diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4a442e8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +result +./result +*.qcow2 + diff --git a/Makefile b/Makefile index f8e8c28..c48a41d 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,29 @@ # .PHONY: all -all: hp0 hp1 hp2 hp3 hp4 hp5 +all: hosts + +hosts: +# [das@t:~/nixos]$ find ./ -name 'hosts.nix' +# ./hp/hp1/hosts.nix +# ./hp/hp0/hosts.nix +# ./hp/hp2/hosts.nix +# ./hp/hp5/hosts.nix +# ./modules/hosts.nix +# ./laptops/t/hosts.nix + cp ./modules/hosts.nix ./hp/hp0/hosts.nix + cp ./modules/hosts.nix ./hp/hp1/hosts.nix + cp ./modules/hosts.nix ./hp/hp2/hosts.nix + cp ./modules/hosts.nix ./hp/hp3/hosts.nix + cp ./modules/hosts.nix ./hp/hp4/hosts.nix + cp ./modules/hosts.nix ./hp/hp5/hosts.nix + + cp ./modules/hosts.nix ./laptops/t/hosts.nix + cp ./modules/hosts.nix ./laptops/t14/hosts.nix + + cp ./modules/hosts.nix ./arm/pi5-1-os/hosts.nix + +#all: hp0 hp1 hp2 hp3 hp4 hp5 hp0: scp -C ./modules/* hp0: diff --git a/arm/pi5-1-os/.gitignore b/arm/pi5-1-os/.gitignore new file mode 100644 index 0000000..5d9f880 --- /dev/null +++ b/arm/pi5-1-os/.gitignore @@ -0,0 +1,2 @@ +result +./result \ No newline at end of file diff --git a/arm/pi5-1-os/Makefile b/arm/pi5-1-os/Makefile new file mode 100644 index 0000000..1dae1f4 --- /dev/null +++ b/arm/pi5-1-os/Makefile @@ -0,0 +1,36 @@ +# +# nixos/arm/pi5-1/Makefile +# +EXPECTED_HOSTNAME := pi5-1 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + #sudo nix flake update; + sudo nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake .#pi5-1 + +sync: + rsync -av /home/das/nixos/arm/pi5-1-os/ pi5-1:/home/das/nixos/arm/pi5-1-os/ + #rsync -av /home/das/nixos/modules/ hp2:/home/das/nixos/modules/ + +syncIP: + rsync -av /home/das/nixos/arm/pi5-1-os/ 172.16.40.122:/home/das/nixos/arm/pi5-1-os/ + #rsync -av /home/das/nixos/modules/ hp2:/home/das/nixos/modules/ + +# end diff --git a/arm/pi5-1-os/configuration.nix b/arm/pi5-1-os/configuration.nix new file mode 100644 index 0000000..0358c3a --- /dev/null +++ b/arm/pi5-1-os/configuration.nix @@ -0,0 +1,174 @@ +# +# nixos/arm/pi5-1-os +# + +#{ config, lib, pkgs, ... }: +{ inputs, config, lib, pkgs, ... }: + +{ + imports = [ + #./hardware-configuration.nix + ./il8n.nix + ./nodeExporter.nix + ./hosts.nix + ./docker-daemon.nix + ]; + + # Use the GRUB 2 boot loader. + #boot.loader.grub.enable = false; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + # Enables the generation of /boot/extlinux/extlinux.conf + #boot.loader.generic-extlinux-compatible.enable = true; + + #boot.loader.efi.canTouchEfiVariables = false; + + # kernel comes from the community package + # https://nixos.wiki/wiki/Linux_kernel + #boot.kernelPackages = pkgs.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi5; + #boot.kernelPackages = (import (builtins.fetchTarball https://gitlab.com/vriska/nix-rpi5/-/archive/main.tar.gz)).legacyPackages.aarch64-linux.linuxPackages_rpi5; + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + # https://gitlab.com/engmark/root/-/merge_requests/785/diffs + download-buffer-size = "500000000"; + }; + }; + + networking.hostName = "pi5-1"; + + networking.networkmanager.enable = false; + + services.lldpd.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + time.timeZone = "America/Los_Angeles"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + # users.extraGroups.docker.members = [ "das" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + wget + htop + btop + neofetch + tcpdump + iproute2 + hw-probe + lshw + gnumake + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + nixpkgs.config.allowUnfree = true; + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/arm/pi5-1-os/configuration.nix.nixos-generate-config b/arm/pi5-1-os/configuration.nix.nixos-generate-config new file mode 100644 index 0000000..44453c6 --- /dev/null +++ b/arm/pi5-1-os/configuration.nix.nixos-generate-config @@ -0,0 +1,127 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/arm/pi5-1-os/docker-daemon.nix b/arm/pi5-1-os/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/arm/pi5-1-os/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/arm/pi5-1-os/flake.lock b/arm/pi5-1-os/flake.lock new file mode 100644 index 0000000..1dafb6c --- /dev/null +++ b/arm/pi5-1-os/flake.lock @@ -0,0 +1,260 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "libcamera-src": { + "flake": false, + "locked": { + "lastModified": 1725630279, + "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=", + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + } + }, + "libpisp-src": { + "flake": false, + "locked": { + "lastModified": 1724944683, + "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=", + "owner": "raspberrypi", + "repo": "libpisp", + "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.0.7", + "repo": "libpisp", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "raspberry-pi-nix": { + "inputs": { + "libcamera-src": "libcamera-src", + "libpisp-src": "libpisp-src", + "nixpkgs": "nixpkgs_2", + "rpi-bluez-firmware-src": "rpi-bluez-firmware-src", + "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src", + "rpi-firmware-src": "rpi-firmware-src", + "rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src", + "rpi-linux-6_6_67-src": "rpi-linux-6_6_67-src", + "rpi-linux-stable-src": "rpi-linux-stable-src", + "rpicam-apps-src": "rpicam-apps-src", + "u-boot-src": "u-boot-src" + }, + "locked": { + "lastModified": 1736358780, + "narHash": "sha256-t8++2QSK+8Ed506NUmSG588wZKoBkJ+dlDxuFxNAF4Y=", + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "rev": "628e512d60fa99f8f49e73e39b7cedf9b968c282", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "raspberry-pi-nix": "raspberry-pi-nix" + } + }, + "rpi-bluez-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1708969706, + "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=", + "owner": "RPi-Distro", + "repo": "bluez-firmware", + "rev": "78d6a07730e2d20c035899521ab67726dc028e1c", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "bluez-firmware", + "type": "github" + } + }, + "rpi-firmware-nonfree-src": { + "flake": false, + "locked": { + "lastModified": 1723266537, + "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=", + "owner": "RPi-Distro", + "repo": "firmware-nonfree", + "rev": "4b356e134e8333d073bd3802d767a825adec3807", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "firmware-nonfree", + "type": "github" + } + }, + "rpi-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1728405098, + "narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=", + "owner": "raspberrypi", + "repo": "firmware", + "rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "1.20241008", + "repo": "firmware", + "type": "github" + } + }, + "rpi-linux-6_10_12-src": { + "flake": false, + "locked": { + "lastModified": 1728305462, + "narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.10.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-6_6_67-src": { + "flake": false, + "locked": { + "lastModified": 1734790986, + "narHash": "sha256-q9swM2TmmuzbUuQnbLZk5PseKWD7/SNPwtth6bpGIqE=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "811ff707533bcd67cdcd368bbd46223082009b12", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.6.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-stable-src": { + "flake": false, + "locked": { + "lastModified": 1728403745, + "narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "stable_20241008", + "repo": "linux", + "type": "github" + } + }, + "rpicam-apps-src": { + "flake": false, + "locked": { + "lastModified": 1727515047, + "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=", + "owner": "raspberrypi", + "repo": "rpicam-apps", + "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.5.2", + "repo": "rpicam-apps", + "type": "github" + } + }, + "u-boot-src": { + "flake": false, + "locked": { + "lastModified": 1719857238, + "narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=", + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + }, + "original": { + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/arm/pi5-1-os/flake.nix b/arm/pi5-1-os/flake.nix new file mode 100644 index 0000000..ad65d9d --- /dev/null +++ b/arm/pi5-1-os/flake.nix @@ -0,0 +1,60 @@ +{ + description = "pi5-1 Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + + raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; + + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ self, nixpkgs, raspberry-pi-nix, home-manager, ... }: + let + #system = "x86_64-linux"; + system = "aarch64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + basic-config = { pkgs, lib, ... }: { + # bcm2711 for rpi 3, 3+, 4, zero 2 w + # bcm2712 for rpi 5 + # See the docs at: + # https://www.raspberrypi.com/documentation/computers/linux_kernel.html#native-build-configuration + raspberry-pi-nix.board = "bcm2712"; + networking = { + hostName = "pi5-1"; + }; + }; + in { + nixosConfigurations = { + pi5-1 = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + modules = [ + raspberry-pi-nix.nixosModules.raspberry-pi raspberry-pi-nix.nixosModules.sd-image basic-config + ./configuration.nix + # home-manager.nixosModules.home-manager + # { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.users.das = import ./home.nix; + + # # Optionally, use home-manager.extraSpecialArgs to pass + # # arguments to home.nix + # } + ]; + }; + }; + }; +} diff --git a/arm/pi5-1-os/hardware-configuration.nix.nixos-generate-config b/arm/pi5-1-os/hardware-configuration.nix.nixos-generate-config new file mode 100644 index 0000000..0dd9c07 --- /dev/null +++ b/arm/pi5-1-os/hardware-configuration.nix.nixos-generate-config @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + fileSystems."/boot/firmware" = + { device = "/dev/mmcblk0p1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/arm/pi5-1-os/hosts.nix b/arm/pi5-1-os/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/arm/pi5-1-os/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/arm/pi5-1-os/il8n.nix b/arm/pi5-1-os/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/arm/pi5-1-os/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/arm/pi5-1-os/nodeExporter.nix b/arm/pi5-1-os/nodeExporter.nix new file mode 100644 index 0000000..31052e6 --- /dev/null +++ b/arm/pi5-1-os/nodeExporter.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/arm/pi5-1-os/readme.md b/arm/pi5-1-os/readme.md new file mode 100644 index 0000000..89e0915 --- /dev/null +++ b/arm/pi5-1-os/readme.md @@ -0,0 +1,36 @@ + + +pi5-1-os is the flake that was build on the pi5 + +pi5-community was used to build the sd card image + +https://github.com/nix-community/raspberry-pi-nix + +Best comment in the issue +https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2322817130 + +https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration + +``` +sudo nixos-generate-config +``` + + +https://nixos.wiki/wiki/NixOS_on_ARM + + +https://www.raspberrypi.com/documentation/computers/config_txt.html + + +``` +[das@pi5-1:~/nixos/arm/pi5-1-os]$ sudo dd if=/dev/mmcblk0 of=/dev/nvme0n1 bs=100M oflag=dsync status=progress +1677721600 bytes (1.7 GB, 1.6 GiB) copied, 10 s, 169 MB/s +``` + +``` +[das@pi5-1:~/nixos/arm/pi5-1-os]$ sudo dd if=/dev/mmcblk0 of=/dev/nvme0n1 bs=100M oflag=dsync status=progress +127865454592 bytes (128 GB, 119 GiB) copied, 1823 s, 70.1 MB/s +1219+1 records in +1219+1 records out +127865454592 bytes (128 GB, 119 GiB) copied, 1823.55 s, 70.1 MB/s +``` \ No newline at end of file diff --git a/arm/pi5-1/.gitignore b/arm/pi5-1/.gitignore new file mode 100644 index 0000000..89d56a0 --- /dev/null +++ b/arm/pi5-1/.gitignore @@ -0,0 +1,2 @@ +result +./result diff --git a/arm/pi5-1/Makefile b/arm/pi5-1/Makefile new file mode 100644 index 0000000..84c7da3 --- /dev/null +++ b/arm/pi5-1/Makefile @@ -0,0 +1,14 @@ + +# https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU +all: + nix build .#packages.aarch64-linux.sdcard + + +flash: + sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress + +# this was copied from video: https://www.youtube.com/watch?v=6Le0IbPRzOE +# time. 53.54 +# flash-to: +# zstdcat ./result/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img.zst && \ +# | sudo dd of=/dev/sda status=progres iflag=fullblock oflag=direct conv=fsync,noerror bs=64k \ No newline at end of file diff --git a/arm/pi5-1/extra-config.nix b/arm/pi5-1/extra-config.nix new file mode 100644 index 0000000..1123fd4 --- /dev/null +++ b/arm/pi5-1/extra-config.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: +{ + networking.firewall.enable = false; + + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + pkgs.openssh + ]; + + services.openssh.enable = true; +} diff --git a/arm/pi5-1/flake.lock b/arm/pi5-1/flake.lock new file mode 100644 index 0000000..9e1930b --- /dev/null +++ b/arm/pi5-1/flake.lock @@ -0,0 +1,63 @@ +{ + "nodes": { + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.11", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/arm/pi5-1/flake.nix b/arm/pi5-1/flake.nix new file mode 100644 index 0000000..e3532b8 --- /dev/null +++ b/arm/pi5-1/flake.nix @@ -0,0 +1,53 @@ +{ + description = "Base system for raspberry pi 5"; + inputs = { + nixpkgs.url = "nixpkgs/nixos-24.11"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, nixos-generators, ... }: + { + nixosModules = { + system = { + disabledModules = [ + "profiles/base.nix" + ]; + + system.stateVersion = "24.11"; + }; + users = { + users.users = { + das = { + password = "admin123"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + }; + }; + }; + + packages.aarch64-linux = { + sdcard = nixos-generators.nixosGenerate { + system = "aarch64-linux"; + format = "sd-aarch64"; + modules = [ + ./extra-config.nix + self.nixosModules.system + self.nixosModules.users + ( { ... }: { + config = { + sdImage.compressImage = false; + }; + }) + ]; + }; + }; + }; +} + diff --git a/arm/pi5-1/readme.md b/arm/pi5-1/readme.md new file mode 100644 index 0000000..8d7023c --- /dev/null +++ b/arm/pi5-1/readme.md @@ -0,0 +1,80 @@ + +https://www.youtube.com/watch?v=VIuPRL6Ucgk + +https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + +https://github.com/jason-m/whydoesnothing.work/tree/main/episode-5 + +``` +[das@t:~/nixos/arm/pi5-1]$ wget -O flake.nix https://raw.githubusercontent.com/jason-m/whydoesnothing.work/refs/heads/main/episode-5/flake.nix +--2025-01-21 06:15:44-- https://raw.githubusercontent.com/jason-m/whydoesnothing.work/refs/heads/main/episode-5/flake.nix +Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 2606:50c0:8002::154, 2606:50c0:8001::154, 2606:50c0:8000::154, ... +Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8002::154|:443... connected. +HTTP request sent, awaiting response... 200 OK +Length: 964 [text/plain] +Saving to: ‘flake.nix’ + +flake.nix 100%[======================================================================================================>] 964 --.-KB/s in 0s + +2025-01-21 06:15:44 (29.1 MB/s) - ‘flake.nix’ saved [964/964] + + +[das@t:~/nixos/arm/pi5-1]$ wget -O extra-config.nix https://raw.githubusercontent.com/jason-m/whydoesnothing.work/refs/heads/main/episode-5/extra-config.nix +--2025-01-21 06:16:06-- https://raw.githubusercontent.com/jason-m/whydoesnothing.work/refs/heads/main/episode-5/extra-config.nix +Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 2606:50c0:8003::154, 2606:50c0:8002::154, 2606:50c0:8001::154, ... +Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8003::154|:443... connected. +HTTP request sent, awaiting response... 200 OK +Length: 213 [text/plain] +Saving to: ‘extra-config.nix’ + +extra-config.nix 100%[======================================================================================================>] 213 --.-KB/s in 0s + +2025-01-21 06:16:06 (2.43 MB/s) - ‘extra-config.nix’ saved [213/213] +``` + +``` +[das@t:~/nixos/arm/pi5-1]$ sudo dd if=/nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img/sd-image/nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img of=/dev/sda bs=10MB oflag=dsync status=progress +90000000 bytes (90 MB, 86 MiB) copied, 6 s, 14.4 MB/s +``` + +``` +[das@t:~/nixos/arm/pi5-1]$ sudo fdisk -l /dev/sda +[sudo] password for das: +Disk /dev/sda: 29.73 GiB, 31927042048 bytes, 62357504 sectors +Disk model: Multi-Card +Units: sectors of 1 * 512 = 512 bytes +Sector size (logical/physical): 512 bytes / 512 bytes +I/O size (minimum/optimal): 512 bytes / 512 bytes +Disklabel type: dos +Disk identifier: 0x2178694e + +Device Boot Start End Sectors Size Id Type +/dev/sda1 16384 77823 61440 30M b W95 FAT32 +/dev/sda2 * 77824 4642695 4564872 2.2G 83 Linux +``` + + +``` +[das@t:~/nixos/arm/pi5-1]$ sudo tar cfz sda2.tar.gz /run/media/das/NIXOS_SD +[sudo] password for das: +tar: Removing leading `/' from member names +tar: Removing leading `/' from hard link targets + +[das@t:~/nixos/arm/pi5-1]$ sudo tar cfz sda1.tar.gz /run/media/das/FIRMWARE +tar: Removing leading `/' from member names + +[das@t:~/nixos/arm/pi5-1]$ ls -la +total 1002700 +drwxr-xr-x 2 das users 4096 Jan 21 13:38 . +drwxr-xr-x 3 das users 4096 Jan 21 06:15 .. +-rw-r--r-- 1 das users 209 Jan 21 06:21 extra-config.nix +-rw-r--r-- 1 das users 1566 Jan 21 06:23 flake.lock +-rw-r--r-- 1 das users 1237 Jan 21 08:51 flake.nix +-rw-r--r-- 1 das users 662 Jan 21 08:59 Makefile +-rw-r--r-- 1 das users 2278 Jan 21 08:58 readme.md +lrwxrwxrwx 1 das users 99 Jan 21 08:55 result -> /nix/store/z5bdj3iczgzm3qjgn6lvjswd0lmflkza-nixos-sd-image-24.11.20250119.107d5ef-aarch64-linux.img +-rw-r--r-- 1 das users 13499760 Jan 21 13:44 sda1.tar.gz +-rw-r--r-- 1 das users 1013224749 Jan 21 13:44 sda2.tar.gz +``` + + diff --git a/arm/pi5-community/Makefile b/arm/pi5-community/Makefile new file mode 100644 index 0000000..256c627 --- /dev/null +++ b/arm/pi5-community/Makefile @@ -0,0 +1,7 @@ + +build: + nix --experimental-features 'nix-command flakes' build '.#nixosConfigurations.myrpi5.config.system.build.sdImage' + #nix build '.