From 5cc6cea20e61047890c5562d57f44776abe8d14e Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Tue, 4 Oct 2022 10:39:49 +0200 Subject: [PATCH] reorg --- nixos/.gitignore | 3 +- nixos/conf | 53 ------------------- .../blackadder}/3950x-hardware-config.nix | 0 .../blackadder}/3950x.nix | 3 +- .../blackadder/default.nix} | 2 +- .../frumar/default.nix} | 11 ++-- .../{physical => machines/frumar}/fractal.nix | 3 +- .../jarvis/default.nix} | 2 +- .../jarvis}/xps9360-hardware-config.nix | 0 .../{physical => machines/jarvis}/xps9360.nix | 0 .../pennyworth/default.nix} | 14 +++-- .../pennyworth}/hetznercloud.nix | 2 +- .../smithers/default.nix} | 2 +- .../smithers}/x11-hardware-config.nix | 0 nixos/{physical => machines/smithers}/x11.nix | 3 +- nixos/{physical => machines/zazu}/apu2c4.nix | 0 .../zazu.nix => machines/zazu/default.nix} | 4 +- nixos/overlay.nix | 2 +- nixos/roles/default.nix | 1 + nixos/roles/homeserver.nix | 4 +- nixos/servers.nix | 1 - nixos/services/default.nix | 5 +- nixos/services/torrent-wg.nix | 2 +- 23 files changed, 32 insertions(+), 85 deletions(-) delete mode 100755 nixos/conf rename nixos/{physical => machines/blackadder}/3950x-hardware-config.nix (100%) rename nixos/{physical => machines/blackadder}/3950x.nix (95%) rename nixos/{logical/blackadder.nix => machines/blackadder/default.nix} (96%) rename nixos/{logical/frumar.nix => machines/frumar/default.nix} (96%) rename nixos/{physical => machines/frumar}/fractal.nix (87%) rename nixos/{logical/jarvis.nix => machines/jarvis/default.nix} (67%) rename nixos/{physical => machines/jarvis}/xps9360-hardware-config.nix (100%) rename nixos/{physical => machines/jarvis}/xps9360.nix (100%) rename nixos/{logical/pennyworth.nix => machines/pennyworth/default.nix} (92%) rename nixos/{physical => machines/pennyworth}/hetznercloud.nix (91%) rename nixos/{logical/smithers.nix => machines/smithers/default.nix} (72%) rename nixos/{physical => machines/smithers}/x11-hardware-config.nix (100%) rename nixos/{physical => machines/smithers}/x11.nix (93%) rename nixos/{physical => machines/zazu}/apu2c4.nix (100%) rename nixos/{logical/zazu.nix => machines/zazu/default.nix} (99%) delete mode 100644 nixos/servers.nix diff --git a/nixos/.gitignore b/nixos/.gitignore index 5b7d75b..e2f5dd2 100644 --- a/nixos/.gitignore +++ b/nixos/.gitignore @@ -1,2 +1 @@ -result -copy-keys \ No newline at end of file +result \ No newline at end of file diff --git a/nixos/conf b/nixos/conf deleted file mode 100755 index fc9dd22..0000000 --- a/nixos/conf +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -cd "$( dirname "${BASH_SOURCE[0]}" )" -export NIX_PATH= -host=$1 -COPY_USER=yorick -get_target_host() { - TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host) - TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc') -} -peek() { - echo $ "$@" > /dev/stderr - command "$@" -} -nix() { - peek nix --extra-experimental-features "nix-command flakes" "$@" -} -nix-build() { - peek nix-build "$@" -} -case $2 in - ssh) - get_target_host - peek ssh root@"$TARGET_HOST" - ;; - build) - nix build -f servers.nix "$host" --show-trace - ;; - copy) - get_target_host - nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" - ;; - test) - get_target_host - outPath=$(nix-build servers.nix -A "$host") - nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" - peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test - ;; - boot) - get_target_host - outPath=$(nix-build servers.nix -A "$host") - nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" - peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath" - peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot - ;; - switch) - get_target_host - outPath=$(nix-build servers.nix -A "$host") - nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST" - peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath" - peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch - ;; -esac diff --git a/nixos/physical/3950x-hardware-config.nix b/nixos/machines/blackadder/3950x-hardware-config.nix similarity index 100% rename from nixos/physical/3950x-hardware-config.nix rename to nixos/machines/blackadder/3950x-hardware-config.nix diff --git a/nixos/physical/3950x.nix b/nixos/machines/blackadder/3950x.nix similarity index 95% rename from nixos/physical/3950x.nix rename to nixos/machines/blackadder/3950x.nix index 84f3676..904894e 100644 --- a/nixos/physical/3950x.nix +++ b/nixos/machines/blackadder/3950x.nix @@ -1,11 +1,12 @@ { config, pkgs, lib, inputs, ... }: { imports = [ - ./. ./3950x-hardware-config.nix inputs.nixos-hardware.nixosModules.common-cpu-amd ]; + hardware.enableRedistributableFirmware = true; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "zfs" ]; diff --git a/nixos/logical/blackadder.nix b/nixos/machines/blackadder/default.nix similarity index 96% rename from nixos/logical/blackadder.nix rename to nixos/machines/blackadder/default.nix index eeb7a14..8a6c2ce 100644 --- a/nixos/logical/blackadder.nix +++ b/nixos/machines/blackadder/default.