From 5dd5cc0c06563ffece857ac4d7e7a50141397c18 Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Fri, 20 Sep 2024 21:16:48 -0400 Subject: [PATCH] ezConfig for orangepihole --- .../unbound-local.conf | 0 flake.nix | 10 -- .../orangepihole.nix | 135 ++++++++++++------ .../orangepihole/hardware-configuration.nix | 50 ------- 4 files changed, 95 insertions(+), 100 deletions(-) rename {systems/orangepihole => configs}/unbound-local.conf (100%) rename systems/orangepihole/configuration.nix => nixos-configurations/orangepihole.nix (61%) delete mode 100644 systems/orangepihole/hardware-configuration.nix diff --git a/systems/orangepihole/unbound-local.conf b/configs/unbound-local.conf similarity index 100% rename from systems/orangepihole/unbound-local.conf rename to configs/unbound-local.conf diff --git a/flake.nix b/flake.nix index 22ed99e..2a9d649 100644 --- a/flake.nix +++ b/flake.nix @@ -120,16 +120,6 @@ } ]; }; - orangepihole = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - pkgs-unstable = inputs.nixunstable.legacyPackages.aarch64-linux; - }; - modules = [ - ./systems/orangepihole/configuration.nix - inputs.impermanence.nixosModules.impermanence - ]; - }; }; }; perSystem = diff --git a/systems/orangepihole/configuration.nix b/nixos-configurations/orangepihole.nix similarity index 61% rename from systems/orangepihole/configuration.nix rename to nixos-configurations/orangepihole.nix index 7e2b9e7..c729879 100644 --- a/systems/orangepihole/configuration.nix +++ b/nixos-configurations/orangepihole.nix @@ -1,19 +1,78 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + modulesPath, + ezModules, + lib, + inputs, + ... +}: { imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../nixos-modules - ../../nixos-modules/networkd-base.nix + "${modulesPath}/installer/scan/not-detected.nix" + inputs.impermanence.nixosModules.impermanence + ezModules.networkd-base ]; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.loader.timeout = 1; - boot.tmp.cleanOnBoot = true; + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + timeout = 1; + }; + tmp.cleanOnBoot = true; + }; + + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = [ + "defaults" + "mode=755" + ]; + }; + "/persist" = { + device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; + fsType = "btrfs"; + neededForBoot = true; + options = [ + "compress=lzo" + "autodefrag" + "defaults" + "subvol=@nixos/root" + ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80"; + fsType = "ext4"; + options = [ "defaults" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; + fsType = "btrfs"; + options = [ + "compress=lzo" + "autodefrag" + "defaults" + "subvol=@nixos/nix" + ]; + }; + }; + networking = { hostName = "orangepihole"; # Define your hostname. + firewall = { + allowedUDPPorts = [ + 53 + 67 + 68 + ]; + allowedTCPPorts = [ 53 ]; + }; + useDHCP = lib.mkDefault true; }; systemd.network.networks."40-end0" = { matchConfig.Name = "end0"; @@ -40,8 +99,10 @@ ]; }; networkConfig.IPv6SendRA = true; - ipv6SendRAConfig.RouterLifetimeSec = 0; - ipv6SendRAConfig.EmitDNS = false; + ipv6SendRAConfig = { + RouterLifetimeSec = 0; + EmitDNS = false; + }; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; }; zramSwap.enable = true; @@ -67,7 +128,7 @@ }; include = [ "/etc/unbound/ads.conf" - "${./unbound-local.conf}" + "${../configs/unbound-local.conf}" ]; }; }; @@ -117,35 +178,30 @@ }; }; - networking.firewall = { - allowedUDPPorts = [ - 53 - 67 - 68 - ]; - allowedTCPPorts = [ 53 ]; - }; - system.stateVersion = "23.11"; # Did you read the comment? sops.secrets."nixremote/sshkey" = { }; - nix.buildMachines = [ - { - hostName = "zeus"; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - protocol = "ssh-ng"; - sshKey = config.sops.secrets."nixremote/sshkey".path; - sshUser = "nixremote"; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - ]; - } - ]; + nix = { + distributedBuilds = true; + settings.max-jobs = 0; + buildMachines = [ + { + hostName = "zeus"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + protocol = "ssh-ng"; + sshKey = config.sops.secrets."nixremote/sshkey".path; + sshUser = "nixremote"; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + } + ]; + }; programs.ssh.extraConfig = '' Host zeus User nixremote @@ -153,6 +209,5 @@ IdentitiesOnly yes IdentityFile ${config.sops.secrets."nixremote/sshkey".path} ''; - nix.distributedBuilds = true; - nix.settings.max-jobs = 0; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/systems/orangepihole/hardware-configuration.nix b/systems/orangepihole/hardware-configuration.nix deleted file mode 100644 index 7b993e1..0000000 --- a/systems/orangepihole/hardware-configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = [ - "defaults" - "mode=755" - ]; - }; - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; - fsType = "btrfs"; - neededForBoot = true; - options = [ - "compress=lzo" - "autodefrag" - "defaults" - "subvol=@nixos/root" - ]; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80"; - fsType = "ext4"; - options = [ "defaults" ]; - }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; - fsType = "btrfs"; - options = [ - "compress=lzo" - "autodefrag" - "defaults" - "subvol=@nixos/nix" - ]; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -}