Compare commits

...

11 commits

Author SHA1 Message Date
e590918785
k3s does not need the override anymore 2024-01-10 21:57:02 +01:00
81d9552f73
home: Handle wallpapers differently 2024-01-10 21:56:44 +01:00
3307db5fb4
incus-ui: Replace branding in places not covered by patches 2024-01-10 21:55:39 +01:00
3cfd715814
systemd: Disable LLMNR 2024-01-10 21:55:23 +01:00
cea7eec04f
odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00
19e3f59f86
loki: remove lxd 2024-01-10 21:54:29 +01:00
f8f8054d79
Add k3s-test 2024-01-10 21:54:11 +01:00
31ef819960
Refactor flake.nix 2024-01-10 21:53:04 +01:00
ef2f170462
flake.lock: Update
Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/bb6e486a9fcb96868b15741ff4ee446cc731db43' (2024-01-09)
  → 'github:nix-community/emacs-overlay/e5d3e66bb146b77a9c978533dfb6028b9248f2fa' (2024-01-10)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/c1be43e8e837b8dbee2b3665a007e761680f0c3d' (2024-01-05)
  → 'github:NixOS/nixpkgs/6723fa4e4f1a30d42a633bef5eb01caeb281adc3' (2024-01-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/51e44a13acea71b36245e8bd8c7db53e0a3e61ee' (2024-01-05)
  → 'github:nix-community/home-manager/e13aa9e287b3365473e5897e3667ea80a899cdfb' (2024-01-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/46ae0210ce163b3cba6c7da08840c1d63de9c701' (2024-01-06)
  → 'github:nixos/nixpkgs/317484b1ead87b9c1b8ac5261a8d2dd748a0492d' (2024-01-08)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/ea96f0c05924341c551a797aaba8126334c505d2' (2024-01-08)
  → 'github:cachix/pre-commit-hooks.nix/b0265634df1dc584585c159b775120e637afdb41' (2024-01-10)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/afa87241c19241aca9b7a9103635b82db2b147bb' (2024-01-09)
  → 'github:oxalica/rust-overlay/6dea03e0c8a81cf28340564259d4762b6d6f01de' (2024-01-10)
• Updated input 'sops':
    'github:Mic92/sops-nix/0ded57412079011f1210c2fcc10e112427d4c0e6' (2024-01-08)
  → 'github:Mic92/sops-nix/c0b3a5af90fae3ba95645bbf85d2b64880addd76' (2024-01-10)
2024-01-10 21:42:38 +01:00
7a72cacdaf
Remove terraform stuff 2024-01-09 22:25:14 +01:00
fe0f5f99ab
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/aef9a509db64a081186af2dc185654d78dc8e344' (2024-01-03)
  → 'github:nix-community/disko/f0a3425a7b173701922e7959d8bfb136ef53aa54' (2024-01-08)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/85ac1bf8543d2e179d7748f3788d58b06eacc758' (2024-01-06)
  → 'github:nix-community/emacs-overlay/bb6e486a9fcb96868b15741ff4ee446cc731db43' (2024-01-09)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/b0b2c5445c64191fd8d0b31f2b1a34e45a64547d' (2024-01-03)
  → 'github:NixOS/nixpkgs/c1be43e8e837b8dbee2b3665a007e761680f0c3d' (2024-01-05)
• Updated input 'nil':
    'github:oxalica/nil/0031eb4343fd4672742fd6ff839da9b4f5120646' (2023-11-29)
  → 'github:oxalica/nil/059d33a24bb76d2048740bcce936362bf54b5bc9' (2024-01-07)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/172385318068519900a7d71c1024242fa6af75f0' (2024-01-05)
  → 'github:NixOS/nixos-hardware/b34a6075e9e298c4124e35c3ccaf2210c1f3a43b' (2024-01-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/bd645e8668ec6612439a9ee7e71f7eac4099d4f6' (2024-01-02)
  → 'github:nixos/nixpkgs/46ae0210ce163b3cba6c7da08840c1d63de9c701' (2024-01-06)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/9d3d7e18c6bc4473d7520200d4ddab12f8402d38' (2023-12-30)
  → 'github:cachix/pre-commit-hooks.nix/ea96f0c05924341c551a797aaba8126334c505d2' (2024-01-08)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/a127cccf7943beae944953963ba118d643299c3b' (2024-01-06)
  → 'github:oxalica/rust-overlay/afa87241c19241aca9b7a9103635b82db2b147bb' (2024-01-09)
• Updated input 'sops':
    'github:Mic92/sops-nix/cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6' (2023-12-31)
  → 'github:Mic92/sops-nix/0ded57412079011f1210c2fcc10e112427d4c0e6' (2024-01-08)
• Updated input 'sops/nixpkgs-stable':
    'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
  → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
2024-01-09 09:43:28 +01:00
24 changed files with 229 additions and 488 deletions

