Merge pull request 'Consolidate my homelab under one flake.' (#1) from consolidate-config into main
Reviewed-on: jahanson/nixos-config#1
This commit is contained in:
commit
88a372c1ad
11 changed files with 703 additions and 88 deletions
35
flake.nix
35
flake.nix
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
description = "laptop NixOS Flake";
|
description = "NixOS Homelab";
|
||||||
|
|
||||||
# This is the standard format for flake.nix.
|
# This is the standard format for flake.nix.
|
||||||
# `inputs` are the dependencies of the flake,
|
# `inputs` are the dependencies of the flake,
|
||||||
|
@ -29,12 +29,41 @@
|
||||||
# Import the configuration.nix here, so that the
|
# Import the configuration.nix here, so that the
|
||||||
# old configuration file can still take effect.
|
# old configuration file can still take effect.
|
||||||
# Note: configuration.nix itself is also a Nixpkgs Module,
|
# Note: configuration.nix itself is also a Nixpkgs Module,
|
||||||
./nixos/configuration.nix
|
./nixos/durincore/configuration.nix
|
||||||
|
./nixos/common.nix
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.useUserPackages = true;
|
home-manager.useUserPackages = true;
|
||||||
home-manager.users.jahanson = import ./home-manager/home.nix;
|
home-manager.users.jahanson = import ./home-manager/durincore.nix;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
"este" = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = inputs;
|
||||||
|
modules = [
|
||||||
|
./nixos/este/configuration.nix
|
||||||
|
./nixos/common.nix
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
|
{
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users.jahanson = import ./home-manager/este.nix;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
"gandalf" = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = inputs;
|
||||||
|
modules = [
|
||||||
|
./nixos/gandalf/configuration.nix
|
||||||
|
./nixos/common.nix
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
|
{
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users.jahanson = import ./home-manager/gandalf.nix;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -115,7 +115,7 @@
|
||||||
# it provides the command `nom` works just like `nix`
|
# it provides the command `nom` works just like `nix`
|
||||||
# with more details log output
|
# with more details log output
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
nixd
|
nixd # nix lsp server
|
||||||
|
|
||||||
# productivity
|
# productivity
|
||||||
hugo # static site generator
|
hugo # static site generator
|
||||||
|
@ -137,6 +137,18 @@
|
||||||
pciutils # lspci
|
pciutils # lspci
|
||||||
usbutils # lsusb
|
usbutils # lsusb
|
||||||
rtx # rtx package manager
|
rtx # rtx package manager
|
||||||
|
|
||||||
|
# Browsers
|
||||||
|
firefox
|
||||||
|
vivaldi
|
||||||
|
vivaldi-ffmpeg-codecs
|
||||||
|
|
||||||
|
# Email
|
||||||
|
thunderbird
|
||||||
|
|
||||||
|
# Dev
|
||||||
|
vscode
|
||||||
|
termius
|
||||||
];
|
];
|
||||||
|
|
||||||
# starship - an customizable prompt for any shell
|
# starship - an customizable prompt for any shell
|
152
home-manager/este.nix
Normal file
152
home-manager/este.nix
Normal file
|
@ -0,0 +1,152 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
|
||||||
|
home = {
|
||||||
|
username = "jahanson";
|
||||||
|
homeDirectory = "/home/jahanson";
|
||||||
|
};
|
||||||
|
|
||||||
|
# basic configuration of git, please change to your own
|
||||||
|
programs.git = {
|
||||||
|
enable = true;
|
||||||
|
userName = "Joseph Hanson";
|
||||||
|
userEmail = "joe@veri.dev";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# exa replacement, ls replacement.
