Consolidate my homelab under one flake. #1
11 changed files with 700 additions and 88 deletions
32
flake.nix
32
flake.nix
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
description = "laptop NixOS Flake";
|
||||
description = "NixOS Homelab";
|
||||
|
||||
# This is the standard format for flake.nix.
|
||||
# `inputs` are the dependencies of the flake,
|
||||
|
@ -29,12 +29,38 @@
|
|||
# Import the configuration.nix here, so that the
|
||||
# old configuration file can still take effect.
|
||||
# Note: configuration.nix itself is also a Nixpkgs Module,
|
||||
./nixos/configuration.nix
|
||||
./nixos/durincore/configuration.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jahanson = import ./home-manager/home.nix;
|
||||
home-manager.users.jahanson = import ./home-manager/durincore.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
"este" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./nixos/este/configuration.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jahanson = import ./home-manager/este.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
"gandalf" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./nixos/gandalf/configuration.nix
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.jahanson = import ./home-manager/gandalf.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -115,7 +115,7 @@
|
|||
# it provides the command `nom` works just like `nix`
|
||||
# with more details log output
|
||||
nix-output-monitor
|
||||
nixd
|
||||
nixd # nix lsp server
|
||||
|
||||
# productivity
|
||||
hugo # static site generator
|
||||
|
@ -137,6 +137,18 @@
|
|||
pciutils # lspci
|
||||
usbutils # lsusb
|
||||
rtx # rtx package manager
|
||||
|
||||
# Browsers
|
||||
firefox
|
||||
vivaldi
|
||||
vivaldi-ffmpeg-codecs
|
||||
|
||||
# Email
|
||||
thunderbird
|
||||
|
||||
# Dev
|
||||
vscode
|
||||
termius
|
||||
];
|
||||
|
||||
# starship - an customizable prompt for any shell
|
152
home-manager/este.nix
Normal file
152
home-manager/este.nix
Normal file
|
@ -0,0 +1,152 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
|
||||
home = {
|
||||
username = "jahanson";
|
||||
homeDirectory = "/home/jahanson";
|
||||
};
|
||||
|
||||
# basic configuration of git, please change to your own
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Joseph Hanson";
|
||||
userEmail = "joe@veri.dev";
|
||||
};
|
||||
|
||||
|
||||
# exa replacement, ls replacement.
|
||||
programs.lsd.enable = true;
|
||||
|
||||
# Fish configuration
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
# lsd
|
||||
ls = "lsd";
|
||||
ll = "lsd -l";
|
||||
la = "lsd -a";
|
||||
lt = "lsd --tree";
|
||||
lla = "lsd -la";
|
||||
|
||||
# other
|
||||
df = "df -h";
|
||||
du = "du -h";
|
||||
};
|
||||
# rtx hook-env | source
|
||||
# rtx activate fish | source
|
||||
shellInit = ''
|
||||
direnv hook fish | source
|
||||
set -gx PATH $PATH $HOME/.krew/bin
|
||||
'';
|
||||
functions = {
|
||||
fish_greeting = {
|
||||
description = "Set the fish greeting";
|
||||
body = "neofetch";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# starship - an customizable prompt for any shell
|
||||
programs.starship = {
|
||||
enable = true;
|
||||
# custom settings
|
||||
settings = {
|
||||
add_newline = false;
|
||||
aws.disabled = true;
|
||||
gcloud.disabled = true;
|
||||
line_break.disabled = true;
|
||||
username = {
|
||||
disabled = false;
|
||||
show_always = true;
|
||||
format = "[$user]($style)@";
|
||||
};
|
||||
hostname ={
|
||||
disabled = false;
|
||||
ssh_only = false;
|
||||
format = "[$hostname]($style) ";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Packages that should be installed to the user profile.
