nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.fudo.org:2222/fudosys/NixOS

This commit is contained in:
root 2021-01-14 18:57:24 -06:00
parent b5a6d45f2f d0973c9448
commit a5836387e9
7 changed files with 306 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
config/fudo/ipfs.nix Normal file
View File

@ -0,0 +1,71 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.fudo.ipfs;
user-group-entry = group: user:
nameValuePair user { extraGroups = [ group ]; };
user-home-entry = ipfs-path: user:
nameValuePair user { home.sessionVariables = { IPFS_PATH = ipfs-path; }; };
in {
options.fudo.ipfs = with types; {
enable = mkEnableOption "Fudo IPFS";
users = mkOption {
type = listOf str;
description = "List of users with IPFS access.";
default = [ ];
};
user = mkOption {
type = str;
description = "User as which to run IPFS user.";
default = "ipfs";
};
group = mkOption {
type = str;
description = "Group as which to run IPFS user.";
default = "ipfs";
};
api-address = mkOption {
type = str;
description = "Address on which to listen for requests.";
default = "/ip4/127.0.0.1/tcp/5001";
};
automount = mkOption {
type = bool;
description = "Whether to automount /ipfs and /ipns on boot.";
default = true;
};
data-dir = mkOption {
type = str;
description = "Path to store data for IPFS.";
default = "/var/lib/ipfs";
};
};
config = mkIf cfg.enable {
users.users = listToAttrs (map (user-group-entry cfg.group) cfg.users);
services.ipfs = {
enable = true;
apiAddress = cfg.api-address;
autoMount = cfg.automount;
enableGC = true;
user = cfg.user;
group = cfg.group;
dataDir = cfg.data-dir;
};
home-manager.users =
listToAttrs (map (user-home-entry cfg.data-dir) cfg.users);
};
}

4
config/local.nix
View File

@ -1,7 +1,6 @@
{ lib, config, pkgs, ... }:
with lib;
{
with lib; {
imports = [
./fudo/acme-for-hostname.nix
./fudo/authentication.nix
@ -13,6 +12,7 @@ with lib;
./fudo/garbage-collector.nix
./fudo/git.nix
./fudo/grafana.nix
./fudo/ipfs.nix
./fudo/kdc.nix
./fudo/ldap.nix
./fudo/local-network.nix

76
defaults.nix
View File

@ -2,8 +2,7 @@
{ config, pkgs, lib, ... }:
let
state-version = "20.03";
let state-version = "20.03";
in {
imports = [
@ -109,13 +108,9 @@ in {
xkbOptions = "ctrl:nocaps";
};
console = {
useXkbConfig = true;
};
console = { useXkbConfig = true; };
i18n = {
defaultLocale = "en_US.UTF-8";
};
i18n = { defaultLocale = "en_US.UTF-8"; };
programs = {
mosh.enable = true;
@ -137,9 +132,7 @@ in {
enableSSHSupport = true;
};
fish = {
enable = true;
};
fish = { enable = true; };
};
services = {
@ -148,9 +141,7 @@ in {
enable = true;
};
cron = {
enable = true;
};
cron = { enable = true; };
openssh = {
enable = true;
startWhenNeeded = true;
@ -158,16 +149,12 @@ in {
extraConfig = ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
'';
'';
};
pcscd = {
enable = true;
};
pcscd = { enable = true; };
udev.packages = with pkgs; [
yubikey-personalization
];
udev.packages = with pkgs; [ yubikey-personalization ];
};
environment.shellInit = ''
@ -194,11 +181,7 @@ in {
};
};
users.groups = {
fudosys = {
gid = 888;
};
};
users.groups = { fudosys = { gid = 888; }; };
users.extraUsers = {
niten = {
@ -206,11 +189,26 @@ in {
uid = 10000;
createHome = true;
description = "Niten";
shell = pkgs.fish;
extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
extraGroups = [
"wheel"
"audio"
"video"
"disk"
"floppy"
"lp"
"cdrom"
"tape"
"dialout"
"adm"
"input"
"systemd-journal"
"fudosys"
"libvirtd"
];
group = "users";
home = "/home/niten";
hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
hashedPassword =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
];
@ -220,10 +218,26 @@ in {
uid = 10049;
createHome = true;
description = "Reaper";
extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
extraGroups = [
"wheel"
"audio"
"video"
"disk"
"floppy"
"lp"
"cdrom"
"tape"
"dialout"
"adm"
"input"
"systemd-journal"
"fudosys"
"libvirtd"
];
group = "users";
home = "/home/reaper";
hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
hashedPassword =
"$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
};
fudo = {
isSystemUser = true;

81
hosts/lambda.nix Normal file
View File

@ -0,0 +1,81 @@
{ lib, config, pkgs, ... }:
let
hostname = "lambda";
host-internal-ip = "10.0.0.3";
host-storage-ip = "10.0.10.1";
inherit (lib.strings) concatStringsSep;
in {
boot.kernelModules = [ "kvm-amd" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/disk/by-label/nixos-root";
hardware.bluetooth.enable = false;
imports = [ ../defaults.nix ../hardware-configuration.nix ];
fudo.common = {
profile = "server";
site = "seattle";
};
fudo.slynk = { enable = true; };
networking = {
hostName = hostname;
nameservers = [ host-internal-ip ];
# Create a bridge for VMs to use
macvlans = {
extif0 = {
interface = "enp3s0f1";
mode = "bridge";
};
storageif0 = {
interface = "enp4s0f1";
mode = "bridge";
};
};
interfaces = {
enp3s0f0.useDHCP = false;
enp3s0f1.useDHCP = false;
enp4s0f0.useDHCP = false;
enp4s0f1.useDHCP = false;
extif0 = {
useDHCP = false;
macAddress = "02:50:f6:52:9f:9d";
ipv4.addresses = [{
address = host-internal-ip;
prefixLength = 22;
}
# {
# address = "10.0.10.2";
# prefixLength = 24;
# }
];
};
storageif0 = {
useDHCP = false;
macAddress = "02:65:d7:00:7d:1b";
ipv4.addresses = [{
address = host-storage-ip;
prefixLength = 24;
}];
};
};
};
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/${host-internal-ip}/tcp/5001";
};
}

