diff --git a/chromebox/chromebox1/Makefile b/chromebox/chromebox1/Makefile new file mode 100644 index 0000000..f474286 --- /dev/null +++ b/chromebox/chromebox1/Makefile @@ -0,0 +1,43 @@ +# +# nixos/chromebox/chromebox1/Makefile +# +EXPECTED_HOSTNAME := chromebox1 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +anywhere: + nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox1' --target-host root@172.16.40.179 +#nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox3' --target-host root@chromebox3 + +gen_hardware: + nix run github:numtide/nixos-anywhere -- -f '.#chromebox1' --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --target-host root@172.16.40.179 + +# minutes 10:58 +# https://www.youtube.com/watch?v=U_UwzMhixr8 +vmtest: + sudo nix flake update; + sudo nix flake lock; +#nix run github:numtide/nixos-anywhere -- -f '.#chromebox1' --vm-test --generate-hardware-config nixos-generate-config ./hardware-configuration.nix + nix run github:numtide/nixos-anywhere -- -f '.#chromebox1' --vm-test + +sync: + rsync -av /home/das/nixos/chromebox/chromebox1/ 172.16.40.179:/home/das/nixos/chromebox/chromebox1/ \ No newline at end of file diff --git a/chromebox/chromebox1/configuration.nix b/chromebox/chromebox1/configuration.nix new file mode 100644 index 0000000..eba0f41 --- /dev/null +++ b/chromebox/chromebox1/configuration.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ + ./disko-chromebox1.nix + #./hardware-configuration.nix + ./sysctl.nix + ./il8n.nix + ./systemPackages.nix + ./hosts.nix + ./nodeExporter.nix + #./docker-daemon.nix + #./k8s_master.nix + #./k3s_master.nix + #./k3s_node.nix + ]; + + # boot.loader.grub = { + # # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # # devices = [ ]; + # efiSupport = true; + # efiInstallAsRemovable = true; + # }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + #boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "chromebox1"; + + services.lldpd.enable = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + password = "admin123"; + extraGroups = [ "wheel" "libvirtd" "docker" "kubernetes" ]; + # packages = with pkgs; [ + # ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/chromebox/chromebox1/disko-chromebox1.nix b/chromebox/chromebox1/disko-chromebox1.nix new file mode 100644 index 0000000..dc832e7 --- /dev/null +++ b/chromebox/chromebox1/disko-chromebox1.nix @@ -0,0 +1,85 @@ +# +# nixos/chromebox/chromebox1 +# +# Starting point was: +# https://github.com/nix-community/disko/blob/master/example/lvm-sizes-sort.nix +# +# swap +# https://github.com/nix-community/disko/blob/master/example/swap.nix +# +# tmpfs +# https://github.com/nix-community/disko/blob/master/example/tmpfs.nix +# +# Other templates +# https://github.com/nix-community/disko-templates/blob/main/zfs-impermanence/disko-config.nix + +{ + disko.devices = { + disk = { + one = { + type = "disk"; + #device = "/dev/vdb"; # --vm-test + device = "/dev/sda"; # real + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + primary = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + swap = { + #size = "10%"; # --vm-test + size = "32G"; + content = { + type ="swap"; + #discardPolicy = "both"; + resumeDevice = true; # resume from hiberation from this device + }; + }; + root = { + size = "90%"; + content = { + type = "filesystem"; + format = "xfs"; # <---------- xfs! + mountpoint = "/"; + mountOptions = [ "defaults" ]; + #mountOptions = [ "defaults" "pquota" ]; + }; + }; + }; + }; + }; + # nodev = { + # "/tmp" = { + # fsType = "tmpfs"; + # mountOptions = [ "size=200M" ]; + # }; + # }; + }; +} diff --git a/chromebox/chromebox1/docker-daemon.nix b/chromebox/chromebox1/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/chromebox/chromebox1/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/chromebox/chromebox1/flake.lock b/chromebox/chromebox1/flake.lock new file mode 100644 index 0000000..3e29f6f --- /dev/null +++ b/chromebox/chromebox1/flake.lock @@ -0,0 +1,70 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "owner": "nix-community", + "repo": "disko", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/chromebox/chromebox1/flake.nix b/chromebox/chromebox1/flake.nix new file mode 100644 index 0000000..1d7b474 --- /dev/null +++ b/chromebox/chromebox1/flake.nix @@ -0,0 +1,56 @@ +# +# nixos/chromebox/chromebox1/flake.nix +# +# example +# https://github.com/nix-community/nixos-anywhere-examples/blob/main/flake.nix +# +{ + description = "chromebox1 Flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + #nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + + }; + # https://github.com/nix-community/disko/ + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ nixpkgs, disko, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations.chromebox1 = nixpkgs.lib.nixosSystem { + system ="x86_64-linux"; + #inherit system; + modules = [ + disko.nixosModules.disko + #./hardware-configuration.nix + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; +} diff --git a/chromebox/chromebox1/hardware-configuration.nix b/chromebox/chromebox1/hardware-configuration.nix new file mode 100644 index 0000000..0d85b71 --- /dev/null +++ b/chromebox/chromebox1/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromebox1/home.nix b/chromebox/chromebox1/home.nix new file mode 100644 index 0000000..23744d6 --- /dev/null +++ b/chromebox/chromebox1/home.nix @@ -0,0 +1,84 @@ +{ + config, + pkgs, + ... +}: +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + gawk + jq + git + htop + btop + # + rsync + # + ethtool + iproute2 + vlan + tcpdump + # + # debug + strace + # + gnumake + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.11"; + programs.home-manager.enable = true; +} diff --git a/chromebox/chromebox1/hosts.nix b/chromebox/chromebox1/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/chromebox/chromebox1/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox1/il8n.nix b/chromebox/chromebox1/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/chromebox/chromebox1/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox1/k3s_master.nix b/chromebox/chromebox1/k3s_master.nix new file mode 100644 index 0000000..e049f18 --- /dev/null +++ b/chromebox/chromebox1/k3s_master.nix @@ -0,0 +1,68 @@ +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/docs/USAGE.md +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ + 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + ]; + networking.firewall.allowedUDPPorts = [ + # 8472 # k3s, flannel: required if using multi-node for inter-node networking + ]; + services.k3s = { + enable = true; + role = "server"; + # extraFlags: https://docs.k3s.io/cli/server + # extraFlags = toString [ + # # "--debug" # Optionally add additional args to k3s + # ]; + token = "notSecureTokenChromebox"; # FIX ME use tokenFile + clusterInit = true; + }; + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + (wrapHelm kubernetes-helm { + plugins = with pkgs.kubernetes-helmPlugins; [ + helm-secrets + helm-diff + helm-s3 + helm-git + ]; + }) + # + fluxcd + fluxctl + ]; +} + +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml +# sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml \ No newline at end of file diff --git a/chromebox/chromebox1/new.configuration.nix b/chromebox/chromebox1/new.configuration.nix new file mode 100644 index 0000000..c2d5b7c --- /dev/null +++ b/chromebox/chromebox1/new.configuration.nix @@ -0,0 +1,123 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/chromebox/chromebox1/nodeExporter.nix b/chromebox/chromebox1/nodeExporter.nix new file mode 100644 index 0000000..1ea764b --- /dev/null +++ b/chromebox/chromebox1/nodeExporter.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox1/not.hardware-configuration.nix b/chromebox/chromebox1/not.hardware-configuration.nix new file mode 100644 index 0000000..0d85b71 --- /dev/null +++ b/chromebox/chromebox1/not.hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromebox1/ok.hardware-configuration.nix b/chromebox/chromebox1/ok.hardware-configuration.nix new file mode 100644 index 0000000..b9df98d --- /dev/null +++ b/chromebox/chromebox1/ok.hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c71248ae-ec7c-4575-b7a9-1f3940362552"; + fsType = "xfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/04BA-F6CC"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/4b0f92f0-22af-45cf-ad6c-1c6af272a84d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromebox1/readme.md b/chromebox/chromebox1/readme.md new file mode 100644 index 0000000..3ad6348 --- /dev/null +++ b/chromebox/chromebox1/readme.md @@ -0,0 +1,94 @@ +# NixOS Anywhere + +## Quickstart +https://github.com/nix-community/nixos-anywhere/blob/main/docs/quickstart.md + +## How to +https://github.com/nix-community/nixos-anywhere/blob/main/docs/howtos/INDEX.md + +https://github.com/nix-community/nixos-anywhere-examples/blob/main/disk-config.nix + +https://github.com/nix-community/disko/blob/master/example/swap.nix + +https://numtide.com/projects/nixos-anywhere/ + +https://github.com/nix-community/nixos-anywhere-examples/blob/main/flake.nix + + +``` +das@chromebox3:~$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 0 1.8T 0 disk +├─sda1 8:1 0 1G 0 part /boot/efi +├─sda2 8:2 0 2G 0 part /boot +└─sda3 8:3 0 1.8T 0 part + ├─ubuntu--vg-ubuntu--lv 252:0 0 1.8T 0 lvm / + └─ubuntu--vg-lv--swap 252:1 0 32G 0 lvm [SWAP] +``` + +``` +das@chromebox3:~$ neofetch + .-/+oossssoo+/-. das@chromebox3 + `:+ssssssssssssssssss+:` -------------- + -+ssssssssssssssssssyyssss+- OS: Ubuntu 24.04.1 LTS x86_64 + .ossssssssssssssssssdMMMNysssso. Host: Panther 1.0 + /ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 6.8.0-51-generic + +ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 23 hours, 18 mins + /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 774 (dpkg) +.