infra/nix/os/devices/sj-bm-hostkey0/configuration.nix

{
  modulesPath,
  repoFlake,
  packages',
  pkgs,
  lib,
  config,
  nodeFlake,
  nodeName,
  system,
  ...
}: let
  pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;};
  pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;};
in {
  disabledModules = [
  ];

  imports = [
    nodeFlake.inputs.disko.nixosModules.disko
    nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
    repoFlake.inputs.sops-nix.nixosModules.sops

    ../../profiles/common/user.nix
    ../../snippets/nix-settings-holo-chain.nix

    # TODO
    # ./network.nix
    # ./monitoring.nix

    # user config
    {
      users.commonUsers = {
        enable = true;
        enableNonRoot = true;
      };
      home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix {
        inherit pkgs;
      };

      home-manager.users.steveej = {pkgs, ...}: {
        imports = [
          ../../../home-manager/configuration/text-minimal.nix
        ];

        home.packages = [
          pkgs.nil
          pkgs.rnix-lsp
          pkgs.nixd
          pkgs.nixpkgs-fmt
          pkgs.alejandra
          pkgs.nixfmt

          # TODO: automate linking this
          # 1. get the commit with: `codium --version`
          # 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/`
          # 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/
          (pkgsVscodium.openvscode-server.overrideAttrs(attrs: {
            src = repoFlake.inputs.openvscode-server;
            version = "1.86.2";
            yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-mB7Fw/5pCBJNGtH3PvGhZOAIP/C2MoSvBvZy17TPN9U=";});
          }))
        ];
      };

      programs.zsh.enable = true;
      users.defaultUserShell = pkgs.zsh;
      environment.pathsToLink = ["/share/zsh"];
    }
  ];

  roles.nix-remote-builder.schedulerPublicKeys = [
    # TODO: make this a reference to the private key's secret
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
  ];

  services.openssh.enable = true;
  services.openssh.settings.PermitRootLogin = "yes";

  boot = {
    kernel = {
      sysctl = {
        "net.ipv4.conf.all.forwarding" = true;
        "net.ipv6.conf.all.forwarding" = true;
      };
    };
  };

  networking = {
    hostName = nodeName;
    useNetworkd = true;
    useDHCP = true;

    # No local firewall.
    nat.enable = true;
    firewall.enable = false;
  };

  disko.devices = let
    disk = id: {
      type = "disk";
      device = "/dev/${id}";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            size = "1M";
            type = "EF02"; # for grub MBR
          };
          mdadm = {
            size = "100%";
            content = {
              type = "mdraid";
              name = "raid0";
            };
          };
        };
      };
    };
  in {
    disk = {
      sda = disk "sda";
      sdb = disk "sdb";
    };
    mdadm = {
      raid0 = {
        type = "mdadm";
        level = 0;
        content = {
          type = "gpt";
          partitions = {
            primary = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "btrfs";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };

  system.stateVersion = "23.11";

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.initrd.includeDefaultModules = true;
  boot.initrd.kernelModules = [
    "dm-raid"
    "dm-integrity"
    "xhci_pci_renesas"
  ];

  hardware.enableRedistributableFirmware = true;

  environment.systemPackages = [
    pkgs.hdparm
  ];

  # home-manager.users.steveej = _: {
  #   imports = [
  #     ../../../home-manager/configuration/text-minimal.nix
  #   ];

  #   home.sessionVariables = {
  #   };

  #   home.packages = with pkgs; [
  #   ];
  # };

  virtualisation.libvirtd.enable = true;

  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
  ];
}
nix fmt 2024-02-08 20:53:22 +01:00			`{`
			`modulesPath,`
			`repoFlake,`
			`packages',`
			`pkgs,`
			`lib,`
			`config,`
			`nodeFlake,`
			`nodeName,`
			`system,`
			`...`
feat(vscodium remote): attempt to match versions on client and server environments 2024-03-07 21:58:24 +01:00			`}: let`
			`pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;};`
			`pkgsVscodium = import repoFlake.inputs.nixpkgs-vscodium {inherit (pkgs) system config;};`
			`in {`
update README 2023-11-23 16:03:07 +01:00			`disabledModules = [`
			`];`

			`imports = [`
			`nodeFlake.inputs.disko.nixosModules.disko`
workaround elctron issues, fix firewall for syncthing, set uphostkey0 as builder to steveej-t14 2023-12-17 23:25:24 +01:00			`nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder`
update README 2023-11-23 16:03:07 +01:00			`repoFlake.inputs.sops-nix.nixosModules.sops`

			`../../profiles/common/user.nix`
refactor nix settings 2023-12-01 21:00:17 +01:00			`../../snippets/nix-settings-holo-chain.nix`
update README 2023-11-23 16:03:07 +01:00
			`# TODO`
			`# ./network.nix`
			`# ./monitoring.nix`

work on remote dev set up on sj-bm-hostkey0 2023-11-24 11:34:17 +01:00			`# user config`
			`{`
update README 2023-11-23 16:03:07 +01:00			`users.commonUsers = {`
			`enable = true;`
			`enableNonRoot = true;`
			`};`
work on remote dev set up on sj-bm-hostkey0 2023-11-24 11:34:17 +01:00			`home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix {`
			`inherit pkgs;`
			`};`

nix fmt 2024-02-08 20:53:22 +01:00			`home-manager.users.steveej = {pkgs, ...}: {`
workaround elctron issues, fix firewall for syncthing, set uphostkey0 as builder to steveej-t14 2023-12-17 23:25:24 +01:00			`imports = [`
			`../../../home-manager/configuration/text-minimal.nix`
			`];`

			`home.packages = [`
			`pkgs.nil`
			`pkgs.rnix-lsp`
			`pkgs.nixd`
			`pkgs.nixpkgs-fmt`
			`pkgs.alejandra`
			`pkgs.nixfmt`
feat(vscodium remote): attempt to match versions on client and server environments 2024-03-07 21:58:24 +01:00
			`# TODO: automate linking this`
			# 1. get the commit with: `codium --version`
			# 2. create the binary directory: `mkdir -p /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/`
			# 3. link the binary. this relies on the client-side setting `"remote.SSH.experimental.serverBinaryName": "openvscode-server"` : ln -s $(which openvscode-server) /home/steveej/.vscodium-server/bin/c8ce3ba4bc6b30b3b10edc61481cb85b1d2396bc/bin/
			`(pkgsVscodium.openvscode-server.overrideAttrs(attrs: {`
			`src = repoFlake.inputs.openvscode-server;`
			`version = "1.86.2";`
			`yarnCache = attrs.yarnCache.overrideAttrs (_: {outputHash = "sha256-mB7Fw/5pCBJNGtH3PvGhZOAIP/C2MoSvBvZy17TPN9U=";});`
			`}))`
workaround elctron issues, fix firewall for syncthing, set uphostkey0 as builder to steveej-t14 2023-12-17 23:25:24 +01:00			`];`
work on remote dev set up on sj-bm-hostkey0 2023-11-24 11:34:17 +01:00			`};`

			`programs.zsh.enable = true;`
			`users.defaultUserShell = pkgs.zsh;`
nix fmt 2024-02-08 20:53:22 +01:00			`environment.pathsToLink = ["/share/zsh"];`
update README 2023-11-23 16:03:07 +01:00			`}`
			`];`
nix fmt 2023-11-23 17:52:21 +01:00
workaround elctron issues, fix firewall for syncthing, set uphostkey0 as builder to steveej-t14 2023-12-17 23:25:24 +01:00			`roles.nix-remote-builder.schedulerPublicKeys = [`
			`# TODO: make this a reference to the private key's secret`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"`
			`];`

work on remote dev set up on sj-bm-hostkey0 2023-11-24 11:34:17 +01:00			`services.openssh.enable = true;`
			`services.openssh.settings.PermitRootLogin = "yes";`

update README 2023-11-23 16:03:07 +01:00			`boot = {`
			`kernel = {`
			`sysctl = {`
			`"net.ipv4.conf.all.forwarding" = true;`
			`"net.ipv6.conf.all.forwarding" = true;`
			`};`
			`};`
			`};`

			`networking = {`
			`hostName = nodeName;`
			`useNetworkd = true;`
			`useDHCP = true;`

			`# No local firewall.`
			`nat.enable = true;`
			`firewall.enable = false;`
			`};`

nix fmt 2024-02-08 20:53:22 +01:00			`disko.devices = let`
			`disk = id: {`
			`type = "disk";`
			`device = "/dev/${id}";`
			`content = {`
			`type = "gpt";`
			`partitions = {`
			`boot = {`
			`size = "1M";`
			`type = "EF02"; # for grub MBR`
			`};`
			`mdadm = {`
			`size = "100%";`
			`content = {`
			`type = "mdraid";`
			`name = "raid0";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`in {`
			`disk = {`
			`sda = disk "sda";`
			`sdb = disk "sdb";`
			`};`
			`mdadm = {`
			`raid0 = {`
			`type = "mdadm";`
			`level = 0;`
update README 2023-11-23 16:03:07 +01:00			`content = {`
			`type = "gpt";`
			`partitions = {`
nix fmt 2024-02-08 20:53:22 +01:00			`primary = {`
update README 2023-11-23 16:03:07 +01:00			`size = "100%";`
			`content = {`
nix fmt 2024-02-08 20:53:22 +01:00			`type = "filesystem";`
			`format = "btrfs";`
			`mountpoint = "/";`
update README 2023-11-23 16:03:07 +01:00			`};`
			`};`
			`};`
			`};`
			`};`
			`};`
nix fmt 2024-02-08 20:53:22 +01:00			`};`
update README 2023-11-23 16:03:07 +01:00
add sj-bm-hostkey0, bump steveej-t14, rework NIX_PATH and zsh 2023-11-23 17:14:15 +01:00			`system.stateVersion = "23.11";`
update README 2023-11-23 16:03:07 +01:00
			`boot.kernelPackages = pkgs.linuxPackages_latest;`
			`boot.initrd.includeDefaultModules = true;`
			`boot.initrd.kernelModules = [`
			`"dm-raid"`
			`"dm-integrity"`
			`"xhci_pci_renesas"`
			`];`

			`hardware.enableRedistributableFirmware = true;`

			`environment.systemPackages = [`
			`pkgs.hdparm`
			`];`
nix fmt 2023-11-23 17:52:21 +01:00
add sj-bm-hostkey0, bump steveej-t14, rework NIX_PATH and zsh 2023-11-23 17:14:15 +01:00			`# home-manager.users.steveej = _: {`
			`# imports = [`
			`# ../../../home-manager/configuration/text-minimal.nix`
			`# ];`

			`# home.sessionVariables = {`
			`# };`

			`# home.packages = with pkgs; [`
			`# ];`
			`# };`
workaround elctron issues, fix firewall for syncthing, set uphostkey0 as builder to steveej-t14 2023-12-17 23:25:24 +01:00
			`virtualisation.libvirtd.enable = true;`

			`boot.binfmt.emulatedSystems = [`
			`"aarch64-linux"`
			`];`
update README 2023-11-23 16:03:07 +01:00			`}`