#nixosConfigurations.myrpi5.config.system.build.sdImage' + +dd_to_sd: + zstdcat ./nixos-sd-image-24.11.20250120.ae584d9-aarch64-linux.img.zst | dd of=/dev/sda bs=10MB oflag=dsync status=progress diff --git a/arm/pi5-community/flake.lock b/arm/pi5-community/flake.lock new file mode 100644 index 0000000..2d69ad5 --- /dev/null +++ b/arm/pi5-community/flake.lock @@ -0,0 +1,238 @@ +{ + "nodes": { + "libcamera-src": { + "flake": false, + "locked": { + "lastModified": 1725630279, + "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=", + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + } + }, + "libpisp-src": { + "flake": false, + "locked": { + "lastModified": 1724944683, + "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=", + "owner": "raspberrypi", + "repo": "libpisp", + "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.0.7", + "repo": "libpisp", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737404927, + "narHash": "sha256-e1WgPJpIYbOuokjgylcsuoEUCB4Jl2rQXa2LUD6XAG8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ae584d90cbd0396a422289ee3efb1f1c9d141dc3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "raspberry-pi-nix": { + "inputs": { + "libcamera-src": "libcamera-src", + "libpisp-src": "libpisp-src", + "nixpkgs": "nixpkgs_2", + "rpi-bluez-firmware-src": "rpi-bluez-firmware-src", + "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src", + "rpi-firmware-src": "rpi-firmware-src", + "rpi-linux-6_10_12-src": "rpi-linux-6_10_12-src", + "rpi-linux-6_6_67-src": "rpi-linux-6_6_67-src", + "rpi-linux-stable-src": "rpi-linux-stable-src", + "rpicam-apps-src": "rpicam-apps-src", + "u-boot-src": "u-boot-src" + }, + "locked": { + "lastModified": 1736358780, + "narHash": "sha256-t8++2QSK+8Ed506NUmSG588wZKoBkJ+dlDxuFxNAF4Y=", + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "rev": "628e512d60fa99f8f49e73e39b7cedf9b968c282", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "raspberry-pi-nix": "raspberry-pi-nix" + } + }, + "rpi-bluez-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1708969706, + "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=", + "owner": "RPi-Distro", + "repo": "bluez-firmware", + "rev": "78d6a07730e2d20c035899521ab67726dc028e1c", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "bluez-firmware", + "type": "github" + } + }, + "rpi-firmware-nonfree-src": { + "flake": false, + "locked": { + "lastModified": 1723266537, + "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=", + "owner": "RPi-Distro", + "repo": "firmware-nonfree", + "rev": "4b356e134e8333d073bd3802d767a825adec3807", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "firmware-nonfree", + "type": "github" + } + }, + "rpi-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1728405098, + "narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=", + "owner": "raspberrypi", + "repo": "firmware", + "rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "1.20241008", + "repo": "firmware", + "type": "github" + } + }, + "rpi-linux-6_10_12-src": { + "flake": false, + "locked": { + "lastModified": 1728305462, + "narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.10.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-6_6_67-src": { + "flake": false, + "locked": { + "lastModified": 1734790986, + "narHash": "sha256-q9swM2TmmuzbUuQnbLZk5PseKWD7/SNPwtth6bpGIqE=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "811ff707533bcd67cdcd368bbd46223082009b12", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.6.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-stable-src": { + "flake": false, + "locked": { + "lastModified": 1728403745, + "narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "stable_20241008", + "repo": "linux", + "type": "github" + } + }, + "rpicam-apps-src": { + "flake": false, + "locked": { + "lastModified": 1727515047, + "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=", + "owner": "raspberrypi", + "repo": "rpicam-apps", + "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.5.2", + "repo": "rpicam-apps", + "type": "github" + } + }, + "u-boot-src": { + "flake": false, + "locked": { + "lastModified": 1719857238, + "narHash": "sha256-mJ2TBy0Y5ZtcGFgtU5RKr0UDUp5FWzojbFb+o/ebRJU=", + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + }, + "original": { + "type": "tarball", + "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/arm/pi5-community/flake.nix b/arm/pi5-community/flake.nix new file mode 100644 index 0000000..571c7dd --- /dev/null +++ b/arm/pi5-community/flake.nix @@ -0,0 +1,96 @@ +{ + description = "raspberry-pi-nix example"; + #nixConfig = { + # # Only during the first build, otherwise I don't want to allow such a binary cache + # extra-substituters = [ "https://nix-community.cachix.org" ]; + # extra-trusted-public-keys = [ + # "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + # ]; + #}; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; + }; + + outputs = { self, nixpkgs, raspberry-pi-nix }: + let + inherit (nixpkgs.lib) nixosSystem; + basic-config = { pkgs, lib, ... }: { + # bcm2711 for rpi 3, 3+, 4, zero 2 w + # bcm2712 for rpi 5 + # See the docs at: + # https://www.raspberrypi.com/documentation/computers/linux_kernel.html#native-build-configuration + raspberry-pi-nix.board = "bcm2712"; + + time.timeZone = "America/Los_Angeles"; + + users.users = { + das = { + password = "admin123"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + # openssh.authorizedKeys.keys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + # ]; + }; + }; + + networking = { + hostName = "myrpi5"; + #useDHCP = false; + #interfaces = { wlan0.useDHCP = true; }; + }; + + environment.systemPackages = with pkgs; [ + emacs + git + wget + # bluez + # bluez-tools + ]; + + services.openssh.enable = true; + + #services.lldpd.enable = true; + + # hardware = { + # bluetooth.enable = true; + # # TODO: check if needed + # # raspberry-pi = { + # # config = { + # # all = { + # # base-dt-params = { + # # # enable autoprobing of bluetooth driver + # # # https://github.com/raspberrypi/linux/blob/c8c99191e1419062ac8b668956d19e788865912a/arch/arm/boot/dts/overlays/README#L222-L224 + # # krnbt = { + # # enable = true; + # # value = "on"; + # # }; + # # }; + # # }; + # # }; + # # }; + # }; + system.stateVersion = "24.11"; + }; + + in + { + nixosConfigurations = { + myrpi5 = nixosSystem { + system = "aarch64-linux"; + modules = [ + raspberry-pi-nix.nixosModules.raspberry-pi raspberry-pi-nix.nixosModules.sd-image basic-config + + { + # https://nixos-and-flakes.thiscute.world/development/cross-platform-compilation#cross-compilation + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + nixpkgs.crossSystem.system = "aarch64-linux"; # "riscv64-linux" + } + ]; + }; + }; + }; +} diff --git a/arm/pi5-community/readme.md b/arm/pi5-community/readme.md new file mode 100644 index 0000000..79b1407 --- /dev/null +++ b/arm/pi5-community/readme.md @@ -0,0 +1,9 @@ + +pi5-1-os is the flake that was build on the pi5 + +pi5-community was used to build the sd card image + +https://github.com/NixOS/nixpkgs/issues/260754#issuecomment-2322817130 + + +nix build '.#nixosConfigurations.myrpi5.config.system.build.sdImage' \ No newline at end of file diff --git a/chromebox/chromebox3/Makefile b/chromebox/chromebox3/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/chromebox/chromebox3/flake.nix b/chromebox/chromebox3/flake.nix new file mode 100644 index 0000000..e69de29 diff --git a/chromebox/chromebox3/readme.md b/chromebox/chromebox3/readme.md new file mode 100644 index 0000000..e69de29 diff --git a/containers/clickhouse/.gitignore b/containers/clickhouse/.gitignore index ee0c388..66f2238 100644 --- a/containers/clickhouse/.gitignore +++ b/containers/clickhouse/.gitignore @@ -1,2 +1,3 @@ *.qcow2 result +./result \ No newline at end of file diff --git a/containers/memcache/.gitignore b/containers/memcache/.gitignore index ee0c388..66f2238 100644 --- a/containers/memcache/.gitignore +++ b/containers/memcache/.gitignore @@ -1,2 +1,3 @@ *.qcow2 result +./result \ No newline at end of file diff --git a/containers/nginx/.gitignore b/containers/nginx/.gitignore index ee0c388..66f2238 100644 --- a/containers/nginx/.gitignore +++ b/containers/nginx/.gitignore @@ -1,2 +1,3 @@ *.qcow2 result +./result \ No newline at end of file diff --git a/go/gojq/default.nix b/go/gojq/default.nix new file mode 100644 index 0000000..5d0ae11 --- /dev/null +++ b/go/gojq/default.nix @@ -0,0 +1,30 @@ +{ lib, buildGoModule, fetchFromGitHub, testers, gojq }: + +buildGoModule rec { + pname = "gojq"; + version = "0.12.16"; + + src = fetchFromGitHub { + owner = "itchyny"; + repo = pname; + rev = "v${version}"; + hash = "sha256-lCNh0J0vVvSJaNE9fu3X83YRZlWHOI4rQwmrGJDQWzk="; + }; + + vendorHash = "sha256-ZC0byawZLBwId5GcAgHXRdEOMUSAv4wDNHFHLrbhB+I="; + + ldflags = [ "-s" "-w" ]; + + passthru.tests.version = testers.testVersion { + package = gojq; + }; + + meta = with lib; { + description = "Pure Go implementation of jq"; + homepage = "https://github.com/itchyny/gojq"; + changelog = "https://github.com/itchyny/gojq/blob/v${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ aaronjheng ]; + mainProgram = "gojq"; + }; +} \ No newline at end of file diff --git a/go/xtcp2/default.nix b/go/xtcp2/default.nix new file mode 100644 index 0000000..ccf32e3 --- /dev/null +++ b/go/xtcp2/default.nix @@ -0,0 +1,31 @@ +# https://nixos.org/manual/nixpkgs/stable/#sec-language-go +{ + xtcp2 = buildGoModule rec { + pname = "xtcp2"; + version = "2.0.0"; + + src = fetchFromGitHub { + owner = "randomizedcoder"; + repo = "xtcp2"; + rev = "v${version}"; + hash = "sha256-qoAp8yAc4lJmlnHHcZskRzkleZ3Q5Gu3Lhk9u1jMR4g="; + }; + + vendorHash = "sha256-/5nH7zHg8zxWFgtVzSnfp7RZGvPWiuGSEyhx9fE2Pvo="; + + subPackages = [ + "cmd/xtcp2" + ]; + + #excludedPackages = [ "bench" ]; + + #ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://xtcp.io/"; + description = "xtcp2"; + changelog = "https://github.com/randomizedcoder/xtcp2/ChangeLog.md"; + license = licenses.mit; + }; + }; +} \ No newline at end of file diff --git a/go/xtcp2flake/flake.nix b/go/xtcp2flake/flake.nix new file mode 100644 index 0000000..f7e58ce --- /dev/null +++ b/go/xtcp2flake/flake.nix @@ -0,0 +1,31 @@ +{ + description = "minimalist Configurable Homelab Start Page"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-24.05"; + }; + + outputs = {nixpkgs, ...}: let + # you can also put any architecture you want to support here + # i.e. aarch64-darwin for never M1/2 macbooks + system = "x86_64-linux"; + pname = "float"; + in { + packages.${system} = let + pkgs = nixpkgs.legacyPackages.${system}; # this gives us access to nixpkgs as we are used to + in { + default = pkgs.buildGoModule { + name = pname; + src = fetchFromGitHub { + owner = "randomizedcoder"; + repo = "xtcp2"; + rev = "latest"; + #rev = "v2.0.0"; + sha256 = pkgs.lib.fakeSha256; + }; + + vendorSha256 = pkgs.lib.fakeSha256; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp0/Makefile b/hp/hp0/Makefile new file mode 100644 index 0000000..d4e8d66 --- /dev/null +++ b/hp/hp0/Makefile @@ -0,0 +1,28 @@ +# +# nixos/hp0/Makefile +# +EXPECTED_HOSTNAME := hp0 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo cp /home/das/nixos/modules/* /etc/nixos/ + sudo cp ./*.nix /etc/nixos/ + sudo nix-channel --update + sudo nixos-rebuild switch + +sync: + rsync -av /home/das/nixos/hp/hp0/ hp0:/home/das/nixos/hp0/ + rsync -av /home/das/nixos/modules/ hp0:/home/das/nixos/modules/ + +# end \ No newline at end of file diff --git a/hp/hp0/configuration.nix b/hp/hp0/configuration.nix new file mode 100644 index 0000000..fd80e81 --- /dev/null +++ b/hp/hp0/configuration.nix @@ -0,0 +1,103 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ./docker-daemon.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp0"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp0/firewall.nix b/hp/hp0/firewall.nix new file mode 120000 index 0000000..9a9f807 --- /dev/null +++ b/hp/hp0/firewall.nix @@ -0,0 +1 @@ +../../modules/firewall.nix \ No newline at end of file diff --git a/hp/hp0/grafana.nix b/hp/hp0/grafana.nix new file mode 120000 index 0000000..ca48f26 --- /dev/null +++ b/hp/hp0/grafana.nix @@ -0,0 +1 @@ +../../modules/grafana.nix \ No newline at end of file diff --git a/hp/hp0/hardware-configuration.nix b/hp/hp0/hardware-configuration.nix new file mode 100644 index 0000000..0f0208f --- /dev/null +++ b/hp/hp0/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1b9937be-2d96-4cfc-b8b4-eefebea96006"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6E73-1390"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp0/home-manager.nix b/hp/hp0/home-manager.nix new file mode 100644 index 0000000..a3a6a52 --- /dev/null +++ b/hp/hp0/home-manager.nix @@ -0,0 +1,113 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + }; + + home.packages = with pkgs; [ + # + hw-probe + # + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # debug + strace + # + ]; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + }; +} \ No newline at end of file diff --git a/hp/hp0/hosts.nix b/hp/hp0/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp0/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp0/locale.nix b/hp/hp0/locale.nix new file mode 120000 index 0000000..e2c0c30 --- /dev/null +++ b/hp/hp0/locale.nix @@ -0,0 +1 @@ +../../modules/locale.nix \ No newline at end of file diff --git a/hp/hp0/nixos_logo.nix b/hp/hp0/nixos_logo.nix new file mode 120000 index 0000000..c8e417f --- /dev/null +++ b/hp/hp0/nixos_logo.nix @@ -0,0 +1 @@ +../../modules/nixos_logo.nix \ No newline at end of file diff --git a/hp/hp0/nodeExporter.nix b/hp/hp0/nodeExporter.nix new file mode 120000 index 0000000..a5cf060 --- /dev/null +++ b/hp/hp0/nodeExporter.nix @@ -0,0 +1 @@ +../../modules/nodeExporter.nix \ No newline at end of file diff --git a/hp/hp0/prometheus.nix b/hp/hp0/prometheus.nix new file mode 120000 index 0000000..30976e5 --- /dev/null +++ b/hp/hp0/prometheus.nix @@ -0,0 +1 @@ +../../modules/prometheus.nix \ No newline at end of file diff --git a/hp/hp0/sound.nix b/hp/hp0/sound.nix new file mode 120000 index 0000000..f6f92fe --- /dev/null +++ b/hp/hp0/sound.nix @@ -0,0 +1 @@ +../../modules/sound.nix \ No newline at end of file diff --git a/hp/hp0/sysctl.nix b/hp/hp0/sysctl.nix new file mode 120000 index 0000000..a366ab3 --- /dev/null +++ b/hp/hp0/sysctl.nix @@ -0,0 +1 @@ +../../modules/sysctl.nix \ No newline at end of file diff --git a/hp/hp0/systemPackages.nix b/hp/hp0/systemPackages.nix new file mode 120000 index 0000000..f8e368a --- /dev/null +++ b/hp/hp0/systemPackages.nix @@ -0,0 +1 @@ +../../modules/systemPackages.nix \ No newline at end of file diff --git a/hp/hp0/systemdSystem.nix b/hp/hp0/systemdSystem.nix new file mode 120000 index 0000000..c8b73f0 --- /dev/null +++ b/hp/hp0/systemdSystem.nix @@ -0,0 +1 @@ +../../modules/systemdSystem.nix \ No newline at end of file diff --git a/hp/hp0/wireless.env b/hp/hp0/wireless.env new file mode 100644 index 0000000..fb44156 --- /dev/null +++ b/hp/hp0/wireless.env @@ -0,0 +1 @@ +PSK_DEVICES=performance diff --git a/hp/hp0/wireless.nix b/hp/hp0/wireless.nix new file mode 120000 index 0000000..0c2bb2e --- /dev/null +++ b/hp/hp0/wireless.nix @@ -0,0 +1 @@ +../../modules/wireless.nix \ No newline at end of file diff --git a/hp/hp0/wireless_desktop.nix b/hp/hp0/wireless_desktop.nix new file mode 120000 index 0000000..0407f00 --- /dev/null +++ b/hp/hp0/wireless_desktop.nix @@ -0,0 +1 @@ +../../modules/wireless_desktop.nix \ No newline at end of file diff --git a/hp/hp1/Makefile b/hp/hp1/Makefile new file mode 100644 index 0000000..0c20c05 --- /dev/null +++ b/hp/hp1/Makefile @@ -0,0 +1,56 @@ +# +# nixos/hp1/Makefile +# +EXPECTED_HOSTNAME := hp1 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + sudo nix flake update; + sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +sync: + rsync -av /home/das/nixos/hp/hp1/ hp1:/home/das/nixos/hp1/ + rsync -av /home/das/nixos/modules/ hp1:/home/das/nixos/modules/ + +# https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state +nuke_k8s: check_hostname delete_k8s + +delete_k8s: + sudo rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ + sudo rm -rf /etc/kube-flannel/ /etc/kubernetes/ + +nuke_k3s: check_hostname delete_k3s + +delete k3s: + sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s + k3s-killall.sh + +create_cert: +# Generate private key + openssl genrsa -out /var/lib/kubernetes/secrets/cluster-admin.pem 4096 + +# Generate CSR + openssl req -new -key /var/lib/kubernetes/secrets/cluster-admin.pem -out /var/lib/kubernetes/secrets/cluster-admin.csr + +# Issue certificate + openssl ca -config ./openssl_ca_config -in /var/lib/kubernetes/secrets/cluster-admin.csr -out /var/lib/kubernetes/secrets/cluster-admin.crt -days 365 -notext -batch + + + +# end diff --git a/hp/hp1/configuration.nix b/hp/hp1/configuration.nix new file mode 100644 index 0000000..9723839 --- /dev/null +++ b/hp/hp1/configuration.nix @@ -0,0 +1,145 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager + # sudo nix-channel --update + # tutorial + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + # + # + ./sysctl.nix + # ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ./docker-daemon.nix + #./k8s_master.nix + ./k3s_master.nix + #./k3s_node.nix + ./systemd.services.ethtool-enp3s0f0.nix + ./systemd.services.ethtool-enp3s0f1.nix + ]; + +# https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state +# rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ +# rm -rf /etc/kube-flannel/ /etc/kubernetes/ +# rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ /etc/kube-flannel/ /etc/kubernetes/ + + # Bootloader. + boot.loader.systemd-boot = { + enable = true; + #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp1"; + + services.lldpd.enable = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" "kubernetes" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp1/docker-daemon.nix b/hp/hp1/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/hp/hp1/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/hp/hp1/firewall.nix b/hp/hp1/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/hp/hp1/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hp/hp1/flake.lock b/hp/hp1/flake.lock new file mode 100644 index 0000000..41141bb --- /dev/null +++ b/hp/hp1/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1736549401, + "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hp/hp1/flake.nix b/hp/hp1/flake.nix new file mode 100644 index 