mirror of
https://github.com/librephoenix/nixos-config
synced 2025-01-19 07:05:51 +05:30
Compare commits
6 commits
4015df2e40
...
4f676b1057
Author | SHA1 | Date | |
---|---|---|---|
4f676b1057 | |||
f569de894e | |||
4dbeccd818 | |||
2d4a3c65b0 | |||
3eb87c59f2 | |||
16b832d5f0 |
12
README.org
12
README.org
|
@ -21,11 +21,19 @@ Using this I have [[./themes][55+ themes]] (I add more sometimes) I can switch b
|
||||||
** Install
|
** Install
|
||||||
I wrote some reinstall notes for myself [[./install.org][here (install.org)]].
|
I wrote some reinstall notes for myself [[./install.org][here (install.org)]].
|
||||||
|
|
||||||
TLDR: You should™ be able to install my dotfiles to an existing UEFI NixOS system with the following script:
|
TLDR: You should™ be able to install my dotfiles to a fresh UEFI NixOS system with the following script:
|
||||||
#+begin_src sh :noeval
|
#+begin_src sh :noeval
|
||||||
nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
|
nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
This will clone my dotfiles to =~/.dotfiles=, and switch into both the system and home-manager configurations. Right now it only works on UEFI, and only if your EFI partition is "/boot" (which is what NixOS sets up by default on UEFI). I will try to expand this at some point, but for now, that's all it is!
|
||||||
|
|
||||||
|
Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
|
||||||
|
|
||||||
|
Disclaimer: If you install or copy my =homelab= or =worklab= profiles, /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
|
||||||
|
- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
|
||||||
|
- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
|
||||||
|
|
||||||
** Modules
|
** Modules
|
||||||
Separate Nix files can be imported as modules using an import block:
|
Separate Nix files can be imported as modules using an import block:
|
||||||
#+BEGIN_SRC nix
|
#+BEGIN_SRC nix
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
profile = "personal"; # select a profile defined from my profiles directory
|
profile = "personal"; # select a profile defined from my profiles directory
|
||||||
timezone = "America/Chicago"; # select timezone
|
timezone = "America/Chicago"; # select timezone
|
||||||
locale = "en_US.UTF-8"; # select locale
|
locale = "en_US.UTF-8"; # select locale
|
||||||
|
bootMode = "uefi"; # uefi or bios
|
||||||
};
|
};
|
||||||
|
|
||||||
# ----- USER SETTINGS ----- #
|
# ----- USER SETTINGS ----- #
|
||||||
|
|
14
harden.sh
14
harden.sh
|
@ -19,11 +19,13 @@ else
|
||||||
dotfilesDir=$(pwd);
|
dotfilesDir=$(pwd);
|
||||||
fi
|
fi
|
||||||
pushd $dotfilesDir &> /dev/null;
|
pushd $dotfilesDir &> /dev/null;
|
||||||
chown -R root:root system;
|
chown 0:0 .;
|
||||||
chown -R root:root patches;
|
chown 0:0 profiles/*;
|
||||||
chown root:root flake.lock;
|
chown -R 0:0 system;
|
||||||
chown root:root flake.nix
|
chown -R 0:0 patches;
|
||||||
chown root:root profiles/*/configuration.nix;
|
chown 0:0 flake.lock;
|
||||||
|
chown 0:0 flake.nix
|
||||||
|
chown 0:0 profiles/*/configuration.nix;
|
||||||
|
chown 0:0 harden.sh;
|
||||||
chown 1000:users **/README.org;
|
chown 1000:users **/README.org;
|
||||||
chown root:root harden.sh;
|
|
||||||
popd &> /dev/null;
|
popd &> /dev/null;
|
||||||
|
|
40
install.org
40
install.org
|
@ -1,7 +1,7 @@
|
||||||
#+title: Install
|
#+title: Install
|
||||||
#+author: Emmet
|
#+author: Emmet
|
||||||
|
|
||||||
These are just some simple install notes for myself (in-case I have to reinstall unexpectedly).
|
These are just some simple install notes for myself (in-case I have to reinstall unexpectedly). You could also use these to try out my config in a VM.
|
||||||
|
|
||||||
** Automated Install Script (Experimental)
|
** Automated Install Script (Experimental)
|
||||||
*** Install Directly From Git
|
*** Install Directly From Git
|
||||||
|
@ -9,21 +9,21 @@ I wrote a quick automated install script at [[./install.sh][install.sh]]. It ess
|
||||||
|
|
||||||
I'll eventually™ add the ability to supply arguments to this script as well.
