Servapp nixos

.github/workflows/push-check.yaml

@@ -58,7 +58,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        machine: ["appaquet@deskapp"]
+        machine: ["appaquet@deskapp", "appaquet@servapp"]
     steps:
     - uses: actions/checkout@v4
     - uses: DeterminateSystems/nix-installer-action@main

.github/workflows/updater.yaml

@@ -87,7 +87,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        machine: ["appaquet@deskapp"]
+        machine: ["appaquet@deskapp", "appaquet@servapp"]
     steps:
       - uses: actions/checkout@v4
 
@@ -107,7 +107,7 @@ jobs:
       - name: Building NixOS baseline
         run: |
           set -xe
-          MACHINE_KEY="appaquet@deskapp" ./x nixos build
+          MACHINE_KEY="${{ matrix.machine }}" ./x nixos build
           nix-collect-garbage # free up intermediary, since we're low on disk on gha
           mv result result-before
 
@@ -119,7 +119,7 @@ jobs:
       - name: Building NixOS new
         run: |
           set -xe
-          MACHINE_KEY="appaquet@deskapp" ./x nixos build
+          MACHINE_KEY="${{ matrix.machine }}" ./x nixos build
           mv result result-after
 
       - name: Diffing...

README.md

@@ -81,6 +81,12 @@
    set -Ua fish_user_paths /home/appaquet/.local/utils/
    ```
 
+1. `failed: unable to open database file at ... command-not-found`
+   As root, run:
+   ```
+   nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+   nix-channel --update
+   ```
 1. On MacOS, we may end up with an older version of nix installed, leading to flakes
    not working because of use of newer syntax in the lock files (see <https://github.com/LnL7/nix-darwin/issues/931>)
 

flake.nix

@@ -135,8 +135,11 @@
                   extraSpecialArgs.secrets.commonHome
                 ] ++ commonHomeModules;
                 extraSpecialArgs = {
-                  inherit inputs unstablePkgs cfg;
+                  inherit inputs unstablePkgs;
                   secrets = secrets.init "linux";
+                  cfg = cfg // {
+                    isNixos = true;
+                  };
                 };
               };
 
@@ -191,6 +194,18 @@
             ./nixos/deskapp/configuration.nix
           ];
         };
+
+        servapp = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit (self) common;
+            inherit inputs;
+            secrets = secrets.init "linux";
+          };
+          modules = [
+            nixosOverlaysModule
+            ./nixos/servapp/configuration.nix
+          ];
+        };
       };
     };
 }

home-manager/servapp.nix

@@ -10,5 +10,5 @@
 
   home.username = "appaquet";
   home.homeDirectory = "/home/appaquet";
-  home.stateVersion = "23.11";
+  home.stateVersion = "24.11";
 }

nixos/common.nix

@@ -26,6 +26,8 @@
     shell = pkgs.fish;
     description = "appaquet";
 
+    homeMode = "0755"; # virt access to var files
+
     extraGroups = [
       "networkmanager"
       "wheel"

nixos/deskapp/configuration.nix

@@ -53,6 +53,7 @@
   networking.hosts = {
     "100.109.193.77" = [ "localhost.humanfirst.ai" ];
   };
+  networking.firewall.enable = false;
 
   # NasAPP mounts
   nasapp = {
@@ -88,12 +89,6 @@
   services.printing.enable = false;
   services.openssh.enable = true;
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nixos/servapp/configuration-init.nix

@@ -0,0 +1,125 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "servapp"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the XFCE Desktop Environment.
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.xfce.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.appaquet = {
+    isNormalUser = true;
+    description = "appaquet";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
+    packages = with pkgs; [
+      #  thunderbird
+    ];
+  };
+
+  # Enable automatic login for the user.
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "appaquet";
+
+  # Install firefox.
+  programs.firefox.enable = true;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    #  wget
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}

nixos/servapp/configuration.nix

@@ -0,0 +1,88 @@
+{ pkgs, secrets, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./virt
+    ../common.nix
+    ../dev.nix
+    ../docker.nix
+    ../network-bridge.nix
+    # TODO: ../ups.nix
+    ../nasapp.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "servapp";
+
+  # Drives
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 16 * 1024; # 16GB
+    }
+  ];
+
+  # Networking
+  networking.networkmanager.enable = true;
+  networking.myBridge = {
+    enable = true;
+    interface = "enp1s0";
+    lanIp = "192.168.0.13";
+  };
+  networking.firewall.enable = false;
+
+  # NasAPP mounts
+  nasapp = {
+    enable = true;
+    credentials = secrets.servapp.nasappCifs;
+    uid = "appaquet";
+    gid = "users";
+    shares = [
+      {
+        share = "backup_servapp"; # TODO: move to backup
+        mount = "/mnt/backup_servapp";
+      }
+      {
+        share = "video";
+        mount = "/mnt/video";
+      }
+    ];
+  };
+
+  # Display
+  services.xserver.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.xfce.enable = true;
+  services.xserver = {
+    xkb.layout = "us";
+    xkb.variant = "";
+  };
+  services.displayManager.autoLogin.enable = true;
+  services.displayManager.autoLogin.user = "appaquet";
+
+  # Enable sound with pipewire.
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Programs & services
+  programs.firefox.enable = true;
+  services.printing.enable = false;
+  services.openssh.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11";
+}

nixos/servapp/hardware-configuration.nix

@@ -0,0 +1,56 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "usbhid"
+    "usb_storage"
+    "uas"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/43e201c8-72e4-4164-9883-a88b5d73e401";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D192-E6E9";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}