0000000..87395ff --- /dev/null +++ b/hp/hp1/flake.nix @@ -0,0 +1,45 @@ +{ + description = "HP1 Flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + hp1 = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + modules = [ + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; + }; +} diff --git a/hp/hp1/grafana.nix b/hp/hp1/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/hp/hp1/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp1/hardware-configuration.nix b/hp/hp1/hardware-configuration.nix new file mode 100644 index 0000000..9f3c557 --- /dev/null +++ b/hp/hp1/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/5c842b7e-bd6b-4279-ba6e-a3b69d0a1ea7"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5787-090F"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/4b51441e-8157-4134-95cc-4f6cf92d17c6"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp1/home.nix b/hp/hp1/home.nix new file mode 100644 index 0000000..2722526 --- /dev/null +++ b/hp/hp1/home.nix @@ -0,0 +1,137 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + netcat-gnu + # for telnet + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # debug + strace + # + dive + # for pprof + graphviz + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + programs.home-manager.enable = true; + #}; +} diff --git a/hp/hp1/hosts.nix b/hp/hp1/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp1/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp1/il8n.nix b/hp/hp1/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp1/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp1/k3s_master.nix b/hp/hp1/k3s_master.nix new file mode 100644 index 0000000..f85714d --- /dev/null +++ b/hp/hp1/k3s_master.nix @@ -0,0 +1,68 @@ +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/docs/USAGE.md +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ + 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + ]; + networking.firewall.allowedUDPPorts = [ + # 8472 # k3s, flannel: required if using multi-node for inter-node networking + ]; + services.k3s = { + enable = true; + role = "server"; + # extraFlags: https://docs.k3s.io/cli/server + # extraFlags = toString [ + # # "--debug" # Optionally add additional args to k3s + # ]; + token = "notSecureToken"; # FIX ME use tokenFile + clusterInit = true; + }; + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + (wrapHelm kubernetes-helm { + plugins = with pkgs.kubernetes-helmPlugins; [ + helm-secrets + helm-diff + helm-s3 + helm-git + ]; + }) + # + fluxcd + fluxctl + ]; +} + +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml +# sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml \ No newline at end of file diff --git a/hp/hp1/k8s_master.nix b/hp/hp1/k8s_master.nix new file mode 100644 index 0000000..02a9cd7 --- /dev/null +++ b/hp/hp1/k8s_master.nix @@ -0,0 +1,98 @@ +# +# https://nixos.wiki/wiki/Kubernetes +# https://nixos.org/manual/nixos/stable/index.html#sec-kubernetes +# +# https://github.com/NixOS/nixpkgs/blob/release-24.05/nixos/modules/services/cluster/kubernetes/default.nix +# +# export KUBECONFIG=/etc/kubernetes/cluster-admin.kubeconfig +# +# fix permissions +# https://github.com/akibahmed229/nixos/blob/b131cbbe637470cc69ce862ba271a393c03a925b/modules/predefiend/nixos/kubernetes/default.nix#L48 +# +# * comment kubernetes-related code in configuration.nix +# * $ nixos-rebuild switch +# * clean up filesystem +# * $ rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ +# * $ rm -rf /etc/kube-flannel/ /etc/kubernetes/ +# * uncomment kubernetes-related code again +# * $ nixos-rebuild switch +# +{ config, pkgs, ... }: +let + # When using easyCerts=true the IP Address must resolve to the master on creation. + # So use simply 127.0.0.1 in that case. Otherwise you will have errors like this https://github.com/NixOS/nixpkgs/issues/59364 + # kubeMasterIP = "10.1.1.2"; + # kubeMasterHostname = "api.kube"; + # kubeMasterAPIServerPort = 6443; + # We already add this via hosts.nix + kubeMasterIP = "172.16.40.142"; + kubeMasterHostname = "hp1.home"; + kubeMasterAPIServerPort = 6443; +in +{ + # resolve master hostname + networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; + + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + kubernetes + kubernetes-helm + kubernetes-metrics-server + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + helm + # + fluxcd + fluxctl + ]; + + services.cfssl.enable = true; + + services.kubernetes = { + # master = apiserver, controllerManager, scheduler, addonManager, kube-proxy and etcd + # node = kubelet and kube-proxy only + roles = ["master" "node"]; + masterAddress = kubeMasterHostname; + apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + easyCerts = true; + # flannel.enable = true; # flannel is enabled by default + apiserver = { + securePort = kubeMasterAPIServerPort; + advertiseAddress = kubeMasterIP; + allowPrivileged = true; + }; + + addonManager.enable = true; + + # use coredns + addons.dns.enable = true; + + # needed if you use swap + kubelet.extraOpts = "--fail-swap-on=false"; + }; +} \ No newline at end of file diff --git a/hp/hp1/k8s_permissions b/hp/hp1/k8s_permissions new file mode 100644 index 0000000..2783a03 --- /dev/null +++ b/hp/hp1/k8s_permissions @@ -0,0 +1,119 @@ +Original permissions + +[das@hp1:~/nixos/hp1]$ ls -la /var/lib/kubernetes/secrets/ +total 132 +drwxr-xr-x 2 root root 4096 Nov 19 14:01 . +drwxr-xr-x 9 kubernetes kubernetes 4096 Nov 19 13:31 .. +lrwxrwxrwx 1 root root 30 Nov 19 13:30 apitoken.secret -> /var/lib/cfssl/apitoken.secret +-rw-r--r-- 1 root root 1257 Nov 19 13:30 ca.pem +-rw------- 1 root nogroup 1675 Nov 19 13:30 cluster-admin-key.pem +-rw-r--r-- 1 root root 1289 Nov 19 13:30 cluster-admin.pem +-rw------- 1 etcd nogroup 1675 Nov 19 13:31 etcd-key.pem +-rw-r--r-- 1 root root 1310 Nov 19 13:31 etcd.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 13:31 flannel-client-key.pem +-rw-r--r-- 1 root root 1257 Nov 19 13:31 flannel-client.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 14:01 kube-addon-manager-key.pem +-rw-r--r-- 1 root root 1237 Nov 19 14:01 kube-addon-manager.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 13:31 kube-apiserver-etcd-client-key.pem +-rw-r--r-- 1 root root 1249 Nov 19 13:31 kube-apiserver-etcd-client.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 13:31 kube-apiserver-key.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 14:01 kube-apiserver-kubelet-client-key.pem +-rw-r--r-- 1 root root 1233 Nov 19 14:01 kube-apiserver-kubelet-client.pem +-rw-r--r-- 1 root root 1371 Nov 19 13:31 kube-apiserver.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 13:31 kube-apiserver-proxy-client-key.pem +-rw-r--r-- 1 root root 1269 Nov 19 13:31 kube-apiserver-proxy-client.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 14:01 kube-controller-manager-client-key.pem +-rw-r--r-- 1 root root 1245 Nov 19 14:01 kube-controller-manager-client.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 13:31 kube-controller-manager-key.pem +-rw-r--r-- 1 root root 1285 Nov 19 13:31 kube-controller-manager.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 14:01 kubelet-client-key.pem +-rw-r--r-- 1 root root 1253 Nov 19 14:01 kubelet-client.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 13:31 kubelet-key.pem +-rw-r--r-- 1 root root 1229 Nov 19 13:31 kubelet.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 14:01 kube-proxy-client-key.pem +-rw-r--r-- 1 root root 1224 Nov 19 14:01 kube-proxy-client.pem +-rw------- 1 kubernetes nogroup 1679 Nov 19 14:01 kube-scheduler-client-key.pem +-rw-r--r-- 1 root root 1233 Nov 19 14:01 kube-scheduler-client.pem +-rw------- 1 kubernetes nogroup 1675 Nov 19 14:00 service-account-key.pem +-rw-r--r-- 1 root root 1241 Nov 19 14:00 service-account.pem + +sudo chown kubernetes:kubernetes /var/lib/kubernetes/secrets/* + +lrwxrwxrwx 1 root root 30 Nov 19 13:30 apitoken.secret -> /var/lib/cfssl/apitoken.secret +-rw-r--r-- 1 kubernetes kubernetes 1257 Nov 19 13:30 ca.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 13:30 cluster-admin-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1289 Nov 19 13:30 cluster-admin.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 13:31 etcd-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1310 Nov 19 13:31 etcd.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 13:31 flannel-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1257 Nov 19 13:31 flannel-client.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 14:01 kube-addon-manager-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1237 Nov 19 14:01 kube-addon-manager.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 13:31 kube-apiserver-etcd-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1249 Nov 19 13:31 kube-apiserver-etcd-client.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 13:31 kube-apiserver-key.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 14:01 kube-apiserver-kubelet-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1233 Nov 19 14:01 kube-apiserver-kubelet-client.pem +-rw-r--r-- 1 kubernetes kubernetes 1371 Nov 19 13:31 kube-apiserver.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 13:31 kube-apiserver-proxy-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1269 Nov 19 13:31 kube-apiserver-proxy-client.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 14:31 kube-controller-manager-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1245 Nov 19 14:31 kube-controller-manager-client.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 13:31 kube-controller-manager-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1285 Nov 19 13:31 kube-controller-manager.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 14:01 kubelet-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1253 Nov 19 14:01 kubelet-client.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 13:31 kubelet-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1229 Nov 19 13:31 kubelet.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 14:31 kube-proxy-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1224 Nov 19 14:31 kube-proxy-client.pem +-rw------- 1 kubernetes kubernetes 1679 Nov 19 14:31 kube-scheduler-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1233 Nov 19 14:31 kube-scheduler-client.pem +-rw------- 1 kubernetes kubernetes 1675 Nov 19 14:30 service-account-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1241 Nov 19 14:30 service-account.pem + +sudo chmod 660 /var/lib/kubernetes/secrets/*-key.pem + +[das@hp1:~/nixos/hp1]$ ls -la /var/lib/kubernetes/secrets/ +total 132 +drwxr-xr-x 2 root root 4096 Nov 19 14:32 . +drwxr-xr-x 9 kubernetes kubernetes 4096 Nov 19 13:31 .. +lrwxrwxrwx 1 root root 30 Nov 19 13:30 apitoken.secret -> /var/lib/cfssl/apitoken.secret +-rw-r--r-- 1 kubernetes kubernetes 1257 Nov 19 13:30 ca.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 13:30 cluster-admin-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1289 Nov 19 13:30 cluster-admin.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 13:31 etcd-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1310 Nov 19 13:31 etcd.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 13:31 flannel-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1257 Nov 19 13:31 flannel-client.pem +-rw-rw---- 1 kubernetes nogroup 1675 Nov 19 14:32 kube-addon-manager-key.pem +-rw-r--r-- 1 root root 1237 Nov 19 14:32 kube-addon-manager.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 13:31 kube-apiserver-etcd-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1249 Nov 19 13:31 kube-apiserver-etcd-client.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 13:31 kube-apiserver-key.pem +-rw-rw---- 1 kubernetes nogroup 1679 Nov 19 14:32 kube-apiserver-kubelet-client-key.pem +-rw-r--r-- 1 root root 1233 Nov 19 14:32 kube-apiserver-kubelet-client.pem +-rw-r--r-- 1 kubernetes kubernetes 1371 Nov 19 13:31 kube-apiserver.pem +-rw-rw---- 1 kubernetes kubernetes 1679 Nov 19 13:31 kube-apiserver-proxy-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1269 Nov 19 13:31 kube-apiserver-proxy-client.pem +-rw-rw---- 1 kubernetes kubernetes 1679 Nov 19 14:31 kube-controller-manager-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1245 Nov 19 14:31 kube-controller-manager-client.pem +-rw-rw---- 1 kubernetes kubernetes 1679 Nov 19 13:31 kube-controller-manager-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1285 Nov 19 13:31 kube-controller-manager.pem +-rw-rw---- 1 kubernetes nogroup 1675 Nov 19 14:32 kubelet-client-key.pem +-rw-r--r-- 1 root root 1253 Nov 19 14:32 kubelet-client.pem +-rw-rw---- 1 kubernetes kubernetes 1679 Nov 19 13:31 kubelet-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1229 Nov 19 13:31 kubelet.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 14:31 kube-proxy-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1224 Nov 19 14:31 kube-proxy-client.pem +-rw-rw---- 1 kubernetes kubernetes 1679 Nov 19 14:31 kube-scheduler-client-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1233 Nov 19 14:31 kube-scheduler-client.pem +-rw-rw---- 1 kubernetes kubernetes 1675 Nov 19 14:30 service-account-key.pem +-rw-r--r-- 1 kubernetes kubernetes 1241 Nov 19 14:30 service-account.pem + + + + + +sudo chown kubernetes:kubernetes /var/lib/kubernetes/secrets/* +sudo chmod 660 /var/lib/kubernetes/secrets/* \ No newline at end of file diff --git a/hp/hp1/kube-apiserver_command b/hp/hp1/kube-apiserver_command new file mode 100644 index 0000000..e9a5e30 --- /dev/null +++ b/hp/hp1/kube-apiserver_command @@ -0,0 +1,27 @@ +sudo /nix/store/sr8i1xkhl1v0hxr5n0kd8rbsyp9zwlj5-kubernetes-1.30.1/bin/kube-apiserver \ + --allow-privileged=false \ + --authorization-mode=RBAC,Node \ + --bind-address=0.0.0.0 \ + --advertise-address=172.16.40.142 \ + --client-ca-file=/var/lib/kubernetes/secrets/ca.pem \ + --disable-admission-plugins= \ + --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction \ + --etcd-servers=https://etcd.local:2379 \ + --etcd-cafile=/var/lib/kubernetes/secrets/ca.pem \ + --etcd-certfile=/var/lib/kubernetes/secrets/kube-apiserver-etcd-client.pem \ + --etcd-keyfile=/var/lib/kubernetes/secrets/kube-apiserver-etcd-client-key.pem \ + --kubelet-certificate-authority=/var/lib/kubernetes/secrets/ca.pem \ + --kubelet-client-certificate=/var/lib/kubernetes/secrets/kube-apiserver-kubelet-client.pem \ + --kubelet-client-key=/var/lib/kubernetes/secrets/kube-apiserver-kubelet-client-key.pem \ + --proxy-client-cert-file=/var/lib/kubernetes/secrets/kube-apiserver-proxy-client.pem \ + --proxy-client-key-file=/var/lib/kubernetes/secrets/kube-apiserver-proxy-client-key.pem \ + --runtime-config=authentication.k8s.io/v1beta1=true \ + --secure-port=6443 \ + --api-audiences=api,https://kubernetes.default.svc \ + --service-account-issuer=https://kubernetes.default.svc \ + --service-account-signing-key-file=/var/lib/kubernetes/secrets/service-account-key.pem \ + --service-account-key-file=/var/lib/kubernetes/secrets/service-account.pem \ + --service-cluster-ip-range=10.0.0.0/24 \ + --storage-backend=etcd3 \ + --tls-cert-file=/var/lib/kubernetes/secrets/kube-apiserver.pem \ + --tls-private-key-file=/var/lib/kubernetes/secrets/kube-apiserver-key.pem \ No newline at end of file diff --git a/hp/hp1/locale.nix b/hp/hp1/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp1/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp1/nixos_logo.nix b/hp/hp1/nixos_logo.nix new file mode 100644 index 0000000..468901d --- /dev/null +++ b/hp/hp1/nixos_logo.nix @@ -0,0 +1,10 @@ +# ███▄ █ ██▓ ▒██ ██▒ ▒█████ ██████ +# ██ ▀█ █ ▓██▒ ▒▒ █ █ ▒░ ▒██▒ ██▒ ▒██ ▒ +# ▓██ ▀█ ██▒ ▒██▒ ░░ █ ░ ▒██░ ██▒ ░ ▓██▄ +# ▓██▒ ▐▌██▒ ░██░ ░ █ █ ▒ ▒██ ██░ ▒ ██▒ +# ▒██░ ▓██░ ░██░ ▒██▒ ▒██▒ ░ ████▓▒░ ▒██████▒▒ +# ░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░ +# ░ ░░ ░ ▒░ ▒ ░ ░░ ░▒ ░ ░ ▒ ▒░ ░ ░▒ ░ ░ +# ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ +# ░ ░ ░ ░ ░ ░ ░ +# https://github.com/tolgaerok/nixos-2405-gnome/blob/main/configuration.nix \ No newline at end of file diff --git a/hp/hp1/nodeExporter.nix b/hp/hp1/nodeExporter.nix new file mode 100644 index 0000000..1ea764b --- /dev/null +++ b/hp/hp1/nodeExporter.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/hp/hp1/openssl_ca_config b/hp/hp1/openssl_ca_config new file mode 100644 index 0000000..c8ae7c5 --- /dev/null +++ b/hp/hp1/openssl_ca_config @@ -0,0 +1,18 @@ +[ req ] +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +prompt = no + +[ req_distinguished_name ] +C = IN +ST = Dave +L = Dave +O = Dave +OU = Dave Organizational Unit +CN = RootCA + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical,CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign \ No newline at end of file diff --git a/hp/hp1/prometheus.nix b/hp/hp1/prometheus.nix new file mode 100644 index 0000000..0f3e1c7 --- /dev/null +++ b/hp/hp1/prometheus.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; +} \ No newline at end of file diff --git a/hp/hp1/readme.md b/hp/hp1/readme.md new file mode 100644 index 0000000..4b57461 --- /dev/null +++ b/hp/hp1/readme.md @@ -0,0 +1,10 @@ + + +export KUBECONFIG=/etc/rancher/k3s/k3s.yaml +sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml + +export KUBECONFIG=./k3s.yaml +kubectl --namespace pyroscope-test port-forward svc/pyroscope 4040:4040 + + +http://pyroscope.pyroscope-test.svc.cluster.local.:4040 \ No newline at end of file diff --git a/hp/hp1/sysctl.nix b/hp/hp1/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/hp/hp1/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp1/systemPackages.nix b/hp/hp1/systemPackages.nix new file mode 100644 index 0000000..99c5975 --- /dev/null +++ b/hp/hp1/systemPackages.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + ]; +} diff --git a/hp/hp1/systemd.services.ethtool-enp3s0f0.nix b/hp/hp1/systemd.services.ethtool-enp3s0f0.nix new file mode 100644 index 0000000..593654e --- /dev/null +++ b/hp/hp1/systemd.services.ethtool-enp3s0f0.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f0 = { + description = "ethtool-enp3s0f0"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f0 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp1/systemd.services.ethtool-enp3s0f1.nix b/hp/hp1/systemd.services.ethtool-enp3s0f1.nix new file mode 100644 index 0000000..b4b12e2 --- /dev/null +++ b/hp/hp1/systemd.services.ethtool-enp3s0f1.