|
||||
home.packages = with pkgs; [
|
||||
# here is some command line tools I use frequently
|
||||
# feel free to add your own or remove some of them
|
||||
|
||||
neofetch
|
||||
go-task
|
||||
|
||||
# terminal file managers
|
||||
nnn
|
||||
ranger
|
||||
yazi
|
||||
|
||||
# archives
|
||||
zip
|
||||
xz
|
||||
unzip
|
||||
p7zip
|
||||
|
||||
# utils
|
||||
ripgrep # recursively searches directories for a regex pattern
|
||||
jq # A lightweight and flexible command-line JSON processor
|
||||
yq-go # yaml processer https://github.com/mikefarah/yq
|
||||
fzf # A command-line fuzzy finder
|
||||
age # sops-age encryption
|
||||
sops
|
||||
direnv # shell environment management
|
||||
pre-commit # Pre-commit tasks for git
|
||||
minio-client # S3 management
|
||||
shellcheck
|
||||
envsubst
|
||||
|
||||
# networking tools
|
||||
mtr # A network diagnostic tool
|
||||
iperf3
|
||||
dnsutils # `dig` + `nslookup`
|
||||
ldns # replacement of `dig`, it provide the command `drill`
|
||||
aria2 # A lightweight multi-protocol & multi-source command-line download utility
|
||||
socat # replacement of openbsd-netcat
|
||||
nmap # A utility for network discovery and security auditing
|
||||
ipcalc # it is a calculator for the IPv4/v6 addresses
|
||||
|
||||
# misc
|
||||
cowsay
|
||||
file
|
||||
which
|
||||
tree
|
||||
gnused
|
||||
gnutar
|
||||
gawk
|
||||
zstd
|
||||
gnupg
|
||||
|
||||
# nix related
|
||||
#
|
||||
# it provides the command `nom` works just like `nix`
|
||||
# with more details log output
|
||||
nix-output-monitor
|
||||
|
||||
btop # replacement of htop/nmon
|
||||
iotop # io monitoring
|
||||
iftop # network monitoring
|
||||
|
||||
# system call monitoring
|
||||
strace # system call monitoring
|
||||
ltrace # library call monitoring
|
||||
lsof # list open files
|
||||
|
||||
# system tools
|
||||
sysstat
|
||||
lm_sensors # for `sensors` command
|
||||
ethtool
|
||||
pciutils # lspci
|
||||
usbutils # lsusb
|
||||
];
|
||||
|
||||
home.stateVersion = "23.11";
|
||||
programs.home-manager.enable = true;
|
||||
}
|
130
home-manager/gandalf.nix
Normal file
130
home-manager/gandalf.nix
Normal file
|
@ -0,0 +1,130 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
|
||||
home = {
|
||||
username = "jahanson";
|
||||
homeDirectory = "/home/jahanson";
|
||||
};
|
||||
|
||||
# basic configuration of git, please change to your own
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Joseph Hanson";
|
||||
userEmail = "joe@veri.dev";
|
||||
};
|
||||
|
||||
|
||||
# exa replacement, ls replacement.
|
||||
programs.lsd.enable = true;
|
||||
|
||||
# Fish configuration
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
# lsd
|
||||
ls = "lsd";
|
||||
ll = "lsd -l";
|
||||
la = "lsd -a";
|
||||
lt = "lsd --tree";
|
||||
lla = "lsd -la";
|
||||
|
||||
# other
|
||||
df = "df -h";
|
||||
du = "du -h";
|
||||
};
|
||||
# rtx hook-env | source
|
||||
# rtx activate fish | source
|
||||
shellInit = ''
|
||||
direnv hook fish | source
|
||||
set -gx PATH $PATH $HOME/.krew/bin
|
||||
'';
|
||||
functions = {
|
||||
fish_greeting = {
|
||||
description = "Set the fish greeting";
|
||||
body = "neofetch";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Packages that should be installed to the user profile.
