gwg313/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: major structural changes

Browse source 
git updates

update tmux conf

add ansible tools

squash me

squash

fix: get git aliases from plugin

virt stuff

add devenv

some virt updates

kubernetes
This commit is contained in:
Glen Goodwin 2023-11-22 16:33:30 -05:00
parent 2e8c1eec90
commit 2220c4e917
87 changed files with 1963 additions and 2261 deletions
Download patch file Download diff file Expand all files Collapse all files

0
hosts/thinkpad/auditd.nix → hosts/candlekeep/auditd.nix
View file

125
hosts/candlekeep/configuration.nix Normal file
View file

@ -0,0 +1,125 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
lib,
config,
pkgs,
user,
...
}: {
# You can import other NixOS modules here
imports = [
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
../../common/nixos/common.nix
../../common/networking/zerotier.nix
../../common/nixos/bluetooth.nix
../../common/gui/hyprland.nix
../../common/gui/thunar.nix
../../common/style/stylix.nix
../../common/virtualization/podman.nix
../../common/virtualization/kubernetes.nix
../../common/virtualization/libvirt.nix
./auditd.nix
./kernel.nix
./sysctl.nix
# Or modules from other flakes (such as nixos-hardware):
# inputs.hardware.nixosModules.common-cpu-amd
# inputs.hardware.nixosModules.common-ssd
inputs.nix-index-database.nixosModules.nix-index
inputs.stylix.nixosModules.stylix
# You can also split up your configuration and import pieces of it here:
# ./users.nix
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nix.nixPath = ["/etc/nix/path"];
environment.etc =
lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
networking.hostName = "candlekeep";
networking.networkmanager.enable = true;
boot.loader.systemd-boot.enable = true;
users.users = {
gwg313 = {
initialPassword = "correcthorsebatterystaple";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/cWqqTUuLswymQVh9rKdUWgMNNtZE6PwXMNUgD8/Zx gwg313"
];
extraGroups = ["wheel"];
};
};
# This setups a SSH server. Very important if you're setting up a headless system.
# Feel free to remove if you don't need it.
services.openssh = {
enable = true;
settings = {
# Forbid root login through SSH.
PermitRootLogin = "no";
# Use keys only. Remove if you want to SSH using password (not recommended)
PasswordAuthentication = false;
};
};
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then
exec Hyprland
fi
''; # Will automatically open Hyprland when logged into tty1
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
PAGER = "moar";
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
}

37
hosts/thinkpad/hardware-configuration.nix → hosts/candlekeep/hardware-configuration.nix
View file

@ -18,42 +18,20 @@
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/88ae54e9-a47f-4ef0-acae-256803662304";
device = "/dev/disk/by-uuid/58fedfa4-d796-4e8f-a79d-2aa6b0f51909";
fsType = "ext4";
};
fileSystems."/media" = {
device = "192.168.10.2:/mnt/tank/media";
fsType = "nfs";
options = ["x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90"];
};
boot.initrd.luks.devices."luks-d24cbf42-c364-49e5-b569-34accd6e46cb".device = "/dev/disk/by-uuid/d24cbf42-c364-49e5-b569-34accd6e46cb";
fileSystems."/books" = {
device = "192.168.10.2:/mnt/tank/books";
fsType = "nfs";
options = ["x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90"];
};
fileSystems."/music" = {
device = "192.168.10.2:/mnt/tank/music";
fsType = "nfs";
options = ["x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90"];
};
fileSystems."/projects" = {
device = "192.168.10.2:/mnt/tank/projects";
fsType = "nfs";
options = ["x-systemd.automount" "noauto" "x-systemd.after=network-online.target" "x-systemd.mount-timeout=90"];
};
boot.initrd.luks.devices."luks-9d4b251f-b7d5-4a28-8e5d-6df09b434e47".device = "/dev/disk/by-uuid/9d4b251f-b7d5-4a28-8e5d-6df09b434e47";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/C3A8-F13F";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9D09-4864";
fsType = "vfat";
};
swapDevices = [];
swapDevices = [
{device = "/dev/disk/by-uuid/0144132b-146b-4156-9518-67450854b736";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -62,6 +40,7 @@
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

