From f992567e477c461e688a4fd5c757d8d829bf330c Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Thu, 30 May 2024 23:47:03 +0200 Subject: [PATCH] Add basic eustachius config --- flake.nix | 13 +++ hosts/adalbert/default.nix | 4 + hosts/eustachius/default.nix | 146 ++++++++++++++++++++++++ hosts/franz/arion/headscale/default.nix | 6 +- 4 files changed, 167 insertions(+), 2 deletions(-) create mode 100644 hosts/eustachius/default.nix diff --git a/flake.nix b/flake.nix index f9082f7..406061a 100644 --- a/flake.nix +++ b/flake.nix @@ -104,6 +104,19 @@ ./hosts/franz ]; }; + # build with nix build .#nixosConfigurations.eustachius.config.system.build.sdImage + eustachius = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" + ./hosts/eustachius + + # extra config for sdImage generator + { + sdImage.compressImage = false; + } + ]; + }; }; # Standalone home-manager configuration entrypoint diff --git a/hosts/adalbert/default.nix b/hosts/adalbert/default.nix index 77ba8fb..73ee7ac 100644 --- a/hosts/adalbert/default.nix +++ b/hosts/adalbert/default.nix @@ -73,6 +73,10 @@ # Force disable Nvidia PRIME, needed by nix-hardware hardware.nvidia.prime.offload.enable = false; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + programs = { adb.enable = true; dconf.enable = true; diff --git a/hosts/eustachius/default.nix b/hosts/eustachius/default.nix new file mode 100644 index 0000000..ad5eda3 --- /dev/null +++ b/hosts/eustachius/default.nix @@ -0,0 +1,146 @@ +{ + pkgs, + lib, + ... +}: { + imports = [ + ]; + + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + # !!! Set to specific linux kernel version + boot.kernelPackages = pkgs.linuxPackages; + + # Disable ZFS on kernel 6 + boot.supportedFilesystems = lib.mkForce [ + "vfat" + "xfs" + "cifs" + "ntfs" + ]; + + # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough. + # If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M. + # On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work. + boot.kernelParams = ["cma=256M"]; + + # File systems configuration for using the installer's partition layout + fileSystems = { + # Prior to 19.09, the boot partition was hosted on the smaller first partition + # Starting with 19.09, the /boot folder is on the main bigger partition. + # The following is to be used only with older images. + /* + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + */ + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + # !!! Adding a swap file is optional, but strongly recommended! + swapDevices = [ + { + device = "/swapfile"; + size = 1024; + } + ]; + + # systemPackages + environment.systemPackages = with pkgs; [ + neovim + curl + wget + bind + iptables + python3 + nodejs + docker-compose + ]; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + + services.restic.server.enable = true; + + services.tailscale = { + enable = true; + useRoutingFeatures = "server"; + }; + + # # Some sample service. + # # Use dnsmasq as internal LAN DNS resolver. + # services.dnsmasq = { + # enable = false; + # settings.servers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"]; + # settings.extraConfig = '' + # address=/fenrir.test/192.168.100.6 + # address=/recalune.test/192.168.100.7 + # address=/eth.nixpi.test/192.168.100.3 + # address=/wlan.nixpi.test/192.168.100.4 + # ''; + # }; + + virtualisation.docker.enable = true; + + networking.firewall.enable = false; + + # Networking + networking = { + # useDHCP = true; + interfaces.wlan0 = { + useDHCP = false; + ipv4.addresses = [ + { + # I used static IP over WLAN because I want to use it as local DNS resolver + address = "192.168.1.4"; + prefixLength = 24; + } + ]; + }; + interfaces.eth0 = { + useDHCP = true; + }; + }; + + # forwarding + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + "net.ipv4.tcp_ecn" = true; + }; + + # put your own configuration here, for example ssh keys: + users.mutableUsers = true; + users.groups = { + nixos = { + gid = 1000; + name = "ghoscht"; + }; + }; + users.users = { + nixos = { + uid = 1000; + home = "/home/nixos"; + name = "ghoscht"; + group = "ghoscht"; + extraGroups = ["wheel" "docker"]; + }; + }; + users.users.root.openssh.authorizedKeys.keys = [ + #Desktop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0" + + #Convertible + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5" + ]; + system.stateVersion = "23.11"; +} diff --git a/hosts/franz/arion/headscale/default.nix b/hosts/franz/arion/headscale/default.nix index d1be53e..2b6b391 100644 --- a/hosts/franz/arion/headscale/default.nix +++ b/hosts/franz/arion/headscale/default.nix @@ -2,8 +2,10 @@ vars = import ../../../../vars.nix; in { # Tailscale client for exit node/routes - services.tailscale.enable = true; - services.tailscale.useRoutingFeatures = "server"; + services.tailscale = { + enable = true; + useRoutingFeatures = "server"; + }; virtualisation.arion = { projects.headscale.settings = {