From 1b8077842277710e4b1dd655fda8dc3b82d137de Mon Sep 17 00:00:00 2001 From: Doloro1978 Date: Sun, 8 Feb 2026 23:23:18 +0000 Subject: [PATCH] some wip --- config/hosts/aspects/servers/rpi5.nix | 23 +++++++------- config/hosts/servers.nix | 19 ++++++++++-- config/modules/publickeys.nix | 18 +++++++++++ config/modules/raspberry-pi.nix | 43 ++++++++++++++------------- config/modules/services/traefik.nix | 12 ++++---- config/modules/user/servers/root.nix | 16 ---------- 6 files changed, 77 insertions(+), 54 deletions(-) create mode 100644 config/modules/publickeys.nix delete mode 100644 config/modules/user/servers/root.nix diff --git a/config/hosts/aspects/servers/rpi5.nix b/config/hosts/aspects/servers/rpi5.nix index 2b01680..196bad4 100644 --- a/config/hosts/aspects/servers/rpi5.nix +++ b/config/hosts/aspects/servers/rpi5.nix @@ -7,19 +7,21 @@ { den.aspects.rpi5 = { includes = [ - modules.raspberry-pi - modules.services.traefik + + ]; nixos = { - users.users.doloro = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key - ]; - initialPassword = "meowmeowmeow"; + users.users = { + doloro = { + isNormalUser = true; + extraGroups = [ + "wheel" + "docker" + ]; + initialPassword = "meowmeowmeow"; + }; }; + networking.hostName = "nixos-001-rp5"; networking.firewall = { @@ -32,6 +34,7 @@ allowedUDPPortRanges = [ ]; }; + virtualisation.docker.enable = true; virtualisation.oci-containers.backend = "docker"; services.openssh.enable = true; diff --git a/config/hosts/servers.nix b/config/hosts/servers.nix index 23b2c0d..d855c9e 100644 --- a/config/hosts/servers.nix +++ b/config/hosts/servers.nix @@ -1,11 +1,26 @@ -{ den, __findFile, ... }: +{ + den, + __findFile, + modules, + ... +}: { # The single rpi5 i have running on the side of my desk + den.aspects.doloro-server = { + includes = [ ]; + }; den.hosts.aarch64-linux.rpi5 = { + includes = [ ]; users.doloro = { - includes = [ ]; + includes = [ + + + ]; aspect = "doloro-server"; }; + users.root = { + includes = [ ]; + }; }; } diff --git a/config/modules/publickeys.nix b/config/modules/publickeys.nix new file mode 100644 index 0000000..fc4e1dc --- /dev/null +++ b/config/modules/publickeys.nix @@ -0,0 +1,18 @@ +{ modules, ... }: +{ + # Applys doloro's public keys to the users openssh + modules.publicKeys.provides = { + doloro = + { user, host, ... }: + { + nixos = { + users.users.${user.userName} = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key + ]; + }; + }; + }; + }; +} diff --git a/config/modules/raspberry-pi.nix b/config/modules/raspberry-pi.nix index ad99a0c..514eee1 100644 --- a/config/modules/raspberry-pi.nix +++ b/config/modules/raspberry-pi.nix @@ -10,29 +10,32 @@ raspberry-pi-nix.url = "github:nix-community/raspberry-pi-nix"; }; modules.raspberry-pi = { - # TODO, make this take an attr set which describes which rpi it is - nixos = - { pkgs, ... }: - let - rpi-pi = inputs.raspberry-pi-nix; - in - { - imports = [ - rpi-pi.nixosModules.raspberry-pi - rpi-pi.nixosModules.sd-image - ]; + provides = { + "5" = { + nixos = + { pkgs, ... }: + let + rpi-pi = inputs.raspberry-pi-nix; + in + { + imports = [ + rpi-pi.nixosModules.raspberry-pi + rpi-pi.nixosModules.sd-image + ]; - environment.systemPackages = with pkgs; [ - libraspberrypi - ]; + environment.systemPackages = with pkgs; [ + libraspberrypi + ]; - sdImage.compressImage = false; - raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit - # We need to rebuild kernel for 6.12 - # raspberry-pi-nix.kernel-version = "v6_12_17"; - raspberry-pi-nix.uboot.enable = false; + sdImage.compressImage = false; + raspberry-pi-nix.board = "bcm2712"; # Rpi 5 - 64bit + # We need to rebuild kernel for 6.12 + # raspberry-pi-nix.kernel-version = "v6_12_17"; + raspberry-pi-nix.uboot.enable = false; - hardware.enableRedistributableFirmware = true; + hardware.enableRedistributableFirmware = true; + }; }; + }; }; } diff --git a/config/modules/services/traefik.nix b/config/modules/services/traefik.nix index ff27d98..5729a7b 100644 --- a/config/modules/services/traefik.nix +++ b/config/modules/services/traefik.nix @@ -6,11 +6,11 @@ }: { # Basic traefik - modules.services.traefik = { - services.traefik = { - nixos = - { config, ... }: - { + modules.services.provides.traefik = { + nixos = + { config, ... }: + { + services.traefik = { enable = true; staticConfigOptions = { @@ -46,6 +46,6 @@ api.insecure = true; }; }; - }; + }; }; } diff --git a/config/modules/user/servers/root.nix b/config/modules/user/servers/root.nix deleted file mode 100644 index a840852..0000000 --- a/config/modules/user/servers/root.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ modules, ... }: -{ - # Applys public keys and various root account config - modules.servers.rootAcc = - { config, user, ... }: - { - nixos = { - users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/4h+WCBBW82puv8SMdUbkWymF4amEMuZitgFztB6oZ" # laptop pub key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" # pc pub key - ]; - }; - }; - }; -}