diff --git a/Makefile b/Makefile index a1e74771..f6edeee6 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,27 @@ darwin-debug: darwin-set-proxy --extra-experimental-features 'nix-command flakes' ./result/sw/bin/darwin-rebuild switch --flake . --show-trace --verbose +idols: + nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo + nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo + nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo + +idols-debug: + nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --show-trace --verbose + nixos-rebuild --flake .#ruby --target-host ruby --build-host ruby switch --use-remote-sudo --show-trace --verbose + nixos-rebuild --flake .#kana --target-host kana --build-host kana switch --use-remote-sudo --show-trace --verbose + +idols-image: + # take image for idols, and upload the image to proxmox nodes. + nom build .#aquamarine + scp result/vzdump-qemu-*.vma.zst root@gtr5:/var/lib/vz/dump + + nom build .#ruby + scp result/vzdump-qemu-*.vma.zst root@s500plus:/var/lib/vz/dump + + nom build .#kana + scp result/vzdump-qemu-*.vma.zst root@um560:/var/lib/vz/dump + fmt: # format the nix files in this repo nix fmt diff --git a/README.md b/README.md index dd48d85c..0ec65aee 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,16 @@ Nix allows for easy-to-manage, collaborative, reproducible deployments. This mea ## Hosts -- `msi-rtx3090`: my main PC, with RTX 3090 GPU, with NixOS -- `harmonica`: my MacBook Pro 2020 13-inch, with macOS, for work -- `nixos-test`: my test machine, with NixOS +```shell +› tree hosts +hosts +├── harmonica # my MacBook Pro 2020 13-inch, with macOS, for work. +└── idols + ├── ai # my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use. + ├── aquamarine # my NixOS virtual machine with R9-5900HX(8C16T), mainly for distributed building & testing. + ├── kana # yet another NixOS vm on another physical machine with R5-5625U(6C12T). + └── ruby # another NixOS vm on another physical machine with R7-5825U(8C16T). +``` ## How to Deploy this Flake? @@ -37,17 +44,10 @@ After installing NixOS with `nix-command` & `flake` enabled, follow the steps be For NixOS, use the following commands: ```bash -# deploy my test configuration -sudo nixos-rebuild switch --flake .#nixos-test +# deploy one of the configuration based on the hostname +sudo nixos-rebuild switch --flake . - -# deploy my PC's configuration -sudo nixos-rebuild switch --flake .#msi-rtx4090 - -# or just deploy with hostname -sudo nixos-rebuild switch - -# we can also deploy using make, which is defined in Makefile +# we can also deploy using `make`, which is defined in Makefile make deploy ``` @@ -93,6 +93,34 @@ $ fhs for other methods, check out [Different methods to run a non-nixos executable on Nixos](https://unix.stackexchange.com/questions/522822/different-methods-to-run-a-non-nixos-executable-on-nixos). +## How to create & managage VM from this flake? + +use `aquamarine` as an example, we can create a virtual machine with the following command: + +```shell +# 1. generate a proxmox vma image file +nom build .#aquamarine # `nom`(nix-output-monitor) can be replaced by the standard command `nix` + +# 2. upload the genereated image to proxmox server's backup directory `/var/lib/vz/dump` +# please replace the vma file name with the one you generated in step 1. +scp result/vzdump-qemu-aquamarine-nixos-23.11.20230603.dd49825.vma.zst root@192.168.5.174:/var/lib/vz/dump + +# 3. the image we uploaded will be listed in proxmox web ui's this page: [storage 'local'] -> [backups], we can restore a vm from it via the web ui now. +``` + +Once the virtual machine `aquamarine` is created, we can deploy updates to it with the following commands: + +```shell +# 1. add the ssh key to ssh-agent +ssh-add ~/.ssh/ai-idols + +# 2. deploy the configuration to the remote host, using the ssh key we added in step 1 +# and the username defaults to `$USER`, it's `ryan` in my case. +nixos-rebuild --flake .#aquamarine --target-host aquamarine --build-host aquamarine switch --use-remote-sudo --verbose +``` + +The commands above will build & deploy the configuration to `aquamarine`, the build process will be executed on `aquamarine` too, and the `--use-remote-sudo` option indicates that we will use `sudo` on the remote host, because `nixos-rebuild switch` needs root permission to deploy the configuration. + ## Other Interesting Dotfiles Other dotfiles && docs that inspired me: diff --git a/flake.lock b/flake.lock index 35be9943..ae7e13d7 100644 --- a/flake.lock +++ b/flake.lock @@ -63,45 +63,7 @@ "type": "github" } }, - "devenv": { - "inputs": { - "flake-compat": "flake-compat", - "nix": "nix", - "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1678113758, - "narHash": "sha256-mD3SkN43b1s5CJ8Rx3l2oK3Dqgs+6Ze0FfWrdMcrrYk=", - "owner": "cachix", - "repo": "devenv", - "rev": "6455f319fc90e0be2071327093c5458f9afc61bf", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "v0.6.2", - "repo": "devenv", - "type": "github" - } - }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "locked": { "lastModified": 1680531544, "narHash": "sha256-8qbiDTYb1kGaDADRXTItpcMKQ1TeQVkuof6oEwHUvVA=", @@ -139,21 +101,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -171,7 +118,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -189,28 +136,6 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "devenv", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -256,7 +181,7 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "wlroots": "wlroots", "xdph": "xdph" }, @@ -298,7 +223,7 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs-lib": "nixpkgs-lib" }, "locked": { @@ -315,26 +240,10 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, "nil": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -352,34 +261,10 @@ "type": "github" } }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": [ - "devenv", - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1676545802, - "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=", - "owner": "domenkozar", - "repo": "nix", - "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "relaxed-flakes", - "repo": "nix", - "type": "github" - } - }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1685435187, @@ -478,39 +363,7 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { - "locked": { - "lastModified": 1673800717, - "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1685801374, "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", @@ -528,10 +381,10 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1685650687, @@ -548,22 +401,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1677534593, - "narHash": "sha256-PuZSAHeq4/9pP/uYH1FcagQ3nLm/DrDrvKi/xC9glvw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3ad64d9e2d5bf80c877286102355b1625891ae9a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1683014792, "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=", @@ -579,7 +416,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1682929865, "narHash": "sha256-jxVrgnf5QNjO+XoxDxUWtN2G5xyJSGZ5SWDQFxMuHxc=", @@ -595,7 +432,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1685836261, "narHash": "sha256-rpxEPGeW4JZJcH58SQApJUtJ7w78VPtkF6Cut/Pq6Kg=", @@ -611,7 +448,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1681347147, "narHash": "sha256-B+hTioRc3Jdf4SJyeCiO0fW5ShIznJk2OTiW2vOV+mc=", @@ -627,7 +464,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1685383865, "narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=", @@ -643,63 +480,18 @@ "type": "github" } }, - "nur": { - "locked": { - "lastModified": 1685880642, - "narHash": "sha256-jQNe2IAL7qPdwCk8HnwlfJN790YjIoRu4EfjfI6y0qk=", - "owner": "nix-community", - "repo": "NUR", - "rev": "65b4ce84312de2fec2e26315bad06278e3e4acd5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": [ - "devenv", - "flake-compat" - ], - "flake-utils": "flake-utils", - "gitignore": "gitignore", - "nixpkgs": [ - "devenv", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1677160285, - "narHash": "sha256-tBzpCjMP+P3Y3nKLYvdBkXBg3KvTMo3gvi8tLQaqXVY=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "2bd861ab81469428d9c823ef72c4bb08372dd2c4", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "darwin": "darwin_2", - "devenv": "devenv", "home-manager": "home-manager_2", "hyprland": "hyprland", "nil": "nil", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-darwin": "nixpkgs-darwin", - "nixpkgs-stable": "nixpkgs-stable_2", - "nixpkgs-wayland": "nixpkgs-wayland", - "nur": "nur" + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-wayland": "nixpkgs-wayland" } }, "rust-overlay": { diff --git a/flake.nix b/flake.nix index 78a29a59..6fd99ed0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,12 @@ { - description = "NixOS configuration of Ryan Yin"; + description = "NixOS & macOS configuration of Ryan Yin"; + + ################################################################################################################## + # + # Want to know Nix in details? Looking for a beginner-friendly tutorial? + # Check out [NixOS & Nix Flakes - A Guide for Beginners](https://thiscute.world/en/posts/nixos-and-flake-basics/)! + # + ################################################################################################################## # the nixConfig here only affects the flake itself, not the system configuration! nixConfig = { @@ -16,19 +23,16 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://nixpkgs-wayland.cachix.org" - "https://xddxdd.cachix.org" ]; extra-trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" - "xddxdd.cachix.org-1:ay1HJyNDYmlSwj5NXQG065C8LfoqqKaTNCyzeixGjf8=" ]; }; # This is the standard format for flake.nix. `inputs` are the dependencies of the flake, - # and `outputs` function will return all the build results of the flake. # Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built. inputs = { # There are many ways to reference flake inputs. The most widely used is github:owner/name/reference, @@ -45,11 +49,6 @@ inputs.nixpkgs.follows = "nixpkgs-darwin"; }; - # nix users repository - # used to install some packages not in nixpkgs - # e.g. wechat-uos/qqmusic/dingtalk - nur.url = "github:nix-community/NUR"; - # home-manager, used for managing user configuration home-manager = { url = "github:nix-community/home-manager/release-23.05"; @@ -70,9 +69,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # use devenv to manage my development environment - devenv.url = "github:cachix/devenv/v0.6.2"; - # secrets management, lock with git commit at 2023/5/15 agenix.url = "github:ryantm/agenix/db5637d10f797bb251b94ef9040b237f4702cde3"; @@ -80,91 +76,104 @@ nil.url = "github:oxalica/nil/2023-05-09"; }; - # `outputs` are all the build result of the flake. - # A flake can have many use cases and different types of outputs. + # The `outputs` function will return all the build results of the flake. + # A flake can have many use cases and different types of outputs, # parameters in `outputs` are defined in `inputs` and can be referenced by their names. - # However, `self` is an exception, This special parameter points to the `outputs` itself (self-reference) + # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference) # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function. outputs = inputs@{ self , nixpkgs , darwin , home-manager + , nixos-generators , ... - }: { - nixosConfigurations = { - # By default, NixOS will try to refer the nixosConfiguration with its hostname. - # so the system named `msi-rtx4090` will use this configuration. - # However, the configuration name can also be specified using `sudo nixos-rebuild switch --flake /path/to/flakes/directory#`. - # The `nixpkgs.lib.nixosSystem` function is used to build this configuration, the following attribute set is its parameter. - # Run `sudo nixos-rebuild switch --flake .#msi-rtx4090` in the flake's directory to deploy this configuration on any NixOS system - msi-rtx4090 = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; + }: + + let + x64_system = "x86_64-linux"; + x64_specialArgs = { + pkgs-stable = import inputs.nixpkgs-stable { + system = x64_system; # refer the `system` parameter form outer scope recursively + # To use chrome, we need to allow the installation of non-free software + config.allowUnfree = true; + }; + } // inputs; + ai_modules = [ + ./hosts/idols/ai - # The Nix module system can modularize configurations, improving the maintainability of configurations. - # - # Each parameter in the `modules` is a Nix Module, and there is a partial introduction to it in the nixpkgs manual: - # - # It is said to be partial because the documentation is not complete, only some simple introductions - # (such is the current state of Nix documentation...) - # A Nix Module can be an attribute set, or a function that returns an attribute set. - # If a Module is a function, according to the Nix Wiki description, this function can have up to four parameters: - # - # config: The configuration of the entire system - # options: All option declarations refined with all definition and declaration references. - # pkgs: The attribute set extracted from the Nix package collection and enhanced with the nixpkgs.config option. - # modulesPath: The location of the module directory of Nix. - # - # Only these four parameters can be passed by default. - # If you need to pass other parameters, you must use `specialArgs` by