|
I'll eventually™ add the ability to supply arguments to this script as well.
|
||||||
|
|
||||||
The quickest way to install is running the install script directly from the remote git repo using =nix-run=, which is essentially just one of the following:
|
The quickest way to install is running the install script directly from the remote git repo using =nix run=, which is essentially just one of the following:
|
||||||
#+BEGIN_SRC sh :noeval
|
#+BEGIN_SRC sh :noeval
|
||||||
# Install from gitlab
|
# Install from gitlab
|
||||||
nix-run gitlab:librephoenix/nixos-config
|
nix run gitlab:librephoenix/nixos-config
|
||||||
|
|
||||||
# Or install from github
|
# Or install from github
|
||||||
nix-run github:librephoenix/nixos-config
|
nix run github:librephoenix/nixos-config
|
||||||
|
|
||||||
# Or install from codeberg
|
# Or install from codeberg
|
||||||
nix-run git+https://codeberg.org/librephoenix/nixos-config
|
nix run git+https://codeberg.org/librephoenix/nixos-config
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
The script will ask for sudo permissions at certain points, /but you should not run the script as root/.
|
The script will ask for sudo permissions at certain points, /but you should not run the script as root/.
|
||||||
|
|
||||||
If the above =nix-run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
|
If the above =nix run= command gives you an error, odds are you either don't have =git= installed, or you haven't enabled the experimental features in your Nix config (=nix-command= and =flakes=). To get the command to install properly, you can first enter a shell with =git= available using:
|
||||||
#+begin_src sh :noeval
|
#+begin_src sh :noeval
|
||||||
nix-shell -p git
|
nix-shell -p git
|
||||||
#+end_src
|
#+end_src
|
||||||
|
@ -34,11 +34,19 @@ nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-comma
|
||||||
|
|
||||||
And if you want a single copy-paste solution:
|
And if you want a single copy-paste solution:
|
||||||
#+begin_src sh :noeval
|
#+begin_src sh :noeval
|
||||||
nix-shell -p git --command "nix-run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
|
nix-shell -p git --command "nix run gitlab:librephoenix/nixos-config --extra-experimental-features nix-command --extra-experimental-features flakes"
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
This will clone my dotfiles to =~/.dotfiles=, and switch into both the system and home-manager configurations. Right now it only works on UEFI, and only if your EFI partition is "/boot" (which is what NixOS sets up by default on UEFI). I will try to expand this at some point, but for now, that's all it is!
|
||||||
|
|
||||||
At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
|
At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
|
||||||
|
|
||||||
|
Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
|
||||||
|
|
||||||
|
Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
|
||||||
|
- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
|
||||||
|
- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
|
||||||
|
|
||||||
*** Install From Local Git Clone
|
*** Install From Local Git Clone
|
||||||
The dotfiles can be installed after cloning the repo into =~/.dotfiles= using:
|
The dotfiles can be installed after cloning the repo into =~/.dotfiles= using:
|
||||||
#+BEGIN_SRC sh :noeval
|
#+BEGIN_SRC sh :noeval
|
||||||
|
@ -46,7 +54,13 @@ git clone https://gitlab.com/librephoenix/nixos-config.git ~/.dotfiles
|
||||||
~/.dotfiles/install.sh
|
~/.dotfiles/install.sh
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
At a certain point in the install script it will open =nano= (or whatever your $EDITOR is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
|
At a certain point in the install script it will open =nano= (or whatever your =$EDITOR= is set to) and ask you to edit the =flake.nix=. You can edit as much or as little of the config variables as you like, and it will continue the install after you exit the editor.
|
||||||
|
|
||||||
|
Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
|
||||||
|
|
||||||
|
Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
|
||||||
|
- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
|
||||||
|
- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
|
||||||
|
|
||||||
*** Automatic Install Script Limitations
|
*** Automatic Install Script Limitations
|
||||||
At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :(
|
At this time, this only works on an existing NixOS install. It also only works if the dotfiles are cloned into =~/.dotfiles=. It also only works on UEFI, not on BIOS :(
|
||||||
|
@ -55,6 +69,7 @@ Future upgrade plans:
|
||||||
- [ ] Be able to install directly from NixOS iso
|
- [ ] Be able to install directly from NixOS iso
|
||||||
- [ ] Be able to install just home-manager config to a non-NixOS Linux distro
|
- [ ] Be able to install just home-manager config to a non-NixOS Linux distro
|
||||||
- [ ] Be able to detect UEFI or BIOS and switch config as needed
|
- [ ] Be able to detect UEFI or BIOS and switch config as needed
|
||||||
|
- [ ] Be able to detect EFI mount point for systemd-boot?
