Replace legacy configuration with the new
The old configuration is still available in the legacy branch of this repository. It contains the mostly server oriented configuration while this new configuration is aimed at desktop usage.
This commit is contained in:
parent
ab0f848847
commit
eff6860aa2
35 changed files with 266 additions and 1091 deletions
26
.github/workflows/main.yml
vendored
26
.github/workflows/main.yml
vendored
|
@ -1,26 +0,0 @@
|
|||
name: "Update flake.lock"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 8 * * *"
|
||||
|
||||
jobs:
|
||||
update_lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@v19
|
||||
with:
|
||||
git-author-name: 'caem'
|
||||
git-author-email: 'caem@dirae.org'
|
||||
git-committer-name: 'caem'
|
||||
git-committer-email: 'caem@dirae.org'
|
||||
pr-title: "Automated: Update flake.lock"
|
||||
pr-labels: |
|
||||
dependencies
|
||||
automated
|
6
.gitignore
vendored
6
.gitignore
vendored
|
@ -1,5 +1 @@
|
|||
nixos/result
|
||||
pw
|
||||
.stfolder
|
||||
privkey
|
||||
privpsk
|
||||
secrets/
|
||||
|
|
42
README.md
42
README.md
|
@ -2,40 +2,12 @@
|
|||
Modular multi-purpose NixOS configuration.
|
||||
|
||||
## About
|
||||
Feel free to do whatever with this configuration.
|
||||
This configuration [erases your darlings](https://grahamc.com/blog/erase-your-darlings/) using ZFS snapshots.
|
||||
Currently only used for my homeserver, [desktop runs on Gentoo](https://git.dirae.org/caem/dotfiles).
|
||||
This is the NixOS configuration I daily drive on my desktop. Feel free to use
|
||||
and modify this configuration to your needs. No attribution required. I hold no
|
||||
accountabilty for whatever you do with this configuration.
|
||||
|
||||
## Layout
|
||||
```
|
||||
/nix/config
|
||||
├── flake.lock
|
||||
├── flake.nix ; Master configuration file
|
||||
├── overlays ; Package overlays
|
||||
├── packages ; Packages with configurations
|
||||
│ ├── nginx
|
||||
│ │ └── homeserver.nix
|
||||
│ ├── syncthing
|
||||
│ │ └── homeserver.nix
|
||||
│ └── vim
|
||||
│ └── package.nix
|
||||
├── pw ; Password of your user
|
||||
├── sets ; Sets of packages
|
||||
│ └── meta
|
||||
│ └── sysadmin.nix
|
||||
├── systems ; System specific configuration
|
||||
│ ├── common.nix
|
||||
│ ├── hardware ; Hardware configuration of each system
|
||||
│ │ ├── homeserver.nix
|
||||
│ │ └── qemu-vm.nix
|
||||
│ ├── homeserver.nix
|
||||
│ ├── persist ; Persistence configuration of each system
|
||||
│ │ ├── common.nix
|
||||
│ │ ├── homeserver.nix
|
||||
│ │ └── qemu-vm.nix
|
||||
│ └── qemu-vm.nix
|
||||
└── users ; User specific configuration
|
||||
├── media.nix
|
||||
├── none.nix
|
||||
└── user.nix
|
||||
```
|
||||
todo
|
||||
|
||||
## Screenshot
|
||||
todo
|
||||
|
|
200
flake.lock
200
flake.lock
|
@ -1,44 +1,12 @@
|
|||
{
|
||||
"nodes": {
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1694622745,
|
||||
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
|
||||
"lastModified": 1708968331,
|
||||
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
|
||||
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -47,178 +15,24 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixops": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1677688500,
|
||||
"narHash": "sha256-yF2tS9Zo8JCIdPjhy19grmJk8wUFMxMu9cPlgfMJuTg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixops",
|
||||
"rev": "fc9b55c55da62f949028143b974f67fdc7f40c8b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixops",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1672525397,
|
||||
"narHash": "sha256-WASDnyxHKWVrEe0dIzkpH+jzKlCKAk0husv0f/9pyxg=",
|
||||
"lastModified": 1712026416,
|
||||
"narHash": "sha256-N/3VR/9e1NlN49p7kCiATiEY6Tzdo+CbrAG8kqCQKcI=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8ba56d7c0d7490680f2d51ba46a141eca7c46afa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-22_11": {
|
||||
"locked": {
|
||||
"lastModified": 1669558522,
|
||||
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
|
||||
"rev": "080a4a27f206d07724b88da096e27ef63401a504",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-22.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1684782344,
|
||||
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1694959747,
|
||||
"narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "970a59bd19eff3752ce552935687100c46e820a5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1694937365,
|
||||
"narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5d017a8822e0907fb96f7700a319f9fe2434de02",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1670751203,
|
||||
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"impermanence": "impermanence",
|
||||
"nixops": "nixops",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"simple-mailserver": "simple-mailserver"
|
||||
}
|
||||
},
|
||||
"simple-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1687462267,
|
||||
"narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "24128c3052090311688b09a400aa408ba61c6ee5",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
65
flake.nix
65
flake.nix
|
@ -1,58 +1,19 @@
|
|||
{
|
