diff --git a/flake.nix b/flake.nix index 9b68e10..a63a5c2 100644 --- a/flake.nix +++ b/flake.nix @@ -185,23 +185,22 @@ # "justyna-p300" # "srv0-dmz0" - # "router0-dmz0" + # # "router0-dmz0" "router0-ifog" "router0-hosthatch" "sj-srv1" "hstk0" - ]); - flake.lib = { - inherit withSystem; - }; + # "retro" + ]); # this makes nixos-anywhere work flake.nixosConfigurations = let colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in ( colmenaHive // { @@ -211,6 +210,9 @@ # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 router0-dmz0_cross = router0-dmz0.cross; + # nixos-install --flake .\#retro_cross + retro_cross = retro.cross; + steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; } diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index ef47a83..79be77f 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -141,8 +141,8 @@ in { nethogs # Code Editing and Programming - # TODO(remove or use): pkgsUnstable.lapce - # TODO(remve or use): pkgsUnstable.helix + pkgsUnstable.lapce + pkgsUnstable.helix # Image/Graphic/Design Tools gnome.eog diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index 712eb42..e48456e 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -50,9 +50,6 @@ # rabby wallet {id = "acmacodkjbdgmoleebolmdjonilkdbch";} - # phantom wallet - {id = "bfnaelmomeimhlpmgjnjophhpkkoljpa";} - # Vimium C {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 4d82178..a84a298 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -1143,11 +1143,8 @@ in { "2a01:4f8:151:34aa::198" "2a01:4f8:141:316d::117" - # https://dismail.de/info.html#dns - "116.203.32.217" - "2a01:4f8:1c1b:44aa::1" - "159.69.114.157" - "2a01:4f8:c17:739a::2" + # cloudflare and google + # "9.9.9.9" "8.8.8.8" "1.1.1.1" ]; domain = diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index bd23a9e..b862faa 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -121,14 +121,6 @@ }; }; - virtualisation.libvirtd = { - enable = true; - onShutdown = "shutdown"; - parallelShutdown = 3; - }; - - fileSystems."/mnt/8078-532D".device = "/dev/disk/by-uuid/8078-532D"; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index f10f307..4f2a4e7 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -198,8 +198,6 @@ boot = { loader.systemd-boot.enable = true; - loader.systemd-boot.configurationLimit = 5; - loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index e6d8ece..fa66cf4 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -30,7 +30,7 @@ # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; imports = [ - ./configuration.nix + (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") ]; }; } diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 8805ba8..9633bbc 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1723685519, - "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=", + "lastModified": 1722476845, + "narHash": "sha256-7gZ8uf3qOox8Vrwd+p9EhUHHLhhK8lis/5KcXGmIaow=", "owner": "nix-community", "repo": "disko", - "rev": "276a0d055a720691912c6a34abb724e395c8e38a", + "rev": "7e1b215a0a96efb306ad6440bf706d2b307dc267", "type": "github" }, "original": { @@ -171,11 +171,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1722599161, - "narHash": "sha256-befejQIW6Tc6znCpEW4MrrTLT8c6kRszAmxvB+ojFJo=", + "lastModified": 1722421086, + "narHash": "sha256-Po8GvfDt4O646w1IDIcRdiRIxnqVLv/OwBhr5nOazLw=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "c5ac0a8cf3341a53bb136bbbb42ede4f62041c24", + "rev": "e4d7be8556b259a2204f19d6a0537da3aa7d7a3e", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723637854, - "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -302,11 +302,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1722372011, + "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "cf05eeada35e122770c5c14add958790fcfcbef5", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 5104910..6b8ed7e 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -34,31 +34,24 @@ nixpkgs, ... }: let - nativeSystem = "aarch64-linux"; - nodeName = "steveej-x13s"; - - pkgs = nixpkgs.legacyPackages.${nativeSystem}; - pkgsCross = import self.inputs.nixpkgs { - system = "x86_64-linux"; - crossSystem = { - config = "aarch64-unknown-linux-gnu"; - }; - }; - + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; repoFlake = get-flake ../../../..; - mkNixosConfiguration = {extraModules ? [], ...} @ attrs: + mkNixosConfiguration = { + nodeName, + extraModules ? [], + ... + } @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate attrs { specialArgs = (import ./default.nix { - system = nativeSystem; - inherit nodeName; + system = targetPlatform; + inherit nodeName repoFlake; - inherit repoFlake; - repoFlakeWithSystem = repoFlake.lib.withSystem; nodeFlake = self; }) .meta @@ -67,13 +60,7 @@ modules = [ - ./configuration.nix - - # flake registry - { - nixpkgs.overlays = builtins.attrValues self.overlays; - nix.registry.nixpkgs.flake = nixpkgs; - } + # repoFlake.nixosModules.hardware-x13s ] ++ extraModules; } @@ -83,21 +70,30 @@ inherit mkNixosConfiguration; }; - overlays = {}; - - nixosConfigurations = { + nixosConfigurations = let + nodeName = "steveej-x13s"; + in { native = mkNixosConfiguration { - system = nativeSystem; + inherit nodeName; + system = targetPlatform; + extraModules = [ + ./configuration.nix + ]; }; cross = mkNixosConfiguration { + inherit nodeName; extraModules = [ + ./configuration.nix + { - nixpkgs.buildPlatform.system = "x86_64-linux"; - nixpkgs.hostPlatform.system = nativeSystem; + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; } ]; }; }; + packages.