william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

trator terranix config functional; move disko configs to individual outputs; touching up trantor

Browse source
This commit is contained in:
William 2025-11-02 22:01:43 -03:00
parent 5899e42fa4
commit 716ed5cc53
19 changed files with 298 additions and 193 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,6 +2,7 @@
result
result-*
.direnv/
oci-trantor/
# Personal notes and temporary files
todo.md

75
disko/io.nix Normal file
View file

@ -0,0 +1,75 @@
{
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
}

61
disko/trantor.nix Normal file
View file

@ -0,0 +1,61 @@
{
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
root = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
];
};
};
};
};
};
};
};
}

12
diskoConfigurations.nix Normal file
View file

@ -0,0 +1,12 @@
{ inputs, ... }:
{
imports = [
inputs.disko.flakeModule
];
flake.diskoConfigurations = {
io.modules = [ ./disko/io.nix ];
trantor.modules = [ ./disko/trantor.nix ];
};
}

53
flake.lock generated
View file

@ -135,21 +135,18 @@
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1736864502,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
"lastModified": 1761899396,
"narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=",
"owner": "nix-community",
"repo": "disko",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
"rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.11.0",
"repo": "disko",
"type": "github"
}
@ -393,7 +390,7 @@
},
"niri": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -415,7 +412,7 @@
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
@ -506,7 +503,7 @@
"nix-options-doc": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay_2"
},
"locked": {
@ -528,7 +525,7 @@
"inputs": {
"flake-compat": "flake-compat_2",
"nix-options-doc": "nix-options-doc",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1760856139,
@ -608,6 +605,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761880412,
"narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1757967192,
"narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=",
@ -623,7 +636,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
@ -639,7 +652,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1740695751,
"narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=",
@ -655,7 +668,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
@ -671,7 +684,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
@ -687,7 +700,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
@ -703,7 +716,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
@ -800,7 +813,7 @@
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nixos-cli": "nixos-cli",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgs-stable": "nixpkgs-stable_2",
"noctalia": "noctalia",
"stylix": "stylix",
@ -860,7 +873,7 @@
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nur": "nur",
"systems": "systems_5",
"tinted-foot": "tinted-foot",
@ -1130,7 +1143,7 @@
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1760934351,

8
flake.nix
View file

@ -17,10 +17,7 @@
inputs.nixpkgs.follows = "nixpkgs-stable";
};
disko = {
url = "github:nix-community/disko?ref=v1.11.0";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
disko.url = "github:nix-community/disko";
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
@ -63,13 +60,14 @@
];
imports = [
./deploy.nix
./devShells.nix
./diskoConfigurations.nix
./homeConfigurations.nix
./nixosConfigurations.nix
./nixosModules.nix
./overlays.nix
./packages.nix
./deploy.nix
./terranixConfigurations.nix
];
};

83
hosts/io/disko.nix
View file

@ -1,83 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
};
};
}

6
hosts/io/hardware-configuration.nix
View file

@ -2,11 +2,15 @@
config,
lib,
modulesPath,
self,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
self.diskoConfigurations.io
];
boot = {
initrd = {

8
hosts/modules/ephemeral.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }:
{ config, inputs, ... }:
{
imports = [
@ -8,7 +8,11 @@
ephemeral = {
enable = true;
rootDevice = "/dev/mapper/cryptroot";
rootDevice =
if config.networking.hostName == "trantor" then
"/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"
else
"/dev/mapper/cryptroot";
rootSubvolume = "@root";
};

5
hosts/trantor/boot.nix
View file

@ -1,6 +1,3 @@
{
boot = {
loader.efi.efiSysMountPoint = "/boot";
initrd.systemd.enable = true;
};
boot.initrd.systemd.enable = true;
}

36
hosts/trantor/disko.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

6
hosts/trantor/hardware-configuration.nix
View file

@ -1,11 +1,15 @@
{
lib,
modulesPath,
self,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
self.diskoConfigurations.trantor
];
boot = {
kernelModules = [ ];

1
nixosConfigurations.nix
View file

@ -47,6 +47,7 @@ in
system = "aarch64-linux";
tags = [
"server"
"ephemeral"
];
};
};

