mara/nixos-configs
mara/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: mara:5188d951ef09aede3706331114adeb55f7fead31
Branches Tags
mara:main
..
compare: mara:b1adbd1033c45ebca8a9d83f4b0856f1ef834ae2
Branches Tags
mara:main

10 commits
5188d951ef ... b1adbd1033

Author SHA1 Message Date
müde
b1adbd1033 hyperforge: add forge 2026-05-27 17:58:24 +02:00
müde
bda4fbe2c0 extract hetzner vm module, add device hyperforge 2026-05-27 17:44:03 +02:00
müde
340d51b45a hyperhive: update 2026-05-21 21:09:29 +02:00
müde
dad447aee0 hyperhive update 2026-05-20 19:29:36 +02:00
müde
0182c37a04 nix flake update, enable hyperhive forge 2026-05-17 22:23:35 +02:00
müde
bdd2c2efe1 hyperhive: override unstable, update 2026-05-15 20:14:56 +02:00
müde
aa77543f14 misc installs 2026-05-15 17:52:16 +02:00
müde
a9cd9aa069 remote builds: fallback to local build 2026-05-15 17:51:51 +02:00
müde
cc3cb4fc72 add hyperhive 2026-05-15 17:51:23 +02:00
müde
15c32a95a4 nix flake update 2026-05-14 20:56:52 +02:00
17 changed files with 364 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

3
devices.nix
View file

@ -38,6 +38,9 @@ in
hetzner-vpn2 = { hetzner-vpn2 = {
system = "aarch64-linux"; system = "aarch64-linux";
}; };
hyperforge = {
system = "aarch64-linux";
};
muede-lpt2 = { muede-lpt2 = {
system = "x86_64-linux"; system = "x86_64-linux";
isDesktop = true; isDesktop = true;

