logos skeleton

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2021-12-21 16:48:41 -05:00
commit ceeed0c4df
10 changed files with 590 additions and 0 deletions

44
common/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }: {
imports = [ ../users ];
boot.cleanTmpDir = true;
boot.kernelModules = [ "wireguard" ];
environment.systemPackages = with pkgs; [ age minisign tmate jq nfs-utils ];
nix = {
autoOptimiseStore = true;
useSandbox = true;
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
binaryCaches =
[ "https://xe.cachix.org" "https://nix-community.cachix.org" ];
binaryCachePublicKeys = [
"xe.cachix.org-1:kT/2G09KzMvQf64WrPBDcNWTKsA79h7+y2Fn2N7Xk2Y="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
trustedUsers = [ "root" "cadey" ];
};
security.pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "unlimited";
}];
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
services.resolved = {
enable = true;
dnssec = "false";
};
}

144
flake.lock Normal file
View File

@ -0,0 +1,144 @@
{
"nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1638665590,
"narHash": "sha256-nhtfL3z4TizWHemyZvgLvq11FhYX5Ya4ke+t6Np5PKQ=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "715e92a13018bc1745fb680b5860af0c5641026a",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1627913399,
"narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1640115895,
"narHash": "sha256-Z4IuhiwQfHOaReDdLsQAK//PYObrSOW/QvLOiEN3zOc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7ec50b1f77e62c79f07ed200853c07894195f544",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1632086102,
"narHash": "sha256-wVTcf0UclFS+zHtfPToB13jIO7n0U9N50MuRbPjQViE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e0ce3c683ae677cf5aab597d645520cddd13392b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1640090545,
"narHash": "sha256-6qiF46uBGoSQmjDTFl8ilT+d1DuK39IRHlj0jE5gqZE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1dd151f0c0c216f416e9553af08f724a2499c795",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1640053112,
"narHash": "sha256-7C0UQssCdAMyCNSv8szLJfZ5xYMBr9mh27zYUmo8wHQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c478eaf416411a7dedf773185b6d5bfc966a80ae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3",
"utils": "utils_2"
}
},
"utils": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
flake.nix Normal file
View File

@ -0,0 +1,34 @@
{
description = "My deploy-rs config for logos";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
deploy-rs.url = "github:serokell/deploy-rs";
utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, deploy-rs, home-manager, utils, ... }:
let pkgs = nixpkgs.legacyPackages."x86_64-linux";
in {
devShell.x86_64-linux = pkgs.mkShell {
buildInputs = [ deploy-rs.packages.x86_64-linux.deploy-rs ];
};
nixosConfigurations.logos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./hosts/logos ];
};
deploy.nodes.some-random-system.profiles.system = {
hostname = "192.168.2.35";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.logos;
};
# This is highly advised, and will prevent many possible mistakes
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

View File

@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { };
in {
imports = [
./hardware-configuration.nix
./solanum.nix
./zfs.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.devNodes = "/dev/disk/by-partuuid";
boot.kernelParams = [ "zfs.zfs_arc_max=1073741824" ];
networking.interfaces.enp2s0.useDHCP = true;
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
services.openssh.enable = true;
environment.systemPackages = with pkgs; [ wget vim zfs ];
services.zfs.autoScrub.enable = true;
services.zfs.autoSnapshot.enable = true;
services.zfs.trim.enable = true;
cadey.cpu = {
enable = true;
vendor = "intel";
};
security.sudo.wheelNeedsPassword = false;
services.tailscale.enable = true;
virtualisation.libvirtd.enable = true;
}

View File

@ -0,0 +1,35 @@
{ config, pkgs, modulesPath, lib, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/nvme0n1p3";
fsType = "vfat";
};
swapDevices = [{ device = "/dev/nvme0n1p2"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