0
terranix/cloudflare/baduhai.dev.nix Normal file
View file

0
terranix/cloudflare/kernelpanic.space.nix Normal file
View file

0
terranix/oci/terminus.nix Normal file
View file

122
terranix/oci/homelab.nix → terranix/oci/trantor.nix
View file

@ -3,16 +3,16 @@
{
terraform.required_providers.oci = {
source = "oracle/oci";
version = "~> 5.0";
version = "~> 7.0";
};
provider.oci.region = "sa-saopaulo-1";
terraform.backend.s3 = {
bucket = "terraform-state";
key = "oci/homelab.tfstate";
key = "oci/trantor.tfstate";
region = "auto";
endpoint = "https://<ACCOUNT_ID>.r2.cloudflarestorage.com";
endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
skip_credentials_validation = true;
skip_metadata_api_check = true;
skip_region_validation = true;
@ -21,8 +21,13 @@
};
variable = {
tenancy_ocid = {
default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq";
type = "string";
};
compartment_name = {
default = "homelab";
default = "trantor";
type = "string";
};
@ -46,14 +51,12 @@
};
data = {
oci_identity_tenancy.tenancy = { };
oci_identity_availability_domains.ads = {
compartment_id = config.data.oci_identity_tenancy.tenancy.id;
compartment_id = config.variable.tenancy_ocid.default;
};
oci_core_images.ubuntu_arm = {
compartment_id = config.data.oci_identity_tenancy.tenancy.id;
compartment_id = config.variable.tenancy_ocid.default;
operating_system = "Canonical Ubuntu";
operating_system_version = "24.04";
shape = "VM.Standard.A1.Flex";
@ -63,34 +66,34 @@
};
resource = {
oci_identity_compartment.homelab = {
compartment_id = config.data.oci_identity_tenancy.tenancy.id;
description = "Homelab infrastructure compartment";
oci_identity_compartment.trantor = {
compartment_id = config.variable.tenancy_ocid.default;
description = "trantor infrastructure compartment";
name = config.variable.compartment_name.default;
};
oci_core_vcn.vcn = {
compartment_id = config.resource.oci_identity_compartment.homelab.id;
compartment_id = config.resource.oci_identity_compartment.trantor "id";
cidr_blocks = [ config.variable.vcn_cidr.default ];
display_name = "homelab-vcn";
dns_label = "homelab";
display_name = "trantor-vcn";
dns_label = "trantor";
};
oci_core_internet_gateway.ig = {
compartment_id = config.resource.oci_identity_compartment.homelab.id;
vcn_id = config.resource.oci_core_vcn.vcn.id;
display_name = "homelab-ig";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-ig";
enabled = true;
};
oci_core_route_table.rt = {
compartment_id = config.resource.oci_identity_compartment.homelab.id;
vcn_id = config.resource.oci_core_vcn.vcn.id;
display_name = "homelab-rt";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-rt";
route_rules = [
{
network_entity_id = config.resource.oci_core_internet_gateway.ig.id;
network_entity_id = config.resource.oci_core_internet_gateway.ig "id";
destination = "0.0.0.0/0";
destination_type = "CIDR_BLOCK";
}
@ -98,9 +101,9 @@
};
oci_core_security_list.sl = {
compartment_id = config.resource.oci_identity_compartment.homelab.id;
vcn_id = config.resource.oci_core_vcn.vcn.id;
display_name = "homelab-sl";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
display_name = "trantor-sl";
egress_security_rules = [
{
@ -138,23 +141,50 @@
max = 443;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 25565;
max = 25565;
};
}
{
protocol = "6"; # TCP
source = "0.0.0.0/0";
stateless = false;
tcp_options = {
min = 19132;
max = 19133;
};
}
{
protocol = "17"; # UDP
source = "0.0.0.0/0";
stateless = false;
udp_options = {
min = 19132;
max = 19133;
};
}
];
};
oci_core_subnet.subnet = {
compartment_id = config.resource.oci_identity_compartment.homelab.id;
vcn_id = config.resource.oci_core_vcn.vcn.id;
compartment_id = config.resource.oci_identity_compartment.trantor "id";
vcn_id = config.resource.oci_core_vcn.vcn "id";
cidr_block = config.variable.vcn_cidr.default;
display_name = "homelab-subnet";
display_name = "trantor-subnet";
dns_label = "subnet";
route_table_id = config.resource.oci_core_route_table.rt.id;
security_list_ids = [ config.resource.oci_core_security_list.sl.id ];
route_table_id = config.resource.oci_core_route_table.rt "id";
security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ];
prohibit_public_ip_on_vnic = false;
};
oci_core_instance.trantor = {
availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name;
compartment_id = config.resource.oci_identity_compartment.homelab.id;
availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name";
compartment_id = config.resource.oci_identity_compartment.trantor "id";
display_name = config.variable.instance_name.default;
shape = "VM.Standard.A1.Flex";
@ -165,12 +195,12 @@
source_details = {
source_type = "image";
source_id = config.data.oci_core_images.ubuntu_arm.images .0.id;
boot_volume_size_in_gbs = 50;
source_id = config.data.oci_core_images.ubuntu_arm "images[0].id";
boot_volume_size_in_gbs = 100;
};
create_vnic_details = {
subnet_id = config.resource.oci_core_subnet.subnet.id;
subnet_id = config.resource.oci_core_subnet.subnet "id";
display_name = "trantor-vnic";
assign_public_ip = true;
hostname_label = config.variable.instance_name.default;
@ -182,15 +212,35 @@
preserve_boot_volume = false;
};
oci_budget_budget.trantor_budget = {
compartment_id = config.variable.tenancy_ocid.default;
targets = [ (config.resource.oci_identity_compartment.trantor "id") ];
amount = 1;
reset_period = "MONTHLY";
display_name = "trantor-budget";
description = "Monthly budget for trantor compartment";
target_type = "COMPARTMENT";
};
oci_budget_alert_rule.daily_spend_alert = {
budget_id = config.resource.oci_budget_budget.trantor_budget "id";
type = "ACTUAL";
threshold = 5;
threshold_type = "PERCENTAGE";
display_name = "daily-spend-alert";
description = "Alert when daily spending exceeds $0.05";
message = "Daily spending has exceeded $0.05 in the trantor compartment";
};
};
output = {
compartment_id = {
value = config.resource.oci_identity_compartment.homelab.id;
value = config.resource.oci_identity_compartment.trantor "id";
};
instance_public_ip = {
value = config.resource.oci_core_instance.trantor.public_ip;
value = config.resource.oci_core_instance.trantor "public_ip";
};
};
}

0
terranix/tailscale/tailnet.nix Normal file
View file

10
terranixConfigurations.nix
View file

@ -5,10 +5,14 @@
inputs.terranix.flakeModule
];
perSystem = {
perSystem =
{ pkgs, ... }:
{
terranix.terranixConfigurations = {
oci-homelab = {
modules = [ ./terranix/oci/homelab.nix ];
oci-trantor = {
modules = [ ./terranix/oci/trantor.nix ];
terraformWrapper.package = pkgs.opentofu;
};
};
};