production client

This commit is contained in:
m3tam3re 2023-02-28 15:26:31 +01:00
parent 8c8587e59a
commit 8a48849432
9 changed files with 263 additions and 0 deletions

View File

@ -36,6 +36,17 @@
}) })
]; ];
}; };
lkk-prod-1 = lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
allowUnfree
./hosts/lkk-prod-1
agenix.nixosModules.default
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
};
}; };
homeConfigurations = { homeConfigurations = {
# Laptop # Laptop
@ -61,6 +72,15 @@
self.nixosConfigurations.lkk-nix-1; self.nixosConfigurations.lkk-nix-1;
}; };
}; };
deploy.nodes.lkk-prod-1 = {
hostname = "lkk-prod-1";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.lkk-prod-1;
};
};
deploy.remoteBuild = true; deploy.remoteBuild = true;
}; };
} }

View File

@ -0,0 +1,14 @@
{ pkgs, lib, outputs, ... }:
{
imports = [
#
];
home.packages = with pkgs; [
alacritty
brave
libreoffice
nextcloud-client
];
}

View File

@ -0,0 +1,15 @@
{ config, pkgs, ... }: {
imports = [
./base
../../features/cli
../../features/desktop/plasma.nix ];
features = {
cli = {
fish.enable = true;
starship.enable = true;
};
};
home.stateVersion = "22.11";
}

View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
let
in {
programs = {
home-manager.enable = true;
git.enable = true;
};
home = {
username = lib.mkDefault "produktion";
homeDirectory = lib.mkDefault "/home/${config.home.username}";
};
}

View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }: {
imports = [
./base
../../features/cli
../../features/desktop/plasma.nix
];
features = {
cli = {
fish.enable = true;
starship.enable = true;
};
};
home.stateVersion = "22.11";
}

View File

@ -0,0 +1,14 @@
{ config, pkgs, lib, outputs, ... }: {
users.users.produktion = {
isNormalUser = true;
description = "Produktion";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
];
packages = [ pkgs.home-manager ];
};
nixpkgs.config.allowUnfree = true;
home-manager.users.produktion = import produktion/${config.networking.hostName}.nix;
}

View File

@ -0,0 +1 @@
../../../../home/users/produktion

View File

@ -0,0 +1,135 @@
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../common/users/produktion
../common/base
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.useOSProber = true;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking = {
hostName = "lkk-prod-1";
networkmanager.enable = true;
firewall.enable = true;
};
services.openssh = {
enable = true;
permitRootLogin = "yes";
};
services.avahi = {
enable = true;
nssmdns = true;
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "de";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "de";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs;
[
neovim
];
nix = {
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
};
system.stateVersion = "22.11"; # Did you read the comment?
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
}

View File

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/72016102-ac1b-462f-97c5-8575f91780d8";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/0d57f573-b278-48d2-ad44-5a1cf28bcd2b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}