|
||||||
|
programs.lsd.enable = true;
|
||||||
|
|
||||||
|
# Fish configuration
|
||||||
|
programs.fish = {
|
||||||
|
enable = true;
|
||||||
|
shellAliases = {
|
||||||
|
# lsd
|
||||||
|
ls = "lsd";
|
||||||
|
ll = "lsd -l";
|
||||||
|
la = "lsd -a";
|
||||||
|
lt = "lsd --tree";
|
||||||
|
lla = "lsd -la";
|
||||||
|
|
||||||
|
# other
|
||||||
|
df = "df -h";
|
||||||
|
du = "du -h";
|
||||||
|
};
|
||||||
|
# rtx hook-env | source
|
||||||
|
# rtx activate fish | source
|
||||||
|
shellInit = ''
|
||||||
|
direnv hook fish | source
|
||||||
|
set -gx PATH $PATH $HOME/.krew/bin
|
||||||
|
'';
|
||||||
|
functions = {
|
||||||
|
fish_greeting = {
|
||||||
|
description = "Set the fish greeting";
|
||||||
|
body = "neofetch";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# starship - an customizable prompt for any shell
|
||||||
|
programs.starship = {
|
||||||
|
enable = true;
|
||||||
|
# custom settings
|
||||||
|
settings = {
|
||||||
|
add_newline = false;
|
||||||
|
aws.disabled = true;
|
||||||
|
gcloud.disabled = true;
|
||||||
|
line_break.disabled = true;
|
||||||
|
username = {
|
||||||
|
disabled = false;
|
||||||
|
show_always = true;
|
||||||
|
format = "[$user]($style)@";
|
||||||
|
};
|
||||||
|
hostname ={
|
||||||
|
disabled = false;
|
||||||
|
ssh_only = false;
|
||||||
|
format = "[$hostname]($style) ";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Packages that should be installed to the user profile.
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
# here is some command line tools I use frequently
|
||||||
|
# feel free to add your own or remove some of them
|
||||||
|
|
||||||
|
neofetch
|
||||||
|
go-task
|
||||||
|
|
||||||
|
# terminal file managers
|
||||||
|
nnn
|
||||||
|
ranger
|
||||||
|
yazi
|
||||||
|
|
||||||
|
# archives
|
||||||
|
zip
|
||||||
|
xz
|
||||||
|
unzip
|
||||||
|
p7zip
|
||||||
|
|
||||||
|
# utils
|
||||||
|
ripgrep # recursively searches directories for a regex pattern
|
||||||
|
jq # A lightweight and flexible command-line JSON processor
|
||||||
|
yq-go # yaml processer https://github.com/mikefarah/yq
|
||||||
|
fzf # A command-line fuzzy finder
|
||||||
|
age # sops-age encryption
|
||||||
|
sops
|
||||||
|
direnv # shell environment management
|
||||||
|
pre-commit # Pre-commit tasks for git
|
||||||
|
minio-client # S3 management
|
||||||
|
shellcheck
|
||||||
|
envsubst
|
||||||
|
|
||||||
|
# networking tools
|
||||||
|
mtr # A network diagnostic tool
|
||||||
|
iperf3
|
||||||
|
dnsutils # `dig` + `nslookup`
|
||||||
|
ldns # replacement of `dig`, it provide the command `drill`
|
||||||
|
aria2 # A lightweight multi-protocol & multi-source command-line download utility
|
||||||
|
socat # replacement of openbsd-netcat
|
||||||
|
nmap # A utility for network discovery and security auditing
|
||||||
|
ipcalc # it is a calculator for the IPv4/v6 addresses
|
||||||
|
|
||||||
|
# misc
|
||||||
|
cowsay
|
||||||
|
file
|
||||||
|
which
|
||||||
|
tree
|
||||||
|
gnused
|
||||||
|
gnutar
|
||||||
|
gawk
|
||||||
|
zstd
|
||||||
|
gnupg
|
||||||
|
|
||||||
|
# nix related
|
||||||
|
#
|
||||||
|
# it provides the command `nom` works just like `nix`
|
||||||
|
# with more details log output
|
||||||
|
nix-output-monitor
|
||||||
|
|
||||||
|
btop # replacement of htop/nmon
|
||||||
|
iotop # io monitoring
|
||||||
|
iftop # network monitoring
|
||||||
|
|
||||||
|
# system call monitoring
|
||||||
|
strace # system call monitoring
|
||||||
|
ltrace # library call monitoring
|
||||||
|
lsof # list open files
|
||||||
|
|
||||||
|
# system tools
|
||||||
|
sysstat
|
||||||
|
lm_sensors # for `sensors` command
|
||||||
|
ethtool
|
||||||
|
pciutils # lspci
|
||||||
|
usbutils # lsusb
|
||||||
|
];
|
||||||
|
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
programs.home-manager.enable = true;
|
||||||
|
}
|
130
home-manager/gandalf.nix
Normal file
130
home-manager/gandalf.nix
Normal file
|
@ -0,0 +1,130 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
|
||||||
|
home = {
|
||||||
|
username = "jahanson";
|
||||||
|
homeDirectory = "/home/jahanson";
|
||||||
|
};
|
||||||
|
|
||||||
|
# basic configuration of git, please change to your own
|
||||||
|
programs.git = {
|
||||||
|
enable = true;
|
||||||
|
userName = "Joseph Hanson";
|
||||||
|
userEmail = "joe@veri.dev";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# exa replacement, ls replacement.
