From 472e5082e770f60bc5fce3ace22363c3c1ac9a03 Mon Sep 17 00:00:00 2001 From: Sebastian Moser Date: Mon, 20 Nov 2023 13:49:26 +0100 Subject: [PATCH] ... --- common/building.nix | 37 ++++++++++++++++++++ hosts/hpm.nix | 1 + hosts/luna.nix | 46 ++++++++++++++++++++++++ hosts/main.nix | 75 +++++++++++++++++++++++++--------------- hosts/privision-main.nix | 59 +++++++++++++++++++++++++++++++ 5 files changed, 191 insertions(+), 27 deletions(-) create mode 100644 common/building.nix create mode 100644 hosts/luna.nix create mode 100644 hosts/privision-main.nix diff --git a/common/building.nix b/common/building.nix new file mode 100644 index 0000000..6f52735 --- /dev/null +++ b/common/building.nix @@ -0,0 +1,37 @@ +{ ... }: +{ + nix.buildMachines = [ + { + hostName = "hpm"; + maxJobs = 8; + speedFactor = 5; + systems = [ + "x86_64-linux" + ]; + } + { + hostName = "acern"; + maxJobs = 20; + speedFactor = 10; + systems = [ + "x86_64-linux" + ]; + } + /* + { + hostName = "main"; + maxJobs = 4; + systems = [ + "x86_64-linux" + ]; + } + */ + ]; + nix.settings = { + trusted-public-keys = [ + "sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo=" + ]; + #builders = "@/etc/nix/machines"; + trusted-users = [ "me" ]; + }; +} diff --git a/hosts/hpm.nix b/hosts/hpm.nix index a93d660..bbca857 100644 --- a/hosts/hpm.nix +++ b/hosts/hpm.nix @@ -4,6 +4,7 @@ ../common/all.nix ../common/nixos.nix ../common/nixos-graphical.nix + ../common/building.nix ../users/me/default.nix ]; diff --git a/hosts/luna.nix b/hosts/luna.nix new file mode 100644 index 0000000..2742e14 --- /dev/null +++ b/hosts/luna.nix @@ -0,0 +1,46 @@ +{ lib, pkgs, ... }: +{ + # This causes an overlay which causes a lot of rebuilding + environment.noXlibs = lib.mkForce false; + # "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a + # disk with this label on first boot. Therefore, we need to keep it. It is the + # only information from the installer image that we need to keep persistent + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + boot = { + kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + loader = { + generic-extlinux-compatible.enable = lib.mkDefault true; + grub.enable = lib.mkDefault false; + }; + }; + nix.settings = { + experimental-features = lib.mkDefault "nix-command flakes"; + trusted-users = [ "root" "@wheel" ]; + }; + + # end of base.nix + + environment.systemPackages = with pkgs; [ vim git ]; + services.openssh.enable = true; + networking.hostName = "luna"; + users = { + users.me = { + password = "hello"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + }; + networking = { + interfaces."wlan0".useDHCP = true; + wireless = { + interfaces = [ "wlan0" ]; + enable = true; + networks = { + seb-phone.psk = "hellogello"; + }; + }; + }; +} diff --git a/hosts/main.nix b/hosts/main.nix index bf17f04..1155b7f 100644 --- a/hosts/main.nix +++ b/hosts/main.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, workDir, self, secretsDir, ... }: +{ pkgs, lib, workDir, self, secretsDir, config, ... }: { # https://bugzilla.kernel.org/show_bug.cgi?id=110941 @@ -15,6 +15,7 @@ ../common/all.nix ../common/nixos.nix ../common/nixos-graphical.nix + ../common/building.nix ../users/me/default.nix ../users/root/default.nix @@ -34,34 +35,8 @@ }; }; - nix.settings = { - trusted-public-keys = [ - "sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo=" - ]; - #builders = "@/etc/nix/machines"; - trusted-users = [ "me" ]; - }; nix = { distributedBuilds = false; # false, because i can't build on hpm currently ... not signed by trusted user error - buildMachines = [ - { - hostName = "hpm"; - maxJobs = 8; - speedFactor = 5; - systems = [ - "x86_64-linux" - ]; - } - /* - { - hostName = "main"; - maxJobs = 4; - systems = [ - "x86_64-linux" - ]; - } - */ - ]; }; networking.hostName = "main"; @@ -69,9 +44,15 @@ networking.extraHosts = '' 192.168.1.6 hpm 192.168.1.2 rpi + 127.0.0.1 youtube.com + 127.0.0.1 www.youtube.com ''; + # to build rpi images + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # some bind mounts fileSystems."${workDir}/priv-share/things" = { device = "${workDir}/things"; @@ -86,6 +67,46 @@ options = [ "bind" ]; }; + # my youtube blocking service + systemd.services.stark = + let + stark = pkgs.writeShellApplication { + name = "stark"; + + runtimeInputs = with pkgs; [ curl w3m ]; + + text = '' + if [ -f "/etc/host-youtube-block" ]; + then + timeout=$(cat /etc/host-youtube-block) + if [[ "$timeout" == "1" ]] + then + rm /etc/host-youtube-block + else + timeout=$((timeout - 1)) + echo -en $timeout > /etc/host-youtube-block + fi + else + rm /etc/hosts + ln -nsf ${config.environment.etc.hosts.source.outPath} /etc/hosts + fi + ''; + }; + in + { + enable = true; + description = "block Youtube"; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + Restart = "always"; + RestartSec = "60s"; + ExecStart = "${stark}/bin/stark"; + }; + wantedBy = [ "multi-user.target" ]; + }; + # syncthing for main services.syncthing = { diff --git a/hosts/privision-main.nix b/hosts/privision-main.nix new file mode 100644 index 0000000..461cbd6 --- /dev/null +++ b/hosts/privision-main.nix @@ -0,0 +1,59 @@ +{ inputs, self, nixpkgs, specialArgs, ... }: +{ + outputs.apps = { + main = inputs.nix-provision.mkProvision self.outputs.nixosConfigurations.main; + }; + outputs.nixosConfigurations.main = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + + modules = [ + ./hosts/main.nix + ./hardware/my-hp-laptop.nix + { + provision = { + type = "disk"; + # other types: phone, wsl, libirt-vm, installer, + + lvm.physicalVolumes.lvm0 = { + logicalVolumes = [ + { + label = "root"; + type = "btrfs"; + } + { + label = "swap"; + type = "swap"; + } + { + label = "work"; + type = "btrfs"; + } + ]; + }; + + hardware.boot = { + }; + + hardware.drive = { + type = "gpt"; + partitions = [ + { + label = "boot"; + type = "fat32"; + } + { + type = "luks"; + secret = "luks-secret"; + containing = { + type = "lvm-pv"; + partOf = "lvm0"; + }; + } + ]; + }; + }; + } + ]; + }; +}