ash/forest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: initial commit

Browse source
This commit is contained in:
Ashhhleyyy 2023-10-02 18:47:47 +01:00
commit 544682d903
Signed by: ash
GPG key ID: 83B789081A0878FB
16 changed files with 808 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*.qcow2
/result

14
common/generic-desktop.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, pkgs, ... }: {
services.resolved.enable = true;
services.avahi = {
enable = true;
openFirewall = true;
};
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.utf8";
boot.plymouth = {
enable = true;
};
}

19
common/generic-qemu.nix Normal file
View file

@ -0,0 +1,19 @@
{ modulesPath, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"console=tty1"
"console=ttyS0,115200"
];
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
}

40
common/generic.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, ... }: rec {
imports = [ ];
boot.tmp.cleanOnBoot = true;
nix.settings.auto-optimise-store = true;
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
programs.fish.enable = true;
programs.htop = {
enable = true;
settings = {
hide_kernel_threads = true;
hide_userland_threads = true;
};
};
users.users.ash = {
description = "Ashley";
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGLHqRBcN584SXXa7snrOs89Wy5Jjvsq+GlFXTTBYfp ash@ash-pc"
];
hashedPassword = "$y$j9T$YZw49GYsZi6pm5MH3W2gX1$BKPBL3g4jAWUJP0WY0lRrBLorxzcENVqGTG0dAly3v7";
extraGroups = [ "wheel" "audio" ];
};
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = users.users.ash.openssh.authorizedKeys.keys;
users.mutableUsers = false;
console.keyMap = "uk";
}

222
flake.lock Normal file
View file

@ -0,0 +1,222 @@
{
"nodes": {
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"fsh",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1668993159,
"narHash": "sha256-9BVTtPFrHRh0HbeEm2bmXsoIWRj1tKM6Nvfl7VMK/X8=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fsh": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1684846557,
"narHash": "sha256-mgYwhUKc5r6WC0E1cZ8b0/txQHiTnBvZ8gC0odFfvq0=",
"owner": "ashhhleyyy",
"repo": "fsh",
"rev": "3b45d2e7c4b77158f5b621772c48a0fea2b80a9a",
"type": "github"
},
"original": {
"owner": "ashhhleyyy",
"repo": "fsh",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1684824189,
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1681001314,
"narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1685000237,
"narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "05bef004794f352ea12475a89f3f55b4102c0728",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1686751072,
"narHash": "sha256-i4TGoVhWiwSkGV8D8Hk8A3MZ68rmAxknEVwTYkE3Wjk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "98be10c950909515f626a776e862c24589fde969",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1684754342,
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"fsh": "fsh",
"home-manager-unstable": "home-manager-unstable",
"nixos-generators": "nixos-generators",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"fsh",
"crane",
"flake-utils"
],
"nixpkgs": [
"fsh",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667487142,
"narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

99
flake.nix Normal file
View file

@ -0,0 +1,99 @@
{
inputs = {
nixpkgs-stable = {
url = "github:NixOS/nixpkgs/nixos-22.11";
};
nixpkgs-unstable = {
url = "github:NixOS/nixpkgs/nixos-unstable";
};
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
fsh = {
url = "github:ashhhleyyy/fsh";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
};
outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-unstable, nixos-generators, ... }:
let
home-manager = home-manager-unstable;
overlays = [
fsh.overlays.default
];
overlays-module = ({ nixpkgs, ... }: {
nixpkgs.overlays = overlays;
});
in
{
nixosConfigurations.fern = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
overlays-module
./hosts/fern/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.ash = { ... }: {
imports = [
fsh.homeModules.fsh
./home/ash
./home/ash/desktop.nix
];
};
}
];
};
nixosConfigurations.alex = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
overlays-module
./hosts/alex/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.ash = { ... }: {
imports = [
fsh.homeModules.fsh
./home/ash
./home/ash/desktop.nix
./home/ash/vscodium.nix
];
};
}
];
};
nixosConfigurations.emira = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
overlays-module
./hosts/emira/configuration.nix
./common/generic-qemu.nix
];
};
packages.x86_64-linux = {
emira = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
overlays-module
./hosts/emira/configuration.nix
];
format = "qcow";
};
};
};
}

10
home/ash/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }: {
home.stateVersion = "22.11";
programs.fish.enable = true;
programs.fsh.enable = true;
home.packages = with pkgs; [
wget
];
}

11
home/ash/desktop.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, pkgs, ... }: {
home.packages = with pkgs; [
nerdfonts
];
programs.kitty = {
enable = true;
theme = "Catppuccin-Mocha";
font.name = "JetBrainsMono Nerd Font";
};
}

