been successfully added." echo "Host $host has been successfully added."

1
lib/scripts/remove-host.sh
View File

@@ -19,6 +19,7 @@ find . -type f -name "sops.yaml" | while IFS= read -r sops_file; do
done done
sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix sed -i "/$host/d" ./hosts/common/configs/system/ssh/default.nix
sed -i "/$host = nixpkgs.lib.nixosSystem rec {/,/^[[:space:]]*};/d" flake.nix
sed -i "/$host/d" ./README.md sed -i "/$host/d" ./README.md
rm -rf "./hosts/$host" rm -rf "./hosts/$host"