chore(odin): organize files

devenv.nix

@@ -22,6 +22,9 @@
     nrb.exec = ''
       sudo ${nixos-rebuild.exec} build --flake .#$(hostname);
     '';
+    nrt.exec = ''
+      sudo ${nixos-rebuild.exec} test --flake .#$(hostname);
+    '';
     nrs.exec = ''
       sudo ${nixos-rebuild.exec} switch --flake .#$(hostname);
     '';

hosts/odin/README.md

@@ -18,3 +18,42 @@ nix run github:nix-community/nixos-anywhere -- \
   --flake .#odin \
   --target-host [email protected]
 ```
+
+## Install Script
+
+```bash
+#!/usr/bin/env bash
+
+# Create a temporary directory
+temp=$(mktemp -d)
+
+# Function to cleanup temporary directory on exit
+cleanup() {
+  rm -rf "$temp"
+}
+trap cleanup EXIT
+
+# Create the directory where sshd expects to find the host keys
+install -d -m755 "$temp/persist/etc/ssh"
+install -d -m755 "$temp/etc/ssh"
+
+# Decrypt your private key from the password store and copy it to the temporary directory
+cat ./ssh_host_ed25519_key.txt > "$temp/persist/etc/ssh/ssh_host_ed25519_key"
+cat ./ssh_host_rsa_key.txt > "$temp/persist/etc/ssh/ssh_host_rsa_key"
+cat ./ssh_host_ed25519_key.txt > "$temp/etc/ssh/ssh_host_ed25519_key"
+cat ./ssh_host_rsa_key.txt > "$temp/etc/ssh/ssh_host_rsa_key"
+
+# Set the correct permissions so sshd will accept the key
+chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key"
+chmod 600 "$temp/persist/etc/ssh/ssh_host_rsa_key"
+chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
+chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"
+
+# Install NixOS to the host system with our secrets
+nix run github:nix-community/nixos-anywhere -- \
+  --disko-mode mount \
+  --extra-files "$temp" \
+  --build-on-remote \
+  --flake .#odin \
+  root@[NIXOS-IP]
+```

hosts/odin/default.nix

@@ -1,18 +1,17 @@
-{ inputs, outputs, pkgs, lib, config, ... }:
+{ config
+, lib
+, pkgs
+, outputs
+, ...
+}:
 {
   imports = [
-    inputs.nixos-facter-modules.nixosModules.facter
-    { config.facter.reportPath = ./facter.json; }
-
+    # TODO: auto-import via `outputs.modules.nixos`
     outputs.modules.global.nix-config
-    inputs.agenix.nixosModules.default
 
-    ./age.nix
-    ./disko.nix
-    ./impermanence.nix
-    ./mergerfs.nix
-    ./system.nix
+    ./system
     ./services
+    ./users
   ]
   ++ (builtins.attrValues outputs.modules.nixos);
 
@@ -130,18 +129,6 @@
     nvme-cli
   ];
 
-  # User configuration
-  users.mutableUsers = false;
-  users.users.thomas = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "users" ];
-    shell = config.programs.fish.package;
-    hashedPasswordFile = config.age.secrets."odin/users/thomas".path;
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5o7LT5wPYWgI8Mvr6RKOv+BcsbQgU7PCw2hheVu17alwF1uFUsAYV5BVQu+uv9uEm/UDsCNhfM6TwI0A1prdmtBz4pKiwXbj7fcdp6DcVOgTsPfawbXEpivtJvlhEatyTsR26MjHKnqpT0BxPvj6Ug6pvRkCYW5d2bWXiY9murmAX6Q5kSyNunkB8PdRTH+S47f7eOdCJY63VBOkkiG8M7XyPwFCDTYiHhbMZcejIdY9mB6kYnMQVRHDznQWiQxrcaE1fD/TY3db9GDcOVoo2aDBOZX7WT2+me67sU8dEK9+nSyhWDzBbEs8knu87ZlKPFwhl4slenRniKhbf22OpicXArtEcjEj0GyDJH5e+ZCIQ4eSQanA7TxnKFlDuaf+Qqx55UT+ya4vJJeik7nkzbRHaE9IoWhhiOaOnaN6kHIxuxB6z7EL3Gk7f78+I/qBaj5df6fgnXM3JBXKa5bRH2wqoSetJAo6EGpEgmU2huB1ktiGlO7BlF5XwSw6cb/KT7NSIXhncgLkCzsDVXxecVQv1FnPISBcp3+ti01ADVf2trgpPDbNTWV40Rgiefie0o2fc6KWAFfum1j5N3WWU+XVVmRjDmKKHiEJBLNKDAe0rQf+tryPW4c5GIN7aFoB+8dYFAuUyLd7Fu3vhZdmcckN5ryHunEc0dKPIiuoVZw=="
-    ];
-  };
-
   # System identification
   networking.hostName = "odin";
   networking.useDHCP = lib.mkDefault true;

hosts/odin/install.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-
-# Create a temporary directory
-temp=$(mktemp -d)
-
-# Function to cleanup temporary directory on exit
-cleanup() {
-  rm -rf "$temp"
-}
-trap cleanup EXIT
-
-# Create the directory where sshd expects to find the host keys
-install -d -m755 "$temp/persist/etc/ssh"
-install -d -m755 "$temp/etc/ssh"
-
-# Decrypt your private key from the password store and copy it to the temporary directory
-cat ./ssh_host_ed25519_key.txt > "$temp/persist/etc/ssh/ssh_host_ed25519_key"
-cat ./ssh_host_rsa_key.txt > "$temp/persist/etc/ssh/ssh_host_rsa_key"
-cat ./ssh_host_ed25519_key.txt > "$temp/etc/ssh/ssh_host_ed25519_key"