0
hosts/thinkpad/kernel.nix → hosts/candlekeep/kernel.nix
View file

0
hosts/thinkpad/sysctl.nix → hosts/candlekeep/sysctl.nix
View file

140
hosts/configuration.nix
View file

@ -1,140 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
inputs,
...
}: {
imports =
(import ../modules/editors)
++ (import ../modules/shell);
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
nix.daemonCPUSchedPolicy = "idle";
networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Toronto";
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.glen = {
isNormalUser = true;
description = "Glen";
extraGroups = ["networkmanager" "wheel" "video" "docker" "audio"];
shell = pkgs.zsh; # Default shell
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# neovim
# kitty
# ];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
};
systemPackages = with pkgs; [
# Default packages installed system-wide
vim
git
killall
nano
pciutils
usbutils
wget
lsof
inputs.agenix.packages.${system}.agenix
];
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
programs.hyprland.enable = true;
# List services that you want to enable:
services.pipewire = {
# Sound
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = true;
# enable firewall and block all ports
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [];
networking.firewall.allowedUDPPorts = [];
# only members of wheel can interact with the nix daemon
nix.settings.allowed-users = ["@wheel"];
security.sudo.execWheelOnly = true;
# enable antivirus clamav and
# keep the signatures' database updated
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
}

35
hosts/default.nix
View file

@ -1,35 +0,0 @@
{
lib,
inputs,
system,
user,
...
}: {
thinkpad = lib.nixosSystem {
inherit system;
specialArgs = {
inherit user inputs system;
host = {
hostName = "thinkpad";
mainMonitor = "eDP-1";
# secondMonitor = "DP-1";
};
};
modules = [
./thinkpad
./configuration.nix
../modules/themes/home.nix
inputs.nix-index-database.nixosModules.nix-index
inputs.agenix.nixosModules.default
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit user inputs;};
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./thinkpad/home.nix)];
};
}
];
};
}

201
hosts/home.nix
View file

@ -1,201 +0,0 @@
{
config,
lib,
pkgs,
stable,
user,
devenv,
inputs,
...
}: {
imports =
# Home Manager Modules
[(import ../modules/shell/git/home.nix)]
++ [(import ../modules/programs/wofi.nix)]
++ [(import ../modules/programs/devenv/home.nix)]
++ [(import ../modules/programs/kitty.nix)]
++ [(import ../modules/shell/tmux/home.nix)]
++ [(import ../modules/shell/ranger/home.nix)]
++ [(import ../modules/themes/home.nix)]
++ [(import ../modules/programs/mako.nix)]
++ [(import ../modules/programs/alacritty.nix)]
++ [(import ../modules/programs/zathura.nix)]
++ [(import ../modules/desktop/gtk.nix)]
++ [(import ../modules/shell/zsh/home.nix)];
#Add support for ./local/bin
#home.sessionPath = [
#"$HOME/.local/bin"
#];
home = {
username = "${user}";
homeDirectory = "/home/${user}";
packages = with pkgs; [
inputs.neovim-config.packages.${system}.default
starship
pass
kicad
devbox
nix-prefetch-git
libnotify
element-desktop
nix-init
tor-browser-bundle-bin
nmap
dig
signal-desktop
viddy
# Terminal
htop
nitch # Minimal fetch
tldr # Helper
zellij # multiplexer
dog # dns tool
eza # better ls
bat # better cap
sd # simpler sed
fd # simpler find
xh
ncdu
duf
atuin
ranger
thefuck
hyperfine
procs
ripgrep
nerdfonts
pfetch
dbeaver
ansible
nixpkgs-fmt
zoxide
webcord
nfs-utils
keychain
slides
glow
entr
just
bandwhich
navi
git-crypt
# Video/Audio
feh # Image Viewer
#mpv # Media Player
pavucontrol # Audio Control
#plex-media-player # Media Player
vlc # Media Player
stremio # Media Streamer
# Apps
appimage-run # Runs AppImages on NixOS
firefox # Browser
google-chrome # Browser
remmina # XRDP & VNC Client
anki
obsidian
# File Management
gnome.file-roller # Archive Manager
okular # PDF Viewer
#pcmanfm # File Manager
p7zip # Zip Encryption
rsync # Syncer - $ rsync -r dir1/ dir2/
unzip # Zip Files
unrar # Rar Files
zip # Zip
# General configuration
#git # Repositories
#killall # Stop Applications
#nano # Text Editor
#pciutils # Computer Utility Info
#pipewire # Sound
#usbutils # USB Utility Info
#wacomtablet # Wacom Tablet
#wget # Downloader
#zsh # Shell
#
# General home-manager
#alacritty # Terminal Emulator
#dunst # Notifications
#doom emacs # Text Editor
#libnotify # Dependency for Dunst
#neovim # Text Editor
#rofi # Menu
#rofi-power-menu # Power Menu
#udiskie # Auto Mounting
#vim # Text Editor
#
# Xorg configuration
#xclip # Console Clipboard
#xorg.xev # Input Viewer
#xorg.xkill # Kill Applications
#xorg.xrandr # Screen Settings
#xterm # Terminal
#
# Xorg home-manager
#flameshot # Screenshot
#picom # Compositer
#sxhkd # Shortcuts
#
# Wayland configuration
#autotiling # Tiling Script
#grim # Image Grabber
#slurp # Region Selector
#swappy # Screenshot Editor
#swayidle # Idle Management Daemon
#wev # Input Viewer
#wl-clipboard # Console Clipboard
#wlr-randr # Screen Settings
#xwayland # X for Wayland
#
# Wayland home-manager
#mpvpaper # Video Wallpaper
#pamixer # Pulse Audio Mixer
swaybg # Background
#swaylock-fancy # Screen Locker
#waybar # Bar
#
# Desktop
#ansible # Automation
#blueman # Bluetooth
#deluge # Torrents
discord # Chat
#ffmpeg # Video Support (dslr)
#gmtp # Mount MTP (GoPro)
#gphoto2 # Digital Photography
#handbrake # Encoder
#heroic # Game Launcher
#hugo # Static Website Builder
#lutris # Game Launcher
#mkvtoolnix # Matroska Tool
#plex-media-player# Media Player
#prismlauncher # MC Launcher
#steam # Games
#simple-scan # Scanning
#sshpass # Ansible dependency
#
# Laptop
#cbatticon # Battery Notifications
#blueman # Bluetooth
#light # Display Brightness
#libreoffice # Office Tools
#simple-scan # Scanning
#
# Flatpak
#obs-studio # Recording/Live Streaming
];
stateVersion = "22.05";
};
programs = {
home-manager.enable = true;
};
}

