GRMrGecko
4 months ago
commit
3b8a6567b2
34 changed files with 1296 additions and 0 deletions
-
2.gitignore
-
246configure.sh
-
86flake.lock
-
81flake.nix
-
19hosts/default/configuration.nix
-
26hosts/tama/configuration.nix
-
20install.sh
-
9modules/home/git.nix
-
8modules/home/zsh.nix
-
100modules/nixos/common.nix
-
15modules/nixos/desktop-environments/hyperland.nix
-
7modules/nixos/desktop-environments/plasma.nix
-
88modules/nixos/desktop.nix
-
65modules/nixos/disko-luks.nix
-
59modules/nixos/disko.nix
-
13modules/nixos/docker.nix
-
11modules/nixos/gaming.nix
-
21modules/nixos/management.nix
-
60modules/nixos/monitoring.nix
-
21modules/nixos/network.nix
-
50modules/nixos/users.nix
-
12modules/nixos/video-drivers/amdgpu.nix
-
43modules/nixos/video-drivers/nvidia.nix
-
13modules/nixos/video-drivers/qxl.nix
-
53modules/nixos/virtualization.nix
-
14modules/nixos/zfs.nix
-
13profiles/desktop.nix
-
9profiles/gaming-pc.nix
-
18profiles/virtual-machine-host.nix
-
20rebuild.sh
-
8rsync.sh
-
30settings-default.nix
-
32update.sh
-
24users/main-user.nix
@ -0,0 +1,2 @@ |
|||
settings.nix |
|||
hardware-configuration.nix |
@ -0,0 +1,246 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# Change into script dir. |
|||
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit |
|||
nixosDir=$(pwd) |
|||
|
|||
# Defaults |
|||
defaultHostname="nixos" |
|||
defaultSwap="8G" |
|||
defaultName="grmrgecko" |
|||
defaultDescription="James Coleman" |
|||
defaultGitName="GRMrGecko" |
|||
defaultGitEmail="grmrgecko@gmail.com" |
|||
|
|||
# A simple function to print an array. |
|||
CHOICE=0 |
|||
chooseOpts() { |
|||
local opts i |
|||
CHOICE=-1 |
|||
opts=("$@") |
|||
# Keep an index to properly index the options. |
|||
i=0 |
|||
echo |
|||
# For each option, print it and increment the index. |
|||
for opt in "${opts[@]}"; do |
|||
echo "$i) $opt" |
|||
i=$((i+1)) |
|||
done |
|||
# Ask for their choice. |
|||
echo |
|||
echo -n "Enter choice: " |
|||
read -r CHOICE |
|||
# Check inputted index range. |
|||
if ((CHOICE >= ${#opts[@]} || CHOICE < 0)); then |
|||
echo "Invalid range" |
|||
chooseOpts "$@" |
|||
fi |
|||
} |
|||
|
|||
# A looping function to choose Y or N. |
|||
chooseYN() { |
|||
local default="" |
|||
if [[ "$1" =~ \[.*([YN]).*\] ]]; then |
|||
default=${BASH_REMATCH[1]} |
|||
fi |
|||
echo -n "$1: " |
|||
read -r CHOICE |
|||
[[ -z $CHOICE ]] && CHOICE=$default |
|||
if [[ "$CHOICE" =~ ^[yY]$ ]]; then |
|||
CHOICE="y" |
|||
elif [[ "$CHOICE" =~ ^[nN]$ ]]; then |
|||
CHOICE="n" |
|||
else |
|||
chooseYN "$1" |
|||
fi |
|||
} |
|||
|
|||
# Determine video drivers based on PCI devices. |
|||
videoDrivers="unknown" |
|||
pciRaw=$(lspci | grep -E 'VGA') |
|||
if [[ "$pciRaw" =~ QXL ]]; then |
|||
videoDrivers="qxl" |
|||
elif [[ "$pciRaw" =~ NVIDIA ]]; then |
|||
videoDrivers="nvidia" |
|||
elif [[ "$pciRaw" =~ AMD ]]; then |
|||
videoDrivers="amdgpu" |
|||
fi |
|||
|
|||
# Get the packages souce, rather its unstable or stable. |
|||
PACKAGESOPTS=( |
|||
"stable" |
|||
"unstable" |
|||
) |
|||
echo "Packages source" |
|||
chooseOpts "${PACKAGESOPTS[@]}" |
|||
PACKAGES=${PACKAGESOPTS[$CHOICE]} |
|||
|
|||
# Get the profile for this system. |
|||
PROFILEOPTS=() |
|||
# Build profile list from profiles directory. |
|||
for profile in ./profiles/*.nix; do |
|||
PROFILEOPTS+=("$(basename "${profile%.*}")") |
|||
done |
|||
echo "Choose your profile" |
|||
chooseOpts "${PROFILEOPTS[@]}" |
|||
PROFILE=${PROFILEOPTS[$CHOICE]} |
|||
|
|||
# Get the hostname. |
|||
echo -n "Choose hostname [$defaultHostname]: " |
|||
read -r hostName |
|||
[[ -z $hostName ]] && hostName=$defaultHostname |
|||
|
|||
# Determine default disk. |
|||
diskDefault="" |
|||
[[ -e /dev/sda ]] && diskDefault="/dev/sda" |
|||
