doloro/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add(server)

Browse Source
This commit is contained in:
Doloro1978
2026-02-08 00:01:25 +00:00
parent 3c57067a6f
commit 0d3c5c559f
11 changed files with 355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
config/hosts/aspects/laptop/disko.nix → config/hosts/aspects/doloro-laptop/disko.nix
View File

0
config/hosts/aspects/laptop/home.nix → config/hosts/aspects/doloro-laptop/home.nix
View File

0
config/hosts/aspects/laptop/host.nix → config/hosts/aspects/doloro-laptop/host.nix
View File

41
config/hosts/aspects/servers/rpi5.nix Normal file
View File

@@ -0,0 +1,41 @@
{
den,
__findFile,
modules,
...
}:
{
den.aspects.rpi5 = {
includes = [
modules.raspberry-pi
modules.services.traefik
];
nixos = {
users.users.doloro = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key
];
initialPassword = "meowmeowmeow";
};
networking.hostName = "nixos-001-rp5";
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
8080
];
allowedUDPPortRanges = [ ];
};
virtualisation.oci-containers.backend = "docker";
services.openssh.enable = true;
nixpkgs.hostPlatform = "aarch64-linux";
};
};
}

0
config/hosts/root.nix → config/hosts/computers.nix
View File

11
config/hosts/servers.nix Normal file
View File

@@ -0,0 +1,11 @@
{ den, __findFile, ... }:
{
# The single rpi5 i have running on the side of my desk
den.hosts.aarch64-linux.rpi5 = {
users.doloro = {
includes = [ <modules/user/groups> ];
aspect = "doloro-server";
};
};
}

38
config/modules/raspberry-pi.nix Normal file
View File

@@ -0,0 +1,38 @@
{
den,
__findFile,
modules,
inputs,
...
}:
{
flake-file.inputs = {
raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
};
modules.raspberry-pi = {
# TODO, make this take an attr set which describes which rpi it is
nixos =
{ pkgs, ... }:
let
rpi-pi = inputs.raspberry-pi-nix;
in
{
imports = [
rpi-pi.nixosModules.raspberry-pi
rpi-pi.nixosModules.sd-image
];
environment.systemPackages = with pkgs; [
libraspberrypi
];
sdImage.compressImage = false;
raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit
# We need to rebuild kernel for 6.12
# raspberry-pi-nix.kernel-version = "v6_12_17";
raspberry-pi-nix.uboot.enable = false;
hardware.enableRedistributableFirmware = true;
};
};
}

51
config/modules/services/traefik.nix Normal file
View File

@@ -0,0 +1,51 @@
{
den,
__findFile,
modules,
...
}:
{
# Basic traefik
modules.services.traefik = {
services.traefik = {
nixos =
{ config, ... }:
{
enable = true;
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
asDefault = true;
};
websecure = {
address = ":443";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
traefik = {
address = ":8080";
};
};
certificatesResolvers.letsencrypt.acme = {
email = "doloroo@proton.me";
storage = "${config.services.traefik.dataDir}/acme.json";
httpChallenge.entryPoint = "web";
};
providers = {
docker = {
endpoint = "unix:///var/run/docker.sock";
};
};
api.dashboard = true;
api.insecure = true;
};
};
};
};
}

16
config/modules/user/servers/root.nix Normal file
View File

@@ -0,0 +1,16 @@
{ modules, ... }:
{
# Applys public keys and various root account config
modules.servers.rootAcc =
{ config, user, ... }:
{
nixos = {
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key
];
};
};
};
}