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: bash 5.2.21 ++sssshhhyNMMNyssssssssssssyNMMMysssssss+ Resolution: 3840x2160 +ossyNMMMNyMMhsssssssssssssshmmmhssssssso Terminal: /dev/pts/0 +ossyNMMMNyMMhsssssssssssssshmmmhssssssso CPU: Intel Celeron 2955U (2) @ 1.400GHz ++sssshhhyNMMNyssssssssssssyNMMMysssssss+ GPU: Intel Haswell-ULT +.ssssssssdMMMNhsssssssssshNMMMdssssssss. Memory: 410MiB / 15867MiB + /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/ + +sssssssssdmydMMMMMMMMddddyssssssss+ + /ssssssssssshdmNNNNmyNMMMMhssssss/ + .ossssssssssssssssssdMMMNysssso. + -+sssssssssssssssssyyyssss+- + `:+ssssssssssssssssss+:` + .-/+oossssoo+/-. +``` + +boot = 1G +lvm +swap = 32G +root = 100% + +``` +[das@chromebox3:~]$ neofetch + ▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ das@chromebox3 + ▜███▙ ▜███▙ ▟███▛ -------------- + ▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20250126.4e96537 (Vicuna) x86_64 + ▜███▙ ▜██████▛ Host: GOOGLE Panther + ▟█████████████████▙ ▜████▛ ▟▙ Kernel: 6.6.72 + ▟███████████████████▙ ▜███▙ ▟██▙ Uptime: 1 min + ▄▄▄▄▖ ▜███▙ ▟███▛ Packages: 406 (nix-system), 311 (nix-user) + ▟███▛ ▜██▛ ▟███▛ Shell: bash 5.2.37 + ▟███▛ ▜▛ ▟███▛ Resolution: 3840x2160 +▟███████████▛ ▟██████████▙ Terminal: /dev/pts/0 +▜██████████▛ ▟███████████▛ CPU: Intel Celeron 2955U (2) @ 1.400GHz + ▟███▛ ▟▙ ▟███▛ GPU: Intel Haswell-ULT + ▟███▛ ▟██▙ ▟███▛ Memory: 1050MiB / 15873MiB + ▟███▛ ▜███▙ ▝▀▀▀▀ + ▜██▛ ▜███▙ ▜██████████████████▛ + ▜▛ ▟████▙ ▜████████████████▛ + ▟██████▙ ▜███▙ + ▟███▛▜███▙ ▜███▙ + ▟███▛ ▜███▙ ▜███▙ + ▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘ +``` + +``` +[das@chromebox3:~]$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 0 1.8T 0 disk +├─sda1 8:1 0 1M 0 part +├─sda2 8:2 0 512M 0 part /boot +└─sda3 8:3 0 1.8T 0 part + ├─pool-atsCache 254:0 0 100G 0 lvm + ├─pool-root 254:1 0 1.5T 0 lvm /nix/store + │ / + ├─pool-sftp 254:2 0 20G 0 lvm /tftp + └─pool-swap 254:3 0 32G 0 lvm [SWAP] + ``` \ No newline at end of file diff --git a/chromebox/chromebox1/sysctl.nix b/chromebox/chromebox1/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/chromebox/chromebox1/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/chromebox/chromebox1/systemPackages.nix b/chromebox/chromebox1/systemPackages.nix new file mode 100644 index 0000000..99c5975 --- /dev/null +++ b/chromebox/chromebox1/systemPackages.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + ]; +} diff --git a/chromebox/chromebox2/Makefile b/chromebox/chromebox2/Makefile new file mode 100644 index 0000000..64c2726 --- /dev/null +++ b/chromebox/chromebox2/Makefile @@ -0,0 +1,43 @@ +# +# nixos/chromebox/chromebox2/Makefile +# +EXPECTED_HOSTNAME := chromebox2 + +ACTUAL_HOSTNAME := $(shell hostname) + +all: check_hostname rebuild + +check_hostname: +ifeq ($(ACTUAL_HOSTNAME),$(EXPECTED_HOSTNAME)) + @echo "Hostnames match: $(ACTUAL_HOSTNAME)" +else + @echo "Error: Hostname does not match. Expected: $(EXPECTED_HOSTNAME), Got: $(ACTUAL_HOSTNAME)" + @exit 1 +endif + +rebuild: + #sudo cp /home/das/nixos/modules/* /etc/nixos/ + #sudo cp ./*.nix /etc/nixos/ + #sudo nix-channel --update + #sudo nixos-rebuild switch + sudo nix flake update; + #sudo nix-channel --update; + sudo nixos-rebuild switch --flake . + +anywhere: + nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox2' --target-host root@172.16.40.217 +#nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox3' --target-host root@chromebox3 + +gen_hardware: + nix run github:numtide/nixos-anywhere -- -f '.#chromebox2' --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --target-host root@172.16.40.217 + +# minutes 10:58 +# https://www.youtube.com/watch?v=U_UwzMhixr8 +vmtest: + sudo nix flake update; + sudo nix flake lock; +#nix run github:numtide/nixos-anywhere -- -f '.#chromebox1' --vm-test --generate-hardware-config nixos-generate-config ./hardware-configuration.nix + nix run github:numtide/nixos-anywhere -- -f '.#chromebox1' --vm-test + +sync: + rsync -av /home/das/nixos/chromebox/chromebox2/ 172.16.40.217:/home/das/nixos/chromebox/chromebox2/ \ No newline at end of file diff --git a/chromebox/chromebox2/configuration.nix b/chromebox/chromebox2/configuration.nix new file mode 100644 index 0000000..21ed3c4 --- /dev/null +++ b/chromebox/chromebox2/configuration.nix @@ -0,0 +1,132 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +# sudo nixos-rebuild switch +# sudo nix-channel --update +# nix-shell -p vim +# nmcli device wifi connect MYSSID password PWORD +# systemctl restart display-manager.service + +{ config, pkgs, ... }: + +# https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F +# https://discourse.nixos.org/t/differences-between-nix-channels/13998 + +{ + # https://nixos.wiki/wiki/NixOS_modules + imports = + [ + ./disko-chromebox2.nix + #./hardware-configuration.nix + ./sysctl.nix + ./il8n.nix + ./systemPackages.nix + ./hosts.nix + ./nodeExporter.nix + #./docker-daemon.nix + #./k8s_master.nix + #./k3s_master.nix + #./k3s_node.nix + ]; + + # boot.loader.grub = { + # # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # # devices = [ ]; + # efiSupport = true; + # efiInstallAsRemovable = true; + # }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + #boot.loader.efi.canTouchEfiVariables = true; + + # https://nixos.wiki/wiki/Linux_kernel + boot.kernelPackages = pkgs.linuxPackages; + #boot.kernelPackages = pkgs.linuxPackages_latest; + + nix = { + gc = { + automatic = true; # Enable automatic execution of the task + dates = "weekly"; # Schedule the task to run weekly + options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + # https://nixos.wiki/wiki/Networking + # https://nlewo.github.io/nixos-manual-sphinx/configuration/ipv4-config.xml.html + networking.hostName = "chromebox2"; + + services.lldpd.enable = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + environment.sessionVariables = { + TERM = "xterm-256color"; + #MY_VARIABLE = "my-value"; + #ANOTHER_VARIABLE = "another-value"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.das = { + isNormalUser = true; + description = "das"; + password = "admin123"; + extraGroups = [ "wheel" "libvirtd" "docker" "kubernetes" ]; + # packages = with pkgs; [ + # ]; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + services.timesyncd.enable = true; + + services.fstrim.enable = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.05"; # Did you read the comment? + + # virtualisation.libvirtd.enable = true; + # programs.virt-manager.enable = true; + # services.qemuGuest.enable = true; + + # https://wiki.nixos.org/wiki/Laptop +} diff --git a/chromebox/chromebox2/disko-chromebox2.nix b/chromebox/chromebox2/disko-chromebox2.nix new file mode 100644 index 0000000..6702f06 --- /dev/null +++ b/chromebox/chromebox2/disko-chromebox2.nix @@ -0,0 +1,85 @@ +# +# nixos/chromebox/chromebox2 +# +# Starting point was: +# https://github.com/nix-community/disko/blob/master/example/lvm-sizes-sort.nix +# +# swap +# https://github.com/nix-community/disko/blob/master/example/swap.nix +# +# tmpfs +# https://github.com/nix-community/disko/blob/master/example/tmpfs.nix +# +# Other templates +# https://github.com/nix-community/disko-templates/blob/main/zfs-impermanence/disko-config.nix + +{ + disko.devices = { + disk = { + one = { + type = "disk"; + #device = "/dev/vdb"; # --vm-test + device = "/dev/sda"; # real + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + primary = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + swap = { + #size = "10%"; # --vm-test + size = "32G"; + content = { + type ="swap"; + #discardPolicy = "both"; + resumeDevice = true; # resume from hiberation from this device + }; + }; + root = { + size = "90%"; + content = { + type = "filesystem"; + format = "xfs"; # <---------- xfs! + mountpoint = "/"; + mountOptions = [ "defaults" ]; + #mountOptions = [ "defaults" "pquota" ]; + }; + }; + }; + }; + }; + # nodev = { + # "/tmp" = { + # fsType = "tmpfs"; + # mountOptions = [ "size=200M" ]; + # }; + # }; + }; +} diff --git a/chromebox/chromebox2/docker-daemon.nix b/chromebox/chromebox2/docker-daemon.nix new file mode 100644 index 0000000..fe72a86 --- /dev/null +++ b/chromebox/chromebox2/docker-daemon.nix @@ -0,0 +1,27 @@ + +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Docker + # https://search.nixos.org/options?from=0&size=50&sort=alpha_asc&query=virtualisation.docker + # https://search.nixos.org/options?channel=24.05&show=virtualisation.docker.extraOptions&from=0&size=50&sort=alpha_asc&type=packages&query=virtualisation.docker + # https://github.com/NixOS/nixpkgs/issues/68349 + virtualisation.docker.enable = true; + virtualisation.docker.daemon.settings = { + data-root = "/home/das/docker/"; + userland-proxy = false; + experimental = true; + ipv6 = true; + fixed-cidr-v6 = "fd00::/80"; + metrics-addr = "0.0.0.0:9323"; + # log-driver = "json-file"; + # log-opts.max-size = "10m"; + # log-opts.max-file = "10"; + }; + #this doesn't work + #virtualisation.docker.daemon.settings.log-opts.max-size = "10m"; + # https://docs.docker.com/reference/cli/dockerd/ + #virtualisation.docker.extraOptions = "--userland-proxy=false"; + #virtualisation.docker.extraOptions = "--log-opt=max-size=10m"; + #virtualisation.docker.extraOptions = "--ipv6"; +} \ No newline at end of file diff --git a/chromebox/chromebox2/flake.lock b/chromebox/chromebox2/flake.lock new file mode 100644 index 0000000..3e29f6f --- /dev/null +++ b/chromebox/chromebox2/flake.lock @@ -0,0 +1,70 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "owner": "nix-community", + "repo": "disko", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/chromebox/chromebox2/flake.nix