~tcarrio/clusta

62abf99e18b09a88207676962e31f388d663a24e — Tom Carrio 9 months ago c4d9290
feat: add new docs around nix config, existing arch packages, and nuc boot iso
A iac/arch-packages.txt => iac/arch-packages.txt +203 -0
@@ 0,0 1,203 @@

## Audio
# alsa stuff
### PulseAudio
pavucontrol 1:5.0+r61+gee77d86-2
pulseaudio-bluetooth 16.1-3
pulseaudio-ctl 1.70-1
# pipewire!

## Desktop Environments

redshift 1.12-6

### GNOME
guake 3.9.0-2
fractal 4.4.0-3
hexchat 2.16.1-3
tilix 1.9.5-6
totem 43.0-2

### i3
i3-wm 4.22-3
i3lock 2.14.1-1
i3status 2.14-1
rofi 1.7.5-1
rxvt-unicode 9.31-1
scrot 1.8.1-1

### KDE
kdeconnect 22.12.2-1
kdiff3 1.10.0-2

## Firmware
amd-ucode 20230210.bf4115c-1

## Connectivitiy
bluez-utils 5.66-1
epson-inkjet-printer-escpr 1.7.22-1
epson-inkjet-printer-escpr2 1.1.55-1
minicom 2.8-1
openssh 9.2p1-1

### Cellular
mobile-broadband-provider-info 20221107-2
modemmanager 1.20.4-1

## System tools
coreutils 9.1-3
feh 3.9.1-2
file 5.44-2
logrotate 3.21.0-2
ncdu 2.2.2-2
ntp 4.2.8.p15-3
openrgb-git r1825.7e77edb8-1
qmk 1.1.1-1
screen 4.9.0-1
sed 4.9-2
sudo 1.9.12.p2-2
synology-drive 3.0.3_12689-1
virtualbox 7.0.6-1
xclip 0.13-3
zsh 5.9-3

### Monitoring tools
glances 3.3.0-1
gotop 4.1.3-1
htop 3.2.2-1
neofetch 7.1.0-2

### Compression / Encryption tools
bzip2 1.0.8-5
gzip 1.12-2
lrzip 0.651-2
pigz 2.7-3
tar 1.34-1

### Filesystem tools
baobab 44.0-1
broot
btrfs
e2fsprogs 1.47.0-1
efibootmgr 18-1
gparted 1.4.0-1
ntfs-3g 2022.10.3-1
ranger 1.9.3+548+gf8b304f7-1
xfsprogs 6.1.1-2

### Laptop tools
cpupower 6.1-1
powertop 2.15-1
tlp 1.5.0-5
wpa_supplicant 2:2.10-8

## Accessibility
talon-bin 0.1.4-1

## Fun CLI tools
no-more-secrets 1.0.1-1

## Nvidia
cuda 11.8.0-1
nvtop-git 1.2.2.r4.gabdec70-1
opencl-nvidia 525.89.02-1

## Databases
dbeaver 22.3.4-1
mariadb 10.10.3-1

## Networking
bind 9.18.11-1
dhclient 4.4.3.P1-1
dhcpcd 9.4.1-1
dnsmasq 2.89-1
nmap 7.93-1
tailscale 1.44.0-1
transmission-gtk 3.00-6
wget 1.21.3-1
zenmap 7.92-5

## Browsers
firefox 111.0-0.1
google-chrome 100.0.4896.127-1
w3m 0.5.3.git20230121_1-1

## Docker tools
dive 0.10.0-3
docker 1:23.0.1-1
docker-compose 2.16.0-1
lazydocker 0.12-1
helm 3.11.0-1
kubectl 1.26.1-1
lens-bin 5.3.4-1
podman 4.4.1-2

## Games
angband 4.2.4-2
chiaki 2.1.1-2
lutris 0.5.12-3
itch 1:1.26.0-2
minigalaxy 1.1.0-3
openmw 0.47.0-9
retroarch 1.14.0-1
steam 1.0.0.75-2

## Development
asdf-vm 0.11.3-1
ansible 7.2.0-1
aws-cli-v2-bin 2.5.8-1
aws-vault 6.6.2-1
bpython 0.23-1
deno 1.30.3-1
diffutils 3.9-1
direnv 2.32.2-1
emacs
fcct 0.10.0-1
gdb 12.1-2
insomnia 2021.6.0-1
jq 1.6-4
lite-xl 2.0.5-1
make 4.4-1
nano 7.2-1
vim 9.0.1302-1
visual-studio-code-bin 1.69.0-1
yq 3.1.0-1
zeal 0.6.1-3

## Communication
beeper 3.62.20-1
discord 0.0.28-1
mumble 1.5.517-1
signal-desktop 6.28.0-1


## 3D / Creative
blender 17:3.4.1-13
freecad 0.20.2-4
gimp 2.10.32-3
inkscape 1.2.2-4
kdenlive 22.12.2-1
obs-studio 29.0.2-1
openscad 2021.01-7
peek 1.5.1-3