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: { - imports = [ ../physical/3950x.nix ../roles/workstation.nix ]; + imports = [ ./3950x.nix ../../roles/workstation.nix ]; system.stateVersion = "19.09"; diff --git a/nixos/logical/frumar.nix b/nixos/machines/frumar/default.nix similarity index 96% rename from nixos/logical/frumar.nix rename to nixos/machines/frumar/default.nix index a17fb94..6800269 100644 --- a/nixos/logical/frumar.nix +++ b/nixos/machines/frumar/default.nix @@ -1,9 +1,8 @@ { config, pkgs, lib, ... }: { imports = [ - ../physical/fractal.nix - ../roles/server.nix - ../roles/homeserver.nix - ../services/torrent-wg.nix + ./fractal.nix + ../../roles/server.nix + ../../roles/homeserver.nix ]; system.stateVersion = "15.09"; @@ -169,9 +168,9 @@ }; }; age.secrets = { - grafana.file = ../../secrets/grafana.env.age; + grafana.file = ../../../secrets/grafana.env.age; transip-key = { - file = ../../secrets/transip-key.age; + file = ../../../secrets/transip-key.age; mode = "770"; owner = "nginx"; group = "nginx"; diff --git a/nixos/physical/fractal.nix b/nixos/machines/frumar/fractal.nix similarity index 87% rename from nixos/physical/fractal.nix rename to nixos/machines/frumar/fractal.nix index 25114d7..c30cbf0 100644 --- a/nixos/physical/fractal.nix +++ b/nixos/machines/frumar/fractal.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, inputs, ... }: { - imports = [ ./. inputs.nixos-hardware.nixosModules.common-cpu-intel ]; + imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel ]; + hardware.enableRedistributableFirmware = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; diff --git a/nixos/logical/jarvis.nix b/nixos/machines/jarvis/default.nix similarity index 67% rename from nixos/logical/jarvis.nix rename to nixos/machines/jarvis/default.nix index 8875329..92cb3c7 100644 --- a/nixos/logical/jarvis.nix +++ b/nixos/machines/jarvis/default.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: { - imports = [ ../physical/xps9360.nix ../roles/workstation.nix ]; + imports = [ ./xps9360.nix ../../roles/workstation.nix ]; system.stateVersion = "17.09"; diff --git a/nixos/physical/xps9360-hardware-config.nix b/nixos/machines/jarvis/xps9360-hardware-config.nix similarity index 100% rename from nixos/physical/xps9360-hardware-config.nix rename to nixos/machines/jarvis/xps9360-hardware-config.nix diff --git a/nixos/physical/xps9360.nix b/nixos/machines/jarvis/xps9360.nix similarity index 100% rename from nixos/physical/xps9360.nix rename to nixos/machines/jarvis/xps9360.nix diff --git a/nixos/logical/pennyworth.nix b/nixos/machines/pennyworth/default.nix similarity index 92% rename from nixos/logical/pennyworth.nix rename to nixos/machines/pennyworth/default.nix index ac007de..93f15e0 100644 --- a/nixos/logical/pennyworth.nix +++ b/nixos/machines/pennyworth/default.nix @@ -12,14 +12,13 @@ let proxyWebsockets = true; }; }; - vpn = import ../vpn.nix; + vpn = import ../../vpn.nix; in { imports = [ - ../physical/hetznercloud.nix - ../roles/server.nix - ../modules/muflax-blog.nix - ../services/backup.nix - ../services/email.nix + ./hetznercloud.nix + ../../roles/server.nix + ../../services/backup.nix + ../../services/email.nix ]; system.stateVersion = "19.03"; @@ -44,7 +43,7 @@ in { }; }; - age.secrets.muflax.file = ../../secrets/http.muflax.age; + age.secrets.muflax.file = ../../../secrets/http.muflax.age; services.muflax-blog = { enable = true; web-server = { port = 9001; }; @@ -101,7 +100,6 @@ in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; environment.noXlibs = true; users.users.yorick.packages = with pkgs; [ - python2 sshfs-fuse weechat ripgrep diff --git a/nixos/physical/hetznercloud.nix b/nixos/machines/pennyworth/hetznercloud.nix similarity index 91% rename from nixos/physical/hetznercloud.nix rename to nixos/machines/pennyworth/hetznercloud.nix index d9f41a3..62a598d 100644 --- a/nixos/physical/hetznercloud.nix +++ b/nixos/machines/pennyworth/hetznercloud.