From 76dbeeeff1a29864b131d2ae76268ed1e260d8ef Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:00:41 -0600 Subject: [PATCH] WIP panoptes transition --- configuration.nix | 36 ++++++++++ flake.lock | 36 ++-------- flake.nix | 88 ++++++++++++----------- home-manager/git.nix | 10 --- home-manager/home.nix | 9 --- home.nix | 41 +++++++++++ nixos/configuration.nix | 26 ------- nixos/vscode/flake.nix | 14 ---- nixosModules/default.nix | 19 +++++ {nixos => nixosModules/services}/loki.nix | 12 ++-- 10 files changed, 154 insertions(+), 137 deletions(-) create mode 100644 configuration.nix delete mode 100644 home-manager/git.nix delete mode 100644 home-manager/home.nix create mode 100644 home.nix delete mode 100644 nixos/configuration.nix delete mode 100644 nixos/vscode/flake.nix create mode 100644 nixosModules/default.nix rename {nixos => nixosModules/services}/loki.nix (86%) diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..1e1788f --- /dev/null +++ b/configuration.nix @@ -0,0 +1,36 @@ +{ pkgs, userSettings, systemSettings, ... }: +{ + # nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + environment.systemPackages = with pkgs; [ + # (pkgs.writeShellScriptBin "nrbs" "sudo nixos-rebuild switch") + # (pkgs.writeShellScriptBin "nrbsu" "sudo nix-channel --update && sudo nixos-rebuild switch") + bash + busybox + git + eza + ]; + + # For SSH access + services.openssh.enable = true; + + # Networking stuff + services.avahi = { enable = true; nssmdns4 = true; }; + + # Uses rust-based sudo + security.sudo-rs = { + enable = true; + execWheelOnly = false; + wheelNeedsPassword = false; # allows sudo without password for those in the wheel group + }; + + users.users.${userSettings.username} = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ]; + }; + + time.timeZone = "${systemSettings.timeZone}"; + networking.hostName = systemSettings.hostName; +} diff --git a/flake.lock b/flake.lock index e0938e0..69bdf4d 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733392399, - "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=", + "lastModified": 1733581040, + "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661", + "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", "type": "github" }, "original": { @@ -71,18 +71,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 0, - "narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=", - "path": "/nix/store/nr5nl3zwzl02x3rnikjbry3s5xy7bm1d-source", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -120,25 +108,9 @@ } }, "vscode-server": { - "inputs": { - "nixpkgs": "nixpkgs_2", - "vscode-server": "vscode-server_2" - }, - "locked": { - "lastModified": 1, - "narHash": "sha256-IWEQNW6HVBCztzSy/1SmMTU6R/dyLlnZrJKk9ldJG/I=", - "path": "./nixos/vscode", - "type": "path" - }, - "original": { - "path": "./nixos/vscode", - "type": "path" - } - }, - "vscode-server_2": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1729422940, diff --git a/flake.nix b/flake.nix index ddf4a67..6d46c62 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Loki flake config"; + description = "Panoptes flake config"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -8,7 +8,7 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - vscode-server.url = "path:./nixos/vscode"; + vscode-server.url = "github:nix-community/nixos-vscode-server"; }; outputs = { @@ -19,61 +19,65 @@ ... } @ inputs: let + stateVersion = "24.11"; inherit (self) outputs; - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - stateVersion = "24.05"; - timeZone = "America/Chicago"; - hostname = "loki"; - lokiPort = 3100; - lokiUser = "loki"; - lokiPath = "/srv/loki"; + nixosSystem = inputs.nixpkgs.lib.nixosSystem; + + userSettings = rec { + username = "panoptes"; + gitUserName = "John Lancaster"; + gitUserEmail = "32917998+jsl12@users.noreply.github.com"; + # gitUserEmail = "asdfasdf@asdf.com"; + }; + + systemSettings = rec { + hostName = "panoptes-nix"; + system = "x86_64-linux"; + timeZone = "America/Chicago"; + locale = "en_US.UTF-8"; + }; + + pkgs = inputs.nixpkgs.legacyPackages.${systemSettings.system}; + pkgs-stable = inputs.nixpkgs-stable.legacyPackages.${systemSettings.system}; + in { + nixosModules.default = ./nixosModules; + nixosConfigurations = { - ${hostname} = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; + "${systemSettings.hostName}" = nixosSystem { + system = systemSettings.system; + specialArgs = { + inherit inputs; + inherit outputs; + inherit userSettings; + inherit systemSettings; + }; modules = [ - ./nixos/configuration.nix # > Our main nixos configuration file < - "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + ./configuration.nix # > Our main nixos configuration file < + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" ({ ... }: { - nixpkgs.hostPlatform = "${system}"; system.stateVersion = "${stateVersion}"; - time.timeZone = "${timeZone}"; - environment.systemPackages = [ - (pkgs.writeShellScriptBin "nfs" '' - sudo nixos-rebuild switch --flake git+file://${lokiPath}#${hostname} - '') - ]; - }) - (import ./nixos/loki.nix { - inherit pkgs; - inherit lokiPort; - inherit lokiUser; - inherit lokiPath; + services.vscode-server.enable = true; }) + inputs.vscode-server.nixosModules.default ]; }; }; - # Standalone home-manager configuration entrypoint - # Available through 'home-manager --flake .#your-username@your-hostname' homeConfigurations = { useGlobalPkgs = true; - "root@${hostname}" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.