Consolidate my homelab under one flake. #1

Merged
jahanson merged 2 commits from consolidate-config into main 2024-02-21 10:51:07 -06:00
11 changed files with 700 additions and 88 deletions
Showing only changes of commit 1d68d9c6fc - Show all commits

View file

@ -1,5 +1,5 @@
{
description = "laptop NixOS Flake";
description = "NixOS Homelab";
# This is the standard format for flake.nix.
# `inputs` are the dependencies of the flake,
@ -29,12 +29,38 @@
# Import the configuration.nix here, so that the
# old configuration file can still take effect.
# Note: configuration.nix itself is also a Nixpkgs Module,
./nixos/configuration.nix
./nixos/durincore/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.jahanson = import ./home-manager/home.nix;
home-manager.users.jahanson = import ./home-manager/durincore.nix;
}
];
};
"este" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
./nixos/este/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.jahanson = import ./home-manager/este.nix;
}
];
};
"gandalf" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
./nixos/gandalf/configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.jahanson = import ./home-manager/gandalf.nix;
}
];
};

View file

@ -115,7 +115,7 @@
# it provides the command `nom` works just like `nix`
# with more details log output
nix-output-monitor
nixd
nixd # nix lsp server
# productivity
hugo # static site generator
@ -137,6 +137,18 @@
pciutils # lspci
usbutils # lsusb
rtx # rtx package manager
# Browsers
firefox
vivaldi
vivaldi-ffmpeg-codecs
# Email
thunderbird
# Dev
vscode
termius
];
# starship - an customizable prompt for any shell

152
home-manager/este.nix Normal file
View file

@ -0,0 +1,152 @@
{
config,
pkgs,
...
}: {
home = {
username = "jahanson";
homeDirectory = "/home/jahanson";
};
# basic configuration of git, please change to your own
programs.git = {
enable = true;
userName = "Joseph Hanson";
userEmail = "joe@veri.dev";
};
# exa replacement, ls replacement.
programs.lsd.enable = true;
# Fish configuration
programs.fish = {
enable = true;
shellAliases = {
# lsd
ls = "lsd";
ll = "lsd -l";
la = "lsd -a";
lt = "lsd --tree";
lla = "lsd -la";
# other
df = "df -h";
du = "du -h";
};
# rtx hook-env | source
# rtx activate fish | source
shellInit = ''
direnv hook fish | source
set -gx PATH $PATH $HOME/.krew/bin
'';
functions = {
fish_greeting = {
description = "Set the fish greeting";
body = "neofetch";
};
};
};
# starship - an customizable prompt for any shell
programs.starship = {
enable = true;
# custom settings
settings = {
add_newline = false;
aws.disabled = true;
gcloud.disabled = true;
line_break.disabled = true;
username = {
disabled = false;
show_always = true;
format = "[$user]($style)@";
};
hostname ={
disabled = false;
ssh_only = false;
format = "[$hostname]($style) ";
};
};
};
# Packages that should be installed to the user profile.
home.packages = with pkgs; [
# here is some command line tools I use frequently
# feel free to add your own or remove some of them
neofetch
go-task
# terminal file managers
nnn
ranger
yazi
# archives
zip
xz
unzip
p7zip
# utils
ripgrep # recursively searches directories for a regex pattern
jq # A lightweight and flexible command-line JSON processor
yq-go # yaml processer https://github.com/mikefarah/yq
fzf # A command-line fuzzy finder
age # sops-age encryption
sops
direnv # shell environment management
pre-commit # Pre-commit tasks for git
minio-client # S3 management
shellcheck
envsubst
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
cowsay
file
which
tree
gnused
gnutar
gawk
zstd
gnupg
# nix related
#
# it provides the command `nom` works just like `nix`
# with more details log output
nix-output-monitor
btop # replacement of htop/nmon
iotop # io monitoring
iftop # network monitoring
# system call monitoring
strace # system call monitoring
ltrace # library call monitoring
lsof # list open files
# system tools
sysstat
lm_sensors # for `sensors` command
ethtool
pciutils # lspci
usbutils # lsusb
];
home.stateVersion = "23.11";
programs.home-manager.enable = true;
}

