From e4dcbc1ee2cebd3b2229a69e0e66bb9c3048d9a8 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Fri, 26 Apr 2024 11:12:21 +0200 Subject: [PATCH] Inital Server Config --- flake.nix | 45 +++++++++++ systems.nix | 116 +++++++++++++++++++++++++++++ systems/raspberry4/default.nix | 54 ++++++++++++++ systems/sukuna-biko-na/default.nix | 49 ++++++++++++ users/jopejoe1/default.nix | 72 ++++++++++++++++++ users/root/default.nix | 72 ++++++++++++++++++ 6 files changed, 408 insertions(+) create mode 100644 flake.nix create mode 100644 systems.nix create mode 100644 systems/raspberry4/default.nix create mode 100644 systems/sukuna-biko-na/default.nix create mode 100644 users/jopejoe1/default.nix create mode 100644 users/root/default.nix diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..685f217 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "jopejoe1 NixOS configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs"; + + # Outputs + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Modules + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware.url = "github:NixOS/nixos-hardware"; + srvos = { + url = "github:nix-community/srvos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + snm = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Utility + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.disko.follows = "disko"; + }; + }; + + outputs = + inputs@{ self, nixpkgs, ... }: + { + nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; }; + }; +} diff --git a/systems.nix b/systems.nix new file mode 100644 index 0000000..a80aa2c --- /dev/null +++ b/systems.nix @@ -0,0 +1,116 @@ +{ + self, + nixpkgs, + inputs, +}: + +let + mkSystem = + systemConfig: name: + nixpkgs.lib.nixosSystem rec { + system = + builtins.replaceStrings + [ + "-unknown-" + "-gnu" + ] + [ + "-" + "" + ] + systemConfig; + specialArgs = inputs; + modules = [ + ./systems/${name} + self.outputs.nixosModules.default + { + system.stateVersion = "24.05"; + nixpkgs.hostPlatform = { + system = system; + config = systemConfig; + }; + networking.hostName = name; + + nix = { + settings = { + substituters = lib.mkForce [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = lib.mkForce [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + trusted-users = [ "root" ]; + sandbox = true; + require-sigs = true; + max-jobs = "auto"; + auto-optimise-store = true; + allowed-users = [ "*" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + warn-dirty = true; + use-xdg-base-directories = true; + keep-going = true; + builders-use-substitutes = true; + }; + distributedBuilds = true; + package = pkgs.nixVersions.unstable; + registry = lib.mkForce ( + (lib.mapAttrs (_: flake: { inherit flake; })) ( + (lib.filterAttrs (_: lib.isType "flake")) self.inputs + ) + // { + self.flake = self; + } + ); + nixPath = lib.mkForce [ "/etc/nix/path" ]; + }; + + nixpkgs = { + config = { + allowUnfree = true; + nvidia.acceptLicense = true; + }; + }; + + environment.etc = lib.mapAttrs' (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) config.nix.registry; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + }; + + systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000; + + networking.hosts = { + "192.168.191.46" = [ "zap" ]; + "192.168.191.142" = [ "kuraokami" ]; + "2a01:4f8:1c1e:7f93::1" = [ "bloomshine.de" ]; + }; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + services.openssh = { + enable = true; + banner = "Hackers are in Your System!!!\n"; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + } + ]; + }; +in +{ + sukuna-biko-na = mkSystem "aarch64-unknown-linux-gnu" "sukuna-biko-na"; + raspberry4 = mkSystem "aarch64-unknown-linux-gnu" "raspberry4"; +} diff --git a/systems/raspberry4/default.nix b/systems/raspberry4/default.nix new file mode 100644 index 0000000..8cdbf6a --- /dev/null +++ b/systems/raspberry4/default.nix @@ -0,0 +1,54 @@ +{ + modulesPath, + lib, + nixos-hardware, + pkgs, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + nixos-hardware.nixosModules.raspberry-pi-4 + ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" ]; + }; + kernelPackages = pkgs.linuxPackages_latest; + }; + + boot.supportedFilesystems = lib.mkForce [ + "btrfs" + "cifs" + "f2fs" + "jfs" + "ntfs" + "reiserfs" + "vfat" + "xfs" + "bchachefs" + ]; + + #hardware.raspberry-pi."4".fkms-3d.enable = true; + + jopejoe1 = { + bluetooth.enable = true; + local.enable = true; + nix.enable = true; + user = { + jopejoe1.enable = true; + root.enable = true; + }; + ssh.enable = true; + }; + + networking = { + useDHCP = lib.mkDefault true; + }; + + services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; + + powerManagement.cpuFreqGovernor = "ondemand"; +} diff --git a/systems/sukuna-biko-na/default.nix b/systems/sukuna-biko-na/default.nix new file mode 100644 index 0000000..9b5b360 --- /dev/null +++ b/systems/sukuna-biko-na/default.nix @@ -0,0 +1,49 @@ +{ + modulesPath, + lib, + nixos-hardware, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + nixos-hardware.nixosModules.raspberry-pi-4 + ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" ]; + }; + loader = { + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + hardware.raspberry-pi."4".fkms-3d.enable = true; + + jopejoe1 = { + audio.enable = true; + bluetooth.enable = true; + local.enable = true; + nix.enable = true; + kodi.enable = true; + plasma.enable = true; + user = { + jopejoe1.enable = true; + root.enable = true; + }; + ssh.enable = true; + }; + + networking = { + useDHCP = lib.mkDefault true; + }; + + powerManagement.cpuFreqGovernor = "ondemand"; +} diff --git a/users/jopejoe1/default.nix b/users/jopejoe1/default.nix new file mode 100644 index 0000000..d6dab5b --- /dev/null +++ b/users/jopejoe1/default.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: + +{ + users.users.jopejoe1 = { + hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email" + ]; + }; + home-manager.users.jopejoe1 = { + home = { + username = config.users.users.jopejoe1.name; + homeDirectory = config.users.users.jopejoe1.home; + stateVersion = config.system.stateVersion; + sessionVariables = { + XCOMPOSECACHE = "${config.xdg.cacheHome}/X11/xcompos"; + XAUTHORITY = "$XDG_RUNTIME_DIR/Xauthority"; + ANDROID_HOME = "${config.xdg.dataHome}/android"; + CUDA_CACHE_PATH = "${config.xdg.cacheHome}/nv"; + GRADLE_USER_HOME = "${config.xdg.dataHome}/gradle"; + KODI_DATA = "${config.xdg.dataHome}/kodi"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${config.xdg.configHome}/java"; + WINEPREFIX = "${config.xdg.dataHome}/wine"; + }; + }; + + programs = { + lazygit.enable = true; + git = { + enable = true; + package = pkgs.git; + extraConfig = { + core = { + whitespace = [ + "blank-at-eol" + "blank-at-eof" + "space-before-tab" + ]; + }; + }; + }; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg"; + }; + }; + xdg = { + enable = true; + mime.enable = true; + cacheHome = "${config.home.homeDirectory}/.cache"; + configHome = "${config.home.homeDirectory}/.config"; + dataHome = "${config.home.homeDirectory}/.local/share"; + stateHome = "${config.home.homeDirectory}/.local/state"; + userDirs = { + enable = true; + createDirectories = true; + desktop = "${config.home.homeDirectory}/Desktop"; + documents = "${config.home.homeDirectory}/Documents"; + download = "${config.home.homeDirectory}/Downloads"; + music = "${config.home.homeDirectory}/Music"; + pictures = "${config.home.homeDirectory}/Pictures"; + publicShare = "${config.home.homeDirectory}/Public"; + templates = "${config.home.homeDirectory}/Templates"; + videos = "${config.home.homeDirectory}/Videos"; + }; + }; + }; +} diff --git a/users/root/default.nix b/users/root/default.nix new file mode 100644 index 0000000..49aa9c0 --- /dev/null +++ b/users/root/default.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: + +{ + users.users.root = { + hashedPassword = "$2b$05$Uk84TY/RHlH8DIigUlFYjeorjTlCMEY9wN2pAcw5BLaPoc7dKiSsC"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh johannes@joens.email" + ]; + }; + home-manager.users.root = { + home = { + username = config.users.users.root.name; + homeDirectory = config.users.users.root.home; + stateVersion = config.system.stateVersion; + sessionVariables = { + XCOMPOSECACHE = "${config.xdg.cacheHome}/X11/xcompos"; + XAUTHORITY = "$XDG_RUNTIME_DIR/Xauthority"; + ANDROID_HOME = "${config.xdg.dataHome}/android"; + CUDA_CACHE_PATH = "${config.xdg.cacheHome}/nv"; + GRADLE_USER_HOME = "${config.xdg.dataHome}/gradle"; + KODI_DATA = "${config.xdg.dataHome}/kodi"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot=${config.xdg.configHome}/java"; + WINEPREFIX = "${config.xdg.dataHome}/wine"; + }; + }; + + programs = { + lazygit.enable = true; + git = { + enable = true; + package = pkgs.git; + extraConfig = { + core = { + whitespace = [ + "blank-at-eol" + "blank-at-eof" + "space-before-tab" + ]; + }; + }; + }; + direnv = { + enable = true; + nix-direnv.enable = true; + }; + gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg"; + }; + }; + xdg = { + enable = true; + mime.enable = true; + cacheHome = "${config.home.homeDirectory}/.cache"; + configHome = "${config.home.homeDirectory}/.config"; + dataHome = "${config.home.homeDirectory}/.local/share"; + stateHome = "${config.home.homeDirectory}/.local/state"; + userDirs = { + enable = true; + createDirectories = true; + desktop = "${config.home.homeDirectory}/Desktop"; + documents = "${config.home.homeDirectory}/Documents"; + download = "${config.home.homeDirectory}/Downloads"; + music = "${config.home.homeDirectory}/Music"; + pictures = "${config.home.homeDirectory}/Pictures"; + publicShare = "${config.home.homeDirectory}/Public"; + templates = "${config.home.homeDirectory}/Templates"; + videos = "${config.home.homeDirectory}/Videos"; + }; + }; + }; +}