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, modulesPath, ... }: -let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName}; +let ipconf = (import ../../secrets.nix).ipconf.${config.networking.hostName}; in { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; diff --git a/nixos/logical/smithers.nix b/nixos/machines/smithers/default.nix similarity index 72% rename from nixos/logical/smithers.nix rename to nixos/machines/smithers/default.nix index 52998c0..003df68 100644 --- a/nixos/logical/smithers.nix +++ b/nixos/machines/smithers/default.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - imports = [ ../physical/x11.nix ../roles/workstation.nix ]; + imports = [ ./x11.nix ../../roles/workstation.nix ]; yorick.lumi-vpn.enable = lib.mkForce false; yorick.lumi-cache.enable = lib.mkForce false; diff --git a/nixos/physical/x11-hardware-config.nix b/nixos/machines/smithers/x11-hardware-config.nix similarity index 100% rename from nixos/physical/x11-hardware-config.nix rename to nixos/machines/smithers/x11-hardware-config.nix diff --git a/nixos/physical/x11.nix b/nixos/machines/smithers/x11.nix similarity index 93% rename from nixos/physical/x11.nix rename to nixos/machines/smithers/x11.nix index dfd0fa4..187e0ca 100644 --- a/nixos/physical/x11.nix +++ b/nixos/machines/smithers/x11.nix @@ -1,11 +1,12 @@ { config, pkgs, lib, inputs, ... }: { imports = [ - ./. inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1 ./x11-hardware-config.nix ]; + hardware.enableRedistributableFirmware = true; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.zfs.requestEncryptionCredentials = true; diff --git a/nixos/physical/apu2c4.nix b/nixos/machines/zazu/apu2c4.nix similarity index 100% rename from nixos/physical/apu2c4.nix rename to nixos/machines/zazu/apu2c4.nix diff --git a/nixos/logical/zazu.nix b/nixos/machines/zazu/default.nix similarity index 99% rename from nixos/logical/zazu.nix rename to nixos/machines/zazu/default.nix index 4da6a3d..71df825 100644 --- a/nixos/logical/zazu.nix +++ b/nixos/machines/zazu/default.nix @@ -3,9 +3,9 @@ { imports = [ # Include the results of the hardware scan. - ../physical/apu2c4.nix + ./apu2c4.nix # - ../roles + ../../roles inputs.nixos-hardware.nixosModules.pcengines-apu "${modulesPath}/profiles/minimal.nix" ]; diff --git a/nixos/overlay.nix b/nixos/overlay.nix index cc18ad6..b4aeeb0 100644 --- a/nixos/overlay.nix +++ b/nixos/overlay.nix @@ -18,6 +18,6 @@ in pkgs: super: { }; in c.config.system.build // c; machine = pkgs.lib.genAttrs names - (name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; }); + (name: nixos [ ./roles (./machines + "/${name}/default.nix") ] { inherit name; }); }; } diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index b3eb7ff..f0e41a9 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -11,6 +11,7 @@ in { ../modules/nginx.nix ../modules/lumi-cache.nix ../modules/lumi-vpn.nix + ../modules/muflax-blog.nix ../services ]; diff --git a/nixos/roles/homeserver.nix b/nixos/roles/homeserver.nix index c1b0fd5..bba608a 100644 --- a/nixos/roles/homeserver.nix +++ b/nixos/roles/homeserver.nix @@ -1,9 +1,7 @@ { lib, ... }: { users.users.lars = { isNormalUser = true; - openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ - lars - ]; + openssh.authorizedKeys.keys = with (import ../sshkeys.nix); lars; }; services.avahi = { enable = true; diff --git a/nixos/servers.nix b/nixos/servers.nix deleted file mode 100644 index 46841f0..0000000 --- a/nixos/servers.nix +++ /dev/null @@ -1 +0,0 @@ -builtins.mapAttrs (n: a: a.toplevel) ((import ../.).yorick.machine) diff --git a/nixos/services/default.nix b/nixos/services/default.nix index a98a158..6c0a423 100644 --- a/nixos/services/default.nix +++ b/nixos/services/default.nix @@ -1 +1,4 @@ -{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; } +{ + imports = + [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ./torrent-wg.nix ]; +} diff --git a/nixos/services/torrent-wg.nix b/nixos/services/torrent-wg.nix index aaded44..0e2ab54 100644 --- a/nixos/services/torrent-wg.nix +++ b/nixos/services/torrent-wg.nix @@ -6,7 +6,7 @@ in { name = mkOption { type = types.str; }; namespace = mkOption { type = types.str; }; }; - config = { + config = lib.mkIf cfg.enable { age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age; networking.wireguard.interfaces.${cfg.name} = { # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'