From fba4691ae0d557acaccc51fcba6a67249f1cea07 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Thu, 29 May 2025 19:05:37 +0100 Subject: [PATCH] Graduate eirene Signed-off-by: Nikolaos Karaolidis --- README.md | 3 +- flake.nix | 10 +- .../configs/system/impermanence/default.nix | 18 +-- .../configs/system/impermanence/options.nix | 18 ++- hosts/common/configs/system/sops/default.nix | 2 +- hosts/common/configs/system/ssh/default.nix | 1 - hosts/eirene/README.md | 1 - hosts/eirene/default.nix | 67 --------- hosts/eirene/format.nix | 87 ----------- hosts/eirene/hardware/card.sh | 12 -- hosts/eirene/hardware/default.nix | 100 ------------- hosts/eirene/hardware/display.nix | 32 ---- hosts/eirene/secrets/ssh_host_ed25519_key.pub | 1 - .../nick/configs/console/git/default.nix | 48 ------ .../nick/configs/console/gpg/default.nix | 18 --- .../nick/configs/console/podman/default.nix | 32 ---- .../nick/configs/console/ssh/default.nix | 32 ---- .../configs/console/syncthing/default.nix | 17 --- .../nick/configs/gui/obsidian/default.nix | 23 --- .../users/nick/configs/gui/vscode/default.nix | 21 --- hosts/eirene/users/nick/default.nix | 119 --------------- hosts/eirene/users/nick/uid | 1 - hosts/himalia/hardware/default.nix | 2 +- hosts/installer/README.md | 16 +- hosts/installer/default.nix | 1 + hosts/jupiter/default.nix | 25 ++-- hosts/jupiter/format.nix | 140 +++++++++--------- hosts/jupiter/hardware/default.nix | 85 +++++++++-- hosts/jupiter/hardware/display.nix | 4 + .../jupiter/secrets/ssh_host_ed25519_key.pub | 2 +- .../console/podman/outline/default.nix | 4 +- packages/docker/sish/default.nix | 7 +- .../docker/sish/proxy-ssl-termination.patch | 82 ---------- 33 files changed, 189 insertions(+), 842 deletions(-) delete mode 100644 hosts/eirene/README.md delete mode 100644 hosts/eirene/default.nix delete mode 100644 hosts/eirene/format.nix delete mode 100644 hosts/eirene/hardware/card.sh delete mode 100644 hosts/eirene/hardware/default.nix delete mode 100644 hosts/eirene/hardware/display.nix delete mode 100644 hosts/eirene/secrets/ssh_host_ed25519_key.pub delete mode 100644 hosts/eirene/users/nick/configs/console/git/default.nix delete mode 100644 hosts/eirene/users/nick/configs/console/gpg/default.nix delete mode 100644 hosts/eirene/users/nick/configs/console/podman/default.nix delete mode 100644 hosts/eirene/users/nick/configs/console/ssh/default.nix delete mode 100644 hosts/eirene/users/nick/configs/console/syncthing/default.nix delete mode 100644 hosts/eirene/users/nick/configs/gui/obsidian/default.nix delete mode 100644 hosts/eirene/users/nick/configs/gui/vscode/default.nix delete mode 100644 hosts/eirene/users/nick/default.nix delete mode 100644 hosts/eirene/users/nick/uid create mode 100644 hosts/jupiter/hardware/display.nix delete mode 100644 packages/docker/sish/proxy-ssl-termination.patch diff --git a/README.md b/README.md index 463becb..1349bc3 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,7 @@ Below is a table of all hosts, with links to their respective README files, whic | Host | README | | ------------- | ------------------------------------------------------------ | | `installer` | [hosts/installer/README.md](./hosts/installer/README.md) | -| `eirene` | [hosts/eirene/README.md](./hosts/eirene/README.md) | -| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | | `himalia` | [hosts/himalia/README.md](./hosts/himalia/README.md) | +| `elara` | [hosts/elara/README.md](./hosts/elara/README.md) | | `jupiter` | [hosts/jupiter/README.md](./hosts/jupiter/README.md) | | `jupiter-vps` | [hosts/jupiter-vps/README.md](./hosts/jupiter-vps/README.md) | diff --git a/flake.nix b/flake.nix index a7cdf36..a188bb7 100644 --- a/flake.nix +++ b/flake.nix @@ -137,9 +137,9 @@ specialArgs = { inherit inputs system; }; }; - eirene = nixpkgs.lib.nixosSystem rec { + himalia = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; - modules = [ ./hosts/eirene ]; + modules = [ ./hosts/himalia ]; specialArgs = { inherit inputs system; }; }; @@ -149,12 +149,6 @@ specialArgs = { inherit inputs system; }; }; - himalia = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ ./hosts/himalia ]; - specialArgs = { inherit inputs system; }; - }; - jupiter = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; modules = [ ./hosts/jupiter ]; diff --git a/hosts/common/configs/system/impermanence/default.nix b/hosts/common/configs/system/impermanence/default.nix index 3eb6d52..fc8d7d2 100644 --- a/hosts/common/configs/system/impermanence/default.nix +++ b/hosts/common/configs/system/impermanence/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { imports = [ ./options.nix ]; @@ -8,22 +13,11 @@ # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix sops.secrets.machineId.mode = "0444"; - fileSystems."/persist".neededForBoot = true; - environment = { impermanence.enable = true; etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } '' ln -s ${config.sops.secrets.machineId.path} $out ''; - - persistence = { - "/persist/user"."