Home

infra @main - refs - log -
- 
https://git.jolheiser.com/infra.git
dragonwell flake
tree log patch
add HA Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQAr2NL+338lmbI2+18XbMKFzA0KoostPFiY7kEVW1Vrv7SYb0B6vd3l0QRjNz29Q63 uI4lg7b0sJ668y5zETtQw= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
1 month ago
4 changed files, 160 additions(+), 0 deletions(-)
M flake.nixflake.nix
diff --git a/flake.nix b/flake.nix
index c4e6e318b56619c7423c181d375070d69e92104f..c4dbfe596e0e816199a37b1bce89c7e110bb247d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -128,6 +128,7 @@               ./dragonwell
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
+        jasmine.imports = [ ./jasmine ];
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];
Ijasmine/default.nix
diff --git a/jasmine/default.nix b/jasmine/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..6f107ebec2977e4ed0f47e32af814bdad4333166
--- /dev/null
+++ b/jasmine/default.nix
@@ -0,0 +1,92 @@
+let
+  username = "jolheiser";
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7cgpIUaEY3q12xBct9a0gIl7rdckBBPsWQea7Wtj7P";
+in
+{
+  imports = [
+    ./hardware.nix
+    ./homeassistant.nix
+  ];
+
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+    useOSProber = true;
+  };
+
+  networking = {
+    hostName = "jasmine"; # Define your hostname.
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  time.timeZone = "America/Chicago";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  services.xserver = {
+    enable = true;
+    displayManager.lightdm.enable = true;
+    desktopManager.xfce.enable = true;
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  services = {
+    tailscale.enable = true;
+    openssh.enable = true;
+    fail2ban.enable = true;
+  };
+
+  users.users = {
+    "${username}" = {
+      isNormalUser = true;
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [ key ];
+    };
+    "root".openssh.authorizedKeys.keys = [ key ];
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  nix = {
+    gc.automatic = true;
+    settings = {
+      trusted-users = [
+        "@sudo"
+        "@wheel"
+        "jolheiser"
+      ];
+      experimental-features = [
+        "flakes"
+        "nix-command"
+      ];
+      auto-optimise-store = true;
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
Ijasmine/hardware.nix
diff --git a/jasmine/hardware.nix b/jasmine/hardware.nix
new file mode 100644
index 0000000000000000000000000000000000000000..0667013a75a1a5f1fc7a0c2e5b1cb6df337b0789
--- /dev/null
+++ b/jasmine/hardware.nix
@@ -0,0 +1,49 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "ehci_pci"
+    "ata_piix"
+    "usbhid"
+    "usb_storage"
+    "ums_realtek"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/fde52e7b-7026-4969-a05c-dfc49d01aa05";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/f5462a8a-d07c-40d2-a72f-b1e30ac3fb1a"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
Ijasmine/homeassistant.nix
diff --git a/jasmine/homeassistant.nix b/jasmine/homeassistant.nix
new file mode 100644
index 0000000000000000000000000000000000000000..9e7eb2df922b4ab263484c458c4d97430cd80e13
--- /dev/null
+++ b/jasmine/homeassistant.nix
@@ -0,0 +1,18 @@
+{
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers.homeassistant = {
+      volumes = [ "home-assistant:/config" ];
+      environment.TZ = "America/Chicago";
+      image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
+      extraOptions = [
+        "--network=host"
+        # "--device=/dev/ttyACM0:/dev/ttyACM0" # Example, change this to match your own hardware
+      ];
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    4001
+    8123
+  ];
+}