|
||||
home.packages = with pkgs; [
|
||||
# here is some command line tools I use frequently
|
||||
# feel free to add your own or remove some of them
|
||||
|
||||
neofetch
|
||||
go-task
|
||||
|
||||
# terminal file managers
|
||||
nnn
|
||||
ranger
|
||||
yazi
|
||||
|
||||
# archives
|
||||
zip
|
||||
xz
|
||||
unzip
|
||||
p7zip
|
||||
|
||||
# utils
|
||||
ripgrep # recursively searches directories for a regex pattern
|
||||
jq # A lightweight and flexible command-line JSON processor
|
||||
yq-go # yaml processer https://github.com/mikefarah/yq
|
||||
fzf # A command-line fuzzy finder
|
||||
age # sops-age encryption
|
||||
sops
|
||||
direnv # shell environment management
|
||||
pre-commit # Pre-commit tasks for git
|
||||
minio-client # S3 management
|
||||
shellcheck
|
||||
envsubst
|
||||
|
||||
# networking tools
|
||||
mtr # A network diagnostic tool
|
||||
iperf3
|
||||
dnsutils # `dig` + `nslookup`
|
||||
ldns # replacement of `dig`, it provide the command `drill`
|
||||
aria2 # A lightweight multi-protocol & multi-source command-line download utility
|
||||
socat # replacement of openbsd-netcat
|
||||
nmap # A utility for network discovery and security auditing
|
||||
ipcalc # it is a calculator for the IPv4/v6 addresses
|
||||
|
||||
# misc
|
||||
cowsay
|
||||
file
|
||||
which
|
||||
tree
|
||||
gnused
|
||||
gnutar
|
||||
gawk
|
||||
zstd
|
||||
gnupg
|
||||
|
||||
# nix related
|
||||
#
|
||||
# it provides the command `nom` works just like `nix`
|
||||
# with more details log output
|
||||
nix-output-monitor
|
||||
|
||||
btop # replacement of htop/nmon
|
||||
iotop # io monitoring
|
||||
iftop # network monitoring
|
||||
|
||||
# system call monitoring
|
||||
strace # system call monitoring
|
||||
ltrace # library call monitoring
|
||||
lsof # list open files
|
||||
|
||||
# system tools
|
||||
sysstat
|
||||
lm_sensors # for `sensors` command
|
||||
ethtool
|
||||
pciutils # lspci
|
||||
usbutils # lsusb
|
||||
];
|
||||
|
||||
home.stateVersion = "23.11";
|
||||
programs.home-manager.enable = true;
|
||||
}
|
92
nixos/common.nix
Normal file
92
nixos/common.nix
Normal file
|
@ -0,0 +1,92 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
|
||||
# Bootloader.
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd = {
|
||||
supportedFilesystems = [ "nfs" ];
|
||||
kernelModules = [ "nfs" ];
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/mnt/borg" = {
|
||||
device = "10.1.1.13:/eru/borg";
|
||||
fsType = "nfs";
|
||||
options = [ "x-systemd.automount" "noauto" ];
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# Enable fish
|
||||
programs.fish.enable = true;
|
||||
|
||||
# root ssh keys
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
|
||||
];
|
||||
|
||||
# Set up users
|
||||
users.users.jahanson = {
|
||||
isNormalUser = true;
|
||||
description = "Joseph Hanson";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
shell = pkgs.fish;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
|
||||
];
|
||||
};
|
||||
|
||||
# Default editor
|
||||
environment.variables.EDITOR = "vim";
|
||||
# Time zone.
|
||||
time.timeZone = "America/Chicago";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
git
|
||||
wget
|
||||
curl
|
||||
vim
|
||||
lazygit
|
||||
tailscale
|
||||
python3
|
||||
ansible
|
||||
smartmontools
|
||||
nfs-utils
|
||||
];
|
||||
|
||||
programs.mtr.enable = true;
|
||||
|
||||
# Enable/Start Tailscale service
|
||||
services.tailscale.enable = true;
|
||||
|
||||
}
|
|
@ -10,50 +10,10 @@
|
|||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd = {
|
||||
supportedFilesystems = [ "nfs" ];
|
||||
kernelModules = [ "nfs" ];
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/mnt/borg" = {
|
||||
device = "10.1.1.13:/eru/borg";
|
||||
fsType = "nfs";
|
||||
options = [ "x-systemd.automount" "noauto" ];
|
||||
};
|
||||
|
||||
programs.fish.enable = true;
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
networking.hostName = "durincore"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "America/Chicago";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
# Network settings
|
||||
networking = {
|
||||
hostName = "durincore"; # Define your hostname.
