using conf structure as sondr3

2021-07-01 02:02:55 +02:00 · 2021-07-01 02:02:55 +02:00 · e506d344da
commit e506d344da
parent b37d418816
7 changed files with 395 additions and 0 deletions
--- a/common.nix
+++ b/common.nix
@ -0,0 +1,25 @@
+{ pkgs, variables, ... }:
+
+{
+  # Select internationalisation properties.
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  nix = {
+    autoOptimiseStore = true;
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+      "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+  };
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+  };
+}
--- a/hosts/gAluminum/configuration.nix
+++ b/hosts/gAluminum/configuration.nix
@ -0,0 +1,113 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [ ./hardware-configuration.nix ];
+
+  nixpkgs.config.allowUnfree = true;
+  networking.hostName = "gAluminum";
+
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Xserver
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.layout = "us";
+  services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.giulio = {
+    description = "Giulio De Pasquale";
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" "docker" "networkmanager" ];
+  };
+  programs.zsh.enableCompletion = true;  
+  programs.zsh.enableBashCompletion = true;
+  services.dbus.packages = with pkgs; [ gnome3.dconf ];
+  services.udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ]; 
+  environment.systemPackages = with pkgs; [
+    wget
+    git
+    pciutils
+    curl
+    virtualbox
+    cmake
+    ninja
+    gdb
+    htop
+    glances
+    tcpdump
+    restic
+    gnomeExtensions.appindicator
+    binutils
+    efibootmgr
+    neovim
+    home-manager
+  ];
+
+  fonts.fonts = with pkgs; [cascadia-code];
+
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+  security.pam.services.gdm.enableGnomeKeyring = true;
+
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+
+  boot.loader.systemd-boot.enable = true;
+  boot.initrd.luks.devices = {
+    root = {
+      device = "/dev/disk/by-uuid/c2bac3a6-0999-4e1d-a676-bf4bcafee2d4";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  networking.wg-quick.interfaces = {
+    giupi = {
+      address = ["10.3.0.2/32"];
+      privateKeyFile = "/etc/wireguard/giupi.key";
+      dns = ["10.3.0.1"];
+      peers = [
+        {
+          publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw=";
+          allowedIPs = ["0.0.0.0/0"];
+          endpoint = "giugl.io:1194";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  fileSystems."/tmp" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = ["size=2G"];
+  };
+
+  fileSystems."/home/giulio/Downloads" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = ["size=3G"];
+  };
+}
+
--- a/hosts/gAluminum/hardware-configuration.nix
+++ b/hosts/gAluminum/hardware-configuration.nix
@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/92ad62ff-627e-4fd7-9ced-0c0716d3f848";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/dev/disk/by-uuid/3008-4A28";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
--- a/hosts/giupi/default.nix
+++ b/hosts/giupi/default.nix
@ -0,0 +1,174 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, variables, ... }:
+
+let 
+  lan_address = "10.0.0.8";
+  pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
+  hostname = "giupi";
+in {
+  imports =
+    [ # Include the results of the hardware scan.
+    ./hardware.nix
+    ../../variables.nix
+    ../../common.nix
+    ../../users.nix
+  ];
+    
+    variables.hostname = hostname;
+
+    # Set your time zone.
