diff options
Diffstat (limited to 'users/grfn/system/system/machines')
-rw-r--r-- | users/grfn/system/system/machines/bumblebee.nix | 23 | ||||
-rw-r--r-- | users/grfn/system/system/machines/mugwump.nix | 306 | ||||
-rw-r--r-- | users/grfn/system/system/machines/ogopogo.nix | 149 | ||||
-rw-r--r-- | users/grfn/system/system/machines/roswell.nix | 31 | ||||
-rw-r--r-- | users/grfn/system/system/machines/yeren.nix | 132 |
5 files changed, 0 insertions, 641 deletions
diff --git a/users/grfn/system/system/machines/bumblebee.nix b/users/grfn/system/system/machines/bumblebee.nix deleted file mode 100644 index 0fec214092..0000000000 --- a/users/grfn/system/system/machines/bumblebee.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ../modules/reusable/battery.nix - ]; - - networking.hostName = "bumblebee"; - - powerManagement = { - enable = true; - cpuFreqGovernor = "powersave"; - powertop.enable = true; - }; - - # Hibernate on low battery - laptop.onLowBattery = { - enable = true; - action = "hibernate"; - thresholdPercentage = 5; - }; - - services.xserver.xkbOptions = "caps:swapescape"; -} diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix deleted file mode 100644 index 3d4de5df1d..0000000000 --- a/users/grfn/system/system/machines/mugwump.nix +++ /dev/null @@ -1,306 +0,0 @@ -{ config, lib, pkgs, modulesPath, depot, ... }: - -with lib; - -{ - imports = [ - ../modules/common.nix - (modulesPath + "/installer/scan/not-detected.nix") - (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") - (depot.path.origSrc + "/users/grfn/xanthous/server/module.nix") - (depot.third_party.agenix.src + "/modules/age.nix") - depot.third_party.ddclient.module - ]; - - networking.hostName = "mugwump"; - - system.stateVersion = "22.05"; - - boot = { - loader.systemd-boot.enable = true; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ - "uas" - "usbcore" - "usb_storage" - "vfat" - "nls_cp437" - "nls_iso8859_1" - ]; - - postDeviceCommands = pkgs.lib.mkBefore '' - mkdir -m 0755 -p /key - sleep 2 - mount -n -t vfat -o ro `findfs UUID=9048-A9D5` /key - ''; - - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/803a9028-339c-4617-a213-4fe138161f6d"; - keyFile = "/key/keyfile"; - preLVM = false; - }; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/cryptroot"; - fsType = "btrfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/7D74-0E4B"; - fsType = "vfat"; - }; - }; - - networking.interfaces = { - enp0s25.useDHCP = false; - wlp2s0.useDHCP = false; - }; - - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - - security.sudo.extraRules = [{ - groups = [ "wheel" ]; - commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }]; - }]; - - nix.gc.dates = "monthly"; - - users.users.grfn.openssh.authorizedKeys.keys = [ - depot.users.grfn.keys.whitby - ]; - - age.secrets = - let - secret = name: depot.users.grfn.secrets."${name}.age"; - in - { - cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; - - buildkite-ssh-key = { - file = secret "buildkite-ssh-key"; - group = "keys"; - mode = "0440"; - }; - - buildkite-token = { - file = secret "buildkite-token"; - group = "keys"; - mode = "0440"; - }; - - windtunnel-bot-github-token = { - file = secret "windtunnel-bot-github-token"; - group = "keys"; - mode = "0440"; - }; - }; - - services.fail2ban = { - enable = true; - ignoreIP = [ - "172.16.0.0/16" - ]; - }; - - services.openssh = { - allowSFTP = false; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - services.grafana = { - enable = true; - dataDir = "/var/lib/grafana"; - - settings = { - server = { - http_port = 3000; - root_url = "https://metrics.gws.fyi"; - domain = "metrics.gws.fyi"; - }; - analytics.reporting_enabled = false; - }; - - provision = { - enable = true; - datasources.settings.datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:9090"; - }]; - }; - }; - - security.acme.defaults.email = "root@gws.fyi"; - security.acme.acceptTerms = true; - - services.nginx = { - enable = true; - statusPage = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - "metrics.gws.fyi" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - }; - }; - }; - }; - - services.deprecated-ddclient = { - package = depot.third_party.ddclient; - enable = true; - domains = [ "home.gws.fyi" ]; - interval = "1d"; - zone = "gws.fyi"; - protocol = "cloudflare"; - username = "root@gws.fyi"; - passwordFile = config.age.secretsDir + "/ddclient-password"; - quiet = true; - }; - - security.acme.certs."metrics.gws.fyi" = { - dnsProvider = "cloudflare"; - credentialsFile = config.age.secretsDir + "/cloudflare"; - webroot = mkForce null; - }; - - services.prometheus = { - enable = true; - exporters = { - node = { - enable = true; - openFirewall = false; - - enabledCollectors = [ - "processes" - "systemd" - "tcpstat" - "wifi" - ]; - }; - - nginx = { - enable = true; - openFirewall = true; - sslVerify = false; - constLabels = [ "host=mugwump" ]; - }; - - blackbox = { - enable = true; - openFirewall = true; - configFile = pkgs.writeText "blackbox-exporter.yaml" (builtins.toJSON { - modules = { - https_2xx = { - prober = "http"; - http = { - method = "GET"; - fail_if_ssl = false; - fail_if_not_ssl = true; - preferred_ip_protocol = "ip4"; - }; - }; - }; - }); - }; - }; - - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "5s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; - }]; - } - { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; - }]; - } - { - job_name = "xanthous_server"; - scrape_interval = "1s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.xanthous-server.metricsPort}" ]; - }]; - } - { - job_name = "blackbox"; - metrics_path = "/probe"; - params.module = [ "https_2xx" ]; - scrape_interval = "5s"; - static_configs = [{ - targets = [ - "https://gws.fyi" - "https://windtunnel.ci" - "https://app.windtunnel.ci" - "https://metrics.gws.fyi" - ]; - }]; - relabel_configs = [{ - source_labels = [ "__address__" ]; - target_label = "__param_target"; - } - { - source_labels = [ "__param_target" ]; - target_label = "instance"; - } - { - target_label = "__address__"; - replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; - }]; - } - ]; - }; - - services.xanthous-server.enable = true; - - virtualisation.docker = { - enable = true; - storageDriver = "btrfs"; - }; - - services.buildkite-agents = listToAttrs (map - (n: rec { - name = "mugwump-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = config.age.secretsDir + "/buildkite-token"; - privateSshKeyPath = config.age.secretsDir + "/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - ]; - }; - }) - (range 1 1)); - - users.users."buildkite-agent-mugwump-1" = { - isSystemUser = true; - extraGroups = [ "docker" "keys" ]; - }; -} diff --git a/users/grfn/system/system/machines/ogopogo.nix b/users/grfn/system/system/machines/ogopogo.nix deleted file mode 100644 index af7075a97f..0000000000 --- a/users/grfn/system/system/machines/ogopogo.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ depot, modulesPath, config, lib, pkgs, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (depot.third_party.agenix.src + "/modules/age.nix") - ../modules/common.nix - ../modules/xserver.nix - ../modules/fonts.nix - ../modules/sound.nix - ../modules/tvl.nix - ../modules/development.nix - ../modules/wireshark.nix - ]; - - networking.hostName = "ogopogo"; - - system.stateVersion = "22.11"; - - boot = { - initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; - }; - - kernelModules = [ "kvm-amd" ]; - blacklistedKernelModules = [ ]; - extraModulePackages = [ ]; - - kernel.sysctl = { - "kernel.perf_event_paranoid" = -1; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/d67506cf-7039-484d-97c0-00321a7858dc"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/AE73-03A3"; - fsType = "vfat"; - }; - - "/data" = { - device = "/dev/disk/by-uuid/03e0f4dc-9778-42e2-a59e-45522610e509"; - fsType = "ext4"; - }; - }; - - swapDevices = [{ - device = "/dev/disk/by-uuid/8bdae7c8-5160-491f-8cd0-4f0a79acadf9"; - }]; - - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - - hardware.enableAllFirmware = true; - - hardware.pulseaudio.extraConfig = '' - load-module module-remap-source source_name=KompleteAudio6_1 source_properties=device.description=KompleteAudio6Input1 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-left channel_map=mono - load-module module-remap-source source_name=KompleteAudio6_2 source_properties=device.description=KompleteAudio6Input2 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-right channel_map=mono - load-module module-remap-sink sink_name=KompleteAudio6_12 sink_properties=device.description=KompleteAudio6_12 remix=no master=alsa_output.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.analog-surround-21 channels=2 master_channel_map=front-left,front-right channel_map=front-left,front-right - ''; - - services.fwupd.enable = true; - - services.tailscale.enable = true; - - hardware.keyboard.zsa.enable = true; - - # Nvidia - services.xserver = { - videoDrivers = [ "nvidia" ]; - dpi = 100; - }; - hardware.opengl.enable = true; - services.picom = { - enable = true; - vSync = true; - }; - hardware.opengl.driSupport32Bit = true; - - services.postgresql = { - enable = true; - enableTCPIP = true; - authentication = "host all all 0.0.0.0/0 md5"; - dataDir = "/data/postgresql"; - package = pkgs.postgresql_15; - port = 5431; - settings = { - wal_level = "logical"; - }; - }; - - services.buildkite-agents.ogopogo-1 = rec { - enable = true; - tokenPath = config.age.secretsDir + "/buildkite-token"; - privateSshKeyPath = config.age.secretsDir + "/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - bash - ]; - tags = { - queue = "ogopogo"; - }; - dataDir = "/home/grfn/buildkite-agent"; - - hooks.environment = '' - export BUILDKITE_AGENT_HOME=${dataDir} - ''; - }; - systemd.services.buildkite-agent-ogopogo-1.serviceConfig.User = - lib.mkForce "grfn"; - users.users.grfn.extraGroups = [ "keys" ]; - - age.secrets = - let - secret = name: depot.users.grfn.secrets."