40
.gitignore vendored
View file

@ -6,43 +6,3 @@
/.emacs.desktop /.emacs.desktop
/.emacs.desktop.lock /.emacs.desktop.lock
# Created by https://www.toptal.com/developers/gitignore/api/terraform
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
*.tfplan
# Ignore CLI configuration files
.terraformrc
terraform.rc
# End of https://www.toptal.com/developers/gitignore/api/terraform

66
flake.lock generated
View file

@ -81,11 +81,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704318910, "lastModified": 1704741201,
"narHash": "sha256-wOIJwAsnZhM0NlFRwYJRgO4Lldh8j9viyzwQXtrbNtM=", "narHash": "sha256-Y420NeqPWRSpxHpXsxhKILfTxT5exjtTgCgDwSpcEfU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "aef9a509db64a081186af2dc185654d78dc8e344", "rev": "f0a3425a7b173701922e7959d8bfb136ef53aa54",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -105,11 +105,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1704530953, "lastModified": 1704905472,
"narHash": "sha256-hfllh8Dd/XhbyxNensq2PAdnvJtPXJmxUQqWrKUdUCk=", "narHash": "sha256-cb3uqBDHcdHY+x1tXSm5FvScQx5e9+qdADGSEVkhnlM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "85ac1bf8543d2e179d7748f3788d58b06eacc758", "rev": "e5d3e66bb146b77a9c978533dfb6028b9248f2fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -340,11 +340,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704498488, "lastModified": 1704809957,
"narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=", "narHash": "sha256-Z8sBeoeeY2O+BNqh5C+4Z1h1F1wQ2mij7yPZ2GY397M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee", "rev": "e13aa9e287b3365473e5897e3667ea80a899cdfb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -410,11 +410,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1701225372, "lastModified": 1704611696,
"narHash": "sha256-QSiFeEmTzAIIiCtUaMesu7wi7bvfHuFzPMQpOKMt4Lo=", "narHash": "sha256-4ZCgV5oHdEc3q+XaIzy//gh20uC/aSuAtMU9bsfgLZk=",
"owner": "oxalica", "owner": "oxalica",
"repo": "nil", "repo": "nil",
"rev": "0031eb4343fd4672742fd6ff839da9b4f5120646", "rev": "059d33a24bb76d2048740bcce936362bf54b5bc9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -467,11 +467,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1704458188, "lastModified": 1704786394,
"narHash": "sha256-f6BYEuIqnbrs6J/9m1/1VdkJ6d63hO9kUC09kTPuOqE=", "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "172385318068519900a7d71c1024242fa6af75f0", "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -482,11 +482,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1704194953, "lastModified": 1704722960,
"narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=", "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6", "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -516,11 +516,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1704295289, "lastModified": 1704732714,
"narHash": "sha256-9WZDRfpMqCYL6g/HNWVvXF0hxdaAgwgIGeLYiOhmes8=", "narHash": "sha256-ABqK/HggMYA/jMUXgYyqVAcQ8QjeMyr1jcXfTpSHmps=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b0b2c5445c64191fd8d0b31f2b1a34e45a64547d", "rev": "6723fa4e4f1a30d42a633bef5eb01caeb281adc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +548,11 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1703950681, "lastModified": 1704290814,
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c", "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -603,11 +603,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1703939133, "lastModified": 1704913983,
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", "narHash": "sha256-K/GuHFFriQhH3VPWMhm6bYelDuPyGGjGu1OF1EWUn5k=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", "rev": "b0265634df1dc584585c159b775120e637afdb41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -676,11 +676,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704507282, "lastModified": 1704853054,
"narHash": "sha256-PDfS8fj40mm2QWpbd/aiocgwcI/WHzqLKERRJkoEvXU=", "narHash": "sha256-xD87M7isL2XqlFr+2f+j86jy8s5lfIaAEWO4TpQQZUA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "a127cccf7943beae944953963ba118d643299c3b", "rev": "6dea03e0c8a81cf28340564259d4762b6d6f01de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -697,11 +697,11 @@
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
"lastModified": 1703991717, "lastModified": 1704908274,
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76",
"type": "github" "type": "github"
}, },
"original": { "original": {