197
flake.lock generated
View File

@@ -529,6 +529,40 @@
"type": "github" "type": "github"
} }
}, },
"libcamera-src": {
"flake": false,
"locked": {
"lastModified": 1725630279,
"narHash": "sha256-KH30jmHfxXq4j2CL7kv18DYECJRp9ECuWNPnqPZajPA=",
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"repo": "libcamera",
"rev": "69a894c4adad524d3063dd027f5c4774485cf9db",
"type": "github"
}
},
"libpisp-src": {
"flake": false,
"locked": {
"lastModified": 1724944683,
"narHash": "sha256-Fo2UJmQHS855YSSKKmGrsQnJzXog1cdpkIOO72yYAM4=",
"owner": "raspberrypi",
"repo": "libpisp",
"rev": "28196ed6edcfeda88d23cc5f213d51aa6fa17bb3",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.0.7",
"repo": "libpisp",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769330179, "lastModified": 1769330179,
@@ -577,6 +611,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1736061677,
"narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
@@ -622,6 +672,33 @@
"type": "github" "type": "github"
} }
}, },
"raspberry-pi-nix": {
"inputs": {
"libcamera-src": "libcamera-src",
"libpisp-src": "libpisp-src",
"nixpkgs": "nixpkgs_4",
"rpi-bluez-firmware-src": "rpi-bluez-firmware-src",
"rpi-firmware-nonfree-src": "rpi-firmware-nonfree-src",
"rpi-firmware-src": "rpi-firmware-src",
"rpi-linux-6_12_17-src": "rpi-linux-6_12_17-src",
"rpi-linux-6_6_78-src": "rpi-linux-6_6_78-src",
"rpi-linux-stable-src": "rpi-linux-stable-src",
"rpicam-apps-src": "rpicam-apps-src"
},
"locked": {
"lastModified": 1742223591,
"narHash": "sha256-ZNTz8r5jlJ1jvpqf5+aUYgpnYJSVX0iP14doOc1Hm0E=",
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"rev": "3e8100d5e976a6a2be363015cb33463af9ef441a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "raspberry-pi-nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"den": "den", "den": "den",
@@ -637,10 +714,130 @@
"nixpkgs" "nixpkgs"
], ],
"nixvim": "nixvim", "nixvim": "nixvim",
"raspberry-pi-nix": "raspberry-pi-nix",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems_3" "systems": "systems_3"
} }
}, },
"rpi-bluez-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1708969706,
"narHash": "sha256-KakKnOBeWxh0exu44beZ7cbr5ni4RA9vkWYb9sGMb8Q=",
"owner": "RPi-Distro",
"repo": "bluez-firmware",
"rev": "78d6a07730e2d20c035899521ab67726dc028e1c",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "bluez-firmware",
"type": "github"
}
},
"rpi-firmware-nonfree-src": {
"flake": false,
"locked": {
"lastModified": 1723266537,
"narHash": "sha256-T7eTKXqY9cxEMdab8Snda4CEOrEihy5uOhA6Fy+Mhnw=",
"owner": "RPi-Distro",
"repo": "firmware-nonfree",
"rev": "4b356e134e8333d073bd3802d767a825adec3807",
"type": "github"
},
"original": {
"owner": "RPi-Distro",
"ref": "bookworm",
"repo": "firmware-nonfree",
"type": "github"
}
},
"rpi-firmware-src": {
"flake": false,
"locked": {
"lastModified": 1728405098,
"narHash": "sha256-4gnK0KbqFnjBmWia9Jt2gveVWftmHrprpwBqYVqE/k0=",
"owner": "raspberrypi",
"repo": "firmware",
"rev": "7bbb5f80d20a2335066a8781459c9f33e5eebc64",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "1.20241008",
"repo": "firmware",
"type": "github"
}
},
"rpi-linux-6_12_17-src": {
"flake": false,
"locked": {
"lastModified": 1740765145,
"narHash": "sha256-hoCsGc4+RC/2LmxDtswLBL5ZhWlw4vSiL4Vkl39r2MU=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5985ce32e511f4e8279a841a1b06a8c7d972b386",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.12.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-6_6_78-src": {
"flake": false,
"locked": {
"lastModified": 1740503700,
"narHash": "sha256-Y8+ot4Yi3UKwlZK3ap15rZZ16VZDvmeFkD46+6Ku7bE=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "2e071057fded90e789c0101498e45a1778be93fe",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "rpi-6.6.y",
"repo": "linux",
"type": "github"
}
},
"rpi-linux-stable-src": {
"flake": false,
"locked": {
"lastModified": 1728403745,
"narHash": "sha256-phCxkuO+jUGZkfzSrBq6yErQeO2Td+inIGHxctXbD5U=",
"owner": "raspberrypi",
"repo": "linux",
"rev": "5aeecea9f4a45248bcf564dec924965e066a7bfd",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "stable_20241008",
"repo": "linux",
"type": "github"
}
},
"rpicam-apps-src": {
"flake": false,
"locked": {
"lastModified": 1727515047,
"narHash": "sha256-qCYGrcibOeGztxf+sd44lD6VAOGoUNwRqZDdAmcTa/U=",
"owner": "raspberrypi",
"repo": "rpicam-apps",
"rev": "a8ccf9f3cd9df49875dfb834a2b490d41d226031",
"type": "github"
},
"original": {
"owner": "raspberrypi",
"ref": "v1.5.2",
"repo": "rpicam-apps",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

1
flake.nix
View File

@@ -24,6 +24,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
}; };
raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix";
sops-nix = { sops-nix = {
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";