diff --git a/hosts/hetzner-arm/containers/jellyfin/default.nix b/hosts/hetzner-arm/containers/jellyfin/default.nix index 2fd20cc..f6aaebf 100644 --- a/hosts/hetzner-arm/containers/jellyfin/default.nix +++ b/hosts/hetzner-arm/containers/jellyfin/default.nix @@ -1,15 +1,17 @@ { self, - hostPath, tree, inputs, pkgs, config, + lib, ... }: let + inherit (lib.lists) flatten; + containerName = "jellyfin"; - containerAddresses = import "${hostPath}/data/containerAddresses.nix"; + containerAddresses = import "../../data/containerAddresses.nix"; hostIP = containerAddresses.host; containerIP = containerAddresses.containers.${containerName}; @@ -43,22 +45,22 @@ in { inherit inputs; inherit tree; inherit self; - inherit hostPath; }; config = {...}: { nixpkgs.pkgs = pkgs; - imports = with tree; - [ - presets.nixos.containerBase - ./secrets.nix - ] - ++ (with hosts.hetzner-arm.containers.jellyfin.profiles; [ + imports = flatten (with tree; [ + presets.nixos.containerBase + + (with hosts.hetzner-arm.containers.jellyfin.profiles; [ mediaMount jellyfin restic - ]); + ]) + + ./secrets.nix + ]); home-manager.users.root.home.stateVersion = "24.05"; system.stateVersion = "24.05"; diff --git a/hosts/hetzner-arm/containers/mail/default.nix b/hosts/hetzner-arm/containers/mail/default.nix index cb07f8f..c880fd1 100644 --- a/hosts/hetzner-arm/containers/mail/default.nix +++ b/hosts/hetzner-arm/containers/mail/default.nix @@ -5,10 +5,10 @@ inputs, config, pkgs, - hostPath, ... }: let inherit (lib.modules) mkMerge mkForce; + inherit (lib.lists) flatten; ports = [ # SMTP @@ -44,24 +44,23 @@ in { inherit inputs; inherit tree; inherit self; - inherit hostPath; }; config = {...}: { nixpkgs.pkgs = pkgs; - imports = with tree; - [ - presets.nixos.containerBase + imports = flatten (with tree; [ + presets.nixos.containerBase - ./secrets.nix - ] - ++ (with hosts.hetzner-arm.containers.mail; [ + (with hosts.hetzner-arm.containers.mail; [ modules.mailserver profiles.mailserver profiles.restic - ]); + ]) + + ./secrets.nix + ]); systemd.tmpfiles.rules = [ "d /var/lib/acme - root root" diff --git a/hosts/hetzner-arm/containers/storage/default.nix b/hosts/hetzner-arm/containers/storage/default.nix index 79099d1..ffe6d6f 100644 --- a/hosts/hetzner-arm/containers/storage/default.nix +++ b/hosts/hetzner-arm/containers/storage/default.nix @@ -1,6 +1,5 @@ { self, - hostPath, tree, lib, inputs, @@ -8,8 +7,9 @@ ... }: let inherit (lib.attrsets) attrValues; + inherit (lib.lists) flatten; - containerAddresses = import "${hostPath}/data/containerAddresses.nix"; + containerAddresses = import "../../data/containerAddresses.nix"; hostIP = containerAddresses.host; containerIP = containerAddresses.containers.storage; @@ -47,26 +47,27 @@ in { inherit inputs; inherit tree; inherit self; - inherit hostPath; }; config = {...}: { nixpkgs.pkgs = pkgs; - imports = with tree; - [ - presets.nixos.containerBase - ./secrets.nix - ] - ++ (with hosts.hetzner-arm.containers.storage.profiles; [ + imports = flatten (with tree; [ + presets.nixos.containerBase + + (with hosts.hetzner-arm.containers.storage.profiles; [ rcloneConfigs rcloneServe rcloneSync users - ]); + ]) + + ./secrets.nix + ]); environment.systemPackages = with pkgs; [ rclone + fuse fuse3 ]; diff --git a/hosts/hetzner-arm/hetzner-arm.nix b/hosts/hetzner-arm/hetzner-arm.nix index eb7dde5..d0e2df6 100644 --- a/hosts/hetzner-arm/hetzner-arm.nix +++ b/hosts/hetzner-arm/hetzner-arm.nix @@ -3,25 +3,24 @@ lib, ... }: let - inherit (lib.lists) forEach; + inherit (lib.lists) forEach flatten; in { - imports = with tree; - [ - presets.nixos.serverBase - presets.nixos.serverHetzner - presets.nixos.serverEncryptedDrive + imports = flatten (with tree; [ + (with tree.presets.nixos; [ + serverBase + serverHetzner + serverEncryptedDrive + ]) - profiles.nixos.nginx + profiles.nixos.nginx - ./hardware.nix - ./secrets.nix - ] - ++ (forEach [ + (forEach [ "storage" "mail" "jellyfin" ] (name: ./containers + "/${name}")) - ++ (with hosts.hetzner-arm.profiles; [ + + (with hosts.hetzner-arm.profiles; [ staticSites gotosocial forgejo @@ -29,7 +28,11 @@ in { radicale vault restic - ]); + ]) + + ./hardware.nix + ./secrets.nix + ]); # TODO: environment.noXlibs = true; diff --git a/hosts/lappy-t495/lappy-t495.nix b/hosts/lappy-t495/lappy-t495.nix index bf649ca..16946ac 100644 --- a/hosts/lappy-t495/lappy-t495.nix +++ b/hosts/lappy-t495/lappy-t495.nix @@ -25,6 +25,7 @@ in { ]) ./secrets.nix + ./hardware.nix ]); home-manager.users.root.home.stateVersion = "24.05"; diff --git a/hosts/nixos-live/nixos-live.nix b/hosts/nixos-live/nixos-live.nix deleted file mode 100644 index 6409149..0000000 --- a/hosts/nixos-live/nixos-live.