diff options
| -rw-r--r-- | common/cachix.nix | 13 | ||||
| -rw-r--r-- | common/cachix/nix-community.nix | 11 | ||||
| -rw-r--r-- | common/cachix/veloren-nix.nix | 12 | ||||
| -rw-r--r-- | common/common.nix | 16 | ||||
| -rw-r--r-- | common/desktop.nix | 62 | ||||
| -rw-r--r-- | common/headless.nix (renamed from common/default.nix) | 24 | ||||
| -rw-r--r-- | flake.nix | 11 | ||||
| -rw-r--r-- | hosts/abbenay/configuration.nix | 58 | ||||
| -rw-r--r-- | hosts/abbenay/hardware-configuration.nix | 35 |
9 files changed, 220 insertions, 22 deletions
diff --git a/common/cachix.nix b/common/cachix.nix new file mode 100644 index 0000000..88b2f08 --- /dev/null +++ b/common/cachix.nix @@ -0,0 +1,13 @@ + +# WARN: this file will get overwritten by $ cachix use <name> +{ pkgs, lib, ... }: + +let + folder = ./cachix; + toImport = name: value: folder + ("/" + name); + filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in { + inherit imports; + nix.binaryCaches = ["https://cache.nixos.org/"]; +} diff --git a/common/cachix/nix-community.nix b/common/cachix/nix-community.nix new file mode 100644 index 0000000..427a518 --- /dev/null +++ b/common/cachix/nix-community.nix @@ -0,0 +1,11 @@ + +{ + nix = { + binaryCaches = [ + "https://nix-community.cachix.org" + ]; + binaryCachePublicKeys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; +} diff --git a/common/cachix/veloren-nix.nix b/common/cachix/veloren-nix.nix new file mode 100644 index 0000000..37fb947 --- /dev/null +++ b/common/cachix/veloren-nix.nix @@ -0,0 +1,12 @@ + +{ + nix = { + binaryCaches = [ + "https://veloren-nix.cachix.org" + ]; + binaryCachePublicKeys = [ + "veloren-nix.cachix.org-1:zokfKJqVsNV6kI/oJdLF6TYBdNPYGSb+diMVQPn/5Rc=" + ]; + }; +} +
\ No newline at end of file diff --git a/common/common.nix b/common/common.nix new file mode 100644 index 0000000..b0aeb26 --- /dev/null +++ b/common/common.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + + services.journald.extraConfig = "MaxRetentionSec=48h"; + + + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ + wget vim htop dnsutils inetutils iftop manpages + ]; + + +} diff --git a/common/desktop.nix b/common/desktop.nix new file mode 100644 index 0000000..eb94b6e --- /dev/null +++ b/common/desktop.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./common.nix + ./cachix.nix + ]; + + nix.package = pkgs.nix_2_4; + nix.extraOptions = '' + netrc-file = /home/stuebinm/Dokumente/.netrc + experimental-features = nix-command flakes + ''; + + virtualisation.podman.enable = true; + + # Select internationalisation properties. + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = [ pkgs.epson-escpr2 pkgs.epson-escpr ]; + }; + + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e,caps:escape"; + + users.mutableUsers = false; + users.defaultUserShell = pkgs.fish; + users.users.stuebinm = { + isNormalUser = true; + extraGroups = [ "docker" "wheel" ]; # Enable ‘sudo’ for the user. + home = "/home/stuebinm"; + hashedPassword = "$6$IULsCnY7HjDHAJWs$05DYuwXsfWWKj6m3KTWCPp5k9HuQikIamNBzn2GihMG8oeEf5c8YkXlwuO6uTnX8ZFmyAQdhXfO5yYNEM/YTm0"; + useDefaultShell = true; + }; + + + services.syncthing = { + enable = true; + user = "stuebinm"; + guiAddress = "syncthing.localhost:3000"; + dataDir = "/home/stuebinm/syncthing"; + configDir = "/home/stuebinm/syncthing/.config/syncthing"; + }; + + networking.hosts = { + "127.0.0.1" = [ "syncthing.localhost" ]; + }; + +} diff --git a/common/default.nix b/common/headless.nix index 1b87571..6c4127e 100644 --- a/common/default.nix +++ b/common/headless.nix @@ -1,32 +1,19 @@ { config, lib, pkgs, ... }: -let - sources = import ../nix/sources.nix; -in { - imports = [ - ../modules - ]; +{ + imports = [ ./common.nix ]; networking.domain = lib.mkDefault "stuebinm.eu"; - - services.journald.extraConfig = "MaxRetentionSec=48h"; + nix.gc = { automatic = lib.mkDefault true; options = lib.mkDefault "--delete-older-than 1w"; }; - - - i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "Europe/Amsterdam"; - - environment.systemPackages = with pkgs; [ - wget vim htop dnsutils inetutils iftop manpages - ]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw==" ]; - + services.openssh = { enable = true; permitRootLogin = "prohibit-password"; @@ -34,7 +21,8 @@ in { }; security.sudo.enable = false; - + + security.acme = { acceptTerms = true; email = "stuebinm@disroot.org"; @@ -30,15 +30,18 @@ outputs = { self, nixpkgs, ... }@inputs: { nixosConfigurations = - let mkConfig = config: nixpkgs.lib.nixosSystem { + let mkConfig = imports: config: nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ config ./common/default.nix ]; + modules = [ config ] ++ imports; specialArgs = { inherit inputs; }; }; + mkServer = mkConfig [ ./common/headless.nix ]; + mkDesktop = mkConfig [ ./common/desktop.nix ]; in { - chaski = mkConfig ./hosts/chaski/configuration.nix; - flora = mkConfig ./hosts/flora/configuration.nix; + chaski = mkServer ./hosts/chaski/configuration.nix; + flora = mkServer ./hosts/flora/configuration.nix; + abbenay = mkDesktop ./hosts/abbenay/configuration.nix; }; }; } diff --git a/hosts/abbenay/configuration.nix b/hosts/abbenay/configuration.nix new file mode 100644 index 0000000..2aabaa7 --- /dev/null +++ b/hosts/abbenay/configuration.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + services.flatpak.enable = true; + services.avahi.enable = true; + services.avahi.nssmdns = true; + + services.xserver = { + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false; + + environment.systemPackages = with pkgs; [ + gnome3.gnome-tweaks + flatpak flatpak-builder + # for mounting samba + cifs-utils + ]; + + networking = { + hostName = "matthias-nix"; + + useDHCP = false; + interfaces.enp3s0.useDHCP = true; + # networkmanager shouldn't handle nixos container + networkmanager.unmanaged = [ "interface-name:ve-*" ]; + }; + # nixos containers should have internet access + networking.nat = { + enable = true; + internalInterfaces = ["ve-+"]; + externalInterface = "eth0"; + }; + + boot = { + extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + kernelModules = [ "v4l2loopback" ]; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.03"; # Did you read the comment? + +} diff --git a/hosts/abbenay/hardware-configuration.nix b/hosts/abbenay/hardware-configuration.nix new file mode 100644 index 0000000..876431d --- /dev/null +++ b/hosts/abbenay/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ba8853b3-6e52-49d6-a250-6d99b8dfe6d6"; + fsType = "ext4"; + }; + fileSystems."/home" = + { device = "/dev/disk/by-label/nix-space"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0F28-FE85"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/6e9fddfc-99d2-46d2-bcb4-d8c5e1c19d38"; } + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} |