From 3b8a6567b281c89ddcec6466a0d3057e4a342284 Mon Sep 17 00:00:00 2001 From: GRMrGecko Date: Tue, 14 May 2024 09:29:16 -0500 Subject: [PATCH] Initial Config --- .gitignore | 2 + configure.sh | 246 ++++++++++++++++++ flake.lock | 86 ++++++ flake.nix | 81 ++++++ hosts/default/configuration.nix | 19 ++ hosts/tama/configuration.nix | 26 ++ install.sh | 20 ++ modules/home/git.nix | 9 + modules/home/zsh.nix | 8 + modules/nixos/common.nix | 100 +++++++ .../nixos/desktop-environments/hyperland.nix | 15 ++ modules/nixos/desktop-environments/plasma.nix | 7 + modules/nixos/desktop.nix | 88 +++++++ modules/nixos/disko-luks.nix | 65 +++++ modules/nixos/disko.nix | 59 +++++ modules/nixos/docker.nix | 13 + modules/nixos/gaming.nix | 11 + modules/nixos/management.nix | 21 ++ modules/nixos/monitoring.nix | 60 +++++ modules/nixos/network.nix | 21 ++ modules/nixos/users.nix | 50 ++++ modules/nixos/video-drivers/amdgpu.nix | 12 + modules/nixos/video-drivers/nvidia.nix | 43 +++ modules/nixos/video-drivers/qxl.nix | 13 + modules/nixos/virtualization.nix | 53 ++++ modules/nixos/zfs.nix | 14 + profiles/desktop.nix | 13 + profiles/gaming-pc.nix | 9 + profiles/virtual-machine-host.nix | 18 ++ rebuild.sh | 20 ++ rsync.sh | 8 + settings-default.nix | 30 +++ update.sh | 32 +++ users/main-user.nix | 24 ++ 34 files changed, 1296 insertions(+) create mode 100644 .gitignore create mode 100755 configure.sh create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/default/configuration.nix create mode 100644 hosts/tama/configuration.nix create mode 100755 install.sh create mode 100644 modules/home/git.nix create mode 100644 modules/home/zsh.nix create mode 100644 modules/nixos/common.nix create mode 100644 modules/nixos/desktop-environments/hyperland.nix create mode 100644 modules/nixos/desktop-environments/plasma.nix create mode 100644 modules/nixos/desktop.nix create mode 100644 modules/nixos/disko-luks.nix create mode 100644 modules/nixos/disko.nix create mode 100644 modules/nixos/docker.nix create mode 100644 modules/nixos/gaming.nix create mode 100644 modules/nixos/management.nix create mode 100644 modules/nixos/monitoring.nix create mode 100644 modules/nixos/network.nix create mode 100644 modules/nixos/users.nix create mode 100644 modules/nixos/video-drivers/amdgpu.nix create mode 100644 modules/nixos/video-drivers/nvidia.nix create mode 100644 modules/nixos/video-drivers/qxl.nix create mode 100644 modules/nixos/virtualization.nix create mode 100644 modules/nixos/zfs.nix create mode 100644 profiles/desktop.nix create mode 100644 profiles/gaming-pc.nix create mode 100644 profiles/virtual-machine-host.nix create mode 100755 rebuild.sh create mode 100755 rsync.sh create mode 100644 settings-default.nix create mode 100755 update.sh create mode 100644 users/main-user.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..46dd4cc --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +settings.nix +hardware-configuration.nix \ No newline at end of file diff --git a/configure.sh b/configure.sh new file mode 100755 index 0000000..266accd --- /dev/null +++ b/configure.sh @@ -0,0 +1,246 @@ +#!/usr/bin/env bash + +# Change into script dir. +cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit +nixosDir=$(pwd) + +# Defaults +defaultHostname="nixos" +defaultSwap="8G" +defaultName="grmrgecko" +defaultDescription="James Coleman" +defaultGitName="GRMrGecko" +defaultGitEmail="grmrgecko@gmail.com" + +# A simple function to print an array. +CHOICE=0 +chooseOpts() { + local opts i + CHOICE=-1 + opts=("$@") + # Keep an index to properly index the options. + i=0 + echo + # For each option, print it and increment the index. + for opt in "${opts[@]}"; do + echo "$i) $opt" + i=$((i+1)) + done + # Ask for their choice. + echo + echo -n "Enter choice: " + read -r CHOICE + # Check inputted index range. + if ((CHOICE >= ${#opts[@]} || CHOICE < 0)); then + echo "Invalid range" + chooseOpts "$@" + fi +} + +# A looping function to choose Y or N. +chooseYN() { + local default="" + if [[ "$1" =~ \[.