${name}.age"; - in - { - buildkite-ssh-key = { - file = secret "buildkite-ssh-key"; - group = "keys"; - mode = "0440"; - }; - - buildkite-token = { - file = secret "buildkite-token"; - group = "keys"; - mode = "0440"; - }; - }; - - nix.settings.substituters = [ "ssh://grfn@172.16.0.5" ]; - nix.settings.trusted-substituters = [ "ssh://grfn@172.16.0.5" ]; - programs.ssh.knownHosts.mugwump = { - extraHostNames = [ "172.16.0.5" ]; - publicKeyFile = pkgs.writeText "mugwump.pub" '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE2fxPgWO+zeQoLBTgsgxP7Vg7QNHlrQ+Rb3fHFTomB - ''; - }; -} diff --git a/users/grfn/system/system/machines/roswell.nix b/users/grfn/system/system/machines/roswell.nix deleted file mode 100644 index 8287c95425..0000000000 --- a/users/grfn/system/system/machines/roswell.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ depot, config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - ../modules/common.nix - ../modules/development.nix - "${modulesPath}/installer/scan/not-detected.nix" - "${modulesPath}/virtualisation/amazon-image.nix" - ]; - - system.stateVersion = "22.05"; - - networking.hostName = "roswell"; - - users.users.grfn.openssh.authorizedKeys.keys = [ - depot.users.grfn.keys.main - ]; - - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.efi.canTouchEfiVariables = lib.mkForce false; - - services.openssh.settings.PasswordAuthentication = false; - - services.tailscale.enable = true; - - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - cloud-utils - ]; -} diff --git a/users/grfn/system/system/machines/yeren.nix b/users/grfn/system/system/machines/yeren.nix deleted file mode 100644 index 9208d76d58..0000000000 --- a/users/grfn/system/system/machines/yeren.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ depot, modulesPath, config, lib, pkgs, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../modules/common.nix - ../modules/laptop.nix - ../modules/xserver.nix - ../modules/fonts.nix - ../modules/sound.nix - ../modules/tvl.nix - ../modules/development.nix - ]; - - networking.hostName = "yeren"; - - system.stateVersion = "21.03"; - - time.timeZone = "America/New_York"; - - services.avahi = { - enable = true; - nssmdns = true; - }; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - kernelModules = [ ]; - - luks.devices = { - "cryptroot".device = "/dev/disk/by-uuid/dcfbc22d-e0d2-411b-8dd3-96704d3aae2e"; - }; - }; - - kernelModules = [ "kvm-intel" ]; - blacklistedKernelModules = [ "psmouse" ]; - extraModulePackages = [ - config.boot.kernelPackages.digimend - ]; - kernelParams = [ - "i915.preliminary_hw_support=1" - "pcie_aspm=force" - ]; - - # https://bbs.archlinux.org/viewtopic.php?pid=1933643#p1933643 - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=1 - ''; - - kernel.sysctl = { - "kernel.perf_event_paranoid" = -1; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/cryptroot"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/53A9-248B"; - fsType = "vfat"; - }; - }; - - swapDevices = [{ - device = "/dev/disk/by-uuid/b627cb0e-0451-4f25-94d0-6497e01f0da4"; - }]; - - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; - - services.xserver = { - exportConfiguration = true; - extraConfig = '' - Section "Device" - Identifier "Intel Graphics" - Driver "intel" - Option "TripleBuffer" "true" - Option "TearFree" "true" - Option "DRI" "true" - Option "AccelMethod" "sna" - EndSection - ''; - }; - - hardware.firmware = with pkgs; [ - alsa-firmware - sof-firmware - ]; - - hardware.opengl.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - - # Disabled for now until libfprint-tod can get a version bump - # services.fprintd = { - # enable = true; - # package = pkgs.fprintd-tod; - # }; - - systemd.services.fprintd.environment.FP_TOD_DRIVERS_DIR = - "${pkgs.libfprint-2-tod1-goodix}/usr/lib/libfprint-2/tod-1"; - - security.pam.services = { - login.fprintAuth = true; - sudo.fprintAuth = true; - i3lock.fprintAuth = false; - i3lock-color.fprintAuth = false; - lightdm.fprintAuth = true; - lightdm-greeter.fprintAuth = true; - }; - - hardware.opengl.driSupport32Bit = true; - - hardware.pulseaudio.extraConfig = '' - load-module module-remap-source source_name=KompleteAudio6_1 source_properties=device.description=KompleteAudio6Input1 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-left channel_map=mono - load-module module-remap-source source_name=KompleteAudio6_2 source_properties=device.description=KompleteAudio6Input2 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-right channel_map=mono - load-module module-remap-sink sink_name=KompleteAudio6_12 sink_properties=device.description=KompleteAudio6_12 remix=no master=alsa_output.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.analog-surround-21 channels=2 master_channel_map=front-left,front-right channel_map=front-left,front-right - ''; - - services.fwupd.enable = true; - - services.tailscale.enable = true; -} |