[[ -e /dev/vda ]] && diskDefault="/dev/vda" |
|||
echo |
|||
echo "Select a disk from the list below:" |
|||
# List disks to allow a choice to be made without stopping |
|||
# configuration and verifying available disks. |
|||
lsblk -o PATH,ID-LINK,SIZE -t |
|||
echo |
|||
echo -n "Choose disk (/dev/disk/by-id/{ID-LINK}) [$diskDefault]: " |
|||
read -r disk |
|||
# If selected disk is none, use the default disk determined above. |
|||
[[ -z $disk ]] && disk=$diskDefault |
|||
|
|||
# Get the swap size. |
|||
echo -n "Swap size [$defaultSwap]: " |
|||
read -r swapSize |
|||
[[ -z $swapSize ]] && swapSize=$defaultSwap |
|||
|
|||
# Determine if we should LUKS encrypt the disk. |
|||
luks="false" |
|||
chooseYN "Use LUKS Encryption? [N/y]" |
|||
if [[ "$CHOICE" == "y" ]]; then |
|||
luks="true" |
|||
# Get a password from the user, with confirmation to ensure |
|||
# we are not setting a typo. |
|||
while true; do |
|||
echo -n "Enter your luks encryption passphrase: " |
|||
read -r -s luksPasswd |
|||
echo -n "Confirm your luks encryption passphrase: " |
|||
read -r -s confirmLuksPasswd |
|||
if [[ "$luksPasswd" == "$confirmLuksPasswd" ]]; then |
|||
break |
|||
fi |
|||
echo "Passwords do not match, try again." |
|||
done |
|||
# Save the password to the tmpfs for disko to pick up during partitioning. |
|||
echo "$luksPasswd" > /tmp/secret.key |
|||
fi |
|||
|
|||
# Get username for the main user. |
|||
echo -n "Main user name [$defaultName]: " |
|||
read -r name |
|||
[[ -z $name ]] && name=$defaultName me |
|||
|
|||
# Get description for the main user. |
|||
echo -n "Main user description [$defaultDescription]: " |
|||
read -r description |
|||
[[ -z $description ]] && description=$defaultDescription |
|||
|
|||
# Determine password for main user, verifying no typos. |
|||
while true; do |
|||
echo -n "Enter password for main user: " |
|||
read -r -s mainPasswd |
|||
echo -n "Confirm your password for main user: " |
|||
read -r -s confirmMainPasswd |
|||
if [[ "$mainPasswd" == "$confirmMainPasswd" ]]; then |
|||
break |
|||
fi |
|||
echo "Passwords do not match, try again." |
|||
done |
|||
# Use mkpasswd to create a hashed password with the lastest |
|||
# linux password hashing algorithm. |
|||
password=$(mkpasswd "$mainPasswd") |
|||
|
|||
# Determine SSH keys to allow into the system. |
|||
sshKeys=() |
|||
while true; do |
|||
echo "To exit loop, press enter." |
|||
echo -n "Add ssh key (Github Username or ssh key): " |
|||
read -r keyToAdd |
|||
|
|||
# If empty, exit loop as all keys were selected. |
|||
[[ -z $keyToAdd ]] && break |
|||
|
|||
# If matches an ssh public key, add to list. |
|||
if [[ "$keyToAdd" =~ ^ssh-.* ]]; then |
|||
echo "Added key: $keyToAdd" |
|||
sshKeys+=("$keyToAdd") |
|||
continue |
|||
fi |
|||
|
|||
# If is an username, check github for all keys and add them. |
|||
if [[ "$keyToAdd" =~ ([a-zA-Z0-9]+) ]]; then |
|||
githubUsername=${BASH_REMATCH[1]} |
|||
while read -r key; do |
|||
if [[ $key == "Not Found" ]]; then |
|||
echo "Github user provided not found" |
|||
continue |
|||
fi |
|||
echo "Adding key: $key" |
|||
sshKeys+=("$key") |
|||
done < <(curl -s -q "https://github.com/$githubUsername.keys") |
|||
fi |
|||
done |
|||
|
|||
# Determine if we want to autologin to the main user, |
|||
# this may be desirable on full disk encrypted machines. |
|||
autoLogin="false" |
|||
chooseYN "Autologin to main user? [N/y]" |
|||
if [[ "$CHOICE" == "y" ]]; then |
|||
autoLogin="true" |
|||
fi |
|||
|
|||
# Get git name. |
|||
echo -n "Git name [$defaultGitName]: " |
|||
read -r gitName |
|||
[[ -z $gitName ]] && gitName=$defaultGitName me |
|||
|
|||
# Get git email. |
|||
echo -n "Git email [$defaultGitEmail]: " |
|||
read -r gitEmail |
|||
[[ -z $gitEmail ]] && gitEmail=$defaultGitEmail |
