Initial commit
This commit is contained in:
commit
cc27b61995
|
@ -0,0 +1,3 @@
|
|||
* Declare all the things! for my server
|
||||
|
||||
NixOS configuration for my server.
|
|
@ -0,0 +1,54 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||
{...}: {
|
||||
imports = [
|
||||
<home-manager/nixos>
|
||||
./environment
|
||||
./hardware
|
||||
./home-manager
|
||||
./lxd
|
||||
./networking
|
||||
./users
|
||||
./zfs
|
||||
];
|
||||
|
||||
# Boot settings
|
||||
boot.loader.grub.device = "/dev/nvme0n1";
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "America/Chicago";
|
||||
time.hardwareClockInLocalTime = true;
|
||||
|
||||
# Nix daemon config
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
trusted-users = ["root" "jas"];
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
keep-outputs = true;
|
||||
keep-derivations = true;
|
||||
};
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
# Copy the NixOS configuration file and link it from the resulting system
|
||||
# (/run/current-system/configuration.nix). This is useful in case you
|
||||
# accidentally delete configuration.nix.
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It's perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.openssh = {
|
||||
enable = lib.mkDefault true;
|
||||
settings = {PasswordAuthentication = lib.mkDefault true;};
|
||||
settings.X11Forwarding = true;
|
||||
};
|
||||
|
||||
environment.shells = [pkgs.bashInteractive pkgs.zsh];
|
||||
|
||||
programs.zsh.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
alejandra
|
||||
autossh
|
||||
bat-extras.batdiff
|
||||
bat-extras.batgrep
|
||||
bat-extras.batman
|
||||
bat-extras.batwatch
|
||||
bat-extras.prettybat
|
||||
btop
|
||||
charm
|
||||
coreutils
|
||||
deadnix
|
||||
du-dust
|
||||
duf
|
||||
exa
|
||||
fd
|
||||
git
|
||||
jq
|
||||
killall
|
||||
ldns
|
||||
libnotify
|
||||
lnav
|
||||
lsof
|
||||
nix-diff
|
||||
nix-doc
|
||||
nix-du
|
||||
nix-tree
|
||||
nmap
|
||||
pinentry
|
||||
prettyping
|
||||
ranger
|
||||
ripgrep
|
||||
skate
|
||||
starship
|
||||
statix
|
||||
trash-cli
|
||||
unzip
|
||||
vim
|
||||
wget
|
||||
zip
|
||||
];
|
||||
|
||||
programs.atop = {
|
||||
enable = true;
|
||||
atopacctService.enable = true;
|
||||
atopService.enable = true;
|
||||
atopRotateTimer.enable = true;
|
||||
};
|
||||
|
||||
services.clamav = {
|
||||
updater.enable = true;
|
||||
daemon.enable = true;
|
||||
};
|
||||
|
||||
services.rsyslogd = {
|
||||
enable = true;
|
||||
extraConfig = "*.* @10.0.0.27:514";
|
||||
};
|
||||
|
||||
services.tuptime = {
|
||||
enable = true;
|
||||
timer.enable = true;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,108 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["nvme" "thunderbolt" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "rpool/nixos/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "bpool/nixos/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "rpool/nixos/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib" = {
|
||||
device = "rpool/nixos/var/lib";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/log" = {
|
||||
device = "rpool/nixos/var/log";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot/efis/nvme-Samsung_SSD_980_PRO_1TB_S5P2NL0W208007T-part1" = {
|
||||
device = "systemd-1";
|
||||
fsType = "autofs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxcfs" = {
|
||||
device = "lxcfs";
|
||||
fsType = "fuse.lxcfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/shmounts" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/devlxd" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/si-pool" = {
|
||||
device = "si-pool";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/alpine-transmission" = {
|
||||
device = "si-pool/lxd/containers/alpine-transmission";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/debian-archive" = {
|
||||
device = "si-pool/lxd/containers/debian-archive";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/debian-serv" = {
|
||||
device = "si-pool/lxd/containers/debian-serv";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/lxd/storage-pools/lxd-pool/containers/ubuntu-mastodon" = {
|
||||
device = "si-pool/lxd/containers/ubuntu-mastodon";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.lxdbr0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.veth37df7998.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.vethab9cc8bd.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.vethd1c7a35e.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.vethd8ee61b3.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp10s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