/etc/nixos" = { }; - "/persist/state" = { - "/var/lib/nixos" = { }; - "/var/lib/systemd" = { }; - "/var/log" = { }; - }; - }; }; } diff --git a/hosts/common/configs/system/impermanence/options.nix b/hosts/common/configs/system/impermanence/options.nix index 951ebac..05e161d 100644 --- a/hosts/common/configs/system/impermanence/options.nix +++ b/hosts/common/configs/system/impermanence/options.nix @@ -210,8 +210,6 @@ in }; }; - fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg; - systemd = { mounts = builtins.map (c: { description = c.path; @@ -274,11 +272,17 @@ in ); }; - environment.persistence."/persist" = { - "/etc/nixos" = { }; - "/var/lib/nixos" = { }; - "/var/lib/systemd" = { }; - "/var/log" = { }; + fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg // { + "/persist".neededForBoot = true; + }; + + environment.persistence = { + "/persist/user"."/etc/nixos" = { }; + "/persist/state" = { + "/var/lib/nixos" = { }; + "/var/lib/systemd" = { }; + "/var/log" = { }; + }; }; assertions = diff --git a/hosts/common/configs/system/sops/default.nix b/hosts/common/configs/system/sops/default.nix index 27e73b9..120ed6b 100644 --- a/hosts/common/configs/system/sops/default.nix +++ b/hosts/common/configs/system/sops/default.nix @@ -26,7 +26,7 @@ sshKeyPaths = if config.environment.impermanence.enable then - [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ] + [ config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source ] else [ "/etc/ssh/ssh_host_ed25519_key" ]; }; diff --git a/hosts/common/configs/system/ssh/default.nix b/hosts/common/configs/system/ssh/default.nix index 1b0a314..73d29c0 100644 --- a/hosts/common/configs/system/ssh/default.nix +++ b/hosts/common/configs/system/ssh/default.nix @@ -2,7 +2,6 @@ { programs.ssh.knownHosts = { installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; - eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; diff --git a/hosts/eirene/README.md b/hosts/eirene/README.md deleted file mode 100644 index 09f91f2..0000000 --- a/hosts/eirene/README.md +++ /dev/null @@ -1 +0,0 @@ -# eirene diff --git a/hosts/eirene/default.nix b/hosts/eirene/default.nix deleted file mode 100644 index 2f7636f..0000000 --- a/hosts/eirene/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ inputs, ... }: -{ - imports = [ - inputs.disko.nixosModules.disko - ./format.nix - - ./hardware - - ../common/configs/system/backup - ../common/configs/system/bluetooth - ../common/configs/system/boot - ../common/configs/system/brightnessctl - ../common/configs/system/btrfs - ../common/configs/system/cpu - ../common/configs/system/documentation - ../common/configs/system/getty - ../common/configs/system/git - ../common/configs/system/gpg-agent - ../common/configs/system/impermanence - ../common/configs/system/libvirt - ../common/configs/system/neovim - ../common/configs/system/networkmanager - ../common/configs/system/nix - ../common/configs/system/nix-cleanup - ../common/configs/system/nix-install - ../common/configs/system/nix-ld - ../common/configs/system/nix-update - ../common/configs/system/nixpkgs - ../common/configs/system/ntp - ../common/configs/system/pipewire - ../common/configs/system/podman - ../common/configs/system/powertop - ../common/configs/system/printing - ../common/configs/system/smartmontools - ../common/configs/system/sops - ../common/configs/system/ssh - ../common/configs/system/ssh-agent - ../common/configs/system/sshd - ../common/configs/system/sudo - ../common/configs/system/system - ../common/configs/system/timezone - ../common/configs/system/tlp - ../common/configs/system/tmux - ../common/configs/system/tree - ../common/configs/system/upower - ../common/configs/system/users - ../common/configs/system/zsh - - ./users/nick - ]; - - networking.hostName = "eirene"; - - boot.supportedFilesystems = [ "ntfs" ]; - - fileSystems."/mnt/windows" = { - device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R841140X-part3"; - fsType = "ntfs3"; - noCheck = true; - options = [ - "users" - "nofail" - "sys_immutable" - "windows_names" - ]; - }; -} diff --git a/hosts/eirene/format.nix b/hosts/eirene/format.nix deleted file mode 100644 index 302bd9b..0000000 --- a/hosts/eirene/format.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - disko.devices = { - disk.main = { - device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "esp"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - swap = { - name = "swap"; - size = "32G"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - name = "main"; - type = "luks"; - passwordFile = "/tmp/keyfile"; - settings = { - allowDiscards = true; - }; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = - let - mountOptions = [ - "compress=zstd:1" - "noatime" - "user_subvol_rm_allowed" - ]; - in - { - "@" = { - mountpoint = "/"; - inherit mountOptions; - }; - "@persist" = { - mountpoint = "/persist"; - inherit mountOptions; - }; - "@persist/user" = { - mountpoint = "/persist/user"; - inherit