Clean up builder config, add deploy-rs setup for builder

2024-11-29 21:34:50 +01:00 · 2024-11-29 21:34:50 +01:00 · 38cac91b71
commit 38cac91b71
parent ede33b5207
2 changed files with 39 additions and 61 deletions
--- a/flake.nix
+++ b/flake.nix
@ -138,5 +138,15 @@
          confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
        };
      };
+
+      deploy.nodes.builder = {
+        hostname = "builder.julian-mutter.de";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.nix-builder;
+          # confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
+        };
+      };
    };
 }
--- a/systems/x86_64-linux/nix-builder/default.nix
+++ b/systems/x86_64-linux/nix-builder/default.nix
@ -1,57 +1,27 @@
 # sudo nixos-rebuild switch --flake .#nix-builder --target-host root@192.168.3.118
-
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
+# or
+# deploy .#builder
 { config, pkgs, ... }:

 {
-  imports = [
-    # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
+  imports = [ ./hardware-configuration.nix ];

-  # Bootloader.
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.useOSProber = true;

+  # Emulated systems used as alternative to cross-compiling
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

-  networking.hostName = "nix-builder"; # Define your hostname.
-
-  # Enable networking
+  networking.hostName = "nix-builder";
  networking.networkmanager.enable = true;

-  # Set your time zone.
  time.timeZone = "Europe/Berlin";

-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "de_DE.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
+  modules = {
+    keymap.enable = true;
+    locales.enable = true;
  };

-  # Configure keymap in X11
-  services.xserver = {
-    xkb.layout = "de";
-    xkb.variant = "";
-  };
-
-  # Configure console keymap
-  console.keyMap = "de";
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.nix = {
    isNormalUser = true;
    description = "Nix";
@ -59,7 +29,6 @@
      "networkmanager"
      "wheel"
    ];
-    packages = with pkgs; [ ];
  };

  nix.settings.trusted-users = [ "@wheel" ];
@ -92,37 +61,36 @@
    min-free-check-interval = 60
  '';

-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim
    htop
    mc
  ];

-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  services.ollama = {
+  # services.ollama = {
+  #   enable = true;
+  #   acceleration = "cuda";
+  # };
+  services.open-webui = {
    enable = true;
-    acceleration = "cuda";
+    port = 8080;
+    openFirewall = true;
  };

-  security.pam.sshAgentAuth.enable = true; # enable sudo logins via ssh
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+  ];

-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh

-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  # ======================== DO NOT CHANGE THIS ========================
+  system.stateVersion = "23.11";
+  # ======================== DO NOT CHANGE THIS ========================
 }