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - tree, - modulesPath, - lib, - ... -}: let - inherit (lib.modules) mkForce; -in { - imports = with tree; [ - (modulesPath + "/installer/cd-dvd/installation-cd-graphical-gnome.nix") - (modulesPath + "/installer/cd-dvd/channel.nix") - - users.root - profiles.base - profiles.sshd - profiles.connectivity.iOS - profiles.connectivity.networkManager - ]; - - # disable zfs - nixpkgs.overlays = [ - (_final: super: { - zfs = super.zfs.overrideAttrs (_: { - meta.platforms = []; - }); - }) - ]; - - networking.wireless.enable = mkForce false; - - nixpkgs.config.allowBroken = true; - - home-manager.users.root = { - imports = with tree; [home.base home.dev]; - }; - - home-manager.users.nixos = { - imports = with tree; [home.base home.dev]; - }; - - isoImage = { - isoBaseName = "nixos-chaos"; - compressImage = false; - squashfsCompression = "zstd -Xcompression-level 1"; - }; - - services.openssh.settings.PermitRootLogin = mkForce "yes"; -} diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 238fba4..e97958c 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -38,58 +38,18 @@ ]; nixosUnstableSystem = nixpkgs-unstable.lib.nixosSystem; - - nixosX86_64LiveWithExtraDepsForMachines = machines: - nixosUnstableSystem { - specialArgs = - defaultSpecialArgs - // { - hostPath = ./nixos-live; - }; - system = "x86_64-linux"; - modules = - defaultModules - ++ [ - ./nixos-live/nixos-live.nix - ({...}: { - system.extraDependencies = - forEach machines (system: - self.nixosConfigurations.${system}.config.system.build.toplevel); - }) - ]; - }; in rec { lappy-t495 = nixosUnstableSystem { specialArgs = - defaultSpecialArgs - // { - hostPath = ./lappy-t495; - }; + defaultSpecialArgs; system = "x86_64-linux"; - modules = defaultModules ++ [./lappy-t495/lappy-t495.nix ./lappy-t495/hardware.nix]; + modules = defaultModules ++ [./lappy-t495/lappy-t495.nix]; }; hetzner-arm = nixosUnstableSystem { specialArgs = - defaultSpecialArgs - // { - hostPath = ./hetzner-arm; - }; + defaultSpecialArgs; system = "aarch64-linux"; modules = defaultModules ++ [./hetzner-arm/hetzner-arm.nix]; }; - - # nix build .#nixosConfigurations.nixos-live-x86_64.config.system.build.isoImage - nixos-live-x86_64 = nixosX86_64LiveWithExtraDepsForMachines ["lappy-t495"]; - - # nix --no-sandbox build .#nixosConfigurations.raspberry.config.system.build.sdImage - raspberry = nixosUnstableSystem { - specialArgs = - defaultSpecialArgs - // { - hostPath = ./raspberry; - }; - system = "aarch64-linux"; - modules = defaultModules ++ [./raspberry/raspberry.nix]; - }; } diff --git a/hosts/raspberry/boot.nix b/hosts/raspberry/boot.nix deleted file mode 100644 index 5a40dc1..0000000 --- a/hosts/raspberry/boot.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - pkgs, - config, - modulesPath, - ... -}: let - inherit (lib.modules) mkForce mkDefault; - inherit (builtins) toFile; -in { - imports = [ - (modulesPath + "/installer/sd-card/sd-image.nix") - ]; - - boot = { - supportedFilesystems = mkForce ["vfat"]; - consoleLogLevel = mkDefault 7; - kernelParams = ["console=tty0"]; - loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; - - sdImage = { - compressImage = mkForce false; - populateFirmwareCommands = let - configTxt = toFile "config.txt" '' - [pi3] - kernel=u-boot-rpi3.bin - [pi4] - kernel=u-boot-rpi4.bin - enable_gic=1 - armstub=armstub8-gic.bin - # Otherwise the resolution will be weird in most cases, compared to - # what the pi3 firmware does by default. - disable_overscan=1 - [all] - # Boot in 64-bit mode. - arm_64bit=1 - # U-Boot needs this to work, regardless of whether UART is actually used or not. - # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still - # a