services.system76-scheduler.enable = true;
|
||||
hardware.system76.power-daemon.enable = true;
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
{config, ...}: {
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.users.jas = {pkgs, ...}: {
|
||||
home.packages = with pkgs; [
|
||||
diff-so-fancy
|
||||
gcc
|
||||
glow
|
||||
gnumake
|
||||
gum
|
||||
httpie
|
||||
hyperfine
|
||||
pass
|
||||
python3Full
|
||||
rustup
|
||||
shellcheck
|
||||
shfmt
|
||||
stow
|
||||
tealdeer
|
||||
w3m
|
||||
zsh-nix-shell
|
||||
];
|
||||
|
||||
home = {
|
||||
username = "jas";
|
||||
homeDirectory = "/home/jas";
|
||||
stateVersion = "23.05";
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userEmail = "23226432+hyperreal64@users.noreply.github.com";
|
||||
userName = "Jeffrey Serio";
|
||||
extraConfig = {
|
||||
safe.directory = "/etc/nixos";
|
||||
core = {
|
||||
editor = "vim";
|
||||
pager = "diff-so-fancy | less --tabs=4 -RFX";
|
||||
};
|
||||
init.defaultBranch = "main";
|
||||
pull.rebase = true;
|
||||
};
|
||||
};
|
||||
|
||||
programs.gpg = {
|
||||
enable = true;
|
||||
settings = {
|
||||
default-key = "0x9129BD07C3509CED";
|
||||
no-emit-version = true;
|
||||
no-comments = true;
|
||||
display-charset = "utf-8";
|
||||
keyid-format = "0xlong";
|
||||
with-fingerprint = true;
|
||||
use-agent = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
defaultCacheTtl = 1800;
|
||||
enableSshSupport = true;
|
||||
};
|
||||
|
||||
programs.fzf = {
|
||||
enable = true;
|
||||
defaultCommand = "fd --type f";
|
||||
};
|
||||
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
config = {
|
||||
pager = "less -FR";
|
||||
theme = "Catppuccin-Mocha";
|
||||
};
|
||||
};
|
||||
|
||||
manual.json.enable = true;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
virtualisation.lxc.lxcfs.enable = true;
|
||||
virtualisation.lxd.enable = true;
|
||||
users.users.jas = {
|
||||
extraGroups = ["lxd"];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
# Hostname
|
||||
networking.hostName = "evergloam";
|
||||
|
||||
# NetworkManager
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# firewall config
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowPing = true;
|
||||
allowedTCPPorts = [22 4444 8000 9000 9999 35353 35354];
|
||||
};
|
||||
|
||||
networking.hosts = {
|
||||
"10.0.0.27" = ["logs.local"];
|
||||
"10.0.0.159" = ["truenas.local"];
|
||||
"10.0.0.223" = ["soft-serve.local"];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
users.users = {
|
||||
root.shell = pkgs.zsh;
|
||||
jas = {
|
||||
description = "Jeffrey Serio";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
enable = lib.mkDefault true;
|
||||
extraRules = [
|
||||
{
|
||||
users = ["jas"];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = ["SETENV" "NOPASSWD"];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,62 @@
|
|||
{
|
||||
networking.hostId = "1eceb95c";
|
||||
|
||||
services.znapzend = {
|
||||
enable = true;
|
||||
autoCreation = true;
|
||||
zetup = {
|
||||
"rpool/nixos" = {
|
||||
enable = true;
|
||||
plan = "1y=>1d";
|
||||
recursive = false;
|
||||
destinations.remote = {
|
||||
host = "root@truenas.local";
|
||||
dataset = "nas/nexus";
|
||||
};
|
||||
};
|
||||
|
||||
"si-pool/lxd/containers/debian-archive" = {
|
||||
enable = true;
|
||||
plan = "1y=>1d";
|
||||
recursive = false;
|
||||
destinations.remote = {
|
||||
host = "root@truenas.local";
|
||||
dataset = "nas/debian-archive";
|
||||
};
|
||||
};
|
||||
|
||||
"si-pool/lxd/containers/debian-serv" = {
|
||||
enable = true;
|
||||
plan = "1y=>1d";
|
||||
recursive = false;
|
||||
destinations.remote = {
|
||||
host = "root@truenas.local";
|
||||
dataset = "nas/debian-serv";
|
||||
};
|
||||
};
|
||||
|
||||
"si-pool/lxd/containers/ubuntu-mastodon" = {
|
||||
enable = true;
|
||||
plan = "1y=>1d";
|
||||
recursive = false;
|
||||
destinations.remote = {
|
||||
host = "root@truenas.local";
|
||||
dataset = "nas/ubuntu-mastodon";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
|
||||
services.sanoid = {
|
||||
enable = true;
|
||||
datasets.rpool = {
|
||||
hourly = 24;
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 12;
|
||||
recursive = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue