added a nixos configuration to build and deploy the gateway
This commit is contained in:
parent
a52bc6326a
commit
2ce1df7f50
9
.envrc
9
.envrc
|
@ -2,8 +2,13 @@
|
|||
|
||||
use flake
|
||||
|
||||
use_flake() {
|
||||
watch_file flake.nix
|
||||
watch_file flake.lock
|
||||
watch_file nix/shell.nix
|
||||
eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile")"
|
||||
}
|
||||
|
||||
layout python3
|
||||
|
||||
watch_file ./nix/shell.nix
|
||||
|
||||
eval "$shellHook"
|
||||
|
|
352
flake.lock
352
flake.lock
|
@ -1,13 +1,86 @@
|
|||
{
|
||||
"nodes": {
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674127017,
|
||||
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -17,6 +90,232 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1676283394,
|
||||
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"pre-commit-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1676367705,
|
||||
"narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1675359654,
|
||||
"narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1636849918,
|
||||
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1676297861,
|
||||
"narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "1e0a05219f2a557d4622bc38f542abb360518795",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1676699914,
|
||||
"narHash": "sha256-cM2Hd+odgCYWSUiYPZGW/4B+OI64S0lrdf9YR9ts9I4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "9bbcc37b011b0d925f3115888ea77f58487619b8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1676549890,
|
||||
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1673800717,
|
||||
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1676569297,
|
||||
"narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1676513100,
|
||||
"narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"impermanence": "impermanence",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1676283394,
|
||||
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
|
@ -30,53 +329,6 @@
|
|||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1667991831,
|
||||
"narHash": "sha256-DHgEsLZI044B9T4AjA3K6+yB9/DqLr4dyA7OIx0FG7o=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "872fceeed60ae6b7766cc0a4cd5bf5901b9098ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1667992213,
|
||||
"narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
85
flake.nix
85
flake.nix
|
@ -1,34 +1,107 @@
|
|||
{
|
||||
description = "IoT Platform";
|
||||
description = "FabNet IoT Platform";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
flake-compat = {
|
||||
url = "github:edolstra/flake-compat";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
darwin = {
|
||||
url = "github:lnl7/nix-darwin/master";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
pre-commit-hooks = {
|
||||
url = "github:cachix/pre-commit-hooks.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self,
|
||||
darwin,
|
||||
nixpkgs,
|
||||
deploy-rs,
|
||||
flake-utils,
|
||||
nixos-hardware,
|
||||
nixos-generators,
|
||||
...
|
||||
} @ inputs:
|
||||
flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (system: {
|
||||
devShells.default = import ./nix/shell.nix inputs system;
|
||||
checks = import ./nix/checks.nix inputs system;
|
||||
flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (localSystem: {
|
||||
checks = import ./nix/checks.nix inputs localSystem;
|
||||
|
||||
devShells.default = import ./nix/shell.nix inputs localSystem;
|
||||
|
||||
packages = {
|
||||
default = self.packages.x86_64-linux.gateway-vm;
|
||||
|
||||
gateway-vm = nixos-generators.nixosGenerate {
|
||||
pkgs = import nixpkgs {inherit localSystem;};
|
||||
system = "x86_64-linux";
|
||||
format = "vm";
|
||||
modules = [
|
||||
./software/gateway
|
||||
];
|
||||
};
|
||||
|
||||
gateway-raspi = nixos-generators.nixosGenerate {
|
||||
pkgs = import nixpkgs {inherit localSystem;};
|
||||
system = "aarch64-linux";
|
||||
format = "sd-aarch64";
|
||||
modules = [
|
||||
./software/gateway
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixosConfigurations.gateway = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
./software/gateway
|
||||
];
|
||||
};
|
||||
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
inherit localSystem;
|
||||
config.allowUnfree = true;
|
||||
config.allowAliases = true;
|
||||
config.allowUnsupportedSystem = true;
|
||||
};
|
||||
|
||||
deploy.nodes.gateway = {
|
||||
hostname = "fabnet";
|
||||