*([YN]).*\] ]]; then + default=${BASH_REMATCH[1]} + fi + echo -n "$1: " + read -r CHOICE + [[ -z $CHOICE ]] && CHOICE=$default + if [[ "$CHOICE" =~ ^[yY]$ ]]; then + CHOICE="y" + elif [[ "$CHOICE" =~ ^[nN]$ ]]; then + CHOICE="n" + else + chooseYN "$1" + fi +} + +# Determine video drivers based on PCI devices. +videoDrivers="unknown" +pciRaw=$(lspci | grep -E 'VGA') +if [[ "$pciRaw" =~ QXL ]]; then + videoDrivers="qxl" +elif [[ "$pciRaw" =~ NVIDIA ]]; then + videoDrivers="nvidia" +elif [[ "$pciRaw" =~ AMD ]]; then + videoDrivers="amdgpu" +fi + +# Get the packages souce, rather its unstable or stable. +PACKAGESOPTS=( + "stable" + "unstable" +) +echo "Packages source" +chooseOpts "${PACKAGESOPTS[@]}" +PACKAGES=${PACKAGESOPTS[$CHOICE]} + +# Get the profile for this system. +PROFILEOPTS=() +# Build profile list from profiles directory. +for profile in ./profiles/*.nix; do + PROFILEOPTS+=("$(basename "${profile%.*}")") +done +echo "Choose your profile" +chooseOpts "${PROFILEOPTS[@]}" +PROFILE=${PROFILEOPTS[$CHOICE]} + +# Get the hostname. +echo -n "Choose hostname [$defaultHostname]: " +read -r hostName +[[ -z $hostName ]] && hostName=$defaultHostname + +# Determine default disk. +diskDefault="" +[[ -e /dev/sda ]] && diskDefault="/dev/sda" +[[ -e /dev/vda ]] && diskDefault="/dev/vda" +echo +echo "Select a disk from the list below:" +# List disks to allow a choice to be made without stopping +# configuration and verifying available disks. +lsblk -o PATH,ID-LINK,SIZE -t +echo +echo -n "Choose disk (/dev/disk/by-id/{ID-LINK}) [$diskDefault]: " +read -r disk +# If selected disk is none, use the default disk determined above. +[[ -z $disk ]] && disk=$diskDefault + +# Get the swap size. +echo -n "Swap size [$defaultSwap]: " +read -r swapSize +[[ -z $swapSize ]] && swapSize=$defaultSwap + +# Determine if we should LUKS encrypt the disk. +luks="false" +chooseYN "Use LUKS Encryption? [N/y]" +if [[ "$CHOICE" == "y" ]]; then + luks="true" + # Get a password from the user, with confirmation to ensure + # we are not setting a typo. + while true; do + echo -n "Enter your luks encryption passphrase: " + read -r -s luksPasswd + echo -n "Confirm your luks encryption passphrase: " + read -r -s confirmLuksPasswd + if [[ "$luksPasswd" == "$confirmLuksPasswd" ]]; then + break + fi + echo "Passwords do not match, try again." + done + # Save the password to the tmpfs for disko to pick up during partitioning. + echo "$luksPasswd" > /tmp/secret.key +fi + +# Get username for the main user. +echo -n "Main user name [$defaultName]: " +read -r name +[[ -z $name ]] && name=$defaultName me + +# Get description for the main user. +echo -n "Main user description [$defaultDescription]: " +read -r description +[[ -z $description ]] && description=$defaultDescription + +# Determine password for main user, verifying no typos. +while true; do + echo -n "Enter password for main user: " + read -r -s mainPasswd + echo -n "Confirm your password for main user: " + read -r -s confirmMainPasswd + if [[ "$mainPasswd" == "$confirmMainPasswd" ]]; then + break + fi + echo "Passwords do not match, try again." +done +# Use mkpasswd to create a hashed password with the lastest +# linux password hashing algorithm. +password=$(mkpasswd "$mainPasswd") + +# Determine SSH keys to allow into the system. +sshKeys=() +while true; do + echo "To exit loop, press enter." + echo -n "Add ssh key (Github Username or ssh key): " + read -r keyToAdd + + # If empty, exit loop as all keys were selected. + [[ -z $keyToAdd ]] && break + + # If matches an ssh public key, add to list. + if [[ "$keyToAdd" =~ ^ssh-.