Merge branch 'master' of https://giugl.io/gitea/peperunas/nixos

common.nix

@@ -0,0 +1,25 @@
+{ pkgs, variables, ... }:
+
+{
+  # Select internationalisation properties.
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  nix = {
+    autoOptimiseStore = true;
+    nixPath = [
+      "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+      "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix"
+      "/nix/var/nix/profiles/per-user/root/channels"
+    ];
+  };
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+  };
+}

hosts/giupi/default.nix

@@ -0,0 +1,176 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, variables, ... }:
+
+let 
+  lan_address = "10.0.0.8";
+  pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
+  hostname = "giupi";
+in {
+  imports =
+    [ # Include the results of the hardware scan.
+    ./hardware.nix
+    ../../variables.nix
+    ../../common.nix
+    ../../users.nix
+  ];
+
+  boot = {
+    kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"];
+
+    initrd = {
+      availableKernelModules = ["igc" "r8169"];
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = 2222; 
+          hostKeys = [/boot/host_ecdsa_key];
+          authorizedKeys = pubkeys;
+        };
+
+        postCommands = ''
+            echo "zfs load-key -a; killall zfs" >> /root/.profile
+        '';
+      };
+    };
+
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    supportedFilesystems = ["zfs"];          
+    zfs.requestEncryptionCredentials = true; 
+  };
+
+  variables.hostname = hostname;
+
+  time.timeZone = "Europe/Rome";
+
+  networking = {
+    hostName = hostname;
+    hostId = "49350853";
+    useDHCP = false;
+    interfaces = {
+      enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }];
+      enp6s0.useDHCP = false;
+      wlp4s0.useDHCP = false;
+    };
+    defaultGateway = "10.0.0.1";
+    extraHosts = ''
+        127.0.0.1	${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost
+
+# LAN
+${lan_address}	${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
+
+        10.0.0.1	router.devs.giugl.io
+        10.0.0.2	dvr.devs.giugl.io
+        10.0.0.3	nas.devs.giugl.io
+
+# Wireguard hosts
+        10.3.0.1	${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
+        10.3.0.2	galuminum.devs.giugl.io
+        10.3.0.3	oneplus.devs.giugl.io
+        10.3.0.4	ipad.devs.giugl.io
+        10.3.0.5	manduria.devs.giugl.io
+        10.3.0.6	antonio.devs.giugl.io
+        10.3.0.7	gbeast.devs.giugl.io
+        10.3.0.8	parisa-phone.devs.giugl.io
+        10.3.0.9	parisa-pc.devs.giugl.io
+        10.3.0.10	peppiniell.devs.giugl.io
+        10.3.0.11	padulino.devs.giugl.io
+        10.3.0.12	shield.devs.giugl.io
+        10.3.0.13	angelino.devs.giugl.io
+        10.3.0.14	peposone.devs.giugl.io
+        10.3.0.15	pepostwo.devs.giugl.io
+        10.3.0.100	eleonora.devs.giugl.io
+        10.3.0.200	broccolino.devs.giugl.io
+        10.3.0.201	hotpottino.devs.giugl.io
+
+# Blacklist
+        0.0.0.0		metrics.plex.tv
+        0.0.0.0		analytics.plex.tv
+        0.0.0.0		cdn.luckyorange.com
+        0.0.0.0		w1.luckyorange.com
+        0.0.0.0		browser.sentry-cdn.com
+        0.0.0.0		analytics.facebook.com
+        0.0.0.0		ads.facebook.com
+        0.0.0.0		extmaps-api.yandex.net
+        0.0.0.0		logservice.hicloud.com
+        0.0.0.0		logbak.hicloud.com
+        0.0.0.0		logservice1.hicloud.com
+        0.0.0.0		samsung-com.112.2o7.net
+        0.0.0.0		supportmetrics.apple.com
+        0.0.0.0		analytics.oneplus.cn
+        0.0.0.0		click.oneplus.cn
+        0.0.0.0 	analytics-api.samsunghealthcn.com
+
+# The following lines are desirable for IPv6 capable hosts
+        ::1     localhost ip6-localhost ip6-loopback
+        ff02::1 ip6-allnodes
+        ff02::2 ip6-allrouters
+    '';
+  };
+
+  environment.systemPackages = with pkgs; 
+  [
+    neovim
+    docker
+    htop
+    glances
+    git
+    home-manager
+    openiscsi
+    wireguard
+    dnscrypt-proxy2
+    restic
+  ];
+
+  hardware = {
+    cpu.amd.updateMicrocode = true;
+  };
+
+  services = {
+    zfs.autoScrub.enable = true;
+    xserver.videoDrivers = [ "nvidia" ];
+
+    dnsmasq = {
+      enable = true;
+      servers = ["127.0.0.1#5353"];
+      extraConfig = ''
+            localise-queries
+      '';
+    };
+
+    dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        listen_addresses = ["127.0.0.1:5353"];
+        ipv4_servers = true;
+        ipv6_servers = false;
+        dnscrypt_servers = true;
+        doh_servers = true;
+        require_nolog = true;
+        require_nofilter = true;
+        timeout = 350;
+        lb_strategy = "p4";
+        lb_estimator = true;
+        ignore_system_dns = true;
+        fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
+      };
+    };
+
+    openssh = {
+      enable = true;
+      passwordAuthentication = false;
+    };
+  };
+
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+  users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
+}
+

hosts/giupi/hardware.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "zpool/nixos/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "zpool/data/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AF19-5616";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+}

users.nix

@@ -0,0 +1,10 @@
+{config, pkgs, ...}:
+
+{
+  users.users.giulio = {
+    description = "Giulio De Pasquale";
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+}

variables.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  options.variables = mkOption {
+    type = types.attrs;
+    default = {};
+  };
+
+  config._module.args.variables = config.variables;
+}