||||
description = "Modular multi-purpose NixOS configuration.";
|
||||
description = "Modular NixOS configuration.";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
inputs = {
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/Impermanence
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
|
||||
simple-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixops, ... }@attrs: let
|
||||
outputs = { self, nixpkgs, impermanence, ... }:
|
||||
{
|
||||
nixosConfigurations.workstation = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
overlay-unstable = final: prev: {
|
||||
unstable = import nixpkgs-unstable {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
user = "user"; # Select user from the `./users` directory
|
||||
in {
|
||||
# Media homeserver
|
||||
nixosConfigurations.homeserver = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = attrs;
|
||||
modules = [
|
||||
({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
./users/${user}.nix
|
||||
./systems/homeserver.nix
|
||||
];
|
||||
};
|
||||
|
||||
# dirae.org
|
||||
nixosConfigurations.dirae = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = attrs;
|
||||
modules = [
|
||||
({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
./users/${user}.nix
|
||||
./systems/dirae.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Debugging VM configuration
|
||||
nixosConfigurations.qemu-vm = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = attrs;
|
||||
modules = [
|
||||
({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
./users/${user}.nix
|
||||
./systems/qemu-vm.nix
|
||||
];
|
||||
};
|
||||
modules = [
|
||||
impermanence.nixosModules.impermanence
|
||||
./machines/workstation.nix
|
||||
./users/hu.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
91
machines/hardware/workstation.nix
Normal file
91
machines/hardware/workstation.nix
Normal file
|
@ -0,0 +1,91 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
mkdir /btrfs_tmp
|
||||
mount /dev/nvme0n1p2 /btrfs_tmp
|
||||
if [[ -e /btrfs_tmp/root ]]; then
|
||||
mkdir -p /btrfs_tmp/old_roots
|
||||
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
|
||||
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
|
||||
fi
|
||||
|
||||
delete_subvolume_recursively() {
|
||||
IFS=$'\n'
|
||||
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
|
||||
delete_subvolume_recursively "/btrfs_tmp/$i"
|
||||
done
|
||||
btrfs subvolume delete "$1"
|
||||
}
|
||||
|
||||
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
|
||||
delete_subvolume_recursively "$i"
|
||||
done
|
||||
|
||||
btrfs subvolume create /btrfs_tmp/root
|
||||
umount /btrfs_tmp
|
||||
'';
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" "compress=zstd" "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" "compress=zstd" "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" "compress=zstd" "noatime" ];
|
||||
};
|
||||
|
||||
fileSystems."/var/log" =
|
||||
{ device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=log" "compress=zstd" "noatime" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/A925-0013";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/media/vault" =
|
||||
{ device = "/dev/disk/by-uuid/048d175b-0e3e-4ec7-955b-3d9a45f9f237";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/media/attic" =
|
||||
{ device = "/dev/disk/by-uuid/ec32ce36-9f53-4f44-ac8f-2c9163f0b3d7";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp34s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
20
machines/persist/workstation.nix
Normal file
20
machines/persist/workstation.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, pkgs, impermanence, ... }:
|
||||
|
||||
{
|
||||
environment.persistence."/nix/persist" = {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/systemd/coredump"
|
||||
{
|
||||
directory = "/var/lib/colord";
|
||||
user = "colord";
|
||||
group = "colord";
|
||||
mode = "u=rwx,g=rx,o=";
|
||||
}
|
||||
];
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
];
|
||||
};
|
||||
}
|
81
machines/workstation.nix
Normal file
81
machines/workstation.nix
Normal file
|
@ -0,0 +1,81 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware/workstation.nix
|
||||
./persist/workstation.nix
|
||||
../wm/xmonad.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.supportedFilesystems = [ "btrfs" "xfs" ];
|
||||
|
||||
networking = {
|
||||
hostName = "workstation";
|
||||
enableIPv6 = false;
|
||||
nameservers = [ "1.1.1.1" ];
|
||||
defaultGateway = "192.168.2.1";
|
||||
interfaces.enp34s0.ipv4.addresses = [{
|
||||
address = "192.168.2.68";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
useXkbConfig = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
hardware = {
|
||||
opengl = {
|
||||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
nvidia = {
|
||||
modesetting.enable = true;
|
||||
nvidiaSettings = true;
|
||||
open = false;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.production;
|
||||
};
|
||||
};
|
||||
|
||||
programs.mtr.enable = true;
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa = {
|
||||
enable = true;
|
||||
support32Bit = true;
|
||||
};