|
||||||
- [ ] ??? (open up an issue if you think there is anything else I should try to figure out)
|
- [ ] ??? (open up an issue if you think there is anything else I should try to figure out)
|
||||||
|
|
||||||
** Manual Install Procedure
|
** Manual Install Procedure
|
||||||
|
@ -84,6 +99,12 @@ let
|
||||||
|
|
||||||
There are many more config options there that you may also want to change as well.
|
There are many more config options there that you may also want to change as well.
|
||||||
|
|
||||||
|
Note: If you're installing this to a VM, Hyprland won't work unless 3D acceleration is enabled.
|
||||||
|
|
||||||
|
Disclaimer: If you install my =homelab= or =worklab= profiles /CHANGE THE PUBLIC SSH KEYS UNLESS YOU WANT ME TO BE ABLE TO SSH INTO YOUR SERVER. YOU CAN CHANGE OR REMOVE THE SSH KEY IN THE RELEVANT CONFIGURATION.NIX/:
|
||||||
|
- [[./profiles/homelab/configuration.nix][configuration.nix]] for homelab profile
|
||||||
|
- [[./profiles/worklab/configuration.nix][configuration.nix]] for worklab profile
|
||||||
|
|
||||||
*** Rebuild and Switch System Config
|
*** Rebuild and Switch System Config
|
||||||
Once the variables are set, then switch into the system configuration by running:
|
Once the variables are set, then switch into the system configuration by running:
|
||||||
#+BEGIN_SRC sh :noeval
|
#+BEGIN_SRC sh :noeval
|
||||||
|
@ -112,3 +133,6 @@ No. You can put them in literally any directory you want. I just prefer to use =
|
||||||
|
|
||||||
*** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
|
*** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
|
||||||
If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].
|
If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].
|
||||||
|
|
||||||
|
*** I installed this to a VM and when I log in, it crashes and sends me back to the login manager (SDDM)?
|
||||||
|
Enable 3D acceleration for your virtual machine. Hyprland doesn't work without it.
|
||||||
|
|
20
install.sh
20
install.sh
|
@ -2,15 +2,35 @@
|
||||||
|
|
||||||
# Automated script to install my dotfiles
|
# Automated script to install my dotfiles
|
||||||
|
|
||||||
|
# Clone dotfiles
|
||||||
nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles"
|
nix-shell -p git --command "git clone https://gitlab.com/librephoenix/nixos-config ~/.dotfiles"
|
||||||
|
|
||||||
|
# Generate hardware config for new system
|
||||||
sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix
|
sudo nixos-generate-config --show-hardware-config > ~/.dotfiles/system/hardware-configuration.nix
|
||||||
|
|
||||||
|
# Check if uefi or bios
|
||||||
|
if [ -d /sys/firmware/efi/efivars ]; then
|
||||||
|
sed -i "0,/bootMode.*=.*\".*\";/s//bootMode = \"uefi\";/" ~/.dotfiles/flake.nix
|
||||||
|
else
|
||||||
|
sed -i "0,/bootMode.*=.*\".*\";/s//bootMode = \"bios\";/" ~/.dotfiles/flake.nix
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Patch flake.nix with different username/name and remove email by default
|
||||||
sed -i "0,/emmet/s//$(whoami)/" ~/.dotfiles/flake.nix
|
sed -i "0,/emmet/s//$(whoami)/" ~/.dotfiles/flake.nix
|
||||||
sed -i "0,/Emmet/s//$(getent passwd $(whoami) | cut -d ':' -f 5 | cut -d ',' -f 1)/" ~/.dotfiles/flake.nix
|
sed -i "0,/Emmet/s//$(getent passwd $(whoami) | cut -d ':' -f 5 | cut -d ',' -f 1)/" ~/.dotfiles/flake.nix
|
||||||
sed -i "s/emmet@librephoenix.com//" ~/.dotfiles/flake.nix
|
sed -i "s/emmet@librephoenix.com//" ~/.dotfiles/flake.nix
|
||||||
|
|
||||||
|
# Open up editor to manually edit flake.nix before install
|
||||||
if [ -z "$EDITOR" ]; then
|
if [ -z "$EDITOR" ]; then
|
||||||
EDITOR=nano;
|
EDITOR=nano;
|
||||||
fi
|
fi
|
||||||
$EDITOR ~/.dotfiles/flake.nix;
|
$EDITOR ~/.dotfiles/flake.nix;
|
||||||
|
|
||||||
|
# Rebuild system
|
||||||
sudo nixos-rebuild switch --flake ~/.dotfiles#system;
|
sudo nixos-rebuild switch --flake ~/.dotfiles#system;
|
||||||
|
|
||||||
|
# Install and build home-manager configuration
|
||||||
nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
|
nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
|
||||||
|
|
||||||
|
# Permissions for files that should be owned by root
|
||||||
sudo ~/.dotfiles/harden.sh ~/.dotfiles;
|
sudo ~/.dotfiles/harden.sh ~/.dotfiles;
|
||||||
|
|
83
profiles/homelab/base.nix
