kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor stuff

Browse Source
This commit is contained in:
Kopatz
2024-07-23 22:17:45 +02:00
parent 9f5c6af72d
commit c304dad5c5
11 changed files with 50 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
flake.nix
View File

@@ -39,6 +39,15 @@
let let
inherit (self) outputs; inherit (self) outputs;
system = "x86_64-linux"; system = "x86_64-linux";
overlays = { outputs, ... }: {
nixpkgs.overlays = with outputs.overlays; [
additions
modifications
unstable-packages
stable-packages
nur.overlay
];
};
# helper function to create a machine # helper function to create a machine
mkHost = { modules, specialArgs ? { mkHost = { modules, specialArgs ? {
pkgsVersion = nixpkgs-unstable; pkgsVersion = nixpkgs-unstable;
@@ -50,15 +59,7 @@
modules = modules ++ [ modules = modules ++ [
./modules ./modules
agenix.nixosModules.default agenix.nixosModules.default
({ outputs, ... }: { overlays
nixpkgs.overlays = with outputs.overlays; [
additions
modifications
unstable-packages
stable-packages
nur.overlay
];
})
] ++ lib.lists.optionals (!minimal) ] ++ lib.lists.optionals (!minimal)
[ specialArgs.home-manager-version.nixosModules.home-manager ] [ specialArgs.home-manager-version.nixosModules.home-manager ]
++ lib.lists.optionals (!minimal && graphical) [ ++ lib.lists.optionals (!minimal && graphical) [
@@ -71,6 +72,21 @@
]; ];
specialArgs = specialArgs // { inherit inputs outputs; }; specialArgs = specialArgs // { inherit inputs outputs; };
}; };
mkStableServer = { modules, specialArgs ? {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
}, system ? "x86_64-linux", minimal ? false }:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
modules = modules ++ [
./modules
agenix.nixosModules.default
overlays
] ++ lib.lists.optionals (!minimal)
[ specialArgs.home-manager-version.nixosModules.home-manager ];
specialArgs = specialArgs // { inherit inputs outputs; };
};
in flake-utils.lib.eachDefaultSystem (system: { in flake-utils.lib.eachDefaultSystem (system: {
packages = packages =
import ./pkgs { pkgs = nixpkgs-unstable.legacyPackages.${system}; }; import ./pkgs { pkgs = nixpkgs-unstable.legacyPackages.${system}; };
@@ -79,21 +95,6 @@
overlays = import ./overlays.nix { inherit inputs; }; overlays = import ./overlays.nix { inherit inputs; };
nixosConfigurations = { nixosConfigurations = {
server = mkHost {
modules = [
./users/anon
./modules/collections/server.nix
./systems/server/configuration.nix
];
specialArgs = {
## Custom variables (e.g. ip, interface, etc)
vars = import ./systems/userdata-default.nix
// import ./systems/server/userdata.nix;
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
graphical = false;
};
};
"kop-pc" = mkHost { "kop-pc" = mkHost {
modules = [ ./users/kopatz ./systems/pc/configuration.nix ]; modules = [ ./users/kopatz ./systems/pc/configuration.nix ];
}; };
@@ -123,26 +124,13 @@
nixos-hardware.nixosModules.dell-xps-15-7590-nvidia nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
]; ];
}; };
"mini-pc" = mkHost { "mini-pc" = mkStableServer {
specialArgs = {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
graphical = false;
};
modules = [ ./users/anon ./systems/mini-pc/configuration.nix ]; modules = [ ./users/anon ./systems/mini-pc/configuration.nix ];
}; };
"mini-pc-proxmox" = mkHost { "mini-pc-proxmox" = mkStableServer {
specialArgs = {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
graphical = false;
};
modules = modules =
[ ./users/anon ./systems/mini-pc-proxmox/configuration.nix ]; [ ./users/anon ./systems/mini-pc-proxmox/configuration.nix ];
}; };
# build vm -> nixos-rebuild build-vm --flake .#vm
"vm" =
mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; };
"wsl" = mkHost { "wsl" = mkHost {
modules = [ modules = [
#"${nixpkgs}/nixos/modules/profiles/minimal.nix" #"${nixpkgs}/nixos/modules/profiles/minimal.nix"
@@ -154,7 +142,7 @@
}; };
#initial install done with nix run github:nix-community/nixos-anywhere/73a6d3fef4c5b4ab9e4ac868f468ec8f9436afa7 -- --flake .#adam-site root@<ip> #initial install done with nix run github:nix-community/nixos-anywhere/73a6d3fef4c5b4ab9e4ac868f468ec8f9436afa7 -- --flake .#adam-site root@<ip>
#update with nixos-rebuild switch --flake .#adam-site --target-host "root@<ip>" #update with nixos-rebuild switch --flake .#adam-site --target-host "root@<ip>"
"adam-site" = mkHost { "adam-site" = mkStableServer {
minimal = true; minimal = true;
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = { specialArgs = {
@@ -171,6 +159,8 @@
./systems/proxmox-test-vm/configuration.nix ./systems/proxmox-test-vm/configuration.nix
]; ];
}; };
# build vm -> nixos-rebuild build-vm --flake .#vm
"vm" = mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; };
}; };
}; };
} }

2
modules/collections/laptop.nix
View File

@@ -41,7 +41,7 @@
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [ "electron-28.3.3" ]; nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" "electron-28.3.3" ];
programs.firejail.wrappedBinaries = with pkgs; programs.firejail.wrappedBinaries = with pkgs;
let inherit (config.custom.misc.firejail) mk; let inherit (config.custom.misc.firejail) mk;
in lib.mkMerge [ in lib.mkMerge [