|||
|
|||
# Generate settings.nix file with above choosen options. |
|||
echo "Generating settings.nix:" |
|||
cat <<EOF | tee "$nixosDir/settings.nix" |
|||
rec { |
|||
system = "x86_64-linux"; |
|||
timezone = "America/Chicago"; |
|||
locale = "en_US.UTF-8"; |
|||
packages = "${PACKAGES}"; |
|||
profile = "${PROFILE}"; |
|||
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id")); |
|||
hostName = "${hostName}"; |
|||
videoDrivers = "${videoDrivers}"; |
|||
disk = { |
|||
device = "${disk}"; |
|||
swapSize = "${swapSize}"; |
|||
luks = ${luks}; |
|||
}; |
|||
user = { |
|||
name = "${name}"; |
|||
description = "${description}"; |
|||
hashedPassword = "${password}"; |
|||
openssh.authorizedKeys.keys = [$(printf ' "%s"' "${sshKeys[@]}") ]; |
|||
autoLogin = ${autoLogin}; |
|||
}; |
|||
root = { |
|||
hashedPassword = user.hashedPassword; |
|||
openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys; |
|||
}; |
|||
git = { |
|||
name = "${gitName}"; |
|||
email = "${gitEmail}"; |
|||
}; |
|||
} |
|||
EOF |
|||
|
|||
# Generate hardware-configuration.nix without filesystems as we use the disko partitoning flake. |
|||
echo |
|||
echo "Generating hardware-configuration.nix" |
|||
nixos-generate-config --no-filesystems --show-hardware-config | tee "$nixosDir/hardware-configuration.nix" |
@ -0,0 +1,86 @@ |
|||
{ |
|||
"nodes": { |
|||
"disko": { |
|||
"inputs": { |
|||
"nixpkgs": [ |
|||
"nixpkgs" |
|||
] |
|||
}, |
|||
"locked": { |
|||
"lastModified": 1715217706, |
|||
"narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=", |
|||
"owner": "nix-community", |
|||
"repo": "disko", |
|||
"rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046", |
|||
"type": "github" |
|||
}, |
|||
"original": { |
|||
"owner": "nix-community", |
|||
"repo": "disko", |
|||
"type": "github" |
|||
} |
|||
}, |
|||
"home-manager": { |
|||
"inputs": { |
|||
"nixpkgs": [ |
|||
"nixpkgs" |
|||
] |
|||
}, |
|||
"locked": { |
|||
"lastModified": 1715486357, |
|||
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", |
|||
"owner": "nix-community", |
|||
"repo": "home-manager", |
|||
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", |
|||
"type": "github" |
|||
}, |
|||
"original": { |
|||
"owner": "nix-community", |
|||
"repo": "home-manager", |
|||
"type": "github" |
|||
} |
|||
}, |
|||
"nixpkgs": { |
|||
"locked": { |
|||
"lastModified": 1715106579, |
|||
"narHash": "sha256-gZMgKEGiK6YrwGBiccZ1gemiUwjsZ1Zv49KYOgmX2fY=", |
|||
"owner": "nixos", |
|||
"repo": "nixpkgs", |
|||
"rev": "8be0d8a1ed4f96d99b09aa616e2afd47acc3da89", |
|||
"type": "github" |
|||
}, |
|||
"original": { |
|||
"owner": "nixos", |
|||
"ref": "nixos-23.11", |
|||
"repo": "nixpkgs", |
|||
"type": "github" |
|||
} |
|||
}, |
|||
"nixpkgs-unstable": { |
|||
"locked": { |
|||
"lastModified": 1715087517, |
|||
"narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=", |
|||
"owner": "nixos", |
|||
"repo": "nixpkgs", |
|||
"rev": "b211b392b8486ee79df6cdfb1157ad2133427a29", |
|||
"type": "github" |
|||
}, |
|||
"original": { |
|||
"owner": "nixos", |
|||
"ref": "nixos-unstable", |
|||
"repo": "nixpkgs", |
|||
"type": "github" |
|||
} |
|||
}, |
|||
"root": { |
|||
"inputs": { |
|||
"disko": "disko", |
|||
"home-manager": "home-manager", |
|||
"nixpkgs": "nixpkgs", |
|||
"nixpkgs-unstable": "nixpkgs-unstable" |
|||
} |
|||
} |
|||
}, |
|||
"root": "root", |
|||
"version": 7 |
|||
} |
@ -0,0 +1,81 @@ |
|||
{ |
|||
description = "Nixos config flake"; |
|||
|
|||
inputs = { |
|||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; |
|||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; |
|||
|
|||
disko = { |
|||
url = "github:nix-community/disko"; |
|||
inputs.nixpkgs.follows = "nixpkgs"; |
|||
}; |
|||
|
|||
