From 515b3a3b555171d7d602b25d33b94d8645160829 Mon Sep 17 00:00:00 2001 From: sh-koh <70974710+sh-koh@users.noreply.github.com> Date: Sun, 22 Sep 2024 01:12:38 +0200 Subject: [PATCH] =?UTF-8?q?=E3=80=8C=F0=9F=8E=89=E3=80=8D=20init(quantum-m?= =?UTF-8?q?oon):=20new=20host=20(minecraft=20server)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.lock | 14 ++++----- hosts/default.nix | 10 ++++++ hosts/quantum-moon/cfg.nix | 13 ++++++++ hosts/quantum-moon/default.nix | 21 +++++++++++++ hosts/quantum-moon/home.nix | 5 +++ hosts/quantum-moon/hw.nix | 38 +++++++++++++++++++++++ lib/default.nix | 4 +++ modules/home-manager/common/default.nix | 13 ++++++-- modules/nixos/common/tweaks.nix | 26 +++++----------- modules/nixos/default.nix | 1 + modules/nixos/notre-minecraft/default.nix | 32 +++++++++++++++++++ modules/nixos/secrets/default.nix | 6 +--- users/shakoh/default.nix | 1 + users/shakoh/quantum-moon.nix | 3 ++ 14 files changed, 154 insertions(+), 33 deletions(-) create mode 100644 hosts/quantum-moon/cfg.nix create mode 100644 hosts/quantum-moon/default.nix create mode 100644 hosts/quantum-moon/home.nix create mode 100644 hosts/quantum-moon/hw.nix create mode 100644 modules/nixos/notre-minecraft/default.nix create mode 100644 users/shakoh/quantum-moon.nix diff --git a/flake.lock b/flake.lock index b4fb94b..5fb3e3b 100644 --- a/flake.lock +++ b/flake.lock @@ -502,10 +502,10 @@ "mysecrets": { "flake": false, "locked": { - "lastModified": 1718470096, - "narHash": "sha256-HDnR1LzFtfZ04GJmau/zjDmlwNqdthB7ucuKML1Xyg4=", + "lastModified": 1727028246, + "narHash": "sha256-kWKyeccJWC1KrCKaRwCK1ZAU1dtCB/QZrkOfWD/JuJQ=", "ref": "main", - "rev": "c5317d8e5471678e237ca637b0588fac3bdc58b3", + "rev": "5d515f5d6b7cdadc3aca19483d6ab5dfd4b2ff8f", "shallow": true, "type": "git", "url": "ssh://git@github.com/sh-koh/nix-secrets.git" @@ -556,7 +556,7 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, + "lastModified": 1727021412, "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" @@ -644,11 +644,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1725794804, - "narHash": "sha256-QJvZDYfbcOM1Pt6YUPl+Xmw+JDJQtokdYj4P7sXuF7U=", + "lastModified": 1726755133, + "narHash": "sha256-03XIEjHeZEjHXctsXYUB+ZLQmM0WuhR6qWQjwekFk/M=", "owner": "yaxitech", "repo": "ragenix", - "rev": "7f6c227f86c5b4e6e7f6d2d62c614acd28d25627", + "rev": "687ee92114bce9c4724376cf6b21235abe880bfa", "type": "github" }, "original": { diff --git a/hosts/default.nix b/hosts/default.nix index 22df653..11a372c 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -23,6 +23,16 @@ in ./atrebois ./rocaille ./cravite + #./timber-hearth #atrebois + #./attlerock #rocaille + #./brittle-hollow #cravite + #./hollows-lantern #lanterne + #./giants-deep #leviathe + #./ash-twin #sablière rouge + #./ember-twin #sablière noire + #./dark-bramble #sombronce + ./quantum-moon #lune quantique + #./interloper #l'intrus ]; _module.args = { diff --git a/hosts/quantum-moon/cfg.nix b/hosts/quantum-moon/cfg.nix new file mode 100644 index 0000000..8c689eb --- /dev/null +++ b/hosts/quantum-moon/cfg.nix @@ -0,0 +1,13 @@ +{ lib, pkgs, inputs, ... }: +let + inherit (inputs.self.lib.sshKeys.shakoh.toQuantumMoon) atrebois rocaille; +in +{ + boot.kernelPackages = lib.mkDefault pkgs.linuxKernel.packages.linux_hardened; + networking = { + hostName = "quantum-moon"; + useDHCP = lib.mkDefault true; + firewall.enable = false; # Use Hetzner's firewall + }; + users.users.shakoh.openssh.authorizedKeys.keys = [ atrebois rocaille ]; +} diff --git a/hosts/quantum-moon/default.nix b/hosts/quantum-moon/default.nix new file mode 100644 index 0000000..1736680 --- /dev/null +++ b/hosts/quantum-moon/default.nix @@ -0,0 +1,21 @@ +{ + config, + mkNixos, + withSystem, + ... +}: +let + inherit (config.flake) nixosModules; +in +{ + flake.nixosConfigurations.quantum-moon = withSystem "aarch64-linux" ({ ... }: + mkNixos "aarch64-linux" [ + ./cfg.nix + ./hw.nix + + nixosModules.docker + nixosModules.nix + nixosModules.notre-minecraft + ] + ); +} diff --git a/hosts/quantum-moon/home.nix b/hosts/quantum-moon/home.nix new file mode 100644 index 0000000..b34724b --- /dev/null +++ b/hosts/quantum-moon/home.