${targetPlatform} = { + }; }; } diff --git a/nix/os/devices/voodoo/.gitignore b/nix/os/devices/voodoo/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/voodoo/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/voodoo/configuration.nix b/nix/os/devices/voodoo/configuration.nix new file mode 100644 index 0000000..d6ae93c --- /dev/null +++ b/nix/os/devices/voodoo/configuration.nix @@ -0,0 +1,85 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: let +in { + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + + # ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = false; + # rootPasswordFile = config.sops.secrets.passwords-root.path; + # }; + + users.users.root.password = "voodoo"; + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # sops.secrets.passwords-root.neededForUsers = true; + } + ]; + + networking = { + hostName = nodeName; + useNetworkd = false; + useDHCP = true; + firewall.enable = false; + }; + + system.stateVersion = "23.11"; + + # We exclude a number of modules included in the default list. A non-insignificant amount do + # not apply to embedded hardware like this, so simply skip the defaults. + # + # Custom kernel is required as a lot of MTK components misbehave when built as modules. + # They fail to load properly, leaving the system without working ethernet, they'll oops on + # remove. MTK-DSA parts and PCIe were observed to do this. + + # boot.initrd.includeDefaultModules = false; + # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + # boot.initrd.availableKernelModules = ["nvme"]; + + hardware.enableRedistributableFirmware = false; + + # Extlinux compatible with custom uboot patches in this repo, which also provide unique + # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... + boot.loader.grub.enable = true; + + environment.systemPackages = [ + # pkgs.pciutils + ]; + + fileSystems."/".label = "voodoo_root"; + boot.loader.grub.devices = [ + "/dev/disk/by-id/usb-ST313640_A_20171021-0" + ]; +} diff --git a/nix/os/devices/voodoo/default.nix b/nix/os/devices/voodoo/default.nix new file mode 100644 index 0000000..e43dbc4 --- /dev/null +++ b/nix/os/devices/voodoo/default.nix @@ -0,0 +1,35 @@ +{ + system ? "i586-linux", + nodeName, + repoFlake, + nodeFlake, + localDomainName ? "internal", + ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/voodoo/flake.lock b/nix/os/devices/voodoo/flake.lock new file mode 100644 index 0000000..089ad5e --- /dev/null +++ b/nix/os/devices/voodoo/flake.lock @@ -0,0 +1,225 @@ +{ + "nodes": { + "bpir3": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703603768, + "narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=", + "owner": "steveej-forks", + "repo": "nixos-bpir3", + "rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "linux-6.6", + "repo": "nixos-bpir3", + "type": "github" + } + }, + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703532766, + "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=", + "owner": "nix-community", + "repo": "disko", + "rev": "1b191113874dee97796749bb21eac3d84735c70a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703527373, + "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "hostapd": { + "flake": false, + "locked": { + "lastModified": 1703346062, + "narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=", + "ref": "refs/heads/main", + "rev": "196d6c83b9cb7d298fdc92684dc37115348b159e", + "revCount": 19119, + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + }, + "original": { + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703279052, + "narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "3bf23aeb346e772d157816e6b72a742a6c97db80", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "openwrt": { + "flake": false, + "locked": { + "lastModified": 1691699580, + "narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=", + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "revCount": 58166, + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + }, + "original": { + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + } + }, + "root": { + "inputs": { + "bpir3": "bpir3", + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "hostapd": "hostapd", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "openwrt": "openwrt", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703469109, + "narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=", + "owner": "numtide", + "repo": "srvos", + "rev": "52d07db520046c4775f1047e68a05dcb53bba9ec", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix new file mode 100644 index 0000000..7e94241 --- /dev/null +++ b/nix/os/devices/voodoo/flake.nix @@ -0,0 +1,81 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + targetPlatform = "i686-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "voodoo"; + + pkgs = nixpkgs.legacyPackages.${targetPlatform}; + pkgsCross = import self.inputs.nixpkgs { + system = buildPlatform; + crossSystem = { + config = "pentium2-unknown-linux-gnu"; + }; + }; + + mkNixosConfiguration = {extraModules ? [], ...} @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = + (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }) + .meta + .nodeSpecialArgs + .${nodeName}; + + modules = + [ + ./configuration.nix + + # flake registry + { + nix.registry.nixpkgs.flake = nixpkgs; + } + + { + nixpkgs.overlays = [ + (final: previous: {}) + ]; + } + ] + ++ extraModules; + } + ); + in { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; +}