ezConfig for orangepihole

This commit is contained in:
Chris Dombroski 2024-09-20 21:16:48 -04:00
parent 927e6b1543
commit 5dd5cc0c06
4 changed files with 95 additions and 100 deletions

View file

@ -120,16 +120,6 @@
} }
]; ];
}; };
orangepihole = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
pkgs-unstable = inputs.nixunstable.legacyPackages.aarch64-linux;
};
modules = [
./systems/orangepihole/configuration.nix
inputs.impermanence.nixosModules.impermanence
];
};
}; };
}; };
perSystem = perSystem =

View file

@ -1,19 +1,78 @@
{ config, pkgs, ... }: {
config,
pkgs,
modulesPath,
ezModules,
lib,
inputs,
...
}:
{ {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix "${modulesPath}/installer/scan/not-detected.nix"
../../nixos-modules inputs.impermanence.nixosModules.impermanence
../../nixos-modules/networkd-base.nix ezModules.networkd-base
]; ];
boot.loader.grub.enable = false; boot = {
boot.loader.generic-extlinux-compatible.enable = true; loader = {
boot.loader.timeout = 1; grub.enable = false;
boot.tmp.cleanOnBoot = true; generic-extlinux-compatible.enable = true;
timeout = 1;
};
tmp.cleanOnBoot = true;
};
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"mode=755"
];
};
"/persist" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
neededForBoot = true;
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/root"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
fsType = "ext4";
options = [ "defaults" ];
};
"/nix" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/nix"
];
};
};
networking = { networking = {
hostName = "orangepihole"; # Define your hostname. hostName = "orangepihole"; # Define your hostname.
firewall = {
allowedUDPPorts = [
53
67
68
];
allowedTCPPorts = [ 53 ];
};
useDHCP = lib.mkDefault true;
}; };
systemd.network.networks."40-end0" = { systemd.network.networks."40-end0" = {
matchConfig.Name = "end0"; matchConfig.Name = "end0";
@ -40,8 +99,10 @@
]; ];
}; };
networkConfig.IPv6SendRA = true; networkConfig.IPv6SendRA = true;
ipv6SendRAConfig.RouterLifetimeSec = 0; ipv6SendRAConfig = {
ipv6SendRAConfig.EmitDNS = false; RouterLifetimeSec = 0;
EmitDNS = false;
};
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ];
}; };
zramSwap.enable = true; zramSwap.enable = true;
@ -67,7 +128,7 @@
}; };
include = [ include = [
"/etc/unbound/ads.conf" "/etc/unbound/ads.conf"
"${./unbound-local.conf}" "${../configs/unbound-local.conf}"
]; ];
}; };
}; };
@ -117,35 +178,30 @@
}; };
}; };
networking.firewall = {
allowedUDPPorts = [
53
67
68
];
allowedTCPPorts = [ 53 ];
};
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
sops.secrets."nixremote/sshkey" = { }; sops.secrets."nixremote/sshkey" = { };
nix.buildMachines = [ nix = {
{ distributedBuilds = true;
hostName = "zeus"; settings.max-jobs = 0;
systems = [ buildMachines = [
"x86_64-linux" {
"aarch64-linux" hostName = "zeus";
]; systems = [
protocol = "ssh-ng"; "x86_64-linux"
sshKey = config.sops.secrets."nixremote/sshkey".path; "aarch64-linux"
sshUser = "nixremote"; ];
supportedFeatures = [ protocol = "ssh-ng";
"nixos-test" sshKey = config.sops.secrets."nixremote/sshkey".path;
"benchmark" sshUser = "nixremote";
"big-parallel" supportedFeatures = [
"kvm" "nixos-test"
]; "benchmark"
} "big-parallel"
]; "kvm"
];
}
];
};
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host zeus Host zeus
User nixremote User nixremote
@ -153,6 +209,5 @@
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile ${config.sops.secrets."nixremote/sshkey".path} IdentityFile ${config.sops.secrets."nixremote/sshkey".path}
''; '';
nix.distributedBuilds = true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
nix.settings.max-jobs = 0;
} }

View file

@ -1,50 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"mode=755"
];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
neededForBoot = true;
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/root"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
fsType = "ext4";
options = [ "defaults" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/nix"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}