Initial commit

2023-07-08 17:57:32 -05:00 · 2023-07-08 17:57:32 -05:00 · cc27b61995
commit cc27b61995
9 changed files with 441 additions and 0 deletions
--- a/README.org
+++ b/README.org
@ -0,0 +1,3 @@
+* Declare all the things! for my server
+
+NixOS configuration for my server.
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,54 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+{...}: {
+  imports = [
+    <home-manager/nixos>
+    ./environment
+    ./hardware
+    ./home-manager
+    ./lxd
+    ./networking
+    ./users
+    ./zfs
+  ];
+
+  # Boot settings
+  boot.loader.grub.device = "/dev/nvme0n1";
+  boot.supportedFilesystems = ["zfs"];
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Chicago";
+  time.hardwareClockInLocalTime = true;
+
+  # Nix daemon config
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      trusted-users = ["root" "jas"];
+      experimental-features = ["nix-command" "flakes"];
+      keep-outputs = true;
+      keep-derivations = true;
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+  };
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}
--- a/environment/default.nix
+++ b/environment/default.nix
@ -0,0 +1,79 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  services.openssh = {
+    enable = lib.mkDefault true;
+    settings = {PasswordAuthentication = lib.mkDefault true;};
+    settings.X11Forwarding = true;
+  };
+
+  environment.shells = [pkgs.bashInteractive pkgs.zsh];
+
+  programs.zsh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    alejandra
+    autossh
+    bat-extras.batdiff
+    bat-extras.batgrep
+    bat-extras.batman
+    bat-extras.batwatch
+    bat-extras.prettybat
+    btop
+    charm
+    coreutils
+    deadnix
+    du-dust
+    duf
+    exa
+    fd
+    git
+    jq
+    killall
+    ldns
+    libnotify
+    lnav
+    lsof
+    nix-diff
+    nix-doc
+    nix-du
+    nix-tree
+    nmap
+    pinentry
+    prettyping
+    ranger
+    ripgrep
+    skate
+    starship
+    statix
+    trash-cli
+    unzip
+    vim
+    wget
+    zip
+  ];
+
+  programs.atop = {
+    enable = true;
+    atopacctService.enable = true;
+    atopService.enable = true;
+    atopRotateTimer.enable = true;
+  };
+
+  services.clamav = {
+    updater.enable = true;
+    daemon.enable = true;
+  };
+
+  services.rsyslogd = {
+    enable = true;
+    extraConfig = "*.* @10.0.0.27:514";
+  };
+
+  services.tuptime = {
+    enable = true;
+    timer.enable = true;
+  };
+}
--- a/hardware/default.nix
+++ b/hardware/default.nix
@ -0,0 +1,108 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "thunderbolt" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "rpool/nixos/root";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "bpool/nixos/root";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home" = {
+    device = "rpool/nixos/home";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib" = {
+    device = "rpool/nixos/var/lib";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/log" = {
+    device = "rpool/nixos/var/log";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot/efis/nvme-Samsung_SSD_980_PRO_1TB_S5P2NL0W208007T-part1" = {
+    device = "systemd-1";
+    fsType = "autofs";
+  };
+
+  fileSystems."/var/lib/lxcfs" = {
+    device = "lxcfs";
+    fsType = "fuse.lxcfs";
+  };
+
+  fileSystems."/var/lib/lxd/shmounts" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+  };
+
+  fileSystems."/var/lib/lxd/devlxd" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+  };
+
+  fileSystems."/si-pool" = {
+    device = "si-pool";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/alpine-transmission" = {
+    device = "si-pool/lxd/containers/alpine-transmission";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/debian-archive" = {
+    device = "si-pool/lxd/containers/debian-archive";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/debian-serv" = {
+    device = "si-pool/lxd/containers/debian-serv";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/ubuntu-mastodon" = {
+    device = "si-pool/lxd/containers/ubuntu-mastodon";
+    fsType = "zfs";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.lxdbr0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.veth37df7998.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethab9cc8bd.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethd1c7a35e.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethd8ee61b3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp10s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  services.system76-scheduler.enable = true;
