GRMrGecko/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial Config

Browse Source
This commit is contained in:
GRMrGecko 2024-05-14 09:29:16 -05:00
commit 3b8a6567b2
34 changed files with 1296 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
settings.nix
hardware-configuration.nix

246
configure.sh Executable file
View File

@ -0,0 +1,246 @@
#!/usr/bin/env bash
# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)
# Defaults
defaultHostname="nixos"
defaultSwap="8G"
defaultName="grmrgecko"
defaultDescription="James Coleman"
defaultGitName="GRMrGecko"
defaultGitEmail="grmrgecko@gmail.com"
# A simple function to print an array.
CHOICE=0
chooseOpts() {
local opts i
CHOICE=-1
opts=("$@")
# Keep an index to properly index the options.
i=0
echo
# For each option, print it and increment the index.
for opt in "${opts[@]}"; do
echo "$i) $opt"
i=$((i+1))
done
# Ask for their choice.
echo
echo -n "Enter choice: "
read -r CHOICE
# Check inputted index range.
if ((CHOICE >= ${#opts[@]} || CHOICE < 0)); then
echo "Invalid range"
chooseOpts "$@"
fi
}
# A looping function to choose Y or N.
chooseYN() {
local default=""
if [[ "$1" =~ \[.*([YN]).*\] ]]; then
default=${BASH_REMATCH[1]}
fi
echo -n "$1: "
read -r CHOICE
[[ -z $CHOICE ]] && CHOICE=$default
if [[ "$CHOICE" =~ ^[yY]$ ]]; then
CHOICE="y"
elif [[ "$CHOICE" =~ ^[nN]$ ]]; then
CHOICE="n"
else
chooseYN "$1"
fi
}
# Determine video drivers based on PCI devices.
videoDrivers="unknown"
pciRaw=$(lspci | grep -E 'VGA')
if [[ "$pciRaw" =~ QXL ]]; then
videoDrivers="qxl"
elif [[ "$pciRaw" =~ NVIDIA ]]; then
videoDrivers="nvidia"
elif [[ "$pciRaw" =~ AMD ]]; then
videoDrivers="amdgpu"
fi
# Get the packages souce, rather its unstable or stable.
PACKAGESOPTS=(
"stable"
"unstable"
)
echo "Packages source"
chooseOpts "${PACKAGESOPTS[@]}"
PACKAGES=${PACKAGESOPTS[$CHOICE]}
# Get the profile for this system.
PROFILEOPTS=()
# Build profile list from profiles directory.
for profile in ./profiles/*.nix; do
PROFILEOPTS+=("$(basename "${profile%.*}")")
done
echo "Choose your profile"
chooseOpts "${PROFILEOPTS[@]}"
PROFILE=${PROFILEOPTS[$CHOICE]}
# Get the hostname.
echo -n "Choose hostname [$defaultHostname]: "
read -r hostName
[[ -z $hostName ]] && hostName=$defaultHostname
# Determine default disk.
diskDefault=""
[[ -e /dev/sda ]] && diskDefault="/dev/sda"
[[ -e /dev/vda ]] && diskDefault="/dev/vda"
echo
echo "Select a disk from the list below:"
# List disks to allow a choice to be made without stopping
# configuration and verifying available disks.
lsblk -o PATH,ID-LINK,SIZE -t
echo
echo -n "Choose disk (/dev/disk/by-id/{ID-LINK}) [$diskDefault]: "
read -r disk
# If selected disk is none, use the default disk determined above.
[[ -z $disk ]] && disk=$diskDefault
# Get the swap size.
echo -n "Swap size [$defaultSwap]: "
read -r swapSize
[[ -z $swapSize ]] && swapSize=$defaultSwap
# Determine if we should LUKS encrypt the disk.
luks="false"
chooseYN "Use LUKS Encryption? [N/y]"
if [[ "$CHOICE" == "y" ]]; then
luks="true"
# Get a password from the user, with confirmation to ensure
# we are not setting a typo.
while true; do
echo -n "Enter your luks encryption passphrase: "
read -r -s luksPasswd
echo -n "Confirm your luks encryption passphrase: "
read -r -s confirmLuksPasswd