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f1 = { + description = "ethtool-enp3s0f1"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f1 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp1/wireless.env b/hp/hp1/wireless.env new file mode 100644 index 0000000..fb44156 --- /dev/null +++ b/hp/hp1/wireless.env @@ -0,0 +1 @@ +PSK_DEVICES=performance diff --git a/hp/hp1/wireless.nix b/hp/hp1/wireless.nix new file mode 100644 index 0000000..7c02b5e --- /dev/null +++ b/hp/hp1/wireless.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + #environmentFile = "/home/das/wireless.env"; + networks."devices".psk = "performance"; + #networks."devices".psk = "@PSK_DEVICES@"; + extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel"; + # output ends up in /run/wpa_supplicant/wpa_supplicant.conf + }; + # https://linux.die.net/man/5/wpa_supplicant.conf + # https://nixos.wiki/wiki/Wpa_supplicant + # https://nixos.org/manual/nixos/stable/options#opt-networking.wireless.environmentFile + # https://blog.stigok.com/2021/05/04/getting-wpa-cli-to-work-in-nixos.html +} \ No newline at end of file diff --git a/hp/hp2/Makefile b/hp/hp2/Makefile new file mode 100644 index 0000000..51e5bf8 --- /dev/null +++ b/hp/hp2/Makefile @@ -0,0 +1,37 @@ +# +# nixos/hp2/Makefile +# +EXPECTED_HOSTNAME := hp2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + sudo nix flake update; + sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +sync: + rsync -av /home/das/nixos/hp/hp2/ hp2:/home/das/nixos/hp2/ + rsync -av /home/das/nixos/modules/ hp2:/home/das/nixos/modules/ + +nuke_k3s: check_hostname delete_k3s + +delete k3s: + sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s + k3s-killall.sh + +# end diff --git a/hp/hp2/configuration.nix b/hp/hp2/configuration.nix new file mode 100644 index 0000000..3527238 --- /dev/null +++ b/hp/hp2/configuration.nix @@ -0,0 +1,145 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager + # sudo nix-channel --update + # tutorial + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + # + # + ./sysctl.nix + # ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + #./home.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ./docker-daemon.nix + #./k8s_node.nix + #./k3s_master.nix + ./k3s_node.nix + ./systemd.services.ethtool-enp3s0f0.nix + ./systemd.services.ethtool-enp3s0f1.nix + ]; + +# https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state +# rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ +# rm -rf /etc/kube-flannel/ /etc/kubernetes/ +# rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ /etc/kube-flannel/ /etc/kubernetes/ + + # Bootloader. + boot.loader.systemd-boot = { + enable = true; + #consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp2"; + + services.lldpd.enable = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" "kubernetes" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp2/docker-daemon.nix b/hp/hp2/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/hp/hp2/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/hp/hp2/firewall.nix b/hp/hp2/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/hp/hp2/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hp/hp2/flake.lock b/hp/hp2/flake.lock new file mode 100644 index 0000000..f0313e3 --- /dev/null +++ b/hp/hp2/flake.lock @@ -0,0 +1,49 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hp/hp2/flake.nix b/hp/hp2/flake.nix new file mode 100644 index 0000000..8ad66fb --- /dev/null +++ b/hp/hp2/flake.nix @@ -0,0 +1,45 @@ +{ + description = "HP2 Flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + hp2 = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + modules = [ + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; + }; +} diff --git a/hp/hp2/grafana.nix b/hp/hp2/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/hp/hp2/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp2/hardware-configuration.nix b/hp/hp2/hardware-configuration.nix new file mode 100644 index 0000000..d3d796c --- /dev/null +++ b/hp/hp2/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9fc7f9a1-f531-41d2-8365-fb6dc7790918"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F6A5-7CBE"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a98f1a3e-90c4-40c8-9d62-92be5eebee5e"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp2/home-manager.nix b/hp/hp2/home-manager.nix new file mode 100644 index 0000000..4c3546a --- /dev/null +++ b/hp/hp2/home-manager.nix @@ -0,0 +1,120 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + }; + + home.packages = with pkgs; [ + # + hw-probe + # + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + netcat-gnu + # for telnet + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # debug + strace + # + dive + # for pprof + graphviz + ]; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + }; +} diff --git a/hp/hp2/home.nix b/hp/hp2/home.nix new file mode 100644 index 0000000..2722526 --- /dev/null +++ b/hp/hp2/home.nix @@ -0,0 +1,137 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + netcat-gnu + # for telnet + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # debug + strace + # + dive + # for pprof + graphviz + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + programs.home-manager.enable = true; + #}; +} diff --git a/hp/hp2/hosts.nix b/hp/hp2/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp2/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp2/il8n.nix b/hp/hp2/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp2/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp2/k3s_node.nix b/hp/hp2/k3s_node.nix new file mode 100644 index 0000000..d93386f --- /dev/null +++ b/hp/hp2/k3s_node.nix @@ -0,0 +1,73 @@ +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/docs/USAGE.md +{ config, pkgs, ... }: +let + kubeMasterIP = "172.16.40.142"; + kubeMasterHostname = "hp1"; + kubeMasterAPIServerPort = 6443; +in +{ + networking.firewall.allowedTCPPorts = [ + 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + ]; + networking.firewall.allowedUDPPorts = [ + # 8472 # k3s, flannel: required if using multi-node for inter-node networking + ]; + services.k3s = { + enable = true; + role = "server"; + # extraFlags = toString [ + # # "--debug" # Optionally add additional args to k3s + # ]; + token = "notSecureToken"; # FIX ME use tokenFile + clusterInit = true; # must be false for "agent" + serverAddr = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + }; + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + (wrapHelm kubernetes-helm { + plugins = with pkgs.kubernetes-helmPlugins; [ + helm-secrets + helm-diff + helm-s3 + helm-git + ]; + }) + # + fluxcd + fluxctl + ]; +} + +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml +# sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml \ No newline at end of file diff --git a/hp/hp2/k8s_node.nix b/hp/hp2/k8s_node.nix new file mode 100644 index 0000000..98f3ed4 --- /dev/null +++ b/hp/hp2/k8s_node.nix @@ -0,0 +1,47 @@ +# +# https://nixos.wiki/wiki/Kubernetes +# https://nixos.org/manual/nixos/stable/index.html#sec-kubernetes +# +# https://github.com/NixOS/nixpkgs/blob/release-24.05/nixos/modules/services/cluster/kubernetes/default.nix +# +{ config, pkgs, ... }: +let + kubeMasterIP = "172.16.40.142"; + kubeMasterHostname = "hp1.home"; + kubeMasterAPIServerPort = 6443; +in +{ + # resolve master hostname + networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; + + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + kubernetes + istioctl + krew + kubevirt + ]; + + services.kubernetes = let + api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + in + { + roles = ["node"]; + masterAddress = kubeMasterHostname; + easyCerts = true; + + # point kubelet and other services to kube-apiserver + kubelet.kubeconfig.server = api; + apiserverAddress = api; + + #addonManager.enable = true; + + # use coredns + addons.dns.enable = true; + + # needed if you use swap + kubelet.extraOpts = "--fail-swap-on=false"; + }; +} \ No newline at end of file diff --git a/hp/hp2/locale.nix b/hp/hp2/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp2/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp2/nixos_logo.nix b/hp/hp2/nixos_logo.nix new file mode 100644 index 0000000..468901d --- /dev/null +++ b/hp/hp2/nixos_logo.nix @@ -0,0 +1,10 @@ +# ███▄ █ ██▓ ▒██ ██▒ ▒█████ ██████ +# ██ ▀█ █ ▓██▒ ▒▒ █ █ ▒░ ▒██▒ ██▒ ▒██ ▒ +# ▓██ ▀█ ██▒ ▒██▒ ░░ █ ░ ▒██░ ██▒ ░ ▓██▄ +# ▓██▒ ▐▌██▒ ░██░ ░ █ █ ▒ ▒██ ██░ ▒ ██▒ +# ▒██░ ▓██░ ░██░ ▒██▒ ▒██▒ ░ ████▓▒░ ▒██████▒▒ +# ░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░ +# ░ ░░ ░ ▒░ ▒ ░ ░░ ░▒ ░ ░ ▒ ▒░ ░ ░▒ ░ ░ +# ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ +# ░ ░ ░ ░ ░ ░ ░ +# https://github.com/tolgaerok/nixos-2405-gnome/blob/main/configuration.nix \ No newline at end of file diff --git a/hp/hp2/nodeExporter.nix b/hp/hp2/nodeExporter.nix new file mode 100644 index 0000000..1ea764b --- /dev/null +++ b/hp/hp2/nodeExporter.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/hp/hp2/prometheus.nix b/hp/hp2/prometheus.nix new file mode 100644 index 0000000..0f3e1c7 --- /dev/null +++ b/hp/hp2/prometheus.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; +} \ No newline at end of file diff --git a/hp/hp2/readme.md b/hp/hp2/readme.md new file mode 100644 index 0000000..4b57461 --- /dev/null +++ b/hp/hp2/readme.md @@ -0,0 +1,10 @@ + + +export KUBECONFIG=/etc/rancher/k3s/k3s.yaml +sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml + +export KUBECONFIG=./k3s.yaml +kubectl --namespace pyroscope-test port-forward svc/pyroscope 4040:4040 + + +http://pyroscope.pyroscope-test.svc.cluster.local.:4040 \ No newline at end of file diff --git a/hp/hp2/sysctl.nix b/hp/hp2/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/hp/hp2/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp2/systemPackages.nix b/hp/hp2/systemPackages.nix new file mode 100644 index 0000000..6b871b1 --- /dev/null +++ b/hp/hp2/systemPackages.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + ]; +} \ No newline at end of file diff --git a/hp/hp2/systemd.services.ethtool-enp3s0f0.nix b/hp/hp2/systemd.services.ethtool-enp3s0f0.nix new file mode 100644 index 0000000..593654e --- /dev/null +++ b/hp/hp2/systemd.services.ethtool-enp3s0f0.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f0 = { + description = "ethtool-enp3s0f0"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f0 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp2/systemd.services.ethtool-enp3s0f1.nix b/hp/hp2/systemd.services.ethtool-enp3s0f1.nix new file mode 100644 index 0000000..b4b12e2 --- /dev/null +++ b/hp/hp2/systemd.services.ethtool-enp3s0f1.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f1 = { + description = "ethtool-enp3s0f1"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f1 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp2/systemdSystem.nix b/hp/hp2/systemdSystem.nix new file mode 100644 index 0000000..5b04c17 --- /dev/null +++ b/hp/hp2/systemdSystem.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +{ + # https://github.com/NixOS/nixpkgs/blob/095f1acb70302bd74cd5f3ab02a64bdfac36daa8/nixos/modules/system/boot/systemd.nix#L534 + # https://discourse.nixos.org/t/overriding-modifying-systemd-unit-file/45621/7 + + # https://mynixos.com/nixpkgs/options/systemd + systemd.extraConfig = "CPUAffinity=4-7"; + + #https://mynixos.com/options/systemd.user + systemd.user.extraConfig = "CPUAffinity=4-7"; + # create your own service + # https://discourse.nixos.org/t/how-to-use-toplevel-overrides-for-systemd/12501 +} \ No newline at end of file diff --git a/hp/hp2/wireless.env b/hp/hp2/wireless.env new file mode 100644 index 0000000..fb44156 --- /dev/null +++ b/hp/hp2/wireless.env @@ -0,0 +1 @@ +PSK_DEVICES=performance diff --git a/hp/hp2/wireless.nix b/hp/hp2/wireless.nix new file mode 100644 index 0000000..7c02b5e --- /dev/null +++ b/hp/hp2/wireless.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + #environmentFile = "/home/das/wireless.env"; + networks."devices".psk = "performance"; + #networks."devices".psk = "@PSK_DEVICES@"; + extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel"; + # output ends up in /run/wpa_supplicant/wpa_supplicant.conf + }; + # https://linux.die.net/man/5/wpa_supplicant.conf + # https://nixos.wiki/wiki/Wpa_supplicant + # https://nixos.org/manual/nixos/stable/options#opt-networking.wireless.environmentFile + # https://blog.stigok.com/2021/05/04/getting-wpa-cli-to-work-in-nixos.html +} \ No newline at end of file diff --git a/hp/hp2/wireless_desktop.nix b/hp/hp2/wireless_desktop.nix new file mode 100644 index 0000000..2a0c0c3 --- /dev/null +++ b/hp/hp2/wireless_desktop.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking = { + networkmanager = { + enable = true; + wifi.powersave = true; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/hp/hp3/configuration.nix b/hp/hp3/configuration.nix new file mode 100644 index 0000000..ea76cf6 --- /dev/null +++ b/hp/hp3/configuration.nix @@ -0,0 +1,110 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ./docker-daemon.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp3"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + networking.interfaces.enp1s0f0.useDHCP = false; + networking.interfaces.enp1s0f1.useDHCP = false; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f0.disable_ipv6" = true; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f1.disable_ipv6" = true; + + services.lldpd.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp3/hardware-configuration.nix b/hp/hp3/hardware-configuration.nix new file mode 100644 index 0000000..9f914b6 --- /dev/null +++ b/hp/hp3/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/21e4f4e0-b8ec-4024-839f-820af51a27ec"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/CC67-5B9D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a6da1204-1444-4e5a-a27f-b4cc64d7f320"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp3/hosts.nix b/hp/hp3/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp3/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp3/wireless.env b/hp/hp3/wireless.env new file mode 100644 index 0000000..fb44156 --- /dev/null +++ b/hp/hp3/wireless.env @@ -0,0 +1 @@ +PSK_DEVICES=performance diff --git a/hp/hp4/Makefile b/hp/hp4/Makefile new file mode 100644 index 0000000..de94510 --- /dev/null +++ b/hp/hp4/Makefile @@ -0,0 +1,47 @@ +# +# nixos/hp4/Makefile +# +EXPECTED_HOSTNAME := hp4 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo cp /home/das/nixos/modules/* /etc/nixos/ + sudo cp ./*.nix /etc/nixos/ + sudo nix-channel --update + sudo nixos-rebuild switch + +sync: + rsync -av /home/das/nixos/hp/hp4/ hp4:/home/das/nixos/hp4/ + rsync -av /home/das/nixos/modules/ hp4:/home/das/nixos/modules/ + +# https://nixos.wiki/wiki/Kubernetes#reset_to_a_clean_state +nuke_k8s: check_hostname delete_k8s + +delete_k8s: + sudo rm -rf /var/lib/kubernetes/ /var/lib/etcd/ /var/lib/cfssl/ /var/lib/kubelet/ + sudo rm -rf /etc/kube-flannel/ /etc/kubernetes/ + +create_cert: +# Generate private key + openssl genrsa -out /var/lib/kubernetes/secrets/cluster-admin.pem 4096 + +# Generate CSR + openssl req -new -key /var/lib/kubernetes/secrets/cluster-admin.pem -out /var/lib/kubernetes/secrets/cluster-admin.csr + +# Issue certificate + openssl ca -config ./openssl_ca_config -in /var/lib/kubernetes/secrets/cluster-admin.csr -out /var/lib/kubernetes/secrets/cluster-admin.crt -days 365 -notext -batch + + + +# end diff --git a/hp/hp4/configuration.nix b/hp/hp4/configuration.nix new file mode 100644 index 0000000..098516b --- /dev/null +++ b/hp/hp4/configuration.nix @@ -0,0 +1,164 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + #./trafficserver.nix + ]; + + # https://nixos.wiki/wiki/Nix_Cookbook + nix.gc.automatic = true; + nix.settings.auto-optimise-store = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp4"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + networking.interfaces.enp1s0f0.useDHCP = false; + networking.interfaces.enp1s0f0np0.useDHCP = false; + networking.interfaces.enp1s0f1.useDHCP = false; + networking.interfaces.enp1s0f1np1.useDHCP = false; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f0.disable_ipv6" = true; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f0np0.disable_ipv6" = true; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f1.disable_ipv6" = true; + boot.kernel.sysctl."net.ipv6.conf.enp1s0f1np1.disable_ipv6" = true; + # networking.interfaces.enp1s0f0.ipv4.addresses = [{ + # address = "76.174.138.10"; + # prefixLength = 24; + # }]; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOP3x3r8OZ5ya1GNLqmKOsKDX7oAR+BG9u4EozXvydtC das@hp0" + ]; + }; + + # # https://mynixos.com/options/users.users.