* ]]; then + echo "Added key: $keyToAdd" + sshKeys+=("$keyToAdd") + continue + fi + + # If is an username, check github for all keys and add them. + if [[ "$keyToAdd" =~ ([a-zA-Z0-9]+) ]]; then + githubUsername=${BASH_REMATCH[1]} + while read -r key; do + if [[ $key == "Not Found" ]]; then + echo "Github user provided not found" + continue + fi + echo "Adding key: $key" + sshKeys+=("$key") + done < <(curl -s -q "https://github.com/$githubUsername.keys") + fi +done + +# Determine if we want to autologin to the main user, +# this may be desirable on full disk encrypted machines. +autoLogin="false" +chooseYN "Autologin to main user? [N/y]" +if [[ "$CHOICE" == "y" ]]; then + autoLogin="true" +fi + +# Get git name. +echo -n "Git name [$defaultGitName]: " +read -r gitName +[[ -z $gitName ]] && gitName=$defaultGitName me + +# Get git email. +echo -n "Git email [$defaultGitEmail]: " +read -r gitEmail +[[ -z $gitEmail ]] && gitEmail=$defaultGitEmail + +# Generate settings.nix file with above choosen options. +echo "Generating settings.nix:" +cat < /dev/null || exit +nixosDir=$(pwd) + +# Get short hostname to work with host specific configurations. +host=$(hostname -s) +if [[ -n $nixHostOverride ]]; then + host=$nixHostOverride +fi + +# Confirm host configuration is available; If not, we should not continue. +if ! grep -q "nixosConfigurations.$host" flake.nix; then + host="default" +fi + +# Install NixOS. +# shellcheck disable=SC2068 +nix --extra-experimental-features 'nix-command flakes' run 'github:nix-community/disko#disko-install' -- --impure --flake "path:$nixosDir/#$host" $@ diff --git a/modules/home/git.nix b/modules/home/git.nix new file mode 100644 index 0000000..ee13255 --- /dev/null +++ b/modules/home/git.nix @@ -0,0 +1,9 @@ +{pkgs, settings, ...}: + +{ + programs.git = { + enable = true; + userName = settings.git.name; + userEmail = settings.git.email; + }; +} \ No newline at end of file diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix new file mode 100644 index 0000000..3232a7f --- /dev/null +++ b/modules/home/zsh.nix @@ -0,0 +1,8 @@ +{pkgs, settings, ...}: + +{ + programs.zsh = { + enable = true; + dotDir = ".config/zsh"; + }; +} \ No newline at end of file diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix new file mode 100644 index 0000000..d9fc2e4 --- /dev/null +++ b/modules/nixos/common.nix @@ -0,0 +1,100 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Import modules. + imports = [ + (import (if (settings.disk.luks) + then + ./disko-luks.nix + else + ./disko.nix + ) { + device = settings.disk.device; + swapSize = settings.disk.swapSize; + }) + ] ++ (if settings.videoDrivers=="unknown" then [] else [ ./video-drivers/${settings.videoDrivers}.nix ]); + + # Allow unfree packages. + nixpkgs.config.allowUnfree = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "btrfs" ]; + + # BTRFS Scrubbing Services. + services.btrfs.autoScrub.enable = true; + services.btrfs.autoScrub.interval = "weekly"; + + # Set your time zone. + time.timeZone = settings.timezone; + + # Select internationalisation properties. + i18n.defaultLocale = settings.locale; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + users.groups.mlocate = {}; + environment.systemPackages = with pkgs; [ + # Text Editors + vim + nano + + # Network + wget + curl + git + rsync + borgbackup + + # Disk Tools + btrfs-progs + nfs-utils + parted + ncdu + pv + + # System Tools + sudo + cron + mlocate + tmux + killall + pciutils + + # Performance monitor + nmon + iotop + htop + ]; + + # Compatibility with scripts. + system.activationScripts.binbash = { + text = + '' + ln -sfn /run/current-system/sw/bin/bash /bin/bash + ''; + }; + + # Nix Package Auto Cleanup + nix = { + settings.auto-optimise-store = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-oder-than 7d"; + }; + }; +} diff --git a/modules/nixos/desktop-environments/hyperland.nix b/modules/nixos/desktop-environments/hyperland.nix new file mode 100644 index 0000000..460bfdf --- /dev/null +++ b/modules/nixos/desktop-environments/hyperland.