jahanson/nix-config-tn
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial commit

Browse source
This commit is contained in:
Nat Allan 2024-03-13 22:55:17 +11:00
parent 83635bc30b
commit bbfe9d4a2a
27 changed files with 907 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
.gitignore vendored Normal file
View file

65
README.md Normal file
View file

@ -0,0 +1,65 @@
# Truxnell's homelab
[![NixOS](https://img.shields.io/badge/NixOS-23.11-blue?style=flat&logo=nixos&logoColor=white)](https://nixos.org)
Leveraging nix, nix-os to apply machine and home configurations
## Background
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go.
Frustrations with other methods tend to be bitrot and config drift - very annoying to want to do a quick disaster recovery and find your have different versions of modules/utilities, breaking changes in code you didnt catch, etc.
## Getting started
TBC
## Goals
- [ ] Learn nix
- [ ] Mostly reproduce features from my existing homelab
- [ ] Replace existing ubuntu-based 'NAS'
- [ ] Expand usage to other shell environments such as WSL, etc
- [ ] handle secrets - decide between sweet and simple SOPS or re-use my doppler setup.
## TODO
- [ ] Github Actions update fly.io instances (Bitwarden)
- [ ] Bring over hosts
- [ ] DNS01 Raspi4
- [ ] DNS02 Raspi4
- [ ] NAS
- [ ] Latop
- [ ] WSL
- [ ] JJY emulator Raspi4
- [ ] Documentation!
- [ ] Add license
- [ ] Add taskfiles
## Network map
TBC
## Hardware
TBC
## Applying configuration changes on a local machine can be done as follows:
```sh
cd ~/dotfiles
sudo nixos-rebuild switch --flake .
# This will automatically pick the configuration name based on the hostname
```
Applying configuration changes to a remote machine can be done as follows:
```sh
cd ~/dotfiles
nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo
```
## Links & References
- [Misterio77/nix-starter-config](https://github.com/Misterio77/nix-starter-configs)
- [billimek/dotfiles](https://github.com/billimek/dotfiles/)
- [Erase your Darlings](https://grahamc.com/blog/erase-your-darlings/)
- [NixOS Flakes](https://www.tweag.io/blog/2020-07-31-nixos-flakes/)

83
docs/vm/installing.md Normal file
View file

@ -0,0 +1,83 @@
## Installing a playground VM
I've used gnome-boxes from my current Fedora laptop for running playground vm's.
Settings:
ISO: nixos-minimal
Hard drive: 32GB
RAM: 2GB
EFI: Enable
Expose port 22 to allow ssh into vm (host port 3022, guest 22)
```sh
# set temp root passwd
sudo su
passwd
```
`sshd` is already running, so you can now ssh into the vm remotely for the rest of the setup.
`ssh root@127.0.0.1 -p 3022`
```sh
# Partitioning
parted /dev/sda -- mklabel gpt
parted /dev/sda -- mkpart root ext4 512MB -8GB
parted /dev/sda -- mkpart swap linux-swap -8GB 100%
parted /dev/sda -- mkpart ESP fat32 1MB 512MB
parted /dev/sda -- set 3 esp on
# Formatting
mkfs.ext4 -L nixos /dev/sda1
mkswap -L swap /dev/sda2
mkfs.fat -F 32 -n boot /dev/sda3
# Mounting disks for installation
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
swapon /dev/sda2
# Generating default configuration
nixos-generate-config --root /mnt
```
From this config copy the bootstrap configuration and fetch the hardware configuration.
```sh
scp -P 3022 nixos/hosts/bootstrap/configuration.nix root@127.0.0.1:/mnt/etc/nixos/configuration.nix
scp -P 3022 root@127.0.0.1:/mnt/etc/nixos/hardware-configuration.nix nixos/hosts/nixosvm/hardware-configuration.nix
```
Then back to the VM
```sh
nixos-install
reboot
nixos-rebuild switch
```
Set the password for the user that was created.
```sh
passwd truxnell
```
Login as user, copy nix git
```sh
mkdir .local
cd .local
git clone https://github.com/szinn/nix-config.git
cd nix-config
```
Apply config to bootstrapped device
First time around, MUST APPLY <machinename> with name of host in ./hosts/
This is because `.. --flake .` looks for a `nixosConfigurations` key with the machines hostname
The bootstrap machine will be called 'nixos-bootstrap' so the flake by default would resolve `nixosConfigurations.nixos-bootstrap`
Subsequent rebuilds can be called with the default command as after first build the machines hostname will be changed to the desired machine
```sh
nixos-rebuild switch --flake .#<machinename>
```

