From e457c48757a7f39a591ea9e33d838ecdf04fe763 Mon Sep 17 00:00:00 2001
From: jopejoe1 <johannes@joens.email>
Date: Tue, 9 Jul 2024 10:43:13 +0200
Subject: [PATCH] nix: basic system config

---
 flake.lock      |  81 +++++++++++++++++++++++++++++++++-
 flake.nix       |  23 ++++++++++
 nix/default.nix |   1 +
 nix/infra.nix   | 114 ++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 218 insertions(+), 1 deletion(-)
 create mode 100644 nix/infra.nix

diff --git a/flake.lock b/flake.lock
index ed5e17d..c4cbe4c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,61 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1720402389,
+        "narHash": "sha256-zJv6euDOrJWMHBhxfp/ay+Dvjwpe8YtMuEI5b09bxmo=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "f1a00e7f55dc266ef286cc6fc8458fa2b5ca2414",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1719708727,
+        "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1720055043,
+        "narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "168b220231a70e47cc1f0919048fa5914415fb18",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1720031269,
@@ -18,7 +74,30 @@
     },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "disko": "disko",
+        "nixos-generators": "nixos-generators",
+        "nixpkgs": "nixpkgs",
+        "srvos": "srvos"
+      }
+    },
+    "srvos": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1720400448,
+        "narHash": "sha256-v7JVJ8H1PyH7/8EU72mz7wzxJ1OLE/h3NCqQyZ6ONjs=",
+        "owner": "nix-community",
+        "repo": "srvos",
+        "rev": "21a3259985e3cddc455f64ad66d4a825b39934ad",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "srvos",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 3a745d1..86fc059 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,9 +3,32 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    srvos = {
+      url = "github:nix-community/srvos";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = inputs@{ self, nixpkgs, ... }: {
+    nixosConfigurations = {
+      main = nixpkgs.lib.nixosSystem rec {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+        modules = [
+          ./nix/infra.nix
+          #inputs.srvos.nixosModules.server
+          inputs.nixos-generators.nixosModules.all-formats
+        ];
+      };
+    };
     legacyPackages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./nix {
       inherit system inputs;
       pkgs = nixpkgs.legacyPackages.${system};
diff --git a/nix/default.nix b/nix/default.nix
index 0dfc887..9be12ab 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -4,4 +4,5 @@
   native = pkgs.callPackage ./native.nix {};
   backend = pkgs.callPackage ./backend.nix {};
   web = pkgs.callPackage ./web.nix {};
+  docker = inputs.self.nixosConfigurations.main.config.formats.docker;
 }
diff --git a/nix/infra.nix b/nix/infra.nix
new file mode 100644
index 0000000..c2334e9
--- /dev/null
+++ b/nix/infra.nix
@@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
+
+{
+  system.stateVersion = "24.11";
+  nixpkgs.hostPlatform = {
+    system = "x86_64-linux";
+    config = "x86_64-unknown-linux-gnu";
+  };
+  networking.hostName = "Main";
+  time.timeZone = "Europe/Berlin";
+
+  xdg = {
+    mime.enable = true;
+    autostart.enable = true;
+  };
+
+  i18n = {
+    defaultLocale = "en_NZ.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "de_DE.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+      LC_CTYPE = "de_DE.UTF-8";
+      LC_COLLATE = "de_DE.UTF-8";
+      LC_MESSAGES = "en_NZ.UTF-8";
+    };
+  };
+
+  environment.variables = {
+    LOG_ICONS = "true";
+  };
+
+  services.openssh = {
+    enable = true;
+    banner = "Hackers are in Your System!!!\n";
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+    };
+  };
+
+  fonts.fontDir.enable = true;
+
+  networking.firewall.enable = lib.mkForce false;
+
+  nix = {
+    settings = {
+      substituters = lib.mkForce [
+        "https://cache.nixos.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = lib.mkForce [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      trusted-users = [ "root" ];
+      sandbox = true;
+      require-sigs = true;
+      max-jobs = "auto";
+      auto-optimise-store = true;
+      allowed-users = [ "*" ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      warn-dirty = true;
+      use-xdg-base-directories = true;
+      keep-going = true;
+      builders-use-substitutes = true;
+    };
+    distributedBuilds = true;
+    package = pkgs.lix;
+    registry = lib.mkForce ((lib.mapAttrs (_: flake: { inherit flake; })) ((lib.filterAttrs (_: lib.isType "flake")) self.inputs) // {
+      self.flake = self;
+    });
+    nixPath = lib.mkForce [ "/etc/nix/path" ];
+  };
+
+  nixpkgs = {
+    config ={
+      allowUnfree = true;
+    };
+  };
+
+  environment.etc = lib.mapAttrs' (name: value: { name = "nix/path/${name}"; value.source = value.flake; }) config.nix.registry;
+
+  services.postgresql.enable = true;
+
+  users.users.master = {
+    isNormalUser = true;
+    shell = pkgs.nushell;
+    hashedPassword = "$2b$05$q5oW9Q25AjVAic1KY1xrIOZ6cyuleRxbsuMlW998lzOk6Us8Rplnq";
+    extraGroups = [ "wheel" ];
+    uid = 1000;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe root@zap"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB johannes@joens.email"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami"
+    ];
+  };
+}