213
hardware/alrest/solanum.nix Normal file
View File

@ -0,0 +1,213 @@
{config, pkgs, lib, ...}:
let
metadata = pkgs.callPackage ../../../ops/metadata/peers.nix { };
info = metadata.raw."${config.networking.hostName}".solanum;
in {
services.solanum = {
enable = true;
motd = ''
NmmN Nmmmd.:mm
NmmmN NmmydmmmmmN
Nm/:mN Nmms /mmmmm
Nmm:-dm NmmmmdsdmmmmN
mmmmmmmN NmmdhhddhhmNN Nmy:hmmmmmmmm
Nm++mmmmN mdyo/::.........-:/sdN Nmmms`smmmmmmmN
md.-dmmmm mhs/-....................-+dN Nmmmmmmmmmmmmmm
Nmmmmmmmmho:-...........................:sN NmmmmmmmmmmmmmmmN Nmdd
Nmd+ydhs/-.................................-sNmmmmmmmmmmmmmmmdhyssss
NNh+`........................................:dmmmmmmmmmmmmmmmyssssss
NNdhy+:-...........................................+dmmmmmmmmmmmmmmmdsssssss
N+-...............................................-smmmmmmmmmmmmmmmmmysyyhdmN
Nho:::-.--::-.......................----------..:hmmmmmmmmmmmmmmmmmmmN
NNNmmdo:......................--------------:ymmmmmmmmmmmmmmmmmmm
ds+........................-----------------+dmmmmmmmmmmmmmmmmm
h+........................--------------------:smmmmmmmmmmmmmmN
Ny/........................-------------::--------/hmmmmmmmmmmmN Nmd
d/........................--------------so----------odmmmmmmmm Nmdhhysss
m/........................--------------+mh-----------:ymmmmdhhyysssssssss
o.......................---------------:dmmo------------+dmdysssssssssssss
yhdmNh:......................---------------:dmmmm+------------:sssssssssssyhhdm
sssssy.......................--------------:hmmmmmmos++:---------/sssyyhdmN
ssssso......................--------------:hmmmNNN Ndddysso:------:yNN
ysssss.....................--------------/dmNyy/m d``d/------------sN
Nmdhy-...................--------------ommmh`o/N /. smh+-----------:yN
N+...................------------/hmmss: `-//-.smmmmd+----------:h
d:..................----------:smmmmhy+oosyysdmmy+:. `.--------/d
h-................---------:smmmmmmmmmmmmmmmh/` `/s:-------s
ms:...............-------/ymmmmmmmmmmmmmmmd/ :d Ny/-----+m
myss/..............------ommmmmmmmmmmmmmmmd. :y Ns:---+m
Ndssssso-............----..odmmmmmmmmmmmmmmh:.` .sN d/--s
mysssssssh/................` -odmmmmmmmmmh+. `om h/+m
Ndyssssssym Ny-.............. `/sssso+:. `+m dN
NhssssssshN No:............/.` `+d
ysssssssd m+-..........+ddy/.` -om
ssssssym h/.........-oN Nmy+--` `-+dN
ssssydN Ny:........-h Nmdm
sssym m+....-..:h
symN No.../-/d
dN h:.:hyN
'';
config = ''
loadmodule "extensions/chm_adminonly";
loadmodule "extensions/chm_nonotice";
loadmodule "extensions/chm_operonly";
loadmodule "extensions/chm_sslonly";
#loadmodule "extensions/chm_operpeace";
#loadmodule "extensions/createauthonly";
loadmodule "extensions/extb_account";
loadmodule "extensions/extb_canjoin";
loadmodule "extensions/extb_channel";
loadmodule "extensions/extb_combi";
loadmodule "extensions/extb_extgecos";
loadmodule "extensions/extb_hostmask";
loadmodule "extensions/extb_oper";
loadmodule "extensions/extb_realname";
loadmodule "extensions/extb_server";
loadmodule "extensions/extb_ssl";
loadmodule "extensions/extb_usermode";
#loadmodule "extensions/helpops";
#loadmodule "extensions/hurt";
loadmodule "extensions/ip_cloaking_4.0";
#loadmodule "extensions/ip_cloaking";
#loadmodule "extensions/m_extendchans";
#loadmodule "extensions/m_findforwards";
#loadmodule "extensions/m_identify";
#loadmodule "extensions/m_locops";
#loadmodule "extensions/no_oper_invis";
loadmodule "extensions/sno_farconnect";
loadmodule "extensions/sno_globalnickchange";
loadmodule "extensions/sno_globaloper";
#loadmodule "extensions/sno_whois";
loadmodule "extensions/override";
loadmodule "extensions/no_kill_services";
serverinfo {
name = "${config.networking.hostName}.alrest";
sid = "${info.sid}";
description = "${info.description}";
network_name = "akua";
};
listen {
host = "0.0.0.0";
port = 6667;
};
class "users" {
ping_time = 2 minutes;
number_per_ident = 10;
number_per_ip = 10;
number_per_ip_global = 50;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
number_per_cidr = 200;
max_number = 3000;
sendq = 400 kbytes;
};
class "opers" {
ping_time = 5 minutes;
number_per_ip = 10;
max_number = 1000;
sendq = 1 megabyte;
};
class "server" {
ping_time = 5 minutes;
connectfreq = 5 minutes;
max_number = 420;
sendq = 4 megabytes;
};
auth {
user = "*@*";
class = "users";
flags = exceed_limit;
};
channel {
default_split_user_count = 0;
};
privset "local_op" {
privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
};
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
privs = oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
extends = "local_op";
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant, oper:privs;
};
operator "Mara" {
user = "*@*";
password = "L/b5FCMZ1DUc2";
snomask = "+Zbfkrsuy";
flags = encrypted;
privset = "admin";
};
connect "kos-mos.alrest" {
host = "100.72.50.9";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "logos.alrest" {
host = "100.106.69.58";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "ontos.alrest" {
host = "100.66.226.109";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "pneuma.alrest" {
host = "100.120.235.118";
send_password = "hunter2";
accept_password = "hunter2";
port = 6667;
class = "server";
flags = topicburst, autoconn;
};
connect "services." {
host = "100.67.184.57";
send_password = "hunter2";
accept_password = "hunter2";
class = "server";
};
service {
name = "services.";
};
'';
openFilesLimit = 65536;
};
}