53
flake.nix Normal file
View file

@ -0,0 +1,53 @@
{
description = "My machines";
inputs = {
# Nixpkgs and unstable
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# sops-nix
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# VSCode community extensions
nix-vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, ... }@inputs:
with inputs;
{
# Use nixpkgs-fmt for 'nix fmt'
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
# Each subdirectory in ./machines is a host. Add them all to
# nixosConfigurations. Host configurations need a file called
# configuration.nix that will be read first
nixosConfigurations = builtins.listToAttrs (map
(x: {
name = x;
value = nixpkgs.lib.nixosSystem {
# Make inputs and the flake itself accessible as module parameters.
# Technically, adding the inputs is redundant as they can be also
# accessed with flake-self.inputs.X, but adding them individually
# allows to only pass what is needed to each module.
specialArgs = { flake-self = self; } // inputs;
system = "x86_64-linux";
modules = [
(./nixos/hosts + "/${x}/default.nix")
];
};
})
(builtins.attrNames (builtins.readDir ./nixos/hosts)));
};
}

59
nixos/home-manager/.gitkeep Normal file
View file

@ -0,0 +1,59 @@
My home infrastructure,
![](https://imgur.com/ISNnzgN.png)
## Structure
- [flake.nix](flake.nix) (Entrypoint for rebuilding via nixos-rebuild or home-manager)
- [flake.lock](flake.lock) (lockfile for current nix flake state, updated daily via [github action](.github/workflows/main.yml))
- [home-manager](home-manager) (User level configuration per machine via home-manager)
- [hosts](hosts/README.md) - (Definition of physical/virutal hosts)
- [common](hosts/common) (Role definitions [Desktop, Laptop, Server])
- [darwin](hosts/common/darwin) (global host configuration used across all darwin hosts)
- [nixos](hosts/common/nixos) (global host configuration used across all NixOS hosts)
- [optional](hosts/common/optional) (optional host configuration used as-needed per host)
- [nas](hosts/nas/README.md) (NixOS NAS server)
- [home](hosts/home/README.md) (NixOS VM running in NAS)
- [cloud](hosts/cloud/README.md) (NixOS VM running in Oracle Cloud)
- [k3s-f](hosts/k3s-f/README.md) (NixOS running on an N100 tiny PC as a k3s node)
- [k3s-g](hosts/k3s-g/README.md) (NixOS running on an N100 tiny PC as a k3s node)
- [k3s-h](hosts/k3s-h/README.md) (NixOS running on an N100 tiny PC as a k3s node)
- [jeffs_laptop](hosts/jeffs_laptop/README.md) (nix-darwin running on a MacBook Pro)
- [jens_laptop](hosts/jens_laptop/README.md) (nix-darwin running on a MacBook Air)
- [work_laptop](hosts/work_laptop/README.md) (nix-darwin running on a MacBook Pro)
- [modules](modules) (Custom NixOS and home-manager modules)
- [overlays](overlays) (Custom overlays, primarily used for packages currently)
- [pkgs](pkgs) (Custom Packages, mainly items not yet in official nixpkgs)
- [shell.nix](shell.nix) (Shell for bootstrapping flake-enabled nix and home-manager)
- [nixpkgs.nix](nixpkgs.nix) (Used by shell.nix - useful to avoid using channels when using legacy nix commands)
## Background
Everyone keeps gushing about how amazing Nix is and I want to get in on the hype cycle
## Goals
- [x] Learn nix
- [x] Mostly reproduce features from my existing [dotfiles](https://github.com/billimek/dotfiles)
- [x] Replace existing ubunut-based 'home VM'
- [x] Expand usage to other shell environments such as WSL, Macbook, etc
- [x] handle secrets - ideally using 1Password and not SOPS - using git-crypt for now
- [x] try agenix for secrets handling
- [ ] introduce the concept of [impermanence](https://github.com/nix-community/impermanence) where appropriate
## References
- [Misterio77/nix-starter-config](https://github.com/Misterio77/nix-starter-configs)
- [How to learn Nix](https://ianthehenry.com/posts/how-to-learn-nix/)
- [home-manager](https://github.com/nix-community/home-manager)
- [Zero to Nix: Everything I Know About Nix & NixOS](https://chetanbhasin.com/articles/zero-to-nix-everything-i-know-about-nix-nixos)
- [Walkthrough of Nix Install and Setup on MacOS (YouTube)](https://www.youtube.com/watch?v=LE5JR4JcvMg)
- [NixOS as a server, part 1: Impermanence](https://guekka.github.io/nixos-server-1/)
- [budimanjojo/dotfiles](https://github.com/budimanjojo/dotfiles/tree/master/nixos)
- [wrmilling/nixos-configuration](https://github.com/wrmilling/nixos-configuration)
- [gshpychka/dotfiles-nix](https://github.com/gshpychka/dotfiles-nix)
- [wimpysworld/nix-config](https://github.com/wimpysworld/nix-config)
## Old Dotfiles
Old dotfiles are still accessible in [archive branch](https://github.com/billimek/dotfiles/tree/archive)