## Office
evince 43.1-2
libreoffice-still 7.4.5-1
mutt
pdfgrep 2.1.2-2

## Security
firejail 0.9.72-1
fprintd 1.94.2-1
sops 3.7.3-1

## Music / Movies
mopidy 3.4.1-1
mpc 0.34-2
mpv 1:0.35.1-1
ncmpcpp 0.9.2-10
playerctl 2.4.1-3
spotify 1:1.1.84.716-2
spotifyd 0.3.4-1
yt-dlp 2023.01.06-1

A iac/flake.nix => iac/flake.nix +20 -0
@@ 0,0 1,20 @@
{
  description = "Infrastructure-as-code Delivery Flake";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/22.11";
  };

  outputs = { self, nixpkgs }: {
    nixosConfigurations = {
      nuc = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [ ./configuration.nix ];
      };
      tk1 = nixpkgs.lib.nixosSystem {
        system = "armhf";
        modules = [ ./configuration.nix ];
      };
    };
  };
}

A iac/machines.nix => iac/machines.nix +13 -0
@@ 0,0 1,13 @@
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/22.11";
  };

  outputs = { nixpkgs, ... }: {
    nixosConfigurations.default = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";

      modules = [ ./configuration.nix ];
    };
  };
}
\ No newline at end of file

A iac/modules/ssh-keys.nix => iac/modules/ssh-keys.nix +1 -0
@@ 0,0 1,1 @@
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
\ No newline at end of file

A iac/nuc/Makefile => iac/nuc/Makefile +7 -0
@@ 0,0 1,7 @@
.PHONY: boot-iso clean

boot-iso:
	nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=./iso.nix

clean:
	rm -rf ./result
\ No newline at end of file

A iac/nuc/README.md => iac/nuc/README.md +21 -0
@@ 0,0 1,21 @@
# nuc

These configurations are defined for my NUC devices.

## installer iso

You can create an installation ISO image which can be useful for getting a machine up and running.

This will allow SSH from my existing device so I can manually provision the device after boot.

To create the ISO, run

```bash
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=./iso.nix
```

## system iso

You can create a system ISO image which is where the device expects to boot and run from.

This is not meant to provide an interactive installer but rather be a live system ready to go.
\ No newline at end of file

A iac/nuc/iso.nix => iac/nuc/iso.nix +37 -0
@@ 0,0 1,37 @@
# This module defines a small NixOS installation CD.  It does not
# contain any graphical desktop environment.
{ config, pkgs, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>

    # Provide an initial copy of the NixOS channel so that the user
    # doesn't need to run "nix-channel --update" first.
    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
  ];

  # IP addresses are preconfigured by MAC address in the DHCP server
  networking.useDHCP = true;

  networking.enableIPv6 = true;

  # allow access to ISO installer via SSH
  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
  ];

  # Compression options and their build time vs size
  #
  # I have included an example size, but it's not kept up to date for all changes
  #
  # |------------------------------|------------|----------|
  # | Command                      | Build time | ISO size |
  # |------------------------------|------------|----------|
  # | `lz4`                        | 100s       | 59%      |
  # | `gzip -Xcompression-level 1` | 105s       | 52%      |
  # | `gzip`                       | 210s       | 49%      |
  # | `xz -Xdict-size 100%`        | 450s       | 43%      |
  # |------------------------------|------------|----------|
  isoImage.squashfsCompression = "xz -Xdict-size 100%";
}
\ No newline at end of file

A iac/nuc/result => iac/nuc/result +1 -0
@@ 0,0 1,1 @@
/nix/store/3mbzi90hbybabxm76m5dnxp2v0d960m8-nixos-21.11pre297886.9de5cbca453-x86_64-linux.iso
\ No newline at end of file

A iac/tegra/configuration.nix => iac/tegra/configuration.nix +28 -0
@@ 0,0 1,28 @@
{ config, pkgs, lib, ... }:
{
  # Disable GRUB for ARM
  boot.loader.grub.enable = false;
  
  # Enables the generation of /boot/extlinux/extlinux.conf
  boot.loader.generic-extlinux-compatible.enable = true;
 
  # !!! If your board is a Raspberry Pi 1, select this:
  boot.kernelPackages = pkgs.linuxPackages_rpi;
  # On other boards, pick a different kernel, note that on most boards with good mainline support, default, latest and hardened should all work
  # Others might need a BSP kernel, which should be noted in their respective wiki entries
  
  # !!! This is only for ARMv6 / ARMv7. Don't enable this on AArch64, cache.nixos.org works there.
  nix.binaryCaches = lib.mkForce [ "https://cache.armv7l.xyz" ];
  nix.binaryCachePublicKeys = [ "cache.armv7l.xyz-1:kBY/eGnBAYiqYfg0fy0inWhshUo+pGFM3Pj7kIkmlBk=" ];

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
    };
  };
    
  # Adding a swap file is optional, but recommended if you use RAM-intensive applications that might OOM otherwise. 
  # Size is in MiB, set to whatever you want (though note a larger value will use more disk space).
  swapDevices = [ { device = "/swapfile"; size = 4096; } ];
}
\ No newline at end of file

A iac/tegra/sdcard.nix => iac/tegra/sdcard.nix +10 -0
@@ 0,0 1,10 @@
{ ... }: {
  nixpkgs.crossSystem.system = "armv7l-linux";
  imports = [
    <nixos/modules/installer/sd-card/sd-image-armv7l-multiplatform.nix>
  ];

  users.users.root.openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
  ];
}