b/chromebox/chromebox2/flake.nix new file mode 100644 index 0000000..1821696 --- /dev/null +++ b/chromebox/chromebox2/flake.nix @@ -0,0 +1,56 @@ +# +# nixos/chromebox/chromebox2/flake.nix +# +# example +# https://github.com/nix-community/nixos-anywhere-examples/blob/main/flake.nix +# +{ + description = "chromebox2 Flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + #nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + # The `follows` keyword in inputs is used for inheritance. + # Here, `inputs.nixpkgs` of home-manager is kept consistent with + # the `inputs.nixpkgs` of the current flake, + # to avoid problems caused by different versions of nixpkgs. + inputs.nixpkgs.follows = "nixpkgs"; + + }; + # https://github.com/nix-community/disko/ + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ nixpkgs, disko, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + lib = nixpkgs.lib; + in { + nixosConfigurations.chromebox2 = nixpkgs.lib.nixosSystem { + system ="x86_64-linux"; + #inherit system; + modules = [ + disko.nixosModules.disko + #./hardware-configuration.nix + ./configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.das = import ./home.nix; + + # Optionally, use home-manager.extraSpecialArgs to pass + # arguments to home.nix + } + ]; + }; + }; +} diff --git a/chromebox/chromebox2/hardware-configuration.nix b/chromebox/chromebox2/hardware-configuration.nix new file mode 100644 index 0000000..0d85b71 --- /dev/null +++ b/chromebox/chromebox2/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromebox2/home.nix b/chromebox/chromebox2/home.nix new file mode 100644 index 0000000..23744d6 --- /dev/null +++ b/chromebox/chromebox2/home.nix @@ -0,0 +1,84 @@ +{ + config, + pkgs, + ... +}: +{ + home.username = "das"; + home.homeDirectory = "/home/das"; + + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + #home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + KUBECONFIG = "/home/das/k3s.yaml"; + TERM = "xterm-256color"; + }; + + home.packages = with pkgs; [ + # + killall + hw-probe + lshw + hwloc + # + tmux + screen + # + gawk + jq + git + htop + btop + # + rsync + # + ethtool + iproute2 + vlan + tcpdump + # + # debug + strace + # + gnumake + ]; + + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + k = "kubectl"; + }; + }; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.11"; + programs.home-manager.enable = true; +} diff --git a/chromebox/chromebox2/hosts.nix b/chromebox/chromebox2/hosts.nix new file mode 100644 index 0000000..b60a4f0 --- /dev/null +++ b/chromebox/chromebox2/hosts.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + networking.hosts = { + "172.16.40.198" = ["hp0" "hp0eth"]; # adi's room + "172.16.40.141" = ["hp0wifi"]; + "172.16.40.142" = ["hp1" "hp1eth"]; + "172.16.40.212" = ["hp2" "hp2eth"]; + "172.16.40.146" = ["hp3" "hp3eth"]; # savi's room + "172.16.40.130" = ["hp3wifi"]; + "172.16.50.232" = ["hp4" "hp4eth"]; # rack + "172.16.40.70" = ["hp5" "hp5eth"]; + "172.16.40.122" = ["pi5-1" "pi5-1-eth"]; + "172.16.40.62" = ["chromebox3" "chromebox3-eth"]; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox2/il8n.nix b/chromebox/chromebox2/il8n.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/chromebox/chromebox2/il8n.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox2/k3s_master.nix b/chromebox/chromebox2/k3s_master.nix new file mode 100644 index 0000000..e049f18 --- /dev/null +++ b/chromebox/chromebox2/k3s_master.nix @@ -0,0 +1,68 @@ +# https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/docs/USAGE.md +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ + 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + ]; + networking.firewall.allowedUDPPorts = [ + # 8472 # k3s, flannel: required if using multi-node for inter-node networking + ]; + services.k3s = { + enable = true; + role = "server"; + # extraFlags: https://docs.k3s.io/cli/server + # extraFlags = toString [ + # # "--debug" # Optionally add additional args to k3s + # ]; + token = "notSecureTokenChromebox"; # FIX ME use tokenFile + clusterInit = true; + }; + # packages for administration tasks + environment.systemPackages = with pkgs; [ + kompose + kubectl + openssl + cfssl + certmgr + istioctl + krew + kubevirt + # + kubeshark + # kubectl-ktop + kubectl-klock + kube-capacity + kubectl-images + kubectl-gadget + # this is very old + #kubectl-doctor + # https://github.com/boz/kail + kail + ktop + # https://github.com/kdash-rs/kdash + kdash + # # https://github.com/int128/kubelogin + # kubelogin-oidc + # k9s --kubeconfig=dev-d.kubeconfig + k9s + # + (wrapHelm kubernetes-helm { + plugins = with pkgs.kubernetes-helmPlugins; [ + helm-secrets + helm-diff + helm-s3 + helm-git + ]; + }) + # + fluxcd + fluxctl + ]; +} + +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml +# sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# sudo chown root:wheel /etc/rancher/k3s/k3s.yaml && sudo chmod 640 /etc/rancher/k3s/k3s.yaml +# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml \ No newline at end of file diff --git a/chromebox/chromebox2/new.configuration.nix b/chromebox/chromebox2/new.configuration.nix new file mode 100644 index 0000000..c2d5b7c --- /dev/null +++ b/chromebox/chromebox2/new.configuration.nix @@ -0,0 +1,123 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/chromebox/chromebox2/nodeExporter.nix b/chromebox/chromebox2/nodeExporter.nix new file mode 100644 index 0000000..1ea764b --- /dev/null +++ b/chromebox/chromebox2/nodeExporter.