144
nixos/hosts/bootstrap/configuration.nix Normal file
View file

@ -0,0 +1,144 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Host-specific
./hardware-configuration.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "nixos-bootstrap";
dhcpcd.enable = true;
};
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Australia/Melbourne";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.truxnell = {
isNormalUser = true;
extraGroups = ["wheel"]; # Enable sudo for the user.
packages = with pkgs; [
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
btop
git
curl
wget
];
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
warn-dirty = false;
};
};
nixpkgs = {
# overlays = builtins.attrValues outputs.overlays;
config = {
allowUnfree = true;
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# TODO Harden SSH
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
];
# may fix issues with network service failing during a nixos-rebuild
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

19
nixos/hosts/common/nixos/auto-upgrade.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
inputs,
...
}: let
inherit (config.networking) hostName;
# Only enable auto upgrade if current config came from a clean tree
# This avoids accidental auto-upgrades when working locally.
isClean = inputs.self ? rev;
in {
system.autoUpgrade = {
enable = isClean;
dates = "hourly";
flags = [
"--refresh"
];
flake = "github:truxnell/nix-config";
};
}

64
nixos/hosts/common/nixos/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ inputs, outputs, config, sops-nix, ... }: {
imports = [
# inputs.home-manager.nixosModules.home-manager
#inputs.sops-nix.nixosModules.sops
./locale.nix
./nix.nix
./openssh.nix
./packages.nix
] ++ (builtins.attrValues {});
# home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager
nixpkgs = {
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
# TODO Shared sops location
# sops.age.keyFile = "/var/lib/sops-nix/key.txt";
# Increase open file limit for sudoers
security.pam.loginLimits = [
{
domain = "@wheel";
item = "nofile";
type = "soft";
value = "524288";
}
{
domain = "@wheel";
item = "nofile";
type = "hard";
value = "1048576";
}
];
# sops.secrets.msmtp = {
# sopsFile = ./secret.sops.yaml;
# }
# # TODO Email settings
# programs.msmtp = {
# enable = true;
# accounts.default = {
# host = "smtp-relay.mcbadass.local";
# from = "${config.networking.hostName}@trux.dev";
# };
# defaults = {
# aliases = "/etc/aliases";
# };
# };
environment.etc = {
"aliases" = {
text = ''
root: ${config.networking.hostName}@trux.dev
'';
mode = "0644";
};
};
}

6
nixos/hosts/common/nixos/locale.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }: {
i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8";
};
time.timeZone = lib.mkDefault "Australia/Melbourne";
}

14
nixos/hosts/common/nixos/nix.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs, lib, ... }:
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
gc = {
automatic = true;
dates = "weekly";
# Delete older generations too
options = "--delete-older-than 5d";
};
};
}

24
nixos/hosts/common/nixos/openssh.nix Normal file
View file

@ -0,0 +1,24 @@
{ outputs, lib, config, ... }:
let
inherit (config.networking) hostName;
hosts = outputs.nixosConfigurations;
in
{
services.openssh = {
enable = true;
settings = {
# Harden
PasswordAuthentication = false;
PermitRootLogin = "no";
# Automatically remove stale sockets
StreamLocalBindUnlink = "yes";
# Allow forwarding ports to everywhere
GatewayPorts = "clientspecified";
};
};
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
}

15
nixos/hosts/common/nixos/packages.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
bat
jq
yq
btop
neovim
vim
git
dnsutils
];
programs.mtr.enable = true;
}

25
nixos/hosts/common/nixos/users/truxnell/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, config, ... }:
let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
users.users.truxnell = {
isNormalUser = true;
shell = pkgs.fish;
# passwordFile = config.sops.secrets.taylor-password.path;
# initialHashedPassword = ""; # TODO add key
extraGroups = [
"wheel"
] ++ ifTheyExist [
"network"
"samba-users"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
];
packages = [ pkgs.home-manager ];
};
# home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager?
}

7
nixos/hosts/common/optional/chrony.nix Normal file
View file

@ -0,0 +1,7 @@
{ inputs, outputs, config, ... }: {
# Time
networking.timeServers = ["10.8.10.1"];
services.chrony = {
enable = true;
};
}