if [[ "$luksPasswd" == "$confirmLuksPasswd" ]]; then
break
fi
echo "Passwords do not match, try again."
done
# Save the password to the tmpfs for disko to pick up during partitioning.
echo "$luksPasswd" > /tmp/secret.key
fi
# Get username for the main user.
echo -n "Main user name [$defaultName]: "
read -r name
[[ -z $name ]] && name=$defaultName me
# Get description for the main user.
echo -n "Main user description [$defaultDescription]: "
read -r description
[[ -z $description ]] && description=$defaultDescription
# Determine password for main user, verifying no typos.
while true; do
echo -n "Enter password for main user: "
read -r -s mainPasswd
echo -n "Confirm your password for main user: "
read -r -s confirmMainPasswd
if [[ "$mainPasswd" == "$confirmMainPasswd" ]]; then
break
fi
echo "Passwords do not match, try again."
done
# Use mkpasswd to create a hashed password with the lastest
# linux password hashing algorithm.
password=$(mkpasswd "$mainPasswd")
# Determine SSH keys to allow into the system.
sshKeys=()
while true; do
echo "To exit loop, press enter."
echo -n "Add ssh key (Github Username or ssh key): "
read -r keyToAdd
# If empty, exit loop as all keys were selected.
[[ -z $keyToAdd ]] && break
# If matches an ssh public key, add to list.
if [[ "$keyToAdd" =~ ^ssh-.* ]]; then
echo "Added key: $keyToAdd"
sshKeys+=("$keyToAdd")
continue
fi
# If is an username, check github for all keys and add them.
if [[ "$keyToAdd" =~ ([a-zA-Z0-9]+) ]]; then
githubUsername=${BASH_REMATCH[1]}
while read -r key; do
if [[ $key == "Not Found" ]]; then
echo "Github user provided not found"
continue
fi
echo "Adding key: $key"
sshKeys+=("$key")
done < <(curl -s -q "https://github.com/$githubUsername.keys")
fi
done
# Determine if we want to autologin to the main user,
# this may be desirable on full disk encrypted machines.
autoLogin="false"
chooseYN "Autologin to main user? [N/y]"
if [[ "$CHOICE" == "y" ]]; then
autoLogin="true"
fi
# Get git name.
echo -n "Git name [$defaultGitName]: "
read -r gitName
[[ -z $gitName ]] && gitName=$defaultGitName me
# Get git email.
echo -n "Git email [$defaultGitEmail]: "
read -r gitEmail
[[ -z $gitEmail ]] && gitEmail=$defaultGitEmail
# Generate settings.nix file with above choosen options.
echo "Generating settings.nix:"
cat <<EOF | tee "$nixosDir/settings.nix"
rec {
system = "x86_64-linux";
timezone = "America/Chicago";
locale = "en_US.UTF-8";
packages = "${PACKAGES}";
profile = "${PROFILE}";
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
hostName = "${hostName}";
videoDrivers = "${videoDrivers}";
disk = {
device = "${disk}";
swapSize = "${swapSize}";
luks = ${luks};
};
user = {
name = "${name}";
description = "${description}";
hashedPassword = "${password}";
openssh.authorizedKeys.keys = [$(printf ' "%s"' "${sshKeys[@]}") ];
autoLogin = ${autoLogin};
};
root = {
hashedPassword = user.hashedPassword;
openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys;
};
git = {
name = "${gitName}";
email = "${gitEmail}";
};
}
EOF
# Generate hardware-configuration.nix without filesystems as we use the disko partitoning flake.
echo
echo "Generating hardware-configuration.nix"
nixos-generate-config --no-filesystems --show-hardware-config | tee "$nixosDir/hardware-configuration.nix"

86
flake.lock Normal file
View File

@ -0,0 +1,86 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715217706,
"narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=",
"owner": "nix-community",
"repo": "disko",
"rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715486357,
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1715106579,
"narHash": "sha256-gZMgKEGiK6YrwGBiccZ1gemiUwjsZ1Zv49KYOgmX2fY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8be0d8a1ed4f96d99b09aa616e2afd47acc3da89",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1715087517,
"narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b211b392b8486ee79df6cdfb1157ad2133427a29",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
}
},
"root": "root",
"version": 7
}

81
flake.nix Normal file
View File

@ -0,0 +1,81 @@
{
description = "Nixos config flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ self, ... }:
let
settings = (if (builtins.pathExists ./settings.nix)
then
(import ./settings.nix)
else
(import ./settings-default.nix)
);
nixpkgs = (if (settings.packages == "stable")
then
inputs.nixpkgs
else
inputs.nixpkgs-unstable
);
overlay-unstable = final: prev: {
unstable = import inputs.nixpkgs-unstable {
system = settings.system;
config.allowUnfree = true;
};
};
pkgs = (import nixpkgs {
system = settings.system;
config = {
allowUnfree = true;
allowUnfreePredicate = (_: true);
};
overlays = [ overlay-unstable ];
});
mkSystem = config: nixpkgs.lib.nixosSystem {
system = settings.system;
specialArgs = {
inherit inputs;
inherit pkgs;
inherit settings;
};
modules = [
config
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.default
];
};
mkHome = config: inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit inputs;
inherit settings;
};
modules = [ config ];
};
in {
nixosConfigurations.default = mkSystem ./hosts/default/configuration.nix;
nixosConfigurations.tama = mkSystem ./hosts/tama/configuration.nix;
homeConfigurations = {
${settings.user.name} = mkHome ./users/main-user.nix;
};
};
}

19
hosts/default/configuration.nix Normal file
View File

@ -0,0 +1,19 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, settings, ... }:
{
# Enable flakes for package pinning.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Import modules.
imports = [
../../hardware-configuration.nix
../../profiles/${settings.profile}.nix
];
# Do not change the following.
system.stateVersion = "23.11";
}

26
hosts/tama/configuration.nix Normal file
View File

@ -0,0 +1,26 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, settings, ... }:
{
# Enable flakes for package pinning.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Import modules.
imports = [
../../hardware-configuration.nix
../../profiles/${settings.profile}.nix
../../modules/nixos/zfs.nix
];
# Enable NFS export for kvm storage.
services.nfs.server.enable = true;
services.nfs.server.exports = ''
/mnt/kvm 10.0.100.5(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.7(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.8(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.13(rw,async,no_subtree_check,no_root_squash,fsid=1)
'';
# Do not change the following.
system.stateVersion = "23.11";
}

20
install.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)
# Get short hostname to work with host specific configurations.
host=$(hostname -s)
if [[ -n $nixHostOverride ]]; then
host=$nixHostOverride
fi
# Confirm host configuration is available; If not, we should not continue.
if ! grep -q "nixosConfigurations.$host" flake.nix; then
host="default"
fi
# Install NixOS.
# shellcheck disable=SC2068
nix --extra-experimental-features 'nix-command flakes' run 'github:nix-community/disko#disko-install' -- --impure --flake "path:$nixosDir/#$host" $@

9
modules/home/git.nix Normal file
View File

@ -0,0 +1,9 @@
{pkgs, settings, ...}:
{
programs.git = {
enable = true;
userName = settings.git.name;
userEmail = settings.git.email;
};
}

8
modules/home/zsh.nix Normal file
View File

@ -0,0 +1,8 @@
{pkgs, settings, ...}:
{
programs.zsh = {
enable = true;
dotDir = ".config/zsh";
};
}