%3Cname%3E + # users.users._lldpd = { + # group = "_lldpd"; + # isNormalUser = false; # one of these must be set + # isSystemUser = true; + # description = "LLDPd"; + # createHome = false; + # }; + # users.groups._lldpd = {}; + services.lldpd.enable = true; + + # # https://github.com/lldpd/lldpd/blob/2151a7d056a626132273aadfb7022547b076d010/README.md?plain=1#L51 + # systemd.tmpfiles.rules = + # [ + # "d /usr/local/var/run/lldpd 755 root root" + # ]; + + systemd.services.snmpd = { + enable = true; + wantedBy = [ "multi-user.target" ]; + description = "Net-SNMP daemon"; + after = [ "network.target" ]; + restartIfChanged = true; + # serviceConfig = { + # User = "root"; + # Group = "root"; + # Restart = "always"; + # ExecStart = "${pkgs.net-snmp}/bin/snmpd -Lf /var/log/snmpd.log -f -c /etc/snmp/snmpd.conf"; + # }; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # https://nixos.wiki/wiki/SSH + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; # TODO DISABLE THIS!!! + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp4/hardware-configuration.nix b/hp/hp4/hardware-configuration.nix new file mode 100644 index 0000000..ffd5672 --- /dev/null +++ b/hp/hp4/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/915563ac-b6eb-47fa-a85f-8b9a5528158d"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3C9C-C9C4"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp4/home-manager.nix b/hp/hp4/home-manager.nix new file mode 100644 index 0000000..d56130e --- /dev/null +++ b/hp/hp4/home-manager.nix @@ -0,0 +1,176 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + }; + + home.packages = with pkgs; [ + # + gparted + hw-probe + ncdu + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + # + neofetch + # + # go + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + gcc + # thunderbird + # + # debug + strace + + ]; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "23.11"; + }; +} \ No newline at end of file diff --git a/hp/hp4/hosts.nix b/hp/hp4/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp4/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp4/nginx.conf b/hp/hp4/nginx.conf new file mode 100644 index 0000000..d7b6f33 --- /dev/null +++ b/hp/hp4/nginx.conf @@ -0,0 +1,34 @@ +{ pkgs, config, ... }: +{ + # https://nixos.wiki/wiki/Nginx + # https://mynixos.com/options/services.nginx + # https://search.nixos.org/options?channel=24.11&from=0&size=50&sort=relevance&type=packages&query=services.nginx + services.nginx = { + enable = true; + statusPage = true; + + listen = 8080; + + resolver.addresses = [ "1.1.1.1" "8.8.8.8" ] + + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedBrotliSettings = true; + + virtualHosts = { + default = { + serverName = "_"; + default = true; + rejectSSL = true; + locations = { + "/" = { + resolver 1.1.1.1; + proxyPass = "http://127.0.0.1:12345"; + } + } + }; + }; + }; +}; \ No newline at end of file diff --git a/hp/hp4/trafficserver.nix b/hp/hp4/trafficserver.nix new file mode 100644 index 0000000..4260782 --- /dev/null +++ b/hp/hp4/trafficserver.nix @@ -0,0 +1,92 @@ +{ pkgs, config, ... }: +{ + systemd.services.trafficserver = { + # We would like to reload if any of the possible config modules are changed + reloadIfChanged = true; + serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + }; + # https://search.nixos.org/options?channel=24.11&size=50&sort=relevance&type=packages&query=trafficserver + # https://github.com/NixOS/nixpkgs/blob/nixos-24.11/nixos/modules/services/web-servers/trafficserver/default.nix + services.trafficserver = { + enable = true; + #volume = "volume=1 scheme=http size=20%"; + storage = "/var/cache/trafficserver 200G"; + # storage = "/var/cache/trafficserver 256M"; + + records = { + proxy = { + config = { + # Anonymize the forward proxy + http = { + anonymize_remove_from = 1; + anonymize_remove_referer = 1; + anonymize_remove_user_agent = 1; + anonymize_remove_cookie = 1; + anonymize_remove_client_ip = 1; + + cache.http = 0; + insert_client_ip = 0; + insert_squid_x_forwarded_for = 0; + insert_request_via_str = 0; + insert_response_via_str = 0; + response_server_enabled = 0; + #server_ports = toString cfg.proxyPort; + server_ports = "3128 3128:ipv6"; + }; + + # Set logging and disable reverse proxy + log.logging_enabled = 3; + reverse_proxy.enabled = 0; + + # Control access to the proxy via firewall and ip_allow rather than remap + url_remap.remap_required = 0; + }; + }; + }; + + ipAllow = { + ip_allow = [ + { + apply = "in"; + ip_addrs = "127.0.0.1"; + action = "allow"; + methods = "ALL"; + } + { + apply = "in"; + ip_addrs = "::1"; + action = "allow"; + methods = "ALL"; + } + { + apply = "in"; + ip_addrs = "172.16.0.0/16"; + action = "allow"; + methods = "ALL"; + } + { + apply = "in"; + # 4x4x4=64 + # 2603:8000:9c01:3b00 + ip_addrs = "2603:8000:9c01:3b00/64"; + action = "allow"; + methods = "ALL"; + } + { + apply = "in"; + ip_addrs = "0/0"; + action = "deny"; + methods = "ALL"; + } + { + apply = "in"; + ip_addrs = "::/0"; + action = "deny"; + methods = "ALL"; + } + ]; + }; + }; +} +# https://github.com/input-output-hk/cardano-parts/blob/main/flake/nixosModules/profile-mithril-relay.nix +# https://github.com/HippocampusGirl/nixos/blob/b01f0359810cfdd040642e2e3bbea8683bc11aee/machines/laptop-wsl/trafficserver.nix#L2 \ No newline at end of file diff --git a/hp/hp5/Makefile b/hp/hp5/Makefile new file mode 100644 index 0000000..93fd511 --- /dev/null +++ b/hp/hp5/Makefile @@ -0,0 +1,38 @@ +# +# nixos/hp5/Makefile +# +EXPECTED_HOSTNAME := hp5 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + sudo cp /home/das/nixos/modules/* /etc/nixos/ + sudo cp ./*.nix /etc/nixos/ + sudo nix-channel --update + sudo nixos-rebuild switch + +sync: + rsync -av /home/das/nixos/hp/hp5/ hp5:/home/das/nixos/hp5/ + rsync -av /home/das/nixos/modules/ hp5:/home/das/nixos/modules/ + +nuke_k3s: check_hostname delete_k3s + +delete k3s: + sudo rm -rf /var/lib/rancher/k3s/ /etc/rancher/k3s + k3s-killall.shs + +systemd: + sudo systemctl daemon-reload + sudo systemctl stop k3s.service + +# end \ No newline at end of file diff --git a/hp/hp5/configuration.nix b/hp/hp5/configuration.nix new file mode 100644 index 0000000..49d10fb --- /dev/null +++ b/hp/hp5/configuration.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + # ./wireless.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ./docker-daemon.nix + #./k8s_node.nix + ./k3s_node.nix + ./systemd.services.ethtool-enp3s0f0.nix + ./systemd.services.ethtool-enp3s0f1.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "hp5"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" "kubernetes" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/hp/hp5/firewall.nix b/hp/hp5/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/hp/hp5/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/hp/hp5/grafana.nix b/hp/hp5/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/hp/hp5/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/hp/hp5/hardware-configuration.nix b/hp/hp5/hardware-configuration.nix new file mode 100644 index 0000000..8967ea6 --- /dev/null +++ b/hp/hp5/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/42cb965a-5b10-4fa0-a5eb-a09277b274dc"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B101-0734"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5a6ab753-9cc0-446e-9f35-d961abc0e462"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hp/hp5/home-manager.nix b/hp/hp5/home-manager.nix new file mode 100644 index 0000000..ef51b0f --- /dev/null +++ b/hp/hp5/home-manager.nix @@ -0,0 +1,117 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + }; + + home.packages = with pkgs; [ + # + hw-probe + # + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + libcap + gcc + # thunderbird + go + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # debug + strace + # + # + dive + # for pprof + graphviz + ]; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + }; +} \ No newline at end of file diff --git a/hp/hp5/hosts.nix b/hp/hp5/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/hp/hp5/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/hp/hp5/k3s_node.nix b/hp/hp5/k3s_node.nix new file mode 100644 index 0000000..d93386f --- /dev/null +++ b/hp/hp5/k3s_node.nix @@ -0,0 +1,73 @@ +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/docs/USAGE.md +{ config, pkgs, ... }: +let + kubeMasterIP = "172.16.40.142"; + kubeMasterHostname = "hp1"; + kubeMasterAPIServerPort = 6443; +in +{ + networking.firewall.allowedTCPPorts = [ + 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + ]; + networking.firewall.allowedUDPPorts = [ + # 8472 # k3s, flannel: required if using multi-node for inter-node networking + ]; + services.k3s = { + enable = true; + role = "server"; + # extraFlags = toString [ + # # "--debug" # Optionally add additional args to k3s + # ]; + token = "notSecureToken"; # FIX ME use tokenFile + clusterInit = true; # must be false for "agent" + serverAddr = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + }; + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + (wrapHelm kubernetes-helm { + plugins = with pkgs.kubernetes-helmPlugins; [ + helm-secrets + helm-diff + helm-s3 + helm-git + ]; + }) + # + fluxcd + fluxctl + ]; +} + +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml +# sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml \ No newline at end of file diff --git a/hp/hp5/k8s_node.nix b/hp/hp5/k8s_node.nix new file mode 100644 index 0000000..98f3ed4 --- /dev/null +++ b/hp/hp5/k8s_node.nix @@ -0,0 +1,47 @@ +# +# https://nixos.wiki/wiki/Kubernetes +# https://nixos.org/manual/nixos/stable/index.html#sec-kubernetes +# +# https://github.com/NixOS/nixpkgs/blob/release-24.05/nixos/modules/services/cluster/kubernetes/default.nix +# +{ config, pkgs, ... }: +let + kubeMasterIP = "172.16.40.142"; + kubeMasterHostname = "hp1.home"; + kubeMasterAPIServerPort = 6443; +in +{ + # resolve master hostname + networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; + + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + kubernetes + istioctl + krew + kubevirt + ]; + + services.kubernetes = let + api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + in + { + roles = ["node"]; + masterAddress = kubeMasterHostname; + easyCerts = true; + + # point kubelet and other services to kube-apiserver + kubelet.kubeconfig.server = api; + apiserverAddress = api; + + #addonManager.enable = true; + + # use coredns + addons.dns.enable = true; + + # needed if you use swap + kubelet.extraOpts = "--fail-swap-on=false"; + }; +} \ No newline at end of file diff --git a/hp/hp5/locale.nix b/hp/hp5/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/hp/hp5/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/hp/hp5/nixos_logo.nix b/hp/hp5/nixos_logo.nix new file mode 100644 index 0000000..468901d --- /dev/null +++ b/hp/hp5/nixos_logo.nix @@ -0,0 +1,10 @@ +# ███▄ █ ██▓ ▒██ ██▒ ▒█████ ██████ +# ██ ▀█ █ ▓██▒ ▒▒ █ █ ▒░ ▒██▒ ██▒ ▒██ ▒ +# ▓██ ▀█ ██▒ ▒██▒ ░░ █ ░ ▒██░ ██▒ ░ ▓██▄ +# ▓██▒ ▐▌██▒ ░██░ ░ █ █ ▒ ▒██ ██░ ▒ ██▒ +# ▒██░ ▓██░ ░██░ ▒██▒ ▒██▒ ░ ████▓▒░ ▒██████▒▒ +# ░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░ +# ░ ░░ ░ ▒░ ▒ ░ ░░ ░▒ ░ ░ ▒ ▒░ ░ ░▒ ░ ░ +# ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ +# ░ ░ ░ ░ ░ ░ ░ +# https://github.com/tolgaerok/nixos-2405-gnome/blob/main/configuration.nix \ No newline at end of file diff --git a/hp/hp5/nodeExporter.nix b/hp/hp5/nodeExporter.nix new file mode 100644 index 0000000..1ea764b --- /dev/null +++ b/hp/hp5/nodeExporter.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/hp/hp5/prometheus.nix b/hp/hp5/prometheus.nix new file mode 100644 index 0000000..0f3e1c7 --- /dev/null +++ b/hp/hp5/prometheus.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + }; +} \ No newline at end of file diff --git a/hp/hp5/sound.nix b/hp/hp5/sound.nix new file mode 100644 index 0000000..7757838 --- /dev/null +++ b/hp/hp5/sound.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/PipeWire + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; +} \ No newline at end of file diff --git a/hp/hp5/sysctl.nix b/hp/hp5/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/hp/hp5/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/hp/hp5/systemPackages.nix b/hp/hp5/systemPackages.nix new file mode 100644 index 0000000..6b871b1 --- /dev/null +++ b/hp/hp5/systemPackages.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + ]; +} \ No newline at end of file diff --git a/hp/hp5/systemd.services.ethtool-enp3s0f0.nix b/hp/hp5/systemd.services.ethtool-enp3s0f0.nix new file mode 100644 index 0000000..593654e --- /dev/null +++ b/hp/hp5/systemd.services.ethtool-enp3s0f0.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f0 = { + description = "ethtool-enp3s0f0"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f0 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp5/systemd.services.ethtool-enp3s0f1.nix b/hp/hp5/systemd.services.ethtool-enp3s0f1.nix new file mode 100644 index 0000000..b4b12e2 --- /dev/null +++ b/hp/hp5/systemd.services.ethtool-enp3s0f1.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + systemd.services.ethtool-enp3s0f1 = { + description = "ethtool-enp3s0f1"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStart = "${pkgs.ethtool}/bin/ethtool --set-ring enp3s0f1 rx 4096 tx 4096"; + }; + # wantedBy = [ "multi-user.target" ]; + # https://systemd.io/NETWORK_ONLINE/ + wantedBy = [ "network-pre.target" ]; + }; +} \ No newline at end of file diff --git a/hp/hp5/systemdSystem.nix b/hp/hp5/systemdSystem.nix new file mode 100644 index 0000000..5b04c17 --- /dev/null +++ b/hp/hp5/systemdSystem.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +{ + # https://github.com/NixOS/nixpkgs/blob/095f1acb70302bd74cd5f3ab02a64bdfac36daa8/nixos/modules/system/boot/systemd.nix#L534 + # https://discourse.nixos.org/t/overriding-modifying-systemd-unit-file/45621/7 + + # https://mynixos.com/nixpkgs/options/systemd + systemd.extraConfig = "CPUAffinity=4-7"; + + #https://mynixos.com/options/systemd.user + systemd.user.extraConfig = "CPUAffinity=4-7"; + # create your own service + # https://discourse.nixos.org/t/how-to-use-toplevel-overrides-for-systemd/12501 +} \ No newline at end of file diff --git a/hp/hp5/wireless.env b/hp/hp5/wireless.env new file mode 100644 index 0000000..fb44156 --- /dev/null +++ b/hp/hp5/wireless.env @@ -0,0 +1 @@ +PSK_DEVICES=performance diff --git a/hp/hp5/wireless.nix b/hp/hp5/wireless.nix new file mode 100644 index 0000000..7c02b5e --- /dev/null +++ b/hp/hp5/wireless.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.wireless = { + enable = true; # Enables wireless support via wpa_supplicant. + #environmentFile = "/home/das/wireless.env"; + networks."devices".psk = "performance"; + #networks."devices".psk = "@PSK_DEVICES@"; + extraConfig = "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel"; + # output ends up in /run/wpa_supplicant/wpa_supplicant.conf + }; + # https://linux.die.net/man/5/wpa_supplicant.conf + # https://nixos.wiki/wiki/Wpa_supplicant + # https://nixos.org/manual/nixos/stable/options#opt-networking.wireless.environmentFile + # https://blog.stigok.com/2021/05/04/getting-wpa-cli-to-work-in-nixos.html +} \ No newline at end of file diff --git a/hp/hp5/wireless_desktop.nix b/hp/hp5/wireless_desktop.nix new file mode 100644 index 0000000..2a0c0c3 --- /dev/null +++ b/hp/hp5/wireless_desktop.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking = { + networkmanager = { + enable = true; + wifi.powersave = true; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/laptops/darwin/mbp/Makefile b/laptops/darwin/mbp/Makefile new file mode 100644 index 0000000..efd9d6d --- /dev/null +++ b/laptops/darwin/mbp/Makefile @@ -0,0 +1,11 @@ +all: + nix run nix-darwin -- switch --flake ~/.config/nix + +go: + darwin-rebuild switch --flake ~/.config/nix + +rsync: + rsync -avdz ./ 172.16.50.135:/Users/das/.config/nix/ + +scp: + scp ./* 172.16.50.135:/Users/das/.config/nix/ diff --git a/laptops/darwin/mbp/default.flake.nix b/laptops/darwin/mbp/default.flake.nix new file mode 100644 index 0000000..4e86f05 --- /dev/null +++ b/laptops/darwin/mbp/default.flake.nix @@ -0,0 +1,51 @@ +{ + description = "Example Darwin system flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-darwin.url = "github:LnL7/nix-darwin"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ self, nix-darwin, nixpkgs }: + let + configuration = { pkgs, ... }: { + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = + [ pkgs.vim + ]; + + # Auto upgrade nix package and the daemon service. + services.nix-daemon.enable = true; + # nix.package = pkgs.nix; + + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + # Create /etc/zshrc that loads the nix-darwin environment. + programs.zsh.enable = true; # default shell on catalina + # programs.fish.enable = true; + + # Set Git commit hash for darwin-version. + system.configurationRevision = self.rev or self.dirtyRev or null; + + # Used for backwards compatibility, please read the changelog before changing. + # $ darwin-rebuild changelog + system.stateVersion = 5; + + # The platform the configuration will be used on. + nixpkgs.hostPlatform = "x86_64-darwin"; + }; + in + { + # Build darwin flake using: + # $ darwin-rebuild build --flake .#dass-MacBook-Pro + darwinConfigurations."dass-MacBook-Pro" = nix-darwin.lib.darwinSystem { + modules = [ configuration ]; + }; + + # Expose the package set, including overlays, for convenience. + darwinPackages = self.darwinConfigurations."dass-MacBook-Pro".pkgs; + }; +} diff --git a/laptops/darwin/mbp/default_flake_nix b/laptops/darwin/mbp/default_flake_nix new file mode 100644 index 0000000..4e86f05 --- /dev/null +++ b/laptops/darwin/mbp/default_flake_nix @@ -0,0 +1,51 @@ +{ + description = "Example Darwin system flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-darwin.url = "github:LnL7/nix-darwin"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ self, nix-darwin, nixpkgs }: + let + configuration = { pkgs, ... }: { + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = + [ pkgs.vim + ]; + + # Auto upgrade nix package and the daemon service. + services.nix-daemon.enable = true; + # nix.package = pkgs.nix; + + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + # Create /etc/zshrc that loads the nix-darwin environment. + programs.zsh.enable = true; # default shell on catalina + # programs.fish.enable = true; + + # Set Git commit hash for darwin-version. + system.configurationRevision = self.rev or self.dirtyRev or null; + + # Used for backwards compatibility, please read the changelog before changing. + # $ darwin-rebuild changelog + system.stateVersion = 5; + + # The platform the configuration will be used on. + nixpkgs.hostPlatform = "x86_64-darwin"; + }; + in + { + # Build darwin flake using: + # $ darwin-rebuild build --flake .