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
|
@ -96,46 +56,6 @@
|
|||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with 'passwd'.
|
||||
users.users.jahanson = {
|
||||
isNormalUser = true;
|
||||
description = "Joseph Hanson";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
shell = pkgs.fish;
|
||||
packages = with pkgs; [
|
||||
firefox
|
||||
thunderbird
|
||||
vscode
|
||||
vivaldi
|
||||
vivaldi-ffmpeg-codecs
|
||||
termius
|
||||
];
|
||||
};
|
||||
environment.variables.EDITOR = "vim";
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
git
|
||||
wget
|
||||
curl
|
||||
vim
|
||||
lazygit
|
||||
fira-code-nerdfont
|
||||
tailscale
|
||||
appimage-run
|
||||
python3
|
||||
ansible
|
||||
gparted
|
||||
openlens
|
||||
nfs-utils
|
||||
];
|
||||
services.tailscale.enable = true;
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
programs.mtr.enable = true;
|
49
nixos/este/configuration.nix
Normal file
49
nixos/este/configuration.nix
Normal file
|
@ -0,0 +1,49 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running 'nixos-help').
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Network settings
|
||||
networking = {
|
||||
hostName = "este"; # Define your hostname.
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It's perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
|
||||
}
|
34
nixos/este/hardware-configuration.nix
Normal file
34
nixos/este/hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/1c14fc1e-525b-445b-ad2f-ac171c25633a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/3D93-F935";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enX0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
156
nixos/gandalf/configuration.nix
Normal file
156
nixos/gandalf/configuration.nix
Normal file
|
@ -0,0 +1,156 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page, on
|
||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot = {
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
zfs.forceImportRoot = false;
|
||||
kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
|
||||
zfs.extraPools = [ "eru" ];
|
||||
};
|
||||
|
||||
# sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
|
||||
# sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
|
||||
# sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
|
||||
# sudo zfs set sharenfs inherit eru/xen-backups
|
||||
|
||||
# Network settings
|
||||
networking = {
|
||||
hostName = "gandalf"; # Define your hostname.
|
||||
networkmanager.enable = true;
|
||||
hostId = "e2fc95cd";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
podman-compose
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
};
|
||||
|
||||
# NFS
|
||||
services.nfs.server.enable = true;
|
||||
|
||||
# SMB
|
||||
services.samba-wsdd = {
|
||||
# make shares visible for Windows clients
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = gandalf
|
||||
netbios name = gandalf
|
||||
security = user
|
||||
# note: localhost is the ipv6 localhost ::1
|
||||
hosts allow = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
'';
|
||||
shares = {
|
||||
xen = {
|
||||
path = "/eru/xen-backups";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "0755";
|
||||
"force user" = "apps";
|
||||
"force group" = "apps";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable podman
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
|
||||
# `docker` alias for podman
|
||||
dockerCompat = true;
|
||||
|
||||
# Required for podman-compose so pods can talk to each other.
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
|
||||
};
|
||||
|
||||
# TODO: Add xen-orchestra
|
||||
# virtualisation.oci-containers = {
|
||||
# xen-orchestra = {
|
||||
# image = "xen-orchestra";
|
||||
# ports = [ "80:80" ];
|
||||
# volumes = [ "/eru/xen-backups:/backups" ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# ZFS automated snapshots
|
||||
services.sanoid = {
|
||||
enable = true;
|
||||
datasets = {
|
||||
"eru/xen-backups" = {
|
||||
recursive = true;
|
||||
autoprune = true;
|
||||
autosnap = true;
|
||||
hourly = 24;
|
||||
daily = 7;
|
||||
monthly = 12;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
# system.copySystemConfiguration = true;
|
||||
|
||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||
#
|
||||
# Most users should NEVER change this value after the initial install, for any reason,
|
||||
# even if you've upgraded your system to a new NixOS release.
|
||||
#
|
||||
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||
# so changing it will NOT upgrade your system.
|
||||
#
|
||||
# This value being lower than the current NixOS release does NOT mean your system is
|
||||
# out of date, out of support, or vulnerable.
|
||||
#
|
||||
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||
# and migrated your data accordingly.
|
||||
#
|
||||
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
|
||||
}
|
41
nixos/gandalf/hardware-configuration.nix
Normal file
41
nixos/gandalf/hardware-configuration.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/339D-40E5";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp130s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
Reference in a new issue