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/default.nix + services.prometheus.exporters.node = { + enable = true; + port = 9000; + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix + enabledCollectors = [ "systemd" ]; + # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter --help + extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ]; + }; +} \ No newline at end of file diff --git a/chromebox/chromebox2/readme.md b/chromebox/chromebox2/readme.md new file mode 100644 index 0000000..3ad6348 --- /dev/null +++ b/chromebox/chromebox2/readme.md @@ -0,0 +1,94 @@ +# NixOS Anywhere + +## Quickstart +https://github.com/nix-community/nixos-anywhere/blob/main/docs/quickstart.md + +## How to +https://github.com/nix-community/nixos-anywhere/blob/main/docs/howtos/INDEX.md + +https://github.com/nix-community/nixos-anywhere-examples/blob/main/disk-config.nix + +https://github.com/nix-community/disko/blob/master/example/swap.nix + +https://numtide.com/projects/nixos-anywhere/ + +https://github.com/nix-community/nixos-anywhere-examples/blob/main/flake.nix + + +``` +das@chromebox3:~$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 0 1.8T 0 disk +├─sda1 8:1 0 1G 0 part /boot/efi +├─sda2 8:2 0 2G 0 part /boot +└─sda3 8:3 0 1.8T 0 part + ├─ubuntu--vg-ubuntu--lv 252:0 0 1.8T 0 lvm / + └─ubuntu--vg-lv--swap 252:1 0 32G 0 lvm [SWAP] +``` + +``` +das@chromebox3:~$ neofetch + .-/+oossssoo+/-. das@chromebox3 + `:+ssssssssssssssssss+:` -------------- + -+ssssssssssssssssssyyssss+- OS: Ubuntu 24.04.1 LTS x86_64 + .ossssssssssssssssssdMMMNysssso. Host: Panther 1.0 + /ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 6.8.0-51-generic + +ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 23 hours, 18 mins + /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 774 (dpkg) +.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: bash 5.2.21 ++sssshhhyNMMNyssssssssssssyNMMMysssssss+ Resolution: 3840x2160 +ossyNMMMNyMMhsssssssssssssshmmmhssssssso Terminal: /dev/pts/0 +ossyNMMMNyMMhsssssssssssssshmmmhssssssso CPU: Intel Celeron 2955U (2) @ 1.400GHz ++sssshhhyNMMNyssssssssssssyNMMMysssssss+ GPU: Intel Haswell-ULT +.ssssssssdMMMNhsssssssssshNMMMdssssssss. Memory: 410MiB / 15867MiB + /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/ + +sssssssssdmydMMMMMMMMddddyssssssss+ + /ssssssssssshdmNNNNmyNMMMMhssssss/ + .ossssssssssssssssssdMMMNysssso. + -+sssssssssssssssssyyyssss+- + `:+ssssssssssssssssss+:` + .-/+oossssoo+/-. +``` + +boot = 1G +lvm +swap = 32G +root = 100% + +``` +[das@chromebox3:~]$ neofetch + ▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ das@chromebox3 + ▜███▙ ▜███▙ ▟███▛ -------------- + ▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20250126.4e96537 (Vicuna) x86_64 + ▜███▙ ▜██████▛ Host: GOOGLE Panther + ▟█████████████████▙ ▜████▛ ▟▙ Kernel: 6.6.72 + ▟███████████████████▙ ▜███▙ ▟██▙ Uptime: 1 min + ▄▄▄▄▖ ▜███▙ ▟███▛ Packages: 406 (nix-system), 311 (nix-user) + ▟███▛ ▜██▛ ▟███▛ Shell: bash 5.2.37 + ▟███▛ ▜▛ ▟███▛ Resolution: 3840x2160 +▟███████████▛ ▟██████████▙ Terminal: /dev/pts/0 +▜██████████▛ ▟███████████▛ CPU: Intel Celeron 2955U (2) @ 1.400GHz + ▟███▛ ▟▙ ▟███▛ GPU: Intel Haswell-ULT + ▟███▛ ▟██▙ ▟███▛ Memory: 1050MiB / 15873MiB + ▟███▛ ▜███▙ ▝▀▀▀▀ + ▜██▛ ▜███▙ ▜██████████████████▛ + ▜▛ ▟████▙ ▜████████████████▛ + ▟██████▙ ▜███▙ + ▟███▛▜███▙ ▜███▙ + ▟███▛ ▜███▙ ▜███▙ + ▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘ +``` + +``` +[das@chromebox3:~]$ lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 0 1.8T 0 disk +├─sda1 8:1 0 1M 0 part +├─sda2 8:2 0 512M 0 part /boot +└─sda3 8:3 0 1.8T 0 part + ├─pool-atsCache 254:0 0 100G 0 lvm + ├─pool-root 254:1 0 1.5T 0 lvm /nix/store + │ / + ├─pool-sftp 254:2 0 20G 0 lvm /tftp + └─pool-swap 254:3 0 32G 0 lvm [SWAP] + ``` \ No newline at end of file diff --git a/chromebox/chromebox2/sysctl.nix b/chromebox/chromebox2/sysctl.nix new file mode 100644 index 0000000..ed11dac --- /dev/null +++ b/chromebox/chromebox2/sysctl.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # https://github.com/torvalds/linux/blob/master/Documentation/networking/ip-sysctl.rst?plain=1#L1042 + # https://lwn.net/Articles/560082/ + "net.ipv4.tcp_notsent_lowat" = "131072"; + #net.ipv4.tcp_notsent_lowat = 4294967295 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/chromebox/chromebox2/systemPackages.nix b/chromebox/chromebox2/systemPackages.nix new file mode 100644 index 0000000..99c5975 --- /dev/null +++ b/chromebox/chromebox2/systemPackages.