feat: add lea

.github/workflows/cache.yml

@@ -9,8 +9,28 @@ jobs:
     - uses: cachix/install-nix-action@v20
       with:
         nix_path: nixpkgs=channel:nixos-unstable
+    # yoinked from https://github.com/ifd3f/infra/blob/main/.github/workflows/check-targets.yml
+    - name: Remove unneccessary packages
+      run: 'echo "=== Before pruning ==="
+
+        df -h
+
+        sudo rm -rf /usr/bin/buildah /usr/bin/containerd* /usr/bin/ctr /usr/bin/docker*
+        /usr/bin/gh /usr/bin/git /usr/bin/gpg /usr/bin/grub* /usr/bin/mono-sgen
+        /usr/bin/myisam* /usr/bin/mysql* /usr/bin/openssl /usr/bin/pedump /usr/bin/php*
+        /usr/bin/podman /usr/bin/python3.10 /usr/bin/shellcheck /usr/bin/skopeo
+        /usr/bin/snap /usr/bin/tcpdump /usr/bin/tmux /usr/bin/x86_64-linux-gnu-*
+        /usr/bin/yq /opt /usr/local /usr/share /var/lib /var/log || true
+
+        echo
+
+        echo "=== After pruning ==="
+
+        df -h
+        '
     - uses: cachix/cachix-action@v12
       with:
         name: ashhhleyyy
         authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
     - run: GC_DONT_GC=1 nix build --show-trace --log-lines 10000 --fallback '.#nixosConfigurations.alex.config.system.build.toplevel'
+    - run: df -h

common/server.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    kitty.terminfo
+  ];
+}

flake.lock

@@ -126,6 +126,27 @@
         "type": "github"
       }
     },
+    "home-manager-stable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1714043624,
+        "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "home-manager-unstable": {
       "inputs": {
         "nixpkgs": [
@@ -184,16 +205,16 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1688392541,
+        "lastModified": 1713995372,
-        "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
+        "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
+        "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -217,6 +238,7 @@
     "root": {
       "inputs": {
         "fsh": "fsh",
+        "home-manager-stable": "home-manager-stable",
         "home-manager-unstable": "home-manager-unstable",
         "nixos-generators": "nixos-generators",
         "nixpkgs-stable": "nixpkgs-stable",

flake.nix

@@ -1,13 +1,18 @@
 {
   inputs = {
     nixpkgs-stable = {
-      url = "github:NixOS/nixpkgs/nixos-22.11";
+      url = "github:NixOS/nixpkgs/nixos-23.11";
     };
 
     nixpkgs-unstable = {
       url = "github:NixOS/nixpkgs/nixos-unstable";
     };
 
+    home-manager-stable = {
+      url = "github:nix-community/home-manager/release-23.11";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
+    };
+
     home-manager-unstable = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -29,41 +34,12 @@
     };
   };
 
-  outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-unstable, nixos-generators, vscode-extensions, ... }:
+  outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-stable, home-manager-unstable, nixos-generators, vscode-extensions, ... }:
   let
     home-manager = home-manager-unstable;
     overlays = [
       fsh.overlays.default
       vscode-extensions.overlays.default
-      (final: prev: {
-        ndi = prev.ndi.overrideAttrs (self: super: {
-        version = "5.5.4";
-        src = prev.pkgs.requireFile rec {
-          name = "${self.installerName}.tar.gz";
-          sha256 = "sha256:7e5c54693d6aee6b6f1d6d49f48d4effd7281abd216d9ff601be2d55af12f7f5";
-          message = self.installerName;
-          };
-          unpackPhase = "unpackFile \${src}\necho y | ./${self.installerName}.sh\nsourceRoot=\"NDI SDK for Linux\";\n";
-          installPhase = ''
-          mkdir $out
-    mv bin/x86_64-linux-gnu $out/bin
-    for i in $out/bin/*; do
-      patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$i"
-    done
-    patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" $out/bin/ndi-record
-    mv lib/x86_64-linux-gnu $out/lib
-    for i in $out/lib/*; do
-      if [ -L "$i" ]; then continue; fi
-      patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" "$i"
-    done
-    mv include examples $out/
-    mkdir -p $out/share/doc/${self.pname}-${self.version}
-    mv licenses $out/share/doc/${self.pname}-${self.version}/licenses
-    mv documentation/* $out/share/doc/${self.pname}-${self.version}/
-          '';
-          }
-          );
-      })
     ];
     overlays-module = ({ nixpkgs, ... }: {
       nixpkgs.overlays = overlays;
@@ -116,6 +92,27 @@
       ];
     };
 