128
flake.nix
View file

@ -149,6 +149,10 @@
"aarch64-linux" "aarch64-linux"
]; ];
imports = [
inputs.pre-commit-hooks.flakeModule
];
flake = { flake = {
lib = import ./lib inputs; lib = import ./lib inputs;
@ -201,72 +205,70 @@
}; };
perSystem = { self', pkgs, system, lib, ... }: perSystem = { inputs', pkgs, config, ... }: {
{
checks = { pre-commit = {
pre-commit-check = pre-commit-hooks.lib.${system}.run { settings = {
src = ./.; hooks = {
hooks = { nixpkgs-fmt.enable = true;
nixpkgs-fmt.enable = true; deadnix.enable = true;
deadnix.enable = true; statix.enable = true;
statix.enable = true; black.enable = true;
black.enable = true; shellcheck = {
shellcheck = { enable = true;
enable = true; types_or = [ "executable" ];
types_or = [ "executable" ];
};
shfmt.enable = true;
}; };
shfmt.enable = true;
}; };
}; };
packages = {
incus-ui = pkgs.callPackage ./pkgs/incus-ui { };
};
devShells.default = with pkgs;
mkShell {
inherit (self'.checks.pre-commit-check) shellHook;
name = "dotfiles";
packages = [
pkgs.sops
ssh-to-age
age
nodejs
nodePackages.typescript-language-server
nodePackages.yaml-language-server
nodePackages.vscode-css-languageserver-bin
nodePackages.prettier
multimarkdown
nix-diff
nix-prefetch
nix-prefetch-scripts
nix-prefetch-github
nix-prefetch-docker
nix-top
opentofu
terraform-ls
taplo
just
pciutils
cryptsetup
disko.packages.${system}.disko
colmena
];
};
devShells.install = with pkgs; mkShell {
name = "install";
packages = [
disko.packages.${system}.disko
];
};
formatter = pkgs.nixpkgs-fmt;
}; };
packages = {
incus-ui = pkgs.callPackage ./pkgs/incus-ui { };
};
devShells.default = with pkgs; mkShell {
name = "dotfiles";
packages = [
pkgs.sops
ssh-to-age
age
nodejs
nodePackages.typescript-language-server
nodePackages.yaml-language-server
nodePackages.vscode-css-languageserver-bin
nodePackages.prettier
multimarkdown
nix-diff
nix-prefetch
nix-prefetch-scripts
nix-prefetch-github
nix-prefetch-docker
nix-top
taplo
just
pciutils
cryptsetup
inputs'.disko.packages.disko
colmena
];
shellHook = ''
${config.pre-commit.installationScript}
'';
};
devShells.install = with pkgs; mkShell {
name = "install";
packages = [
inputs'.disko.packages.disko
];
};
formatter = pkgs.nixpkgs-fmt;
};
}; };
} }

View file

@ -43,6 +43,17 @@ inputs: {
tags = [ "metal" ]; tags = [ "metal" ];
}; };
}; };
k3s-test = {
config = import ./k3s-test/configuration.nix inputs;
deploy = {
# host = "10.0.0.167";
host = "10.0.0.208";
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
loki = { loki = {
config = import ./loki/configuration.nix inputs; config = import ./loki/configuration.nix inputs;
}; };

