tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

5 am

Browse source
This commit is contained in:
Tasia Iso 2024-04-22 04:57:27 +02:00
parent b11dc9f775
commit 82815bd863
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
13 changed files with 82 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -23,6 +23,14 @@ Build a configuration: `# nixos-rebuild switch --flake .#phoenix`
Build enry and upload a generation: TODO Build enry and upload a generation: TODO
### git
generate an ssh key: `ssh-keygen -t ed25519`
add to ssh-agent: `ssh-add .ssh/id_ed25519`
add to git: `git config --global user.signingkey ~/.ssh/id_ed25519`
# Hosts # Hosts
## theseus ## theseus

49
common/default.nix
View file

@ -9,25 +9,15 @@
imports = [ imports = [
./packages/neovim.nix ./packages/neovim.nix
./packages/zsh.nix ./packages/zsh.nix
./packages/git.nix
./locales/paris.nix
]; ];
nixpkgs = { nixpkgs = {
# You can add overlays here
overlays = [ overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions outputs.overlays.additions
outputs.overlays.modifications outputs.overlays.modifications
outputs.overlays.unstable-packages outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
]; ];
}; };
@ -53,47 +43,31 @@
auto-optimise-store = true; auto-optimise-store = true;
}; };
# systemd-boot
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
# Set your time zone.
time.timeZone = "Europe/Paris";
services.fwupd.enable = true;
services.tailscale.enable = true;
networking = { networking = {
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = ["tailscale0"]; trustedInterfaces = ["tailscale0"];
}; };
}; };
# sudo and nix can only be used by the wheel group
nix.settings.allowed-users = ["@wheel"]; nix.settings.allowed-users = ["@wheel"];
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
programs.git = { # Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true; enable = true;
config = { enableSSHSupport = true;
user = {
name = "Tasia Iso";
email = "tasiaiso@proton.me";
gpg.format = "ssh";
commit.gpgsign = "true";
# git config --global user.signingkey ~/.ssh/id_ed25519
};
init = {
defaultBranch = "master";
};
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -111,4 +85,9 @@
file file
ffmpeg ffmpeg
]; ];
services = {
fwupd.enable = true;
tailscale.enable = true;
};
} }

7
common/hardware/btrfs.nix Normal file
View file

@ -0,0 +1,7 @@
{lib, ...}: {
services.btrfs.autoScrub = {
enable = true;
interval = "weekly";
fileSystems = lb.mkDefault ["/"];
};
}

2
common/hardware/raspberry-pi.nix
View file

@ -1,4 +1,6 @@
{lib, ...}: { {lib, ...}: {
# Raspberry PI 3 B+
# Disable systemd-boot # Disable systemd-boot
boot.loader = { boot.loader = {
systemd-boot = { systemd-boot = {

3
common/locales/paris.nix Normal file
View file

@ -0,0 +1,3 @@
{
time.timeZone = "Europe/Paris";
}

17
common/packages/git.nix Normal file
View file

@ -0,0 +1,17 @@
{
programs.git = {
enable = true;
config = {
user = {
name = "Tasia Iso";
email = "tasiaiso@proton.me";
gpg.format = "ssh";
commit.gpgsign = "true";
};
init = {
defaultBranch = "master";
};
};
};
}

7
common/packages/steam.nix Normal file
View file

@ -0,0 +1,7 @@
{
programs.steam = {
enable = true;
remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
}

18
hosts/enry/configuration.nix
View file

@ -8,19 +8,15 @@
../../common/default.nix ../../common/default.nix
../../common/hardware/raspberry-pi.nix ../../common/hardware/raspberry-pi.nix
../../common/packages/sshd.nix
../../modules/nixos/vedirect-reader.nix ../../modules/nixos/vedirect-reader.nix
]; ];
networking = { networking = {
hostName = "enry"; hostName = "enry";
firewall.enable = true;
# firewall.allowedTCPPorts = [8080 12345 13378];
# firewall.allowedUDPPorts = [8080];
}; };
# services.vedirect-reader.enable = true;
users.users.user = { users.users.user = {
isNormalUser = true; isNormalUser = true;
description = "User"; description = "User";
@ -32,18 +28,12 @@
]; ];
}; };
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# #
]; ];
# services.vedirect-reader.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

19
hosts/new-new-phoenix/configuration.nix
View file

@ -18,9 +18,10 @@
../../common/de/plasma6.nix ../../common/de/plasma6.nix
# ../../common/de/hyprland.nix # ../../common/de/hyprland.nix
# ../../common/packages/syncthing.nix
../../common/packages/sshd.nix
../../common/tasia-packages.nix ../../common/tasia-packages.nix
../../common/packages/sshd.nix
../../common/packages/steam.nix
# ../../common/packages/syncthing.nix
# ../../modules/nixos/vedirect-reader.nix # ../../modules/nixos/vedirect-reader.nix
]; ];
@ -78,20 +79,6 @@
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# services.flatpak.enable = false; # services.flatpak.enable = false;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
services.syncthing = { services.syncthing = {
dataDir = lib.mkForce "/home/user"; dataDir = lib.mkForce "/home/user";
configDir = lib.mkForce "/data/sync/configuration/"; configDir = lib.mkForce "/data/sync/configuration/";