|
||||||
|
programs.lsd.enable = true;
|
||||||
|
|
||||||
|
# Fish configuration
|
||||||
|
programs.fish = {
|
||||||
|
enable = true;
|
||||||
|
shellAliases = {
|
||||||
|
# lsd
|
||||||
|
ls = "lsd";
|
||||||
|
ll = "lsd -l";
|
||||||
|
la = "lsd -a";
|
||||||
|
lt = "lsd --tree";
|
||||||
|
lla = "lsd -la";
|
||||||
|
|
||||||
|
# other
|
||||||
|
df = "df -h";
|
||||||
|
du = "du -h";
|
||||||
|
};
|
||||||
|
# rtx hook-env | source
|
||||||
|
# rtx activate fish | source
|
||||||
|
shellInit = ''
|
||||||
|
direnv hook fish | source
|
||||||
|
set -gx PATH $PATH $HOME/.krew/bin
|
||||||
|
'';
|
||||||
|
functions = {
|
||||||
|
fish_greeting = {
|
||||||
|
description = "Set the fish greeting";
|
||||||
|
body = "neofetch";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Packages that should be installed to the user profile.
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
# here is some command line tools I use frequently
|
||||||
|
# feel free to add your own or remove some of them
|
||||||
|
|
||||||
|
neofetch
|
||||||
|
go-task
|
||||||
|
|
||||||
|
# terminal file managers
|
||||||
|
nnn
|
||||||
|
ranger
|
||||||
|
yazi
|
||||||
|
|
||||||
|
# archives
|
||||||
|
zip
|
||||||
|
xz
|
||||||
|
unzip
|
||||||
|
p7zip
|
||||||
|
|
||||||
|
# utils
|
||||||
|
ripgrep # recursively searches directories for a regex pattern
|
||||||
|
jq # A lightweight and flexible command-line JSON processor
|
||||||
|
yq-go # yaml processer https://github.com/mikefarah/yq
|
||||||
|
fzf # A command-line fuzzy finder
|
||||||
|
age # sops-age encryption
|
||||||
|
sops
|
||||||
|
direnv # shell environment management
|
||||||
|
pre-commit # Pre-commit tasks for git
|
||||||
|
minio-client # S3 management
|
||||||
|
shellcheck
|
||||||
|
envsubst
|
||||||
|
|
||||||
|
# networking tools
|
||||||
|
mtr # A network diagnostic tool
|
||||||
|
iperf3
|
||||||
|
dnsutils # `dig` + `nslookup`
|
||||||
|
ldns # replacement of `dig`, it provide the command `drill`
|
||||||
|
aria2 # A lightweight multi-protocol & multi-source command-line download utility
|
||||||
|
socat # replacement of openbsd-netcat
|
||||||
|
nmap # A utility for network discovery and security auditing
|
||||||
|
ipcalc # it is a calculator for the IPv4/v6 addresses
|
||||||
|
|
||||||
|
# misc
|
||||||
|
cowsay
|
||||||
|
file
|
||||||
|
which
|
||||||
|
tree
|
||||||
|
gnused
|
||||||
|
gnutar
|
||||||
|
gawk
|
||||||
|
zstd
|
||||||
|
gnupg
|
||||||
|
|
||||||
|
# nix related
|
||||||
|
#
|
||||||
|
# it provides the command `nom` works just like `nix`
|
||||||
|
# with more details log output
|
||||||
|
nix-output-monitor
|
||||||
|
|
||||||
|
btop # replacement of htop/nmon
|
||||||
|
iotop # io monitoring
|
||||||
|
iftop # network monitoring
|
||||||
|
|
||||||
|
# system call monitoring
|
||||||
|
strace # system call monitoring
|
||||||
|
ltrace # library call monitoring
|
||||||
|
lsof # list open files
|
||||||
|
|
||||||
|
# system tools
|
||||||
|
sysstat
|
||||||
|
lm_sensors # for `sensors` command
|
||||||
|
ethtool
|
||||||
|
pciutils # lspci
|
||||||
|
usbutils # lsusb
|
||||||
|
];
|
||||||
|
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
programs.home-manager.enable = true;
