lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

rainbow: cleanup

Browse source
This commit is contained in:
lelgenio 2024-10-14 17:27:55 -03:00 committed by Leonardo Eugênio
parent c08d6295d7
commit 1e2d64a1c7
6 changed files with 1 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -152,19 +152,9 @@
./system/steam.nix ./system/steam.nix
] ++ common_modules; ] ++ common_modules;
}; };
rainbow = lib.nixosSystem {
inherit system specialArgs;
modules = [
./hosts/rainbow
./system/rainbow-gitlab-runner.nix
] ++ common_modules;
};
double-rainbow = lib.nixosSystem { double-rainbow = lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;
modules = [ modules = [ ./hosts/double-rainbow.nix ] ++ common_modules;
./hosts/double-rainbow.nix
./system/rainbow-gitlab-runner.nix
] ++ common_modules;
}; };
pixie = lib.nixosSystem { pixie = lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;

85
hosts/rainbow/default.nix
View file

@ -1,85 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
btrfs_options = [
"compress=zstd:3"
"noatime"
"x-systemd.device-timeout=0"
];
btrfs_ssd = [
"ssd"
"discard=async"
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ "i915" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/BTRFS_ROOT";
fsType = "btrfs";
options = [ "subvol=@nixos" ] ++ btrfs_options ++ btrfs_ssd;
};
boot.initrd.luks.devices = {
"main" = {
bypassWorkqueues = true;
device = "/dev/disk/by-label/CRYPT_ROOT";
};
};
fileSystems."/home" = {
device = "/dev/disk/by-label/BTRFS_ROOT";
fsType = "btrfs";
options = [ "subvol=@home" ] ++ btrfs_options ++ btrfs_ssd;
};
boot.loader.efi.efiSysMountPoint = "/boot/efi";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/DC3B-5753";
fsType = "vfat";
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/BTRFS_ROOT";
fsType = "btrfs";
options = [ "subvol=@swap" ] ++ btrfs_ssd;
};
swapDevices = [
{
device = "/swap/swapfile";
size = (1024 * 8);
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking.hostName = "rainbow"; # Define your hostname.
}

13
secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age
View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-rsa BwwxHg
KCVF4Sy49stOeQs2uunYKkvadqeimmWlJ4ucEJxfXy2z+OkkZpixUnWgJEH2nCa4
NL/F0Wezbqvh+Texl4FlHN8PT2w/d5gdg/L+fI4jBYCvbbiHA4sdUgmXWigY8zrU
5H7Y9mgb1Y174fA6zfTCk2fHmk+KARoV27YrS2fzGoVQiPhnvv8ZT51eF1E+Zs4I
+YtXehxEOqYljJKYJJnF9ElzfNa8nypACGtcjTE8eEq0DlZu2U7qV+QWwQudHbcs
MbFR2VtkHWQaNdK1vVBGND1CMlfshSCqbUzGcexownMiCVSal1RKA2uAWnYdOEc/
QSR8cKn8QQ5dyPFCqZ8RnlCMUegCVLg5cC0/rlTUD0C/Ti2SRBYTH3HvJjmSNk8k
3LdcNwK4YtG4d1gkqLVjwCM1Yg8I/UICb5nQYclvBz5VQ2drvL/gU/+Vc7Z5KUFI
0G/7uNmeJ16Eky+X9c73ZZxVqm0TzDENE2GzkPhBHEfXBR+4j6m8KKEWxQmA2ZSg
--- Oq9wU0h90iU/8g1XTNI+LuAg7t09hngj9DCK91V1+pg
χvõP·Êì}ÓN,×ÿWl ?y0)eVw‰©Aði±ýê•Å<E280A2>Sm¥œ¼¸à‡ì>‰ð°ÑD“ÂQž¦C-ùëB†Ôáôôø0ŽúVµ|÷=ŽXÊ6©ë ¢œW<E280B9>>ãÒì~·-qIÞ%

3
secrets/secrets.nix
View file

@ -2,9 +2,6 @@ let
main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"; main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
in in
{ {
"rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
main_ssh_public_key
];
"monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
main_ssh_public_key main_ssh_public_key
]; ];

22
system/rainbow-gitlab-runner.nix
View file

@ -1,22 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
settings.concurrent = 1;
services = {
thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
}

1
system/secrets.nix
View file

@ -6,7 +6,6 @@
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age; secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age; secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age; secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age; secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
}; };