Normal file
83
profiles/homelab/base.nix
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
{ lib, pkgs, systemSettings, userSettings, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ ../../system/hardware-configuration.nix
|
||||||
|
../../system/hardware/time.nix # Network time sync
|
||||||
|
../../system/security/doas.nix
|
||||||
|
../../system/security/gpg.nix
|
||||||
|
( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
|
||||||
|
];
|
||||||
|
|
||||||
|
# Fix nix path
|
||||||
|
nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||||||
|
"nixos-config=$HOME/dotfiles/system/configuration.nix"
|
||||||
|
"/nix/var/nix/profiles/per-user/root/channels"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Ensure nix flakes are enabled
|
||||||
|
nix.package = pkgs.nixFlakes;
|
||||||
|
nix.extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
|
||||||
|
# I'm sorry Stallman-taichou
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
# Kernel modules
|
||||||
|
boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
|
||||||
|
|
||||||
|
# Bootloader
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.efi.efiSysMountPoint = "/boot";
|
||||||
|
|
||||||
|
# Networking
|
||||||
|
networking.hostName = systemSettings.hostname; # Define your hostname.
|
||||||
|
networking.networkmanager.enable = true; # Use networkmanager
|
||||||
|
|
||||||
|
# Timezone and locale
|
||||||
|
time.timeZone = systemSettings.timezone; # time zone
|
||||||
|
i18n.defaultLocale = systemSettings.locale;
|
||||||
|
i18n.extraLocaleSettings = {
|
||||||
|
LC_ADDRESS = systemSettings.locale;
|
||||||
|
LC_IDENTIFICATION = systemSettings.locale;
|
||||||
|
LC_MEASUREMENT = systemSettings.locale;
|
||||||
|
LC_MONETARY = systemSettings.locale;
|
||||||
|
LC_NAME = systemSettings.locale;
|
||||||
|
LC_NUMERIC = systemSettings.locale;
|
||||||
|
LC_PAPER = systemSettings.locale;
|
||||||
|
LC_TELEPHONE = systemSettings.locale;
|
||||||
|
LC_TIME = systemSettings.locale;
|
||||||
|
};
|
||||||
|
|
||||||
|
# User account
|
||||||
|
users.users.${userSettings.username} = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = userSettings.name;
|
||||||
|
extraGroups = [ "networkmanager" "wheel" ];
|
||||||
|
packages = with pkgs; [];
|
||||||
|
uid = 1000;
|
||||||
|
};
|
||||||
|
|
||||||
|
# System packages
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
zsh
|
||||||
|
git
|
||||||
|
rclone
|
||||||
|
rdiff-backup
|
||||||
|
cryptsetup
|
||||||
|
gocryptfs
|
||||||
|
];
|
||||||
|
|
||||||
|
# I use zsh btw
|
||||||
|
environment.shells = with pkgs; [ zsh ];
|
||||||
|
users.defaultUserShell = pkgs.zsh;
|
||||||
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
|
# It is ok to leave this unchanged for compatibility purposes
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
}
|
|
@ -1,85 +1,9 @@
|
||||||
{ lib, pkgs, systemSettings, userSettings, ... }:
|
{ userSettings, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ ./base.nix
|
||||||
[ ../../system/hardware-configuration.nix
|
( import ../../system/security/sshd.nix {
|
||||||
../../system/hardware/time.nix # Network time sync
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"];
|
||||||
../../system/security/doas.nix
|
inherit userSettings; })
|
||||||
../../system/security/gpg.nix
|
|
||||||
../../system/security/sshd.nix
|
|
||||||
( import ../../system/app/docker.nix {storageDriver = "btrfs"; inherit userSettings pkgs lib;} )
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Fix nix path
|
|
||||||
nix.nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
|
||||||
"nixos-config=$HOME/dotfiles/system/configuration.nix"
|
|
||||||
"/nix/var/nix/profiles/per-user/root/channels"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Ensure nix flakes are enabled
|
|
||||||
nix.package = pkgs.nixFlakes;
|
|
||||||
nix.extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
|
|
||||||
# I'm sorry Stallman-taichou
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# Kernel modules
|
|
||||||
boot.kernelModules = [ "i2c-dev" "i2c-piix4" ];
|
|
||||||
|
|
||||||
# Bootloader
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
|
||||||
|
|
||||||
# Networking
|
|
||||||
networking.hostName = systemSettings.hostname; # Define your hostname.
