Initial Commit

This commit is contained in:
Julius 2022-05-19 15:03:13 +02:00
commit fc530f450f
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
8 changed files with 299 additions and 0 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result*

42
common/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, ... }:
{
imports = [ ./users ];
security.sudo.wheelNeedsPassword = false;
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
# Clean /tmp on boot.
boot.cleanTmpDir = true;
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.fish.enable = true;
# Optimize nix store by hardlinking identitical files.
nix = {
package = pkgs.nixUnstable;
autoOptimiseStore = true;
binaryCaches = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
];
trustedUsers = [ "root" "jdejeu" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
}

11
common/lxc.nix Normal file
View file

@ -0,0 +1,11 @@
{ modulesPath, ... }: {
imports = [ "${toString modulesPath}/virtualisation/lxc-container.nix" ];
services.sshd.enable = true;
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
boot.isContainer = true;
}

32
common/users/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [ git curl ];
programs.neovim.enable = true;
programs.neovim.viAlias = true;
programs.fish.shellInit = "set -U fish_greeting";
users.defaultUserShell = pkgs.fish;
users.extraUsers.jdejeu = {
isNormalUser = true;
home = "/home/jdejeu";
description = "Julius";
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJBY9eQlR/JRnjVC2wKWQ+o02wDlGUlSgN/4e3i6ans PC"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrSvbUoRc7K47cD6TIZUdVjExuNpv6JUzjvUwRtRVj9 Laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATd0L/QJQOk9BR/H+TEo1X1t/ZxtxANNXXiTYf5+RbD jdejeu@archlife"
];
};
# Configure the root account
users.extraUsers.root = {
# Allow my SSH keys for logging in as root.
openssh.authorizedKeys.keys =
config.users.users.jdejeu.openssh.authorizedKeys.keys;
# Also use zsh for root
shell = pkgs.fish;
};
}

135
flake.lock Normal file
View file

@ -0,0 +1,135 @@
{
"nodes": {
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable",
"utils": "utils"
},
"locked": {
"lastModified": 1652494498,
"narHash": "sha256-KA1PQ8UW9LWKKQjjxGgyLNLkivUg9g4UZtTLIAueoiM=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "ea4f2ba6dcc8ae1796528f94e878722fdf6afcf1",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1652457860,
"narHash": "sha256-fZZRON0geucxAFCEamzuZ5z4oj7xJj+6C9HWm1JY2n0=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "11f97f971383d036159edd9221f1b3a60ed78c4f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1652559422,
"narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"colmena": "colmena",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs"
}
},
"stable": {
"locked": {
"lastModified": 1650830814,
"narHash": "sha256-P7vGsHdS19eHVUJt4BeQA4JfauL2nOpEcnYKIbX76YM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c254b8c915ac912ae9ee9dc74eac555ccbf33795",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

63
flake.nix Normal file
View file

@ -0,0 +1,63 @@
{
description = "A very basic flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, colmena, nixos-generators, ... }:
let pkgs = nixpkgs.legacyPackages.x86_64-linux;
in {
packages.x86_64-linux.hello = pkgs.hello;
packages.x86_64-linux.default = colmena.packages.x86_64-linux.colmena;
packages.x86_64-linux.register = let
lxc = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base.nix ];
format = "lxc";
};
metadata = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base.nix ];
format = "lxc-metadata";
};
in with import nixpkgs { system = "x86_64-linux"; };
stdenv.mkDerivation {
name = "register-lxc-container";
buildInputs = [ ];
src = self;
buildPhase =
"mkdir -p $out; ln -s ${lxc} $out/lxc; ln -s ${metadata} $out/metadata";
installPhase = "ln -s $out/lxc/tarball/nixos-system-x86_64-linux.tar.xz $out/lxc.tar.xz; ln -s $out/metadata/tarball/nixos-system-x86_64-linux.tar.xz $out/metadata.tar.xz";
};
colmena = {
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
nginx = {
imports = [ ./machines/nginx.nix ];
deployment.targetHost = "10.21.150.250";
};
nginx2 = {
imports = [ ./machines/nginx.nix ];
deployment.targetHost = "10.21.150.95";
};
};
devShells.x86_64-linux.default = pkgs.mkShell {
buildInputs = [ colmena.packages.x86_64-linux.colmena ];
};
};
}

5
machines/base.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }: {
imports = [ ../common ../common/lxc.nix ];
networking.hostName = "base";
system.stateVersion = "21.11";
}

10
machines/nginx.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }: {
imports = [ ../common ../common/lxc.nix ];
networking.hostName = "nginx";
system.stateVersion = "21.11";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.enable = true;
services.nginx.package = pkgs.nginxMainline;
}