mountOptions; - }; - "@persist/state" = { - mountpoint = "/persist/state"; - inherit mountOptions; - }; - "@persist/cache" = { - mountpoint = "/persist/cache"; - inherit mountOptions; - }; - "@nix" = { - mountpoint = "/nix"; - inherit mountOptions; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/eirene/hardware/card.sh b/hosts/eirene/hardware/card.sh deleted file mode 100644 index 03b5483..0000000 --- a/hosts/eirene/hardware/card.sh +++ /dev/null @@ -1,12 +0,0 @@ -# shellcheck shell=bash - -AMD=/dev/dri/by-path/pci-0000:06:00.0-card -NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card - -if [[ -e "$AMD" ]]; then - card=$AMD -else - card=$NVIDIA -fi - -ln -sf "$card" "$HOME"/.config/hypr/card diff --git a/hosts/eirene/hardware/default.nix b/hosts/eirene/hardware/default.nix deleted file mode 100644 index a88b29c..0000000 --- a/hosts/eirene/hardware/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - imports = [ ./display.nix ]; - - # https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6 - hardware = { - enableAllFirmware = true; - - cpu = { - cores = 8; - threads = 16; - amd.updateMicrocode = true; - }; - - nvidia = { - open = true; - powerManagement.enable = true; - dynamicBoost.enable = true; - - prime = { - offload = { - enable = true; - enableOffloadCmd = true; - }; - nvidiaBusId = "PCI:1:0:0"; - amdgpuBusId = "PCI:6:0:0"; - }; - }; - - graphics = { - enable32Bit = true; - extraPackages = with pkgs; [ - amdvlk - driversi686Linux.amdvlk - rocmPackages.clr - rocmPackages.clr.icd - ]; - }; - - nvidia-container-toolkit.enable = ( - config.virtualisation.containerd.enable - || config.virtualisation.docker.enable - || config.virtualisation.podman.enable - ); - }; - - boot = { - kernelParams = [ "amd_pstate=active" ]; - kernelModules = [ "kvm-amd" ]; - initrd.kernelModules = [ - "nvme" - "ahci" - "usbhid" - "amdgpu" - ]; - }; - - nixpkgs.config = { - cudaSupport = true; - rocmSupport = true; - }; - - powerManagement.enable = true; - - services = { - xserver.videoDrivers = [ "nvidia" ]; - fstrim.enable = true; - tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1"; - }; - - programs.gamescope.env = { - __NV_PRIME_RENDER_OFFLOAD = "1"; - __VK_LAYER_NV_optimus = "NVIDIA_only"; - __GLX_VENDOR_LIBRARY_NAME = "nvidia"; - }; - - home-manager.sharedModules = [ - { - wayland.windowManager.hyprland.settings = { - env = [ "AQ_DRM_DEVICES,$HOME/.config/hypr/card" ]; - - device = [ - { - name = "syna2ba6:00-06cb:ce44-touchpad"; - sensitivity = 0.5; - } - ]; - - gestures.workspace_swipe_distance = 600; - }; - - programs.zsh.loginExtra = lib.mkBefore (builtins.readFile ./card.sh); - } - ]; -} diff --git a/hosts/eirene/hardware/display.nix b/hosts/eirene/hardware/display.nix deleted file mode 100644 index 3d74559..0000000 --- a/hosts/eirene/hardware/display.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, ... }: -{ - boot.kernelParams = [ "video=eDP-1:2560x1600@165" ]; - - programs.steam.package = pkgs.steam.override { extraEnv.STEAM_FORCE_DESKTOPUI_SCALING = 1.25; }; - - home-manager.sharedModules = [ - { - wayland.windowManager.hyprland.settings = { - monitor = [ - "eDP-1, preferred, 0x0, 1.25" - ", maxwidth, auto-center-up, 1" - ]; - - workspace = [ - "1, monitor:eDP-1, layoutopt:orientation:left" - "2, monitor:eDP-1, layoutopt:orientation:left" - "3, monitor:eDP-1, layoutopt:orientation:left" - "4, monitor:eDP-1, layoutopt:orientation:left" - "5, monitor:eDP-1, layoutopt:orientation:left" - "6, monitor:eDP-1, layoutopt:orientation:left" - "7, monitor:eDP-1, layoutopt:orientation:left" - "8, monitor:eDP-1, layoutopt:orientation:left" - "9, monitor:eDP-1, layoutopt:orientation:left" - "10, monitor:eDP-1, layoutopt:orientation:left" - ]; - }; - - programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; - } - ]; -} diff --git a/hosts/eirene/secrets/ssh_host_ed25519_key.pub b/hosts/eirene/secrets/ssh_host_ed25519_key.pub deleted file mode 100644 index e469de9..0000000 --- a/hosts/eirene/secrets/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG/ImO80n4+M8AIkS75leQiju6/zu09qV0keROjE6VC root@eirene diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix deleted file mode 100644 index 814f17c..0000000 --- a/hosts/eirene/users/nick/configs/console/git/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ - config, - inputs, - lib, - system, - ... -}: -let - hmConfig = config.home-manager.users.${user}; - selfPkgs = inputs.self.packages.${system}; -in -{ - home-manager.users.${user} = { - sops = { - secrets = { - "git/credentials/git.karaolidis.com/admin/username".sopsFile = - ../../../../../../../secrets/personal/secrets.yaml; - "git/credentials/git.karaolidis.com/admin/password".sopsFile = - ../../../../../../../secrets/personal/secrets.yaml; - }; - - templates."git/credentials" = { - content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" - }@git.karaolidis.com - ''; - path = "${home}/.config/git/credentials"; - }; - }; - - programs.ssh = { - matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - }; - - userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-github ]; - }; - }; -} diff --git a/hosts/eirene/users/nick/configs/console/gpg/default.nix b/hosts/eirene/users/nick/configs/console/gpg/default.nix deleted file mode 100644 index 240ff8c..0000000 --- a/hosts/eirene/users/nick/configs/console/gpg/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ config, ... }: -let - hmConfig = config.home-manager.users.