mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(auxin) changes

Browse source
This commit is contained in:
Mira 2024-07-31 13:40:07 -04:00
parent 4dd774316e
commit 9bacc4fb80
7 changed files with 279 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

211
auxin/configuration.nix
View file

@ -3,24 +3,69 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }: let
ports = [
22 # SSH
22000 # syncthing
2222 # Gitea SSH
2377
25565 # Minecraft
3001 # Gitea(->3000)
443 # HTTPS
445
7359 # jellyfin (dlna?)
7946
80 # HTTP
8080 # qbittorrent
8089 # traefik (->8080)
8096 # Jellyfin
8191 # flaresolverr
8420 # Website (->4321)
8842 # Crowdsec (-> 8842)
8888 # Kodi
9000 # Portainer (-> 9443)
2049 # NFS
4001 # Lockd
4002 # Mountd
];
in {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix # ./hardware-configuration.nix
]; ];
nixpkgs = {
# Use the systemd-boot EFI boot loader. config = {
boot.loader.systemd-boot.enable = true; allowUnfree = true;
boot.loader.efi.canTouchEfiVariables = true; kodi.enableAdvancedLauncher = true;
pulseaudio = true;
};
};
networking = { networking = {
hostName = "auxin"; # Define your hostname. # hostName = "auxin"; # Define your hostname.
nameservers = ["192.168.1.208"]; nameservers = ["192.168.1.207"];
networkmanager.enable = true; # Easiest to use and most distros use this by default.
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946]; allowedUDPPorts = ports;
allowedTCPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946]; allowedTCPPorts = ports;
};
bridges = {
"br0" = {
interfaces = [
"enp9s0"
"enp0s20f0u4"
];
};
};
interfaces.br0.ipv4.addresses = [
{
address = "192.168.1.153";
prefixLength = 24;
}
];
defaultGateway = {
address = "192.168.1.1";
}; };
}; };
@ -30,46 +75,15 @@
gcc gcc
go go
hyperfine hyperfine
sof-firmware
jellyfin-media-player jellyfin-media-player
kodiPackages.jellyfin
kodiPackages.steam-controller
lazydocker lazydocker
gamescope
lazygit lazygit
nil nil
nodePackages.nodejs nodePackages.nodejs
nodePackages.pnpm nodePackages.pnpm
python3
]; ];
services = {
k3s = {
enable = true;
role = "server";
token = "uwubernetes"; # TODO: change this
extraFlags = toString [
"--write-kubeconfig-mode \"0644\""
"--cluster-init"
# "--disable localstorage"
];
};
# Enable the X11 windowing system.
xserver = {
enable = true;
desktopManager.xfce.enable = false;
# Kodi
desktopManager.kodi.enable = true;
};
displayManager.sddm = {
enable = true;
settings = {
Autologin = {
Session = "kodi.desktop";
User = "mira";
};
};
};
};
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users = { users = {
users = { users = {
@ -92,11 +106,15 @@
}; };
}; };
}; };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs = { programs = {
steam = {
gamescopeSession.enable = true;
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
nh = { nh = {
enable = true; enable = true;
clean.enable = true; clean.enable = true;
@ -122,10 +140,72 @@
}; };
}; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services = { services = {
nfs.server = {
enable = true;
mountdPort = 4002;
lockdPort = 4001;
exports = ''
/raid/swarm 192.168.1.0/24(rw)
'';
};
gvfs.enable = true;
xrdp = {
enable = true;
openFirewall = true;
};
x2goserver.enable = true;
k3s = {
enable = false;
role = "server";
token = "uwubernetes"; # TODO: change this
extraFlags = toString [
"--write-kubeconfig-mode \"0644\""
"--cluster-init"
# "--disable localstorage"
];
};
# Enable the X11 windowing system.
xserver = {
enable = true;
desktopManager.xfce.enable = false;
# Kodi
desktopManager.kodi = {
enable = true;
package = pkgs.kodi.withPackages (pkgs:
with pkgs; [
jellyfin
jellycon
sendtokodi
sponsorblock
steam-library
youtube
libretro
libretro-mgba
steam-controller
steam-launcher
visualization-matrix
visualization-spectrum
visualization-waveform
inputstream-adaptive
]);
};
};
displayManager.sddm = {
enable = true;
settings = {
Autologin = {
Session = "kodi.desktop";
User = "mira";
};
};
};
btrbk = {}; # TODO:
caddy = {}; # TODO:
ceph = {}; # TODO:
fail2ban = { fail2ban = {
enable = true; enable = true;
ignoreIP = [ ignoreIP = [
@ -135,6 +215,10 @@
]; ];
bantime-increment.enable = true; bantime-increment.enable = true;
}; };
samba-wsdd = {
enable = true;
openFirewall = true;
};
# TODO: check security settings # TODO: check security settings
samba = { samba = {
enable = true; enable = true;
@ -146,6 +230,15 @@
}; };
}; };
}; };
pipewire = {
enable = false;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
audio.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
}; };
virtualisation.docker = { virtualisation.docker = {
storageDriver = "overlay2"; storageDriver = "overlay2";
@ -153,15 +246,11 @@
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
extraOptions = "--userns-remap=default"; extraOptions = "--userns-remap=default";
liveRestore = false; liveRestore = false; # NOTE: Incompatible with swarm
}; };
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# TODO: # TODO:
powerManagement.enable = false; powerManagement.enable = lib.mkForce false;
systemd = { systemd = {
targets = { targets = {
sleep.enable = false; sleep.enable = false;
@ -177,7 +266,7 @@
services = { services = {
"qbittorrent-healthcheck" = { "qbittorrent-healthcheck" = {
script = '' script = ''
${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent ${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -208,7 +297,9 @@
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix. # accidentally delete configuration.nix.
# system.copySystemConfiguration = true; system = {
# copySystemConfiguration = true; # NOTE: Doesn't work with flakes
system.stateVersion = "23.11"; # Don't fuck with this stateVersion = "23.11"; # NOTE: Don't fuck with this
};
} }

