Merge remote-tracking branch 'origin/HEAD'

2021-09-11 20:35:10 +01:00 · 2021-09-11 20:35:10 +01:00 · 0d2518a4ea
commit 0d2518a4ea
parent f6f3165699 d6b79f1cee
5 changed files with 94 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -42,6 +42,7 @@
      };
      foureighty = mkWorkstation nixpkgs-stable "x86_64-linux" "foureighty";
      skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv";
+      thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky";
      brix = mkServer nixpkgs-nixos-unstable "x86_64-linux" "brix";
      vultr1 = mkServer nixpkgs-stable "x86_64-linux" "vultr1";
    };
--- a/nixos/boxes/thinky/default.nix
+++ b/nixos/boxes/thinky/default.nix
@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+  networking.hostName = "thinky";
+
+  imports = [
+    ./hardware-configuration.nix
+    ../../boot.nix
+    ../../common.nix
+    ../../gfx-intel.nix
+    ../../i3
+    ../../tailscale.nix
+    ./tailscale-skinnyv.nix
+    ../../distributed-builds.nix
+    ../../gui
+    ../../git
+    ../../backups.nix
+  ];
+
+  boot.kernelPackages = pkgs.linuxPackages_latest_hardened;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  time.timeZone = "Europe/Warsaw";
+
+  services.thermald.enable = true;
+  fonts.fontconfig.enable = true;
+}
--- a/nixos/boxes/thinky/hardware-configuration.nix
+++ b/nixos/boxes/thinky/hardware-configuration.nix
@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  boot.initrd.availableKernelModules = [ "ata_generic" "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices."root"=
+    {
+      name = "root";
+      device = "/dev/disk/by-uuid/962caed1-9dd5-4771-9a8f-3d3f5854af2e";
+      preLVM = true;
+      allowDiscards = true;
+    };
+
+    boot.loader.grub = {
+      device = "/dev/sda";
+    };
+    fileSystems."/" =
+      { device = "/dev/disk/by-uuid/11fb2333-f06f-4970-9b74-a5287bab5058";
+      fsType = "ext4";
+    };
+
+    fileSystems."/boot" =
+      { device = "/dev/disk/by-uuid/a8704d8b-e174-4bcd-9558-085a85ed1ceb";
+      fsType = "ext4";
+    };
+
+    swapDevices =
+      [ { device = "/dev/disk/by-uuid/43d05f3c-5f2b-42cf-b052-06b6a3e82c45"; }
+    ];
+
+    nix.maxJobs = lib.mkDefault 2;
+  }
--- a/nixos/boxes/thinky/tailscale-skinnyv.nix
+++ b/nixos/boxes/thinky/tailscale-skinnyv.nix
@ -0,0 +1,32 @@
+{ config, pkgs, inputs, lib, ... }:
+let
+  tailscale =  inputs.nixpkgs-nixos-unstable.legacyPackages."x86_64-linux".tailscale;
+in
+  {
+    systemd.services.tailscale-autoconnect = {
+      description = "Automatic connection to Tailscale";
+
+    # make sure tailscale is running before trying to connect to tailscale
+    after = [ "network-pre.target" "tailscale.service" ];
+    wants = [ "network-pre.target" "tailscale.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    # set this service as a oneshot job
+    serviceConfig.Type = "oneshot";
+
+    # have the job run this shell script
+    script = ''
+      # wait for tailscaled to settle
+      sleep 2
+
+      # check if we are already authenticated to tailscale
+      status="$(${tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
+      if [ $status = "Running" ]; then # if so, then do nothing
+        exit 0
+      fi
+
+      # otherwise authenticate with tailscale
+      ${tailscale}/bin/tailscale up -authkey tskey-bd6b308c9c22272a0a66c442
+    '';
+  };
+}
--- a/nixos/boxes/thinky/thinky.nix
+++ b/nixos/boxes/thinky/thinky.nix