203
flake.lock generated
View file

@ -161,6 +161,7 @@
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"hyperhive",
"naersk", "naersk",
"nixpkgs" "nixpkgs"
], ],
@ -180,6 +181,28 @@
"type": "github" "type": "github"
} }
}, },
"fenix_2": {
"inputs": {
"nixpkgs": [
"naersk",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
"lastModified": 1752475459,
"narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=",
"owner": "nix-community",
"repo": "fenix",
"rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -232,11 +255,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1775087534, "lastModified": 1778716662,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -330,11 +353,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1775425411, "lastModified": 1778905220,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "narHash": "sha256-ox/5IHc8uwy6UTw6N7Shp6uCHIgu/S2PsWeuXsOHSo8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "rev": "d1686dc7d36cbd1234cb226ad6ef97e882716acb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,6 +367,31 @@
"type": "github" "type": "github"
} }
}, },
"hyperhive": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": [
"nixpkgs-unstable"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1779389374,
"narHash": "sha256-u/ygppXPZc3VshRDhU9MY3Zc2pJn9QlWvmZiEEefJvA=",
"ref": "refs/heads/main",
"rev": "0884a5496015472afad97972a7c12fc1cd06a59e",
"revCount": 547,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/hyperhive.git"
},
"original": {
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/hyperhive.git"
}
},
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -374,15 +422,37 @@
"inputs": { "inputs": {
"fenix": "fenix", "fenix": "fenix",
"nixpkgs": [ "nixpkgs": [
"hyperhive",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1777031541, "lastModified": 1778151388,
"narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=", "narHash": "sha256-lldMJPUeouEjO8/7aLuwhcsIw29vVihm2ZALzjiqfec=",
"owner": "nix-community", "owner": "nix-community",
"repo": "naersk", "repo": "naersk",
"rev": "5e73301621274c44798bf6c6211ed27fc2ced201", "rev": "efdddff9ff4d8e7d0056d57ec67dac50f75ab8f6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": {
"fenix": "fenix_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1778151388,
"narHash": "sha256-lldMJPUeouEjO8/7aLuwhcsIw29vVihm2ZALzjiqfec=",
"owner": "nix-community",
"repo": "naersk",
"rev": "efdddff9ff4d8e7d0056d57ec67dac50f75ab8f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -405,11 +475,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable" "xwayland-satellite-unstable": "xwayland-satellite-unstable"
}, },
"locked": { "locked": {
"lastModified": 1777472199, "lastModified": 1778942403,
"narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=", "narHash": "sha256-SPCWvqeVySTNUgX/shARpRl5fi/NnkObUgDGR/Aco4c=",
"owner": "sodiboo", "owner": "sodiboo",
"repo": "niri-flake", "repo": "niri-flake",
"rev": "323a80f2ce4541c595d491acbd15a8800201cbae", "rev": "daefca3370581223fedc24d0101c4915a3689f9e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -438,11 +508,11 @@
"niri-unstable": { "niri-unstable": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1777468255, "lastModified": 1778858756,
"narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=", "narHash": "sha256-9VvAHNoi2wd0fxLfJOPChZMS7l6rhCtAJmpd59Hv5rw=",
"owner": "YaLTeR", "owner": "YaLTeR",
"repo": "niri", "repo": "niri",
"rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d", "rev": "cd5ac3e5e04bb5a11276d3c755fa25242818e05f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -473,11 +543,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777434090, "lastModified": 1778990260,
"narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=", "narHash": "sha256-IE5biNRhbQdrziKZbbS47ELDyv38mI4hdFf9zMq6meU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b", "rev": "357e5e238302b5908f033b828c5f1d8b3d73b4e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -556,11 +626,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1775857096, "lastModified": 1779023229,
"narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=", "narHash": "sha256-MInilg7B/06c34SwOuGSBho4l0H1EZcmvxTkSWCs5pE=",
"owner": "nvmd", "owner": "nvmd",
"repo": "nixos-raspberrypi", "repo": "nixos-raspberrypi",
"rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba", "rev": "06c6e3513e1ee64b651913193fc6ac38aa4963f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -572,11 +642,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1775595990, "lastModified": 1778737229,
"narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", "narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", "rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -588,11 +658,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1774748309, "lastModified": 1777168982,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a", "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -603,11 +673,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1777270315, "lastModified": 1778869304,
"narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=", "narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6368eda62c9775c38ef7f714b2555a741c20c72d", "rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -619,11 +689,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1777077449, "lastModified": 1778737229,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", "narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", "rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -656,14 +726,14 @@
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"quickshell": "quickshell", "quickshell": "quickshell",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1778180483, "lastModified": 1778182618,
"narHash": "sha256-35cMiZn5DAnYFpKFdWg5dxW7hLO3/ey743ED6yV3pL8=", "narHash": "sha256-1KzLskWhgJZu0jL03UZZtmHBgk11HMhLFvO9mCWnCao=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "dfa3840d97186fef3480b49f289acd3ae707ee27", "rev": "628ae67b7def027553c287cfd71f840570469bce",
"revCount": 626, "revCount": 627,
"type": "git", "type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/nova-shell" "url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
}, },
@ -682,11 +752,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777499139, "lastModified": 1779047312,
"narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=", "narHash": "sha256-Q4CSXZehRX3CKnXXaHc2nCMjK9lgZR2Leu5DTwe1Vnw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc", "rev": "8070eab81003118a0d3cde9c316aca3b2c21533e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -746,8 +816,9 @@
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyperhive": "hyperhive",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"naersk": "naersk", "naersk": "naersk_2",
"niri": "niri", "niri": "niri",
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
@ -761,7 +832,7 @@
"servicepoint-simulator": "servicepoint-simulator", "servicepoint-simulator": "servicepoint-simulator",
"servicepoint-tanks": "servicepoint-tanks", "servicepoint-tanks": "servicepoint-tanks",
"stylix": "stylix", "stylix": "stylix",
"treefmt-nix": "treefmt-nix_2", "treefmt-nix": "treefmt-nix_3",
"zerforschen-plus": "zerforschen-plus" "zerforschen-plus": "zerforschen-plus"
} }
}, },
@ -782,6 +853,23 @@
"type": "github" "type": "github"
} }
}, },
"rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1752428706,
"narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "591e3b7624be97e4443ea7b5542c191311aa141d",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -903,11 +991,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1776894428, "lastModified": 1778680496,
"narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=", "narHash": "sha256-tUq1WASV0dHLv3j18log8V6Esq0NYkXuzNH2EHsstcg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d", "rev": "fc5bec2e44678eeaa221d566d447a0257a884737",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1016,7 +1104,7 @@
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nova-shell", "hyperhive",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -1035,6 +1123,27 @@
} }
}, },
"treefmt-nix_2": { "treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nova-shell",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"

7
flake.nix
View file

@ -13,6 +13,13 @@
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs"; #inputs.nixpkgs.follows = "nixpkgs";
}; };
hyperhive = {
url = "git+https://git.berlin.ccc.de/vinzenz/hyperhive.git";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-unstable.follows = "nixpkgs-unstable";
};
};
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3"; url = "github:nix-community/lanzaboote/v0.4.3";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

3
homeConfigurations/muede/default.nix
View file

@ -74,10 +74,11 @@
arduino-cli arduino-cli
arduino-ide arduino-ide
btop btop
claude-code unstable.claude-code
dconf2nix dconf2nix
foliate foliate
fractal fractal
file
geary geary
gnome-terminal gnome-terminal
gparted gparted

1
nixosConfigurations/damocles/claude-container.nix
View file

@ -19,6 +19,7 @@
gnugrep gnugrep
curl curl
bintools bintools
file
]; ];
boot.isContainer = true; boot.isContainer = true;

3
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -10,9 +10,6 @@
# uncomment for build check on non arm system (requires --impure) # uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem; # nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = { users.users = {
root.openssh.authorizedKeys.keys = [ root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"