57
hosts/thinkpad/default.nix
View file

@ -1,57 +0,0 @@
{
config,
pkgs,
user,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
(import ../../modules/desktop/virtualisation/default.nix)
++ (import ../../modules/hardware/default.nix)
++
# (import ./auditd.nix) ++
[(import ./sysctl.nix)]
++ [(import ./kernel.nix)]
++ [(import ./auditd.nix)]
++ [(import ./openssh.nix)]
++ [(import ../../modules/programs/thunar.nix)]
++ [(import ../../modules/desktop/hyprland/default.nix)]; # Window Manager
hardware.sane = {
# Used for scanning with Xsane
enable = true;
extraBackends = [pkgs.sane-airscan];
};
environment = {
systemPackages = with pkgs; [
simple-scan
];
};
programs = {
# No xbacklight, this is the alterantive
dconf.enable = true;
light.enable = true;
command-not-found.enable = false;
nix-index-database.comma.enable = true;
};
services = {
tlp.enable = true; # TLP and auto-cpufreq for power management
#logind.lidSwitch = "ignore"; # Laptop does not go to sleep when lid is closed
auto-cpufreq.enable = true;
blueman.enable = true;
tailscale.enable = true;
};
networking.firewall.trustedInterfaces = ["tailscale0"];
#temporary bluetooth fix
systemd.tmpfiles.rules = [
"d /var/lib/bluetooth 700 root root - -"
];
systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

37
hosts/thinkpad/home.nix
View file

@ -1,37 +0,0 @@
{pkgs, ...}: {
imports = [
../../modules/shell/git/home.nix
../../modules/desktop/hyprland/home.nix
];
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
# programs = {
# alacritty.settings.font.size = 11;
# };
services = {
# Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
# cbatticon = {
# enable = true;
# criticalLevelPercent = 10;
# lowLevelPercent = 20;
# iconType = null;
# };
};
}

10
hosts/thinkpad/openssh.nix
View file

@ -1,10 +0,0 @@
{...}: {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
challengeResponseAuthentication = false;
PermitRootLogin = "no";
};
};
}