From e506d344daa765c11138c6336820ca1ce55561be Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 1 Jul 2021 02:02:55 +0200 Subject: [PATCH] using conf structure as sondr3 --- common.nix | 25 +++ hosts/gAluminum/configuration.nix | 113 +++++++++++++ hosts/gAluminum/hardware-configuration.nix | 29 ++++ hosts/giupi/default.nix | 174 +++++++++++++++++++++ hosts/giupi/hardware.nix | 33 ++++ users.nix | 9 ++ variables.nix | 12 ++ 7 files changed, 395 insertions(+) create mode 100644 common.nix create mode 100644 hosts/gAluminum/configuration.nix create mode 100644 hosts/gAluminum/hardware-configuration.nix create mode 100644 hosts/giupi/default.nix create mode 100644 hosts/giupi/hardware.nix create mode 100644 users.nix create mode 100644 variables.nix diff --git a/common.nix b/common.nix new file mode 100644 index 0000000..13fe971 --- /dev/null +++ b/common.nix @@ -0,0 +1,25 @@ +{ pkgs, variables, ... }: + +{ + # Select internationalisation properties. + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + nix = { + autoOptimiseStore = true; + nixPath = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" + "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + }; +} diff --git a/hosts/gAluminum/configuration.nix b/hosts/gAluminum/configuration.nix new file mode 100644 index 0000000..5ac188a --- /dev/null +++ b/hosts/gAluminum/configuration.nix @@ -0,0 +1,113 @@ +{ config, pkgs, ... }: + +{ + imports = [ ./hardware-configuration.nix ]; + + nixpkgs.config.allowUnfree = true; + networking.hostName = "gAluminum"; + + time.timeZone = "Europe/London"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + # Xserver + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.layout = "us"; + services.xserver.xkbOptions = "eurosign:e"; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.giulio = { + description = "Giulio De Pasquale"; + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ "wheel" "docker" "networkmanager" ]; + }; + programs.zsh.enableCompletion = true; + programs.zsh.enableBashCompletion = true; + services.dbus.packages = with pkgs; [ gnome3.dconf ]; + services.udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ]; + environment.systemPackages = with pkgs; [ + wget + git + pciutils + curl + virtualbox + cmake + ninja + gdb + htop + glances + tcpdump + restic + gnomeExtensions.appindicator + binutils + efibootmgr + neovim + home-manager + ]; + + fonts.fonts = with pkgs; [cascadia-code]; + + system.stateVersion = "21.05"; # Did you read the comment? + + security.pam.services.gdm.enableGnomeKeyring = true; + + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + boot.loader.systemd-boot.enable = true; + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/c2bac3a6-0999-4e1d-a676-bf4bcafee2d4"; + preLVM = true; + allowDiscards = true; + }; + }; + + networking.wg-quick.interfaces = { + giupi = { + address = ["10.3.0.2/32"]; + privateKeyFile = "/etc/wireguard/giupi.key"; + dns = ["10.3.0.1"]; + peers = [ + { + publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "giugl.io:1194"; + persistentKeepalive = 25; + } + ]; + }; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["size=2G"]; + }; + + fileSystems."/home/giulio/Downloads" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["size=3G"]; + }; +} + diff --git a/hosts/gAluminum/hardware-configuration.nix b/hosts/gAluminum/hardware-configuration.nix new file mode 100644 index 0000000..6be79c6 --- /dev/null +++ b/hosts/gAluminum/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/92ad62ff-627e-4fd7-9ced-0c0716d3f848"; + fsType = "ext4"; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/3008-4A28"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/giupi/default.nix b/hosts/giupi/default.nix new file mode 100644 index 0000000..5a50726 --- /dev/null +++ b/hosts/giupi/default.nix @@ -0,0 +1,174 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, variables, ... }: + +let + lan_address = "10.0.0.8"; + pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; + hostname = "giupi"; +in { + imports = + [ # Include the results of the hardware scan. + ./hardware.nix + ../../variables.nix + ../../common.nix + ../../users.nix + ]; + + variables.hostname = hostname; + + # Set your time zone. + time.timeZone = "Europe/Rome"; + + networking = { + hostName = hostname; + useDHCP = false; + interfaces = { + enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }]; + enp6s0.useDHCP = false; + wlp4s0.useDHCP = false; + }; + defaultGateway = "10.0.0.1"; + extraHosts = '' + 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost + +# LAN +${lan_address} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io + + 10.0.0.1 router.devs.giugl.io + 10.0.0.2 dvr.devs.giugl.io + 10.0.0.3 nas.devs.giugl.io + +# Wireguard hosts + 10.3.0.1 ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io + 10.3.0.2 galuminum.devs.giugl.io + 10.3.0.3 oneplus.devs.giugl.io + 10.3.0.4 ipad.devs.giugl.io + 10.3.0.5 manduria.devs.giugl.io + 10.3.0.6 antonio.devs.giugl.io + 10.3.0.7 gbeast.devs.giugl.io + 10.3.0.8 parisa-phone.devs.giugl.io + 10.3.0.9 parisa-pc.devs.giugl.io + 10.3.0.10 peppiniell.devs.giugl.io + 10.3.0.11 padulino.devs.giugl.io + 10.3.0.12 shield.devs.giugl.io + 10.3.0.13 angelino.devs.giugl.io + 10.3.0.14 peposone.devs.giugl.io + 10.3.0.15 pepostwo.devs.giugl.io + 10.3.0.100 eleonora.devs.giugl.io + 10.3.0.200 broccolino.devs.giugl.io + 10.3.0.201 hotpottino.devs.giugl.io + +# Blacklist + 0.0.0.0 metrics.plex.tv + 0.0.0.0 analytics.plex.tv + 0.0.0.0 cdn.luckyorange.com + 0.0.0.0 w1.luckyorange.com + 0.0.0.0 browser.sentry-cdn.com + 0.0.0.0 analytics.facebook.com + 0.0.0.0 ads.facebook.com + 0.0.0.0 extmaps-api.yandex.net + 0.0.0.0 logservice.hicloud.com + 0.0.0.0 logbak.hicloud.com + 0.0.0.0 logservice1.hicloud.com + 0.0.0.0 samsung-com.112.2o7.net + 0.0.0.0 supportmetrics.apple.com + 0.0.0.0 analytics.oneplus.cn + 0.0.0.0 click.oneplus.cn + 0.0.0.0 analytics-api.samsunghealthcn.com + +# The following lines are desirable for IPv6 capable hosts + ::1 localhost ip6-localhost ip6-loopback + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + ''; + }; + + boot = { + kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"]; + + initrd = { + availableKernelModules = ["igc" "r8169"]; + network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = [/boot/host_ecdsa_key]; + authorizedKeys = pubkeys; + }; + + postCommands = '' + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; + }; + }; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + supportedFilesystems = ["zfs"]; + zfs.requestEncryptionCredentials = true; + }; + + networking.hostId = "49350853"; + environment.systemPackages = with pkgs; + [ + neovim + docker + htop + glances + git + home-manager + openiscsi + wireguard + dnscrypt-proxy2 + restic + ]; + + + services = { + zfs.autoScrub.enable = true; + xserver.videoDrivers = [ "nvidia" ]; + + dnsmasq = { + enable = true; + servers = ["127.0.0.1#5353"]; + extraConfig = '' + localise-queries + ''; + }; + + dnscrypt-proxy2 = { + enable = true; + settings = { + listen_addresses = ["127.0.0.1:5353"]; + ipv4_servers = true; + ipv6_servers = false; + dnscrypt_servers = true; + doh_servers = true; + require_nolog = true; + require_nofilter = true; + timeout = 350; + lb_strategy = "p4"; + lb_estimator = true; + ignore_system_dns = true; + fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; + }; + }; + + openssh = { + enable = true; + passwordAuthentication = false; + }; + }; + + system.stateVersion = "21.05"; # Did you read the comment? + + users.users.giulio.openssh.authorizedKeys.keys = pubkeys; + } + diff --git a/hosts/giupi/hardware.nix b/hosts/giupi/hardware.nix new file mode 100644 index 0000000..7fbd1f9 --- /dev/null +++ b/hosts/giupi/hardware.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zpool/nixos/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "zpool/data/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AF19-5616"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + +} diff --git a/users.nix b/users.nix new file mode 100644 index 0000000..70cd3be --- /dev/null +++ b/users.nix @@ -0,0 +1,9 @@ +{config, pkgs, ...}: + +{ + users.users.giulio = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + }; +} diff --git a/variables.nix b/variables.nix new file mode 100644 index 0000000..8516086 --- /dev/null +++ b/variables.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: + +with lib; + +{ + options.variables = mkOption { + type = types.attrs; + default = {}; + }; + + config._module.args.variables = config.variables; +}