${user}; -in -{ - home-manager.users.${user} = { - sops.secrets = { - "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - }; - - programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; - }; -} diff --git a/hosts/eirene/users/nick/configs/console/podman/default.nix b/hosts/eirene/users/nick/configs/console/podman/default.nix deleted file mode 100644 index 605d8e7..0000000 --- a/hosts/eirene/users/nick/configs/console/podman/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ config, pkgs, ... }: -let - hmConfig = config.home-manager.users.${user}; -in -{ - home-manager.users.${user}.sops = { - secrets = { - "registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - "registry/registry.karaolidis.com".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - }; - - templates.containers-auth = { - content = builtins.readFile ( - (pkgs.formats.json { }).generate "auth.json" { - auths = { - "docker.io" = { - auth = hmConfig.sops.placeholder."registry/docker.io"; - }; - "registry.karaolidis.com" = { - auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com"; - }; - }; - } - ); - path = "${home}/.config/containers/auth.json"; - }; - }; -} diff --git a/hosts/eirene/users/nick/configs/console/ssh/default.nix b/hosts/eirene/users/nick/configs/console/ssh/default.nix deleted file mode 100644 index daa0f8e..0000000 --- a/hosts/eirene/users/nick/configs/console/ssh/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ config, ... }: -let - hmConfig = config.home-manager.users.${user}; -in -{ - home-manager.users.${user} = { - sops.secrets = { - "ssh/key" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - - "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - }; - - programs = { - ssh.matchBlocks = { - "karaolidis.com" = { - hostname = "karaolidis.com"; - user = "nick"; - identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - }; - - clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; - }; - }; -} diff --git a/hosts/eirene/users/nick/configs/console/syncthing/default.nix b/hosts/eirene/users/nick/configs/console/syncthing/default.nix deleted file mode 100644 index 5816ff8..0000000 --- a/hosts/eirene/users/nick/configs/console/syncthing/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ ... }: -{ - home-manager.users.${user}.services.syncthing.settings.folders = { - official = { - label = "Official"; - path = "${home}/Documents/Official"; - devices = [ - "amalthea" - "ganymede" - ]; - }; - }; -} diff --git a/hosts/eirene/users/nick/configs/gui/obsidian/default.nix b/hosts/eirene/users/nick/configs/gui/obsidian/default.nix deleted file mode 100644 index 29e0be3..0000000 --- a/hosts/eirene/users/nick/configs/gui/obsidian/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ ... }: -{ - home-manager.users.${user} = { - programs.obsidian.vaults."Documents/Obsidian/master".enable = true; - - services.syncthing.settings.folders.obsidian = { - label = "Obsidian"; - path = "${home}/Documents/Obsidian"; - devices = [ - "amalthea" - "ganymede" - ]; - maxConflicts = 0; - }; - - home.file."Documents/Obsidian/.stignore".source = - ../../../../../../common/configs/user/gui/obsidian/.stignore; - }; -} diff --git a/hosts/eirene/users/nick/configs/gui/vscode/default.nix b/hosts/eirene/users/nick/configs/gui/vscode/default.nix deleted file mode 100644 index c825a8d..0000000 --- a/hosts/eirene/users/nick/configs/gui/vscode/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - user ? throw "user argument is required", - home ? throw "home argument is required", -}: -{ ... }: -{ - home-manager.users.${user}.programs.vscode.languages = { - c.enable = true; - go.enable = true; - java.enable = true; - lua.enable = true; - markdown.enable = true; - nix.enable = true; - python.enable = true; - rest.enable = true; - rust.enable = true; - sops.enable = true; - typescript.enable = true; - yaml.enable = true; - }; -} diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix deleted file mode 100644 index 17e5a68..0000000 --- a/hosts/eirene/users/nick/default.