44
nixos/hosts/common/optional/dnscrypt-proxy2.nix Normal file
View file

@ -0,0 +1,44 @@
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
{ inputs, outputs, pkgs, config, ... }: {
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
services.resolved.enable = false;
# Fix this devices DNS resolv.conf
networking = {
nameservers = [ "10.8.10.1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
forwarding_rules = pkgs.writeText "forwarding-rules.txt" ''
natallan.com 10.8.10.1
sonarr.trux.dev 10.8.20.11
radarr.trux.dev 10.8.20.11
lidarr.trux.dev 10.8.20.11
qbittorrent.trux.dev 10.8.20.11
qbittorrent-lidarr.trux.dev 10.8.20.11
syncthing.trux.dev 10.8.20.11
qbittorrent-readarr.trux.dev 10.8.20.11
filebrowser.trux.dev 10.8.20.11
minio.trux.dev 10.8.20.11
sabnzbd.trux.dev 10.8.20.11
trux.dev 10.8.20.203
'';
server_names = ["NextDNS-f6fe35"];
static = {
"NextDNS-f6fe35" = {
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
};
};
};
};
}

10
nixos/hosts/common/optional/fish.nix Normal file
View file

@ -0,0 +1,10 @@
{
programs.fish = {
enable = true;
vendor = {
completions.enable = true;
config.enable = true;
functions.enable = true;
};
};
}

29
nixos/hosts/common/optional/monitoring.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
{
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [
"diskstats"
"filesystem"
"loadavg"
"meminfo"
"netdev"
"stat"
"time"
"uname"
"systemd"
];
};
smartctl = {
enable = true;
};
};
networking.firewall.allowedTCPPorts = [
config.services.prometheus.exporters.node.port
config.services.prometheus.exporters.smartctl.port
];
}

37
nixos/hosts/common/optional/reboot-required.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
pkgs,
...
}: {
systemd.timers."reboot-required-check" = {
wantedBy = ["timers.target"];
timerConfig = {
# start at boot
OnBootSec = "0m";
# check every hour
OnUnitActiveSec = "1h";
Unit = "reboot-required-check.service";
};
};
systemd.services."reboot-required-check" = {
script = ''
#!/usr/bin/env bash
# compare current system with booted sysetm to determine if a reboot is required
if [[ "$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" == "$(readlink /run/current-system/{initrd,kernel,kernel-modules})" ]]; then
# check if the '/var/run/reboot-required' file exists and if it does, remove it
if [[ -f /var/run/reboot-required ]]; then
rm /var/run/reboot-required || { echo "Failed to remove /var/run/reboot-required"; exit 1; }
fi
else
echo "reboot required"
touch /var/run/reboot-required || { echo "Failed to create /var/run/reboot-required"; exit 1; }
fi
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

105
nixos/hosts/nixosvm/default.nix Normal file
View file

@ -0,0 +1,105 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Host-specific
./hardware-configuration.nix
# Common imports
../common/nixos
../common/nixos/users/truxnell
../common/optional/fish.nix
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/dnscrypt-proxy2.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixosvm"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

37
nixos/hosts/nixosvm/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e9c21872-a682-4418-9fae-a5ff2a16362d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5572-019E";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/34d04571-5752-426a-b4bc-48c88a1a4def"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.virtualbox.guest.enable = true;
}

26
nixos/hosts/playground/README.md Normal file
View file

@ -0,0 +1,26 @@
# Playground NixOS container
Spin up a TTY only container using systemd nspawn to experiment with configuration.
```bash
# Create container from configuration flake
sudo nixos-container create playground \
--local-address 10.235.1.2 \
--host-address 10.235.1.1 \
--flake .#playground
# Update container
sudo nixos-container update playground --flake .#playground
# Start container
sudo nixos-container start playground
# Attach to container TTY
sudo nixos-container login playground
# Stop when done testing
sudo nixos-container stop playground
# Destroy container
sudo nixos-container destroy playground
```

29
nixos/hosts/playground/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
{
imports = [ ./playground.nix ];
boot.isContainer = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking = {
hostName = "playground";
useDHCP = false;
useHostResolvConf = false;
resolvconf.enable = true;
resolvconf.extraConfig = ''
resolv_conf_local_only=NO
name_server_blacklist=127.0.0.1
name_servers=1.1.1.1
'';
};
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "22.05";
nix.gc.automatic = false;
mySystem.home-manager.enable = false;
# Workaround for broken home-manager
systemd.tmpfiles.rules = [
"d /nix/var/nix/gcroots/per-user/${config.mySystem.user} - ${config.mySystem.user} - - -"
"d /nix/var/nix/profiles/per-user/${config.mySystem.user} - ${config.mySystem.user} - - -"
];
}

3
nixos/hosts/playground/playground.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, lib, inputs, outputs, ... }:
{ }

0
nixos/modules/.gitkeep Normal file
View file

0
nixos/overlays/.gitkeep Normal file
View file

9
nixos/overlays/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ inputs, ... }:
{
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

0
nixos/pkgs/.gitkeep Normal file
View file