31
auxin/hardware-configuration.nix
View file

@ -12,11 +12,17 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; # Use the systemd-boot EFI boot loader.
boot.initrd.kernelModules = []; boot = {
boot.kernelModules = ["kvm-intel"]; loader = {
boot.extraModulePackages = []; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176"; device = "/dev/disk/by-uuid/b6931dc5-1ccb-4d81-abf6-38b6febc6176";
fsType = "btrfs"; fsType = "btrfs";
@ -58,13 +64,14 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true; networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
# networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true; # BTRFS scrub
# networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; services.btrfs.autoScrub.enable = true;
# networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp9s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = true;
pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired.
};
} }

36
common.nix
View file

@ -62,7 +62,7 @@ in {
openssh = { openssh = {
enable = true; enable = true;
settings = { settings = {
PermitRootLogin = "prohibit-password"; PermitRootLogin = lib.mkForce "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
allowSFTP = true; allowSFTP = true;
@ -80,19 +80,8 @@ in {
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
}; };
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# smartd # smartd
smartd.enable = true; smartd.enable = true;
# BTRFS scrub
btrfs.autoScrub.enable = true;
} }
# Mac Services # Mac Services
// lib.optionalAttrs ((builtins.match ".*-darwin" pkgs.stdenv.hostPlatform.system) // lib.optionalAttrs ((builtins.match ".*-darwin" pkgs.stdenv.hostPlatform.system)
@ -107,7 +96,7 @@ in {
mira = { mira = {
isNormalUser = true; isNormalUser = true;
group = "mira"; group = "mira";
extraGroups = ["wheel" "docker" "dockremap"]; extraGroups = ["wheel" "docker" "dockremap" "audio"];
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
tree tree
@ -139,24 +128,35 @@ in {
file file
fzf fzf
gdu gdu
git
hyfetch hyfetch
killall killall
lazygit
lsd lsd
mcfly mcfly
neovim neovim
nushell nushell
starship
ripgrep ripgrep
sheldon sheldon
starship
statix statix
tealdeer tealdeer
tmux
viddy viddy
wget wget
yazi
zoxide zoxide
zsh zsh
]; ];
programs = {
tmux.enable = true;
git = {
enable = true;
lfs.enable = true;
};
lazygit.enable = true;
yazi.enable = true;
zsh.enable = true;
thefuck.enable = true;
direnv.enable = true;
neovim.enable = true;
starship.enable = true;
fzf.fuzzyCompletion = true;
};
} }