home-manager = { |
|||
url = "github:nix-community/home-manager"; |
|||
inputs.nixpkgs.follows = "nixpkgs"; |
|||
}; |
|||
}; |
|||
|
|||
outputs = inputs@{ self, ... }: |
|||
let |
|||
settings = (if (builtins.pathExists ./settings.nix) |
|||
then |
|||
(import ./settings.nix) |
|||
else |
|||
(import ./settings-default.nix) |
|||
); |
|||
|
|||
nixpkgs = (if (settings.packages == "stable") |
|||
then |
|||
inputs.nixpkgs |
|||
else |
|||
inputs.nixpkgs-unstable |
|||
); |
|||
|
|||
overlay-unstable = final: prev: { |
|||
unstable = import inputs.nixpkgs-unstable { |
|||
system = settings.system; |
|||
config.allowUnfree = true; |
|||
}; |
|||
}; |
|||
|
|||
pkgs = (import nixpkgs { |
|||
system = settings.system; |
|||
config = { |
|||
allowUnfree = true; |
|||
allowUnfreePredicate = (_: true); |
|||
}; |
|||
overlays = [ overlay-unstable ]; |
|||
}); |
|||
|
|||
mkSystem = config: nixpkgs.lib.nixosSystem { |
|||
system = settings.system; |
|||
specialArgs = { |
|||
inherit inputs; |
|||
inherit pkgs; |
|||
inherit settings; |
|||
}; |
|||
modules = [ |
|||
config |
|||
inputs.disko.nixosModules.disko |
|||
inputs.home-manager.nixosModules.default |
|||
]; |
|||
}; |
|||
|
|||
mkHome = config: inputs.home-manager.lib.homeManagerConfiguration { |
|||
inherit pkgs; |
|||
extraSpecialArgs = { |
|||
inherit inputs; |
|||
inherit settings; |
|||
}; |
|||
modules = [ config ]; |
|||
}; |
|||
in { |
|||
nixosConfigurations.default = mkSystem ./hosts/default/configuration.nix; |
|||
nixosConfigurations.tama = mkSystem ./hosts/tama/configuration.nix; |
|||
|
|||
homeConfigurations = { |
|||
${settings.user.name} = mkHome ./users/main-user.nix; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,19 @@ |
|||
# Edit this configuration file to define what should be installed on |
|||
# your system. Help is available in the configuration.nix(5) man page, on |
|||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). |
|||
|
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Enable flakes for package pinning. |
|||
nix.settings.experimental-features = [ "nix-command" "flakes" ]; |
|||
|
|||
# Import modules. |
|||
imports = [ |
|||
../../hardware-configuration.nix |
|||
../../profiles/${settings.profile}.nix |
|||
]; |
|||
|
|||
# Do not change the following. |
|||
system.stateVersion = "23.11"; |
|||
} |
@ -0,0 +1,26 @@ |
|||
# Edit this configuration file to define what should be installed on |
|||
# your system. Help is available in the configuration.nix(5) man page, on |
|||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). |
|||
|
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Enable flakes for package pinning. |
|||
nix.settings.experimental-features = [ "nix-command" "flakes" ]; |
|||
|
|||
# Import modules. |
|||
imports = [ |
|||
../../hardware-configuration.nix |
|||
../../profiles/${settings.profile}.nix |
|||
../../modules/nixos/zfs.nix |
|||
]; |
|||
|
|||
# Enable NFS export for kvm storage. |
|||
services.nfs.server.enable = true; |
|||
services.nfs.server.exports = '' |
|||
/mnt/kvm 10.0.100.5(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.7(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.8(rw,async,no_subtree_check,no_root_squash,fsid=1) 10.0.100.13(rw,async,no_subtree_check,no_root_squash,fsid=1) |
|||
''; |
|||
|
|||
# Do not change the following. |
|||
system.stateVersion = "23.11"; |
|||
} |
@ -0,0 +1,20 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# Change into script dir. |
|||
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit |
|||
nixosDir=$(pwd) |
|||
|
|||
# Get short hostname to work with host specific configurations. |
|||
host=$(hostname -s) |
|||
if [[ -n $nixHostOverride ]]; then |
|||
host=$nixHostOverride |
|||
fi |
|||
|
|||