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, settings, ... }: + +{ + programs.hyprland = { + # Install the packages from nixpkgs + enable = true; + # Whether to enable XWayland + xwayland.enable = true; + }; + + # Extra global packages for guis. + environment.systemPackages = with pkgs; [ + xdg-desktop-portal-hyprland + ]; +} diff --git a/modules/nixos/desktop-environments/plasma.nix b/modules/nixos/desktop-environments/plasma.nix new file mode 100644 index 0000000..c757cf8 --- /dev/null +++ b/modules/nixos/desktop-environments/plasma.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Enable the Desktop Environment. + services.xserver.desktopManager.plasma5.enable = false; + services.desktopManager.plasma6.enable = true; +} diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop.nix new file mode 100644 index 0000000..0fc4de7 --- /dev/null +++ b/modules/nixos/desktop.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Import desktop environments. + imports = [ + ./desktop-environments/plasma.nix + ./desktop-environments/hyperland.nix + ]; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the Display Manager. + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + + # Enable automatic login for the user. + services.displayManager.autoLogin.enable = settings.user.autoLogin; + services.displayManager.autoLogin.user = if settings.user.autoLogin then settings.user.name else ""; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable Flatpak + services.flatpak.enable = true; + + # Install firefox. + programs.firefox.enable = true; + + # Gui applications for the main user. + users.users.${settings.user.name}.packages = with pkgs; [ + # Internet + thunderbird + ungoogled-chromium + + # Remote management + remmina + transmission-remote-gtk + + # Development + kate + arduino-ide + + # Multimedia + clementine + mpv + vlc + kdePackages.k3b + + # Software defined radio + gqrx + ]; + + # Kodi + services.xserver.desktopManager.kodi.enable = true; + services.xserver.desktopManager.kodi.package = pkgs.kodi.withPackages (pkgs: with pkgs; [ + # osmc-skin + jellyfin + pvr-hdhomerun + pvr-iptvsimple + ]); + + # Extra global packages for guis. + environment.systemPackages = with pkgs; [ + xdg-utils + xdg-desktop-portal + ]; +} diff --git a/modules/nixos/disko-luks.nix b/modules/nixos/disko-luks.nix new file mode 100644 index 0000000..95b7fe1 --- /dev/null +++ b/modules/nixos/disko-luks.nix @@ -0,0 +1,65 @@ +{ + device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id", + swapSize ? "8G", + ... +}: { + disko.devices = { + disk.main = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + name = "boot"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountOptions = [ "fmask=0022" "dmask=0022" ]; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + + subvolumes = { + "/root" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/"; + }; + + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + + "/nix" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/nix"; + }; + + "/swap" = { + mountOptions = [ "noatime" ]; + mountpoint = "/swap"; + swap.swapfile.size = swapSize; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/disko.nix b/modules/nixos/disko.nix new file mode 100644 index 0000000..ce083a4 --- /dev/null +++ b/modules/nixos/disko.nix @@ -0,0 +1,59 @@ +{ + device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id", + swapSize ? "8G", + ... +}: { + disko.devices = { + disk.main = { + inherit device; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + name = "boot"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountOptions = [ "fmask=0022" "dmask=0022" ]; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + + subvolumes = { + "/root" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/"; + }; + + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + + "/nix" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/nix"; + }; + + "/swap" = { + mountOptions = [ "noatime" ]; + mountpoint = "/swap"; + swap.swapfile.size = swapSize; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix new file mode 100644 index 0000000..40f90da --- /dev/null +++ b/modules/nixos/docker.