|
|
||||||
networking.networkmanager.enable = true; # Use networkmanager
|
|
||||||
|
|
||||||
# Timezone and locale
|
|
||||||
time.timeZone = systemSettings.timezone; # time zone
|
|
||||||
i18n.defaultLocale = systemSettings.locale;
|
|
||||||
i18n.extraLocaleSettings = {
|
|
||||||
LC_ADDRESS = systemSettings.locale;
|
|
||||||
LC_IDENTIFICATION = systemSettings.locale;
|
|
||||||
LC_MEASUREMENT = systemSettings.locale;
|
|
||||||
LC_MONETARY = systemSettings.locale;
|
|
||||||
LC_NAME = systemSettings.locale;
|
|
||||||
LC_NUMERIC = systemSettings.locale;
|
|
||||||
LC_PAPER = systemSettings.locale;
|
|
||||||
LC_TELEPHONE = systemSettings.locale;
|
|
||||||
LC_TIME = systemSettings.locale;
|
|
||||||
};
|
|
||||||
|
|
||||||
# User account
|
|
||||||
users.users.${userSettings.username} = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = userSettings.name;
|
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
|
||||||
packages = with pkgs; [];
|
|
||||||
uid = 1000;
|
|
||||||
};
|
|
||||||
|
|
||||||
# System packages
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
zsh
|
|
||||||
git
|
|
||||||
rclone
|
|
||||||
rdiff-backup
|
|
||||||
cryptsetup
|
|
||||||
gocryptfs
|
|
||||||
cryfs
|
|
||||||
];
|
|
||||||
|
|
||||||
# I use zsh btw
|
|
||||||
environment.shells = with pkgs; [ zsh ];
|
|
||||||
users.defaultUserShell = pkgs.zsh;
|
|
||||||
programs.zsh.enable = true;
|
|
||||||
|
|
||||||
# It is ok to leave this unchanged for compatibility purposes
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,9 +46,10 @@
|
||||||
boot.kernelModules = [ "i2c-dev" "i2c-piix4" "cpufreq_powersave" ];
|
boot.kernelModules = [ "i2c-dev" "i2c-piix4" "cpufreq_powersave" ];
|
||||||
|
|
||||||
# Bootloader
|
# Bootloader
|
||||||
boot.loader.systemd-boot.enable = true;
|
# Use systemd-boot if uefi, default to grub otherwise
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.systemd-boot.enable = if (systemSettings.bootMode == "uefi") then true else false;
|
||||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
boot.loader.efi.canTouchEfiVariables = if (systemSettings.bootMode == "uefi") then true else false;
|
||||||
|
boot.loader.efi.efiSysMountPoint = "/boot"; # does nothing if running bios rather than uefi
|
||||||
|
|
||||||
# Networking
|
# Networking
|
||||||
networking.hostName = systemSettings.hostname; # Define your hostname.
|
networking.hostName = systemSettings.hostname; # Define your hostname.
|
||||||
|
|
3
profiles/worklab/README.org
Normal file
3
profiles/worklab/README.org
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#+title: Worklab Template
|
||||||
|
|
||||||
|
This is literally just my homelab configuration, but setup to work with the ssh keys on my work computer. Used for small servers at work.