74
home/ash/vscodium.nix Normal file
View file

@ -0,0 +1,74 @@
{ config, pkgs, ... }: {
home.packages = with pkgs; [
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with pkgs.vscode-extensions; [
bbenoist.nix
ms-python.python
ms-vscode.hexeditor
tamasfe.even-better-toml
elixir-lsp.vscode-elixir-ls
arrterian.nix-env-selector
denoland.vscode-deno
esbenp.prettier-vscode
llvm-vs-code-extensions.vscode-clangd
vscode-extensions.ms-dotnettools.csharp
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "starfall-visual-studio-code";
publisher = "sndst00m";
version = "0.5.4";
sha256 = "sha256-f1pnuqz8aC3FKUI/GnNor+uY94+1UlYOyW1OvuuMqK8=";
}
{
name = "flutter";
publisher = "Dart-Code";
version = "3.73.20230904";
sha256 = "sha256-2kT5hfCupM1njC07Du9bcavxp2kDIJNIMsMYd7Omr44=";
}
{
name = "dart-code";
publisher = "Dart-Code";
version = "3.73.20230927";
sha256 = "sha256-B6CD+2OgKrIHG87FtKbuqdpn3levm9RO6GFjmnW24z4=";
}
{
name = "direnv";
publisher = "mkhl";
version = "0.15.2";
sha256 = "sha256-Da9Anme6eoKLlkdYaeLFDXx0aQgrtepuUnw2jEPXCVU=";
}
{
name = "Go";
publisher = "golang";
version = "0.39.1";
sha256 = "sha256-xOiMVUkcgwkMjYfNzFB3Qhfg26jf5nssaTfw0U+sAX0=";
}
{
name = "rust-analyzer";
publisher = "rust-lang";
version = "0.4.1679";
sha256 = "sha256-MqaYZSU80MrNHGP8Tfj9Ky8DhCtRgajeVivjMGtvnS8=";
}
{
name = "svelte-vscode";
publisher = "svelte";
version = "107.11.0";
sha256 = "sha256-vz4yO1VhTdpdfXw6daD1TinSTFlmQyYEDrxVklMX8Rk=";
}
{
name = "ruby-lsp";
publisher = "Shopify";
version = "0.4.8";
sha256 = "sha256-Q7ZZs/81+VrHKs3rpMwMfE3+DOS9bDJaoHEpYHoRqoo=";
}
{
name = "wgsl";
publisher = "PolyMeilex";
version = "0.1.16";
sha256 = "sha256-0EcV80N8u3eQB74TNedjM5xbQFY7avUu3A8HWi7eZLk=";
}
];
})
];
}

35
hosts/alex/configuration.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }: {
imports = [
../../common/generic-qemu.nix
../../common/generic.nix
../../common/generic-desktop.nix
];
networking.hostName = "alex";
networking.firewall.enable = false;
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
layout = "gb";
# xkbVariant = "";
};
services.printing.enable = true;
programs.steam.enable = true;
nixpkgs.config.allowUnfree = true;
system.stateVersion = "22.11";
}

17
hosts/emira/configuration.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }: {
imports = [
../../common/generic.nix
../../roles/asterisk.nix
../../roles/kanidm.nix
../../roles/coredns
];
networking = {
hostName = "emira";
nameservers = [ "127.0.0.1" "::1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
};
networking.firewall.enable = false;
system.stateVersion = "22.11";
}

35
hosts/fern/configuration.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }: {
imports = [
../../common/generic-qemu.nix
../../common/generic.nix
../../common/generic-desktop.nix
];
networking.hostName = "fern";
networking.firewall.enable = false;
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
# layout = "gb";
# xkbVariant = "";
};
services.printing.enable = true;
programs.steam.enable = true;
nixpkgs.config.allowUnfree = true;
system.stateVersion = "22.11";
}

