feat: add lea

2024-05-26 13:51:51 +01:00 · 2024-05-26 13:51:51 +01:00 · ea76bf90d1
commit ea76bf90d1
parent b5cf918f51
7 changed files with 188 additions and 36 deletions
--- a/common/server.nix
+++ b/common/server.nix
@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    kitty.terminfo
+  ];
+}
--- a/flake.lock
+++ b/flake.lock
@ -126,6 +126,27 @@
        "type": "github"
      }
    },
+    "home-manager-stable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1714043624,
+        "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
    "home-manager-unstable": {
      "inputs": {
        "nixpkgs": [
@ -184,16 +205,16 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1688392541,
-        "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
+        "lastModified": 1713995372,
+        "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
+        "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -217,6 +238,7 @@
    "root": {
      "inputs": {
        "fsh": "fsh",
+        "home-manager-stable": "home-manager-stable",
        "home-manager-unstable": "home-manager-unstable",
        "nixos-generators": "nixos-generators",
        "nixpkgs-stable": "nixpkgs-stable",
--- a/flake.nix
+++ b/flake.nix
@ -1,13 +1,18 @@
 {
  inputs = {
    nixpkgs-stable = {
-      url = "github:NixOS/nixpkgs/nixos-22.11";
+      url = "github:NixOS/nixpkgs/nixos-23.11";
    };

    nixpkgs-unstable = {
      url = "github:NixOS/nixpkgs/nixos-unstable";
    };

+    home-manager-stable = {
+      url = "github:nix-community/home-manager/release-23.11";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
+    };
+
    home-manager-unstable = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -29,41 +34,12 @@
    };
  };

-  outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-unstable, nixos-generators, vscode-extensions, ... }:
+  outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-stable, home-manager-unstable, nixos-generators, vscode-extensions, ... }:
  let
    home-manager = home-manager-unstable;
    overlays = [
      fsh.overlays.default
      vscode-extensions.overlays.default
-      (final: prev: {
-        ndi = prev.ndi.overrideAttrs (self: super: {
-        version = "5.5.4";
-        src = prev.pkgs.requireFile rec {
-          name = "${self.installerName}.tar.gz";
-          sha256 = "sha256:7e5c54693d6aee6b6f1d6d49f48d4effd7281abd216d9ff601be2d55af12f7f5";
-          message = self.installerName;
-          };
-          unpackPhase = "unpackFile \${src}\necho y | ./${self.installerName}.sh\nsourceRoot=\"NDI SDK for Linux\";\n";
-          installPhase = ''
-          mkdir $out
-    mv bin/x86_64-linux-gnu $out/bin
-    for i in $out/bin/*; do
-      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$i"
-    done
-    patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" $out/bin/ndi-record
-    mv lib/x86_64-linux-gnu $out/lib
-    for i in $out/lib/*; do
-      if [ -L "$i" ]; then continue; fi
-      patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" "$i"
-    done
-    mv include examples $out/
-    mkdir -p $out/share/doc/${self.pname}-${self.version}
-    mv licenses $out/share/doc/${self.pname}-${self.version}/licenses
-    mv documentation/* $out/share/doc/${self.pname}-${self.version}/
-          '';
-          }
-          );
-      })
    ];
    overlays-module = ({ nixpkgs, ... }: {
      nixpkgs.overlays = overlays;
@ -116,6 +92,27 @@
      ];
    };

+    nixosConfigurations.lea = nixpkgs-stable.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        overlays-module
+        ./hosts/lea/configuration.nix
+        ./roles/coredns
+        ./roles/postgres.nix
+        home-manager-stable.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.users.ash = { ... }: {
+            imports = [
+              fsh.homeModules.fsh
+              ./home/ash
+            ];
+          };
+        }
+      ];
+    };
+
    nixosConfigurations.emira = nixpkgs-unstable.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
--- a/hosts/lea/configuration.nix
+++ b/hosts/lea/configuration.nix
@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../../common/cachix.nix
+      ../../common/generic.nix
+      ../../common/server.nix
+      ../../common/tailscale.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sdb";
+  boot.loader.grub.useOSProber = true;
+
+  networking.hostName = "lea";
+
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+  services.xserver = {
+    layout = "gb";
+    xkbVariant = "";
+  };
+
+  console.keyMap = "uk";
+
+  nix.settings.trusted-users = [ "@wheel" ];
+
+  users.users.ash = {
+    isNormalUser = true;
+    description = "Ashley";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    helix
+  ];
+
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  system.stateVersion = "23.11";
+}
--- a/hosts/lea/hardware-configuration.nix
+++ b/hosts/lea/hardware-configuration.nix
@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/72b9e472-7649-4141-9dc5-dccf4a8edfc6";
+      fsType = "ext4";
+    };
+  fileSystems."/data" =
+    { device = "/dev/disk/by-uuid/22349b30-6c68-40eb-a095-5685dee19cac";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d229b237-c9b9-406c-bd10-d38037dfa51f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/roles/coredns/ash.ley
+++ b/roles/coredns/ash.ley
@ -37,6 +37,12 @@ ana	IN	A	100.99.239.100
 ; arch VM
 chelsie	IN	A	100.110.143.52

+; digital ocean vm (shorks.gay)
+amity	IN	A	100.72.219.75
+
+; New DB server
+lea	IN	A	100.122.202.61
+
 ;; --- PERSONAL DEVICES ---
 ; PC
 mary	IN	A	100.111.252.38
@ -44,6 +50,8 @@ mary	IN	A	100.111.252.38
 ; Phone
 lyra	IN	A	100.123.71.10

+; Laptop (X250)
+alex	IN	A	100.92.96.145
+
 ;; --- OTHER ---
 nucleoid	IN	A	142.132.178.131
-
--- a/roles/postgres.nix
+++ b/roles/postgres.nix
@ -0,0 +1,16 @@
+{ config, pkgs, ... }: {
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "shorks-gay" ];
+    enableTCPIP = true;
+    dataDir = "/data/postgresql/${config.services.postgresql.package.psqlSchema}";
+    authentication = pkgs.lib.mkOverride 10 ''
+      #type database DBuser origin-address auth-method
+      # ipv4
+      host  all      all     127.0.0.1/32   trust
+      host  all      all     100.64.0.0/10  trust
+      # ipv6
+      host all       all     ::1/128        trust
+    '';
+  };
+}