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + psmisc + vim + curl + wget + tcpdump + iproute2 + nftables + iptables + pciutils + usbutils + iw + wirelesstools + wpa_supplicant + #wpa_supplicant_ro_ssids + lldpd + #snmp seems to be needed by lldpd + net-snmp + neofetch + ]; +} diff --git a/chromebox/chromebox3/Makefile b/chromebox/chromebox3/Makefile index 353cb6a..20f0592 100644 --- a/chromebox/chromebox3/Makefile +++ b/chromebox/chromebox3/Makefile @@ -24,12 +24,12 @@ rebuild: sudo nix-channel --update; sudo nixos-rebuild switch --flake . -try: - nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox3' --target-host root@172.16.40.63 +anywhere: + nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox3' --target-host root@172.16.40.62 #nix run github:nix-community/nixos-anywhere -- --flake '.#chromebox3' --target-host root@chromebox3 gen_hardware: - nix run github:numtide/nixos-anywhere -- -f '.#chromebox3' --generate-hardware-config nixos-generate-config ./hardware-configuration.nix + nix run github:numtide/nixos-anywhere -- -f '.#chromebox3' --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --target-host root@172.16.40.62 # minutes 10:58 # https://www.youtube.com/watch?v=U_UwzMhixr8 diff --git a/chromebox/chromebox3/configuration.nix b/chromebox/chromebox3/configuration.nix index 25580cf..d317bcb 100644 --- a/chromebox/chromebox3/configuration.nix +++ b/chromebox/chromebox3/configuration.nix @@ -23,18 +23,22 @@ ./systemPackages.nix ./hosts.nix ./nodeExporter.nix - ./docker-daemon.nix + #./docker-daemon.nix #./k8s_master.nix - ./k3s_master.nix + #./k3s_master.nix #./k3s_node.nix ]; - boot.loader.grub = { - # no need to set devices, disko will add all devices that have a EF02 partition to the list already - # devices = [ ]; - efiSupport = true; - efiInstallAsRemovable = true; - }; + # boot.loader.grub = { + # # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # # devices = [ ]; + # efiSupport = true; + # efiInstallAsRemovable = true; + # }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; #boot.loader.efi.canTouchEfiVariables = true; @@ -117,7 +121,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "25.05"; # Did you read the comment? # virtualisation.libvirtd.enable = true; # programs.virt-manager.enable = true; diff --git a/chromebox/chromebox3/flake.lock b/chromebox/chromebox3/flake.lock index 606e1c3..8a2d25e 100644 --- a/chromebox/chromebox3/flake.lock +++ b/chromebox/chromebox3/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1737038063, - "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -27,32 +27,32 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1737885640, - "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", + "lastModified": 1760580664, + "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4e96537f163fad24ed9eb317798a79afc85b51b7", + "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/chromebox/chromebox3/flake.nix b/chromebox/chromebox3/flake.nix index 4a9128d..87eef2a 100644 --- a/chromebox/chromebox3/flake.nix +++ b/chromebox/chromebox3/flake.nix @@ -8,10 +8,12 @@ description = "chromebox3 Flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + #nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; + #url = "github:nix-community/home-manager/release-24.11"; # The `follows` keyword in inputs is used for inheritance. # Here, `inputs.nixpkgs` of home-manager is kept consistent with # the `inputs.nixpkgs` of the current flake, diff --git a/chromebox/chromebox3/hardware-configuration.nix b/chromebox/chromebox3/hardware-configuration.nix index 80bf53a..0d85b71 100644 --- a/chromebox/chromebox3/hardware-configuration.nix +++ b/chromebox/chromebox3/hardware-configuration.nix @@ -1 +1,26 @@ -throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-generate-config ./hardware-configuration.nix`?" \ No newline at end of file +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromebox3/home.nix b/chromebox/chromebox3/home.nix index 733850e..a776770 100644 --- a/chromebox/chromebox3/home.nix +++ b/chromebox/chromebox3/home.nix @@ -15,7 +15,7 @@ #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; # disable wayland #NIXOS_OZONE_WL = "1"; - KUBECONFIG = "/home/das/k3s.yaml"; + #KUBECONFIG = "/home/das/k3s.yaml"; TERM = "xterm-256color"; }; @@ -45,6 +45,7 @@ # # debug strace + gnumake ]; programs.bash = { @@ -78,6 +79,6 @@ nixpkgs.config.allowUnfree = true; - home.stateVersion = "24.11"; + home.stateVersion = "25.05"; programs.home-manager.enable = true; } diff --git a/chromebox/chromebox3/not.hardware-configuration.nix b/chromebox/chromebox3/not.hardware-configuration.nix new file mode 100644 index 0000000..80bf53a --- /dev/null +++ b/chromebox/chromebox3/not.hardware-configuration.nix @@ -0,0 +1 @@ +throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-generate-config ./hardware-configuration.nix`?" \ No newline at end of file diff --git a/chromebox/chromebox3/not2.hardware-configuration.nix b/chromebox/chromebox3/not2.hardware-configuration.nix new file mode 100644 index 0000000..0d85b71 --- /dev/null +++ b/chromebox/chromebox3/not2.hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/chromebox/chromeboxes b/chromebox/chromeboxes new file mode 100644 index 0000000..fa22348 --- /dev/null +++ b/chromebox/chromeboxes @@ -0,0 +1,4 @@ + +a8:1e:84:9c:23:43 172.16.40.178 chromebox1 +c4:54:44:8c:87:5f 172.16.40.217 chromebox2 +c4:54:44:3a:32:ee 172.16.40.62 chromebox3 diff --git a/desktop/l/fan2go.nix b/desktop/l/fan2go.nix index 2f92ad9..9a51e8b 100644 --- a/desktop/l/fan2go.nix +++ b/desktop/l/fan2go.nix @@ -72,31 +72,22 @@ let debugLogger = '' # Set default debug level if not provided. : "''${DEBUG_LEVEL:=0}" # Use quoted expansion to satisfy shellcheck - : "''${DEBUG_LEVEL:=0}" LOG_FILE="/tmp/fan2go-debug-$(date +%Y%m%d%H).log" log_debug() { # Append message to the log file if debug level is 7 or higher. if [[ ''${DEBUG_LEVEL} -ge 7 ]]; then echo "[$(date +%T)] DEBUG: $*" >> "$LOG_FILE"; fi - if [[ ''${DEBUG_LEVEL} -ge 7 ]]; then echo "[$(date +%T)] [$$] DEBUG: $*" >> "$LOG_FILE"; fi } ''; # Create the bash scripts for fan control setPwmScript = pkgs.writeShellApplication { name = "setPwm.bash"; - # A single, unified script to wrap all liquidctl interactions, - # preventing race conditions by design. - liquidctlWrapperScript = pkgs.writeShellApplication { - name = "liquidctl-wrapper.bash"; runtimeInputs = [ pkgs.liquidctl pkgs.util-linux pkgs.coreutils ]; text = '' # Convert fan2go PWM (0-255) to liquidctl percentage (0-100) # PWM value is passed as the first argument ${debugLogger} log_debug "setPwm started with argument: $1" - ${debugLogger} - ACTION="$1" - log_debug "Wrapper called with action: $ACTION" # Check if the pwm_value argument was provided. : "''${1:?PWM value not provided as an argument}" @@ -112,27 +103,6 @@ let done ''; }; - case "$ACTION" in - set-pwm) - PWM_VALUE="$2" - : "''${PWM_VALUE:?PWM value not provided for set-pwm action}" - percent=$((PWM_VALUE * 100 / 255)) - log_debug "Calculated percent: $percent" - for i in {1..3}; do - ( flock 200; liquidctl --vendor ${liquidctlVendorId} set fan1 speed "$percent" 2>> "$LOG_FILE" ) 200>${liquidctlLockFile} && break - log_debug "Attempt #$i failed. Sleeping." - sleep ${toString retrySleepDuration} - done - ;; - get-pwm|get-rpm) - output="" - for i in {1..3}; do - output=$( ( flock -s 200; liquidctl --vendor ${liquidctlVendorId} status 2>> "$LOG_FILE" ) 200>${liquidctlLockFile} ) - [ -n "$output" ] && break - log_debug "Attempt #$i failed (no output). Sleeping." - sleep ${toString retrySleepDuration} - done - log_debug "Raw liquidctl output: $output" getPwmScript = pkgs.writeShellApplication { name = "getPwm.bash"; @@ -160,22 +130,6 @@ let exit 0 fi echo 0 - if [[ $output =~ Fan\ speed\ 1[^0-9]+([0-9]+) ]]; then - rpm=''${BASH_REMATCH[1]} - if [[ "$ACTION" == "get-pwm" ]]; then - echo $((rpm * 255 / 2000)) - else # get-rpm - echo "$rpm" - fi - else - echo 0 - fi - ;; - *) - log_debug "Unknown action: $ACTION" - exit 1 - ;; - esac ''; }; @@ -218,15 +172,12 @@ let echo "Checking setPwm script..." shellcheck ${setPwmScript}/bin/setPwm.bash || exit 1 - shellcheck ${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash || exit 1 echo "Checking getPwm script..." shellcheck ${getPwmScript}/bin/getPwm.bash || exit 1 - shellcheck ${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash || exit 1 echo "Checking getRpm script..." shellcheck ${getRpmScript}/bin/getRpm.bash || exit 1 - shellcheck ${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash || exit 1 echo "All scripts passed shellcheck validation!" ''; @@ -251,24 +202,18 @@ let setPwm: exec: "${setPwmScript}/bin/setPwm.bash" args: ["%pwm%"] - exec: "${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash" - args: ["set-pwm", "%pwm%"] env: DEBUG_LEVEL: "${toString debugLevel}" # The `getPwm` command should return the current PWM value. # Since liquidctl doesn't provide PWM directly, we convert from the RPM value. getPwm: exec: "${getPwmScript}/bin/getPwm.bash" - exec: "${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash" - args: ["get-pwm"] env: DEBUG_LEVEL: "${toString debugLevel}" # The `getRpm` command gets the current RPM value from liquidctl. # This helps fan2go understand the fan's current state. getRpm: exec: "${getRpmScript}/bin/getRpm.bash" - exec: "${liquidctlWrapperScript}/bin/liquidctl-wrapper.bash" - args: ["get-rpm"] env: DEBUG_LEVEL: "${toString debugLevel}" # Fan speed is a percentage for liquidctl