Initial release

2025-03-03 23:07:58 -06:00 · 2025-03-03 23:07:58 -06:00 · 8fbb25bbac
commit 8fbb25bbac
53 changed files with 1648 additions and 0 deletions
--- a/systems/bastion/bastion-actual.nix
+++ b/systems/bastion/bastion-actual.nix
@ -0,0 +1,117 @@
+{ pkgs, ... }: {
+  networking.hostName = "bastion";
+  networking.hostId = "0d13f99b";
+
+  # WARNING: BUILT-IN ETHERNET HARDWARE IS BORKED!!!
+  # https://xcp-ng.org/docs/networking.html#intel-i218-i219-slow-speed
+  # https://serverfault.com/questions/581265/disable-tcp-checksum-offloading-on-kvm-virtual-network
+
+  imports = [
+    ./bastion_base.nix
+
+    ../../features/intelgpu.nix
+    ../../tweaks/powersave.nix
+  ];
+
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = [ "nodev" ];
+      path = "/boot0";
+    }
+    {
+      devices = [ "nodev" ];
+      path = "/boot1";
+    }
+  ];
+
+  fileSystems = {
+    "/boot0" = {
+      device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNG0MA07159M-part1";
+      fsType = "vfat";
+      options = [ "nofail" ];
+    };
+    "/boot1" = {
+      device = "/dev/disk/by-id/ata-PNY_CS900_1TB_SSD_PNY244624111201023FB-part1";
+      fsType = "vfat";
+      options = [ "nofail" ];
+    };
+
+    "/exports/Frigate" = {
+      device = "bastion-frigate";
+      fsType = "zfs";
+    };
+    "/exports/MyBook" = {
+      device = "MyBook/root";
+      fsType = "zfs";
+      options = [ "nofail" ];
+    };
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Networking
+
+  systemd.network.networks = {
+    "30-eno1" = {
+      matchConfig.Name = "eno1";
+      networkConfig.Bridge = "br0";
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+    "30-enp0s20f0u8" = {
+      matchConfig.Name = "enp0s20f0u8";
+      networkConfig.Bridge = "br0";
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+
+    "90-tinc" = {
+      matchConfig.Name = "tinc.mlaga97spa";
+      address = [ "10.86.84.105/32" ];
+      routes = [ { Destination = "10.86.84.0/24"; } ];
+    };
+  };
+
+  services.tinc.networks.mlaga97space = {
+    name = "bastion";
+    ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv";
+
+    chroot = false;
+    settings.ConnectTo = [ "fortress" "citadel" ];
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+
+  hardware.coral.pcie.enable = true;
+
+  services.apcupsd = {
+    enable = true;
+    configText = ''
+      UPSTYPE usb
+      NISIP 0.0.0.0
+      BATTERYLEVEL 5
+      MINUTES 3
+    '';
+  };
+
+  # TODO: Put scripts into version control
+  services.cron = {
+    enable = true;
+    mailto = "";
+    systemCronJobs = [
+
+      # Sync Restic from Archive to MyBook daily at 0600
+      "0 6 * * *  root  /home/lauren_lagarde/bin/SyncRestic > /dev/null"
+
+      # Copy footage from Frigate to MyBook and clear up space on both every 10 minutes
+      "*/10 * * * *  root  /home/lauren_lagarde/bin/MaintainFrigate > /dev/null"
+
+      # Grab a still photo from all cameras once per minute
+      "* * * * *  root  /home/lauren_lagarde/bin/GetAllCameraImages > /dev/null"
+
+      # TODO: Automatically Collate Camera Images Monthly
+    ];
+  };
+}
--- a/systems/bastion/bastion-in-training.nix
+++ b/systems/bastion/bastion-in-training.nix
@ -0,0 +1,43 @@
+{ ... }: {
+  networking.hostName = "bastion-in-training";
+  networking.hostId = "c3e44236";
+
+  imports = [
+    ./bastion_base.nix
+  ];
+
+  boot.zfs.devNodes = "/dev/vda2";
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = [ "nodev" ];
+      path = "/boot0";
+    }
+    {
+      devices = [ "nodev" ];
+      path = "/boot1";
+    }
+  ];