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
# Todo: Move these packages out in the correct files.
|
||||
environment.systemPackages = with pkgs; [
|
||||
fastfetch
|
||||
neovim
|
||||
firefox
|
||||
rofi
|
||||
wget
|
||||
unzip
|
||||
git
|
||||
tree
|
||||
];
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.akkoma = {
|
||||
enable = true;
|
||||
|
||||
config = {
|
||||
":pleroma" = {
|
||||
":instance" = {
|
||||
name = "Dirae";
|
||||
description = "This server uses NixOS btw";
|
||||
email = "caem@dirae.org";
|
||||
registration_open = false;
|
||||
};
|
||||
|
||||
"Pleroma.Upload".filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
|
||||
"Pleroma.Upload.Filter.Exiftool"
|
||||
"Pleroma.Upload.Filter.Dedupe"
|
||||
"Pleroma.Upload.Filter.AnonymizeFilename"
|
||||
];
|
||||
};
|
||||
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
url.host = "social.dirae.org";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.deluge = {
|
||||
enable = true;
|
||||
user = "media";
|
||||
declarative = true;
|
||||
dataDir = "/mnt/mass/Services/Deluge";
|
||||
authFile = "/mnt/mass/Services/Deluge/auth";
|
||||
|
||||
config = {
|
||||
download_location = "/mnt/mass/Torrents/incomplete";
|
||||
move_completed_path = "/mnt/mass/Torrents";
|
||||
move_completed = true;
|
||||
listen_random_port = false;
|
||||
outgoing_interface = "wg0";
|
||||
listen_interface = "wg0";
|
||||
allow_remote = true;
|
||||
listen_ports = [ 57597 ];
|
||||
max_active_seeding = -1;
|
||||
max_active_downloading = 5;
|
||||
max_active_limit = -1;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 57597 58846 ];
|
||||
}
|
|
@ -1,72 +0,0 @@
|
|||
{ pkgs, config, lib, ... }: let
|
||||
# theme = builtins.fetchurl {
|
||||
# url = "";
|
||||
# sha256 = "";
|
||||
# };
|
||||
in
|
||||
{
|
||||
# systemd.services.gitea.preStart = lib.mkAfter ''
|
||||
# mkdir -p ${config.services.gitea.stateDir}/custom/public/css
|
||||
# cp -f ${theme} ${config.services.gitea.stateDir}/custom/public/css/
|
||||
# '';
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
package = pkgs.forgejo;
|
||||
|
||||
appName = "git.dirae.org";
|
||||
settings = {
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
};
|
||||
|
||||
server = {
|
||||
DOMAIN = "git.dirae.org";
|
||||
ROOT_URL = "https://git.dirae.org";
|
||||
HTTP_PORT = 3001;
|
||||
};
|
||||
|
||||
"ui" = {
|
||||
THEMES = ''
|
||||
forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green
|
||||
'';
|
||||
DEFAULT_THEME = "forgejo-dark";
|
||||
};
|
||||
|
||||
"ui.user" = {
|
||||
REPO_PAGING_NUM = 50;
|
||||
};
|
||||
|
||||
"ui.meta" = {
|
||||
AUTHOR = "dirae.org Forgejo instance";
|
||||
DESCRIPTION = "Forgejo instance hosting git repositories for dirae.org";
|
||||
KEYWORDS = "go,git,self-hosted,gitea,forgejo,foss,oss,decentrialised,federation";
|
||||
};
|
||||
|
||||
"repository" = {
|
||||
DEFAULT_BRANCH = "master";
|
||||
DISABLE_STARS = true;
|
||||
ENABLE_PUSH_CREATE_USER = true;
|
||||
DEFAULT_REPO_UNITS = ''
|
||||
repo.code,repo.releases,repo.issues,repo.pulls
|
||||
'';
|
||||
PREFERRED_LICENSES="GPL-3.0-or-later,AGPL-3.0-or-later";
|
||||
};
|
||||
};
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
passwordFile = "/var/keys/gitea/db";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
authentication = ''
|
||||
local gitea all ident map=gitea-users
|
||||
'';
|
||||
identMap = ''
|
||||
gitea-users gitea gitea
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
host = "gitlab.dirae.org";
|
||||
|
||||
# Server is running on limited budet :,)
|
||||
# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
|
||||
puma.workers = 0;
|
||||
puma.threadsMax = 1;
|
||||
|
||||
user = "gitlab";
|
||||
group = "gitlab";
|
||||
|
||||
https = true;
|
||||
databasePasswordFile = "/var/keys/gitlab/db_password";
|
||||
initialRootPasswordFile = "/var/keys/gitlab/root_password";
|
||||
secrets = {
|
||||
dbFile = "/var/keys/gitlab/db";
|
||||
secretFile = "/var/keys/gitlab/secret";