42
hosts/nostromo.nix
View File

@ -24,10 +24,7 @@ in {
hardware.bluetooth.enable = false;
imports = [
../defaults.nix
../hardware-configuration.nix
];
imports = [ ../defaults.nix ../hardware-configuration.nix ];
fudo.common = {
profile = "server";
@ -74,7 +71,7 @@ in {
interface eno2
ia_na 1
ia_pd 2 eno2/0
'';
'';
# Create a bridge for VMs to use
macvlans = {
@ -93,9 +90,7 @@ in {
enp9s0f0.useDHCP = false;
enp9s0f1.useDHCP = false;
eno2 = {
useDHCP = true;
};
eno2 = { useDHCP = true; };
intif0 = {
useDHCP = false;
@ -121,19 +116,11 @@ in {
};
users = {
users = {
fudo-client = {
isSystemUser = true;
};
};
users = { fudo-client = { isSystemUser = true; }; };
groups = {
backplane-powerdns = {
members = [ "backplane-powerdns" ];
};
backplane-dns = {
members = [ "backplane-dns" ];
};
backplane-powerdns = { members = [ "backplane-powerdns" ]; };
backplane-dns = { members = [ "backplane-dns" ]; };
};
};
@ -180,11 +167,7 @@ in {
docker-containers = {
pihole = {
image = "pihole/pihole:4.3.2-1";
ports = [
"5353:53/tcp"
"5353:53/udp"
"3080:80/tcp"
];
ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
environment = {
ServerIP = host-internal-ip;
VIRTUAL_HOST = "dns-hole.sea.fudo.org";
@ -202,16 +185,19 @@ in {
};
};
fudo.ipfs = {
enable = true;
users = [ "niten" ];
api-address = "/ip4/${host-internal-ip}/tcp/5001";
};
services = {
nginx = {
enable = true;
virtualHosts = {
"pihole.sea.fudo.org" = {
serverAliases = [
"dns-hole.sea.fudo.org"
"hole.sea.fudo.org"
];
serverAliases = [ "dns-hole.sea.fudo.org" "hole.sea.fudo.org" ];
locations."/" = {
proxyPass = "http://127.0.0.1:3080";

48
static/add-fudo-ssh-key.rb Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env ruby
require 'uri'
require 'net/http'
require 'net/https'
require 'json'
require 'socket'
if ! ENV['FUDO_GIT_TOKEN']
puts "FUDO_GIT_TOKEN must be set first"
exit 1
end
token = ENV['FUDO_GIT_TOKEN']
if ARGV.length != 1
puts "usage: #{$0} <filename>"
exit 1
end
filename = ARGV[0]
if not File::exist?(filename)
puts "file does not exist: #{filename}"
exit 2
end
target_uri = URI.parse("https://git.fudo.org/api/v1/admin/users/fudo/keys")
key = File::open(filename).read.strip
hostname = Socket::gethostname
@payload = {
key: key,
read_only: true,
title: "#{hostname} fudo key"
}
https = Net::HTTP.new(target_uri.host, target_uri.port)
https.use_ssl = true
req = Net::HTTP::Post.new(target_uri.path, initheader = {
'Content-Type' => 'application/json',
'Authorization' => "token #{token}"
})
req.body = @payload.to_json
res = https.request(req)
puts "response #{res.code} #{res.message}: #{res.body}"

57
users/niten.nix
View File

@ -6,6 +6,29 @@ let
in {
programs = {
bash = {
enable = true;
shellAliases = {
".." = "cd ..";
"..." = "cd ../..";
la = "ls -a";
ll = "ls -l";
lla = "ls -la";
rm = "rm --one-file-system --preserve-root";
};
extraInit = ''
case $TERM in
screen|xterm*|rxvt*)
shopt -s checkwinsize
;;
*)
export LS_OPTIONS=""
;;
esac
'';
};
git = {
enable = true;
userName = name;
@ -33,20 +56,30 @@ in {
# tray = true;
# };
home.file = {
".doom.d" = {
source = pkgs.doom-emacs-config;
recursive = true;
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
home = {
file = {
".doom.d" = {
source = pkgs.doom-emacs-config;
recursive = true;
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
};
".k5login" = {
source = pkgs.writeText "niten-k5login" ''
niten@FUDO.ORG
niten/root@FUDO.ORG
niten@INFORMIS.LAND
niten/root@INFORMIS.LAND
'';
};
};
".k5login" = {
source = pkgs.writeText "niten-k5login" ''
niten@FUDO.ORG
niten/root@FUDO.ORG
niten@INFORMIS.LAND
niten/root@INFORMIS.LAND
'';
sessionVariables = {
EDITOR = "emacsclient -t";
ALTERNATE_EDITOR = "";
# Don't put duplicates or whitespace in bash history
HISTCONTROL = "ignoredups:ignorespace";
};
};
}