+    time.timeZone = "Europe/Rome";
+
+    networking = {
+      hostName = hostname;
+      useDHCP = false;
+      interfaces = {
+        enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }];
+        enp6s0.useDHCP = false;
+        wlp4s0.useDHCP = false;
+      };
+      defaultGateway = "10.0.0.1";
+      extraHosts = ''
+        127.0.0.1	${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost
+
+# LAN
+${lan_address}	${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
+
+        10.0.0.1	router.devs.giugl.io
+        10.0.0.2	dvr.devs.giugl.io
+        10.0.0.3	nas.devs.giugl.io
+
+# Wireguard hosts
+        10.3.0.1	${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
+        10.3.0.2	galuminum.devs.giugl.io
+        10.3.0.3	oneplus.devs.giugl.io
+        10.3.0.4	ipad.devs.giugl.io
+        10.3.0.5	manduria.devs.giugl.io
+        10.3.0.6	antonio.devs.giugl.io
+        10.3.0.7	gbeast.devs.giugl.io
+        10.3.0.8	parisa-phone.devs.giugl.io
+        10.3.0.9	parisa-pc.devs.giugl.io
+        10.3.0.10	peppiniell.devs.giugl.io
+        10.3.0.11	padulino.devs.giugl.io
+        10.3.0.12	shield.devs.giugl.io
+        10.3.0.13	angelino.devs.giugl.io
+        10.3.0.14	peposone.devs.giugl.io
+        10.3.0.15	pepostwo.devs.giugl.io
+        10.3.0.100	eleonora.devs.giugl.io
+        10.3.0.200	broccolino.devs.giugl.io
+        10.3.0.201	hotpottino.devs.giugl.io
+
+# Blacklist
+        0.0.0.0		metrics.plex.tv
+        0.0.0.0		analytics.plex.tv
+        0.0.0.0		cdn.luckyorange.com
+        0.0.0.0		w1.luckyorange.com
+        0.0.0.0		browser.sentry-cdn.com
+        0.0.0.0		analytics.facebook.com
+        0.0.0.0		ads.facebook.com
+        0.0.0.0		extmaps-api.yandex.net
+        0.0.0.0		logservice.hicloud.com
+        0.0.0.0		logbak.hicloud.com
+        0.0.0.0		logservice1.hicloud.com
+        0.0.0.0		samsung-com.112.2o7.net
+        0.0.0.0		supportmetrics.apple.com
+        0.0.0.0		analytics.oneplus.cn
+        0.0.0.0		click.oneplus.cn
+        0.0.0.0 	analytics-api.samsunghealthcn.com
+
+# The following lines are desirable for IPv6 capable hosts
+        ::1     localhost ip6-localhost ip6-loopback
+        ff02::1 ip6-allnodes
+        ff02::2 ip6-allrouters
+      '';
+    };
+
+    boot = {
+      kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"];
+
+      initrd = {
+        availableKernelModules = ["igc" "r8169"];
+        network = {
+          enable = true;
+          ssh = {
+            enable = true;
+            port = 2222; 
+            hostKeys = [/boot/host_ecdsa_key];
+            authorizedKeys = pubkeys;
+          };
+
+          postCommands = ''
+            echo "zfs load-key -a; killall zfs" >> /root/.profile
+          '';
+        };
+      };
+
+      loader = {
+        systemd-boot.enable = true;
+        efi.canTouchEfiVariables = true;
+      };
+
+      supportedFilesystems = ["zfs"];          
+      zfs.requestEncryptionCredentials = true; 
+    };
+
+    networking.hostId = "49350853";
+    environment.systemPackages = with pkgs; 
+    [
+      neovim
+      docker
+      htop
+      glances
+      git
+      home-manager
+      openiscsi
+      wireguard
+      dnscrypt-proxy2
+      restic
+    ];
+
+
+    services = {
+      zfs.autoScrub.enable = true;
+      xserver.videoDrivers = [ "nvidia" ];
+
+      dnsmasq = {
+        enable = true;
+        servers = ["127.0.0.1#5353"];
+        extraConfig = ''
+            localise-queries
+        '';
+      };
+
+      dnscrypt-proxy2 = {
+        enable = true;
+        settings = {
+          listen_addresses = ["127.0.0.1:5353"];
+          ipv4_servers = true;
+          ipv6_servers = false;
+          dnscrypt_servers = true;
+          doh_servers = true;
+          require_nolog = true;
+          require_nofilter = true;
+          timeout = 350;
+          lb_strategy = "p4";
+          lb_estimator = true;
+          ignore_system_dns = true;
+          fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
+        };
+      };
+
+      openssh = {
+        enable = true;
+        passwordAuthentication = false;
+      };
+    };
+
+    system.stateVersion = "21.05"; # Did you read the comment?
+
+    users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
+  }
+
--- a/hosts/giupi/hardware.nix
+++ b/hosts/giupi/hardware.nix
@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "zpool/nixos/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "zpool/data/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AF19-5616";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}
--- a/users.nix
+++ b/users.nix
@ -0,0 +1,9 @@
+{config, pkgs, ...}:
+
+{
+  users.users.giulio = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+}
--- a/variables.nix
+++ b/variables.nix
@ -0,0 +1,12 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  options.variables = mkOption {
+    type = types.attrs;
+    default = {};
+  };
+
+  config._module.args.variables = config.variables;
+}