|
||||||
|
}
|
92
nixos/common.nix
Normal file
92
nixos/common.nix
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
|
||||||
|
# Bootloader.
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
initrd = {
|
||||||
|
supportedFilesystems = [ "nfs" ];
|
||||||
|
kernelModules = [ "nfs" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/borg" = {
|
||||||
|
device = "10.1.1.13:/eru/borg";
|
||||||
|
fsType = "nfs";
|
||||||
|
options = [ "x-systemd.automount" "noauto" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
|
# Enable fish
|
||||||
|
programs.fish.enable = true;
|
||||||
|
|
||||||
|
# root ssh keys
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set up users
|
||||||
|
users.users.jahanson = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Joseph Hanson";
|
||||||
|
extraGroups = [ "networkmanager" "wheel" ];
|
||||||
|
shell = pkgs.fish;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Default editor
|
||||||
|
environment.variables.EDITOR = "vim";
|
||||||
|
# Time zone.
|
||||||
|
time.timeZone = "America/Chicago";
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
i18n.extraLocaleSettings = {
|
||||||
|
LC_ADDRESS = "en_US.UTF-8";
|
||||||
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||||
|
LC_MEASUREMENT = "en_US.UTF-8";
|
||||||
|
LC_MONETARY = "en_US.UTF-8";
|
||||||
|
LC_NAME = "en_US.UTF-8";
|
||||||
|
LC_NUMERIC = "en_US.UTF-8";
|
||||||
|
LC_PAPER = "en_US.UTF-8";
|
||||||
|
LC_TELEPHONE = "en_US.UTF-8";
|
||||||
|
LC_TIME = "en_US.UTF-8";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow unfree packages
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||||
|
git
|
||||||
|
wget
|
||||||
|
curl
|
||||||
|
vim
|
||||||
|
lazygit
|
||||||
|
tailscale
|
||||||
|
python3
|
||||||
|
ansible
|
||||||
|
smartmontools
|
||||||
|
nfs-utils
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.mtr.enable = true;
|
||||||
|
|
||||||
|
# Enable/Start Tailscale service
|
||||||
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
|
}
|
|
@ -10,50 +10,10 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootloader.
|
# Network settings
|
||||||
boot = {
|
networking = {
|
||||||
loader = {
|
hostName = "durincore"; # Define your hostname.
|
||||||
systemd-boot.enable = true;
|
networkmanager.enable = true;
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
};
|
|
||||||
initrd = {
|
|
||||||
supportedFilesystems = [ "nfs" ];
|
|
||||||
kernelModules = [ "nfs" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/mnt/borg" = {
|
|
||||||
device = "10.1.1.13:/eru/borg";
|
|
||||||
fsType = "nfs";
|
|
||||||
options = [ "x-systemd.automount" "noauto" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.fish.enable = true;
|
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
||||||
|
|
||||||
networking.hostName = "durincore"; # Define your hostname.
|
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
||||||
|
|
||||||
# Enable networking
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "America/Chicago";
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
|
|
||||||
i18n.extraLocaleSettings = {
|
|
||||||
LC_ADDRESS = "en_US.UTF-8";
|
|
||||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
||||||
LC_MEASUREMENT = "en_US.UTF-8";
|
|
||||||
LC_MONETARY = "en_US.UTF-8";
|
|
||||||
LC_NAME = "en_US.UTF-8";
|
|
||||||
LC_NUMERIC = "en_US.UTF-8";
|
|
||||||
LC_PAPER = "en_US.UTF-8";
|
|
||||||
LC_TELEPHONE = "en_US.UTF-8";
|
|
||||||
LC_TIME = "en_US.UTF-8";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
|
@ -96,46 +56,6 @@
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
# services.xserver.libinput.enable = true;
|
# services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with 'passwd'.
|
|
||||||
users.users.jahanson = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "Joseph Hanson";
|
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
|
||||||
shell = pkgs.fish;
|
|
||||||
packages = with pkgs; [
|
|
||||||
firefox
|
|
||||||
thunderbird
|
|
||||||
vscode
|
|
||||||
vivaldi
|
|
||||||
vivaldi-ffmpeg-codecs
|
|
||||||
termius
|
|
||||||
];
|
|
||||||
};
|
|
||||||
environment.variables.EDITOR = "vim";
|
|
||||||
|
|
||||||
# Allow unfree packages
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
# $ nix search wget
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
|
||||||
git
|
|
||||||
wget
|
|
||||||
curl
|
|
||||||
vim
|
|
||||||
lazygit
|
|
||||||
fira-code-nerdfont
|
|
||||||
tailscale
|
|
||||||
appimage-run
|
|
||||||
python3
|
|
||||||
ansible
|
|
||||||
gparted
|
|
||||||
openlens
|
|
||||||
nfs-utils
|
|
||||||
];
|
|
||||||
services.tailscale.enable = true;
|
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
49
nixos/este/configuration.nix
Normal file
49
nixos/este/configuration.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running 'nixos-help').
