Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:243d7f3fc3a2ae23ea28bff7afb0af84f96c8851
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:nixos-anywhere
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

4 Commits
243d7f3fc3 ... nixos-anyw

Author SHA1 Message Date
andromeda
411ee0c027 add remote disko and some other things 2026-01-10 08:59:54 +01:00
andromeda
aec328ce93 glide-browser, fix typo 2026-01-10 01:58:07 +01:00
andromeda
7cbd450c61 remove services 2026-01-10 00:57:41 +01:00
andromeda
97fca4cc7e fix up remote 109-199-104-83 2026-01-10 00:55:44 +01:00
12 changed files with 126 additions and 63 deletions
Expand all files Collapse all files

22
flake.lock generated
View File

@@ -129,6 +129,27 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@@ -597,6 +618,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-zulip": "nix-zulip",

9
flake.nix
View File

@@ -4,6 +4,10 @@
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@@ -41,6 +45,7 @@
};
outputs = {
agenix,
disko,
home-manager,
impermanence,
nixos-mailserver,
@@ -64,8 +69,10 @@
++ [
./users.nix
./secrets.nix
impermanence.nixosModules.impermanence
./modules/nixos/common.nix
agenix.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default

30
machines.nix
View File

@@ -6,10 +6,11 @@
modules = [
# impermanence
./modules/nixos/impermanence.nix
./modules/nixos/impermanence-ssh.nix
# hardware configuration
# includes `system.stateVersion`
./machines/lenovo.nix
./modules/nixos/machines/lenovo.nix
# boot process
# systemd-boot
@@ -18,9 +19,6 @@
# networking
./modules/nixos/laptop.nix
# boilerplate settings
./modules/nixos/common.nix
# ly display manager
./modules/nixos/ly.nix
@@ -41,7 +39,8 @@
# hardware configuration
# verbatim as `nixos-generate-config` AND `system.stateVersion`
./machines/109-199-104-83.nix
./modules/nixos/machines/109-199-104-83.nix
./modules/nixos/disko/remote.nix
# boot process
# grub boot on /dev/sda
@@ -49,32 +48,33 @@
# networking
./modules/nixos/networking/domains/galaxious.de.nix
# uses cloud-init to network
./modules/nixos/networking/networks/109-199-104-83.nix
# ssh through port 5522 among other things
# andromeda@lenovo is the only user allowed access
./modules/nixos/networking/hard-ssh.nix
./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
# ./modules/nixos/networking/hard-ssh.nix
#./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
})
# boilerplate settings
./modules/nixos/common.nix
# TODO add Impermanence to the following services
# simple-nixos-mailserver email server
# mail.domain
./modules/nixos/mailserver.nix
# ./modules/nixos/mailserver.nix
# roundcube webmail client
# webmail.domain
./modules/nixos/roundcube.nix
# ./modules/nixos/roundcube.nix
# zulip chat client
# chat.domain
# zulip chat server
# zulip.domain
./modules/nixos/zulip.nix
{
}
# ./modules/nixos/zulip.nix
];
};
}

5
modules/nixos/boot/109-199-104-83.nix
View File

@@ -1,3 +1,6 @@
{
boot.loader.grub.device = "/dev/sda";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
}

3
modules/nixos/common.nix
View File

@@ -20,4 +20,7 @@
# disable lecture
security.sudo.extraConfig = ''Defaults lecture="never"'';
# make users immutable
users.mutableUsers = false;
}

64
modules/nixos/disko/remote.nix Normal file
View File

@@ -0,0 +1,64 @@
{
disko.devices = {
disk = {
disk1 = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
# legacy boot
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# efi boot
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
# btrfs
# root is on nodev
root = {
size = "100%";
content = {
extraArgs = ["-f"]; # internet told me to, works
type = "btrfs";
subvolumes = {
# nix store
"/nix" = {
mountpoint = "/nix";
};
# persistant directory
"/persist" = {
mountpoint = "/persist";
};
};
};
};
};
};
};
};
nodev = {
# root
"/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755" # stops security complaints
];
};
};
};
}

4
modules/nixos/impermanence-ssh.nix Normal file
View File

@@ -0,0 +1,4 @@
{
# ONLY include this module AFTER a machine has been provisioned
environment.persistence."/persist".directories = ["/etc/ssh"];
}

2
modules/nixos/laptop.nix
View File

@@ -33,7 +33,5 @@
"/var/lib/bluetooth"
# wifi connections
"/etc/NetworkManager/system-connections"
# machine ssh keys
"/etc/ssh"
];
}

14
machines/109-199-104-83.nix → modules/nixos/machines/109-199-104-83.nix
View File

@@ -12,24 +12,14 @@
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/159e6a69-b4e2-49c3-a6f0-5fcba0ea6a59";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "systemd-1";
fsType = "autofs";
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.stateVersion = "25.11";
system.stateVersion = "26.05";
}

0
machines/lenovo.nix → modules/nixos/machines/lenovo.nix
View File

18
modules/nixos/networking/networks/109-199-104-83.nix
View File

@@ -1,7 +1,6 @@
{
networking = {
useNetworkd = true;
usePredictableInterfaceNames = true;
useDHCP = false;
hostName = "109-199-104-83";
firewall = {
enable = true;
@@ -9,19 +8,8 @@
allowedUDPPorts = [80 443];
};
};
systemd.network = {
services.cloud-init = {
enable = true;
networks."40-wan" = {
matchConfig.Name = "enx0050565f4fff";
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
routes = [
{
Gateway = "109.199.96.1";
GatewayOnLink = true;
}
{Gateway = "fe80::1";}
];
dns = ["2620:fe::fe" "9.9.9.9"];
};
network.enable = true;
};
}

18
users.nix
View File

@@ -19,22 +19,6 @@ in {
"wheel"
];
};
"mtgmonkey" = {
isNormalUser = true;
description = "mtgmonkey";
hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path;
extraGroups = [
(lib.mkIf
(machine == machines.lenovo)
"networkmanager")
"wheel"
];
openssh.authorizedKeys.keys = [
(lib.mkIf
(machine == machines."109-199-104-83")
config.pub-keys.ssh.andromeda)
];
};
};
environment.persistence."/persist".users = lib.mkIf config.environment.persistence."/persist".enable (
builtins.mapAttrs
@@ -45,7 +29,7 @@ in {
".backups"
".local/share/Anki2"
".local/share/chat.fluffy.fluffychat"
".local/share.zoxide"
".local/share/zoxide"
".ssh"
"conf"
"Downloads"