diff --git a/flake.nix b/flake.nix index 46a2ceec..9061283d 100644 --- a/flake.nix +++ b/flake.nix @@ -38,107 +38,114 @@ }; outputs = inputs @ { self, nixpkgs, nixpkgs-master, agenix, home-manager, impermanence, darwin, utils, neovim-nightly-overlay, ... }: - let - extraSystems = [ ]; - lib = nixpkgs.lib.extend (self: super: { - my = import ./lib { inherit inputs; lib = self; }; - }); - - genPkgs = system: import nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ - self.overlay - neovim-nightly-overlay.overlay - (final: prev: { - my = self.packages.${prev.system}; - }) - ]; - }; - - hmConfig = { hm, pkgs, inputs, config, ...}: { - imports = (lib.my.mapModulesRec' ./hm-imports (x: x)) ++ ["${impermanence}/home-manager.nix"]; - }; - - rev = if (lib.hasAttrByPath [ "rev" ] self.sourceInfo) then self.sourceInfo.rev else "Dirty Build"; - - nixosSystem = system: extraModules: hostName: let - pkgs = genPkgs system; - in nixpkgs.lib.nixosSystem - rec { - inherit system; - specialArgs = { inherit lib inputs pkgs system; }; - modules = [ - agenix.nixosModules.age - impermanence.nixosModules.impermanence - home-manager.nixosModules.home-manager - ({ config, ...}: lib.mkMerge [{ - networking.hostName = hostName; - system.configurationRevision = rev; - services.getty.greetingLine = - "<<< Welcome to ${config.system.nixos.label} @ ${rev} - Please leave\\l >>>"; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit inputs ; }; - } - - (lib.mkIf config.ragon.user.enable { # import hm stuff if enabled - home-manager.users.ragon = hmConfig; - }) - ]) - ./nixos-common.nix - ] ++ (lib.my.mapModulesRec' (toString ./nixos-modules) import) ++ extraModules; - }; - darwinSystem = system: extraModules: hostName: let - pkgs = genPkgs system; - in darwin.lib.darwinSystem - { - inherit system; - specialArgs = { inherit darwin lib pkgs inputs self; }; - modules = [ - home-manager.darwinModules.home-manager - ({ config, inputs, self, ...}: { config = { - #system.darwinLabel = "${config.system.darwinLabel}@${rev}"; - networking.hostName = hostName; - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.ragon = hmConfig; - }; - }) - ./darwin-common.nix - ] ++ (lib.my.mapModulesRec' (toString ./darwin-modules) import) ++ extraModules; - }; + extraSystems = [ ]; + lib = nixpkgs.lib.extend (self: super: { + my = import ./lib { inherit inputs; lib = self; }; + }); - processConfigurations = lib.mapAttrs (n: v: v n); - - - in - { - lib = lib.my; - overlay = final: prev: { - unstable = import nixpkgs-master { - system = prev.system; + genPkgs = system: import nixpkgs { + inherit system; config.allowUnfree = true; + overlays = [ + self.overlay + neovim-nightly-overlay.overlay + (final: prev: { + my = self.packages.${prev.system}; + }) + ]; }; - my = self.packages."${prev.system}"; - }; - nixosModules = lib.my.mapModulesRec ./nixos-modules import; - darwinModules = []; - #darwinModules = lib.my.mapModulesRec ./darwin-modules import; - nixosConfigurations = processConfigurations { - picard = nixosSystem "x86_64-linux" [ ./hosts/picard/default.nix ]; # TODO - ds9 = nixosSystem "x86_64-linux" [ ./hosts/ds9/default.nix ]; # TODO - }; - darwinConfigurations = processConfigurations { - daedalus = darwinSystem "aarch64-darwin" [ ./hosts/daedalus/default.nix ]; # TODO - }; - } // utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; in { - devShell = pkgs.mkShell { - buildInputs = with pkgs; [lefthook nixpkgs-fmt]; - }; - packages = lib.my.mapModules ./packages (p: pkgs.callPackage p { inputs = inputs;}); - }); + hmConfig = { hm, pkgs, inputs, config, ... }: { + imports = (lib.my.mapModulesRec' ./hm-imports (x: x)) ++ [ "${impermanence}/home-manager.nix" ]; + }; + + rev = if (lib.hasAttrByPath [ "rev" ] self.sourceInfo) then self.sourceInfo.rev else "Dirty Build"; + + nixosSystem = system: extraModules: hostName: + let + pkgs = genPkgs system; + in + nixpkgs.lib.nixosSystem + rec { + inherit system; + specialArgs = { inherit lib inputs pkgs system; }; + modules = [ + agenix.nixosModules.age + impermanence.nixosModules.impermanence + home-manager.nixosModules.home-manager + ({ config, ... }: lib.mkMerge [{ + networking.hostName = hostName; + system.configurationRevision = rev; + services.getty.greetingLine = + "<<< Welcome to ${config.system.nixos.label} @ ${rev} - Please leave\\l >>>"; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit inputs; }; + } + + (lib.mkIf config.ragon.user.enable { + # import hm stuff if enabled + home-manager.users.ragon = hmConfig; + })]) + ./nixos-common.nix + ] ++ (lib.my.mapModulesRec' (toString ./nixos-modules) import) ++ extraModules; + }; + darwinSystem = system: extraModules: hostName: + let + pkgs = genPkgs system; + in + darwin.lib.darwinSystem + { + inherit system; + specialArgs = { inherit darwin lib pkgs inputs self; }; + modules = [ + home-manager.darwinModules.home-manager + ({ config, inputs, self, ... }: { + config = { + #system.darwinLabel = "${config.system.darwinLabel}@${rev}"; + networking.hostName = hostName; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.users.ragon = hmConfig; + }; + }) + ./darwin-common.nix + ] ++ (lib.my.mapModulesRec' (toString ./darwin-modules) import) ++ extraModules; + }; + + processConfigurations = lib.mapAttrs (n: v: v n); + + + in + { + lib = lib.my; + overlay = final: prev: { + unstable = import nixpkgs-master { + system = prev.system; + config.allowUnfree = true; + }; + my = self.packages."${prev.system}"; + }; + nixosModules = lib.my.mapModulesRec ./nixos-modules import; + darwinModules = [ ]; + #darwinModules = lib.my.mapModulesRec ./darwin-modules import; + nixosConfigurations = processConfigurations { + picard = nixosSystem "x86_64-linux" [ ./hosts/picard/default.nix ]; + ds9 = nixosSystem "x86_64-linux" [ ./hosts/ds9/default.nix ]; + backuppi = nixosSystem "aarch64-linux" [ ./hosts/backuppi/default.nix ]; + }; + darwinConfigurations = processConfigurations { + daedalus = darwinSystem "aarch64-darwin" [ ./hosts/daedalus/default.nix ]; + }; + + } // utils.lib.eachDefaultSystem (system: + let pkgs = nixpkgs.legacyPackages.${system}; in + { + devShell = pkgs.mkShell { + buildInputs = with pkgs; [ lefthook nixpkgs-fmt ]; + }; + packages = lib.my.mapModules ./packages (p: pkgs.callPackage p { inputs = inputs; }); + }); } diff --git a/hosts/backuppi/default.nix b/hosts/backuppi/default.nix new file mode 100644 index 00000000..33622ac9 --- /dev/null +++ b/hosts/backuppi/default.nix @@ -0,0 +1,47 @@ +{ config, inputs, pkgs, lib, ... }: +{ + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + "${inputs.nixos-hardware}/raspberry-pi/4/default.nix" + ]; + nixpkgs.overlays = [ + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + boot.loader.systemd-boot.enable = false; + boot.kernelPackages = pkgs.linuxPackages_rpi3; + boot.supportedFilesystems = lib.mkForce [ "reiserfs" "vfat" "zfs" "ext4" ]; + networking.hostId = "eec43f51"; + # networking.usePredictableInterfaceNames = false; + documentation.enable = false; + documentation.nixos.enable = false; + + nix = { + autoOptimiseStore = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + # Free up to 1GiB whenever there is less than 100MiB left. + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; + powerManagement.cpuFreqGovernor = "ondemand"; + + # Assuming this is installed on top of the disk image. + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + ragon.services.ssh.enable = true; + ragon.services.tailscale.enable = true; + +} diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index 3baade31..4b5855f1 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -19,6 +19,17 @@ in services.syncthing.enable = true; services.syncthing.user = "ragon"; + services.syncoid.command = + let + datasets = { + backups = "rpool/content/local/backups"; + data = "rpool/content/safe/data"; + ds9persist = "rpool/content/safe/persist"; + hassosvm = "rpool/content/safe/vms/hassos"; + }; + in + builtins.mapAttrs (n: v: { target = "backup/${n}"; source = v; sendOptions = [ "w" ]; }) datasets; + security.sudo.wheelNeedsPassword = false; networking.useDHCP = true; networking.bridges."br0".interfaces = [ ]; diff --git a/secrets/tailscaleKey.age b/secrets/tailscaleKey.age index 10358fbe..b8e26a33 100644 Binary files a/secrets/tailscaleKey.age and b/secrets/tailscaleKey.age differ