uncomment the following line - specialArgs = { - pkgs-stable = import inputs.nixpkgs-stable { - system = system; # refer the `system` parameter form outer scope recursively - # To use chrome, we need to allow the installation of non-free software - config.allowUnfree = true; - }; - } // inputs; - modules = [ - ./hosts/msi-rtx4090 + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; - # make home-manager as a module of nixos - # so that home-manager configuration will be deployed automatically when executing `nixos-rebuild switch` - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = x64_specialArgs; + home-manager.users.ryan = import ./home/linux/x11.nix; + } + ]; + aquamarine_modules = [ + ./hosts/idols/aquamarine - # pass all inputs into home manager's all sub modules - home-manager.extraSpecialArgs = specialArgs; - home-manager.users.ryan = import ./home/linux/x11.nix; - } - ]; + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.extraSpecialArgs = x64_specialArgs; + home-manager.users.ryan = import ./home/linux/server.nix; + } + ]; + ruby_modules = [ + ./hosts/idols/ruby + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.extraSpecialArgs = x64_specialArgs; + home-manager.users.ryan = import ./home/linux/server.nix; + } + ]; + kana_modules = [ + ./hosts/idols/kana + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + home-manager.extraSpecialArgs = x64_specialArgs; + home-manager.users.ryan = import ./home/linux/server.nix; + } + ]; + in { + nixosConfigurations = let system = x64_system; specialArgs = x64_specialArgs; in { + # 星野 アイ, Hoshino Ai + ai = nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = ai_modules; }; - nixos-test = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { - pkgs-stable = import inputs.nixpkgs-stable { - system = system; - config.allowUnfree = true; - }; - } // inputs; - modules = [ - ./hosts/nixos-test + # 星野 愛久愛海, Hoshino Aquamarine + aquamarine = nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = aquamarine_modules; + }; - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; + # 星野 瑠美衣, Hoshino Rubii + ruby = nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = ruby_modules; + }; - home-manager.extraSpecialArgs = specialArgs; - home-manager.users.ryan = import ./home/linux/wayland.nix; - } - ]; + kana = nixpkgs.lib.nixosSystem { + inherit system specialArgs; + modules = kana_modules; }; }; - # configurations for MacOS + # macOS's configuration, for work. darwinConfigurations."harmonica" = darwin.lib.darwinSystem { system = "x86_64-darwin"; @@ -188,30 +197,52 @@ x86_64-darwin = nixpkgs.legacyPackages.x86_64-darwin.nixpkgs-fmt; }; - # generate qcow2 & iso image from nixos configuration - # https://github.com/nix-community/nixos-generators - # packages.x86_64-linux = { - # qcow2 = nixos-generators.nixosGenerate { - # system = "x86_64-linux"; - # modules = [ - # # you can include your own nixos configuration here, i.e. - # # ./configuration.nix - # ]; - # format = "qcow"; + packages.x86_64-linux = + # take images for idols + # https://github.com/nix-community/nixos-generators + let system = x64_system; specialArgs = x64_specialArgs; in { + # Hoshino Ai is a physical machine, so we need to generate an iso image for it. + ai = nixos-generators.nixosGenerate { + inherit system specialArgs; + modules = ai_modules; + format = "iso"; + }; + # Hoshino Aquamarine is a virtual machine running on Proxmox VE. + aquamarine = nixos-generators.nixosGenerate { + inherit system specialArgs; + modules = aquamarine_modules ++ [ + ({config, ...}: { + proxmox.qemuConf.name = "aquamarine-nixos-${config.system.nixos.label}"; + }) + ]; - # # you can also define your own custom formats - # # customFormats = { "myFormat" = ; ... }; - # # format = "myFormat"; - # }; - - # iso = nixos-generators.nixosGenerate { - # system = "x86_64-linux"; - # modules = [ - # # you can include your own nixos configuration here, i.e. - # # ./configuration.nix - # ]; - # format = "iso"; - # }; - # }; + # proxmox's configuration: + # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix + # + # after resize the disk, it will grow partition automatically. + # and it alse had qemu-guest-agent installed by default. + format = "proxmox"; + }; + # Hoshino Rubii is a vm too. + ruby = nixos-generators.nixosGenerate { + inherit system specialArgs; + modules = ruby_modules ++ [ + ({config, ...}: { + proxmox.qemuConf.name = "ruby-nixos-${config.system.nixos.label}"; + }) + ]; + format = "proxmox"; + }; + # Kana is a vm too. + kana = nixos-generators.nixosGenerate { + inherit system specialArgs; + modules = kana_modules ++ [ + ({config, ...}: { + proxmox.qemuConf.name = "kana-nixos-${config.system.nixos.label}"; + }) + ]; + format = "proxmox"; + }; + }; }; } diff --git a/home/base/desktop/default.nix b/home/base/desktop/default.nix new file mode 100644 index 00000000..6d597cb0 --- /dev/null +++ b/home/base/desktop/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + imports = [ + ../server + + ./development.nix + ./media.nix + ]; + +} diff --git a/home/base/development.nix b/home/base/desktop/development.nix similarity index 76% rename from home/base/development.nix rename to home/base/desktop/development.nix index 93b55fe3..984f9bad 100644 --- a/home/base/development.nix +++ b/home/base/desktop/development.nix @@ -1,6 +1,16 @@ -{ config, pkgs, nil, ... }: +{ pkgs, nil, ... }: { + ############################################################# + # + # Basic settings for development environment + # + # Please avoid to install language specific packages here(globally), + # instead, install them independently using dev-templates: + # https://github.com/the-nix-way/dev-templates + # + ############################################################# + home.packages = with pkgs; [ nil.packages."${pkgs.system}".default # nix language server @@ -30,33 +40,11 @@ gnumake # used by this repo, to simplify the deployment clang-tools clang-analyzer - # lldb - # cmake - # autoconf - # automake - # bison - # cppcheck - # fakeroot - # flex - # gettext - # groff - # libtool - # m4 - # patch - # pkgconf - # texinfo - # binutils # Golang - delve go - go-outline - go-tools - go2nix - gomodifytags + delve gopls - gotests - impl # Rust rustup @@ -67,6 +55,7 @@ pandas requests pyquery + pyyaml ])) # db related @@ -79,15 +68,6 @@ # embedded development minicom - # other languages - # julia - zig - # elixir - # solidity - - # java - # adoptopenjdk-openj9-bin-17 - # other tools k6 # load testing tool mitmproxy # http/https proxy tool @@ -118,9 +98,4 @@ enableNushellIntegration = true; }; }; - - # GitHub CLI tool - programs.gh = { - enable = true; - }; } diff --git a/home/base/media.nix b/home/base/desktop/media.nix similarity index 100% rename from home/base/media.nix rename to home/base/desktop/media.nix diff --git a/home/base/bash.nix b/home/base/server/bash.nix similarity index 100% rename from home/base/bash.nix rename to home/base/server/bash.nix diff --git a/home/base/core.nix b/home/base/server/core.nix similarity index 98% rename from home/base/core.nix rename to home/base/server/core.nix index 4406ce30..b7c423eb 100644 --- a/home/base/core.nix +++ b/home/base/server/core.