diff --git a/nixos/machines/pc-mans/configuration.nix b/nixos/machines/pc-mans/configuration.nix index 488aa0e..84f2118 100644 --- a/nixos/machines/pc-mans/configuration.nix +++ b/nixos/machines/pc-mans/configuration.nix @@ -12,8 +12,9 @@ # You can also split up your configuration and import pieces of it here: # ./users.nix ./network.nix - ../../roles/desktop.nix + ../../roles/desktop.nix + ../../roles/base.nix ../../modules/nvidia.nix # Import home-manager's NixOS module @@ -23,25 +24,9 @@ ./hardware-configuration.nix ]; - nixpkgs = { - # You can add overlays here - overlays = [ - # If you want to use overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) - ]; - # Configure your nixpkgs instance - config = { - # Disable if you don't want unfree packages - allowUnfree = true; - }; - }; + displayManager.setupCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-4 --rate 144.00 --size 1920x1080 --right-of HDMI-0 --primary --output HDMI-0 --auto + ''; nix = { # This will add each flake input as a registry @@ -64,67 +49,22 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + networking.hostId = "b28f793f"; + # Setup keyfile boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; - # FIXME_: Add the rest of your current configuration - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "nl_NL.UTF-8"; - LC_IDENTIFICATION = "nl_NL.UTF-8"; - LC_MEASUREMENT = "nl_NL.UTF-8"; - LC_MONETARY = "nl_NL.UTF-8"; - LC_NAME = "nl_NL.UTF-8"; - LC_NUMERIC = "nl_NL.UTF-8"; - LC_PAPER = "nl_NL.UTF-8"; - LC_TELEPHONE = "nl_NL.UTF-8"; - LC_TIME = "nl_NL.UTF-8"; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - # jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # TODO_: Configure your system-wide user settings (groups, etc), add more users as needed. users.users = { - # FIXME_: Replace with your username mans = { - # TODO_: You can set an initial password for your user. - # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install. - # Be sure to change it (using passwd) after rebooting! isNormalUser = true; openssh.authorizedKeys.keys = [ # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect ]; - # TODO_: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc) extraGroups = [ "wheel" "networkmanager" ]; }; }; @@ -135,17 +75,6 @@ openssl ]; - # This setups a SSH server. Very important if you're setting up a headless system. - # Feel free to remove if you don't need it. - services.openssh = { - enable = true; - settings = { - # Forbid root login through SSH. - PermitRootLogin = "no"; - # Use keys only. Remove if you want to SSH using password (not recommended) - PasswordAuthentication = false; - }; - }; home-manager = { extraSpecialArgs = { inherit inputs; }; diff --git a/nixos/machines/pc-mans/network.nix b/nixos/machines/pc-mans/network.nix index d6b3c40..10205dd 100644 --- a/nixos/machines/pc-mans/network.nix +++ b/nixos/machines/pc-mans/network.nix @@ -10,10 +10,10 @@ networking.networkmanager.enable = true; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [ 22 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. - networking.firewall.enable = false; + # networking.firewall.enable = true; # Set the hostname diff --git a/nixos/machines/server01-home/configuration.nix b/nixos/machines/server01-home/configuration.nix new file mode 100644 index 0000000..0f5f52e --- /dev/null +++ b/nixos/machines/server01-home/configuration.nix @@ -0,0 +1,121 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) +# https://github.com/Misterio77/nix-starter-configs + +{ inputs, lib, config, pkgs, ... }: { + # You can import other NixOS modules here + imports = [ + # If you want to use modules from other flakes (such as nixos-hardware): + inputs.hardware.nixosModules.common-cpu-amd + + # You can also split up your configuration and import pieces of it here: + ./network.nix + ../../roles/server.nix + + # Import your generated (nixos-generate-config) hardware configuration + ./hardware-configuration.nix + ]; + + nixpkgs = { + # You can add overlays here + overlays = [ + # If you want to use overlays exported from other flakes: + # neovim-nightly-overlay.overlays.default + + # Or define it inline, for example: + # (final: prev: { + # hi = final.hello.overrideAttrs (oldAttrs: { + # patches = [ ./change-hello-to-hi.patch ]; + # }); + # }) + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + # This will add each flake input as a registry + # To make nix3 commands consistent with your flake + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # This will additionally add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Deduplicate and optimize nix store + auto-optimise-store = true; + }; + }; + + # TODO_: This is just an example, be sure to use whatever bootloader you prefer + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + + # Setup keyfile + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + # FIXME_: Add the rest of your current configuration + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "nl_NL.UTF-8"; + LC_IDENTIFICATION = "nl_NL.UTF-8"; + LC_MEASUREMENT = "nl_NL.UTF-8"; + LC_MONETARY = "nl_NL.UTF-8"; + LC_NAME = "nl_NL.UTF-8"; + LC_NUMERIC = "nl_NL.UTF-8"; + LC_PAPER = "nl_NL.UTF-8"; + LC_TELEPHONE = "nl_NL.UTF-8"; + LC_TIME = "nl_NL.UTF-8"; + }; + + # TODO_: Configure your system-wide user settings (groups, etc), add more users as needed. + users.users = { + # FIXME_: Replace with your username + adminmz = { + # TODO_: You can set an initial password for your user. + # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install. + # Be sure to change it (using passwd) after rebooting! + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDub2v/G51kGDqhQ4o7LN5ncq1oS0e14cjlibsPSfuPsGQBSFMojAUN8sYf43PrlzJs1nZsA3teF9SLmuWcyzcNXGKclhbj0AhN470l/G2SoEcIKDTgVJwNeQ7A/qzFSxmXIV7rmiPPADAyq0ykQA9MAD3f/+4KPiv3DgcU+9ZkSD1nbh4TGld44OLr70ozWBEdqlaUETIXKleEq/RbMcNi3YD89opafeeKpt6tMQydxcIFLUMimq3PiYVjJk4bypjB2r/jMAgnrE6nm96L8R8EZFMWsKpaL2s52NX90VIB69VMyQTdKdHEtxRWIwFR68E3YkYfyGZ5gyNIOaG4l0FyBVux21KxpR1kjhgm2JNw2moG0qwkpFI+Lu+3hqvUu0OM8otTpqGMWjTVs0yYsmIqwnEzEqAifdWxcLus6QLmz+61ajyQBlPBkJ6qFr9MhFvQOnuaUB461SkN/Rah3PU2wUSO9VvCcan2+l3M5zP2QJfPGfdS/mUHPuqCVzzXjNc=" + ]; + # TODO_: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc) + extraGroups = [ "wheel" "networkmanager" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + vim + ]; + + # This setups a SSH server. Very important if you're setting up a headless system. + # Feel free to remove if you don't need it. + services.openssh = { + enable = true; + settings = { + # Forbid root login through SSH. + PermitRootLogin = "no"; + # Use keys only. Remove if you want to SSH using password (not recommended) + PasswordAuthentication = false; + }; + }; + + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "23.05"; +} diff --git a/nixos/machines/server01-home/network.nix b/nixos/machines/server01-home/network.nix new file mode 100644 index 0000000..49aeebc --- /dev/null +++ b/nixos/machines/server01-home/network.nix @@ -0,0 +1,21 @@ +# networking.nix + +# Import the necessary modules +{ config, pkgs, ... }: + +{ + # Set the network interface configuration + # networking.interfaces.eth0.useDHCP = true; + + networking.networkmanager.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + + # Set the hostname + networking.hostName = "server01-home"; +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix new file mode 100644 index 0000000..8bf4cd2 --- /dev/null +++ b/nixos/modules/default.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./ssh.nix + ./i18n.nix + ]; +} diff --git a/nixos/modules/docker.nix b/nixos/modules/docker.nix new file mode 100644 index 0000000..a36cd3a --- /dev/null +++ b/nixos/modules/docker.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + virtualisation.docker.enable = true; +} diff --git a/nixos/modules/i18n.nix b/nixos/modules/i18n.nix new file mode 100644 index 0000000..554354c --- /dev/null +++ b/nixos/modules/i18n.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "nl_NL.UTF-8"; + LC_IDENTIFICATION = "nl_NL.UTF-8"; + LC_MEASUREMENT = "nl_NL.UTF-8"; + LC_MONETARY = "nl_NL.UTF-8"; + LC_NAME = "nl_NL.UTF-8"; + LC_NUMERIC = "nl_NL.UTF-8"; + LC_PAPER = "nl_NL.UTF-8"; + LC_TELEPHONE = "nl_NL.UTF-8"; + LC_TIME = "nl_NL.UTF-8"; + }; +} diff --git a/nixos/modules/i3.nix b/nixos/modules/i3.nix index 84affef..deb3e54 100644 --- a/nixos/modules/i3.nix +++ b/nixos/modules/i3.nix @@ -14,9 +14,6 @@ displayManager.lightdm.enable = true; displayManager.autoLogin.enable = true; displayManager.autoLogin.user = "mans"; - displayManager.setupCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-4 --rate 144.00 --size 1920x1080 --right-of HDMI-0 --primary --output HDMI-0 --auto - ''; windowManager.i3 = { enable = true; @@ -40,4 +37,3 @@ # nvidia-drm.modeset=1 is required for some wayland compositors, e.g. sway hardware.nvidia.modesetting.enable = true; } - diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix new file mode 100644 index 0000000..b95e0b5 --- /dev/null +++ b/nixos/modules/ssh.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + services.openssh = { + enable = true; + settings = { + # Forbid root login through SSH. + PermitRootLogin = "no"; + # Use keys only. Remove if you want to SSH using password (not recommended) + PasswordAuthentication = false; + }; + }; +} + diff --git a/nixos/roles/base.nix b/nixos/roles/base.nix index 420b5dc..9766e5f 100644 --- a/nixos/roles/base.nix +++ b/nixos/roles/base.nix @@ -2,11 +2,31 @@ { config, lib, pkgs, ... }: { imports = [ + ../modules ]; options = { }; config = { + nixpkgs = { + # You can add overlays here + overlays = [ + # If you want to use overlays exported from other flakes: + # neovim-nightly-overlay.overlays.default + + # Or define it inline, for example: + # (final: prev: { + # hi = final.hello.overrideAttrs (oldAttrs: { + # patches = [ ./change-hello-to-hi.patch ]; + # }); + # }) + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; }; } diff --git a/nixos/roles/desktop.nix b/nixos/roles/desktop.nix index 125f402..80687ba 100644 --- a/nixos/roles/desktop.nix +++ b/nixos/roles/desktop.nix @@ -8,5 +8,24 @@ }; config = { + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + # jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; }; }