|
||||
otpFile = "/var/keys/gitlab/otp";
|
||||
jwsFile = "/var/keys/gitlab/jws";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
{ simple-mailserver, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
simple-mailserver.nixosModule
|
||||
];
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "dirae.org";
|
||||
domains = [ "dirae.org" ];
|
||||
|
||||
loginAccounts = {
|
||||
"caem@dirae.org" = {
|
||||
hashedPasswordFile = "/nix/config/packages/mailserver/pw";
|
||||
|
||||
aliases = [
|
||||
"admin@dirae.org"
|
||||
"postmaser@dirae.org"
|
||||
"legal@dirae.org"
|
||||
"contact@dirae.org"
|
||||
"dmca@dirae.org"
|
||||
"pt@dirae.org"
|
||||
"cali@dirae.org"
|
||||
"abuse@dirae.org"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Managed in configuration for nginx
|
||||
certificateScheme = "acme";
|
||||
};
|
||||
}
|
|
@ -1,61 +0,0 @@
|
|||
{ ... }:
|
||||
let
|
||||
fqdn = "dirae.org";
|
||||
serverConfig."m.server" = "dirae.org:443";
|
||||
mkWellKnown = data: ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
in {
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "caem@dirae.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts = {
|
||||
"caem.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
root = "/var/www/caem";
|
||||
};
|
||||
};
|
||||
|
||||
"dirae.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
root = "/var/www/dirae";
|
||||
};
|
||||
locations."/.well-known/matrix/server".extraConfig = ''
|
||||
return 200 '{"m.server": "dirae.org:443"}';
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
|
||||
|
||||
};
|
||||
|
||||
"git.dirae.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:3001";
|
||||
};
|
||||
|
||||
# "gitlab.dirae.org" = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
user = "media";
|
||||
virtualHosts."192.168.2.69" = {
|
||||
root = "/mnt/mass/Torrents";
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
ChallengeResponseAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
};
|
||||
};
|
||||
|
||||
users.users."user".openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnopPaLuQT4+5LzqiBM4JfdRamzArszOrfoDy96KpQL9jeZQhT4E7LE63tySza4auJyTkFcnfGEQQaAlCUYTVvWrvB6l2nG7mVZ5Cr0YvQ1U9AY+1OPE5wCSDUk9zaUm3ldWgUWRA/MyGtzm3kQ+ZtYIOqtvF6Ki5vPRYl+QR0cjThw5Sr/99sTqZwgmbPoAkLXnioSI+oOgV6H8M9XCuvwmlm6YKfBrjTQltj93GpSf24Lf9YaFc51Auao78AfOof/EtGWlcBrvfdjaS/scxSmHO9r/AShV/BEVboG+89i+Qia67cATGIwDLB6HZO1dO5qTSImzcQ/QnFW1E0IGZy3LvKd/FT8QCpHjDtPlsxWwIuTgyLD3c9OZTTA8w619QBKic3KEhuRkhuwOqSPgpvgkK8hS91gr8spL+6U4Bdgo8gZH14kj7ZhiNsIur0Chj/X1uCHGXEHhlV4ky2XAxhGSSr9fy06w4uPsIXGnSufm8jbBAhYDrNzaod2Q/73VE= user@workstation"
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql.initialScript = pkgs.writeText "synapse-init" ''
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings.server_name = "dirae.org";
|
||||
|
||||
settings.listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../users/media.nix
|
||||
];
|
||||
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
user = "media";
|
||||
dataDir = "/mnt/mass";
|
||||
configDir = "/mnt/mass/Services/Syncthing";
|
||||
guiAddress = "0.0.0.0:8384";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8384 22000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.variables = { EDITOR = "vim"; };
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
((vim_configurable.override { }).customize{
|
||||
name = "vim";
|
||||
|
||||
vimrcConfig.packages.plugins = with pkgs.vimPlugins; {
|
||||
start = [ vim-nix ];
|
||||
opt = [];
|
||||
};
|
||||
|
||||
vimrcConfig.customRC = ''
|
||||
syntax on
|
||||
set tabstop=4
|
||||
set shiftwidth=4 smarttab
|
||||
set expandtab
|
||||
set noswapfile
|
||||
set incsearch
|
||||
set noerrorbells
|
||||
set smartindent
|
||||
set number
|
||||
set relativenumber
|
||||
set nobackup
|
||||
set scrolloff=8
|
||||
set sidescrolloff=8
|
||||
set fileencoding='utf-8'
|
||||
set nohlsearch
|
||||
'';
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
address = [ "10.174.110.32/32" ];
|
||||