58
modules/collections/server.nix
View File

@@ -1,58 +0,0 @@
{pkgs, ...}:
{
imports = [
### Services ###
../services/adguard.nix
../services/github-runner.nix
../services/gitolite.nix
# wait for https://github.com/NixOS/nixpkgs/pull/300228
../services/grafana.nix
#../services/nextcloud.nix
#../services/samba.nix
../services/ssh.nix
../services/step-ca.nix
../services/syncthing.nix
#../services/syncthing.nix
../services/wireguard.nix
### Other Modules ###
#../games/palworld.nix
../backup.nix
../cron.nix
../fail2ban.nix
../firewall.nix
../git.nix
../hdd-spindown.nix
../fail2ban.nix
../logging.nix
../motd.nix
];
custom = {
cli-tools.enable = true;
tmpfs.enable = true;
static-ip = {
enable = true;
interface = "enp0s31f6";
ip = "192.168.0.6";
dns = "127.0.0.1";
};
nix = {
settings.enable = true;
};
services = {
acme.enable = true;
nginx.enable = true;
kavita = {
enable = true;
dir = "/mnt/1tbssd/kavita";
};
};
misc = {
docker.enable = true;
};
hardware = {
firmware.enable = true;
ssd.enable = true;
};
};
}

9
modules/firewall.nix
View File

@@ -1,9 +0,0 @@
{ config, pkgs, lib, inputs, vars, ... }:
let
allowedUDPPortRanges = vars.udpRanges;
in
{
networking.firewall.enable = true;
networking.firewall.allowedUDPPorts = [ 5000 ];
networking.firewall.allowedUDPPortRanges = allowedUDPPortRanges;
}

27
modules/hardware/nvidia.nix
View File

@@ -1,17 +1,26 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, inputs, pkgsVersion, ... }:
with lib;
let cfg = config.custom.hardware.nvidia; let cfg = config.custom.hardware.nvidia;
in { in {
options.custom.hardware.nvidia = { options.custom.hardware.nvidia = {
enable = mkEnableOption "Enables nvidia gpus"; enable = lib.mkEnableOption "Enables nvidia gpus";
}; };
config = mkIf cfg.enable { config = let
# Enable OpenGL # the option was renamed in unstable
hardware.graphics = { nvidiaOption =
enable = true; if (pkgsVersion == inputs.nixpkgs-unstable) then {
enable32Bit = true; hardware.graphics = {
}; enable = true;
enable32Bit = true;
};
} else {
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
in lib.mkIf cfg.enable nvidiaOption // {
boot.kernelParams = [ "nvidia-drm.fbdev=1" ]; boot.kernelParams = [ "nvidia-drm.fbdev=1" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = { hardware.nvidia = {

2
systems/laptop/configuration.nix
View File

@@ -16,7 +16,7 @@
hardware.bluetooth.enable = true; # enables support for Bluetooth hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
age.identityPaths = [ /home/kopatz/.ssh/id_ed25519 "/etc/ssh/ssh_host_ed25519_key" ]; age.identityPaths = [ "/home/kopatz/.ssh/id_ed25519" "/etc/ssh/ssh_host_ed25519_key" ];
mainUser.layout = "at"; mainUser.layout = "at";
mainUser.variant = ""; mainUser.variant = "";
# Bootloader. # Bootloader.

1
systems/mini-pc-proxmox/configuration.nix
View File

@@ -90,7 +90,6 @@
enable = true; enable = true;
basePath = "/data/synced"; basePath = "/data/synced";
}; };
terraria.enable = true;
}; };
nftables.enable = true; nftables.enable = true;
cli-tools.enable = true; cli-tools.enable = true;

94
systems/server/configuration.nix
View File

@@ -1,94 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }:
let
shash = pkgs.writeShellScriptBin "shash" ''
nix hash to-sri --type sha256 $(nix-prefetch-url ''$1)
'';
in{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.enableEmergencyMode = false;
networking.hostName = "server"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Vienna";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
#### Sound and printing ####
# Enable CUPS to print documents.
#services.printing.enable = true;
# Enable sound with pipewire.
#sound.enable = true;
#hardware.pulseaudio.enable = false;
#security.rtkit.enable = true;
#services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
#};
#### Packages ####
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
nixos-option
wget
vim
tcpdump
dig
inputs.agenix.packages."x86_64-linux".default
btop
shash
restic
hdparm
openssl
unstable.e2fsprogs
mangal
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

68
systems/server/hardware-configuration.nix
View File

@@ -1,68 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1af836fb-ffef-4362-84af-bcb24d4db068";
fsType = "ext4";
options = [
"defaults"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B9EB-F6A4";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/e4bf3959-4d3c-4980-82c1-c5ec2104ec93"; }
];
fileSystems."/mnt/2tb" =
{ device = "/dev/disk/by-uuid/99954059-3801-4abb-a536-0e7802a3e6b4";
fsType = "ext4";
options = ["defaults" "nofail"];
};
fileSystems."/mnt/1tb" =
{ device = "/dev/disk/by-uuid/fb0a94c2-95df-4f62-904e-695d372363e9";
fsType = "ext4";
options = ["defaults" "nofail"];
};
fileSystems."/mnt/250ssd" =
{ device = "/dev/disk/by-uuid/80163cf9-2030-4757-ada2-03db96184961";
fsType = "ext4";
options = ["defaults" "nofail" "noatime"];
};
fileSystems."/mnt/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = ["defaults" "nofail" "noatime"];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/server/userdata.nix
View File

@@ -1,13 +0,0 @@
{
interface = "enp0s31f6";
ipv4 = "192.168.0.6";
dns = "127.0.0.1";
wireguardIp = "192.168.2.1";
wm = "startplasma-x11";
udpRanges = [
#{
# from = 52000;
# to = 52100;
#}
];
}

1
systems/server/wg-publickey
View File

@@ -1 +0,0 @@
vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=