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, ... }: -let - # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 - # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 - user = "nick"; - home = "/home/nick"; -in -{ - imports = [ - ../../../common/configs/user/options.nix - - (import ../../../common/configs/user/console/android { inherit user home; }) - (import ../../../common/configs/user/console/bashmount { inherit user home; }) - (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) - (import ../../../common/configs/user/console/btop { inherit user home; }) - (import ../../../common/configs/user/console/dive { inherit user home; }) - (import ../../../common/configs/user/console/fastfetch { inherit user home; }) - (import ../../../common/configs/user/console/ffmpeg { inherit user home; }) - (import ../../../common/configs/user/console/git { inherit user home; }) - (import ../../../common/configs/user/console/gpg-agent { inherit user home; }) - (import ../../../common/configs/user/console/home-manager { inherit user home; }) - (import ../../../common/configs/user/console/imagemagick { inherit user home; }) - (import ../../../common/configs/user/console/ip { inherit user home; }) - (import ../../../common/configs/user/console/jq { inherit user home; }) - (import ../../../common/configs/user/console/libvirt { inherit user home; }) - (import ../../../common/configs/user/console/lsof { inherit user home; }) - (import ../../../common/configs/user/console/ncdu { inherit user home; }) - (import ../../../common/configs/user/console/neovim { inherit user home; }) - (import ../../../common/configs/user/console/nix { inherit user home; }) - (import ../../../common/configs/user/console/nix-cleanup { inherit user home; }) - (import ../../../common/configs/user/console/nix-develop { inherit user home; }) - (import ../../../common/configs/user/console/nix-direnv { inherit user home; }) - (import ../../../common/configs/user/console/pipewire { inherit user home; }) - (import ../../../common/configs/user/console/podman { inherit user home; }) - (import ../../../common/configs/user/console/ranger { inherit user home; }) - (import ../../../common/configs/user/console/sops { inherit user home; }) - (import ../../../common/configs/user/console/ssh { inherit user home; }) - (import ../../../common/configs/user/console/ssh-agent { inherit user home; }) - (import ../../../common/configs/user/console/syncthing { inherit user home; }) - (import ../../../common/configs/user/console/tmux { inherit user home; }) - (import ../../../common/configs/user/console/tree { inherit user home; }) - (import ../../../common/configs/user/console/unzip { inherit user home; }) - (import ../../../common/configs/user/console/wget { inherit user home; }) - (import ../../../common/configs/user/console/xdg { inherit user home; }) - (import ../../../common/configs/user/console/yt-dlp { inherit user home; }) - (import ../../../common/configs/user/console/zsh { inherit user home; }) - - (import ../../../common/configs/user/gui/astal { inherit user home; }) - (import ../../../common/configs/user/gui/bluetooth { inherit user home; }) - (import ../../../common/configs/user/gui/brightnessctl { inherit user home; }) - (import ../../../common/configs/user/gui/btop { inherit user home; }) - (import ../../../common/configs/user/gui/chromium { inherit user home; }) - (import ../../../common/configs/user/gui/clipbook { inherit user home; }) - (import ../../../common/configs/user/gui/cliphist { inherit user home; }) - (import ../../../common/configs/user/gui/darktable { inherit user home; }) - (import ../../../common/configs/user/gui/discord { inherit user home; }) - (import ../../../common/configs/user/gui/emoji { inherit user home; }) - (import ../../../common/configs/user/gui/firefox { inherit user home; }) - (import ../../../common/configs/user/gui/gtk { inherit user home; }) - (import ../../../common/configs/user/gui/hyprland { inherit user home; }) - (import ../../../common/configs/user/gui/hyprshot { inherit user home; }) - (import ../../../common/configs/user/gui/kitty { inherit user home; }) - (import ../../../common/configs/user/gui/libreoffice { inherit user home; }) - (import ../../../common/configs/user/gui/networkmanager { inherit user home; }) - (import ../../../common/configs/user/gui/obs { inherit user home; }) - (import ../../../common/configs/user/gui/obsidian { inherit user home; }) - (import ../../../common/configs/user/gui/pipewire { inherit user home; }) - (import ../../../common/configs/user/gui/qalculate { inherit user home; }) - (import ../../../common/configs/user/gui/qt { inherit user home; }) - (import ../../../common/configs/user/gui/rofi { inherit user home; }) - (import ../../../common/configs/user/gui/rquickshare { inherit user home; }) - (import ../../../common/configs/user/gui/spicetify { inherit user home; }) - (import ../../../common/configs/user/gui/steam { inherit user home; }) - (import ../../../common/configs/user/gui/swww { inherit user home; }) - (import ../../../common/configs/user/gui/theme { inherit user home; }) - (import ../../../common/configs/user/gui/transmission { inherit user home; }) - (import ../../../common/configs/user/gui/vscode { inherit user home; }) - (import ../../../common/configs/user/gui/wev { inherit user home; }) - (import ../../../common/configs/user/gui/wl-clipboard { inherit user home; }) - (import ../../../common/configs/user/gui/x11 { inherit user home; }) - (import ../../../common/configs/user/gui/xdg { inherit user home; }) - - (import ./configs/console/git { inherit user home; }) - (import ./configs/console/gpg { inherit user home; }) - (import ./configs/console/podman { inherit user home; }) - (import ./configs/console/ssh { inherit user home; }) - (import ./configs/console/syncthing { inherit user home; }) - - (import ./configs/gui/obsidian { inherit user home; }) - (import ./configs/gui/vscode { inherit user home; }) - ]; - - # echo "password" | mkpasswd -s - sops.secrets."