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Network settings
|
||||||
|
networking = {
|
||||||
|
hostName = "este"; # Define your hostname.
|
||||||
|
networkmanager.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
enableSSHSupport = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
settings.KbdInteractiveAuthentication = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It's perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
34
nixos/este/hardware-configuration.nix
Normal file
34
nixos/este/hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/1c14fc1e-525b-445b-ad2f-ac171c25633a";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/3D93-F935";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enX0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
156
nixos/gandalf/configuration.nix
Normal file
156
nixos/gandalf/configuration.nix
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot = {
|
||||||
|
supportedFilesystems = [ "zfs" ];
|
||||||
|
zfs.forceImportRoot = false;
|
||||||
|
kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
|
||||||
|
zfs.extraPools = [ "eru" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
|
||||||
|
# sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
|
||||||
|
# sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
|
||||||
|
# sudo zfs set sharenfs inherit eru/xen-backups
|
||||||
|
|
||||||
|
# Network settings
|
||||||
|
networking = {
|
||||||
|
hostName = "gandalf"; # Define your hostname.
|
||||||
|
networkmanager.enable = true;
|
||||||
|
hostId = "e2fc95cd";
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
podman-compose
|
||||||
|
];
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
# require public key authentication for better security
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
settings.KbdInteractiveAuthentication = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# NFS
|
||||||
|
services.nfs.server.enable = true;
|
||||||
|
|
||||||
|
# SMB
|
||||||
|
services.samba-wsdd = {
|
||||||
|
# make shares visible for Windows clients
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
securityType = "user";
|
||||||
|
extraConfig = ''
|
||||||
|
workgroup = WORKGROUP
|
||||||
|
server string = gandalf
|
||||||
|
netbios name = gandalf
|
||||||
|
security = user
|
||||||
|
# note: localhost is the ipv6 localhost ::1
|
||||||
|
hosts allow = 0.0.0.0/0
|
||||||
|
guest account = nobody
|
||||||
|
map to guest = bad user
|
||||||
|
'';
|
||||||
|
shares = {
|
||||||
|
xen = {
|
||||||
|
path = "/eru/xen-backups";
|
||||||
|
browseable = "yes";
|
||||||
|
"read only" = "no";
|
||||||
|
"guest ok" = "no";
|
||||||
|
"create mask" = "0644";
|
||||||
|
"directory mask" = "0755";
|
||||||
|
"force user" = "apps";
|
||||||
|
"force group" = "apps";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable podman
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# `docker` alias for podman
|
||||||
|
dockerCompat = true;
|
||||||
|
|
||||||
|
# Required for podman-compose so pods can talk to each other.
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: Add xen-orchestra
|
||||||
|
# virtualisation.oci-containers = {
|
||||||
|
# xen-orchestra = {
|
||||||
|
# image = "xen-orchestra";
|
||||||
|
# ports = [ "80:80" ];
|
||||||
|
# volumes = [ "/eru/xen-backups:/backups" ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# ZFS automated snapshots
|
||||||
|
services.sanoid = {
|
||||||
|
enable = true;
|
||||||
|
datasets = {
|
||||||
|
"eru/xen-backups" = {
|
||||||
|
recursive = true;
|
||||||
|
autoprune = true;
|
||||||
|
autosnap = true;
|
||||||
|
hourly = 24;
|
||||||
|
daily = 7;
|
||||||
|
monthly = 12;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# Copy the NixOS configuration file and link it from the resulting system
|
||||||
|
# (/run/current-system/configuration.nix). This is useful in case you
|
||||||
|
# accidentally delete configuration.nix.
|
||||||
|
# system.copySystemConfiguration = true;
|
||||||
|
|
||||||
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||||
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||||
|
#
|
||||||
|
# Most users should NEVER change this value after the initial install, for any reason,
|
||||||
|
# even if you've upgraded your system to a new NixOS release.
|
||||||
|
#
|
||||||
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||||
|
# so changing it will NOT upgrade your system.
|
||||||
|
#
|
||||||
|
# This value being lower than the current NixOS release does NOT mean your system is
|
||||||
|
# out of date, out of support, or vulnerable.
|
||||||
|
#
|
||||||
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||||
|
# and migrated your data accordingly.
|
||||||
|
#
|
||||||
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
41
nixos/gandalf/hardware-configuration.nix
Normal file
41
nixos/gandalf/hardware-configuration.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/339D-40E5";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp130s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
Reference in a new issue