+  hardware.system76.power-daemon.enable = true;
+}
--- a/home-manager/default.nix
+++ b/home-manager/default.nix
@ -0,0 +1,79 @@
+{config, ...}: {
+  home-manager.useUserPackages = true;
+  home-manager.useGlobalPkgs = true;
+  home-manager.users.jas = {pkgs, ...}: {
+    home.packages = with pkgs; [
+      diff-so-fancy
+      gcc
+      glow
+      gnumake
+      gum
+      httpie
+      hyperfine
+      pass
+      python3Full
+      rustup
+      shellcheck
+      shfmt
+      stow
+      tealdeer
+      w3m
+      zsh-nix-shell
+    ];
+
+    home = {
+      username = "jas";
+      homeDirectory = "/home/jas";
+      stateVersion = "23.05";
+    };
+
+    programs.git = {
+      enable = true;
+      userEmail = "23226432+hyperreal64@users.noreply.github.com";
+      userName = "Jeffrey Serio";
+      extraConfig = {
+        safe.directory = "/etc/nixos";
+        core = {
+          editor = "vim";
+          pager = "diff-so-fancy | less --tabs=4 -RFX";
+        };
+        init.defaultBranch = "main";
+        pull.rebase = true;
+      };
+    };
+
+    programs.gpg = {
+      enable = true;
+      settings = {
+        default-key = "0x9129BD07C3509CED";
+        no-emit-version = true;
+        no-comments = true;
+        display-charset = "utf-8";
+        keyid-format = "0xlong";
+        with-fingerprint = true;
+        use-agent = true;
+      };
+    };
+
+    services.gpg-agent = {
+      enable = true;
+      defaultCacheTtl = 1800;
+      enableSshSupport = true;
+    };
+
+    programs.fzf = {
+      enable = true;
+      defaultCommand = "fd --type f";
+    };
+
+    programs.bat = {
+      enable = true;
+      config = {
+        pager = "less -FR";
+        theme = "Catppuccin-Mocha";
+      };
+    };
+
+    manual.json.enable = true;
+  };
+}
--- a/lxd/default.nix
+++ b/lxd/default.nix
@ -0,0 +1,7 @@
+{
+  virtualisation.lxc.lxcfs.enable = true;
+  virtualisation.lxd.enable = true;
+  users.users.jas = {
+    extraGroups = ["lxd"];
+  };
+}
--- a/networking/default.nix
+++ b/networking/default.nix
@ -0,0 +1,20 @@
+{
+  # Hostname
+  networking.hostName = "evergloam";
+
+  # NetworkManager
+  networking.networkmanager.enable = true;
+
+  # firewall config
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [22 4444 8000 9000 9999 35353 35354];
+  };
+
+  networking.hosts = {
+    "10.0.0.27" = ["logs.local"];
+    "10.0.0.159" = ["truenas.local"];
+    "10.0.0.223" = ["soft-serve.local"];
+  };
+}
--- a/users/default.nix
+++ b/users/default.nix
@ -0,0 +1,29 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  users.users = {
+    root.shell = pkgs.zsh;
+    jas = {
+      description = "Jeffrey Serio";
+      isNormalUser = true;
+      shell = pkgs.zsh;
+    };
+  };
+
+  security.sudo = {
+    enable = lib.mkDefault true;
+    extraRules = [
+      {
+        users = ["jas"];
+        commands = [
+          {
+            command = "ALL";
+            options = ["SETENV" "NOPASSWD"];
+          }
+        ];
+      }
+    ];
+  };
+}
--- a/zfs/default.nix
+++ b/zfs/default.nix
@ -0,0 +1,62 @@
+{
+  networking.hostId = "1eceb95c";
+
+  services.znapzend = {
+    enable = true;
+    autoCreation = true;
+    zetup = {
+      "rpool/nixos" = {
+        enable = true;
+        plan = "1y=>1d";
+        recursive = false;
+        destinations.remote = {
+          host = "root@truenas.local";
+          dataset = "nas/nexus";
+        };
+      };
+
+      "si-pool/lxd/containers/debian-archive" = {
+        enable = true;
+        plan = "1y=>1d";
+        recursive = false;
+        destinations.remote = {
+          host = "root@truenas.local";
+          dataset = "nas/debian-archive";
+        };
+      };
+
+      "si-pool/lxd/containers/debian-serv" = {
+        enable = true;
+        plan = "1y=>1d";
+        recursive = false;
+        destinations.remote = {
+          host = "root@truenas.local";
+          dataset = "nas/debian-serv";
+        };
+      };
+
+      "si-pool/lxd/containers/ubuntu-mastodon" = {
+        enable = true;
+        plan = "1y=>1d";
+        recursive = false;
+        destinations.remote = {
+          host = "root@truenas.local";
+          dataset = "nas/ubuntu-mastodon";
+        };
+      };
+    };
+  };
+
+  services.zfs.autoScrub.enable = true;
+
+  services.sanoid = {
+    enable = true;
+    datasets.rpool = {
+      hourly = 24;
+      daily = 7;
+      weekly = 4;
+      monthly = 12;
+      recursive = true;
+    };
+  };
+}