|
10
profiles/worklab/configuration.nix
Normal file
10
profiles/worklab/configuration.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ userSettings, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ../homelab/base.nix
|
||||||
|
( import ../../system/security/sshd.nix {
|
||||||
|
# TODO add public ssh key for worklab
|
||||||
|
authorizedKeys = [ ];
|
||||||
|
inherit userSettings; })
|
||||||
|
];
|
||||||
|
}
|
5
profiles/worklab/home.nix
Normal file
5
profiles/worklab/home.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ../homelab/home.nix ];
|
||||||
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
"virbr0"
|
"virbr0"
|
||||||
];
|
];
|
||||||
enable = true;
|
enable = true;
|
||||||
qemuRunAsRoot = false;
|
qemu.runAsRoot = false;
|
||||||
};
|
};
|
||||||
boot.extraModulePackages = with config.boot.kernelPackages; [ virtualbox ];
|
boot.extraModulePackages = with config.boot.kernelPackages; [ virtualbox ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# Enable printing
|
# Enable printing
|
||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
services.avahi.enable = true;
|
services.avahi.enable = true;
|
||||||
services.avahi.nssmdns = true;
|
services.avahi.nssmdns4 = true;
|
||||||
services.avahi.openFirewall = true;
|
services.avahi.openFirewall = true;
|
||||||
environment.systemPackages = [ pkgs.cups-filters ];
|
environment.systemPackages = [ pkgs.cups-filters ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ userSettings, ... }:
|
{ userSettings, authorizedKeys ? [], ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# Enable incoming ssh
|
# Enable incoming ssh
|
||||||
|
@ -10,7 +10,5 @@
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users.users.${userSettings.username}.openssh.authorizedKeys.keys = [
|
users.users.${userSettings.username}.openssh.authorizedKeys.keys = authorizedKeys;
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaeejVJwUVrIZSo1isbu+gkQ7+8ftCgCsczy3OclkEVWHyRTqlG6yp74hr3j8ZNsOhov7c2Q6RqC8oy669hlxi/y9BsvtlI7sBr94oAKFOmkCS4RiK72ngJjBvI0vbk89wQQjmAd3r8B7ZcedpNOC8CkHu8SebKdYPRIUvAbPc3fTEt7DsJkazAepZCB8LEhUp57FAqQ/Ezlt3X/1uwNq5S0EbE9Zm+nUpEfSqR9apY2neKWLyGiCxpK3dzyNOuulCxvtVz+ie2sTk/6SxM+qWEoVVxhdwyxPihEjgC0EvtG0S5mVh5JmcjRkJOzzBHJuw+6r8yWn/AxGdIsoJ4rKNxH1XH1iLHgCraOLOUjUNlmejTcQPu6o92a79fdz2gCHT/BuIjfCW7MErAC3YSmF45TSur/kiWCBaTqYo06pgbQ3w1vKg7fievQlQzsutmg47RvJp6fb74yxuOdVg39cShQu/l8r6zqm21JAeUaaIp4P/0MrAIMOOVUhbK0QgsNElO4yn0ZKH8wGIF8xORh7ikxUIAyq8C41gjJiO2sAFJc3M8DhduQU3X0lHB7U0Qyu+8ZXn05+zdFPXJ73LKc7DCcLkppRXJsdHLSDEFdWqFnV7o08B4qZkPMT4pmvhwhY0Pf1fwavOqxuTstzw18gUGyQzl0foQi0Qrmdazsp2Qw== emmet@snowfire"
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
# Fonts are nice to have
|
# Fonts are nice to have
|
||||||
fonts.fonts = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
# Fonts
|
# Fonts
|
||||||
(nerdfonts.override { fonts = [ "Inconsolata" ]; })
|
(nerdfonts.override { fonts = [ "Inconsolata" ]; })
|
||||||
powerline
|
powerline
|
||||||
|
|
|
@ -23,9 +23,11 @@
|
||||||
# Configure xwayland
|
# Configure xwayland
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
xkb = {
|
||||||
layout = "us";
|
layout = "us";
|
||||||
xkbVariant = "";
|
variant = "";
|
||||||
xkbOptions = "caps:escape";
|
options = "caps:escape";
|
||||||
|
};
|
||||||
displayManager.sddm = {
|
displayManager.sddm = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wayland.enable = true;
|
wayland.enable = true;
|
||||||
|
|
|
@ -7,5 +7,6 @@
|
||||||
programs.git.userEmail = userSettings.email;
|
programs.git.userEmail = userSettings.email;
|
||||||
programs.git.extraConfig = {
|
programs.git.extraConfig = {
|
||||||
init.defaultBranch = "main";
|
init.defaultBranch = "main";
|
||||||
|
safe.directory = "/home/" + userSettings.username + "/.dotfiles";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -260,7 +260,7 @@
|
||||||
|
|
||||||
'';
|
'';
|
||||||
xwayland = { enable = true; };
|
xwayland = { enable = true; };
|
||||||
systemdIntegration = true;
|
systemd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
|
|
Loading…
Reference in a new issue