+
+  fileSystems = {
+    "/boot0" = {
+      device = "/dev/vda1";
+      fsType = "vfat";
+      options = [ "nofail" ];
+    };
+    "/boot1" = {
+      device = "/dev/vdb1";
+      fsType = "vfat";
+      options = [ "nofail" ];
+    };
+  };
+
+  systemd.network.networks = {
+    "30-enp1s0" = {
+      matchConfig.Name = "enp1s0";
+      networkConfig.Bridge = "br0";
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+  };
+}
--- a/systems/bastion/bastion_base.nix
+++ b/systems/bastion/bastion_base.nix
@ -0,0 +1,127 @@
+{ pkgs, ... }: {
+  imports = [
+    # Base Config
+    ../../features/base.nix
+    ../../features/headless.nix
+
+    # Features
+    ../../features/br0.nix
+    ../../features/dockge.nix
+    ../../features/docker.nix
+    ../../features/libvirt.nix
+
+    # Tweaks
+    ../../tweaks/zfs.nix
+    ../../tweaks/zram.nix
+    ../../tweaks/disable_firewall.nix
+    ../../tweaks/systemd-resolved_nonsense.nix
+
+    # Dotspace
+    ../../secrets/dotspace.nix
+
+    # Users
+    ../../users/lauren_lagarde/lauren_lagarde.nix
+    ../../users/ashley_funkhouser/ashley_funkhouser.nix
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Bootloader / Kernel
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+    zfsSupport = true;
+    efiSupport = true;
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Local Filesystems
+
+  fileSystems = {
+    "/" = {
+      device = "bastion-root/root";
+      fsType = "zfs";
+    };
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+
+  services.cron = {
+    enable = true;
+    mailto = "";
+    systemCronJobs = [
+      "* * * * *	lauren_lagarde		/home/lauren_lagarde/bin/PublishStats > /dev/null"
+    ];
+  };
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      Frigate = {
+        path = "/exports/Frigate";
+        comment = "NVR Local Storage";
+        writable = "yes";
+        browseable = "yes";
+
+        "force user" = "nobody";
+        "force group" = "users";
+
+        "create mask" = "775";
+        "force create mode" = "775";
+        "security mask" = "775";
+        "force security mode" = "775";
+
+        "directory mask" = "2775";
+        "force directory mode" = "2775";
+        "directory security mask" = "2775";
+        "force directory security mode" = "2775";
+      };
+
+      MyBook = {
+        path = "/exports/MyBook";
+        comment = "External Storage";
+        writable = "yes";
+        browseable = "yes";
+
+        "force user" = "nobody";
+        "force group" = "users";
+
+        "create mask" = "775";
+        "force create mode" = "775";
+        "security mask" = "775";
+        "force security mode" = "775";
+
+        "directory mask" = "2775";
+        "force directory mode" = "2775";
+        "directory security mask" = "2775";
+        "force directory security mode" = "2775";
+      };
+    };
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # System Users
+
+  users.users = {
+    bastion = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      initialHashedPassword = "$y$j9T$WThHVbTQdHbv4mI0m4EjK/$LA.4Uf95jD/rJpLVf0kbfH0wFBj4FHCimV6xiDfLOD/";
+    };
+    dotspace = {
+      isNormalUser = true;
+      shell = pkgs.shadow;
+      initialHashedPassword = "$y$j9T$cH1b/0aafCTaHyWigarb70$bS6WFrbYV4xUZwVtqDCepydOhEol1DqmokBfkGmvRcA";
+    };
+  };
+}
--- a/systems/living-room-nixos.nix
+++ b/systems/living-room-nixos.nix
@ -0,0 +1,14 @@
+{ ... }: {
+  imports = [
+    ../ll-nixos-full.nix
+  ];
+
+  # Fix issue with HDMI passthrough
+  home-manager.users.lauren_lagarde = {
+    xsession.windowManager.i3 = {
+      config.startup = [
+        { command = "xrandr --output HDMI-1 --mode 1920x1080 --rate 60 --primary"; }
+      ];
+    };
+  };
+}
--- a/systems/ll-latitude-e5591.nix
+++ b/systems/ll-latitude-e5591.nix
@ -0,0 +1,12 @@
+{ config, pkgs, ... }: {
+  imports = [
+    ./ll-nixos-full.nix
+    ../features/intelgpu.nix
+  ];
+
+  hardware.enableRedistributableFirmware = true;
+
+  boot.kernelParams = [
+    "i915.enable_guc=2"
+  ];
+}
--- a/systems/ll-nixos-base.nix
+++ b/systems/ll-nixos-base.nix
@ -0,0 +1,22 @@
+{ ... }: {
+  imports = [
+    ./ll-nixos-headless.nix
+
+    # i3wm
+    ../features/i3.nix
+    ../features/yubikey.nix
+    ../tweaks/bluetooth.nix
+    ../tweaks/intel_igpu_screen_tearing.nix
+
+    # Lauren
+    ../users/lauren_lagarde/i3.nix
+    ../users/lauren_lagarde/autologin.nix
+  ];
+
+  home-manager.users.lauren_lagarde = {
+    imports = [
+      ../users/lauren_lagarde/home-manager/monitor_configs.nix
+      ../users/lauren_lagarde/home-manager/secrets/dotspace_gui.nix
+    ];
+  };
+}
--- a/systems/ll-nixos-factorio.nix
+++ b/systems/ll-nixos-factorio.nix
@ -0,0 +1,8 @@
+{ ... }: {
+  imports = [
+    ./ll-nixos-base.nix
+
+    # Additional Features
+    ../features/factorio.nix
+  ];
+}
--- a/systems/ll-nixos-full.nix
+++ b/systems/ll-nixos-full.nix
@ -0,0 +1,11 @@
+{ ... }: {
+  imports = [
+    ./ll-nixos-base.nix
+
+    # Additional Features
+    ../features/rtl-sdr.nix
+    ../features/printing.nix
+    ../features/embedded.nix
+    ../features/virtualbox.nix
+  ];
+}
--- a/systems/ll-nixos-headless.nix
+++ b/systems/ll-nixos-headless.nix
@ -0,0 +1,28 @@
+{ ... }: {
+  imports = [
+    # Core
+    ../features/base.nix
+    ../tweaks/zram.nix
+    ../tweaks/disable_nixos_user.nix
+    ../tweaks/systemd-resolved_nonsense.nix
+
+    # Headless
+    ../features/headless.nix
+    ../tweaks/zfs.nix
+
+    # Lauren
+    ../users/lauren_lagarde/lauren_lagarde.nix
+    {
+      home-manager.users.lauren_lagarde = {
+        imports = [
+          ../users/lauren_lagarde/home-manager/lauren_lagarde.nix
+        ];
+      };
+    }
+
+    # Dotspace
+    ../features/stronghold-binary-cache.nix
+    ../secrets/dotspace.nix
+    ../users/lauren_lagarde/dotspace.nix
+  ];
+}
--- a/systems/vm-docker-base.nix
+++ b/systems/vm-docker-base.nix
@ -0,0 +1,78 @@
+# cd; rm nixos-config; tar -xvf /Parlor/Lauren/nixos-config.tar.zst; cd nixos-config/nixos/; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#TARGET_HOSTNAME --disk vda /dev/vda
+{ ... }: {
+  imports = [
+    ./ll-nixos-headless.nix
+
+    ../features/docker.nix
+    ../features/dockge.nix
+
+    ../tweaks/disable_firewall.nix
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Bootloader / Kernel
+
+  # UEFI Boot
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot.enable = true;
+
+  # Libvirt Guest Kernel Modules
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Disk Layout
+
+  # https://github.com/nix-community/disko/issues/528
+  disko.devices = {
+    disk = {
+      vda = {
+        type = "disk";
+        device = "/dev/vda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            primary = {
+              size = "100%";
+              content = {
+                type = "lvm_pv";
+                vg = "pool";
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/systems/vm-docker-dhcp.nix
+++ b/systems/vm-docker-dhcp.nix
@ -0,0 +1,9 @@
+{ ... }: {
+  imports = [
+    ./ll-nixos-headless.nix
+
+    # Additional Features
+    ../features/persistent_docker.nix
+    ../tweaks/disable-firewall.nix
+  ];
+}