#dass-MacBook-Pro + darwinConfigurations."dass-MacBook-Pro" = nix-darwin.lib.darwinSystem { + modules = [ configuration ]; + }; + + # Expose the package set, including overlays, for convenience. + darwinPackages = self.darwinConfigurations."dass-MacBook-Pro".pkgs; + }; +} diff --git a/laptops/darwin/mbp/flake.lock b/laptops/darwin/mbp/flake.lock new file mode 100644 index 0000000..77d2b40 --- /dev/null +++ b/laptops/darwin/mbp/flake.lock @@ -0,0 +1,69 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728903686, + "narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e1aec543f5caf643ca0d94b6a633101942fd065f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728901530, + "narHash": "sha256-I9Qd0LnAsEGHtKE9+uVR0iDFmsijWSy7GT0g3jihG4Q=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "a60ac02f9466f85f092e576fd8364dfc4406b5a6", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nix-darwin": "nix-darwin", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/laptops/darwin/mbp/flake.nix b/laptops/darwin/mbp/flake.nix new file mode 100644 index 0000000..cc392b4 --- /dev/null +++ b/laptops/darwin/mbp/flake.nix @@ -0,0 +1,109 @@ +{ + description = "My system configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ self, nixpkgs, nix-darwin, home-manager }: + let + configuration = { pkgs, ... }: { + + services.nix-daemon.enable = true; + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + system.configurationRevision = self.rev or self.dirtyRev or null; + + # Used for backwards compatibility. please read the changelog + # before changing: `darwin-rebuild changelog`. + system.stateVersion = 5; + + # The platform the configuration will be used on. + # If you're on an older system, replace with "x86_64-darwin" + nixpkgs.hostPlatform = "x86_64-darwin"; + + # Declare the user that will be running `nix-darwin`. + users.users.das = { + name = "das"; + home = "/Users/das"; + }; + + security.pam.enableSudoTouchIdAuth = true; + + # Create /etc/zshrc that loads the nix-darwin environment. + programs.zsh.enable = true; + environment.systemPackages = [ pkgs.neofetch ]; + + # homebrew = { + # enable = true; + # # onActivation.cleanup = "uninstall"; + + # taps = [ ]; + # brews = [ "cowsay" ]; + # casks = [ ]; + # }; + }; + homeconfig = { pkgs, ... }: { + # this is internal compatibility configuration for home-manager, + # don't change this! + home.stateVersion = "24.05"; + # Let home-manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + gcc + automake + gnumake + #cmake + pkg-config + git + htop + screen + go + tcpdump + ]; + + home.sessionVariables = { + EDITOR = "vim"; + }; + + #home.file.".vimrc".source = ./vim_configuration; + + programs.zsh = { + enable = true; + shellAliases = { + switch = "darwin-rebuild switch --flake ~/.config/nix"; + }; + }; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + }; + }; + in + { + darwinConfigurations.dass-MacBook-Pro = nix-darwin.lib.darwinSystem { + modules = [ + configuration + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.verbose = true; + home-manager.users.das = homeconfig; + } + ]; + }; + }; +} diff --git a/laptops/darwin/mbp/good.flake.nix b/laptops/darwin/mbp/good.flake.nix new file mode 100644 index 0000000..8697e25 --- /dev/null +++ b/laptops/darwin/mbp/good.flake.nix @@ -0,0 +1,98 @@ +{ + description = "My system configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nix-darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs@{ self, nixpkgs, nix-darwin, home-manager }: + let + configuration = { pkgs, ... }: { + + services.nix-daemon.enable = true; + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + system.configurationRevision = self.rev or self.dirtyRev or null; + + # Used for backwards compatibility. please read the changelog + # before changing: `darwin-rebuild changelog`. + system.stateVersion = 5; + + # The platform the configuration will be used on. + # If you're on an older system, replace with "x86_64-darwin" + nixpkgs.hostPlatform = "x86_64-darwin"; + + # Declare the user that will be running `nix-darwin`. + users.users.das = { + name = "das"; + home = "/Users/das"; + }; + + security.pam.enableSudoTouchIdAuth = true; + + # Create /etc/zshrc that loads the nix-darwin environment. + programs.zsh.enable = true; + environment.systemPackages = [ pkgs.neofetch ]; + + # homebrew = { + # enable = true; + # # onActivation.cleanup = "uninstall"; + + # taps = [ ]; + # brews = [ "cowsay" ]; + # casks = [ ]; + # }; + }; + homeconfig = { pkgs, ... }: { + # this is internal compatibility configuration for home-manager, + # don't change this! + home.stateVersion = "24.05"; + # Let home-manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = with pkgs; [ ]; + + home.sessionVariables = { + EDITOR = "vim"; + }; + + #home.file.".vimrc".source = ./vim_configuration; + + programs.zsh = { + enable = true; + shellAliases = { + switch = "darwin-rebuild switch --flake ~/.config/nix"; + }; + }; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + }; + }; + in + { + darwinConfigurations.dass-MacBook-Pro = nix-darwin.lib.darwinSystem { + modules = [ + configuration + home-manager.darwinModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.verbose = true; + home-manager.users.das = homeconfig; + } + ]; + }; + }; +} diff --git a/laptops/t/Makefile b/laptops/t/Makefile new file mode 100644 index 0000000..f6d120b --- /dev/null +++ b/laptops/t/Makefile @@ -0,0 +1,39 @@ +# +# nixos/t/Makefile +# +EXPECTED_HOSTNAME := t + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + # sudo cp ./flake.nix /etc/nixos/ + # sudo cp ./flake.lock /etc/nixos/ + # sudo cp ../../modules/* /etc/nixos/ + # sudo cp ./configuration.nix /etc/nixos/ + # #sudo cp ./home-manager.nix /etc/nixos/ + # sudo cp ./home.nix /etc/nixos/ + # sudo cp ./prometheus.nix /etc/nixos/ + # sudo cp ./*.nix /etc/nixos/ + # sudo nix-channel --update + # sudo nixos-rebuild switch + sudo cp ./* /etc/nixos/ + sudo nix flake update; + sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +update: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +# end diff --git a/laptops/t/configuration.nix b/laptops/t/configuration.nix new file mode 100644 index 0000000..d2f10cf --- /dev/null +++ b/laptops/t/configuration.nix @@ -0,0 +1,344 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ inputs, config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager + # sudo nix-channel --update + # tutorial + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + # + # + ./sysctl.nix + ./wireless_desktop.nix + # sound removed for 24.11 + #./sound.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + #./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ]; + + # Bootloader. + boot.loader.systemd-boot = { + enable = true; + consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # https://nixos.wiki/wiki/Libvirt#Nested_virtualization + boot.extraModprobeConfig = "options kvm_intel nested=1"; + + #boot.kernelParams + # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + + # https://wiki.nixos.org/wiki/NixOS_on_ARM/Building_Images#Compiling_through_binfmt_QEMU + # https://nixos.org/manual/nixos/stable/options#opt-boot.binfmt.emulatedSystems + boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + download-buffer-size = "500000000"; + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "t"; + + services.lldpd.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # this option doesn't exist + # hardware.graphics.enable = true; + + # https://wiki.nixos.org/w/index.php?title=NVIDIA + # https://nixos.wiki/wiki/Nvidia + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix + hardware.nvidia = { + + # This will no longer be necessary when + # https://github.com/NixOS/nixpkgs/pull/326369 hits stable + modesetting.enable = true; + + # prime = { + # # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' + # # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) + # intelBusId = "PCI:0:2:0"; + # # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) + # nvidiaBusId = "PCI:1:0:0"; + # sync.enable = true; + # #offload = { + # # enable = true; + # # #sync.enable = true; + # # enableOffloadCmd = true; + # #}; + # }; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement = { + enable = true; + #enable = false; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + #finegrained = true; + #finegrained = false; + }; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + # prioritry drivers don't compile on 6.10.3 + open = true; + #open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + #nvidiaSettings = false; + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + #package = config.boot.kernelPackages.nvidiaPackages.stable; + #package = config.boot.kernelPackages.nvidiaPackages.stable; + #package = config.boot.kernelPackages.nvidiaPackages.beta; # <---------- was using this + #package = config.boot.kernelPackages.nvidiaPackages.production; + # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version + }; + + # Nouveau is enabled by default whenever graphics are enabled + # This name will change to hardware.opengl.enable, with 24.11 + hardware.graphics = { + enable = true; + # removed in 24.11 + #driSupport = true; + }; + + services.xserver = { + enable = true; + # Load nvidia driver for Xorg and Wayland + videoDrivers = [ "nvidia-open" ]; + #videoDrivers = [ "nvidia" ]; + # Display Managers are responsible for handling user login + displayManager = { + gdm.enable = true; + }; + # Enable the GNOME Desktop Environment. + desktopManager = { + gnome.enable = true; + plasma5.enable = false; + xterm.enable = false; + }; + # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 + + # Configure keymap in X11 + xkb.layout = "us"; + xkb.variant = ""; + }; + + # https://theo.is-a.dev/blog/post/hyprland-adventure/ + #[das@t:~]$ lshw -c video | grep config + #WARNING: you should run this program as super-user. + # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 + # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 + # + #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' + #Kernel driver in use: i915 + #Kernel driver in use: nouveau + # + #[das@t:~]$ lspci -nnk | grep -i vga -A2 + #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) + #Subsystem: Lenovo Device [17aa:22c0] + #Kernel driver in use: i915 + #-- + #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) + #Subsystem: Lenovo Device [17aa:22c0] + #Kernel driver in use: nouveau + # + # hwinfo --gfxcard + + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + # services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + services.bpftune.enable = true; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + + services.avahi = { + enable = true; + nssmdns4 = true; + ipv4 = true; + ipv6 = true; + openFirewall = true; + }; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + # users.extraGroups.docker.members = [ "das" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + pciutils + virt-manager + cudatoolkit + pkgs.gnomeExtensions.appindicator + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # https://wiki.hyprland.org/Nix/Hyprland-on-NixOS/ + programs.hyprland = { + enable = true; + # set the flake package + package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + # make sure to also set the portal package, so that they are in sync + portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + }; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + + system.stateVersion = "24.05"; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + # https://nixos.wiki/wiki/Virt-manager + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + # guest + # services.qemuGuest.enable = true; + # services.spice-vdagentd.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/laptops/t/configuration.nix.before b/laptops/t/configuration.nix.before new file mode 100644 index 0000000..4ef544b --- /dev/null +++ b/laptops/t/configuration.nix.before @@ -0,0 +1,311 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless_desktop.nix + # sound removed for 24.11 + #./sound.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ]; + + + + # Bootloader. + boot.loader.systemd-boot = { + enable = true; + consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + #boot.kernelParams = [ + # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "t"; + + services.lldpd.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # this option doesn't exist + # hardware.graphics.enable = true; + + # https://wiki.nixos.org/w/index.php?title=NVIDIA + # https://nixos.wiki/wiki/Nvidia + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix + hardware.nvidia = { + + modesetting.enable = true; + + prime = { + # ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?' + # 00:02.0 VGA compatible controller: Intel Corporation CometLake-H GT2 [UHD Graphics] (rev 05) + intelBusId = "PCI:0:2:0"; + # 01:00.0 VGA compatible controller: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] (rev a1) + nvidiaBusId = "PCI:1:0:0"; + offload = { + enable = true; + #sync.enable = true; + enableOffloadCmd = true; + }; + }; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement = { + enable = true; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + finegrained = true; + }; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + # prioritry drivers don't compile on 6.10.3 + open = true; + #open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + # nvidiaSettings = true; + nvidiaSettings = false; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + # package = config.boot.kernelPackages.nvidiaPackages.stable; + #package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.beta; + #package = config.boot.kernelPackages.nvidiaPackages.production; + # https://nixos.wiki/wiki/Nvidia#Determining_the_Correct_Driver_Version + }; + + # Nouveau is enabled by default whenever graphics are enabled + # This name will change to hardware.opengl.enable, with 24.11 + hardware.opengl = { + enable = true; + # removed in 24.11 + #driSupport = true; + }; + + services.xserver = { + enable = true; + # Load nvidia driver for Xorg and Wayland + videoDrivers = [ "nvidia-open" ]; + #videoDrivers = [ "nvidia" ]; + # Display Managers are responsible for handling user login + displayManager = { + gdm.enable = true; + }; + # Enable the GNOME Desktop Environment. + desktopManager = { + gnome.enable = true; + plasma5.enable = false; + xterm.enable = false; + }; + # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 + + # Configure keymap in X11 + xkb.layout = "us"; + xkb.variant = ""; + }; + + # https://theo.is-a.dev/blog/post/hyprland-adventure/ + #[das@t:~]$ lshw -c video | grep config + #WARNING: you should run this program as super-user. + # configuration: depth=32 driver=nouveau latency=0 resolution=3840,2160 + # configuration: depth=32 driver=i915 latency=0 resolution=3840,2160 + # + #[das@t:~]$ lspci -nnk | egrep -i --color 'vga|3d|2d' -A3 | grep 'in use' + #Kernel driver in use: i915 + #Kernel driver in use: nouveau + # + #[das@t:~]$ lspci -nnk | grep -i vga -A2 + #00:02.0 VGA compatible controller [0300]: Intel Corporation CometLake-H GT2 [UHD Graphics] [8086:9bc4] (rev 05) + #Subsystem: Lenovo Device [17aa:22c0] + #Kernel driver in use: i915 + #-- + #01:00.0 VGA compatible controller [0300]: NVIDIA Corporation TU117GLM [Quadro T2000 Mobile / Max-Q] [10de:1fb8] (rev a1) + #Subsystem: Lenovo Device [17aa:22c0] + #Kernel driver in use: nouveau + # + # hwinfo --gfxcard + + services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + services.bpftune.enable = true; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # https://nixos.wiki/wiki/Printing + services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + # users.extraGroups.docker.members = [ "das" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + pciutils + virt-manager + cudatoolkit + pkgs.gnomeExtensions.appindicator + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + #programs.hyprland.enable = true; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + system.stateVersion = "24.05"; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/laptops/t/docker-daemon.nix b/laptops/t/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/laptops/t/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/laptops/t/firewall.nix b/laptops/t/firewall.nix new file mode 100644 index 0000000..449b44f --- /dev/null +++ b/laptops/t/firewall.