From 0d3c5c559ff073d8490f1ae2b264268275c44fcc Mon Sep 17 00:00:00 2001 From: Doloro1978 Date: Sun, 8 Feb 2026 00:01:25 +0000 Subject: [PATCH] add(server) --- .../{laptop => doloro-laptop}/disko.nix | 0 .../{laptop => doloro-laptop}/home.nix | 0 .../{laptop => doloro-laptop}/host.nix | 0 config/hosts/aspects/servers/rpi5.nix | 41 ++++ config/hosts/{root.nix => computers.nix} | 0 config/hosts/servers.nix | 11 + config/modules/raspberry-pi.nix | 38 ++++ config/modules/services/traefik.nix | 51 +++++ config/modules/user/servers/root.nix | 16 ++ flake.lock | 197 ++++++++++++++++++ flake.nix | 1 + 11 files changed, 355 insertions(+) rename config/hosts/aspects/{laptop => doloro-laptop}/disko.nix (100%) rename config/hosts/aspects/{laptop => doloro-laptop}/home.nix (100%) rename config/hosts/aspects/{laptop => doloro-laptop}/host.nix (100%) create mode 100644 config/hosts/aspects/servers/rpi5.nix rename config/hosts/{root.nix => computers.nix} (100%) create mode 100644 config/hosts/servers.nix create mode 100644 config/modules/raspberry-pi.nix create mode 100644 config/modules/services/traefik.nix create mode 100644 config/modules/user/servers/root.nix diff --git a/config/hosts/aspects/laptop/disko.nix b/config/hosts/aspects/doloro-laptop/disko.nix similarity index 100% rename from config/hosts/aspects/laptop/disko.nix rename to config/hosts/aspects/doloro-laptop/disko.nix diff --git a/config/hosts/aspects/laptop/home.nix b/config/hosts/aspects/doloro-laptop/home.nix similarity index 100% rename from config/hosts/aspects/laptop/home.nix rename to config/hosts/aspects/doloro-laptop/home.nix diff --git a/config/hosts/aspects/laptop/host.nix b/config/hosts/aspects/doloro-laptop/host.nix similarity index 100% rename from config/hosts/aspects/laptop/host.nix rename to config/hosts/aspects/doloro-laptop/host.nix diff --git a/config/hosts/aspects/servers/rpi5.nix b/config/hosts/aspects/servers/rpi5.nix new file mode 100644 index 0000000..2b01680 --- /dev/null +++ b/config/hosts/aspects/servers/rpi5.nix @@ -0,0 +1,41 @@ +{ + den, + __findFile, + modules, + ... +}: +{ + den.aspects.rpi5 = { + includes = [ + modules.raspberry-pi + modules.services.traefik + ]; + nixos = { + users.users.doloro = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key + ]; + initialPassword = "meowmeowmeow"; + }; + networking.hostName = "nixos-001-rp5"; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 443 + 8080 + ]; + allowedUDPPortRanges = [ ]; + }; + + virtualisation.oci-containers.backend = "docker"; + + services.openssh.enable = true; + nixpkgs.hostPlatform = "aarch64-linux"; + }; + }; +} diff --git a/config/hosts/root.nix b/config/hosts/computers.nix similarity index 100% rename from config/hosts/root.nix rename to config/hosts/computers.nix diff --git a/config/hosts/servers.nix b/config/hosts/servers.nix new file mode 100644 index 0000000..23b2c0d --- /dev/null +++ b/config/hosts/servers.nix @@ -0,0 +1,11 @@ +{ den, __findFile, ... }: +{ + # The single rpi5 i have running on the side of my desk + den.hosts.aarch64-linux.rpi5 = { + users.doloro = { + includes = [ ]; + aspect = "doloro-server"; + }; + }; + +} diff --git a/config/modules/raspberry-pi.nix b/config/modules/raspberry-pi.nix new file mode 100644 index 0000000..ad99a0c --- /dev/null +++ b/config/modules/raspberry-pi.nix @@ -0,0 +1,38 @@ +{ + den, + __findFile, + modules, + inputs, + ... +}: +{ + flake-file.inputs = { + raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; + }; + modules.raspberry-pi = { + # TODO, make this take an attr set which describes which rpi it is + nixos = + { pkgs, ... }: + let + rpi-pi = inputs.raspberry-pi-nix; + in + { + imports = [ + rpi-pi.nixosModules.raspberry-pi + rpi-pi.nixosModules.sd-image + ]; + + environment.systemPackages = with pkgs; [ + libraspberrypi + ]; + + sdImage.compressImage = false; + raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit + # We need to rebuild kernel for 6.12 + # raspberry-pi-nix.kernel-version = "v6_12_17"; + raspberry-pi-nix.uboot.enable = false; + + hardware.enableRedistributableFirmware = true; + }; + }; +} diff --git a/config/modules/services/traefik.nix b/config/modules/services/traefik.nix new file mode 100644 index 0000000..ff27d98 --- /dev/null +++ b/config/modules/services/traefik.nix @@ -0,0 +1,51 @@ +{ + den, + __findFile, + modules, + ... +}: +{ + # Basic traefik + modules.services.traefik = { + services.traefik = { + nixos = + { config, ... }: + { + enable = true; + + staticConfigOptions = { + entryPoints = { + web = { + address = ":80"; + http.redirections.entrypoint = { + to = "websecure"; + scheme = "https"; + }; + asDefault = true; + }; + websecure = { + address = ":443"; + asDefault = true; + http.tls.certResolver = "letsencrypt"; + }; + traefik = { + address = ":8080"; + }; + }; + certificatesResolvers.letsencrypt.acme = { + email = "doloroo@proton.me"; + storage = "${config.services.traefik.dataDir}/acme.json"; + httpChallenge.entryPoint = "web"; + }; + providers = { + docker = { + endpoint = "unix:///var/run/docker.sock"; + }; + }; + api.dashboard = true; + api.insecure = true; + }; + }; + }; + }; +} diff --git a/config/modules/user/servers/root.nix b/config/modules/user/servers/root.nix new file mode 100644 index 0000000..a840852 --- /dev/null +++ b/config/modules/user/servers/root.nix @@ -0,0 +1,16 @@ +{ modules, ... }: +{ + # Applys public keys and various root account config + modules.servers.rootAcc = + { config, user, ... }: + { + nixos = { + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key + ]; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index a734203..2770a66 100644 --- a/flake.lock +++ b/flake.lock @@ -529,6 +529,40 @@ "type": "github" } }, + "libcamera-src": { + "flake": false, + "locked": { + "lastModified": 1725630279, + "narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=", + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "repo": "libcamera", + "rev": "69a894c4adad524d3063dd027f5c4774485cf9db", + "type": "github" + } + }, + "libpisp-src": { + "flake": false, + "locked": { + "lastModified": 1724944683, + "narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=", + "owner": "raspberrypi", + "repo": "libpisp", + "rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.0.7", + "repo": "libpisp", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1769330179, @@ -577,6 +611,22 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1736061677, + "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts_2", @@ -622,6 +672,33 @@ "type": "github" } }, + "raspberry-pi-nix": { + "inputs": { + "libcamera-src": "libcamera-src", + "libpisp-src": "libpisp-src", + "nixpkgs": "nixpkgs_4", + "rpi-bluez-firmware-src": "rpi-bluez-firmware-src", + "rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src", + "rpi-firmware-src": "rpi-firmware-src", + "rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src", + "rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src", + "rpi-linux-stable-src": "rpi-linux-stable-src", + "rpicam-apps-src": "rpicam-apps-src" + }, + "locked": { + "lastModified": 1742223591, + "narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=", + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "rev": "3e8100d5e976a6a2be363015cb33463af9ef441a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "raspberry-pi-nix", + "type": "github" + } + }, "root": { "inputs": { "den": "den", @@ -637,10 +714,130 @@ "nixpkgs" ], "nixvim": "nixvim", + "raspberry-pi-nix": "raspberry-pi-nix", "sops-nix": "sops-nix", "systems": "systems_3" } }, + "rpi-bluez-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1708969706, + "narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=", + "owner": "RPi-Distro", + "repo": "bluez-firmware", + "rev": "78d6a07730e2d20c035899521ab67726dc028e1c", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "bluez-firmware", + "type": "github" + } + }, + "rpi-firmware-nonfree-src": { + "flake": false, + "locked": { + "lastModified": 1723266537, + "narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=", + "owner": "RPi-Distro", + "repo": "firmware-nonfree", + "rev": "4b356e134e8333d073bd3802d767a825adec3807", + "type": "github" + }, + "original": { + "owner": "RPi-Distro", + "ref": "bookworm", + "repo": "firmware-nonfree", + "type": "github" + } + }, + "rpi-firmware-src": { + "flake": false, + "locked": { + "lastModified": 1728405098, + "narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=", + "owner": "raspberrypi", + "repo": "firmware", + "rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "1.20241008", + "repo": "firmware", + "type": "github" + } + }, + "rpi-linux-6_12_17-src": { + "flake": false, + "locked": { + "lastModified": 1740765145, + "narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.12.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-6_6_78-src": { + "flake": false, + "locked": { + "lastModified": 1740503700, + "narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "2e071057fded90e789c0101498e45a1778be93fe", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "rpi-6.6.y", + "repo": "linux", + "type": "github" + } + }, + "rpi-linux-stable-src": { + "flake": false, + "locked": { + "lastModified": 1728403745, + "narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=", + "owner": "raspberrypi", + "repo": "linux", + "rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "stable_20241008", + "repo": "linux", + "type": "github" + } + }, + "rpicam-apps-src": { + "flake": false, + "locked": { + "lastModified": 1727515047, + "narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=", + "owner": "raspberrypi", + "repo": "rpicam-apps", + "rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031", + "type": "github" + }, + "original": { + "owner": "raspberrypi", + "ref": "v1.5.2", + "repo": "rpicam-apps", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 874a907..772805d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/nixvim"; }; + raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; sops-nix = { inputs.nixpkgs.follows = "nixpkgs"; url = "github:Mic92/sops-nix";