22
hosts/new-phoenix/configuration.nix
View file

@ -6,13 +6,12 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../common/default.nix ../../common/default.nix
# ../../common/full-install.nix
../../common/locales/en.nix ../../common/locales/en.nix
../../common/locales/fr-keymap.nix ../../common/locales/fr-keymap.nix
../../common/hardware/intelcpu.nix ../../common/hardware/intelcpu.nix
# ../../common/hardware/amdgpu.nix
../../common/hardware/ssd.nix ../../common/hardware/ssd.nix
../../common/hardware/btrfs.nix
../../common/packages/syncthing.nix ../../common/packages/syncthing.nix
../../common/packages/adguardhome.nix ../../common/packages/adguardhome.nix
@ -37,34 +36,19 @@
extraGroups = ["networkmanager" "wheel" "syncthing"]; extraGroups = ["networkmanager" "wheel" "syncthing"];
initialPassword = "correcthorsebatterystaple"; initialPassword = "correcthorsebatterystaple";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# TODO: Add your SSH public key(s) here, if you plan on using SSH to connect "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
]; ];
}; };
services.btrfs.autoScrub = { services.btrfs.autoScrub.fileSystems = ["/" "/data"];
enable = true;
interval = "weekly";
fileSystems = ["/" "/data"];
};
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.syncthing = { services.syncthing = {
dataDir = lib.mkForce "/home/user"; dataDir = lib.mkForce "/home/user";
configDir = lib.mkForce "/data/sync/configuration/"; configDir = lib.mkForce "/data/sync/configuration/";
}; };
# Needed to build enry
boot.binfmt.emulatedSystems = ["aarch64-linux"];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# #
]; ];

28
hosts/phoenix/configuration.nix
View file

@ -14,13 +14,14 @@
../../common/hardware/intelcpu.nix ../../common/hardware/intelcpu.nix
../../common/hardware/amdgpu.nix ../../common/hardware/amdgpu.nix
../../common/hardware/ssd.nix ../../common/hardware/ssd.nix
../../common/hardware/btrfs.nix
../../common/de/plasma6.nix ../../common/de/plasma6.nix
../../common/de/hyprland.nix
../../common/tasia-packages.nix
../../common/packages/syncthing.nix ../../common/packages/syncthing.nix
../../common/packages/adguardhome.nix ../../common/packages/adguardhome.nix
../../common/tasia-packages.nix ../../common/packages/steam.nix
../../modules/nixos/vedirect-reader.nix ../../modules/nixos/vedirect-reader.nix
]; ];
@ -56,39 +57,18 @@
]; ];
}; };
services.btrfs.autoScrub = { services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"];
enable = true;
interval = "weekly";
fileSystems = ["/" "/data"];
};
# services.vedirect-reader.enable = true; # services.vedirect-reader.enable = true;
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.flatpak.enable = false; services.flatpak.enable = false;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
services.syncthing = { services.syncthing = {
dataDir = lib.mkForce "/home/user"; dataDir = lib.mkForce "/home/user";
configDir = lib.mkForce "/data/sync/configuration/"; configDir = lib.mkForce "/data/sync/configuration/";
}; };
# Needed to build enry
boot.binfmt.emulatedSystems = ["aarch64-linux"];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# #
]; ];

9
hosts/stuff/configuration.nix
View file

@ -6,10 +6,13 @@
../../common/locales/fr.nix ../../common/locales/fr.nix
../../common/locales/fr-keymap.nix ../../common/locales/fr-keymap.nix
../../common/hardware/intelcpu.nix ../../common/hardware/intelcpu.nix
../../common/hardware/ssd.nix
../../common/hardware/btrfs.nix
../../common/de/plasma5.nix ../../common/de/plasma5.nix
../../common/packages/syncthing.nix ../../common/packages/syncthing.nix
../../common/packages/sshd.nix
# ../../common/packages/adguardhome.nix # ../../common/packages/adguardhome.nix
]; ];
@ -19,16 +22,12 @@
extraGroups = ["networkmanager" "wheel" "syncthing"]; extraGroups = ["networkmanager" "wheel" "syncthing"];
initialPassword = "correcthorsebatterystaple"; initialPassword = "correcthorsebatterystaple";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# TODO: Add your SSH public key(s) here, if you plan on using SSH to connect "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
]; ];
}; };
networking = { networking = {
hostName = "stuff"; hostName = "stuff";
firewall.enable = true;
#firewall.allowedTCPPorts = [ ];
#firewall.allowedUDPPorts = [ ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

33
hosts/theseus/configuration.nix
View file

@ -14,24 +14,24 @@
../../common/hardware/intelcpu.nix ../../common/hardware/intelcpu.nix
../../common/hardware/nvidiagpu.nix ../../common/hardware/nvidiagpu.nix
../../common/hardware/ssd.nix ../../common/hardware/ssd.nix
../../common/hardware/btrfs.nix
../../common/de/plasma6.nix ../../common/de/plasma6.nix
../../common/de/hyprland.nix ../../common/de/hyprland.nix
../../common/tasia-packages.nix
../../common/packages/syncthing.nix ../../common/packages/syncthing.nix
../../common/packages/adguardhome.nix ../../common/packages/adguardhome.nix
../../common/tasia-packages.nix ../../common/packages/steam.nix
../../common/packages/sshd.nix
]; ];
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
# boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
}; };
networking = { networking = {
hostName = "theseus"; hostName = "theseus";
firewall.enable = true;
}; };
users.users.user = { users.users.user = {
@ -40,32 +40,11 @@
extraGroups = ["networkmanager" "wheel" "syncthing"]; extraGroups = ["networkmanager" "wheel" "syncthing"];
initialPassword = "correcthorsebatterystaple"; initialPassword = "correcthorsebatterystaple";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# TODO: Add your SSH public key(s) here, if you plan on using SSH to connect "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
]; ];
}; };
services.btrfs.autoScrub = { services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"];
enable = true;
interval = "weekly";
fileSystems = ["/"];
};
# virtualisation.docker.enable = true;
# services.flatpak.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
services.syncthing = { services.syncthing = {
dataDir = lib.mkForce "/home/user/Sync/Phone/"; dataDir = lib.mkForce "/home/user/Sync/Phone/";