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Install Docker + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = "btrfs"; + users.users.${settings.user.name}.extraGroups = [ "docker" ]; + + # Distrobox + environment.systemPackages = with pkgs; [ + distrobox + ]; +} diff --git a/modules/nixos/gaming.nix b/modules/nixos/gaming.nix new file mode 100644 index 0000000..1b86e68 --- /dev/null +++ b/modules/nixos/gaming.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Enable steam for gamming. + programs.steam.enable = true; + + # Gui applications for the main user. + users.users.${settings.user.name}.packages = with pkgs; [ + lutris + ]; +} diff --git a/modules/nixos/management.nix b/modules/nixos/management.nix new file mode 100644 index 0000000..b0dd0be --- /dev/null +++ b/modules/nixos/management.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + cockpit + ]; + + services.cockpit = { + enable = true; + port = 9090; + settings = { + WebService = { + AllowUnencrypted = true; + }; + }; + }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "without-password"; +} diff --git a/modules/nixos/monitoring.nix b/modules/nixos/monitoring.nix new file mode 100644 index 0000000..9c2803e --- /dev/null +++ b/modules/nixos/monitoring.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +{ + users.groups.telegraf = {}; + users.users.telegraf = { + isNormalUser = false; + isSystemUser = true; + group = "telegraf"; + }; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + telegraf + smartmontools + nvme-cli + lm_sensors + ]; + + security.sudo = { + enable = true; + extraRules = [{ + commands = [ + { + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + } + { + command = "${pkgs.nvme-cli}/bin/nvme"; + options = [ "NOPASSWD" ]; + } + ]; + users = [ "telegraf" ]; + }]; + }; + + systemd.services.telegraf = { + enable = true; + description = "Telegraf"; + after = [ "network.target" ]; + path = [ + "/run/wrappers" + pkgs.lm_sensors + pkgs.smartmontools + pkgs.nvme-cli + ]; + serviceConfig = { + Type = "notify"; + NotifyAccess = "all"; + User = "telegraf"; + ExecStart = "${pkgs.telegraf}/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d"; + ExecReload = "/bin/kill -HUP $MAINPID"; + Restart = "on-failure"; + RestartForceExitStatus = "SIGPIPE"; + KillMode = "mixed"; + TimeoutStopSec = "5"; + LimitMEMLOCK = "8M:8M"; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/modules/nixos/network.nix b/modules/nixos/network.nix new file mode 100644 index 0000000..f951041 --- /dev/null +++ b/modules/nixos/network.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Network host configuration. + networking.hostId = settings.hostId; + networking.hostName = settings.hostName; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + networking.networkmanager.enable = true; + + environment.systemPackages = with pkgs; [ + dnsutils + iperf + nmap + netcat-gnu + ]; +} diff --git a/modules/nixos/users.nix b/modules/nixos/users.nix new file mode 100644 index 0000000..bc9447d --- /dev/null +++ b/modules/nixos/users.nix @@ -0,0 +1,50 @@ +{ inputs, config, lib, pkgs, settings, ... }: + +{ + services.syncthing = { + enable = true; + guiAddress = "0.0.0.0:8384"; + user = settings.user.name; + dataDir = "/home/${settings.user.name}"; + }; + + # Enable ZSH. + programs.zsh.enable = true; + + # Rebuild users. + users.mutableUsers = false; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.groups.${settings.user.name}.gid = 1000; + users.users.