View file

@ -1,24 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.11"
constraints = "2.9.11"
hashes = [
"h1:RKM2pvHNJrQKcMD7omaPiM099vWGgDnnZqn1kGknYXU=",
"zh:0db1e3940cf208e56919e68c6d557dfc87d380316a474c8999916308bf991440",
"zh:2a0ae7af5b2f96d53b24f34575bc72ccbb79cab870901f26f00a301613f7c69e",
"zh:2f9eb4a4d2c5db04ec0940d7e250aaf1bac559acc787a5883688ba42159f8b8e",
"zh:362a5b44995a51c8de78f0106aa7741f212bb15fbf2d7477794ea3ee63e2c17d",
"zh:4d212404b741848cef1e469e390ad1df659bbfa8d47cd079d82d83c288925438",
"zh:54a65a01946839db263f8da389791863f6909db9d5fcfdb472e23b14883a5b6c",
"zh:5dfc95303efc53686b23762dfa4c50d887eb4cc0a3e9d527adc29b3a9f0439eb",
"zh:68db84c007cbdd7267d1f7b767b0b2b91e9ee2e2b92ac1d8a1568f3bc61e67cd",
"zh:85d45466445883ae64eed3d5fcb996de389ecf9268f0f7d2f22911fb3f56a344",
"zh:8673f8c794ea8413dc9a3933902492b3e5be99e79bc611fcef415be7d7268210",
"zh:d5041f72f550f3c81dafecb4e7dfca9f849737154a0e2c81434df6c72d75af25",
"zh:e60e03b495dd76660784a8ab07d8db0ce1df7165e713efb350c1864d92f87a8c",
"zh:ed1f75a2fe7d764356119a590f301ab8fd40cfeea78a514450868beb92115f28",
"zh:efa4140b78775509665370c915e60c9043a1325d608f96da151f8f7fcc7cb45e",
]
}

View file

@ -1,46 +0,0 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.11"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "minio" {
target_node = "pve"
hostname = "frigate"
ostemplate = "loki:vztmpl/nixos-23.05-default_20230318_amd64.tar.xz"
unprivileged = false
onboot = true
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
mountpoint {
key = "0"
slot = 0
storage = "local-lvm"
mp = "/data"
size = "256G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.205/24"
gw = "10.0.0.1"
}
}

View file

@ -1,17 +0,0 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}

View file

@ -0,0 +1,83 @@
{ self, ... }:
{ modulesPath, lib, ... }: {
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
services.k3s = {
enable = true;
extraFlags = "--tls-san=10.0.0.208";
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "k3s-test";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowPing = true;
allowedTCPPorts = [ 6443 ];
};
};
systemd = {
network = {
enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.208/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
tmpfiles.rules = [
"L /dev/kmsg - - - - /dev/console"
];
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { };
system.stateVersion = "24.05";
}

View file

@ -54,7 +54,7 @@
dataDir = "/home/erwin/workspace/livebook"; dataDir = "/home/erwin/workspace/livebook";
userMapping = "1000:100"; userMapping = "1000:100";
}; };
lxd.enable = true; lxd.enable = false;
networking = { networking = {
enable = true; enable = true;
}; };

View file

@ -47,9 +47,6 @@ let
services = { services = {
k3s = { k3s = {
enable = true; enable = true;
package = pkgs.k3s.override {
buildGoModule = pkgs.buildGo120Module;
};
clusterInit = isServer; clusterInit = isServer;
serverAddr = if !isServer then "https://10.128.0.2:6443" else ""; serverAddr = if !isServer then "https://10.128.0.2:6443" else "";
role = "server"; role = "server";

View file

@ -1,24 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.11"
constraints = "2.9.11"
hashes = [
"h1:RKM2pvHNJrQKcMD7omaPiM099vWGgDnnZqn1kGknYXU=",
"zh:0db1e3940cf208e56919e68c6d557dfc87d380316a474c8999916308bf991440",
"zh:2a0ae7af5b2f96d53b24f34575bc72ccbb79cab870901f26f00a301613f7c69e",
"zh:2f9eb4a4d2c5db04ec0940d7e250aaf1bac559acc787a5883688ba42159f8b8e",
"zh:362a5b44995a51c8de78f0106aa7741f212bb15fbf2d7477794ea3ee63e2c17d",
"zh:4d212404b741848cef1e469e390ad1df659bbfa8d47cd079d82d83c288925438",
"zh:54a65a01946839db263f8da389791863f6909db9d5fcfdb472e23b14883a5b6c",
"zh:5dfc95303efc53686b23762dfa4c50d887eb4cc0a3e9d527adc29b3a9f0439eb",
"zh:68db84c007cbdd7267d1f7b767b0b2b91e9ee2e2b92ac1d8a1568f3bc61e67cd",
"zh:85d45466445883ae64eed3d5fcb996de389ecf9268f0f7d2f22911fb3f56a344",
"zh:8673f8c794ea8413dc9a3933902492b3e5be99e79bc611fcef415be7d7268210",
"zh:d5041f72f550f3c81dafecb4e7dfca9f849737154a0e2c81434df6c72d75af25",
"zh:e60e03b495dd76660784a8ab07d8db0ce1df7165e713efb350c1864d92f87a8c",
"zh:ed1f75a2fe7d764356119a590f301ab8fd40cfeea78a514450868beb92115f28",
"zh:efa4140b78775509665370c915e60c9043a1325d608f96da151f8f7fcc7cb45e",
]
}

View file

@ -1,45 +0,0 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.11"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "minio" {
target_node = "pve"
hostname = "minio"
ostemplate = "loki:vztmpl/nixos-23.05-default_20230104_amd64.tar.xz"
unprivileged = false
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
mountpoint {
key = "0"
slot = 0
storage = "local-lvm"
mp = "/data"
size = "256G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.204/24"
gw = "10.0.0.1"
}
}

View file

@ -1,17 +0,0 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}

View file

@ -1,4 +1,4 @@
{ nixos-hardware, disko, ... }: { nixos-hardware, disko, nix-ld-rs, ... }:
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ imports = [
@ -65,21 +65,16 @@
}; };
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
powerManagement.cpuFreqGovernor = "ondemand";
programs = {
nix-ld = {
enable = true;
package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs;
};
};
services = { services = {
openssh.enable = true; openssh.enable = true;
cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
Origins = "https://cockpit.datarift.nl";
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
};
};
lvm = { lvm = {
enable = true; enable = true;
}; };

View file

@ -117,6 +117,7 @@
pkgs.nftables pkgs.nftables
pkgs.lvm2 pkgs.lvm2
pkgs.e2fsprogs pkgs.e2fsprogs
pkgs.kmod
]; ];
environment = { environment = {
INCUS_UI = pkgs.incus-ui; INCUS_UI = pkgs.incus-ui;

View file

@ -1,24 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.14"
constraints = "2.9.14"
hashes = [
"h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
"zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
"zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
"zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
"zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
"zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
"zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
"zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
"zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
"zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
"zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
"zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
"zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
"zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
"zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
]
}

View file

@ -1,38 +0,0 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.14"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "unifi" {
target_node = "pve"
hostname = "unifi"
ostemplate = "loki:vztmpl/nixos-23.11-default_20230606_amd64.tar.xz"
unprivileged = false
onboot = true
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.207/24"
gw = "10.0.0.1"
}
}

View file

@ -1,17 +0,0 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}

View file

@ -1,23 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.14"
hashes = [
"h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
"zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
"zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
"zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
"zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
"zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
"zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
"zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
"zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
"zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
"zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
"zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
"zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
"zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
"zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
]
}

View file

@ -1,37 +0,0 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "valkyrie" {
target_node = "pve"
hostname = "valkyrie"
ostemplate = "loki:vztmpl/nixos-23.11-default_20230606_amd64.tar.xz"
unprivileged = false
onboot = true
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.206/24"
gw = "10.0.0.1"
}
}

View file

@ -1,17 +0,0 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}

View file

@ -13,6 +13,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.resolved = { services.resolved = {
enable = true; enable = true;
llmnr = "false"; # Deprecated and a security risk
}; };
}; };
} }