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { home.packages = with pkgs; [ diff --git a/home/base/default.nix b/home/base/server/default.nix similarity index 64% rename from home/base/default.nix rename to home/base/server/default.nix index 7f724372..80c42d4d 100644 --- a/home/base/default.nix +++ b/home/base/server/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ ./nushell @@ -6,9 +6,7 @@ ./bash.nix ./core.nix - ./development.nix ./git.nix - ./media.nix ./starship.nix ]; diff --git a/home/base/git.nix b/home/base/server/git.nix similarity index 100% rename from home/base/git.nix rename to home/base/server/git.nix diff --git a/home/base/nushell/config.nu b/home/base/server/nushell/config.nu similarity index 100% rename from home/base/nushell/config.nu rename to home/base/server/nushell/config.nu diff --git a/home/base/nushell/default.nix b/home/base/server/nushell/default.nix similarity index 100% rename from home/base/nushell/default.nix rename to home/base/server/nushell/default.nix diff --git a/home/base/starship.nix b/home/base/server/starship.nix similarity index 100% rename from home/base/starship.nix rename to home/base/server/starship.nix diff --git a/home/base/tmux/custom-plugins.nix b/home/base/server/tmux/custom-plugins.nix similarity index 100% rename from home/base/tmux/custom-plugins.nix rename to home/base/server/tmux/custom-plugins.nix diff --git a/home/base/tmux/default.nix b/home/base/server/tmux/default.nix similarity index 100% rename from home/base/tmux/default.nix rename to home/base/server/tmux/default.nix diff --git a/home/darwin/default.nix b/home/darwin/default.nix index b8eb73ee..2c6bd1b3 100644 --- a/home/darwin/default.nix +++ b/home/darwin/default.nix @@ -1,8 +1,8 @@ -{ pkgs, ... }: +{ ... }: { imports = [ - ../base + ../base/desktop ./alacritty ./core.nix diff --git a/home/linux/base/development.nix b/home/linux/base/development.nix deleted file mode 100644 index 23e3d935..00000000 --- a/home/linux/base/development.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, nil, ... }: - -{ - home.packages = with pkgs; [ - nil.packages."${pkgs.system}".default # nix language server - - # GUI IDE - insomnia # REST client - - # need to run `conda-install` before using it - # need to run `conda-shell` before using command `conda` - # conda is not available for MacOS - conda - ]; - - # GitHub CLI tool - programs.gh = { - enable = true; - }; -} diff --git a/home/linux/base/ssh.nix b/home/linux/base/ssh.nix index 4ebc6909..d285b072 100644 --- a/home/linux/base/ssh.nix +++ b/home/linux/base/ssh.nix @@ -28,6 +28,18 @@ # Specifies that ssh should only use the identity file explicitly configured above # required to prevent sending default identity files first. IdentitiesOnly yes + + Host gtr5 + HostName 192.168.5.172 + Port 22 + + Host um560 + HostName 192.168.5.173 + Port 22 + + Host s500plus + HostName 192.168.5.174 + Port 22 ''; # use ssh-agent so we only need to input passphrase once diff --git a/home/linux/base/system-tools.nix b/home/linux/base/system-tools.nix index a123e4c1..bb4265b9 100644 --- a/home/linux/base/system-tools.nix +++ b/home/linux/base/system-tools.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, ... }: { @@ -6,15 +6,18 @@ home.packages = with pkgs; [ btop # replacement of htop/nmon htop - iotop nmon - - ## networking tools - wireguard-tools # manage wireguard vpn manually, via wg-quick + iotop iftop # misc libnotify + wireguard-tools # manage wireguard vpn manually, via wg-quick + + # need to run `conda-install` before using it + # need to run `conda-shell` before using command `conda` + # conda is not available for MacOS + conda # system call monitoring strace # system call monitoring @@ -29,8 +32,6 @@ usbutils # lsusb hdparm # for disk performance, command dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard - - cifs-utils # for mounting windows shares ]; # auto mount usb drives diff --git a/home/linux/base/alacritty/alacritty.yml b/home/linux/desktop/alacritty/alacritty.yml similarity index 100% rename from home/linux/base/alacritty/alacritty.yml rename to home/linux/desktop/alacritty/alacritty.yml diff --git a/home/linux/base/alacritty/default.nix b/home/linux/desktop/alacritty/default.nix similarity index 93% rename from home/linux/base/alacritty/default.nix rename to home/linux/desktop/alacritty/default.nix index b1f36886..6b74856e 100644 --- a/home/linux/base/alacritty/default.nix +++ b/home/linux/desktop/alacritty/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { programs.alacritty = { diff --git a/home/linux/base/alacritty/theme_github_dark.yml b/home/linux/desktop/alacritty/theme_github_dark.yml similarity index 100% rename from home/linux/base/alacritty/theme_github_dark.yml rename to home/linux/desktop/alacritty/theme_github_dark.yml diff --git a/home/linux/desktop/creative.nix b/home/linux/desktop/creative.nix index 7a9a6c55..93746522 100644 --- a/home/linux/desktop/creative.nix +++ b/home/linux/desktop/creative.nix @@ -1,7 +1,4 @@ -{ pkgs -, config -, ... -}: +{ pkgs, ... }: { home.packages = with pkgs; [ # creative diff --git a/home/linux/desktop/default.nix b/home/linux/desktop/default.nix index 9c7727df..93393cc7 100644 --- a/home/linux/desktop/default.nix +++ b/home/linux/desktop/default.nix @@ -1,13 +1,16 @@ { pkgs, ... }: { imports = [ + ./alacritty + ./creative.nix ./media.nix ]; home.packages = with pkgs; [ - # networking - wireshark + # GUI apps + insomnia # REST client + wireshark # network analyzer # e-book viewer(.epub/.mobi/...) # do not support .pdf @@ -25,4 +28,9 @@ # misc flameshot ]; + + # GitHub CLI tool + programs.gh = { + enable = true; + }; } diff --git a/home/linux/hyprland/default.nix b/home/linux/hyprland/default.nix index 90df3fdf..9fd7554c 100644 --- a/home/linux/hyprland/default.nix +++ b/home/linux/hyprland/default.nix @@ -1,8 +1,5 @@ -{ pkgs -, config -, lib -, ... -}: { +{ pkgs, ...}: +{ imports = [ ./wayland-apps.nix ]; @@ -51,4 +48,3 @@ }; } - diff --git a/home/linux/i3/default.nix b/home/linux/i3/default.nix index cba18122..2f68976b 100644 --- a/home/linux/i3/default.nix +++ b/home/linux/i3/default.nix @@ -1,8 +1,5 @@ -{ pkgs -, config -, lib -, ... -}: { +{ pkgs, ...}: +{ # i3 配置,基于 https://github.com/endeavouros-team/endeavouros-i3wm-setup # 直接从当前文件夹中读取配置文件作为配置内容 diff --git a/home/linux/server.nix b/home/linux/server.nix new file mode 100644 index 00000000..6130895a --- /dev/null +++ b/home/linux/server.nix @@ -0,0 +1,30 @@ +{ ... }: + +{ + imports = [ + ../base/server + + ./base/shell.nix + ./base/system-tools.nix + ]; + + # Home Manager needs a bit of information about you and the + # paths it should manage. + home = { + username = "ryan"; + homeDirectory = "/home/ryan"; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + stateVersion = "22.11"; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/home/linux/wayland.nix b/home/linux/wayland.nix index 77a23122..7441710f 100644 --- a/home/linux/wayland.nix +++ b/home/linux/wayland.nix @@ -1,16 +1,14 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ - ../base + ../base/desktop ./hyprland ./fcitx5 ./desktop - ./base/alacritty - ./base/development.nix ./base/shell.nix ./base/ssh.nix ./base/system-tools.nix diff --git a/home/linux/x11.nix b/home/linux/x11.nix index 86b088c4..b731ed3a 100644 --- a/home/linux/x11.nix +++ b/home/linux/x11.nix @@ -1,16 +1,14 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ - ../base + ../base/desktop ./i3 ./fcitx5 ./desktop - ./base/alacritty - ./base/development.nix ./base/shell.nix ./base/ssh.nix ./base/system-tools.nix diff --git a/hosts/harmonica/default.nix b/hosts/harmonica/default.nix index 8e401396..30d41946 100644 --- a/hosts/harmonica/default.nix +++ b/hosts/harmonica/default.nix @@ -1,5 +1,5 @@ # My MacBook Pro - Computer for Business -{ pkgs, ... } @ args: +{ ... }: { imports = [ diff --git a/hosts/msi-rtx4090/cifs-mount.nix b/hosts/idols/ai/cifs-mount.nix similarity index 100% rename from hosts/msi-rtx4090/cifs-mount.nix rename to hosts/idols/ai/cifs-mount.nix diff --git a/hosts/msi-rtx4090/default.nix b/hosts/idols/ai/default.nix similarity index 71% rename from hosts/msi-rtx4090/default.nix rename to hosts/idols/ai/default.nix index a5e29833..2d7f9fc3 100644 --- a/hosts/msi-rtx4090/default.nix +++ b/hosts/idols/ai/default.nix @@ -1,31 +1,22 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - - -{ config, pkgs, home-manager, nur, ... } @ args: +{ config, ... } @ args: { imports = [ - # This adds a nur configuration option. - # Use `config.nur.repos..` in NixOS Module for packages from the NUR. - nur.nixosModules.nur - ./cifs-mount.nix # Include the results of the hardware scan. ./hardware-configuration.nix - ../../modules/nixos/fhs-fonts.nix - # ../../modules/nixos/hyprland.nix - ../../modules/nixos/i3.nix - ../../modules/nixos/gui-apps.nix - ../../modules/nixos/core-desktop.nix - ../../modules/nixos/user_group.nix + ../../../modules/nixos/fhs-fonts.nix + # ../../../modules/nixos/hyprland.nix + ../../../modules/nixos/i3.nix + ../../../modules/nixos/core-desktop.nix + ../../../modules/nixos/remote-building.nix + ../../../modules/nixos/user-group.nix - ../../secrets + ../../../secrets ]; - nixpkgs.overlays = import ../../overlays args; + nixpkgs.overlays = import ../../../overlays args; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; @@ -52,7 +43,7 @@ }; networking = { - hostName = "msi-rtx4090"; # Define your hostname. + hostName = "ai"; wireless.enable = false; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary @@ -65,7 +56,7 @@ interfaces.enp5s0 = { useDHCP = false; ipv4.addresses = [{ - address = "192.168.5.66"; + address = "192.168.5.100"; prefixLength = 24; }]; }; @@ -76,15 +67,16 @@ ]; }; + virtualisation.docker.storageDriver = "btrfs"; # for Nvidia GPU - services.xserver.videoDrivers = [ "nvidia" ]; # will install nvidia-vaapi-driver by default hardware.nvidia = { package = config.boot.kernelPackages.nvidiaPackages.stable; modesetting.enable = true; powerManagement.enable = true; }; + virtualisation.docker.enableNvidia = true; # for nvidia-docker hardware.opengl = { enable = true; @@ -94,12 +86,6 @@ driSupport32Bit = true; }; - virtualisation.docker = { - enable = true; - enableNvidia = true; - storageDriver = "btrfs"; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/msi-rtx4090/hardware-configuration.nix b/hosts/idols/ai/hardware-configuration.nix similarity index 100% rename from hosts/msi-rtx4090/hardware-configuration.nix rename to hosts/idols/ai/hardware-configuration.nix diff --git a/hosts/nixos-test/default.nix b/hosts/idols/aquamarine/default.nix similarity index 56% rename from hosts/nixos-test/default.nix rename to hosts/idols/aquamarine/default.nix index 3cf29fd2..b640a9c8 100644 --- a/hosts/nixos-test/default.nix +++ b/hosts/idols/aquamarine/default.nix @@ -1,27 +1,20 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +{ ... } @args: -{ config, pkgs, home-manager, nur, ... } @args: +############################################################# +# +# Aquamarine - A NixOS VM running on Proxmox +# +############################################################# { imports = [ - # This adds a nur configuration option. - # Use `config.nur.repos..` in NixOS Module for packages from the NUR. - nur.nixosModules.nur + ../../../modules/nixos/proxmox-hardware-configuration.nix - # Include the results of the hardware scan. - ./hardware-configuration.nix - - ../../modules/nixos/fhs-fonts.nix - ../../modules/nixos/hyprland.nix - # ../../modules/nixos/i3.nix - ../../modules/nixos/gui-apps.nix - ../../modules/nixos/core-desktop.nix - ../../modules/nixos/user_group.nix + ../../../modules/nixos/core-server.nix + ../../../modules/nixos/user-group.nix ]; - nixpkgs.overlays = import ../../overlays args; + nixpkgs.overlays = import ../../../overlays args; # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. @@ -39,19 +32,8 @@ "cifs" # mount windows share ]; - # Bootloader. - boot.loader = { - grub = { - enable = true; - device = "/dev/sda"; # "nodev" - efiSupport = false; - useOSProber = true; - #efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work for your system - }; - }; - networking = { - hostName = "nixos-test"; # Define your hostname. + hostName = "aquamarine"; # Define your hostname. wireless.enable = false; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary @@ -62,7 +44,7 @@ interfaces.ens18 = { useDHCP = false; ipv4.addresses = [{ - address = "192.168.5.48"; + address = "192.168.5.101"; prefixLength = 24; }]; }; diff --git a/hosts/idols/kana/default.nix b/hosts/idols/kana/default.nix new file mode 100644 index 00000000..d46bdcf5 --- /dev/null +++ b/hosts/idols/kana/default.nix @@ -0,0 +1,66 @@ +{ ... } @args: + +############################################################# +# +# Kana - a NixOS VM running on Proxmox +# +############################################################# + +{ + imports = [ + ../../../modules/nixos/proxmox-hardware-configuration.nix + + ../../../modules/nixos/core-server.nix + ../../../modules/nixos/user-group.nix + ]; + + nixpkgs.overlays = import ../../../overlays args; + + + # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. + boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + # supported fil systems, so we can mount any removable disks with these filesystems + boot.supportedFilesystems = [ + "ext4" + "btrfs" + "xfs" + #"zfs" + "ntfs" + "fat" + "vfat" + "exfat" + "cifs" # mount windows share + ]; + + networking = { + hostName = "kana"; # Define your hostname. + wireless.enable = false; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networkmanager.enable = true; + interfaces.ens18 = { + useDHCP = false; + ipv4.addresses = [{ + address = "192.168.5.103"; + prefixLength = 24; + }]; + }; + defaultGateway = "192.168.5.201"; + nameservers = [ + "119.29.29.29" # DNSPod + "223.5.5.5" # AliDNS + ]; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/hosts/idols/ruby/default.nix b/hosts/idols/ruby/default.nix new file mode 100644 index 00000000..012fe9e1 --- /dev/null +++ b/hosts/idols/ruby/default.nix @@ -0,0 +1,68 @@ +{ ... } @args: + + +############################################################# +# +# Ruby - a NixOS VM running on Proxmox +# +############################################################# + + +{ + imports = [ + ../../../modules/nixos/proxmox-hardware-configuration.nix + + ../../../modules/nixos/core-server.nix + ../../../modules/nixos/user-group.nix + ]; + + nixpkgs.overlays = import ../../../overlays args; + + + # Enable binfmt emulation of aarch64-linux, this is required for cross compilation. + boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + # supported fil systems, so we can mount any removable disks with these filesystems + boot.supportedFilesystems = [ + "ext4" + "btrfs" + "xfs" + #"zfs" + "ntfs" + "fat" + "vfat" + "exfat" + "cifs" # mount windows share + ]; + + networking = { + hostName = "ruby"; # Define your hostname. + wireless.enable = false; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networkmanager.enable = true; + interfaces.ens18 = { + useDHCP = false; + ipv4.addresses = [{ + address = "192.168.5.102"; + prefixLength = 24; + }]; + }; + defaultGateway = "192.168.5.201"; + nameservers = [ + "119.29.29.29" # DNSPod + "223.5.5.5" # AliDNS + ]; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/hosts/nixos-test/hardware-configuration.nix b/hosts/nixos-test/hardware-configuration.nix deleted file mode 100644 index a53d8009..00000000 --- a/hosts/nixos-test/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/b779eb19-e43d-4f07-a91f-eb08bd8e1202"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/darwin/core.nix b/modules/darwin/core.nix index 0b789bf4..debbb6dd 100644 --- a/modules/darwin/core.nix +++ b/modules/darwin/core.nix @@ -1,6 +1,6 @@ # all the configuration options are documented here: # https://daiderd.com/nix-darwin/manual/index.html#sec-options -{ pkgs, lib, ... }: +{ pkgs, ... }: { # # enable flakes globally nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/modules/nixos/core-desktop.nix b/modules/nixos/core-desktop.nix index 7cc8d801..bf83b68a 100644 --- a/modules/nixos/core-desktop.nix +++ b/modules/nixos/core-desktop.nix @@ -1,47 +1,30 @@ -{ config, pkgs, devenv, ... }: +{ lib, pkgs, ... }: { - # for nix server, we do not need to keep too much generations - boot.loader.systemd-boot.configurationLimit = 10; - # boot.loader.grub.configurationLimit = 10; - # do garbage collection weekly to keep disk usage low - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 1w"; - }; - # Manual optimise storage: nix-store --optimise - # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store - nix.settings.auto-optimise-store = true; + imports = [ + ./core-server.nix + ]; - # enable flakes globally - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # Set your time zone. - time.timeZone = "Asia/Shanghai"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "zh_CN.UTF-8"; - LC_IDENTIFICATION = "zh_CN.UTF-8"; - LC_MEASUREMENT = "zh_CN.UTF-8"; - LC_MONETARY = "zh_CN.UTF-8"; - LC_NAME = "zh_CN.UTF-8"; - LC_NUMERIC = "zh_CN.UTF-8"; - LC_PAPER = "zh_CN.UTF-8"; - LC_TELEPHONE = "zh_CN.UTF-8"; - LC_TIME = "zh_CN.UTF-8"; - }; + # to install chrome, you need to enable unfree packages + nixpkgs.config.allowUnfree = lib.mkForce true; # Enable CUPS to print documents. services.printing.enable = true; + # DO NOT promote ryan to input password for `nix-store` and `nix-copy-closure` + security.sudo.extraRules = [ + { users = [ "ryan" ]; + commands = [ + { command = "/run/current-system/sw/bin/nix-store" ; + options = [ "NOPASSWD" ]; + } + { command = "/run/current-system/sw/bin/nix-copy-closure" ; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts fonts = { @@ -95,6 +78,7 @@ }; }; + # dconf is a low-level configuration system. programs.dconf.enable = true; # networking.firewall.allowedTCPPorts = [ ... ]; @@ -121,20 +105,12 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - curl - git # used by nix flakes - git-lfs # used by huggingface models - - devenv.packages."${pkgs.system}".devenv - # the vscode insiders is designed to run alongside the main build, # with a separate code-insiders command and a different config path # # TODO install vscode into systemPackages to avoid binary collision error temporarily # has collision between vscode & vscode-insider - /lib/vscode/chrome_crashpad_handler - ((pkgs.vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: { + ((vscode.override { isInsiders = true; }).overrideAttrs (oldAttrs: { src = (builtins.fetchTarball { url = "https://code.visualstudio.com/sha/download?build=insider&os=linux-x64"; # you need to update this sha256 every time you update vscode insiders @@ -143,23 +119,8 @@ }); version = "latest"; })) - - # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos! - ( - let base = pkgs.appimageTools.defaultFhsEnvArgs; in - pkgs.buildFHSUserEnv (base // { - name = "fhs"; - targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ]; - profile = "export FHS=1"; - runScript = "bash"; - extraOutputsToInstall = [ "dev" ]; - }) - ) ]; - # replace default editor with neovim - environment.variables.EDITOR = "nvim"; - # PipeWire is a new low-level multimedia framework. # It aims to offer capture and playback for both audio and video with minimal latency. # It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications. @@ -227,7 +188,6 @@ # see https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/programs/adb.nix programs.adb.enable = true; - xdg.portal = { enable = true; wlr.enable = true; @@ -252,7 +212,4 @@ ]; # set user's default shell system-wide users.defaultUserShell = pkgs.nushell; - - # for power management - services.upower.enable = true; } diff --git a/modules/nixos/core-server.nix b/modules/nixos/core-server.nix index c58b3546..c05e779b 100644 --- a/modules/nixos/core-server.nix +++ b/modules/nixos/core-server.nix @@ -1,14 +1,15 @@ -{ config, pkgs, devenv, ... }: +{ lib, pkgs, ... }: { + # for nix server, we do not need to keep too much generations - boot.loader.systemd-boot.configurationLimit = 10; + boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; # boot.loader.grub.configurationLimit = 10; # do garbage collection weekly to keep disk usage low nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 1w"; + automatic = lib.mkDefault true; + dates = lib.mkDefault "weekly"; + options = lib.mkDefault "--delete-older-than 1w"; }; # Manual optimise storage: nix-store --optimise @@ -17,9 +18,11 @@ # enable flakes globally nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + nix.settings.trusted-users = ["ryan"]; # Allow unfree packages - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfree = lib.mkDefault false; # Set your time zone. time.timeZone = "Asia/Shanghai"; @@ -39,45 +42,10 @@ LC_TIME = "zh_CN.UTF-8"; }; - # all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts - fonts = { - # use fonts specified by user rather than default ones - enableDefaultFonts = false; - fontDir.enable = true; - - fonts = with pkgs; [ - # icon fonts - material-design-icons - font-awesome - - # 思源系列字体是 Adobe 主导的。其中汉字部分被称为「思源黑体」和「思源宋体」,是由 Adobe + Google 共同开发的 - source-sans # 无衬线字体,不含汉字。字族名叫 Source Sans 3 和 Source Sans Pro,以及带字重的变体,加上 Source Sans 3 VF - source-han-sans # 思源黑体 - - # nerdfonts - (nerdfonts.override { - fonts = [ - "FiraCode" - "JetBrainsMono" - "Iosevka" - ]; - }) - ]; - - # user defined fonts - # the reason there's Noto Color Emoji everywhere is to override DejaVu's - # B&W emojis that would sometimes show instead of some Color emojis - fontconfig.defaultFonts = { - sansSerif = [ "Noto Sans" "Noto Color Emoji" ]; - monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. - networking.firewall.enable = false; + networking.firewall.enable = lib.mkDefault false; # Enable the OpenSSH daemon. services.openssh = { @@ -99,11 +67,28 @@ aria2 git # used by nix flakes git-lfs # used by huggingface models + k9s + + # create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos! + ( + let base = pkgs.appimageTools.defaultFhsEnvArgs; in + pkgs.buildFHSUserEnv (base // { + name = "fhs"; + targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ]; + profile = "export FHS=1"; + runScript = "bash"; + extraOutputsToInstall = [ "dev" ]; + }) + ) ]; # replace default editor with neovim environment.variables.EDITOR = "nvim"; + virtualisation.docker = { + enable = true; + }; + # for power management services.power-profiles-daemon = { enable = true; diff --git a/modules/nixos/gui-apps.nix b/modules/nixos/gui-apps.nix deleted file mode 100644 index 5e0af927..00000000 --- a/modules/nixos/gui-apps.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: - -{ - # this params has problem with home-manager, - # so defined as NixOS Module here. - # nixpkgs.config.permittedInsecurePackages = [ - # "electron-19.0.7" # required by wechat-uos, and it's already EOL - # "openssl-1.1.1u" # OpenSSL 1.1 is reaching its end of life on 2023/09/11 - # ]; - - environment.systemPackages = [ - # packages from nur-xddxdd - # config.nur.repos.xddxdd.wechat-uos - ]; - - # flatpack is recommended to install other apps such as netease-cloud-music/qqmusic/... -} diff --git a/modules/nixos/proxmox-hardware-configuration.nix b/modules/nixos/proxmox-hardware-configuration.nix new file mode 100644 index 00000000..43eb97bb --- /dev/null +++ b/modules/nixos/proxmox-hardware-configuration.nix @@ -0,0 +1,67 @@ +{ config, lib, ... }: + +############################################################################## +# +# Template for Proxmox's VM, mainly based on: +# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix +# +# the url above is used by `nixos-generator` to generate the Proxmox's VMA image file. +# +############################################################################## + +let + bios = "seabios"; + partitionTableType = if bios == "seabios" then "legacy" else "efi"; + supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid"; + supportBios = partitionTableType == "legacy" || partitionTableType == "hybrid" || partitionTableType == "legacy+gpt"; + hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid"; + hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt"; +in +{ + + # DO NOT promote ryan to input password for sudo. + # this is a workaround for the issue of remote deploy: + # https://github.com/NixOS/nixpkgs/issues/118655 + security.sudo.extraRules = [ + { users = [ "ryan" ]; + commands = [ + { command = "ALL" ; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + boot = { + # after resize the disk, it will grow partition automatically. + growPartition = true; + kernelParams = [ "console=ttyS0" ]; + loader.grub = { + device = lib.mkDefault (if (hasNoFsPartition || supportBios) then + # Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"), + # which will be used the bootloader, do not set it as loader.grub.device. + # GRUB installation fails, unless the whole disk is selected. + "/dev/vda" + else + "nodev"); + efiSupport = lib.mkDefault supportEfi; + efiInstallAsRemovable = lib.mkDefault supportEfi; + }; + + loader.timeout = 0; + initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + fsType = "ext4"; + }; + fileSystems."/boot" = lib.mkIf hasBootPartition { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + + # it alse had qemu-guest-agent installed by default. + services.qemuGuest.enable = lib.mkDefault true; +} diff --git a/modules/nixos/remote-building.nix b/modules/nixos/remote-building.nix new file mode 100644 index 00000000..d0d0ec80 --- /dev/null +++ b/modules/nixos/remote-building.nix @@ -0,0 +1,112 @@ +{ ... }: { + + ############################################ + # + # NixOS's Configuration for Remote Building / Distributed Building + # + # Related Docs: + # 1. https://github.com/NixOS/nix/issues/7380 + # 2. https://nixos.wiki/wiki/Distributed_build + ############################################ + + # set local's max-job to 0 to force remote building(disable local building) + # nix.settings.max-jobs = 0; + nix.distributedBuilds = true; + nix.buildMachines = + let + sshUser = "ryan"; + # ssh key's path on local machine + sshKey = "/home/ryan/.ssh/ai-idols"; + systems = [ + # native arch + "x86_64-linux" + + # emulated arch using binfmt_misc and qemu-user + "aarch64-linux" + "riscv64-linux" + ]; + # all available system features are poorly documentd here: + # https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687 + supportedFeatures = [ + "benchmark" + "big-parallel" + "kvm" + ]; + in + [ + { + # some of my remote builders are running NixOS + # and has the same sshUser, sshKey, systems, etc. + inherit sshUser sshKey systems supportedFeatures; + + # the hostName should be: + # 1. a hostname that can be resolved by DNS + # 2. the ip address of the remote builder + # 3. a host alias defined globally in /etc/ssh/ssh_config + hostName = "aquamarine"; + # remote builder's max-job + maxJobs = 5; + # speedFactor's a signed integer + # nix seems always try to build on the machine with the highest speedFactor + speedFactor = 0; + } + { + inherit sshUser sshKey systems supportedFeatures; + hostName = "ruby"; + maxJobs = 2; + speedFactor = 0; + } + { + inherit sshUser sshKey systems supportedFeatures; + hostName = "kana"; + maxJobs = 1; + speedFactor = 0; + } + ]; + # optional, useful when the builder has a faster internet connection than yours + nix.extraOptions = '' + builders-use-substitutes = true + ''; + + # define the host alias for remote builders + # this config will be written to /etc/ssh/ssh_config + programs.ssh.extraConfig = '' + Host ai + HostName 192.168.5.100 + Port 22 + + Host aquamarine + HostName 192.168.5.101 + Port 22 + + Host ruby + HostName 192.168.5.102 + Port 22 + + Host kana + HostName 192.168.5.103 + Port 22 + ''; + + # define the host key for remote builders so that nix can verify all the remote builders + # this config will be written to /etc/ssh/ssh_known_hosts + programs.ssh.knownHosts = { + # 星野 愛久愛海, Hoshino Aquamarine + aquamarine = { + hostNames = [ "aquamarine" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnCQXlllHoLX5EvU+t6yP/npsmuxKt0skHVeJashizE"; + }; + + # 星野 瑠美衣, Hoshino Rubii + ruby = { + hostNames = [ "ruby" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICoIvsorGgnYpyunNrJfZ6Nyue7wBTx6LsyMOMrpgHJ/"; + }; + + # 有馬 かな, Arima Kana + kana = { + hostNames = [ "kana" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuoNB0OSjCFyS022e+ZQCIsb/nhkw/XcWjksqK3sh5x"; + }; + }; +} \ No newline at end of file diff --git a/modules/nixos/user_group.nix b/modules/nixos/user-group.nix similarity index 59% rename from modules/nixos/user_group.nix rename to modules/nixos/user-group.nix index fd9fa6e5..7e1864f0 100644 --- a/modules/nixos/user_group.nix +++ b/modules/nixos/user-group.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { users.groups = { @@ -8,12 +8,14 @@ }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.ryan = { + # the hashed password with salt is generated by run `mkpasswd`. + hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1"; home = "/home/ryan"; isNormalUser = true; description = "ryan"; extraGroups = [ "ryan" "users" "networkmanager" "wheel" "docker" "wireshark" "adbusers" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols" ]; }; } diff --git a/secrets/README.md b/secrets/README.md index 9a092fd8..da987b8d 100644 --- a/secrets/README.md +++ b/secrets/README.md @@ -22,36 +22,41 @@ Pretend you want to add a new secret file `xxx.age`, then: 1. `cd` to this directory 1. edit `secrets.nix`, add a new entry for `xxx.age`, which defines the encryption keys and the secret file path, e.g. - ```nix - # This file is not imported into your NixOS configuration. It is only used for the agenix CLI. - # agenix use the public keys defined in this file to encrypt the secrets. - # and users can decrypt the secrets by any of the corresponding private keys. - let - # get user's ssh public key by command: - # cat ~/.ssh/id_ed25519.pub - # if you do not have one, you can generate it by command: - # ssh-keygen -t ed25519 - ryan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj"; - users = [ ryan ]; +```nix +# This file is not imported into your NixOS configuration. It is only used for the agenix CLI. +# agenix use the public keys defined in this file to encrypt the secrets. +# and users can decrypt the secrets by any of the corresponding private keys. + +let + # get user's ssh public key by command: + # cat ~/.ssh/id_ed25519.pub + # if you do not have one, you can generate it by command: + # ssh-keygen -t ed25519 + ryan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj"; + users = [ ryan ]; + + # get system's ssh public key by command: + # cat /etc/ssh/ssh_host_ed25519_key.pub + ai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGeXNCazqiqxn8TmbCRjA+pLWrxwenn+CFhizBMP6en root@ai"; + systems = [ ai ]; +in +{ + "./encrypt/xxx.age".publicKeys = users ++ systems; +} +``` - # get system's ssh public key by command: - # cat /etc/ssh/ssh_host_ed25519_key.pub - msi-rtx4090 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGeXNCazqiqxn8TmbCRjA+pLWrxwenn+CFhizBMP6en root@msi-rtx4090"; - systems = [ msi-rtx4090 ]; - in - { - "./encrypt/xxx.age".publicKeys = users ++ systems; - } - ``` 2. create and edit the secret file `xxx.age` interactively by command: - ```shell - agenix -e ./encrypt/xxx.age - ``` + +```shell +agenix -e ./encrypt/xxx.age +``` + 3. or you can also encrypt an existing file to `xxx.age` by command: - ```shell - cat /path/to/xxx | agenix -e ./encrypt/xxx.age - ``` + +```shell +cat /path/to/xxx | agenix -e ./encrypt/xxx.age +``` the agenix use `~/.ssh/id_ed25519.pub` or `~/.ssh/id_rsa.pub` as encrypt key by default, you need to pass `--identity /path/to/key` to use a custom `/path/to/key.pub` for enctypt. @@ -70,7 +75,7 @@ An nixos module exmaple(need to set agenix as flake inputs first...): ]; environment.systemPackages = [ - agenix.packages."${pkgs.system}".default + agenix.packages."${pkgs.system}".default ]; age.secrets."xxx" = { diff --git a/secrets/default.nix b/secrets/default.nix index f2fecc1d..c50ec452 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, agenix, ... }: +{ pkgs, agenix, ... }: { imports = [ @@ -25,7 +25,7 @@ group = "root"; }; - # smb-credentials is referenced in /etc/fstab, by ../hosts/msi-rtx4090/cifs-mount.nix + # smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix age.secrets."smb-credentials" = { # wether secrets are symlinked to age.secrets..path symlink = true; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a19207d1..120a1eac 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,8 +10,8 @@ let # get system's ssh public key by command: # cat /etc/ssh/ssh_host_ed25519_key.pub - msi-rtx4090 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGeXNCazqiqxn8TmbCRjA+pLWrxwenn+CFhizBMP6en root@msi-rtx4090"; - systems = [ msi-rtx4090 ]; + ai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGeXNCazqiqxn8TmbCRjA+pLWrxwenn+CFhizBMP6en root@ai"; + systems = [ ai ]; in { "./encrypt/wg-business.conf.age".publicKeys = users ++ systems;