${settings.user.name} = { + isNormalUser = true; + description = settings.user.description; + extraGroups = [ "networkmanager" "wheel" ]; + uid = 1000; + group = settings.user.name; + shell = pkgs.zsh; + hashedPassword = settings.user.hashedPassword; + openssh.authorizedKeys.keys = settings.user.openssh.authorizedKeys.keys; + }; + users.users.root = { + shell = pkgs.zsh; + hashedPassword = settings.root.hashedPassword; + openssh.authorizedKeys.keys = settings.root.openssh.authorizedKeys.keys; + }; + + environment.systemPackages = with pkgs; [ + unstable.nodejs_22 + pure-prompt + fastfetch + ]; + + home-manager = { + extraSpecialArgs = { + inherit inputs; + inherit settings; + }; + users = { + ${settings.user.name} = import ../../users/main-user.nix; + }; + }; +} diff --git a/modules/nixos/video-drivers/amdgpu.nix b/modules/nixos/video-drivers/amdgpu.nix new file mode 100644 index 0000000..337b936 --- /dev/null +++ b/modules/nixos/video-drivers/amdgpu.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Display drivers. + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + boot.initrd.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; +} diff --git a/modules/nixos/video-drivers/nvidia.nix b/modules/nixos/video-drivers/nvidia.nix new file mode 100644 index 0000000..5be4545 --- /dev/null +++ b/modules/nixos/video-drivers/nvidia.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Display drivers. + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = false; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; +} diff --git a/modules/nixos/video-drivers/qxl.nix b/modules/nixos/video-drivers/qxl.nix new file mode 100644 index 0000000..bb22c3d --- /dev/null +++ b/modules/nixos/video-drivers/qxl.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Display drivers. + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + services.xserver.videoDrivers = [ "qxl" ]; + # services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; +} diff --git a/modules/nixos/virtualization.nix b/modules/nixos/virtualization.nix new file mode 100644 index 0000000..eb4c039 --- /dev/null +++ b/modules/nixos/virtualization.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +{ + networking.extraHosts = + '' + 10.0.100.5 kiki kiki.gec.im + 10.0.100.6 tama tama.gec.im + 10.0.100.7 kate kate.gec.im + 10.0.100.8 mika mika.gec.im + 10.0.100.13 gaming-pc gaming-pc.gec.im + ''; + + networking.localCommands = + '' + /run/current-system/sw/bin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT + ''; + + boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0; + boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0; + boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0; + + virtualisation.libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_full; + runAsRoot = true; + swtpm.enable = true; + ovmf = { + enable = true; + packages = [(pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }).fd]; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + (python311.withPackages(ps: with ps; [ pip pandas requests libvirt lxml packaging ])) + qemu_full + libvirt + swtpm + edk2 + ]; + + # Compatibility with libvirt internals. + system.activationScripts.binqemu = { + text = + '' + ln -sfn /run/current-system/sw/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64 + ''; + }; +} diff --git a/modules/nixos/zfs.nix b/modules/nixos/zfs.nix new file mode 100644 index 0000000..87037ff --- /dev/null +++ b/modules/nixos/zfs.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + boot.supportedFilesystems = [ "zfs" ]; + + # Set kernel to latest compatible version with ZFS. + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + environment.systemPackages = with pkgs; [ + zfs + ]; + + services.zfs.autoScrub.enable = true; +} diff --git a/profiles/desktop.nix b/profiles/desktop.nix new file mode 100644 index 0000000..c657005 --- /dev/null +++ b/profiles/desktop.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Import modules. + imports = [ + ../modules/nixos/common.nix + ../modules/nixos/network.nix + ../modules/nixos/users.nix + ../modules/nixos/management.nix + ../modules/nixos/desktop.nix + ../modules/nixos/docker.nix + ]; +} diff --git a/profiles/gaming-pc.nix b/profiles/gaming-pc.nix new file mode 100644 index 0000000..2abc35b --- /dev/null +++ b/profiles/gaming-pc.