fastConnection = true;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "fabnet";
|
||||
path =
|
||||
deploy-rs.lib.aarch64-linux.activate.nixos
|
||||
self.nixosConfigurations.gateway;
|
||||
user = "root";
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
}
|
||||
|
|
|
@ -10,31 +10,6 @@ with self.pkgs.${system}; {
|
|||
src = lib.cleanSource ../.;
|
||||
hooks = {
|
||||
alejandra.enable = true;
|
||||
nix-linter.enable = true;
|
||||
};
|
||||
settings = {
|
||||
nix-linter.checks = [
|
||||
"DIYInherit"
|
||||
"EmptyInherit"
|
||||
"EmptyLet"
|
||||
"EtaReduce"
|
||||
"LetInInheritRecset"
|
||||
"ListLiteralConcat"
|
||||
"NegateAtom"
|
||||
"SequentialLet"
|
||||
"SetLiteralUpdate"
|
||||
"UnfortunateArgName"
|
||||
"UnneededRec"
|
||||
"UnusedArg"
|
||||
"UnusedLetBind"
|
||||
"UpdateEmptySet"
|
||||
"BetaReduction"
|
||||
"EmptyVariadicParamSet"
|
||||
"UnneededAntiquote"
|
||||
"no-FreeLetInFunc"
|
||||
"no-AlphabeticalArgs"
|
||||
"no-AlphabeticalBindings"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{self, ...}: system:
|
||||
with self.pkgs.${system};
|
||||
mkShell {
|
||||
name = "iot-platform";
|
||||
name = "FabNet";
|
||||
nativeBuildInputs =
|
||||
[
|
||||
# Development
|
||||
|
@ -27,9 +27,9 @@ with self.pkgs.${system};
|
|||
yamllint
|
||||
|
||||
# Nix
|
||||
deploy-rs
|
||||
alejandra
|
||||
nix
|
||||
nix-linter
|
||||
nixUnstable
|
||||
rnix-lsp
|
||||
|
||||
# Service
|
||||
|
@ -37,8 +37,12 @@ with self.pkgs.${system};
|
|||
|
||||
# Misc
|
||||
reuse
|
||||
zstd
|
||||
wget
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
shellHook = ''
|
||||
${self.checks.${system}.pre-commit-check.shellHook}
|
||||
'';
|
||||
allowUnsupportedSystem = true;
|
||||
}
|
||||
|
|
5
software/gateway/boot.nix
Normal file
5
software/gateway/boot.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{lib, ...}: {
|
||||
boot.kernel.sysctl = lib.mkDefault {"vm.swappiness" = 10;};
|
||||
boot.tmpOnTmpfs = lib.mkDefault true;
|
||||
boot.cleanTmpDir = lib.mkDefault true;
|
||||
}
|
66
software/gateway/default.nix
Normal file
66
software/gateway/default.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/profiles/all-hardware.nix")
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
(modulesPath + "/profiles/base.nix")
|
||||
./boot.nix
|
||||
./hardware.nix
|
||||
./locale.nix
|
||||
./networking.nix
|
||||
./nix.nix
|
||||
./security.nix
|
||||
./users.nix
|
||||
./tools.nix
|
||||
];
|
||||
system.stateVersion = lib.mkForce "23.05";
|
||||
|
||||
networking.hostName = "fabnet";
|
||||
networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName);
|
||||
networking.firewall.allowedTCPPorts = lib.mkDefault [
|
||||
1880 # Node-Red
|
||||
1883 # Mosquitto
|
||||
5000 # Octoprint
|
||||
3000 # Grafana
|
||||
8086 # InfluxDB
|
||||
9090 # Prometheus
|
||||
];
|
||||
|
||||
services.openssh.enable = lib.mkForce true;
|
||||
services.haveged.enable = lib.mkDefault true;
|
||||
services.fail2ban.enable = lib.mkDefault true;
|
||||
|
||||
services.node-red.enable = lib.mkDefault true;
|
||||
services.influxdb2.enable = lib.mkDefault true;
|
||||
services.prometheus.enable = lib.mkDefault true;
|
||||
services.octoprint.enable = lib.mkDefault true;
|
||||
|
||||
services.grafana.enable = lib.mkDefault true;
|
||||
services.grafana.settings.server.http_port = 7878;
|
||||
services.grafana.provision.datasources.settings.datasources = lib.mkForce [
|
||||
{
|
||||
name = "influxdb";
|
||||
type = "influxdb";
|
||||
url = "http://0.0.0.0:8086";
|
||||
}
|
||||
{
|
||||
type = "prometheus";
|
||||
name = "prometheus";
|
||||
url = "http://0.0.0.0:9090";
|
||||
}
|
||||
];
|
||||
|
||||
services.mosquitto.enable = lib.mkDefault true;
|
||||
services.mosquitto.listeners = lib.mkDefault [
|
||||
{
|
||||
address = "0.0.0.0";
|
||||
acl = ["pattern readwrite #"];
|
||||
omitPasswordAuth = lib.mkDefault true;
|
||||
}
|
||||
];
|
||||
}
|
25
software/gateway/hardware.nix
Normal file
25
software/gateway/hardware.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
hardware.bluetooth.enable = lib.mkDefault true;
|
||||
hardware.i2c.enable = lib.mkDefault true;
|
||||
hardware.sensor.iio.enable = lib.mkDefault true;
|
||||
|
||||
services.fwupd.enable = lib.mkDefault true;
|
||||
services.upower.enable = lib.mkDefault true;
|
||||
services.tlp.enable = lib.mkDefault true;
|
||||
|
||||
programs.usbtop.enable = lib.mkDefault true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
