mara/nixos-configs
mara/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: mara:b1adbd1033c45ebca8a9d83f4b0856f1ef834ae2
Branches Tags
mara:main
..
compare: mara:5188d951ef09aede3706331114adeb55f7fead31
Branches Tags
mara:main

No commits in common. "b1adbd1033c45ebca8a9d83f4b0856f1ef834ae2" and "5188d951ef09aede3706331114adeb55f7fead31" have entirely different histories.
b1adbd1033 ... 5188d951ef

17 changed files with 154 additions and 364 deletions
Download patch file Download diff file Expand all files Collapse all files

3
devices.nix
View file

@ -38,9 +38,6 @@ in
hetzner-vpn2 = {
system = "aarch64-linux";
};
hyperforge = {
system = "aarch64-linux";
};
muede-lpt2 = {
system = "x86_64-linux";
isDesktop = true;

203
flake.lock generated
View file

@ -161,7 +161,6 @@
"fenix": {
"inputs": {
"nixpkgs": [
"hyperhive",
"naersk",
"nixpkgs"
],
@ -181,28 +180,6 @@
"type": "github"
}
},
"fenix_2": {
"inputs": {
"nixpkgs": [
"naersk",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
"lastModified": 1752475459,
"narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=",
"owner": "nix-community",
"repo": "fenix",
"rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@ -255,11 +232,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
@ -353,11 +330,11 @@
]
},
"locked": {
"lastModified": 1778905220,
"narHash": "sha256-ox/5IHc8uwy6UTw6N7Shp6uCHIgu/S2PsWeuXsOHSo8=",
"lastModified": 1775425411,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d1686dc7d36cbd1234cb226ad6ef97e882716acb",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github"
},
"original": {
@ -367,31 +344,6 @@
"type": "github"
}
},
"hyperhive": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": [
"nixpkgs-unstable"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1779389374,
"narHash": "sha256-u/ygppXPZc3VshRDhU9MY3Zc2pJn9QlWvmZiEEefJvA=",
"ref": "refs/heads/main",
"rev": "0884a5496015472afad97972a7c12fc1cd06a59e",
"revCount": 547,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/hyperhive.git"
},
"original": {
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/hyperhive.git"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
@ -422,37 +374,15 @@
"inputs": {
"fenix": "fenix",
"nixpkgs": [
"hyperhive",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778151388,
"narHash": "sha256-lldMJPUeouEjO8/7aLuwhcsIw29vVihm2ZALzjiqfec=",
"lastModified": 1777031541,
"narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=",
"owner": "nix-community",
"repo": "naersk",
"rev": "efdddff9ff4d8e7d0056d57ec67dac50f75ab8f6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": {
"fenix": "fenix_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1778151388,
"narHash": "sha256-lldMJPUeouEjO8/7aLuwhcsIw29vVihm2ZALzjiqfec=",
"owner": "nix-community",
"repo": "naersk",
"rev": "efdddff9ff4d8e7d0056d57ec67dac50f75ab8f6",
"rev": "5e73301621274c44798bf6c6211ed27fc2ced201",
"type": "github"
},
"original": {
@ -475,11 +405,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1778942403,
"narHash": "sha256-SPCWvqeVySTNUgX/shARpRl5fi/NnkObUgDGR/Aco4c=",
"lastModified": 1777472199,
"narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "daefca3370581223fedc24d0101c4915a3689f9e",
"rev": "323a80f2ce4541c595d491acbd15a8800201cbae",
"type": "github"
},
"original": {
@ -508,11 +438,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1778858756,
"narHash": "sha256-9VvAHNoi2wd0fxLfJOPChZMS7l6rhCtAJmpd59Hv5rw=",
"lastModified": 1777468255,
"narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "cd5ac3e5e04bb5a11276d3c755fa25242818e05f",
"rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d",
"type": "github"
},
"original": {
@ -543,11 +473,11 @@
]
},
"locked": {
"lastModified": 1778990260,
"narHash": "sha256-IE5biNRhbQdrziKZbbS47ELDyv38mI4hdFf9zMq6meU=",
"lastModified": 1777434090,
"narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "357e5e238302b5908f033b828c5f1d8b3d73b4e0",
"rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b",
"type": "github"
},
"original": {
@ -626,11 +556,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1779023229,
"narHash": "sha256-MInilg7B/06c34SwOuGSBho4l0H1EZcmvxTkSWCs5pE=",
"lastModified": 1775857096,
"narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "06c6e3513e1ee64b651913193fc6ac38aa4963f5",
"rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba",
"type": "github"
},
"original": {
@ -642,11 +572,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1778737229,
"narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
"lastModified": 1775595990,
"narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
"rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2",
"type": "github"
},
"original": {
@ -658,11 +588,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"type": "github"
},
"original": {
@ -673,11 +603,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1778869304,
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
"lastModified": 1777270315,
"narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
"rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
"type": "github"
},
"original": {
@ -689,11 +619,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1778737229,
"narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"type": "github"
},
"original": {
@ -726,14 +656,14 @@
"nixpkgs-unstable"
],
"quickshell": "quickshell",
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1778182618,
"narHash": "sha256-1KzLskWhgJZu0jL03UZZtmHBgk11HMhLFvO9mCWnCao=",
"lastModified": 1778180483,
"narHash": "sha256-35cMiZn5DAnYFpKFdWg5dxW7hLO3/ey743ED6yV3pL8=",
"ref": "refs/heads/main",
"rev": "628ae67b7def027553c287cfd71f840570469bce",
"revCount": 627,
"rev": "dfa3840d97186fef3480b49f289acd3ae707ee27",
"revCount": 626,
"type": "git",
"url": "https://git.berlin.ccc.de/vinzenz/nova-shell"
},
@ -752,11 +682,11 @@
]
},
"locked": {
"lastModified": 1779047312,
"narHash": "sha256-Q4CSXZehRX3CKnXXaHc2nCMjK9lgZR2Leu5DTwe1Vnw=",
"lastModified": 1777499139,
"narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "8070eab81003118a0d3cde9c316aca3b2c21533e",
"rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc",
"type": "github"
},
"original": {
@ -816,9 +746,8 @@
"inputs": {
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"hyperhive": "hyperhive",
"lanzaboote": "lanzaboote",
"naersk": "naersk_2",
"naersk": "naersk",
"niri": "niri",
"nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions",
@ -832,7 +761,7 @@
"servicepoint-simulator": "servicepoint-simulator",
"servicepoint-tanks": "servicepoint-tanks",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix_3",
"treefmt-nix": "treefmt-nix_2",
"zerforschen-plus": "zerforschen-plus"
}
},
@ -853,23 +782,6 @@
"type": "github"
}
},
"rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1752428706,
"narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "591e3b7624be97e4443ea7b5542c191311aa141d",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
@ -991,11 +903,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1778680496,
"narHash": "sha256-tUq1WASV0dHLv3j18log8V6Esq0NYkXuzNH2EHsstcg=",
"lastModified": 1776894428,
"narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=",
"owner": "nix-community",
"repo": "stylix",
"rev": "fc5bec2e44678eeaa221d566d447a0257a884737",
"rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d",
"type": "github"
},
"original": {
@ -1102,27 +1014,6 @@
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"hyperhive",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nova-shell",
@ -1143,7 +1034,7 @@
"type": "github"
}
},
"treefmt-nix_3": {
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"

