mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/rigel/configuration.nix
2026-03-24 17:40:36 +07:00
parent 9c538ecfb5
commit 8eb29d7dc3
3 changed files with 142 additions and 41 deletions
--- a/machines/hadar/configuration.nix
+++ b/machines/hadar/configuration.nix
@@ -0,0 +1,59 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    inputs.self.nixosModules.inventree
+  ];
+
+  nixpkgs.overlays = [
+    inputs.self.overlays.default
+  ];
+
+  clan.core.vars.generators.inventree = {
+    files = {
+      secret-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+      oidc-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+      admin-password = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+    };
+    runtimeInputs = [
+      pkgs.pwgen
+      pkgs.xkcdpass
+    ];
+    script = ''
+      pwgen -s 32 1 > $out/secret-key
+      pwgen -s 32 1 > $out/oidc-key
+      xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  services.inventree = {
+    enable = true;
+    hostName = "hadar.local";
+    config.site_url = "http://${config.services.inventree.hostName}";
+    secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
+    config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
+    config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
+  };
+
+  system.stateVersion = "25.11";
+  clan.core.sops.defaultGroups = [ "admins" ];
+  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
+}
--- a/machines/hadar/disko.nix
+++ b/machines/hadar/disko.nix
@@ -0,0 +1,83 @@
+let
+  hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
+  os = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
+in
+{
+
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+    };
+    efi = {
+      canTouchEfiVariables = true;
+    };
+  };
+
+  disko.devices = {
+    disk = {
+      "os-${hashDisk os}" = {
+        type = "disk";
+        device = os;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
+              };
+            };
+            system = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "lz4";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "root/nixos" = {
+            type = "zfs_fs";
+            options.mountpoint = "/";
+            mountpoint = "/";
+          };
+          "root/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "/home";
+            mountpoint = "/home";
+          };
+          "root/tmp" = {
+            type = "zfs_fs";
+            mountpoint = "/tmp";
+            options = {
+              mountpoint = "/tmp";
+              sync = "disabled";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/machines/rigel/configuration.nix
+++ b/machines/rigel/configuration.nix
@@ -1,7 +1,6 @@
 {
  inputs,
  config,
-  pkgs,
  ...
 }:
 {
@@ -13,54 +12,14 @@
        "2bd36db8cc" # kurogeek-thinkpad
      ];
    })
-
-    inputs.self.nixosModules.inventree
  ];

  nixpkgs.overlays = [
    inputs.self.overlays.default
  ];

-  clan.core.vars.generators.inventree = {
-    files = {
-      secret-key = {
-        owner = "inventree";
-        group = "inventree";
-        secret = true;
-      };
-      oidc-key = {
-        owner = "inventree";
-        group = "inventree";
-        secret = true;
-      };
-      admin-password = {
-        owner = "inventree";
-        group = "inventree";
-        secret = true;
-      };
-    };
-    runtimeInputs = [
-      pkgs.pwgen
-      pkgs.xkcdpass
-    ];
-    script = ''
-      pwgen -s 32 1 > $out/secret-key
-      pwgen -s 32 1 > $out/oidc-key
-      xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password
-    '';
-  };
-
  networking.firewall.allowedTCPPorts = [ 80 ];

-  services.inventree = {
-    enable = true;
-    hostName = "rigel.local";
-    config.site_url = "http://${config.services.inventree.hostName}";
-    secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
-    config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
-    config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
-  };
-
  system.stateVersion = "25.11";
  clan.core.sops.defaultGroups = [ "admins" ];
  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";