140
roles/asterisk.nix Normal file
View file

@ -0,0 +1,140 @@
{ config, pkgs, ... }: {
services.asterisk = {
enable = true;
confFiles = {
"pjsip.conf" = ''
[transport-defaults](!)
type = transport
bind = 0.0.0.0
local_net = 127.0.0.0/8
local_net = 10.0.0.0/8
local_net = 172.16.0.0/12
local_net = 192.168.0.0/16
[transport-udp](transport-defaults)
protocol = udp
[transport-tcp](transport-defaults)
protocol = tcp
'';
"rtp.conf" = ''
[general]
rtpstart=20000
rtpend=20999
'';
"pjsip_wizard.conf" = ''
[extension-defaults](!)
type = wizard
accepts_registrations = yes
accepts_auth = yes
aor/remove_existing = yes
aor/max_contacts = 1
aor/qualify_timeout = 3.0
endpoint/allow = !all,g722,ulaw
endpoint/subscribe_context = subscribe
endpoint/context = from-internal
endpoint/mailboxes = 6000@default
[6001](extension-defaults)
endpoint/callerid = Fern <6001>
inbound_auth/username = 6001
inbound_auth/password = 3303a8dc75771f8a4d653223fbb8f2f1
aor/qualify_frequency = 30
endpoint/direct_media = yes
[6002](extension-defaults)
endpoint/callerid = Lyra <6002>
inbound_auth/username = 6002
inbound_auth/password = dc18253d8af6af4d5ab36d76e8825d54
aor/qualify_frequency = 0
endpoint/direct_media = no
'';
"voicemail.conf" = ''
[general]
format = wav49|gsm|wav
serveremail=asterisk-noreply@ashhhleyyy.dev
attach=yes
maxmsg = 100
maxsecs = 300
maxgreet = 60
skipms = 3000
maxsilence = 10
silencethreshold = 128
maxlogins = 3
emailsubject = New voicemail ''${VM_MSGNUM} in mailbox ''${VM_MAILBOX}
emailbody = Hi ''${VM_NAME},\n\nYou have a new voicemail in mailbox ''${VM_MAILBOX}.\n\nFrom: ''${VM_CALLERID}\nDate: ''${VM_DATE}\nDuration: ''${VM_DUR}\nMessage Number: ''${VM_MSGNUM}
emaildateformat = %A, %B %d, %Y at %r
tz = myzone
locale = en_US.UTF-8
minpassword = 4
[zonemessages]
myzone = Europe/London|'vm-received' Q 'digits/at' IMp
[default]
6000 => 1234,Ashley B,ash@ashhhleyyy.dev,,,
'';
"queues.conf" = ''
[general]
persistentmembers = yes
autofill = yes
monitor-type = MixMonitor
shared_lastcall = yes
log_membername_as_agent = yes
[internal-phones]
strategy = ringall
timeout = 30
announce-frequency = 0
announce-holdtime = no
announce-position = no
periodic-announce-frequency = 0
joinempty = yes
leavewhenempty = no
ringinuse = yes
member => PJSIP/6001,0,Fern,PJSIP/6001
member => PJSIP/6002,0,Lyra,PJSIP/6002
'';
"extensions.conf" = ''
[public]
exten => _X.,1,Hangup(3)
[default]
exten => _X.,1,Hangup(3)
[globals]
VOICEMAIL_NUMBER = *99
VOICEMAIL_BOX = 6000@default
VOICEMAIL_RING_TIMEOUT = 25
HOME_QUEUE = internal-phones
INTERCOM = 6000
LOCAL_EXTS = _6XXX
[subscribe]
exten => _XXXX,hint,PJSIP/''${EXTEN}
[gosub-intercom]
exten => s,1,Set(PJSIP_HEADER(add,Alert-Info)=auto answer)
same => n,Return()
[from-internal]
exten => ''${INTERCOM},1,Set(CALLERID(all)=Intercom <''${EXTEN}>
same => n,Page(''${STRREPLACE(QUEUE_MEMBER_LIST(''${HOME_QUEUE}),",","&")},db(gosub-intercom^s^1),10)
same => n,Hangup()
exten => ''${LOCAL_EXTS},1,Dial(PJSIP/''${EXTEN})
same => n,Hangup()
exten => ''${VOICEMAIL_NUMBER},1,Answer(500)
same => n,VoiceMailMain(''${VOICEMAIL_BOX},s)
same => n,Hangup()
'';
};
};
}

49
roles/coredns/ash.ley Normal file
View file

@ -0,0 +1,49 @@
$ORIGIN ash.ley.
$TTL 5m
; SOA
@ SOA kylie.ash.ley. ash.ashhhleyyy.dev. (
2022051901 ; serial number
28800 ; refresh
7200 ; Retry
864000 ; Expire
60 ; Min TTL
)
;; --- SERVERS ---
; Root (kylie, formerly maria)
@ IN A 100.123.36.114
; maria is down and probably not coming back
;maria IN A 100.119.182.22
; Pi 4
kylie IN A 100.123.36.114
netdata.kylie IN CNAME kylie.ash.ley.
gitea.kylie IN CNAME kylie.ash.ley.
jellyfin.kylie IN CNAME kylie.ash.ley.
syncthing.kylie IN CNAME kylie.ash.ley.
; Pi Zero (School mode)
ky IN A 100.80.161.44
; Pi Zero (Camera mode)
fumiko IN A 100.95.211.68
; Pi (Radio)
allison IN A 100.90.231.61
; Pi (room sensor)
ana IN A 100.99.239.100
; arch VM
chelsie IN A 100.110.143.52
;; --- PERSONAL DEVICES ---
; PC
mary IN A 100.111.252.38
; Phone
lyra IN A 100.123.71.10
;; --- OTHER ---
nucleoid IN A 142.132.178.131

18
roles/coredns/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }: rec {
services.coredns = {
enable = true;
config = ''
ley {
bind 0.0.0.0
file ${pkgs.writeText "ash.ley" (builtins.readFile ./ash.ley)}
prometheus 0.0.0.0:9153
}
. {
bind 0.0.0.0
forward . tls://1.1.1.1 tls://1.0.0.1
prometheus 0.0.0.0:9153
}
'';
};
}

23
roles/kanidm.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }: {
services.kanidm = {
# enableServer = true;
# serverSettings = {
# bindaddress = "[::]:8443";
# ldapbindaddress = "[::]:3636";
# # We are behind a reverse proxy
# trust_x_forward_for = true;
# tls_chain = "";
# tls_key = "";
# log_level = "default";
# domain = "sso.ashhhleyyy.dev";
# origin = "https://sso.ashhhleyyy.dev";
# role = "WriteReplica";
# };
enableClient = true;
clientSettings = {
uri = "https://sso.ashhhleyyy.dev";
};
};
}