7
flake.nix
View file

@ -13,13 +13,6 @@
url = "github:hercules-ci/flake-parts";
#inputs.nixpkgs.follows = "nixpkgs";
};
hyperhive = {
url = "git+https://git.berlin.ccc.de/vinzenz/hyperhive.git";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-unstable.follows = "nixpkgs-unstable";
};
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3";
inputs.nixpkgs.follows = "nixpkgs";

3
homeConfigurations/muede/default.nix
View file

@ -74,11 +74,10 @@
arduino-cli
arduino-ide
btop
unstable.claude-code
claude-code
dconf2nix
foliate
fractal
file
geary
gnome-terminal
gparted

1
nixosConfigurations/damocles/claude-container.nix
View file

@ -19,7 +19,6 @@
gnugrep
curl
bintools
file
];
boot.isContainer = true;

3
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -10,6 +10,9 @@
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"

54
nixosConfigurations/forgejo-runner-1/hardware.nix
View file

@ -3,12 +3,56 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
my.hetznerVm = {
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/47bc77ff-12e1-4d39-bb5c-fb100ccd3aab";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/05F2-8F9A";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
rootUuid = "47bc77ff-12e1-4d39-bb5c-fb100ccd3aab";
bootUuid = "05F2-8F9A";
swapUuid = "bbd18a70-b0bb-4e1a-b45b-3c1f8ecc0c10";
ipv6Address = "2a01:4f8:c013:a524::1/64";
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [
"2a01:4f8:c013:a524::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
};
}

4
nixosConfigurations/hetzner-vpn2/default.nix
View file

@ -8,11 +8,15 @@
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
services.tailscale.useRoutingFeatures = "both";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
];
system.autoUpgrade.allowReboot = true;
};
}