dmidecode
|
||||
lshw
|
||||
pciutils
|
||||
usbutils
|
||||
];
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
11
software/gateway/locale.nix
Normal file
11
software/gateway/locale.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{lib, ...}: {
|
||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||
|
||||
console.keyMap = lib.mkDefault "de";
|
||||
|
||||
i18n.supportedLocales = lib.mkDefault ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"];
|
||||
i18n.extraLocaleSettings = lib.mkDefault {
|
||||
LANG = "en_US.UTF-8";
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
};
|
||||
}
|
19
software/gateway/networking.nix
Normal file
19
software/gateway/networking.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
networking.firewall.enable = lib.mkForce true;
|
||||
networking.wireless.enable = lib.mkDefault true;
|
||||
networking.networkmanager.enable = lib.mkDefault true;
|
||||
|
||||
services.avahi.enable = lib.mkDefault true;
|
||||
services.avahi.nssmdns = lib.mkDefault true;
|
||||
services.avahi.publish.enable = lib.mkDefault true;
|
||||
services.avahi.publish.addresses = lib.mkDefault true;
|
||||
services.avahi.publish.domain = lib.mkDefault true;
|
||||
services.avahi.publish.userServices = lib.mkDefault true;
|
||||
services.avahi.publish.workstation = lib.mkDefault true;
|
||||
services.avahi.extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||
}
|
28
software/gateway/nix.nix
Normal file
28
software/gateway/nix.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
nix.package = pkgs.nixUnstable;
|
||||
nix.gc.automatic = lib.mkForce true;
|
||||
nix.optimise.automatic = lib.mkDefault true;
|
||||
nix.settings.require-sigs = lib.mkForce true;
|
||||
nix.settings.auto-optimise-store = lib.mkDefault true;
|
||||
nix.settings.allowed-users = lib.mkDefault ["@wheel"];
|
||||
nix.settings.trusted-users = lib.mkDefault ["root" "@wheel"];
|
||||
nix.settings.substituters = lib.mkDefault [
|
||||
"https://arm.cachix.org/"
|
||||
"https://nix-community.cachix.org"
|
||||
"https://nix-config.cachix.org"
|
||||
];
|
||||
nix.settings.trusted-public-keys = lib.mkDefault [
|
||||
"arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
|
||||
];
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
min-free = ${toString (100 * 1024 * 1024)}
|
||||
max-free = ${toString (1024 * 1024 * 1024)}
|
||||
'';
|
||||
}
|
14
software/gateway/security.nix
Normal file
14
software/gateway/security.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
security.protectKernelImage = lib.mkDefault true;
|
||||
security.forcePageTableIsolation = lib.mkDefault true;
|
||||
|
||||
security.polkit.enable = lib.mkDefault true;
|
||||
security.apparmor.enable = lib.mkDefault true;
|
||||
|
||||
security.sudo.enable = lib.mkDefault true;
|
||||
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
||||
}
|
39
software/gateway/tools.nix
Normal file
39
software/gateway/tools.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
programs.neovim.enable = lib.mkDefault true;
|
||||
programs.neovim.viAlias = lib.mkDefault true;
|
||||
programs.neovim.vimAlias = lib.mkDefault true;
|
||||
programs.neovim.defaultEditor = lib.mkDefault true;
|
||||
|
||||
programs.zsh.enable = lib.mkDefault true;
|
||||
programs.zsh.ohMyZsh.enable = lib.mkDefault true;
|
||||
programs.zsh.enableCompletion = lib.mkDefault true;
|
||||
programs.zsh.enableBashCompletion = lib.mkDefault true;
|
||||
programs.zsh.enableGlobalCompInit = lib.mkDefault false;
|
||||
programs.zsh.autosuggestions.enable = lib.mkDefault true;
|
||||
programs.zsh.interactiveShellInit = lib.mkDefault "source '${pkgs.grml-zsh-config}/etc/zsh/zshrc'";
|
||||
|
||||
programs.mtr.enable = lib.mkDefault true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
exfat
|
||||
sshfs
|
||||
strace
|
||||
tmux
|
||||
curl
|
||||
httpie
|
||||
gotop
|
||||
htop
|
||||
mc
|
||||
git
|
||||
neofetch
|
||||
pstree
|
||||
ranger
|
||||
screen
|
||||
tree
|
||||
whois
|
||||
];
|
||||
}
|
14
software/gateway/users.nix
Normal file
14
software/gateway/users.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
users.mutableUsers = lib.mkDefault true;
|
||||
users.users.fabnet = {
|
||||
isNormalUser = lib.mkDefault true;
|
||||
initialPassword = lib.mkDefault "fabnet";
|
||||
extraGroups = lib.mkDefault ["wheel"];
|
||||
createHome = lib.mkDefault true;
|
||||
shell = lib.mkForce pkgs.zsh;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue