Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:243d7f3fc3a2ae23ea28bff7afb0af84f96c8851
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:nixos-anywhere
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

4 Commits
243d7f3fc3 ... nixos-anyw

Author SHA1 Message Date
andromeda
411ee0c027 add remote disko and some other things 2026-01-10 08:59:54 +01:00
andromeda
aec328ce93 glide-browser, fix typo 2026-01-10 01:58:07 +01:00
andromeda
7cbd450c61 remove services 2026-01-10 00:57:41 +01:00
andromeda
97fca4cc7e fix up remote 109-199-104-83 2026-01-10 00:55:44 +01:00
12 changed files with 126 additions and 63 deletions
Expand all files Collapse all files

22
flake.lock generated
View File

@@ -129,6 +129,27 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -597,6 +618,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-zulip": "nix-zulip", "nix-zulip": "nix-zulip",

9
flake.nix
View File

@@ -4,6 +4,10 @@
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -41,6 +45,7 @@
}; };
outputs = { outputs = {
agenix, agenix,
disko,
home-manager, home-manager,
impermanence, impermanence,
nixos-mailserver, nixos-mailserver,
@@ -64,8 +69,10 @@
++ [ ++ [
./users.nix ./users.nix
./secrets.nix ./secrets.nix
impermanence.nixosModules.impermanence ./modules/nixos/common.nix
agenix.nixosModules.default agenix.nixosModules.default
disko.nixosModules.disko
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule nixos-mailserver.nixosModule
noshell.nixosModules.default noshell.nixosModules.default
phoenix.nixosModules.default phoenix.nixosModules.default

30
machines.nix
View File

@@ -6,10 +6,11 @@
modules = [ modules = [
# impermanence # impermanence
./modules/nixos/impermanence.nix ./modules/nixos/impermanence.nix
./modules/nixos/impermanence-ssh.nix
# hardware configuration # hardware configuration
# includes `system.stateVersion` # includes `system.stateVersion`
./machines/lenovo.nix ./modules/nixos/machines/lenovo.nix
# boot process # boot process
# systemd-boot # systemd-boot
@@ -18,9 +19,6 @@
# networking # networking
./modules/nixos/laptop.nix ./modules/nixos/laptop.nix
# boilerplate settings
./modules/nixos/common.nix
# ly display manager # ly display manager
./modules/nixos/ly.nix ./modules/nixos/ly.nix
@@ -41,7 +39,8 @@
# hardware configuration # hardware configuration
# verbatim as `nixos-generate-config` AND `system.stateVersion` # verbatim as `nixos-generate-config` AND `system.stateVersion`
./machines/109-199-104-83.nix ./modules/nixos/machines/109-199-104-83.nix
./modules/nixos/disko/remote.nix
# boot process # boot process
# grub boot on /dev/sda # grub boot on /dev/sda
@@ -49,32 +48,33 @@
# networking # networking
./modules/nixos/networking/domains/galaxious.de.nix ./modules/nixos/networking/domains/galaxious.de.nix
# uses cloud-init to network
./modules/nixos/networking/networks/109-199-104-83.nix ./modules/nixos/networking/networks/109-199-104-83.nix
# ssh through port 5522 among other things # ssh through port 5522 among other things
# andromeda@lenovo is the only user allowed access # andromeda@lenovo is the only user allowed access
./modules/nixos/networking/hard-ssh.nix # ./modules/nixos/networking/hard-ssh.nix
./modules/nixos/networking/ssh-as-root.nix #./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];}) ({config, ...}: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
})
# boilerplate settings # TODO add Impermanence to the following services
./modules/nixos/common.nix
# simple-nixos-mailserver email server # simple-nixos-mailserver email server
# mail.domain # mail.domain
./modules/nixos/mailserver.nix # ./modules/nixos/mailserver.nix
# roundcube webmail client # roundcube webmail client
# webmail.domain # webmail.domain
./modules/nixos/roundcube.nix # ./modules/nixos/roundcube.nix
# zulip chat client # zulip chat client
# chat.domain # chat.domain
# zulip chat server # zulip chat server
# zulip.domain # zulip.domain
./modules/nixos/zulip.nix # ./modules/nixos/zulip.nix
{
}
]; ];
}; };
} }

5
modules/nixos/boot/109-199-104-83.nix
View File

@@ -1,3 +1,6 @@
{ {
boot.loader.grub.device = "/dev/sda"; boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
} }

3
modules/nixos/common.nix
View File

@@ -20,4 +20,7 @@
# disable lecture # disable lecture
security.sudo.extraConfig = ''Defaults lecture="never"''; security.sudo.extraConfig = ''Defaults lecture="never"'';
# make users immutable
users.mutableUsers = false;
} }

64
modules/nixos/disko/remote.nix Normal file
View File

@@ -0,0 +1,64 @@
{
disko.devices = {
disk = {
disk1 = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
# legacy boot
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
# efi boot
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
# btrfs
# root is on nodev
root = {
size = "100%";
content = {
extraArgs = ["-f"]; # internet told me to, works
type = "btrfs";
subvolumes = {
# nix store
"/nix" = {
mountpoint = "/nix";
};
# persistant directory
"/persist" = {
mountpoint = "/persist";
};
};
};
};
};
};
};
};
nodev = {
# root
"/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755" # stops security complaints
];
};
};
};
}

4
modules/nixos/impermanence-ssh.nix Normal file
View File

@@ -0,0 +1,4 @@
{
# ONLY include this module AFTER a machine has been provisioned
environment.persistence."/persist".directories = ["/etc/ssh"];
}

2
modules/nixos/laptop.nix
View File

@@ -33,7 +33,5 @@
"/var/lib/bluetooth" "/var/lib/bluetooth"
# wifi connections # wifi connections
"/etc/NetworkManager/system-connections" "/etc/NetworkManager/system-connections"
# machine ssh keys
"/etc/ssh"
]; ];
} }

14
machines/109-199-104-83.nix → modules/nixos/machines/109-199-104-83.nix
View File

@@ -12,24 +12,14 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/159e6a69-b4e2-49c3-a6f0-5fcba0ea6a59";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "systemd-1";
fsType = "autofs";
};
swapDevices = []; swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.stateVersion = "25.11"; system.stateVersion = "26.05";
} }

0
machines/lenovo.nix → modules/nixos/machines/lenovo.nix
View File

18
modules/nixos/networking/networks/109-199-104-83.nix
View File

@@ -1,7 +1,6 @@
{ {
networking = { networking = {
useNetworkd = true; useDHCP = false;
usePredictableInterfaceNames = true;
hostName = "109-199-104-83"; hostName = "109-199-104-83";
firewall = { firewall = {
enable = true; enable = true;
@@ -9,19 +8,8 @@
allowedUDPPorts = [80 443]; allowedUDPPorts = [80 443];
}; };
}; };
systemd.network = { services.cloud-init = {
enable = true; enable = true;
networks."40-wan" = { network.enable = true;
matchConfig.Name = "enx0050565f4fff";
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
routes = [
{
Gateway = "109.199.96.1";
GatewayOnLink = true;
}
{Gateway = "fe80::1";}
];
dns = ["2620:fe::fe" "9.9.9.9"];
};
}; };
} }

18
users.nix
View File

@@ -19,22 +19,6 @@ in {
"wheel" "wheel"
]; ];
}; };
"mtgmonkey" = {
isNormalUser = true;
description = "mtgmonkey";
hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path;
extraGroups = [
(lib.mkIf
(machine == machines.lenovo)
"networkmanager")
"wheel"
];
openssh.authorizedKeys.keys = [
(lib.mkIf
(machine == machines."109-199-104-83")
config.pub-keys.ssh.andromeda)
];
};
}; };
environment.persistence."/persist".users = lib.mkIf config.environment.persistence."/persist".enable ( environment.persistence."/persist".users = lib.mkIf config.environment.persistence."/persist".enable (
builtins.mapAttrs builtins.mapAttrs
@@ -45,7 +29,7 @@ in {
".backups" ".backups"
".local/share/Anki2" ".local/share/Anki2"
".local/share/chat.fluffy.fluffychat" ".local/share/chat.fluffy.fluffychat"
".local/share.zoxide" ".local/share/zoxide"
".ssh" ".ssh"
"conf" "conf"
"Downloads" "Downloads"