130
home-manager/gandalf.nix Normal file
View file

@ -0,0 +1,130 @@
{
config,
pkgs,
...
}: {
home = {
username = "jahanson";
homeDirectory = "/home/jahanson";
};
# basic configuration of git, please change to your own
programs.git = {
enable = true;
userName = "Joseph Hanson";
userEmail = "joe@veri.dev";
};
# exa replacement, ls replacement.
programs.lsd.enable = true;
# Fish configuration
programs.fish = {
enable = true;
shellAliases = {
# lsd
ls = "lsd";
ll = "lsd -l";
la = "lsd -a";
lt = "lsd --tree";
lla = "lsd -la";
# other
df = "df -h";
du = "du -h";
};
# rtx hook-env | source
# rtx activate fish | source
shellInit = ''
direnv hook fish | source
set -gx PATH $PATH $HOME/.krew/bin
'';
functions = {
fish_greeting = {
description = "Set the fish greeting";
body = "neofetch";
};
};
};
# Packages that should be installed to the user profile.
home.packages = with pkgs; [
# here is some command line tools I use frequently
# feel free to add your own or remove some of them
neofetch
go-task
# terminal file managers
nnn
ranger
yazi
# archives
zip
xz
unzip
p7zip
# utils
ripgrep # recursively searches directories for a regex pattern
jq # A lightweight and flexible command-line JSON processor
yq-go # yaml processer https://github.com/mikefarah/yq
fzf # A command-line fuzzy finder
age # sops-age encryption
sops
direnv # shell environment management
pre-commit # Pre-commit tasks for git
minio-client # S3 management
shellcheck
envsubst
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
cowsay
file
which
tree
gnused
gnutar
gawk
zstd
gnupg
# nix related
#
# it provides the command `nom` works just like `nix`
# with more details log output
nix-output-monitor
btop # replacement of htop/nmon
iotop # io monitoring
iftop # network monitoring
# system call monitoring
strace # system call monitoring
ltrace # library call monitoring
lsof # list open files
# system tools
sysstat
lm_sensors # for `sensors` command
ethtool
pciutils # lspci
usbutils # lsusb
];
home.stateVersion = "23.11";
programs.home-manager.enable = true;
}

92
nixos/common.nix Normal file
View file

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
{
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
supportedFilesystems = [ "nfs" ];
kernelModules = [ "nfs" ];
};
};
fileSystems."/mnt/borg" = {
device = "10.1.1.13:/eru/borg";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" ];
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable fish
programs.fish.enable = true;
# root ssh keys
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
];
# Set up users
users.users.jahanson = {
isNormalUser = true;
description = "Joseph Hanson";
extraGroups = [ "networkmanager" "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
];
};
# Default editor
environment.variables.EDITOR = "vim";
# Time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
git
wget
curl
vim
lazygit
tailscale
python3
ansible
smartmontools
nfs-utils
];
programs.mtr.enable = true;
# Enable/Start Tailscale service
services.tailscale.enable = true;
}

View file

@ -10,50 +10,10 @@
./hardware-configuration.nix
];
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
supportedFilesystems = [ "nfs" ];
kernelModules = [ "nfs" ];
};
};
fileSystems."/mnt/borg" = {
device = "10.1.1.13:/eru/borg";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" ];
};
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
networking.hostName = "durincore"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
# Network settings
networking = {
hostName = "durincore"; # Define your hostname.
networkmanager.enable = true;
};
# Enable the X11 windowing system.
@ -96,46 +56,6 @@
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with 'passwd'.
users.users.jahanson = {
isNormalUser = true;
description = "Joseph Hanson";
extraGroups = [ "networkmanager" "wheel" ];
shell = pkgs.fish;
packages = with pkgs; [
firefox
thunderbird
vscode
vivaldi
vivaldi-ffmpeg-codecs
termius
];
};
environment.variables.EDITOR = "vim";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
git
wget
curl
vim
lazygit
fira-code-nerdfont
tailscale
appimage-run
python3
ansible
gparted
openlens
nfs-utils
];
services.tailscale.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;

View file

@ -0,0 +1,49 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Network settings
networking = {
hostName = "este"; # Define your hostname.
networkmanager.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1c14fc1e-525b-445b-ad2f-ac171c25633a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3D93-F935";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enX0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -0,0 +1,156 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot = {
supportedFilesystems = [ "zfs" ];
zfs.forceImportRoot = false;
kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
zfs.extraPools = [ "eru" ];
};
# sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
# sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
# sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
# sudo zfs set sharenfs inherit eru/xen-backups
# Network settings
networking = {
hostName = "gandalf"; # Define your hostname.
networkmanager.enable = true;
hostId = "e2fc95cd";
};
environment.systemPackages = with pkgs; [
podman-compose
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
# NFS
services.nfs.server.enable = true;
# SMB
services.samba-wsdd = {
# make shares visible for Windows clients
enable = true;
openFirewall = true;
};
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = gandalf
netbios name = gandalf
security = user
# note: localhost is the ipv6 localhost ::1
hosts allow = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
xen = {
path = "/eru/xen-backups";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "apps";
"force group" = "apps";
};
};
};
# Enable podman
virtualisation.podman = {
enable = true;
# `docker` alias for podman
dockerCompat = true;
# Required for podman-compose so pods can talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
# TODO: Add xen-orchestra
# virtualisation.oci-containers = {
# xen-orchestra = {
# image = "xen-orchestra";
# ports = [ "80:80" ];
# volumes = [ "/eru/xen-backups:/backups" ];
# };
# };
# ZFS automated snapshots
services.sanoid = {
enable = true;
datasets = {
"eru/xen-backups" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

View file

@ -0,0 +1,41 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/339D-40E5";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp130s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}