${user}-password" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - key = "password"; - neededForUsers = true; - }; - - users.users.${user} = { - inherit home; - isNormalUser = true; - email = "nick@karaolidis.com"; - fullName = "Nikolaos Karaolidis"; - description = "Nikolaos Karaolidis"; - hashedPasswordFile = config.sops.secrets."${user}-password".path; - extraGroups = [ "wheel" ]; - linger = true; - uid = lib.strings.toInt (builtins.readFile ./uid); - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" - ]; - }; - - home-manager.users.${user}.home = { - username = user; - homeDirectory = home; - }; -} diff --git a/hosts/eirene/users/nick/uid b/hosts/eirene/users/nick/uid deleted file mode 100644 index 83b33d2..0000000 --- a/hosts/eirene/users/nick/uid +++ /dev/null @@ -1 +0,0 @@ -1000 diff --git a/hosts/himalia/hardware/default.nix b/hosts/himalia/hardware/default.nix index 42bc168..f14e790 100644 --- a/hosts/himalia/hardware/default.nix +++ b/hosts/himalia/hardware/default.nix @@ -22,7 +22,7 @@ nvidia = { open = true; powerManagement.enable = true; - # TODO + # TODO: Enable # dynamicBoost.enable = true; prime = { diff --git a/hosts/installer/README.md b/hosts/installer/README.md index 9127e16..6998716 100644 --- a/hosts/installer/README.md +++ b/hosts/installer/README.md @@ -8,22 +8,8 @@ I have automated myself out of a job. How to use: 3. Connect to the internet with `nmcli` -- Scan for available networks: - ```bash - nmcli device wifi list - ``` - -- For an open network: - - ```bash - nmcli device wifi connect "" - ``` - -- For a secured network: - - ```bash - nmcli device wifi connect "" password "" + sudo nmcli device wifi connect "" [--ask] ``` 4. Run `sudo nix-install /etc/nixos -m install|repair -h host [-k key] [-c] [-r]"` diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index c918206..3b6c821 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -7,6 +7,7 @@ ./hardware ../common/configs/system/boot + ../common/configs/system/brightnessctl ../common/configs/system/btrfs ../common/configs/system/documentation ../common/configs/system/getty diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index bc6678a..4ae893c 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -7,7 +7,9 @@ ./hardware ../common/configs/system/boot + ../common/configs/system/brightnessctl ../common/configs/system/btrfs + ../common/configs/system/cpu ../common/configs/system/documentation ../common/configs/system/git ../common/configs/system/impermanence @@ -36,17 +38,18 @@ # TODO: DNS for .local networking.hostName = "jupiter"; - fileSystems."/mnt/storage" = { - label = "storage"; - fsType = "btrfs"; - options = [ - "x-initrd.mount" - "defaults" - "subvol=@" - "compress=zstd:5" - "noatime" - ]; - }; + # TODO: Enable + # fileSystems."/mnt/storage" = { + # label = "storage"; + # fsType = "btrfs"; + # options = [ + # "x-initrd.mount" + # "defaults" + # "subvol=@" + # "compress=zstd:5" + # "noatime" + # ]; + # }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" diff --git a/hosts/jupiter/format.nix b/hosts/jupiter/format.nix index a6783b8..96eb80b 100644 --- a/hosts/jupiter/format.nix +++ b/hosts/jupiter/format.nix @@ -2,8 +2,7 @@ disko.devices = { disk = { main = { - # TODO: Set to correct device - device = "/dev/vda"; + device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; type = "disk"; content = { type = "gpt"; @@ -24,15 +23,14 @@ mountOptions = [ "umask=0077" ]; }; }; - # TODO: Set correct swap size and enable - # swap = { - # name = "swap"; - # size = "64G"; - # content = { - # type = "swap"; - # resumeDevice = true; - # }; - # }; + swap = { + name = "swap"; + size = "64G"; + content = { + type = "swap"; + resumeDevice = true; + }; + }; root = { name = "root"; size = "100%"; @@ -63,12 +61,20 @@ mountpoint = "/persist"; inherit mountOptions; }; - "@nix" = { - mountpoint = "/nix"; + "@persist/user" = { + mountpoint = "/persist/user"; inherit mountOptions; }; - "@cache" = { - mountpoint = "/cache"; + "@persist/state" = { + mountpoint = "/persist/state"; + inherit mountOptions; + }; + "@persist/cache" = { + mountpoint = "/persist/cache"; + inherit mountOptions; + }; + "@nix" = { + mountpoint = "/nix"; inherit mountOptions; }; }; @@ -79,60 +85,60 @@ }; }; - storage0 = { - # TODO: Set to correct device - device = "/dev/vdb"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - root = { - name = "root"; - size = "100%"; - content = { - name = "storage0"; - type = "luks"; - passwordFile = "/tmp/keyfile"; - settings = { - allowDiscards = true; - }; - }; - }; - }; - }; - }; + # TODO: Set to correct device + # storage0 = { + # device = "/dev/vdb"; + # type = "disk"; + # content = { + # type = "gpt"; + # partitions = { + # root = { + # name = "root"; + # size = "100%"; + # content = { + # name = "storage0"; + # type = "luks"; + # passwordFile = "/tmp/keyfile"; + # settings = { + # allowDiscards = true; + # }; + # }; + # }; + # }; + # }; + # }; - storage1 = { - # TODO: Set to correct device - device = "/dev/vdc"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - root = { - name = "root"; - size = "100%"; - content = { - name = "storage1"; - type = "luks"; - passwordFile = "/tmp/keyfile"; - settings = { - allowDiscards = true; - }; + # TODO: Set to correct device + # storage1 = { + # device = "/dev/vdc"; + # type = "disk"; + # content = { + # type = "gpt"; + # partitions = { + # root = { + # name = "root"; + # size = "100%"; + # content = { + # name = "storage1"; + # type = "luks"; + # passwordFile = "/tmp/keyfile"; + # settings = { + # allowDiscards = true; + # }; - # storageN content must be placed on last alphabetical drive - content = { - type = "btrfs"; - extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; - subvolumes = { - "@" = { }; - }; - }; - }; - }; - }; - }; - }; + # # storageN content must be placed on last alphabetical drive + # content = { + # type = "btrfs"; + # extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; + # subvolumes = { + # "@" = { }; + # }; + # }; + # }; + # }; + # }; + # }; + # }; }; }; } diff --git a/hosts/jupiter/hardware/default.nix b/hosts/jupiter/hardware/default.nix index bc78652..c45a7a0 100644 --- a/hosts/jupiter/hardware/default.nix +++ b/hosts/jupiter/hardware/default.nix @@ -1,18 +1,75 @@ -{ ... }: { - # TODO Remove - hardware.enableAllHardware = true; + config, + pkgs, + lib, + ... +}: +{ + imports = [ ./display.nix ]; - # TODO Update - boot.initrd.kernelModules = [ - "ahci" - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "virtio_blk" - "virtio_console" - "sd_mod" - ]; + hardware = { + enableAllFirmware = true; - services.fstrim.enable = true; + cpu = { + cores = 8; + threads = 16; + amd.updateMicrocode = true; + }; + + nvidia = { + open = true; + powerManagement.enable = true; + dynamicBoost.enable = true; + + prime = { + offload = { + enable = true; + enableOffloadCmd = true; + }; + nvidiaBusId = "PCI:1:0:0"; + amdgpuBusId = "PCI:6:0:0"; + }; + }; + + graphics = { + enable32Bit = true; + extraPackages = with pkgs; [ + amdvlk + driversi686Linux.amdvlk + rocmPackages.clr + rocmPackages.clr.icd + ]; + }; + + nvidia-container-toolkit.enable = ( + config.virtualisation.containerd.enable + || config.virtualisation.docker.enable + || config.virtualisation.podman.enable + ); + }; + + boot = { + kernelParams = [ "amd_pstate=active" ]; + kernelModules = [ "kvm-amd" ]; + initrd.kernelModules = [ + "nvme" + "ahci" + "usbhid" + "amdgpu" + ]; + }; + + nixpkgs.config = { + cudaSupport = true; + rocmSupport = true; + }; + + powerManagement.enable = true; + + services = { + xserver.videoDrivers = [ "nvidia" ]; + fstrim.enable = true; + tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1"; + logind.lidSwitch = "ignore"; + }; } diff --git a/hosts/jupiter/hardware/display.nix b/hosts/jupiter/hardware/display.nix new file mode 100644 index 0000000..2f1efa9 --- /dev/null +++ b/hosts/jupiter/hardware/display.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + boot.kernelParams = [ "video=eDP-1:2560x1600@165" ]; +} diff --git a/hosts/jupiter/secrets/ssh_host_ed25519_key.pub b/hosts/jupiter/secrets/ssh_host_ed25519_key.pub index f229419..952a80a 100644 --- a/hosts/jupiter/secrets/ssh_host_ed25519_key.pub +++ b/hosts/jupiter/secrets/ssh_host_ed25519_key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQoqvM5g/0e/UAH+GHsp0IegTd+Y1WZ+H5TRvypUv03 root@jupiter +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoe+/nXBPhLKVZ2Fo4iif8F9WgrriBE+/oXPdANR+7G root@jupiter diff --git a/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix b/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix index b92fe49..5f5833f 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/outline/default.nix @@ -94,9 +94,7 @@ in networks.outline.ref networks.traefik.ref ]; - volumes = [ - "${volumes.outline.ref}:/var/lib/outline/data" - ]; + volumes = [ "${volumes.outline.ref}:/var/lib/outline/data" ]; environments = { URL = "https://docs.karaolidis.com"; PGSSLMODE = "disable"; diff --git a/packages/docker/sish/default.nix b/packages/docker/sish/default.nix index 74e2a8c..a05275b 100644 --- a/packages/docker/sish/default.nix +++ b/packages/docker/sish/default.nix @@ -1,16 +1,11 @@ { pkgs, ... }: -let - sish = pkgs.sish.overrideAttrs (oldAttrs: { - patches = oldAttrs.patches or [ ] ++ [ ./proxy-ssl-termination.patch ]; - }); -in pkgs.dockerTools.buildImage { name = "sish"; fromImage = import ../base { inherit pkgs; }; copyToRoot = pkgs.buildEnv { name = "root"; - paths = [ sish ]; + paths = with pkgs; [ sish ]; pathsToLink = [ "/bin" ]; }; diff --git a/packages/docker/sish/proxy-ssl-termination.patch b/packages/docker/sish/proxy-ssl-termination.patch deleted file mode 100644 index 1d4c911..0000000 --- a/packages/docker/sish/proxy-ssl-termination.patch +++ /dev/null @@ -1,82 +0,0 @@ -diff --git a/cmd/sish.go b/cmd/sish.go -index 0f7bee3..7fb1656 100644 ---- a/cmd/sish.go -+++ b/cmd/sish.go -@@ -99,6 +99,7 @@ func init() { - rootCmd.PersistentFlags().BoolP("proxy-protocol", "", false, "Use the proxy-protocol while proxying connections in order to pass-on IP address and port information") - rootCmd.PersistentFlags().BoolP("proxy-protocol-use-timeout", "", false, "Use a timeout for the proxy-protocol read") - rootCmd.PersistentFlags().BoolP("proxy-protocol-listener", "", false, "Use the proxy-protocol to resolve ip addresses from user connections") -+ rootCmd.PersistentFlags().BoolP("proxy-ssl-termination", "", false, "Whether sish is running behind an SSL-terminated reverse proxy\nIf true, the displayed HTTP URL will use `https://` despite running on port 80") - rootCmd.PersistentFlags().BoolP("https", "", false, "Listen for HTTPS connections. Requires a correct --https-certificate-directory") - rootCmd.PersistentFlags().BoolP("force-all-https", "", false, "Redirect all requests to the https server") - rootCmd.PersistentFlags().BoolP("force-https", "", false, "Allow indiviual binds to request for https to be enforced") -diff --git a/config.example.yml b/config.example.yml -index 2249f5d..fbac885 100644 ---- a/config.example.yml -+++ b/config.example.yml -@@ -79,6 +79,7 @@ proxy-protocol-policy: use - proxy-protocol-timeout: 200ms - proxy-protocol-use-timeout: false - proxy-protocol-version: "1" -+proxy-ssl-termination: false - redirect-root: true - redirect-root-location: https://github.com/antoniomika/sish - rewrite-host-header: true -diff --git a/docs/posts/cli.md b/docs/posts/cli.md -index f6891a0..c31ab1c 100644 ---- a/docs/posts/cli.md -+++ b/docs/posts/cli.md -@@ -1,6 +1,6 @@ - --- - title: CLI --description: How use sish's CLI -+description: How use sish's CLI - keywords: [sish, cli] - --- - -@@ -107,6 +107,7 @@ Flags: - --proxy-protocol-use-timeout Use a timeout for the proxy-protocol read - -q, --proxy-protocol-version string What version of the proxy protocol to use. Can either be 1, 2, or userdefined. - If userdefined, the user needs to add a command to SSH called proxyproto=version (ie proxyproto=1) (default "1") -+ --proxy-ssl-termination Whether sish is running behind an SSL terminated reverse proxy - --redirect-root Redirect the root domain to the location defined in --redirect-root-location (default true) - -r, --redirect-root-location string The location to redirect requests to the root domain - to instead of responding with a 404 (default "https://github.com/antoniomika/sish") -@@ -129,6 +130,7 @@ Flags: - --verify-dns Verify DNS information for hosts and ensure it matches a connecting users sha256 key fingerprint (default true) - --verify-ssl Verify SSL certificates made on proxied HTTP connections (default true) - -v, --version version for sish -+ --welcome-message string Message displayed to users upon connection (default "Press Ctrl-C to close the session.") - -y, --whitelisted-countries string A comma separated list of whitelisted countries. Applies to HTTP, TCP, and SSH connections - -w, --whitelisted-ips string A comma separated list of whitelisted ips. Applies to HTTP, TCP, and SSH connections - ``` -diff --git a/sshmuxer/httphandler.go b/sshmuxer/httphandler.go -index eb8ad63..833ed6a 100644 ---- a/sshmuxer/httphandler.go -+++ b/sshmuxer/httphandler.go -@@ -121,16 +121,17 @@ func handleHTTPListener(check *channelForwardMsg, _ string, requestMessages stri - } - } - -- httpPortString := "" -- if state.Ports.HTTPPort != 80 { -- httpPortString = fmt.Sprintf(":%d", state.Ports.HTTPPort) -- } -- -- requestMessages += fmt.Sprintf("%s: http://%s%s%s%s\r\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path) -+ if !viper.GetBool("proxy-ssl-termination") { -+ httpPortString := "" -+ if state.Ports.HTTPPort != 80 { -+ httpPortString = fmt.Sprintf(":%d", state.Ports.HTTPPort) -+ } - -- log.Printf("%s forwarding started: http://%s%s%s%s -> %s for client: %s\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path, listenerHolder.Addr().String(), sshConn.SSHConn.RemoteAddr().String()) -+ requestMessages += fmt.Sprintf("%s: http://%s%s%s%s\r\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path) -+ log.Printf("%s forwarding started: http://%s%s%s%s -> %s for client: %s\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path, listenerHolder.Addr().String(), sshConn.SSHConn.RemoteAddr().String()) -+ } - -- if viper.GetBool("https") { -+ if viper.GetBool("https") || viper.GetBool("proxy-ssl-termination") { - httpsPortString := "" - if state.Ports.HTTPSPort != 443 { - httpsPortString = fmt.Sprintf(":%d", state.Ports.HTTPSPort)