# Confirm host configuration is available; If not, we should not continue. |
|||
if ! grep -q "nixosConfigurations.$host" flake.nix; then |
|||
host="default" |
|||
fi |
|||
|
|||
# Install NixOS. |
|||
# shellcheck disable=SC2068 |
|||
nix --extra-experimental-features 'nix-command flakes' run 'github:nix-community/disko#disko-install' -- --impure --flake "path:$nixosDir/#$host" $@ |
@ -0,0 +1,9 @@ |
|||
{pkgs, settings, ...}: |
|||
|
|||
{ |
|||
programs.git = { |
|||
enable = true; |
|||
userName = settings.git.name; |
|||
userEmail = settings.git.email; |
|||
}; |
|||
} |
@ -0,0 +1,8 @@ |
|||
{pkgs, settings, ...}: |
|||
|
|||
{ |
|||
programs.zsh = { |
|||
enable = true; |
|||
dotDir = ".config/zsh"; |
|||
}; |
|||
} |
@ -0,0 +1,100 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Import modules. |
|||
imports = [ |
|||
(import (if (settings.disk.luks) |
|||
then |
|||
./disko-luks.nix |
|||
else |
|||
./disko.nix |
|||
) { |
|||
device = settings.disk.device; |
|||
swapSize = settings.disk.swapSize; |
|||
}) |
|||
] ++ (if settings.videoDrivers=="unknown" then [] else [ ./video-drivers/${settings.videoDrivers}.nix ]); |
|||
|
|||
# Allow unfree packages. |
|||
nixpkgs.config.allowUnfree = true; |
|||
|
|||
# Use the systemd-boot EFI boot loader. |
|||
boot.loader.systemd-boot.enable = true; |
|||
boot.loader.efi.canTouchEfiVariables = true; |
|||
boot.supportedFilesystems = [ "btrfs" ]; |
|||
|
|||
# BTRFS Scrubbing Services. |
|||
services.btrfs.autoScrub.enable = true; |
|||
services.btrfs.autoScrub.interval = "weekly"; |
|||
|
|||
# Set your time zone. |
|||
time.timeZone = settings.timezone; |
|||
|
|||
# Select internationalisation properties. |
|||
i18n.defaultLocale = settings.locale; |
|||
|
|||
# Configure keymap in X11 |
|||
services.xserver.xkb = { |
|||
layout = "us"; |
|||
variant = ""; |
|||
}; |
|||
|
|||
# console = { |
|||
# font = "Lat2-Terminus16"; |
|||
# keyMap = "us"; |
|||
# useXkbConfig = true; # use xkb.options in tty. |
|||
# }; |
|||
|
|||
# List packages installed in system profile. To search, run: |
|||
# $ nix search wget |
|||
users.groups.mlocate = {}; |
|||
environment.systemPackages = with pkgs; [ |
|||
# Text Editors |
|||
vim |
|||
nano |
|||
|
|||
# Network |
|||
wget |
|||
curl |
|||
git |
|||
rsync |
|||
borgbackup |
|||
|
|||
# Disk Tools |
|||
btrfs-progs |
|||
nfs-utils |
|||
parted |
|||
ncdu |
|||
pv |
|||
|
|||
# System Tools |
|||
sudo |
|||
cron |
|||
mlocate |
|||
tmux |
|||
killall |
|||
pciutils |
|||
|
|||
# Performance monitor |
|||
nmon |
|||
iotop |
|||
htop |
|||
]; |
|||
|
|||
# Compatibility with scripts. |
|||
system.activationScripts.binbash = { |
|||
text = |
|||
'' |
|||
ln -sfn /run/current-system/sw/bin/bash /bin/bash |
|||
''; |
|||
}; |
|||
|
|||
# Nix Package Auto Cleanup |
|||
nix = { |
|||
settings.auto-optimise-store = true; |
|||
gc = { |
|||
automatic = true; |
|||
dates = "weekly"; |
|||
options = "--delete-oder-than 7d"; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,15 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
programs.hyprland = { |
|||
# Install the packages from nixpkgs |
|||
enable = true; |
|||
# Whether to enable XWayland |
|||
xwayland.enable = true; |
|||
}; |
|||
|
|||
# Extra global packages for guis. |
|||
environment.systemPackages = with pkgs; [ |
|||
xdg-desktop-portal-hyprland |
|||
]; |
|||
} |
@ -0,0 +1,7 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Enable the Desktop Environment. |
|||
services.xserver.desktopManager.plasma5.enable = false; |
|||
services.desktopManager.plasma6.enable = true; |
|||
} |
@ -0,0 +1,88 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Import desktop environments. |
|||
imports = [ |
|||
./desktop-environments/plasma.nix |
|||
./desktop-environments/hyperland.nix |
