From 38cac91b718d75065f380e7257353908fc19c944 Mon Sep 17 00:00:00 2001
From: Julian Mutter <julian.mutter@comumail.de>
Date: Fri, 29 Nov 2024 21:34:50 +0100
Subject: [PATCH] Clean up builder config, add deploy-rs setup for builder

---
 flake.nix                                    | 10 +++
 systems/x86_64-linux/nix-builder/default.nix | 90 +++++++-------------
 2 files changed, 39 insertions(+), 61 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8cff773..442b863 100644
--- a/flake.nix
+++ b/flake.nix
@@ -138,5 +138,15 @@
           confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
         };
       };
+
+      deploy.nodes.builder = {
+        hostname = "builder.julian-mutter.de";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.nix-builder;
+          # confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services
+        };
+      };
     };
 }
diff --git a/systems/x86_64-linux/nix-builder/default.nix b/systems/x86_64-linux/nix-builder/default.nix
index d409ce7..50333a1 100644
--- a/systems/x86_64-linux/nix-builder/default.nix
+++ b/systems/x86_64-linux/nix-builder/default.nix
@@ -1,57 +1,27 @@
 # sudo nixos-rebuild switch --flake .#nix-builder --target-host root@192.168.3.118
-
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
+# or
+# deploy .#builder
 { config, pkgs, ... }:
 
 {
-  imports = [
-    # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
+  imports = [ ./hardware-configuration.nix ];
 
-  # Bootloader.
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.useOSProber = true;
 
+  # Emulated systems used as alternative to cross-compiling
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
-  networking.hostName = "nix-builder"; # Define your hostname.
-
-  # Enable networking
+  networking.hostName = "nix-builder";
   networking.networkmanager.enable = true;
 
-  # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "de_DE.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
+  modules = {
+    keymap.enable = true;
+    locales.enable = true;
   };
 
-  # Configure keymap in X11
-  services.xserver = {
-    xkb.layout = "de";
-    xkb.variant = "";
-  };
-
-  # Configure console keymap
-  console.keyMap = "de";
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.nix = {
     isNormalUser = true;
     description = "Nix";
@@ -59,7 +29,6 @@
       "networkmanager"
       "wheel"
     ];
-    packages = with pkgs; [ ];
   };
 
   nix.settings.trusted-users = [ "@wheel" ];
@@ -92,37 +61,36 @@
     min-free-check-interval = 60
   '';
 
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
     vim
     htop
     mc
   ];
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  services.ollama = {
+  # services.ollama = {
+  #   enable = true;
+  #   acceleration = "cuda";
+  # };
+  services.open-webui = {
     enable = true;
-    acceleration = "cuda";
+    port = 8080;
+    openFirewall = true;
   };
 
-  security.pam.sshAgentAuth.enable = true; # enable sudo logins via ssh
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "yes";
+  };
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
+  ];
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  # ======================== DO NOT CHANGE THIS ========================
+  system.stateVersion = "23.11";
+  # ======================== DO NOT CHANGE THIS ========================
 }