100
modules/nixos/common.nix Normal file
View File

@ -0,0 +1,100 @@
{ config, lib, pkgs, settings, ... }:
{
# Import modules.
imports = [
(import (if (settings.disk.luks)
then
./disko-luks.nix
else
./disko.nix
) {
device = settings.disk.device;
swapSize = settings.disk.swapSize;
})
] ++ (if settings.videoDrivers=="unknown" then [] else [ ./video-drivers/${settings.videoDrivers}.nix ]);
# Allow unfree packages.
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "btrfs" ];
# BTRFS Scrubbing Services.
services.btrfs.autoScrub.enable = true;
services.btrfs.autoScrub.interval = "weekly";
# Set your time zone.
time.timeZone = settings.timezone;
# Select internationalisation properties.
i18n.defaultLocale = settings.locale;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
users.groups.mlocate = {};
environment.systemPackages = with pkgs; [
# Text Editors
vim
nano
# Network
wget
curl
git
rsync
borgbackup
# Disk Tools
btrfs-progs
nfs-utils
parted
ncdu
pv
# System Tools
sudo
cron
mlocate
tmux
killall
pciutils
# Performance monitor
nmon
iotop
htop
];
# Compatibility with scripts.
system.activationScripts.binbash = {
text =
''
ln -sfn /run/current-system/sw/bin/bash /bin/bash
'';
};
# Nix Package Auto Cleanup
nix = {
settings.auto-optimise-store = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-oder-than 7d";
};
};
}

15
modules/nixos/desktop-environments/hyperland.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, settings, ... }:
{
programs.hyprland = {
# Install the packages from nixpkgs
enable = true;
# Whether to enable XWayland
xwayland.enable = true;
};
# Extra global packages for guis.
environment.systemPackages = with pkgs; [
xdg-desktop-portal-hyprland
];
}

7
modules/nixos/desktop-environments/plasma.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, lib, pkgs, settings, ... }:
{
# Enable the Desktop Environment.
services.xserver.desktopManager.plasma5.enable = false;
services.desktopManager.plasma6.enable = true;
}

88
modules/nixos/desktop.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, lib, pkgs, settings, ... }:
{
# Import desktop environments.
imports = [
./desktop-environments/plasma.nix
./desktop-environments/hyperland.nix
];
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the Display Manager.
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
# Enable automatic login for the user.
services.displayManager.autoLogin.enable = settings.user.autoLogin;
services.displayManager.autoLogin.user = if settings.user.autoLogin then settings.user.name else "";
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable Flatpak
services.flatpak.enable = true;
# Install firefox.
programs.firefox.enable = true;
# Gui applications for the main user.
users.users.${settings.user.name}.packages = with pkgs; [
# Internet
thunderbird
ungoogled-chromium
# Remote management
remmina
transmission-remote-gtk
# Development
kate
arduino-ide
# Multimedia
clementine
mpv
vlc
kdePackages.k3b
# Software defined radio
gqrx
];
# Kodi
services.xserver.desktopManager.kodi.enable = true;
services.xserver.desktopManager.kodi.package = pkgs.kodi.withPackages (pkgs: with pkgs; [
# osmc-skin
jellyfin
pvr-hdhomerun
pvr-iptvsimple
]);
# Extra global packages for guis.
environment.systemPackages = with pkgs; [
xdg-utils
xdg-desktop-portal
];
}

65
modules/nixos/disko-luks.nix Normal file
View File

@ -0,0 +1,65 @@
{
device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id",
swapSize ? "8G",
...
}: {
disko.devices = {
disk.main = {
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
name = "boot";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountOptions = [ "fmask=0022" "dmask=0022" ];
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "luks";
name = "crypted";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/nix";
};
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/swap";
swap.swapfile.size = swapSize;
};
};
};
};
};
};
};
};
};
}

59
modules/nixos/disko.nix Normal file
View File

@ -0,0 +1,59 @@
{
device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id",
swapSize ? "8G",
...
}: {
disko.devices = {
disk.main = {
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
name = "boot";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountOptions = [ "fmask=0022" "dmask=0022" ];
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/nix";
};
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/swap";
swap.swapfile.size = swapSize;
};
};
};
};
};
};
};
};
}

13
modules/nixos/docker.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, settings, ... }:
{
# Install Docker
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "btrfs";
users.users.${settings.user.name}.extraGroups = [ "docker" ];
# Distrobox
environment.systemPackages = with pkgs; [
distrobox
];
}

11
modules/nixos/gaming.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, lib, pkgs, settings, ... }:
{
# Enable steam for gamming.
programs.steam.enable = true;
# Gui applications for the main user.
users.users.${settings.user.name}.packages = with pkgs; [
lutris
];
}