54
nixosConfigurations/forgejo-runner-1/hardware.nix
View file

@ -3,56 +3,12 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = { config = {
boot = { my.hetznerVm = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/47bc77ff-12e1-4d39-bb5c-fb100ccd3aab";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/05F2-8F9A";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true; enable = true;
networks."10-wan" = { rootUuid = "47bc77ff-12e1-4d39-bb5c-fb100ccd3aab";
matchConfig.Name = "enp1s0"; bootUuid = "05F2-8F9A";
networkConfig.DHCP = "ipv4"; swapUuid = "bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10";
address = [ ipv6Address = "2a01:4f8:c013:a524::1/64";
"2a01:4f8:c013:a524::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
}; };
}; };
} }

4
nixosConfigurations/hetzner-vpn2/default.nix
View file

@ -8,15 +8,11 @@
# uncomment for build check on non arm system (requires --impure) # uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem; # nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
]; ];
system.autoUpgrade.allowReboot = true;
}; };
} }

54
nixosConfigurations/hetzner-vpn2/hardware.nix
View file

@ -3,56 +3,12 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = { config = {
boot = { my.hetznerVm = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3263489d-9819-433c-b198-9d2e732a94e4";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/6C25-6BDC";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e147721d-86b5-40d7-a231-c6ea391c563d"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true; enable = true;
networks."10-wan" = { rootUuid = "3263489d-9819-433c-b198-9d2e732a94e4";
matchConfig.Name = "enp1s0"; bootUuid = "6C25-6BDC";
networkConfig.DHCP = "ipv4"; swapUuid = "e147721d-86b5-40d7-a231-c6ea391c563d";
address = [ ipv6Address = "2a01:4f8:c013:65dd::1/64";
"2a01:4f8:c013:65dd::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
}; };
}; };
} }

18
nixosConfigurations/hyperforge/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
imports = [
./hardware.nix
./forgejo.nix
./nginx.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
];
};
}

24
nixosConfigurations/hyperforge/forgejo.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
let
srv = config.services.forgejo.settings.server;
in
{
services.forgejo = {
enable = true;
database.type = "sqlite3";
lfs.enable = true;
settings = {
server = {
DOMAIN = "forge.darkest.space";
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
SSH_PORT = lib.head config.services.openssh.ports;
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
services.openssh.enable = true;
}

14
nixosConfigurations/hyperforge/hardware.nix Normal file
View file

@ -0,0 +1,14 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
my.hetznerVm = {
enable = true;
rootUuid = "73dfcfd2-3a61-4b05-8440-d57072b89eda";
bootUuid = "E9C2-D85B";
swapUuid = "737140f2-c2fd-4af9-9974-f05642f8d90e";
ipv6Address = "2a01:4f8:c013:cbdd::1/64";
};
};
}

32
nixosConfigurations/hyperforge/nginx.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, ... }:
let
srv = config.services.forgejo.settings.server;
in
{
security.acme = {
acceptTerms = true;
defaults.email = "acme@darkest.space";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts.${srv.DOMAIN} = {
enableACME = true;
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}";
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

1
nixosConfigurations/muede-lpt2/default.nix
View file

@ -3,6 +3,7 @@
imports = [ imports = [
./containers.nix ./containers.nix
./hardware.nix ./hardware.nix
./hyperhive.nix
]; ];
config = { config = {

9
nixosConfigurations/muede-lpt2/hyperhive.nix Normal file
View file

@ -0,0 +1,9 @@
{ hyperhive, ... }:
{
imports = [
hyperhive.nixosModules.hive-c0re
hyperhive.nixosModules.hive-forge
];
config.services.hive-c0re.enable = true;
}

2
nixosModules/distributed-builds.nix
View file

@ -82,7 +82,7 @@ in
}) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices); }) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices);
nix.settings = { nix.settings = {
#fallback = true; fallback = true;
connect-timeout = 5; connect-timeout = 5;
trusted-public-keys = lib.pipe buildServerDevices [ trusted-public-keys = lib.pipe buildServerDevices [
(lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null)) (lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null))

86
nixosModules/hetzner-vm.nix Normal file
View file

@ -0,0 +1,86 @@
{
lib,
config,
...
}:
let
cfg = config.my.hetznerVm;
in
{
options.my.hetznerVm = {
enable = lib.mkEnableOption "Hetzner Cloud aarch64 qemu-guest defaults";
rootUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the root ext4 filesystem.";
};
bootUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the FAT /boot partition.";
};
swapUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the swap device.";
};
ipv6Address = lib.mkOption {
type = lib.types.str;
description = "Static IPv6 address (with /prefix) assigned to enp1s0.";
example = "2a01:4f8:c013:cbdd::1/64";
};
};
config = lib.mkIf cfg.enable {
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/${cfg.rootUuid}";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/${cfg.bootUuid}";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/${cfg.swapUuid}"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [ cfg.ipv6Address ];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
};
}