54
nixosConfigurations/hetzner-vpn2/hardware.nix
View file

@ -3,12 +3,56 @@
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
my.hetznerVm = {
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3263489d-9819-433c-b198-9d2e732a94e4";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/6C25-6BDC";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e147721d-86b5-40d7-a231-c6ea391c563d"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
rootUuid = "3263489d-9819-433c-b198-9d2e732a94e4";
bootUuid = "6C25-6BDC";
swapUuid = "e147721d-86b5-40d7-a231-c6ea391c563d";
ipv6Address = "2a01:4f8:c013:65dd::1/64";
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [
"2a01:4f8:c013:65dd::1/64"
];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
};
}

18
nixosConfigurations/hyperforge/default.nix
View file

@ -1,18 +0,0 @@
{
imports = [
./hardware.nix
./forgejo.nix
./nginx.nix
];
config = {
# uncomment for build check on non arm system (requires --impure)
# nixpkgs.buildPlatform = builtins.currentSystem;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY pixel-JuiceSSH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv pc2 home roaming"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC lpt2-roaming"
];
};
}

24
nixosConfigurations/hyperforge/forgejo.nix
View file

@ -1,24 +0,0 @@
{ config, lib, ... }:
let
srv = config.services.forgejo.settings.server;
in
{
services.forgejo = {
enable = true;
database.type = "sqlite3";
lfs.enable = true;
settings = {
server = {
DOMAIN = "forge.darkest.space";
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
SSH_PORT = lib.head config.services.openssh.ports;
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
services.openssh.enable = true;
}

14
nixosConfigurations/hyperforge/hardware.nix
View file

@ -1,14 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
config = {
my.hetznerVm = {
enable = true;
rootUuid = "73dfcfd2-3a61-4b05-8440-d57072b89eda";
bootUuid = "E9C2-D85B";
swapUuid = "737140f2-c2fd-4af9-9974-f05642f8d90e";
ipv6Address = "2a01:4f8:c013:cbdd::1/64";
};
};
}

32
nixosConfigurations/hyperforge/nginx.nix
View file

@ -1,32 +0,0 @@
{ config, ... }:
let
srv = config.services.forgejo.settings.server;
in
{
security.acme = {
acceptTerms = true;
defaults.email = "acme@darkest.space";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts.${srv.DOMAIN} = {
enableACME = true;
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}";
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

1
nixosConfigurations/muede-lpt2/default.nix
View file

@ -3,7 +3,6 @@
imports = [
./containers.nix
./hardware.nix
./hyperhive.nix
];
config = {

9
nixosConfigurations/muede-lpt2/hyperhive.nix
View file

@ -1,9 +0,0 @@
{ hyperhive, ... }:
{
imports = [
hyperhive.nixosModules.hive-c0re
hyperhive.nixosModules.hive-forge
];
config.services.hive-c0re.enable = true;
}

2
nixosModules/distributed-builds.nix
View file

@ -82,7 +82,7 @@ in
}) (lib.filterAttrs (_: v: (v.distributedBuilds or { }) ? storeSigningPublicKey) allDevices);
nix.settings = {
fallback = true;
#fallback = true;
connect-timeout = 5;
trusted-public-keys = lib.pipe buildServerDevices [
(lib.mapAttrsToList (_: v: v.distributedBuilds.storeSigningPublicKey or null))

86
nixosModules/hetzner-vm.nix
View file

@ -1,86 +0,0 @@
{
lib,
config,
...
}:
let
cfg = config.my.hetznerVm;
in
{
options.my.hetznerVm = {
enable = lib.mkEnableOption "Hetzner Cloud aarch64 qemu-guest defaults";
rootUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the root ext4 filesystem.";
};
bootUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the FAT /boot partition.";
};
swapUuid = lib.mkOption {
type = lib.types.str;
description = "UUID of the swap device.";
};
ipv6Address = lib.mkOption {
type = lib.types.str;
description = "Static IPv6 address (with /prefix) assigned to enp1s0.";
example = "2a01:4f8:c013:cbdd::1/64";
};
};
config = lib.mkIf cfg.enable {
boot = {
tmp.cleanOnBoot = true;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
"virtio_gpu"
];
kernelModules = [ ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/${cfg.rootUuid}";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/${cfg.bootUuid}";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/${cfg.swapUuid}"; }
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [ cfg.ipv6Address ];
routes = [
{ Gateway = "fe80::1"; }
];
};
};
services.tailscale.useRoutingFeatures = "both";
system.autoUpgrade.allowReboot = true;
};
}