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + ]; +} diff --git a/hosts/quantum-moon/hw.nix b/hosts/quantum-moon/hw.nix new file mode 100644 index 0000000..22653da --- /dev/null +++ b/hosts/quantum-moon/hw.nix @@ -0,0 +1,38 @@ +{ + lib, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + kernelModules = [ ]; + extraModulePackages = [ ]; + initrd = { + availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ]; + kernelModules = [ ]; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/41f54c37-06ee-40c7-a5e0-71df1d03c9b9"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/7548-C81D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + nixpkgs = { + hostPlatform = lib.mkDefault "aarch64-linux"; + config.allowUnfree = true; + }; + system.stateVersion = "24.05"; +} diff --git a/lib/default.nix b/lib/default.nix index 7294501..c2b1382 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -13,6 +13,10 @@ atrebois = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgByiZNkEDYHzVbOlaKJSweJ2uPjuRacQDfTXO5Dwcaq0rRQXjzkarC3YpBo8mqeam09CnSQBM5XFXlt4GFr8fScw0MSfcPEvj16ybgI/b2opg8a3OPGQ29rz9setUBmKYPRD94K7khwqu/tp39+2tvEI8J4HeBGXV1tmyCjrdFWXfbPdJwmi32cAlwAEcUDHrlXUXU4Kk0kbnN13VUx+rL6o/+MCeAb2NDJuo8mfMzWM2Z/DiKvz4qFnUDW43gDC4YqNMIAFuaFcCudvpJwYlTkHz46V6ErQ16ZB7S++qgL+0wn/pER7vvmtH7E4sPjN1gZsKskZoOy3WdcXXGXxpu46AmbLBvGnnp6V3x/n5/OZAtP0AgD4yM6gZnNF5G5kUoEu0b1txqYUhLBLvoLyOZtVjMUE5kq3o2rlnLYSapKO36Zfexm8q1IYs6APC5bTlt8Eo7rSaFwA8LrMrQbdXFbIrvm67fVoPeQgdS2DJ4QVX98exf/kVeoZszMeg2/irpSodSvqcfdlnALtzvxIXZO9lYgfQOyZelmHuh5HzrzUWUlI2goMbyJ+JYf8BH+DVVSXS1UwQysBi5lRGETsX0q/8wsjDrkKsPERd9ue7E7fkdoUCMUbA29G0aswEuR4dh7C+qOktJ4z2mVr2ew8CEGesIARnW7RZvJNg53pX9Q== shakoh@atrebois"; rocaille = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcsKJPBMqyHS2TmYBFFyP+jGGFnOXnNY7/JWUwD1mWS3p6gMxtXTHZAAXLq/g2SG3gHUSpCWcytC9x5IFmYpf/9BCVZHwuUf8gSSQSAycTDoGWeY0AQ1KEOIUAQ1wWlG3iLFlaI48ugBR3m+gv2YlpY9FU47uj3bgIn6KF1fZCPFetQtIPE1TaKOYgd6M27deOo2pNxGQiGkvAkogfb7tqRjQQ5aWmtk4Uc32N8Frhce5QUWuI8AOqf4MfPXVOq6EyK0TLYPE+WEBSbf6kumme+BCwZ2SFN++yFJzVqGJQReRJJFXEf5vSRXN/60Rue0eF/GCbR838TiF+nDjge7W9jhABvUc0wNwlwHtSYoOVqxNuhwukaEcYhCnoiaerbwulPg4DJnD9eaBuH39b9+pEDp9b2AIB6jUaAU+zQ6GyGDVbJrcf+jVAMEn2ZqXRfLyRjNiof+0mivMgJ/vR1MxtcBD0NRV3n49CkvQNG4jrB6M738OzsudP0nkkwfyVHI4ZcAgwOqvY2KUEDnLyHvVOnr45zKvbbiKwfkAFRQevFgjClUJYJutfyo8bfZNxOyrVp0hCstgJ2lBqzAP2G65sO/VkLCqVLU/rV5ZoXt2sRCEnq5m2WtflL3nMcwDSUyl+HLqsd/T1AooOFJHLOd9bBaLOrsucogrj/Y+UkKIlYw== shakoh@rocaille"; # TODO }; + toQuantumMoon = { + atrebois = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcDQ3zh/EARJ4bojQxHHAOiLQmJcUU1j2/XSWE/B62E shakoh@atrebois"; + rocaille = ""; #TODO + }; }; }; }; diff --git a/modules/home-manager/common/default.nix b/modules/home-manager/common/default.nix index f473f3c..2fa91a9 100644 --- a/modules/home-manager/common/default.nix +++ b/modules/home-manager/common/default.nix @@ -7,26 +7,33 @@ compression = true; matchBlocks = { "atrebois" = { - hostname = "192.168.1.201"; host = "atrebois"; + hostname = "192.168.1.201"; port = 72; user = "shakoh"; identityFile = "~/.ssh/id_atrebois"; }; "rocaille" = { - hostname = "192.168.1.202"; host = "rocaille"; + hostname = "192.168.1.202"; port = 72; user = "shakoh"; identityFile = "~/.ssh/id_rocaille"; }; "cravite" = { - hostname = "192.168.1.253"; host = "cravite"; + hostname = "192.168.1.253"; port = 72; user = "shakoh"; identityFile = "~/.ssh/id_cravite"; }; + "notre-minecraft" = { + host = "notre-minecraft"; + hostname = "notre-minecraft.shakoh.fr"; + port = 72; + user = "shakoh"; + identityFile = "~/.ssh/id_quantum-moon"; + }; }; }; } diff --git a/modules/nixos/common/tweaks.nix b/modules/nixos/common/tweaks.nix index cff6b8d..b6189c7 100644 --- a/modules/nixos/common/tweaks.nix +++ b/modules/nixos/common/tweaks.nix @@ -5,23 +5,15 @@ }; boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_zen; - loader.efi.canTouchEfiVariables = true; - loader.systemd-boot = { - enable = true; - consoleMode = "max"; - }; - kernelParams = [ - "mitigations=off" - "spectre_v2=off" - ]; - kernelModules = [ - "acpi-cpufreq" - ]; - kernel.sysctl = { - "vm.max_map_count" = "16777216"; - }; + kernelParams = [ "mitigations=off" "spectre_v2=off" ]; tmp.useTmpfs = true; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + consoleMode = "keep"; + }; + }; }; zramSwap.enable = true; @@ -29,8 +21,6 @@ services = { dbus.enable = true; dbus.implementation = "broker"; - fstrim.enable = true; - upower.enable = true; }; powerManagement.cpuFreqGovernor = "ondemand"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 47ee24e..0ebfd35 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -9,6 +9,7 @@ gaming = ./gaming; intel = ./intel; nix = ./nix; + notre-minecraft = ./notre-minecraft; nvidia = ./nvidia; printing = ./printing; secrets = ./secrets; diff --git a/modules/nixos/notre-minecraft/default.nix b/modules/nixos/notre-minecraft/default.nix new file mode 100644 index 0000000..dde98cf --- /dev/null +++ b/modules/nixos/notre-minecraft/default.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +{ + virtualisation.oci-containers = { + backend = "docker"; + containers = { + notre-minecraft = { + autoStart = true; + extraOptions = [ "--network=host" ]; + environment = { + MEMORYSIZE = "12G"; + #JAVAFLAGS = ""; + #PAPERMC_FLAGS = ""; + }; + image = "ghcr.io/mtoensing/docker-minecraft-papermc-server"; + imageFile = pkgs.dockerTools.pullImage { + imageName = "ghcr.io/mtoensing/docker-minecraft-papermc-server"; + imageDigest = "sha256:6b4c8c6a29f92fdbb66499bc52f40f77118a4c6651d16c0adcbdcfa595c07129"; + sha256 = "1wn9aa5hxqclzxa2bvxq5afc16jdxladnlff6l0p0ssd1n53jshp"; + finalImageName = "ghcr.io/mtoensing/docker-minecraft-papermc-server"; + finalImageTag = "latest"; + os = "linux"; + arch = "arm64"; + }; + volumes = [ "/var/notre-minecraft:/data:rw" ]; + ports = [ + "25565:25565/tcp" + "25565:25565/udp" + ]; + }; + }; + }; +} diff --git a/modules/nixos/secrets/default.nix b/modules/nixos/secrets/default.nix index 811cda2..1e06185 100644 --- a/modules/nixos/secrets/default.nix +++ b/modules/nixos/secrets/default.nix @@ -8,13 +8,9 @@ inputs.ragenix.nixosModules.default ]; - environment.systemPackages = [ - inputs'.ragenix.packages.default - ]; - age.identityPaths = [ "/etc/ssh/ssh_host_rsa_key" - "/home/shakoh/.ssh/id_secrets" + "/etc/ssh/ssh_host_ed25519_key" ]; age.secrets = with inputs; { diff --git a/users/shakoh/default.nix b/users/shakoh/default.nix index 09b395c..66d6a40 100644 --- a/users/shakoh/default.nix +++ b/users/shakoh/default.nix @@ -29,5 +29,6 @@ in "shakoh@atrebois" = mkHome "x86_64-linux" [ ./atrebois.nix ]; "shakoh@rocaille" = mkHome "x86_64-linux" [ ./rocaille.nix ]; "shakoh@cravite" = mkHome "aarch64-linux" [ ./cravite.nix ]; + "shakoh@quantum-moon" = mkHome "aarch64-linux" [ ./quantum-moon.nix ]; }; } diff --git a/users/shakoh/quantum-moon.nix b/users/shakoh/quantum-moon.nix new file mode 100644 index 0000000..52c14b8 --- /dev/null +++ b/users/shakoh/quantum-moon.nix @@ -0,0 +1,3 @@ +{ ... }: +{ +}