21
modules/nixos/management.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
cockpit
];
services.cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}

60
modules/nixos/monitoring.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
{
users.groups.telegraf = {};
users.users.telegraf = {
isNormalUser = false;
isSystemUser = true;
group = "telegraf";
};
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
telegraf
smartmontools
nvme-cli
lm_sensors
];
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.smartmontools}/bin/smartctl";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.nvme-cli}/bin/nvme";
options = [ "NOPASSWD" ];
}
];
users = [ "telegraf" ];
}];
};
systemd.services.telegraf = {
enable = true;
description = "Telegraf";
after = [ "network.target" ];
path = [
"/run/wrappers"
pkgs.lm_sensors
pkgs.smartmontools
pkgs.nvme-cli
];
serviceConfig = {
Type = "notify";
NotifyAccess = "all";
User = "telegraf";
ExecStart = "${pkgs.telegraf}/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d";
ExecReload = "/bin/kill -HUP $MAINPID";
Restart = "on-failure";
RestartForceExitStatus = "SIGPIPE";
KillMode = "mixed";
TimeoutStopSec = "5";
LimitMEMLOCK = "8M:8M";
};
wantedBy = [ "multi-user.target" ];
};
}

21
modules/nixos/network.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, settings, ... }:
{
# Network host configuration.
networking.hostId = settings.hostId;
networking.hostName = settings.hostName;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
networking.networkmanager.enable = true;
environment.systemPackages = with pkgs; [
dnsutils
iperf
nmap
netcat-gnu
];
}

50
modules/nixos/users.nix Normal file
View File

@ -0,0 +1,50 @@
{ inputs, config, lib, pkgs, settings, ... }:
{
services.syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
user = settings.user.name;
dataDir = "/home/${settings.user.name}";
};
# Enable ZSH.
programs.zsh.enable = true;
# Rebuild users.
users.mutableUsers = false;
# Define a user account. Don't forget to set a password with passwd.
users.groups.${settings.user.name}.gid = 1000;
users.users.${settings.user.name} = {
isNormalUser = true;
description = settings.user.description;
extraGroups = [ "networkmanager" "wheel" ];
uid = 1000;
group = settings.user.name;
shell = pkgs.zsh;
hashedPassword = settings.user.hashedPassword;
openssh.authorizedKeys.keys = settings.user.openssh.authorizedKeys.keys;
};
users.users.root = {
shell = pkgs.zsh;
hashedPassword = settings.root.hashedPassword;
openssh.authorizedKeys.keys = settings.root.openssh.authorizedKeys.keys;
};
environment.systemPackages = with pkgs; [
unstable.nodejs_22
pure-prompt
fastfetch
];
home-manager = {
extraSpecialArgs = {
inherit inputs;
inherit settings;
};
users = {
${settings.user.name} = import ../../users/main-user.nix;
};
};
}

12
modules/nixos/video-drivers/amdgpu.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, lib, pkgs, settings, ... }:
{
# Display drivers.
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
boot.initrd.kernelModules = [ "amdgpu" ];
services.xserver.videoDrivers = [ "amdgpu" ];
}

43
modules/nixos/video-drivers/nvidia.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, settings, ... }:
{
# Display drivers.
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = false;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

13
modules/nixos/video-drivers/qxl.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, settings, ... }:
{
# Display drivers.
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
services.xserver.videoDrivers = [ "qxl" ];
# services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
}

53
modules/nixos/virtualization.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
{
networking.extraHosts =
''
10.0.100.5 kiki kiki.gec.im
10.0.100.6 tama tama.gec.im
10.0.100.7 kate kate.gec.im
10.0.100.8 mika mika.gec.im
10.0.100.13 gaming-pc gaming-pc.gec.im
'';
networking.localCommands =
''
/run/current-system/sw/bin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
'';
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
virtualisation.libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_full;
runAsRoot = true;
swtpm.enable = true;
ovmf = {
enable = true;
packages = [(pkgs.OVMF.override {
secureBoot = true;
tpmSupport = true;
}).fd];
};
};
};
environment.systemPackages = with pkgs; [
(python311.withPackages(ps: with ps; [ pip pandas requests libvirt lxml packaging ]))
qemu_full
libvirt
swtpm
edk2
];
# Compatibility with libvirt internals.
system.activationScripts.binqemu = {
text =
''
ln -sfn /run/current-system/sw/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64
'';
};
}