${system}; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [(import ./home-manager/git.nix { repoPath = "${lokiPath}"; })]; - }; - - # FIXME replace with your username@hostname - "${lokiUser}@${hostname}" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.${system}; - extraSpecialArgs = {inherit inputs outputs;}; - # > Our main home-manager configuration file < + "panoptes@panoptes-nix" = home-manager.lib.homeManagerConfiguration { + inherit pkgs stateVersion; + specialArgs = { + inherit inputs; + inherit outputs; + inherit userSettings; + inherit systemSettings; + }; modules = [ - (import ./home-manager/home.nix { user = "${lokiUser}"; repoPath = "${lokiPath}"; }) - (import ./home-manager/git.nix { repoPath = "${lokiPath}"; }) + ./home.nix + # ({...}: {home.stateVersion = "${stateVersion}";}) ]; }; }; diff --git a/home-manager/git.nix b/home-manager/git.nix deleted file mode 100644 index b166c30..0000000 --- a/home-manager/git.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ repoPath, ... }: -{ - programs.git = { - enable = true; - extraConfig.safe.directory = "${repoPath}"; - extraConfig.credential.helper = "store --file ~/.git-credentials"; - userName = "John Lancaster"; - userEmail = "32917998+jsl12@users.noreply.github.com"; - }; -} \ No newline at end of file diff --git a/home-manager/home.nix b/home-manager/home.nix deleted file mode 100644 index 8e013c6..0000000 --- a/home-manager/home.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ user, repoPath, ... }: -{ - programs.home-manager.enable = true; - home = { - stateVersion = "24.05"; - username = "${user}"; - homeDirectory = "${repoPath}"; - }; -} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..98fd823 --- /dev/null +++ b/home.nix @@ -0,0 +1,41 @@ +{ + pkgs, + systemSettings, + userSettings, + ... +}: +let + homePath = "/srv/panoptes"; + repoURL = "https://gitea.john-stream.com/john/loki-nix"; + repoBranch = "reorg"; +in +{ + nixpkgs.config.allowUnfree = true; + programs.home-manager.enable = true; + + programs.git = { + enable = true; + extraConfig.credential.helper = "store --file ~/.git-credentials"; + userName = "${userSettings.gitUserName}"; + userEmail = "${userSettings.gitUserEmail}"; + extraConfig.safe.directory = "${homePath}"; + }; + + programs.bash.enable = true; + programs.ssh.enable = true; + + home = { + homeDirectory = "${homePath}"; + packages = [ + (pkgs.writeShellScriptBin "nfs" '' + sudo nixos-rebuild switch --flake ${homePath}#${hostName} --impure + '') + (pkgs.writeShellScriptBin "init-panoptes" '' + sudo -u git clone -b ${repoBranch} ${repoURL} /srv/panoptes + '') + git + ]; + }; + + systemd.user.startServices = "sd-switch"; +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix deleted file mode 100644 index 5e1500b..0000000 --- a/nixos/configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: -{ - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - environment.systemPackages = with pkgs; [ - (pkgs.writeShellScriptBin "nrbs" "sudo nixos-rebuild switch") - (pkgs.writeShellScriptBin "nrbsu" "sudo nix-channel --update && sudo nixos-rebuild switch") - bash - busybox - git - eza - ]; - - # For SSH access - services.openssh.enable = true; - - # Networking stuff - services.avahi = { enable = true; nssmdns4 = true; }; - - # Uses rust-based sudo - security.sudo-rs = { - enable = true; - execWheelOnly = false; - wheelNeedsPassword = false; # allows sudo without password for those in the wheel group - }; -} diff --git a/nixos/vscode/flake.nix b/nixos/vscode/flake.nix deleted file mode 100644 index 7d8ff5c..0000000 --- a/nixos/vscode/flake.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - inputs.vscode-server.url = "github:nix-community/nixos-vscode-server"; - - outputs = { self, nixpkgs, vscode-server }: { - nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem { - modules = [ - vscode-server.nixosModules.default - ({ config, pkgs, ... }: { - services.vscode-server.enable = true; - }) - ]; - }; - }; -} \ No newline at end of file diff --git a/nixosModules/default.nix b/nixosModules/default.nix new file mode 100644 index 0000000..e3352e8 --- /dev/null +++ b/nixosModules/default.nix @@ -0,0 +1,19 @@ +{ + pkgs, + config, + lib, + inputs, + outputs, + ... +}: { + imports = + [ + ./services/loki.nix + ]; + + config = { + nix.settings.experimental-features = ["nix-command" "flakes"]; + programs.nix-ld.enable = true; + nixpkgs.config.allowUnfree = true; + }; +} \ No newline at end of file diff --git a/nixos/loki.nix b/nixosModules/services/loki.nix similarity index 86% rename from nixos/loki.nix rename to nixosModules/services/loki.nix index 132599c..c2b395b 100644 --- a/nixos/loki.nix +++ b/nixosModules/services/loki.nix @@ -1,9 +1,13 @@ -{ pkgs, lokiPort ? 3100, ... }: +{ pkgs, config, ... }: { - networking.firewall.allowedTCPPorts = [ lokiPort ]; + networking.firewall.allowedTCPPorts = [ + config.services.loki.configuration.server.http_listen_port + ]; environment.systemPackages = with pkgs; [ - (pkgs.writeShellScriptBin "loki-check" "curl http://localhost:${builtins.toString lokiPort}/ready") + (pkgs.writeShellScriptBin "loki-check" '' + curl http://localhost:${config.services.loki.configuration.server.http_listen_port}/ready + '') (pkgs.writeShellScriptBin "loki-logs" "journalctl -b -u loki.service -n 10") ]; @@ -12,7 +16,7 @@ user = "loki"; configuration = { - server.http_listen_port = lokiPort; + server.http_listen_port = 3100; # server.grpc_listen_port = 9096; auth_enabled = false;