diff options
Diffstat (limited to 'users/glittershark/system/system/machines')
3 files changed, 0 insertions, 381 deletions
diff --git a/users/glittershark/system/system/machines/bumblebee.nix b/users/glittershark/system/system/machines/bumblebee.nix deleted file mode 100644 index 0fec214092..0000000000 --- a/users/glittershark/system/system/machines/bumblebee.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ../modules/reusable/battery.nix - ]; - - networking.hostName = "bumblebee"; - - powerManagement = { - enable = true; - cpuFreqGovernor = "powersave"; - powertop.enable = true; - }; - - # Hibernate on low battery - laptop.onLowBattery = { - enable = true; - action = "hibernate"; - thresholdPercentage = 5; - }; - - services.xserver.xkbOptions = "caps:swapescape"; -} diff --git a/users/glittershark/system/system/machines/chupacabra.nix b/users/glittershark/system/system/machines/chupacabra.nix deleted file mode 100644 index 4e0f9fff01..0000000000 --- a/users/glittershark/system/system/machines/chupacabra.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../modules/common.nix - ../modules/reusable/battery.nix - ../modules/tvl.nix - ../modules/urbint.nix - ../modules/fcitx.nix - ../modules/rtlsdr.nix - ../../../../../ops/nixos/v4l2loopback.nix - ../modules/desktop.nix - ]; - - hardware.enableRedistributableFirmware = true; - - networking.hostName = "chupacabra"; - - powerManagement = { - enable = true; - powertop.enable = true; - cpuFreqGovernor = "powersave"; - }; - - laptop.onLowBattery = { - enable = true; - action = "hibernate"; - thresholdPercentage = 5; - }; - - boot = { - blacklistedKernelModules = [ "nouveau" "intel" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - kernelModules = [ ]; - - luks.devices = { - "cryptroot".device = "/dev/disk/by-uuid/c2fc7ce7-a45e-48a1-8cde-be966ef601db"; - "cryptswap".device = "/dev/disk/by-uuid/3b6e2fd4-bfe9-4392-a6e0-4f3b3b76e019"; - }; - }; - - kernel.sysctl."vm.swappiness" = 1; - kernelModules = [ "kvm-intel" ]; - kernelParams = [ "acpi_rev_override" ]; - }; - - services.thermald.enable = true; - - hardware.cpu.intel.updateMicrocode = true; - - # Intel-only graphics - hardware.nvidiaOptimus.disable = true; - services.xserver.videoDrivers = [ "intel" ]; - - # Nvidia Optimus (hybrid) - currently not working - # services.xserver.videoDrivers = [ "intel" "nvidia" ]; - # boot.blacklistedKernelModules = [ "nouveau" "bbswitch" ]; - # boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ]; - # hardware.bumblebee.enable = true; - # hardware.bumblebee.pmMethod = "none"; - - systemd.services.disable-usb-autosuspend = { - description = "Disable USB autosuspend"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { Type = "oneshot"; }; - unitConfig.RequiresMountsFor = "/sys"; - script = '' - echo -1 > /sys/module/usbcore/parameters/autosuspend - ''; - }; - - # From hardware-configuration.nix - - fileSystems."/" = - { device = "/dev/mapper/cryptroot"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3492-9E3A"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/caa7e2ff-475b-4024-b29e-4f88f733fc4c"; } - ]; - - # High-DPI console - console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; - - # from nixos-hardware TODO sort this around - services.tlp.enable = true; - services.fstrim.enable = lib.mkDefault true; - - # Intel cpu stuff - hardware.opengl.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - - services.udev.extraRules = '' - # UDEV rules for Teensy USB devices - ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1" - ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666" - KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666" - ''; - - # Necessary to get steam working - hardware.opengl.driSupport32Bit = true; - - nix = { - maxJobs = lib.mkDefault 12; - binaryCaches = [ "ssh://grfn@172.16.0.5" ]; - trustedBinaryCaches = [ "ssh://grfn@172.16.0.5" ]; - buildMachines = [{ - hostName = "172.16.0.3"; - sshUser = "griffin"; - sshKey = "/home/grfn/.ssh/id_rsa"; - system = "x86_64-darwin"; - maxJobs = 4; - } { - hostName = "172.16.0.4"; - sshUser = "griffin"; - sshKey = "/home/grfn/.ssh/id_rsa"; - system = "x86_64-darwin"; - maxJobs = 8; # 16 cpus - } { - hostName = "eu.nixbuild.net"; - system = "x86_64-linux"; - maxJobs = 100; - supportedFeatures = [ "benchmark" "big-parallel" ]; - }]; - }; -} diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix deleted file mode 100644 index 31307cd10e..0000000000 --- a/users/glittershark/system/system/machines/mugwump.nix +++ /dev/null @@ -1,218 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -with lib; - -{ - imports = [ - ../modules/common.nix - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - networking.hostName = "mugwump"; - - boot = { - loader.systemd-boot.enable = true; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ - "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" - ]; - - postDeviceCommands = pkgs.lib.mkBefore '' - mkdir -m 0755 -p /key - sleep 2 - mount -n -t vfat -o ro `findfs UUID=9048-A9D5` /key - ''; - - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/803a9028-339c-4617-a213-4fe138161f6d"; - keyFile = "/key/keyfile"; - preLVM = false; - }; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/cryptroot"; - fsType = "btrfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/7D74-0E4B"; - fsType = "vfat"; - }; - }; - - networking.interfaces = { - enp0s25.useDHCP = false; - wlp2s0.useDHCP = false; - }; - - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - - security.sudo.extraRules = [{ - groups = ["wheel"]; - commands = [{ command = "ALL"; options = ["NOPASSWD"]; }]; - }]; - - nix.gc.dates = "monthly"; - - services.fail2ban = { - enable = true; - ignoreIP = [ - "172.16.0.0/16" - ]; - }; - - services.openssh = { - allowSFTP = false; - passwordAuthentication = false; - permitRootLogin = "no"; - }; - - services.grafana = { - enable = true; - port = 3000; - domain = "metrics.gws.fyi"; - rootUrl = "https://metrics.gws.fyi"; - dataDir = "/var/lib/grafana"; - analytics.reporting.enable = false; - - provision = { - enable = true; - datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "localhost:9090"; - }]; - }; - }; - - security.acme.email = "root@gws.fyi"; - security.acme.acceptTerms = true; - - services.nginx = { - enable = true; - statusPage = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts = { - "metrics.gws.fyi" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.port}"; - }; - }; - - "wigglydonke.rs" = { - enableACME = true; - forceSSL = true; - root = ../../../wigglydonke.rs; - }; - }; - }; - - security.acme.certs."metrics.gws.fyi" = { - dnsProvider = "namecheap"; - credentialsFile = "/etc/secrets/namecheap.env"; - webroot = mkForce null; - }; - - services.prometheus = { - enable = true; - exporters = { - node = { - enable = true; - openFirewall = false; - - enabledCollectors = [ - "processes" - "systemd" - "tcpstat" - "wifi" - "textfile" - ]; - - extraFlags = [ - "--collector.textfile.directory=/var/lib/prometheus/node-exporter" - ]; - }; - - nginx = { - enable = true; - openFirewall = true; - sslVerify = false; - constLabels = [ "host=mugwump" ]; - }; - }; - - scrapeConfigs = [{ - job_name = "node"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; - }]; - } { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; - }]; - }]; - }; - - systemd.services."prometheus-fail2ban-exporter" = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "fail2ban.service" ]; - serviceConfig = { - User = "root"; - Type = "oneshot"; - ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" '' - set -eo pipefail - mkdir -p /var/lib/prometheus/node-exporter - exec ${pkgs.python3.withPackages (p: [ - p.prometheus_client - ])}/bin/python ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py"; - sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4"; - }} - ''; - }; - - path = with pkgs; [ fail2ban ]; - }; - - systemd.timers."prometheus-fail2ban-exporter" = { - wantedBy = [ "multi-user.target" ]; - timerConfig.OnCalendar = "minutely"; - }; - - virtualisation.docker.enable = true; - - services.buildkite-agents = listToAttrs (map (n: rec { - name = "mugwump-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = "/etc/secrets/buildkite-agent-token"; - privateSshKeyPath = "/etc/secrets/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - ]; - }; - }) (range 1 1)); - - users.users."buildkite-agent-mugwump-1".extraGroups = [ "docker" ]; - users.users."buildkite-agent-mugwump-2".extraGroups = [ "docker" ]; -} |