requirement in the future. - enable_uart=1 - # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel - # when attempting to show low-voltage or overtemperature warnings. - avoid_warnings=1 - ''; - in '' - (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) - # Add the config - cp ${configTxt} firmware/config.txt - # Add pi3 specific files - cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin - # Add pi4 specific files - cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin - cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin - cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/ - ''; - populateRootCommands = '' - mkdir -p ./files/boot - ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot - ''; - }; -} diff --git a/hosts/raspberry/raspberry.nix b/hosts/raspberry/raspberry.nix deleted file mode 100644 index 125b135..0000000 --- a/hosts/raspberry/raspberry.nix +++ /dev/null @@ -1,19 +0,0 @@ -{tree, ...}: { - imports = with tree; - [ - presets.nixos.serverBase - - ./secrets.nix - ./boot.nix - ] - ++ (with hosts.raspberry.profiles; []); - - networking.enableIPv6 = true; - networking.useDHCP = true; - - networking.hostName = "raspberry"; - time.timeZone = "Europe/London"; - - home-manager.users.root.home.stateVersion = "24.05"; - system.stateVersion = "24.05"; -} diff --git a/hosts/raspberry/secrets.nix b/hosts/raspberry/secrets.nix deleted file mode 100644 index fcd30bb..0000000 --- a/hosts/raspberry/secrets.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: { - services.secrets = { - enable = true; - - vaultLogin = { - enable = true; - loginUsername = "raspberry"; - }; - - requiredVaultPaths = []; - - secrets = { - vault_password = { - manual = true; - }; - }; - }; -} diff --git a/profiles/home-manager/base/ssh-aliases.nix b/profiles/home-manager/base/ssh-aliases.nix index 5ff5312..82cc4c3 100644 --- a/profiles/home-manager/base/ssh-aliases.nix +++ b/profiles/home-manager/base/ssh-aliases.nix @@ -9,7 +9,7 @@ in { user = "root"; hostname = "${hostname}.servers.genderfucked.monster"; }; - }) ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"])) + }) ["hetzner-arm" "hetzner-arm-decrypt"])) { "blahaj" = { user = "chaos"; diff --git a/profiles/nixos/base/home.nix b/profiles/nixos/base/home.nix index 80c1c15..d2bd906 100644 --- a/profiles/nixos/base/home.nix +++ b/profiles/nixos/base/home.nix @@ -19,6 +19,7 @@ in { }; }); }; + config = { home-manager = { useGlobalPkgs = true; diff --git a/scripts/deploy/raspberry.sh b/scripts/deploy/raspberry.sh deleted file mode 100755 index c0e1608..0000000 --- a/scripts/deploy/raspberry.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR -cd $(git rev-parse --show-toplevel) - -DEFAULT_HOST="root@raspberry.servers.genderfucked.monster" -TARGET_HOST=${HOST:-${DEFAULT_HOST}} -nixos-rebuild switch --flake .#raspberry --target-host "$TARGET_HOST" --use-substitutes -s "$@" diff --git a/scripts/deployAll.sh b/scripts/deployAll.sh deleted file mode 100755 index a90ebc7..0000000 --- a/scripts/deployAll.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -set -e - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR -cd $(git rev-parse --show-toplevel) - -HOSTNAME=$(hostname) - -[ "${NO_REBUILD}" == "" ] && ./scripts/rebuild.sh "$@" -[ "${HOSTNAME}" != "hetzner-arm" ] && ./scripts/deploy/hetzner-arm.sh "$@" -[ "${HOSTNAME}" != "vault" ] && ./scripts/deploy/vault.sh "$@" -[ "${HOSTNAME}" != "raspberry" ] && ./scripts/deploy/raspberry.sh "$@" \ No newline at end of file diff --git a/scripts/deploySecrets.sh b/scripts/deploySecrets.sh deleted file mode 100755 index 52877c3..0000000 --- a/scripts/deploySecrets.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -set -e - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR -cd $(git rev-parse --show-toplevel) - -ARCH=${1} -HOSTNAME=${2} -SSH=${3} -CONTAINER=${4} - -OPTIONAL_CONTAINER= -if [ -n "$CONTAINER" ]; then - OPTIONAL_CONTAINER="-container-${CONTAINER}" -fi - -nix build --system ${ARCH} ".#secrets-init-${HOSTNAME}${OPTIONAL_CONTAINER}" -nix-copy-closure --to ${SSH} --use-substitutes $(readlink result) -ssh ${SSH} "$(readlink result)/bin/secrets-init-${HOSTNAME}${OPTIONAL_CONTAINER}" \ No newline at end of file