48
flake.lock generated
View file

@ -155,11 +155,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1721108565, "lastModified": 1722232823,
"narHash": "sha256-/ZkI/yQtg3wg6GkLynAfsi6dy8cHzcOZWVBUl1muNbA=", "narHash": "sha256-TyBoea7IzssGHS/hn2qjqgHfrpRGdBwBj5JrzTk+LmE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "384c3d1c1e7ae21931b75c99a787d6af91cf7abb", "rev": "a53756a2ea77e55b662c68c9a6cf6472a10ae911",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -171,11 +171,11 @@
"neovim-src": { "neovim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1721082242, "lastModified": 1722175991,
"narHash": "sha256-qSsIx/IhwCBLxWJbOaHdOguz3UX05hBZViPfNLc0cmQ=", "narHash": "sha256-IlmC/5lLdIq+sLdTAPkSsVpnrMr6wOS79kXSXcowQII=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "c2b51e6c41c5230af21dc4d978e896ef9e8b922a", "rev": "5aa1a9532cbac835ad027ebdf04311c7e8fb7007",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,11 +189,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1721086468, "lastModified": 1722082646,
"narHash": "sha256-OF642LVDj5Icr0tXlY9P54vna4OP10IMhIhhiKwIRpw=", "narHash": "sha256-od8dBWVP/ngg0cuoyEl/w9D+TCNDj6Kh4tr151Aax7w=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "7522a30d328f885d20c2815bd05eb711bc69644c", "rev": "0413754b3cdb879ba14f6e96915e5fdf06c6aab6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,11 +204,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1720957393, "lastModified": 1722062969,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,11 +220,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1721016451, "lastModified": 1722141560,
"narHash": "sha256-Cypl9ORr5UjtBsbjXMTJRepTe362yNVrPrntUvHiTaw=", "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a14c5d651cee9ed70f9cd9e83f323f1e531002db", "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -236,11 +236,11 @@
}, },
"nixpkgs-darwin": { "nixpkgs-darwin": {
"locked": { "locked": {
"lastModified": 1721059467, "lastModified": 1722153173,
"narHash": "sha256-0Yx4eXowxw5TATf92DZu2qKbBYXPxYh849h9tL/TQR0=", "narHash": "sha256-S46RmS9WkBOTLORpnWsNth4Ae6TlfJS9TKXqB55YQy4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "be45415f0f321f030f8c76723fd15d4b0f3a02fb", "rev": "7bba2df68503b68634e0070483ddaf6d59dc6530",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -252,11 +252,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1721080040, "lastModified": 1722141560,
"narHash": "sha256-USDsS90/88RJibP3gEcH1AaVt+JpnX4XCUD9bAJP5I4=", "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b2c1f10bfbb3f617ea8e8669ac13f3f56ceb2ea2", "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -282,11 +282,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1720954236, "lastModified": 1722087241,
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "rev": "8c50662509100d53229d4be607f1a3a31157fa12",
"type": "github" "type": "github"
}, },
"original": { "original": {

32
flake.nix
View file

@ -31,6 +31,37 @@
overlays = [inputs.neovim-nightly-overlay.overlays.default]; overlays = [inputs.neovim-nightly-overlay.overlays.default];
in { in {
nixosConfigurations = { nixosConfigurations = {
auxin-iso = nixos-unstable.lib.nixosSystem {
modules = [
"${nixos-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
"${nixos-unstable}/nixos/modules/installer/cd-dvd/channel.nix"
./auxin/configuration.nix
./vm.nix
./common.nix
];
specialArgs = {
# inherit inputs;
meta = {
hostname = "auxin-iso";
};
};
};
auxin-vm = nixos-unstable.lib.nixosSystem {
modules = [
# "${nixos-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
# "${nixos-unstable}/nixos/modules/installer/cd-dvd/channel.nix"
"${nixos-unstable}/nixos/modules/virtualisation/virtualbox-image.nix"
./auxin/configuration.nix
./vm.nix
./common.nix
];
specialArgs = {
# inherit inputs;
meta = {
hostname = "auxin-vm";
};
};
};
auxin = nixos-unstable.lib.nixosSystem { auxin = nixos-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@ -38,6 +69,7 @@
}; };
modules = [ modules = [
./auxin/configuration.nix ./auxin/configuration.nix
./auxin/hardware-configuration.nix
./common.nix ./common.nix
]; ];
}; };

40
gastrin/hardware-configuration.nix
View file

@ -1,29 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/f7af4335-148b-4428-877e-9ab01095ac07"; device = "/dev/disk/by-uuid/f7af4335-148b-4428-877e-9ab01095ac07";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/5C76-EFCE"; device = "/dev/disk/by-uuid/5C76-EFCE";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

13
vm.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
meta,
...
}: {
nixpkgs.hostPlatform = "x86_64-linux";
users.users.nixosvmtest.isSystemUser = true;
users.users.nixosvmtest.initialPassword = "test";
users.users.nixosvmtest.group = "nixosvmtest";
users.groups.nixosvmtest = {};
}