14
modules/nixos/zfs.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
boot.supportedFilesystems = [ "zfs" ];
# Set kernel to latest compatible version with ZFS.
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
environment.systemPackages = with pkgs; [
zfs
];
services.zfs.autoScrub.enable = true;
}

13
profiles/desktop.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, settings, ... }:
{
# Import modules.
imports = [
../modules/nixos/common.nix
../modules/nixos/network.nix
../modules/nixos/users.nix
../modules/nixos/management.nix
../modules/nixos/desktop.nix
../modules/nixos/docker.nix
];
}

9
profiles/gaming-pc.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, settings, ... }:
{
# Import modules.
imports = [
./desktop.nix
../modules/nixos/gaming.nix
];
}

18
profiles/virtual-machine-host.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, lib, pkgs, settings, ... }:
{
# Import modules.
imports = [
../modules/nixos/common.nix
../modules/nixos/network.nix
../modules/nixos/users.nix
../modules/nixos/management.nix
../modules/nixos/monitoring.nix
../modules/nixos/virtualization.nix
];
# Allow unsupported SPF+ modules.
boot.kernelParams = [
"ixgbe.allow_unsupported_sfp=1"
];
}

20
rebuild.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)
# Get short hostname to work with host specific configurations.
host=$(hostname -s)
if [[ -n $nixHostOverride ]]; then
host=$nixHostOverride
fi
# Confirm host configuration is available; If not, we should not continue.
if ! grep -q "nixosConfigurations.$host" flake.nix; then
host="default"
fi
# Rebuild and switch.
# shellcheck disable=SC2068
nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@

8
rsync.sh Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/env bash
# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)
# Sync configuration via rsync.
rsync -av --delete --exclude settings.nix --exclude hardware-configuration.nix "$nixosDir/" "$1:nixos/"

30
settings-default.nix Normal file
View File

@ -0,0 +1,30 @@
rec {
system = "x86_64-linux";
timezone = "America/Chicago";
locale = "en_US.UTF-8";
packages = "stable";
profile = "desktop";
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
hostName = "nixos";
videoDrivers = "unknown";
disk = {
device = "/dev/sda";
swapSize = "8G";
luks = false;
};
user = {
name = "grmrgecko";
description = "James Coleman";
hashedPassword = "";
openssh.authorizedKeys.keys = [];
autoLogin = false;
};
root = {
hashedPassword = user.hashedPassword;
openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys;
};
git = {
name = "GRMrGecko";
email = "grmrgecko@gmail.com";
};
}

32
update.sh Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/env bash
# Change into script dir.
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit
nixosDir=$(pwd)
# Get short hostname to work with host specific configurations.
host=$(hostname -s)
if [[ -n $nixHostOverride ]]; then
host=$nixHostOverride
fi
# Confirm host configuration is available; If not, we should not continue.
if ! grep -q "nixosConfigurations.$host" flake.nix; then
host="default"
fi
# Update nixpkgs.
if ! sudo -u grmrgecko nix flake update "$nixosDir"; then
echo "Update failed"
exit 1
fi
# Add updated lock file to git staging for rebuild below.
sudo -u grmrgecko git add flake.lock
# Commit update.
sudo -u grmrgecko git commit -m "Flake update $(date)"
# Rebuild and switch.
# shellcheck disable=SC2068
nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@

24
users/main-user.nix Normal file
View File

@ -0,0 +1,24 @@
{pkgs, settings, ...}:
{
imports = [
../modules/home/git.nix
../modules/home/zsh.nix
];
home.username = settings.user.name;
home.homeDirectory = "/home/${settings.user.name}";
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "23.11";
}