View file

@ -5,6 +5,8 @@
, nodejs , nodejs
, prefetch-yarn-deps , prefetch-yarn-deps
, yarn , yarn
, gnused
, rsync
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -40,6 +42,12 @@ stdenv.mkDerivation rec {
configurePhase = '' configurePhase = ''
runHook preConfigure runHook preConfigure
${gnused}/bin/sed -i "s/LXD/Incus/g" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts*
${gnused}/bin/sed -i "s/devlxd/guestapi/g" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts*
${gnused}/bin/sed -i "s/dev\/lxd/dev\/incus/g" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts*
${gnused}/bin/sed -i "s/lxd_/incus_/g" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts*
${gnused}/bin/sed -i "s/\"lxd\"/\"incus\"/g" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts*
export HOME=$(mktemp -d) export HOME=$(mktemp -d)
yarn config --offline set yarn-offline-mirror "$offlineCache" yarn config --offline set yarn-offline-mirror "$offlineCache"
fixup-yarn-lock yarn.lock fixup-yarn-lock yarn.lock
@ -61,7 +69,8 @@ stdenv.mkDerivation rec {
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
cp -r build/ui $out mkdir -p $out
${rsync}/bin/rsync -a build/ui/ $out/
runHook postInstall runHook postInstall
''; '';

View file

@ -1,6 +1,7 @@
{ pkgs, config, lib, inputs, ... }: { pkgs, config, lib, inputs, ... }:
with lib; let with lib; let
cfg = config.eboskma.users.erwin; cfg = config.eboskma.users.erwin;
homeCfg = config.home-manager.users.erwin;
bt = config.eboskma.bluetooth; bt = config.eboskma.bluetooth;
ewwDaemon = ewwDaemon =
@ -10,7 +11,7 @@ with lib; let
pkgs.writeShellScript "eww-daemon" '' pkgs.writeShellScript "eww-daemon" ''
export PATH=${path}:''${PATH} export PATH=${path}:''${PATH}
${config.home-manager.users.erwin.eboskma.programs.eww.package}/bin/eww $@ ${homeCfg.eboskma.programs.eww.package}/bin/eww $@
''; '';
in in
{ {
@ -94,7 +95,7 @@ in
rofi = { rofi = {
enable = true; enable = true;
package = pkgs.rofi-wayland; package = pkgs.rofi-wayland;
terminal = config.home-manager.users.erwin.wayland.windowManager.sway.config.terminal; terminal = homeCfg.wayland.windowManager.sway.config.terminal;
}; };
vscode.enable = true; vscode.enable = true;
solvespace.enable = true; solvespace.enable = true;
@ -102,10 +103,10 @@ in
starship.enable = true; starship.enable = true;
sway = { sway = {
enable = true; enable = true;
lock-wallpaper = ../../wallpapers/river-2560.png; lock-wallpaper = "${homeCfg.home.homeDirectory}/.wallpapers/river-2560.png";
output = { output = {
"DP-2" = { "DP-2" = {
bg = "${../../wallpapers/jwst-saturn-nircam-2560.png} fill"; bg = "${homeCfg.home.homeDirectory}/.wallpapers/river-2560.png fill";
mode = "2560x1440@165Hz"; mode = "2560x1440@165Hz";
adaptive_sync = "on"; adaptive_sync = "on";
max_render_time = "2"; max_render_time = "2";
@ -178,6 +179,8 @@ in
iotop iotop
(jetbrains.clion.override { jdk = pkgs.jetbrains.jdk; }) (jetbrains.clion.override { jdk = pkgs.jetbrains.jdk; })
kicad kicad
kubectl
kubernetes-helm
larynx larynx
libnotify libnotify
libreoffice-fresh libreoffice-fresh
@ -198,7 +201,6 @@ in
ripgrep ripgrep
scid-vs-pc scid-vs-pc
signal-desktop signal-desktop
solo2-cli
steam steam
steamcmd steamcmd
steam-tui steam-tui
@ -219,6 +221,15 @@ in
gtk.enable = true; gtk.enable = true;
x11.enable = true; x11.enable = true;
}; };
file = {
wallpapers = {
source = ../../wallpapers;
target = ".wallpapers";
recursive = true;
};
};
}; };
xdg = { xdg = {