-cat ./ssh_host_rsa_key.txt > "$temp/etc/ssh/ssh_host_rsa_key"
-
-# Set the correct permissions so sshd will accept the key
-chmod 600 "$temp/persist/etc/ssh/ssh_host_ed25519_key"
-chmod 600 "$temp/persist/etc/ssh/ssh_host_rsa_key"
-chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
-chmod 600 "$temp/etc/ssh/ssh_host_rsa_key"
-
-# Install NixOS to the host system with our secrets
-nix run github:nix-community/nixos-anywhere -- \
-  --disko-mode mount \
-  --extra-files "$temp" \
-  --flake .#odin \
-  --target-host [email protected]

hosts/odin/services/samba.nix

@@ -8,9 +8,6 @@ let
   # TODO: make sure to add system users for all the users that don't exist
 in
 {
-  users.users.christine.isSystemUser = true;
-  users.users.christine.group = "storage";
-
   services.samba = {
     enable = true;
     openFirewall = true;

hosts/odin/system.nix → hosts/odin/system/default.nix

@@ -1,33 +1,49 @@
-{ config, ... }:
+{ config
+, inputs
+, ...
+}:
 {
-  # Boot configuration
+  imports = [
+    inputs.nixos-facter-modules.nixosModules.facter
+    { config.facter.reportPath = ./facter.json; }
+
+    ./age.nix
+    ./disko.nix
+    ./impermanence.nix
+    ./mergerfs.nix
+  ];
+
+  environment.systemPackages = [
+    config.boot.kernelPackages.cpupower
+    config.boot.kernelPackages.turbostat
+  ];
+
   boot = {
-    # Use systemd-boot for UEFI systems
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
-    loader.grub.devices = [
-      config.disko.devices.disk.main.device
-    ];
+    loader.grub.devices = [ config.disko.devices.disk.main.device ];
     loader.timeout = 3;
 
-    # Kernel parameters for server workload
     blacklistedKernelModules = [ "k10temp" ];
+    extraModulePackages = [ config.boot.kernelPackages.zenpower ];
     kernelParams = [ "rootflags=compress=zstd:1,noatime" "amd_pstate=active" ];
     kernelModules = [ "zenpower" "nct6775" ];
-    extraModulePackages = [
-      config.boot.kernelPackages.cpupower
-      config.boot.kernelPackages.turbostat
-      config.boot.kernelPackages.zenpower
-    ];
 
-    # Enable KSM for memory efficiency with containers
     kernel.sysctl = {
       "kernel.sysrq" = 1;
       "vm.swappiness" = 10;
       "net.core.default_qdisc" = "cake";
     };
-  };
 
+    initrd.services.udev.rules = ''
+      ACTION=="add", SUBSYSTEM=="hwmon", DEVPATH=="/devices/platform/*/hwmon/hwmon*", \
+      MODE="0660", GROUP="plugdev", \
+      RUN+="/bin/sh -c 'for pwm in $(find /sys%p -name \"pwm[0-9]*\" | sort); do \
+          num=$(echo \"$pwm\" | sed -n \"s/.*pwm\([0-9]\+\).*/\1/p\"); \
+          ln -sf \"$pwm\" \"/dev/pwm$num\"; \
+      done'"
+    '';
+  };
 
   hardware.fancontrol = {
     enable = true;
@@ -59,8 +75,8 @@
           devices.data2.device
         ];
         pwmPaths = [
-          "/sys/class/hwmon/hwmon2/pwm1:20:0"
-          "/sys/class/hwmon/hwmon2/pwm4:80:60"
+          "/sys/class/hwmon/hwmon[[:print:]]*/pwm1:20:0"
+          "/sys/class/hwmon/hwmon[[:print:]]*/pwm4:80:60"
         ];
         logVerbosity = "DEBUG";
         extraArgs = [

hosts/odin/users/default.nix

@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  users.mutableUsers = false;
+
+  users.users.thomas = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "users" ];
+    shell = config.programs.fish.package;
+    hashedPasswordFile = config.age.secrets."odin/users/thomas".path;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5o7LT5wPYWgI8Mvr6RKOv+BcsbQgU7PCw2hheVu17alwF1uFUsAYV5BVQu+uv9uEm/UDsCNhfM6TwI0A1prdmtBz4pKiwXbj7fcdp6DcVOgTsPfawbXEpivtJvlhEatyTsR26MjHKnqpT0BxPvj6Ug6pvRkCYW5d2bWXiY9murmAX6Q5kSyNunkB8PdRTH+S47f7eOdCJY63VBOkkiG8M7XyPwFCDTYiHhbMZcejIdY9mB6kYnMQVRHDznQWiQxrcaE1fD/TY3db9GDcOVoo2aDBOZX7WT2+me67sU8dEK9+nSyhWDzBbEs8knu87ZlKPFwhl4slenRniKhbf22OpicXArtEcjEj0GyDJH5e+ZCIQ4eSQanA7TxnKFlDuaf+Qqx55UT+ya4vJJeik7nkzbRHaE9IoWhhiOaOnaN6kHIxuxB6z7EL3Gk7f78+I/qBaj5df6fgnXM3JBXKa5bRH2wqoSetJAo6EGpEgmU2huB1ktiGlO7BlF5XwSw6cb/KT7NSIXhncgLkCzsDVXxecVQv1FnPISBcp3+ti01ADVf2trgpPDbNTWV40Rgiefie0o2fc6KWAFfum1j5N3WWU+XVVmRjDmKKHiEJBLNKDAe0rQf+tryPW4c5GIN7aFoB+8dYFAuUyLd7Fu3vhZdmcckN5ryHunEc0dKPIiuoVZw=="
+    ];
+  };
+
+  users.users.christine = {
+    isSystemUser = true;
+    group = "storage";
+  };
+}