dns = [ "10.128.0.1" ];
|
||||
mtu = 1320;
|
||||
privateKeyFile = "/nix/config/packages/wireguard/privkey";
|
||||
|
||||
# Route local traffic through local network
|
||||
preUp = ''
|
||||
${pkgs.unixtools.route}/bin/route add -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1
|
||||
'';
|
||||
postDown = ''
|
||||
${pkgs.unixtools.route}/bin/route del -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1
|
||||
'';
|
||||
|
||||
peers = [{
|
||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||
presharedKeyFile = "/nix/config/packages/wireguard/privpsk";
|
||||
allowedIPs = [ "0.0.0.0/0" ];
|
||||
endpoint = "nl.vpn.airdns.org:1637";
|
||||
persistentKeepalive = 15;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 1637 ];
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
htop
|
||||
wget
|
||||
curl
|
||||
git
|
||||
tree
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
# Common configuration for all systems
|
||||
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
nix = {
|
||||
settings.auto-optimise-store = true;
|
||||
|
||||
# Clean generations older than a week
|
||||
gc = {
|
||||
automatic = false; # Flip this to do it automatically
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
./hardware/dirae.nix
|
||||
# ./persist/dirae.nix
|
||||
../sets/meta/sysadmin.nix
|
||||
../packages/vim/package.nix
|
||||
../packages/sshd/package.nix
|
||||
../packages/mailserver/package.nix
|
||||
../packages/nginx/dirae.nix
|
||||
../packages/forgejo/dirae.nix
|
||||
../packages/synapse/package.nix
|
||||
../packages/akkoma/package.nix
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
device = "/dev/vda";
|
||||
};
|
||||
};
|
||||
|
||||
kernel = {
|
||||
sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "dirae";
|
||||
enableIPv6 = false;
|
||||
hostId = "149e5b5c";
|
||||
interfaces = {
|
||||
enp6s18.ipv4.addresses = [{
|
||||
address = "91.210.224.148";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
defaultGateway = "91.210.224.1";
|
||||
firewall = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# To not mess up SSH sessions from weird terminals
|
||||
environment.sessionVariables = {
|
||||
TERM = "xterm";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
{ lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.kernelParams = [ "nohibernate" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.zfs.devNodes = "/dev/disk/by-path";
|
||||
|
||||
# Will enable this later when everything is stable
|
||||
# boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
# zfs rollback -r local/root@blank
|
||||
# '';
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "local/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/B33B-0EBE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "local/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/a2a0b9a3-52c9-4eb6-b03b-bcbbae0547a3"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
zfs rollback -r local/root@blank
|
||||
'';
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "local/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/5C0E-1600";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "local/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/mnt/mass" = {
|
||||
device = "/dev/disk/by-uuid/f04baac4-40a9-4115-b09d-83b252ee69ad";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
{lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
zfs rollback -r local/root@blank
|
||||
'';
|
||||
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.zfs.devNodes = "/dev/disk/by-path";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "local/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/1FD8-C4B8";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "local/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
./hardware/homeserver.nix
|
||||
./persist/common.nix
|
||||
../sets/meta/sysadmin.nix
|
||||
../packages/vim/package.nix
|
||||
../packages/nginx/homeserver.nix
|
||||
../packages/syncthing/homeserver.nix
|
||||
