From 8eb29d7dc3b092a40b093e4a8d30e924c3c100c2 Mon Sep 17 00:00:00 2001 From: kurogeek Date: Tue, 24 Mar 2026 17:40:36 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/rigel/configuration.nix --- machines/hadar/configuration.nix | 59 +++++++++++++++++++++++ machines/hadar/disko.nix | 83 ++++++++++++++++++++++++++++++++ machines/rigel/configuration.nix | 41 ---------------- 3 files changed, 142 insertions(+), 41 deletions(-) create mode 100644 machines/hadar/configuration.nix create mode 100644 machines/hadar/disko.nix diff --git a/machines/hadar/configuration.nix b/machines/hadar/configuration.nix new file mode 100644 index 0000000..695d53c --- /dev/null +++ b/machines/hadar/configuration.nix @@ -0,0 +1,59 @@ +{ + inputs, + config, + pkgs, + ... +}: +{ + imports = [ + inputs.self.nixosModules.inventree + ]; + + nixpkgs.overlays = [ + inputs.self.overlays.default + ]; + + clan.core.vars.generators.inventree = { + files = { + secret-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + oidc-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + admin-password = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + }; + runtimeInputs = [ + pkgs.pwgen + pkgs.xkcdpass + ]; + script = '' + pwgen -s 32 1 > $out/secret-key + pwgen -s 32 1 > $out/oidc-key + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.inventree = { + enable = true; + hostName = "hadar.local"; + config.site_url = "http://${config.services.inventree.hostName}"; + secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; + config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; + config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path; + }; + + system.stateVersion = "25.11"; + clan.core.sops.defaultGroups = [ "admins" ]; + clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; +} diff --git a/machines/hadar/disko.nix b/machines/hadar/disko.nix new file mode 100644 index 0000000..6bbb54d --- /dev/null +++ b/machines/hadar/disko.nix @@ -0,0 +1,83 @@ +let + hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}"; + os = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; +in +{ + + boot.loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + }; + }; + + disko.devices = { + disk = { + "os-${hashDisk os}" = { + type = "disk"; + device = os; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "nofail" ]; + }; + }; + system = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + mountpoint = "none"; + compression = "lz4"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "true"; + }; + options.ashift = "12"; + datasets = { + "root" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "root/nixos" = { + type = "zfs_fs"; + options.mountpoint = "/"; + mountpoint = "/"; + }; + "root/home" = { + type = "zfs_fs"; + options.mountpoint = "/home"; + mountpoint = "/home"; + }; + "root/tmp" = { + type = "zfs_fs"; + mountpoint = "/tmp"; + options = { + mountpoint = "/tmp"; + sync = "disabled"; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix index 39e7419..a912206 100644 --- a/machines/rigel/configuration.nix +++ b/machines/rigel/configuration.nix @@ -1,7 +1,6 @@ { inputs, config, - pkgs, ... }: { @@ -13,54 +12,14 @@ "2bd36db8cc" # kurogeek-thinkpad ]; }) - - inputs.self.nixosModules.inventree ]; nixpkgs.overlays = [ inputs.self.overlays.default ]; - clan.core.vars.generators.inventree = { - files = { - secret-key = { - owner = "inventree"; - group = "inventree"; - secret = true; - }; - oidc-key = { - owner = "inventree"; - group = "inventree"; - secret = true; - }; - admin-password = { - owner = "inventree"; - group = "inventree"; - secret = true; - }; - }; - runtimeInputs = [ - pkgs.pwgen - pkgs.xkcdpass - ]; - script = '' - pwgen -s 32 1 > $out/secret-key - pwgen -s 32 1 > $out/oidc-key - xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password - ''; - }; - networking.firewall.allowedTCPPorts = [ 80 ]; - services.inventree = { - enable = true; - hostName = "rigel.local"; - config.site_url = "http://${config.services.inventree.hostName}"; - secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; - config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; - config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path; - }; - system.stateVersion = "25.11"; clan.core.sops.defaultGroups = [ "admins" ]; clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";