+    nixosConfigurations.lea = nixpkgs-stable.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        overlays-module
+        ./hosts/lea/configuration.nix
+        ./roles/coredns
+        ./roles/postgres.nix
+        home-manager-stable.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.users.ash = { ... }: {
+            imports = [
+              fsh.homeModules.fsh
+              ./home/ash
+            ];
+          };
+        }
+      ];
+    };
+
     nixosConfigurations.emira = nixpkgs-unstable.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [

hosts/lea/configuration.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../../common/cachix.nix
+      ../../common/generic.nix
+      ../../common/server.nix
+      ../../common/tailscale.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sdb";
+  boot.loader.grub.useOSProber = true;
+
+  networking.hostName = "lea";
+
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_GB.UTF-8";
+    LC_IDENTIFICATION = "en_GB.UTF-8";
+    LC_MEASUREMENT = "en_GB.UTF-8";
+    LC_MONETARY = "en_GB.UTF-8";
+    LC_NAME = "en_GB.UTF-8";
+    LC_NUMERIC = "en_GB.UTF-8";
+    LC_PAPER = "en_GB.UTF-8";
+    LC_TELEPHONE = "en_GB.UTF-8";
+    LC_TIME = "en_GB.UTF-8";
+  };
+
+  services.xserver = {
+    layout = "gb";
+    xkbVariant = "";
+  };
+
+  console.keyMap = "uk";
+
+  nix.settings.trusted-users = [ "@wheel" ];
+
+  users.users.ash = {
+    isNormalUser = true;
+    description = "Ashley";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    helix
+  ];
+
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  system.stateVersion = "23.11";
+}

hosts/lea/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/72b9e472-7649-4141-9dc5-dccf4a8edfc6";
+      fsType = "ext4";
+    };
+  fileSystems."/data" =
+    { device = "/dev/disk/by-uuid/22349b30-6c68-40eb-a095-5685dee19cac";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d229b237-c9b9-406c-bd10-d38037dfa51f"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

roles/coredns/ash.ley

@@ -37,6 +37,12 @@ ana	IN	A	100.99.239.100
 ; arch VM
 chelsie	IN	A	100.110.143.52
 
+; digital ocean vm (shorks.gay)
+amity	IN	A	100.72.219.75
+
+; New DB server
+lea	IN	A	100.122.202.61
+
 ;; --- PERSONAL DEVICES ---
 ; PC
 mary	IN	A	100.111.252.38
@@ -44,6 +50,8 @@ mary	IN	A	100.111.252.38
 ; Phone
 lyra	IN	A	100.123.71.10
 
+; Laptop (X250)
+alex	IN	A	100.92.96.145
+
 ;; --- OTHER ---
 nucleoid	IN	A	142.132.178.131
-

roles/postgres.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }: {
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "shorks-gay" ];
+    enableTCPIP = true;
+    dataDir = "/data/postgresql/${config.services.postgresql.package.psqlSchema}";
+    authentication = pkgs.lib.mkOverride 10 ''
+      #type database DBuser origin-address auth-method
+      # ipv4
+      host  all      all     127.0.0.1/32   trust
+      host  all      all     100.64.0.0/10  trust
+      # ipv6
+      host all       all     ::1/128        trust
+    '';
+  };
+}