26
hardware/alrest/zfs.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, ... }:
{
boot = {
initrd = {
kernelModules = [ "r8169" ];
network = {
enable = true;
ssh = {
enable = true;
port = 2222;
authorizedKeys = config.users.users.cadey.openssh.authorizedKeys.keys;
hostKeys = [
"/etc/secrets/initrd/ssh_host_rsa_key"
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
};
postCommands = ''
echo "zfs load-key -a; killall zfs" >> /root/.profile
'';
};
};
};
services.nfs.server.enable = true;
}

8
hosts/logos/default.nix Executable file
View File

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
users.motd = builtins.readFile ./motd;
networking.hostName = "logos";
networking.hostId = "aeace675";
}

9
hosts/logos/motd Normal file
View File

@ -0,0 +1,9 @@
 █████
███████
███████
█████
█████
█████
█████
"What are we, in the end? This hunger I feel, this thirst... Is it my own?
 Or is it someone else? Sometimes I can't tell."

32
users/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.within.users.mkOthers "Make users other than cadey";
in {
users.users.cadey = {
isNormalUser = true;
extraGroups =
[ "wheel" "docker" "audio" "plugdev" "libvirtd" "adbusers" "dialout" "within" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK1sv1j0XAuHkcUB78D1S0Gv1mvJDjpCcZSTSgR5j3vxFoONctnb1BtnV75zR5YRkAfDNs00qeL+nyWA1s2VR9onaYRTQYO5TRsJhOgSijthn8qT8uK1ws1tWWui/sPzxbLu34nW8IsoQm3iFLD9yQCR7GK9e4WOU5itqLNMyh5jS7LTRKCSC2mi9IvYyTfFMggtuF3u7yFTksR02FOoox2YPzB8bHM3xBqPK46Z+fq+/mWaulnoXWcC3SZgjwpRmcEOAmTEQuk67jlpeumGqRU3lO6UFY3FDvQ8W1VYv2O1ZwPmV87S1pIEulX3WG+r7lO73bPT420PdoQehS/pY7"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsviqiUuN6t4YM2H+ApQtGAFx6TWJbWCqDDhInIh3X40ZAxtTmryRwAXdtHJ+v6HuGFU5XH3chDX1WSRbwVIrlxkX1hJIEZO379YSIHkORSrAmxF/2lsrW2zSjufZ6IS9yI7nsxe2mJf3GEiFjoAh2iGrSKnOACK2Y+o/SiO0BtDkOUIabofuAxf/RNOpn/HSPh/MabOxYuNOMO2bl+quYN7C1idyvVcNp0llfrnGGTCk5g3rDpR+CDQ0P2Ebg1hf4j2i/6XJmHL52Zg4b8hkoS9BzRcb2vOjGYZVR4lOMqR9ZcNMUBwMboJeQtsAib9DYaGjhMWgMQ76brXwE65sX"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6BhO4roUnnppgf4GPDonhu0DOaA60dZ+JaFBZUa+IW"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv/8Iprp3f+THr9txqoWKTO5KxnYVpiKI7e4mdTO2+b"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp8WiNUFK6mbehvO94LAzIA4enTuWxugABC79tiQSHT"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1e4qhGYEUCNoCYHUqfvPSkBfVdlIjmwQI7q8eibeWw"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQAQCZLLbbrMTsR1NYqFRftXM2Dm8V83uaOrAxIy7zZ"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYr9hiLtDHgd6lZDgQMkJzvYeAXmePOrgFaWHAjJvNU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmEyBV301bq2VMa0cm4aE4peh57TcmNq4jHVN3Clufp cadey@la-tahorskami"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJHpoa7MSKy50Jv0cKjb1B/6jh/VtB71v8OGrt+lw3P cadey@genza"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4mrGB2aTjHkp3r3Q7l8FHgtDPCCDqBUp9DykRWjcMA mara@blink"
];
};
}