../packages/wireguard/package.nix
|
||||
../packages/deluge/homeserver.nix
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
};
|
||||
grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
device = "nodev";
|
||||
};
|
||||
};
|
||||
|
||||
kernel = {
|
||||
sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "homeserver";
|
||||
enableIPv6 = false;
|
||||
hostId = "95f846dc";
|
||||
interfaces = {
|
||||
eno1.ipv4.addresses = [{
|
||||
address = "192.168.2.69";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
defaultGateway = "192.168.2.1";
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 ];
|
||||
};
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
console.keyMap = "uk";
|
||||
|
||||
# To not mess up SSH sessions from weird terminals
|
||||
environment.sessionVariables = {
|
||||
TERM = "xterm";
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ impermanence, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
impermanence.nixosModules.impermanence
|
||||
];
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
"/etc/ssh"
|
||||
"/var/lib"
|
||||
];
|
||||
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
{ impermanence, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
impermanence.nixosModules.impermanence
|
||||
];
|
||||
|
||||
environment.persistence."/nix/persist" = {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/spool"
|
||||
{ directory = "/var/dkim"; user = "opendkim";
|
||||
group = "opendkim"; mode = "u=rwx,g=rx,o=rx"; }
|
||||
{ directory = "/var/sieve"; user = "virtualMail";
|
||||
group = "virtualMail"; mode = "u=rwx,g=rwx,o="; }
|
||||
{ directory = "/var/vmail"; user = "virtualMail";
|
||||
group = "virtualMail"; mode = "u=rwx,g=rws,o="; }
|
||||
"/etc/dovecot"
|
||||
"/etc/pki"
|
||||
"/etc/ssh"
|
||||
{ directory = "/var/lib/acme"; user = "acme";
|
||||
group = "acme"; mode = "u=rwx,g=rx,o=rx"; }
|
||||
{ directory = "/var/lib/opendkim"; user = "opendkim";
|
||||
group = "opendkim"; mode = "u=rwx,g=,o="; }
|
||||
"/var/lib/postfix"
|
||||
"/var/log"
|
||||
];
|
||||
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware/qemu-vm.nix
|
||||
../sets/meta/sysadmin.nix
|
||||
../packages/vim/package.nix
|
||||
./common.nix
|
||||
./persist/common.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
networking.hostId = "e78229f8";
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
}
|
17
users/hu.nix
Normal file
17
users/hu.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
programs.zsh.enable = true;
|
||||
environment.variables = {
|
||||
ZDOTDIR = "${config.users.users.hu.home}/.config/zsh";
|
||||
};
|
||||
|
||||
users.users.hu = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = "/nix/config/secrets/hu/pass";
|
||||
};
|
||||
|
||||
# Todo: home-manager configuration
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
users.users.media = {
|
||||
isNormalUser = true;
|
||||
description = "media";
|
||||
};
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
{ }
|
|
@ -1,20 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
users.users.user = {
|
||||
isNormalUser = true;
|
||||
passwordFile = "/nix/config/pw"; # mkpasswd in config dir
|
||||
description = "user";
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"audio"
|
||||
"video"
|
||||
"docker"
|
||||
"podman"
|
||||
"networkmanager"
|
||||
"kvm"
|
||||
"libvirt"
|
||||
"plugdev"
|
||||
];
|
||||
};
|
||||
}
|
29
wm/xmonad.nix
Normal file
29
wm/xmonad.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
xmobar
|
||||
flameshot
|
||||
rofi
|
||||
feh
|
||||
kitty
|
||||
pavucontrol
|
||||
picom
|
||||
];
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
xkb = {
|
||||
layout = "de";
|
||||
options = "eurosign:e";
|
||||
};
|
||||
|
||||
windowManager.xmonad = {
|
||||
enable = true;
|
||||
enableContribAndExtras = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Todo: Get gnome-keyring working properly
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
}
|
Loading…
Reference in a new issue