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Import modules. + imports = [ + ./desktop.nix + ../modules/nixos/gaming.nix + ]; +} diff --git a/profiles/virtual-machine-host.nix b/profiles/virtual-machine-host.nix new file mode 100644 index 0000000..9bffd74 --- /dev/null +++ b/profiles/virtual-machine-host.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, settings, ... }: + +{ + # Import modules. + imports = [ + ../modules/nixos/common.nix + ../modules/nixos/network.nix + ../modules/nixos/users.nix + ../modules/nixos/management.nix + ../modules/nixos/monitoring.nix + ../modules/nixos/virtualization.nix + ]; + + # Allow unsupported SPF+ modules. + boot.kernelParams = [ + "ixgbe.allow_unsupported_sfp=1" + ]; +} diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 0000000..b679c18 --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +# Change into script dir. +cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit +nixosDir=$(pwd) + +# Get short hostname to work with host specific configurations. +host=$(hostname -s) +if [[ -n $nixHostOverride ]]; then + host=$nixHostOverride +fi + +# Confirm host configuration is available; If not, we should not continue. +if ! grep -q "nixosConfigurations.$host" flake.nix; then + host="default" +fi + +# Rebuild and switch. +# shellcheck disable=SC2068 +nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@ diff --git a/rsync.sh b/rsync.sh new file mode 100755 index 0000000..e7a13c3 --- /dev/null +++ b/rsync.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# Change into script dir. +cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit +nixosDir=$(pwd) + +# Sync configuration via rsync. +rsync -av --delete --exclude settings.nix --exclude hardware-configuration.nix "$nixosDir/" "$1:nixos/" \ No newline at end of file diff --git a/settings-default.nix b/settings-default.nix new file mode 100644 index 0000000..dc5c7ae --- /dev/null +++ b/settings-default.nix @@ -0,0 +1,30 @@ +rec { + system = "x86_64-linux"; + timezone = "America/Chicago"; + locale = "en_US.UTF-8"; + packages = "stable"; + profile = "desktop"; + hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id")); + hostName = "nixos"; + videoDrivers = "unknown"; + disk = { + device = "/dev/sda"; + swapSize = "8G"; + luks = false; + }; + user = { + name = "grmrgecko"; + description = "James Coleman"; + hashedPassword = ""; + openssh.authorizedKeys.keys = []; + autoLogin = false; + }; + root = { + hashedPassword = user.hashedPassword; + openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys; + }; + git = { + name = "GRMrGecko"; + email = "grmrgecko@gmail.com"; + }; +} \ No newline at end of file diff --git a/update.sh b/update.sh new file mode 100755 index 0000000..7e2223b --- /dev/null +++ b/update.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +# Change into script dir. +cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit +nixosDir=$(pwd) + +# Get short hostname to work with host specific configurations. +host=$(hostname -s) +if [[ -n $nixHostOverride ]]; then + host=$nixHostOverride +fi + +# Confirm host configuration is available; If not, we should not continue. +if ! grep -q "nixosConfigurations.$host" flake.nix; then + host="default" +fi + +# Update nixpkgs. +if ! sudo -u grmrgecko nix flake update "$nixosDir"; then + echo "Update failed" + exit 1 +fi + +# Add updated lock file to git staging for rebuild below. +sudo -u grmrgecko git add flake.lock + +# Commit update. +sudo -u grmrgecko git commit -m "Flake update $(date)" + +# Rebuild and switch. +# shellcheck disable=SC2068 +nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@ diff --git a/users/main-user.nix b/users/main-user.nix new file mode 100644 index 0000000..5e0af2a --- /dev/null +++ b/users/main-user.nix @@ -0,0 +1,24 @@ +{pkgs, settings, ...}: + +{ + imports = [ + ../modules/home/git.nix + ../modules/home/zsh.nix + ]; + + home.username = settings.user.name; + home.homeDirectory = "/home/${settings.user.name}"; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "23.11"; +} \ No newline at end of file