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Firewall + # https://scvalex.net/posts/54/ + # sudo nft --stateless list table filter + # sudo sudo iptables-save + networking.firewall = { + enable = false; + allowedTCPPorts = [ + 22 # ssh + 5001 # iperf2 + ]; + # allowedTCPPorts = [ 22 5001 ]; + # #allowedUDPPortRanges = [ + # # { from = 4000; to = 4007; } + # # { from = 8000; to = 8010; } + # #]; + # NixOS automagically creates stateful connection tracking, which we don't want + # for performance reasons + # extraCommands = '' + # iptables --delete nixos-fw -m conntrack --ctstate RELATED,ESTABLISHED -j nixos-fw-accept || true + # ''; + }; + # networking.firewall.interfaces."eth0".allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/laptops/t/flake.lock b/laptops/t/flake.lock new file mode 100644 index 0000000..7db58a2 --- /dev/null +++ b/laptops/t/flake.lock @@ -0,0 +1,557 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737636397, + "narHash": "sha256-F5MbBj3QVorycVSFE9qjuOTLtIQBqt2VWbXa0uwzm98=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "7fe006981fae53e931f513026fc754e322f13145", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737634937, + "narHash": "sha256-Ffw4ujFpi++6pPHe+gCBOfDgAoNlzVPZN6MReC1beu8=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "9c5dd1f7c825ee47f72727ad0a4e16ca46a2688e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737634889, + "narHash": "sha256-9JZE3KxcXOqZH9zs3UeadngDiK/yIACTiAR8HSA/TNI=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "0d77b4895ad5f1bb3b0ee43103a5246c58b65591", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang_2", + "hyprutils": "hyprutils_2", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1737842278, + "narHash": "sha256-5N0ExKra/jw3HI/0EEIzmeJKHN9RIBV7ceR/sxQR11s=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "8b1d6e3009c540457068e23e6c2bc201d20ce4d1", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-plugins": { + "inputs": { + "hyprland": [ + "hyprland" + ], + "nixpkgs": [ + "hyprland-plugins", + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland-plugins", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737682243, + "narHash": "sha256-sQh5Wjt+BWzcLmL1/Aaup9slDJfHd952BfxFvJnDsnc=", + "owner": "hyprwm", + "repo": "hyprland-plugins", + "rev": "7634792d199d32ed9396d5864e6431cde1cca6bd", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-plugins", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737556638, + "narHash": "sha256-laKgI3mr2qz6tas/q3tuGPxMdsGhBi/w+HO+hO2f1AY=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "4c75dd5c015c8a0e5a34c6d02a018a650f57feb5", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": "hyprlang", + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737811848, + "narHash": "sha256-WZ7LeiKHk5Y94MU5gHIWn0r8asWxYOvie4LqfCjVIZU=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "9c0831ff98856c0f312fcb8b57553fbe3dd34d5b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": "hyprutils", + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "systems" + ] + }, + "locked": { + "lastModified": 1737634606, + "narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "f41271d35cc0f370d300413d756c2677f386af9d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprlang_2": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737634606, + "narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "f41271d35cc0f370d300413d756c2677f386af9d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "hyprlang", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "hyprlang", + "systems" + ] + }, + "locked": { + "lastModified": 1737632363, + "narHash": "sha256-X9I8POSlHxBVjD0fiX1O2j7U9Zi1+4rIkrsyHP0uHXY=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "006620eb29d54ea9086538891404c78563d1bae1", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprutils_2": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737725508, + "narHash": "sha256-jGmcPc6y/prg/4A8KGYqJ27nSPaProCMiFadaxNAKvA=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "fb0c2d1de3d1ef7396d19c18ac09e12bd956929e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1735493474, + "narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "hyprland": "hyprland", + "hyprland-plugins": "hyprland-plugins", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737634991, + "narHash": "sha256-dBAnb7Kbnier30cA7AgxVSxxARmxKZ1vHZT33THSIr8=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "e09dfe2726c8008f983e45a0aa1a3b7416aaeb8a", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/laptops/t/flake.nix b/laptops/t/flake.nix new file mode 100644 index 0000000..6f9d25b --- /dev/null +++ b/laptops/t/flake.nix @@ -0,0 +1,52 @@ +{ + description = "t Flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprland.url = "github:hyprwm/Hyprland"; + hyprland-plugins = { + url = "github:hyprwm/hyprland-plugins"; + # https://github.com/hyprwm/hyprland-plugins + inputs.hyprland.follows = "hyprland"; + }; + }; + + outputs = inputs@{ nixpkgs, home-manager, hyprland, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations = { + t = lib.nixosSystem { + #system ="x86_64-linux"; + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; + }; +} diff --git a/laptops/t/grafana.nix b/laptops/t/grafana.nix new file mode 100644 index 0000000..471b71d --- /dev/null +++ b/laptops/t/grafana.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.wiki/wiki/Grafana + # https://search.nixos.org/options?query=services.grafana + # https://xeiaso.net/blog/prometheus-grafana-loki-nixos-2020-11-20/ + # https://grafana.com/grafana/dashboards/1860-node-exporter-full/ + services.grafana = { + enable = true; + settings = { + server = { + # Listening Address + http_addr = "0.0.0.0"; + # and Port + http_port = 3000; + # Grafana needs to know on which domain and URL it's running + #domain = "your.domain"; + #root_url = "https://your.domain/grafana/"; # Not needed if it is `https://your.domain/` + serve_from_sub_path = true; + enable_gzip = true; + }; + }; + }; +} \ No newline at end of file diff --git a/laptops/t/hardware-configuration.nix b/laptops/t/hardware-configuration.nix new file mode 100644 index 0000000..4aaa20e --- /dev/null +++ b/laptops/t/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/65abc6d1-8718-42d9-a474-853455e8fde5"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EE15-6B5D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/laptops/t/home.nix b/laptops/t/home.nix new file mode 100644 index 0000000..0cf0a14 --- /dev/null +++ b/laptops/t/home.nix @@ -0,0 +1,480 @@ +{ config, pkgs, ... }: +#{ config, inputs, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + # + gparted + # + ncdu + # + hw-probe + lshw + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + file + # + alacritty + kitty + #https://ghostty.org/ + ghostty + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + # HP Printers + hplip + #hplipWithPlugin + # + gnuradio + hackrf + gqrx + cubicsdr + # + neofetch + # + vlc + ffmpeg_7-full + #ffmpeg-full + # go + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + gcc + #gcc_multi + #glibc_multi + # thunderbird + go_1_23 + gopls + golint + golangci-lint + golangci-lint-langserver + trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv + buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + tinygo + # + graphviz + # + meld + # + # https://nixos.wiki/wiki/Helix + helix + # rust + # https://nixos.wiki/wiki/Rust + #pkgs.cargo + #pkgs.rustc + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + # + flutter + android-studio + android-tools + android-udev-rules + # + # debug + strace + # Gnome related / extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + # + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + # + evince + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + google-chrome + # https://nixos.wiki/wiki/Slack + slack + # + zoom-us + # + flameshot + grim # screenshot functionality + slurp # screenshot functionality + # + gimp-with-plugins + # + simplescreenrecorder + # + gedit + # + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + # + rofi-wayland + wofi + # + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + dive + # https://github.com/sharkdp/hyperfine + hyperfine + # app launchers + rofi-wayland + wofi + # + # raspberry pi + rpi-imager + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + package = pkgs.vscode; + extensions = with pkgs.vscode-extensions; [ + bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + rust-lang.rust-analyzer + ]; + }; + + #fonts.fonts = with pkgs; [ + # nerdfonts + # meslo-lgs-nf + #]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder"; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + button-layout = "close,minimize,maximize:appmenu"; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + # toolkit-accessibility = true; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + "kitty.desktop" + "slack.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # https://wiki.hyprland.org/Nix/Hyprland-on-Home-Manager/ + # wayland.windowManager.hyprland.enable = true; # enable Hyprland + # Example: https://github.com/JaKooLit/NixOS-configs/blob/main/Ja-OS%20(configs%20using%20install%20script)/Asus-G15/hosts/G15-NixOS/config.nix#L144 + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + #extraConfig = '' plugin = ${inputs.hy3.packages.${pkgs.system}.hy3}/lib/libhy3.so ''; + # plugins = [ + # inputs.hyprland-plugins.packages.${pkgs.system}.hyprbars + # # ... + #]; + }; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + services.flameshot = { + enable = true; + settings.General = { + showStartupLaunchMessage = false; + saveLastRegion = true; + }; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "23.11"; +} diff --git a/laptops/t/hosts.nix b/laptops/t/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/laptops/t/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/laptops/t/locale.nix b/laptops/t/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/laptops/t/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/laptops/t/maybe.configuration.nix b/laptops/t/maybe.configuration.nix new file mode 100644 index 0000000..e60fd7c --- /dev/null +++ b/laptops/t/maybe.configuration.nix @@ -0,0 +1,105 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless_desktop.nix + ./hosts.nix + ./firewall.nix + ./il8n.nix + #./systemdSystem.nix + ./systemPackages.nix + ./sound.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "t"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + services.lldpd.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "libvirtd" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/laptops/t/nodeExporter.nix b/laptops/t/nodeExporter.nix new file mode 100644 index 0000000..31052e6 --- /dev/null +++ b/laptops/t/nodeExporter.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; + }; + + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/laptops/t/not.home-manager.nix b/laptops/t/not.home-manager.nix new file mode 100644 index 0000000..80a222f --- /dev/null +++ b/laptops/t/not.home-manager.nix @@ -0,0 +1,463 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + NIXOS_OZONE_WL = "1"; + GOPRIVATE = "gitlab.com/sidenio/*"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + # + gparted + # + ncdu + # + hw-probe + lshw + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + btop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + alacritty + kitty + #https://ghostty.org/ + ghostty + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + # HP Printers + hplip + #hplipWithPlugin + # + gnuradio + hackrf + gqrx + cubicsdr + # + neofetch + # + vlc + ffmpeg_7-full + #ffmpeg-full + # go + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + gcc + #gcc_multi + #glibc_multi + # thunderbird + go_1_23 + gopls + golint + golangci-lint + golangci-lint-langserver + trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv + buf + protobuf_27 + grpcurl + # https://github.com/go-gorm/gen + # https://github.com/infobloxopen/protoc-gen-gorm/blob/main/example/postgres_arrays/buf.gen.yaml + gorm-gentool + # removed 24.11 + #buf-language-server + # https://tinygo.org/ + tinygo + # + graphviz + # + meld + # + # https://nixos.wiki/wiki/Helix + helix + # rust + # https://nixos.wiki/wiki/Rust + #pkgs.cargo + #pkgs.rustc + cargo + rustc + rustfmt + rust-analyzer + clippy + #clang_multi + # + flutter + android-studio + android-tools + android-udev-rules + # + # debug + strace + # Gnome related / extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + dconf-editor + gnome-settings-daemon + gnome-disk-utility + gnome-software + gnome-tweaks + simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + # + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + # + evince + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + google-chrome + # https://nixos.wiki/wiki/Slack + slack + # + zoom-us + # + flameshot + grim # screenshot functionality + slurp # screenshot functionality + # + gimp-with-plugins + # + simplescreenrecorder + # + gedit + # + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + docker-buildx + # + rofi-wayland + wofi + # + #clickhouse + #clickhouse-cli + # https://github.com/int128/kubelogin + kubelogin-oidc + kubectl + kubernetes-helm + istioctl + krew + kubeshark + kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + kdash + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + # https://github.com/jrincayc/ucblogo-code + ucblogo + # https://github.com/wagoodman/dive + dive + # https://github.com/sharkdp/hyperfine + hyperfine + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # https://github.com/thexyno/nixos-config/blob/main/hm-modules/vscode/default.nix + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + # https://mynixos.com/home-manager/options/programs.vscode + programs.vscode = { + enable = true; + package = pkgs.vscode; + extensions = with pkgs.vscode-extensions; [ + bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + rust-lang.rust-analyzer + ]; + }; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + button-layout = "close,minimize,maximize:appmenu"; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + # toolkit-accessibility = true; + toolkit-accessibility = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + "ghostty.desktop" + "kitty.desktop" + "slack.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + + programs.hyprland = { + enable = true; + xwayland.hidpi = true; + xwayland.enable = true; + }; + + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = [ + pkgs.xdg-desktop-portal-gtk + ]; + }; + + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + services.flameshot = { + enable = true; + settings.General = { + showStartupLaunchMessage = false; + saveLastRegion = true; + }; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "23.11"; + }; +} diff --git a/laptops/t/prometheus.nix b/laptops/t/prometheus.nix new file mode 100644 index 0000000..928dc67 --- /dev/null +++ b/laptops/t/prometheus.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9009" ]; + }]; + } + { + job_name = "hp1xtcp"; + static_configs = [{ + targets = [ "hp1:9009" ]; + }]; + } + #{ + # job_name = "chromebox1"; + # static_configs = [{ + # targets = [ "172.16.40.179:9105" ]; + # }]; + #} + ]; + }; +} \ No newline at end of file diff --git a/laptops/t/sysctl.nix b/laptops/t/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/laptops/t/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/laptops/t/systemPackages.nix b/laptops/t/systemPackages.nix new file mode 100644 index 0000000..f795f7b --- /dev/null +++ b/laptops/t/systemPackages.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + + # hyprland + hyprland + swww # for wallpapers + xdg-desktop-portal-gtk + xdg-desktop-portal-hyprland + xwayland + meson + wayland-protocols + wayland-utils + wl-clipboard + wlroots + ]; +} \ No newline at end of file diff --git a/laptops/t/wireless_desktop.nix b/laptops/t/wireless_desktop.nix new file mode 100644 index 0000000..5efb014 --- /dev/null +++ b/laptops/t/wireless_desktop.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking = { + networkmanager = { + enable = true; + #wifi.powersave = true; + wifi.powersave = false; + }; + }; + + #networking.hosts = { + # "172.16.50.216" = ["hp0"]; + # "172.16.40.35" = ["hp1"]; + # "172.16.40.71" = ["hp2"]; + #}; +} \ No newline at end of file diff --git a/laptops/t14/Makefile b/laptops/t14/Makefile new file mode 100644 index 0000000..a213799 --- /dev/null +++ b/laptops/t14/Makefile @@ -0,0 +1,16 @@ +# +# nixos/t14/Makefile +# +all: + sudo cp ../modules/* /etc/nixos/ + sudo cp ./configuration.nix /etc/nixos/ + sudo cp ./home-manager.nix /etc/nixos/ + sudo cp ./prometheus.nix /etc/nixos/ + sudo nixos-rebuild switch + +update: + sudo nix-channel --update + sudo nixos-rebuild switch + #nix-shell -p vim + +# end diff --git a/laptops/t14/configuration.nix b/laptops/t14/configuration.nix new file mode 100644 index 0000000..e3591e6 --- /dev/null +++ b/laptops/t14/configuration.nix @@ -0,0 +1,218 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager + # sudo nix-channel --update + + # + ./sysctl.nix + ./wireless_desktop.nix + ./sound.nix + ./locale.nix + ./hosts.nix + ./firewall.nix + #./systemdSystem.nix + ./systemPackages.nix + ./home-manager.nix + ./nodeExporter.nix + ./prometheus.nix + ./grafana.nix + # clickhouse + #./docker-compose.nix + ./docker-daemon.nix + #./smokeping.nix + ]; + + + + # Bootloader. + boot.loader.systemd-boot = { + enable = true; + consoleMode = "max"; # Sets the console mode to the highest resolution supported by the firmware. + memtest86.enable = true; + }; + + boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_rpi4 + + #boot.kernelParams = [ + # https://github.com/tolgaerok/nixos-2405-gnome/blob/main/core/boot/efi/efi.nix#L56C5-L56C21 + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "t14"; + + services.lldpd.enable = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + hardware.opengl = { + enable = true; + driSupport = true; + }; + + services.xserver = { + enable = true; + + # Display Managers are responsible for handling user login + displayManager = { + gdm.enable = true; + }; + # Enable the GNOME Desktop Environment. + desktopManager = { + gnome.enable = true; + plasma5.enable = false; + xterm.enable = false; + }; + # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 + + # Configure keymap in X11 + xkb.layout = "us"; + xkb.variant = ""; + }; + + services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + + systemd.services.modem-manager.enable = false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + users.users.das = { + isNormalUser = true; + description = "das"; + extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" "docker" "video" ]; + packages = with pkgs; [ + ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + pciutils + virt-manager + #cudatoolkit #t14 is not nvidia + pkgs.gnomeExtensions.appindicator + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + #programs.hyprland.enable = true; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + #system.stateVersion = "23.11"; + system.stateVersion = "24.05"; + + virtualisation.containers = { + ociSeccompBpfHook.enable = true; + }; + + # # https://nixos.wiki/wiki/Podman + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # autoPrune.enable = true; + # }; + # #virtualisation.oci-containers.backend = "podman"; + # # virtualisation.oci-containers.containers = { + # # container-name = { + # # image = "container-image"; + # # autoStart = true; + # # ports = [ "127.0.0.1:1234:1234" ]; + # # }; + # # }; + + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/laptops/t14/hardware-configuration.nix b/laptops/t14/hardware-configuration.nix new file mode 100644 index 0000000..f2b5bcc --- /dev/null +++ b/laptops/t14/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/adb8ae55-949c-44b3-8abe-7584d2194c17"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A1E4-3942"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1a243657-4913-4220-94da-7ef97d4c7966"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/laptops/t14/home-manager.nix b/laptops/t14/home-manager.nix new file mode 100644 index 0000000..d61ecee --- /dev/null +++ b/laptops/t14/home-manager.nix @@ -0,0 +1,392 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + # + gparted + # + ncdu + # + hw-probe + lshw + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # alsa-lib + # alsa-lib-with-plugins + # + perl + python3 + # + gawk + jq + git + htop + minicom + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + alacritty + kitty + # + ethtool + iproute2 + vlan + tcpdump + wireshark + #iperf2 + netperf + flent + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + gnuradio + hackrf + gqrx + cubicsdr + # + neofetch + # + vlc + ffmpeg_7-full + #ffmpeg-full + # go + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + gcc + # thunderbird + go + golangci-lint + golangci-lint-langserver + trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv + buf + buf-language-server + # + graphviz + # + meld + # + # https://nixos.wiki/wiki/Helix + helix + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + flutter + android-studio + android-tools + android-udev-rules + # + # debug + strace + # Gnome related / extensions + # gnomeExtensions.emoji-copy + # unstable.gnomeExtensions.workspace-switcher-manager + gnome-extension-manager + gnome-usage + gnome.dconf-editor + #gnome.gnome-settings-daemon + gnome-settings-daemon + gnome.gnome-disk-utility + gnome.gnome-software + gnome.gnome-tweaks + gnome.simple-scan + gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.logo-menu + gnomeExtensions.wifi-qrcode + gnomeExtensions.wireless-hid + gnomeExtensions.user-themes + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + gnomeExtensions.dash-to-panel + gnomeExtensions.sound-output-device-chooser + gnomeExtensions.space-bar + # https://github.com/AstraExt/astra-monitor + gnomeExtensions.astra-monitor + libgtop + # + libreoffice-qt + hunspell + hunspellDicts.en_AU + #hunspellDicts.en_US + # + evince + # https://nixos.wiki/wiki/Firefox + firefox + # https://nixos.wiki/wiki/Chromium + chromium + google-chrome + # https://nixos.wiki/wiki/Slack + slack + # + zoom-us + # + flameshot + grim # screenshot functionality + slurp # screenshot functionality + # + gimp-with-plugins + # + simplescreenrecorder + # + gedit + # + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + # + rofi-wayland + wofi + # + #clickhouse + #clickhouse-cli + ]; + + # vscode + # https://nixos.wiki/wiki/Visual_Studio_Code + # nix run github:nix-community/nix-vscode-extensions# -- --list-extensions + programs.vscode = { + enable = true; + package = pkgs.vscode; + extensions = with pkgs.vscode-extensions; [ + bbenoist.nix + dart-code.dart-code + dart-code.flutter + golang.go + hashicorp.terraform + #k6.k6 + ms-azuretools.vscode-docker + # https://github.com/orgs/microsoft/repositories?q=vscode + ms-vscode-remote.remote-containers + ms-vscode-remote.remote-ssh + #ms-vscode-remote.remote-ssh-edit + ms-vscode.makefile-tools + ms-vscode.cmake-tools + ms-vscode.cpptools + #ms-vscode.cpptools-extension-pack + #ms-vscode.cpptools-themes + ms-vscode.hexeditor + ms-vscode.makefile-tools + ms-python.python + ms-python.vscode-pylance + #ms-vscode.remote-explorer + #ms-vscode.remote-repositories + #ms-vscode.remote-server + redhat.vscode-yaml + rust-lang.rust-analyzer + #crates is depreciated + #serayuzgur.crates + tamasfe.even-better-toml + timonwong.shellcheck + #trunk.io + zxh404.vscode-proto3 + yzhang.markdown-all-in-one + #platformio.platformio-ide + github.copilot + # nix + #brettm12345.nixfmt.vscode + jnoortheen.nix-ide + #jeff-hykin.better-nix-syntax + ]; + }; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + # https://nixos.wiki/wiki/OBS_Studio + # TODO add kernel module for virtual camera + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + + # https://heywoodlh.io/nixos-gnome-settings-and-keyboard-shortcuts + dconf.settings = { + "org/gnome/desktop/wm/preferences" = { + button-layout = "close,minimize,maximize:appmenu"; + }; + # "org/gnome/desktop/interface" = { + # color-scheme = "prefer-dark"; + # }; + "org/gnome/desktop/interface" = { + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Nordic"; + toolkit-accessibility = true; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + favorite-apps = [ + "firefox.desktop" + "google-chrome-stable.desktop" + "code.desktop" + "chromium.desktop" + "alacritty.desktop" + "kitty.desktop" + "slack.desktop" + ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; + }; + }; + + # disable wayland + # # https://nixos.wiki/wiki/Hyprland + # # https://josiahalenbrown.substack.com/p/installing-nixos-with-hyprland + # #programs.hyprland.enable = true; + # wayland.windowManager.hyprland = { + # # Whether to enable Hyprland wayland compositor + # enable = true; + # # The hyprland package to use + # package = pkgs.hyprland; + # # Whether to enable XWayland + # xwayland.enable = true; + + # # Optional + # # Whether to enable hyprland-session.target on hyprland startup + # systemd.enable = true; + # }; + # # home.file.".config/hypr/hyprland.conf".text = '' + # # ''; + + services.flameshot = { + enable = true; + settings.General = { + showStartupLaunchMessage = false; + saveLastRegion = true; + }; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "23.11"; + }; +} diff --git a/laptops/t14/hosts.nix b/laptops/t14/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/laptops/t14/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/laptops/t14/prometheus.nix b/laptops/t14/prometheus.nix new file mode 100644 index 0000000..78d43a3 --- /dev/null +++ b/laptops/t14/prometheus.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: +{ + # https://wiki.nixos.org/wiki/Prometheus + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters-configuration + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + # default port 9090 + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "10s"; # "1m" + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + { + job_name = "xtcp"; + static_configs = [{ + targets = [ "localhost:9009" ]; + }]; + } + ]; + }; +} diff --git a/microvms/microvms-host/microvms-host.nix b/microvms/microvms-host/microvms-host.nix new file mode 100644 index 0000000..3e4dc97 --- /dev/null +++ b/microvms/microvms-host/microvms-host.nix @@ -0,0 +1,142 @@ +# `nix run microvm#vm` +{ self, nixpkgs, system }: + +nixpkgs.lib.nixosSystem { + inherit system; + + modules = [ + # for declarative MicroVM management + self.nixosModules.host + # this runs as a MicroVM that nests MicroVMs + self.nixosModules.microvm + + ({ config, lib, pkgs, ... }: + let + inherit (self.lib) hypervisors; + + hypervisorMacAddrs = builtins.listToAttrs ( + map (hypervisor: + let + hash = builtins.hashString "sha256" hypervisor; + c = off: builtins.substring off 2 hash; + mac = "${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}"; + in { + name = hypervisor; + value = mac; + }) hypervisors + ); + + hypervisorIPv4Addrs = builtins.listToAttrs ( + lib.imap0 (i: hypervisor: { + name = hypervisor; + value = "10.0.0.${toString (2 + i)}"; + }) hypervisors + ); + + in { + networking.hostName = "microvms-host"; + system.stateVersion = config.system.nixos.version; + users.users.root.password = ""; + users.motd = '' + Once nested MicroVMs have booted you can look up DHCP leases: + networkctl status virbr0 + + They are configured to allow SSH login with root password: + toor + ''; + services.getty.autologinUser = "root"; + + # Make alioth available + nixpkgs.overlays = [ self.overlay ]; + + # MicroVM settings + microvm = { + mem = 8192; + vcpu = 4; + # Use QEMU because nested virtualization and user networking + # are required. + hypervisor = "qemu"; + interfaces = [ { + type = "user"; + id = "qemu"; + mac = "02:00:00:01:01:01"; + } ]; + }; + + # Nested MicroVMs (a *host* option) + microvm.vms = builtins.mapAttrs (hypervisor: mac: { + config = { + system.stateVersion = config.system.nixos.version; + networking.hostName = "${hypervisor}-microvm"; + + microvm = { + inherit hypervisor; + interfaces = [ { + type = "tap"; + id = "vm-${builtins.substring 0 12 hypervisor}"; + inherit mac; + } ]; + }; + # Just use 99-ethernet-default-dhcp.network + systemd.network.enable = true; + + users.users.root.password = "toor"; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + }; + }) hypervisorMacAddrs; + + systemd.network = { + enable = true; + netdevs.virbr0.netdevConfig = { + Kind = "bridge"; + Name = "virbr0"; + }; + networks.virbr0 = { + matchConfig.Name = "virbr0"; + + addresses = [ { + addressConfig.Address = "10.0.0.1/24"; + } { + addressConfig.Address = "fd12:3456:789a::1/64"; + } ]; + # Hand out IP addresses to MicroVMs. + # Use `networkctl status virbr0` to see leases. + networkConfig = { + DHCPServer = true; + IPv6SendRA = true; + }; + # Let DHCP assign a statically known address to the VMs + dhcpServerStaticLeases = lib.imap0 (i: hypervisor: { + dhcpServerStaticLeaseConfig = { + MACAddress = hypervisorMacAddrs.${hypervisor}; + Address = hypervisorIPv4Addrs.${hypervisor}; + }; + }) hypervisors; + # IPv6 SLAAC + ipv6Prefixes = [ { + ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; + } ]; + }; + networks.microvm-eth0 = { + matchConfig.Name = "vm-*"; + networkConfig.Bridge = "virbr0"; + }; + }; + # Allow DHCP server + networking.firewall.allowedUDPPorts = [ 67 ]; + # Allow Internet access + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "virbr0" ]; + }; + + networking.extraHosts = lib.concatMapStrings (hypervisor: '' + ${hypervisorIPv4Addrs.${hypervisor}} ${hypervisor} + '') hypervisors; + }) + ]; +} diff --git a/microvms/microvms-host/original.microvms-host.nix b/microvms/microvms-host/original.microvms-host.nix new file mode 100644 index 0000000..3e4dc97 --- /dev/null +++ b/microvms/microvms-host/original.microvms-host.nix @@ -0,0 +1,142 @@ +# `nix run microvm#vm` +{ self, nixpkgs, system }: + +nixpkgs.lib.nixosSystem { + inherit system; + + modules = [ + # for declarative MicroVM management + self.nixosModules.host + # this runs as a MicroVM that nests MicroVMs + self.nixosModules.microvm + + ({ config, lib, pkgs, ... }: + let + inherit (self.lib) hypervisors; + + hypervisorMacAddrs = builtins.listToAttrs ( + map (hypervisor: + let + hash = builtins.hashString "sha256" hypervisor; + c = off: builtins.substring off 2 hash; + mac = "${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}"; + in { + name = hypervisor; + value = mac; + }) hypervisors + ); + + hypervisorIPv4Addrs = builtins.listToAttrs ( + lib.imap0 (i: hypervisor: { + name = hypervisor; + value = "10.0.0.${toString (2 + i)}"; + }) hypervisors + ); + + in { + networking.hostName = "microvms-host"; + system.stateVersion = config.system.nixos.version; + users.users.root.password = ""; + users.motd = '' + Once nested MicroVMs have booted you can look up DHCP leases: + networkctl status virbr0 + + They are configured to allow SSH login with root password: + toor + ''; + services.getty.autologinUser = "root"; + + # Make alioth available + nixpkgs.overlays = [ self.overlay ]; + + # MicroVM settings + microvm = { + mem = 8192; + vcpu = 4; + # Use QEMU because nested virtualization and user networking + # are required. + hypervisor = "qemu"; + interfaces = [ { + type = "user"; + id = "qemu"; + mac = "02:00:00:01:01:01"; + } ]; + }; + + # Nested MicroVMs (a *host* option) + microvm.vms = builtins.mapAttrs (hypervisor: mac: { + config = { + system.stateVersion = config.system.nixos.version; + networking.hostName = "${hypervisor}-microvm"; + + microvm = { + inherit hypervisor; + interfaces = [ { + type = "tap"; + id = "vm-${builtins.substring 0 12 hypervisor}"; + inherit mac; + } ]; + }; + # Just use 99-ethernet-default-dhcp.network + systemd.network.enable = true; + + users.users.root.password = "toor"; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + }; + }) hypervisorMacAddrs; + + systemd.network = { + enable = true; + netdevs.virbr0.netdevConfig = { + Kind = "bridge"; + Name = "virbr0"; + }; + networks.virbr0 = { + matchConfig.Name = "virbr0"; + + addresses = [ { + addressConfig.Address = "10.0.0.1/24"; + } { + addressConfig.Address = "fd12:3456:789a::1/64"; + } ]; + # Hand out IP addresses to MicroVMs. + # Use `networkctl status virbr0` to see leases. + networkConfig = { + DHCPServer = true; + IPv6SendRA = true; + }; + # Let DHCP assign a statically known address to the VMs + dhcpServerStaticLeases = lib.imap0 (i: hypervisor: { + dhcpServerStaticLeaseConfig = { + MACAddress = hypervisorMacAddrs.${hypervisor}; + Address = hypervisorIPv4Addrs.${hypervisor}; + }; + }) hypervisors; + # IPv6 SLAAC + ipv6Prefixes = [ { + ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; + } ]; + }; + networks.microvm-eth0 = { + matchConfig.Name = "vm-*"; + networkConfig.Bridge = "virbr0"; + }; + }; + # Allow DHCP server + networking.firewall.allowedUDPPorts = [ 67 ]; + # Allow Internet access + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "virbr0" ]; + }; + + networking.extraHosts = lib.concatMapStrings (hypervisor: '' + ${hypervisorIPv4Addrs.${hypervisor}} ${hypervisor} + '') hypervisors; + }) + ]; +} diff --git a/microvms/microvms-host/readme.md b/microvms/microvms-host/readme.md new file mode 100644 index 0000000..9339ad2 --- /dev/null +++ b/microvms/microvms-host/readme.md @@ -0,0 +1,12 @@ + + +https://github.com/astro/microvm.nix/blob/main/examples/microvms-host.nix + +https://raw.githubusercontent.com/astro/microvm.nix/refs/heads/main/examples/microvms-host.nix + +Run by doing + +nix run microvm#vm + + 591250 pts/2 Sl+ 1:49 microvm@microvms-host -name microvms-host -M microvm,accel=kvm:tcg,acpi=on,mem-merge=on,pcie=off,pic=off,pit=off,usb=off -m 8192 -smp 4 -nodefaults -no-user-config -no-reboot -kernel /nix/store/fl3kawlpdcc1cyr89fdc6nb1nb1g2lcm-linux-6.6.48/bzImage -initrd /nix/store/hx09sq2r4ajkj37ap1lxz1bwcfam4mq3-initrd-linux-6.6.48/initrd -chardev stdio,id=stdio,signal=off -device virtio-rng-device -serial chardev:stdio -enable-kvm -cpu host,+x2apic,-sgx -device i8042 -append earlyprintk=ttyS0 console=ttyS0 reboot=t panic=-1 root=fstab loglevel=4 init=/nix/store/qj8qyz371lyjkzwidp1xw9h3mcn1fvqk-nixos-system-microvms-host-24.11.20240904.ad416d0/init regInfo=/nix/store/6dp4kp23rzq1agw783nnryqp1phhnjgv-closure-info/registration -drive id=store,format=raw,read-only=on,file=/nix/store/xcawgx7h66zpm0xrh5myrkx6p3wwq6lh-microvm-store-disk.erofs,if=none,aio=io_uring -device virtio-blk-device,drive=store -nographic -sandbox on -qmp unix:microvms-host.sock,server,nowait -netdev user,id=qemu -device virtio-net-device,netdev=qemu,mac=02:00:00:01:01:01 + diff --git a/microvms/test1/.gitignore b/microvms/test1/.gitignore index 1bdc3dd..f0cea03 100644 --- a/microvms/test1/.gitignore +++ b/microvms/test1/.gitignore @@ -1,3 +1,5 @@ var.img *.img nix.var.img +result +./result \ No newline at end of file diff --git a/microvms/test2/.gitignore b/microvms/test2/.gitignore index 1bdc3dd..f0cea03 100644 --- a/microvms/test2/.gitignore +++ b/microvms/test2/.gitignore @@ -1,3 +1,5 @@ var.img *.img nix.var.img +result +./result \ No newline at end of file diff --git a/modules/home-manager.nix b/modules/home-manager.nix index fdc50f8..3ecd9c9 100644 --- a/modules/home-manager.nix +++ b/modules/home-manager.nix @@ -97,7 +97,8 @@ golangci-lint-langserver trunk-io buf - buf-language-server + # gone in 24.11 + #buf-language-server # rust # https://nixos.wiki/wiki/Rust pkgs.cargo diff --git a/modules/hosts.nix b/modules/hosts.nix index c2e4021..b60a4f0 100644 --- a/modules/hosts.nix +++ b/modules/hosts.nix @@ -3,12 +3,14 @@ { networking.hosts = { "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room - "172.16.40.152" = ["hp0wifi"]; + "172.16.40.141" = ["hp0wifi"]; "172.16.40.142" = ["hp1" "hp1eth"]; "172.16.40.212" = ["hp2" "hp2eth"]; "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room "172.16.40.130" = ["hp3wifi"]; "172.16.50.232" = ["hp4" "hp4eth"]; # rack "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; }; } \ No newline at end of file diff --git a/modules/nodeExporter.nix b/modules/nodeExporter.nix index 2cbc706..31052e6 100644 --- a/modules/nodeExporter.nix +++ b/modules/nodeExporter.nix @@ -8,10 +8,16 @@ # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix enabledCollectors = [ "systemd" ]; # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help - extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" "--collector.filesystem.ignored-mount-points='/nix/store'"]; + extraFlags = [ + "--collector.ethtool" + "--collector.softirqs" + "--collector.tcpstat" + "--collector.wifi" + "--collector.filesystem.ignored-mount-points='/nix/store'"]; }; -} - # extraFlags = [ - # "--collector.filesystem.ignored-mount-points='/nix/store'" - # ]; \ No newline at end of file + # https://search.nixos.org/options?channel=24.05&from=200&size=50&sort=relevance&type=packages&query=services.prometheus.exporters + services.prometheus.exporters.systemd.enable = true; + services.prometheus.exporters.smartctl.enable = true; + services.prometheus.exporters.process.enable = true; +} \ No newline at end of file diff --git a/modules/systemPackages.nix b/modules/systemPackages.nix index 7891bcb..6b871b1 100644 --- a/modules/systemPackages.nix +++ b/modules/systemPackages.nix @@ -19,9 +19,11 @@ usbutils iw wirelesstools - wpa_supplicant_ro_ssids + wpa_supplicant + #wpa_supplicant_ro_ssids lldpd #snmp seems to be needed by lldpd net-snmp + neofetch ]; } \ No newline at end of file diff --git a/modules/wireless_desktop.nix b/modules/wireless_desktop.nix index 2a0c0c3..5efb014 100644 --- a/modules/wireless_desktop.nix +++ b/modules/wireless_desktop.nix @@ -9,7 +9,8 @@ networking = { networkmanager = { enable = true; - wifi.powersave = true; + #wifi.powersave = true; + wifi.powersave = false; }; }; diff --git a/upgrade_notes b/upgrade_notes new file mode 100644 index 0000000..e9d25e9 --- /dev/null +++ b/upgrade_notes @@ -0,0 +1,11 @@ +sudo nix-channel --list +sudo nix-channel --add https://channels.nixos.org/nixos-24.11 nixos +sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager +sudo nix-channel --update + +sudo nixos-rebuild switch --upgrade + +[das@hp1:~]$ sudo nix-channel --list | grep nixos +[sudo] password for das: +nixos https://nixos.org/channels/nixos-24.05 + diff --git a/vms/vm1/.gitignore b/vms/vm1/.gitignore index ee0c388..66f2238 100644 --- a/vms/vm1/.gitignore +++ b/vms/vm1/.gitignore @@ -1,2 +1,3 @@ *.qcow2 result +./result \ No newline at end of file diff --git a/vms/vm2/.gitignore b/vms/vm2/.gitignore index ee0c388..66f2238 100644 --- a/vms/vm2/.gitignore +++ b/vms/vm2/.gitignore @@ -1,2 +1,3 @@ *.qcow2 result +./result \ No newline at end of file diff --git a/vms/vm3_old_nixos/.gitignore b/vms/vm3_old_nixos/.gitignore index b511ae1..66f2238 100644 --- a/vms/vm3_old_nixos/.gitignore +++ b/vms/vm3_old_nixos/.gitignore @@ -1 +1,3 @@ *.qcow2 +result +./result \ No newline at end of file