|||
]; |
|||
|
|||
# Enable the X11 windowing system. |
|||
services.xserver.enable = true; |
|||
|
|||
# Enable the Display Manager. |
|||
services.displayManager.sddm.enable = true; |
|||
services.displayManager.sddm.wayland.enable = true; |
|||
|
|||
# Enable automatic login for the user. |
|||
services.displayManager.autoLogin.enable = settings.user.autoLogin; |
|||
services.displayManager.autoLogin.user = if settings.user.autoLogin then settings.user.name else ""; |
|||
|
|||
# Enable touchpad support (enabled default in most desktopManager). |
|||
services.libinput.enable = true; |
|||
|
|||
# Enable CUPS to print documents. |
|||
services.printing.enable = true; |
|||
|
|||
# Enable sound with pipewire. |
|||
sound.enable = true; |
|||
hardware.pulseaudio.enable = false; |
|||
security.rtkit.enable = true; |
|||
services.pipewire = { |
|||
enable = true; |
|||
alsa.enable = true; |
|||
alsa.support32Bit = true; |
|||
pulse.enable = true; |
|||
# If you want to use JACK applications, uncomment this |
|||
#jack.enable = true; |
|||
|
|||
# use the example session manager (no others are packaged yet so this is enabled by default, |
|||
# no need to redefine it in your config for now) |
|||
#media-session.enable = true; |
|||
}; |
|||
|
|||
# Enable Flatpak |
|||
services.flatpak.enable = true; |
|||
|
|||
# Install firefox. |
|||
programs.firefox.enable = true; |
|||
|
|||
# Gui applications for the main user. |
|||
users.users.${settings.user.name}.packages = with pkgs; [ |
|||
# Internet |
|||
thunderbird |
|||
ungoogled-chromium |
|||
|
|||
# Remote management |
|||
remmina |
|||
transmission-remote-gtk |
|||
|
|||
# Development |
|||
kate |
|||
arduino-ide |
|||
|
|||
# Multimedia |
|||
clementine |
|||
mpv |
|||
vlc |
|||
kdePackages.k3b |
|||
|
|||
# Software defined radio |
|||
gqrx |
|||
]; |
|||
|
|||
# Kodi |
|||
services.xserver.desktopManager.kodi.enable = true; |
|||
services.xserver.desktopManager.kodi.package = pkgs.kodi.withPackages (pkgs: with pkgs; [ |
|||
# osmc-skin |
|||
jellyfin |
|||
pvr-hdhomerun |
|||
pvr-iptvsimple |
|||
]); |
|||
|
|||
# Extra global packages for guis. |
|||
environment.systemPackages = with pkgs; [ |
|||
xdg-utils |
|||
xdg-desktop-portal |
|||
]; |
|||
} |
@ -0,0 +1,65 @@ |
|||
{ |
|||
device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id", |
|||
swapSize ? "8G", |
|||
... |
|||
}: { |
|||
disko.devices = { |
|||
disk.main = { |
|||
inherit device; |
|||
type = "disk"; |
|||
content = { |
|||
type = "gpt"; |
|||
partitions = { |
|||
ESP = { |
|||
name = "boot"; |
|||
size = "500M"; |
|||
type = "EF00"; |
|||
content = { |
|||
type = "filesystem"; |
|||
format = "vfat"; |
|||
mountOptions = [ "fmask=0022" "dmask=0022" ]; |
|||
mountpoint = "/boot"; |
|||
}; |
|||
}; |
|||
root = { |
|||
name = "root"; |
|||
size = "100%"; |
|||
content = { |
|||
type = "luks"; |
|||
name = "crypted"; |
|||
settings.allowDiscards = true; |
|||
passwordFile = "/tmp/secret.key"; |
|||
content = { |
|||
type = "btrfs"; |
|||
extraArgs = [ "-f" ]; |
|||
|
|||
subvolumes = { |
|||
"/root" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/"; |
|||
}; |
|||
|
|||
"/home" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/home"; |
|||
}; |
|||
|
|||
"/nix" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/nix"; |
|||
}; |
|||
|
|||
"/swap" = { |
|||
mountOptions = [ "noatime" ]; |
|||
mountpoint = "/swap"; |
|||
swap.swapfile.size = swapSize; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,59 @@ |
|||
{ |
|||
device ? throw "Set this to your disk device, e.g. /dev/disk/by-id/id", |
|||
swapSize ? "8G", |
|||
... |
|||
}: { |
|||
disko.devices = { |
|||
disk.main = { |
|||
inherit device; |
|||
type = "disk"; |
|||
content = { |
|||
type = "gpt"; |
|||
partitions = { |
|||
ESP = { |
|||
name = "boot"; |
|||
size = "500M"; |
|||
type = "EF00"; |
|||
content = { |
|||
type = "filesystem"; |
|||
format = "vfat"; |
|||
mountOptions = [ "fmask=0022" "dmask=0022" ]; |
|||
mountpoint = "/boot"; |
|||
}; |
|||
}; |
|||
root = { |
|||
name = "root"; |
|||
size = "100%"; |
|||
content = { |
|||
type = "btrfs"; |
|||
extraArgs = [ "-f" ]; |
|||
|
|||
subvolumes = { |
|||
"/root" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/"; |
|||
}; |
|||
|
|||
"/home" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/home"; |
|||
}; |
|||
|
|||
"/nix" = { |
|||
mountOptions = [ "compress=zstd" ]; |
|||
mountpoint = "/nix"; |
|||
}; |
|||
|
|||
"/swap" = { |
|||
mountOptions = [ "noatime" ]; |
|||
mountpoint = "/swap"; |
|||
swap.swapfile.size = swapSize; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,13 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Install Docker |
|||
virtualisation.docker.enable = true; |
|||
virtualisation.docker.storageDriver = "btrfs"; |
|||
users.users.${settings.user.name}.extraGroups = [ "docker" ]; |
|||
|
|||
# Distrobox |
|||
environment.systemPackages = with pkgs; [ |
|||
distrobox |
|||
]; |
|||
} |
@ -0,0 +1,11 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Enable steam for gamming. |
|||
programs.steam.enable = true; |
|||
|
|||
# Gui applications for the main user. |
|||
users.users.${settings.user.name}.packages = with pkgs; [ |
|||
lutris |
|||
]; |
|||
} |
@ -0,0 +1,21 @@ |
|||
{ config, lib, pkgs, ... }: |
|||
|
|||
{ |
|||
environment.systemPackages = with pkgs; [ |
|||
cockpit |
|||
]; |
|||
|
|||
services.cockpit = { |
|||
enable = true; |
|||
port = 9090; |
|||
settings = { |
|||
WebService = { |
|||
AllowUnencrypted = true; |
|||
}; |
|||
}; |
|||
}; |
|||
|
|||
# Enable the OpenSSH daemon. |
|||
services.openssh.enable = true; |
|||
services.openssh.settings.PermitRootLogin = "without-password"; |
|||
} |
@ -0,0 +1,60 @@ |
|||
{ config, lib, pkgs, ... }: |
|||
|
|||
{ |
|||
users.groups.telegraf = {}; |
|||
users.users.telegraf = { |
|||
isNormalUser = false; |
|||
isSystemUser = true; |
|||
group = "telegraf"; |
|||
}; |
|||
|
|||
# List packages installed in system profile. |
|||
environment.systemPackages = with pkgs; [ |
|||
telegraf |
|||
smartmontools |
|||
nvme-cli |
|||
lm_sensors |
|||
]; |
|||
|
|||
security.sudo = { |
|||
enable = true; |
|||
extraRules = [{ |
|||
commands = [ |
|||
{ |
|||
command = "${pkgs.smartmontools}/bin/smartctl"; |
|||
options = [ "NOPASSWD" ]; |
|||
} |
|||
{ |
|||
command = "${pkgs.nvme-cli}/bin/nvme"; |
|||
options = [ "NOPASSWD" ]; |
|||
} |
|||
]; |
|||
users = [ "telegraf" ]; |
|||
}]; |
|||
}; |
|||
|
|||
systemd.services.telegraf = { |
|||
enable = true; |
|||
description = "Telegraf"; |
|||
after = [ "network.target" ]; |
|||
path = [ |
|||
"/run/wrappers" |
|||
pkgs.lm_sensors |
|||
pkgs.smartmontools |
|||
pkgs.nvme-cli |
|||
]; |
|||
serviceConfig = { |
|||
Type = "notify"; |
|||
NotifyAccess = "all"; |
|||
User = "telegraf"; |
|||
ExecStart = "${pkgs.telegraf}/bin/telegraf -config /etc/telegraf/telegraf.conf -config-directory /etc/telegraf/telegraf.d"; |
|||
ExecReload = "/bin/kill -HUP $MAINPID"; |
|||
Restart = "on-failure"; |
|||
RestartForceExitStatus = "SIGPIPE"; |
|||
KillMode = "mixed"; |
|||
TimeoutStopSec = "5"; |
|||
LimitMEMLOCK = "8M:8M"; |
|||
}; |
|||
wantedBy = [ "multi-user.target" ]; |
|||
}; |
|||
} |
@ -0,0 +1,21 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Network host configuration. |
|||
networking.hostId = settings.hostId; |
|||
networking.hostName = settings.hostName; |
|||
|
|||
# Open ports in the firewall. |
|||
# networking.firewall.allowedTCPPorts = [ ... ]; |
|||
# networking.firewall.allowedUDPPorts = [ ... ]; |
|||
# Or disable the firewall altogether. |
|||
networking.firewall.enable = false; |
|||
networking.networkmanager.enable = true; |
|||
|
|||
environment.systemPackages = with pkgs; [ |
|||
dnsutils |
|||
iperf |
|||
nmap |
|||
netcat-gnu |
|||
]; |
|||
} |
@ -0,0 +1,50 @@ |
|||
{ inputs, config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
services.syncthing = { |
|||
enable = true; |
|||
guiAddress = "0.0.0.0:8384"; |
|||
user = settings.user.name; |
|||
dataDir = "/home/${settings.user.name}"; |
|||
}; |
|||
|
|||
# Enable ZSH. |
|||
programs.zsh.enable = true; |
|||
|
|||
# Rebuild users. |
|||
users.mutableUsers = false; |
|||
|
|||
# Define a user account. Don't forget to set a password with ‘passwd’. |
|||
users.groups.${settings.user.name}.gid = 1000; |
|||
users.users.${settings.user.name} = { |
|||
isNormalUser = true; |
|||
description = settings.user.description; |
|||
extraGroups = [ "networkmanager" "wheel" ]; |
|||
uid = 1000; |
|||
group = settings.user.name; |
|||
shell = pkgs.zsh; |
|||
hashedPassword = settings.user.hashedPassword; |
|||
openssh.authorizedKeys.keys = settings.user.openssh.authorizedKeys.keys; |
|||
}; |
|||
users.users.root = { |
|||
shell = pkgs.zsh; |
|||
hashedPassword = settings.root.hashedPassword; |
|||
openssh.authorizedKeys.keys = settings.root.openssh.authorizedKeys.keys; |
|||
}; |
|||
|
|||
environment.systemPackages = with pkgs; [ |
|||
unstable.nodejs_22 |
|||
pure-prompt |
|||
fastfetch |
|||
]; |
|||
|
|||
home-manager = { |
|||
extraSpecialArgs = { |
|||
inherit inputs; |
|||
inherit settings; |
|||
}; |
|||
users = { |
|||
${settings.user.name} = import ../../users/main-user.nix; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,12 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Display drivers. |
|||
hardware.opengl = { |
|||
enable = true; |
|||
driSupport = true; |
|||
driSupport32Bit = true; |
|||
}; |
|||
boot.initrd.kernelModules = [ "amdgpu" ]; |
|||
services.xserver.videoDrivers = [ "amdgpu" ]; |
|||
} |
@ -0,0 +1,43 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Display drivers. |
|||
hardware.opengl = { |
|||
enable = true; |
|||
driSupport = true; |
|||
driSupport32Bit = true; |
|||
}; |
|||
services.xserver.videoDrivers = [ "nvidia" ]; |
|||
|
|||
hardware.nvidia = { |
|||
|
|||
# Modesetting is required. |
|||
modesetting.enable = false; |
|||
|
|||
# Nvidia power management. Experimental, and can cause sleep/suspend to fail. |
|||
# Enable this if you have graphical corruption issues or application crashes after waking |
|||
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead |
|||
# of just the bare essentials. |
|||
powerManagement.enable = false; |
|||
|
|||
# Fine-grained power management. Turns off GPU when not in use. |
|||
# Experimental and only works on modern Nvidia GPUs (Turing or newer). |
|||
powerManagement.finegrained = false; |
|||
|
|||
# Use the NVidia open source kernel module (not to be confused with the |
|||
# independent third-party "nouveau" open source driver). |
|||
# Support is limited to the Turing and later architectures. Full list of |
|||
# supported GPUs is at: |
|||
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus |
|||
# Only available from driver 515.43.04+ |
|||
# Currently alpha-quality/buggy, so false is currently the recommended setting. |
|||
open = false; |
|||
|
|||
# Enable the Nvidia settings menu, |
|||
# accessible via `nvidia-settings`. |
|||
nvidiaSettings = true; |
|||
|
|||
# Optionally, you may need to select the appropriate driver version for your specific GPU. |
|||
package = config.boot.kernelPackages.nvidiaPackages.stable; |
|||
}; |
|||
} |
@ -0,0 +1,13 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Display drivers. |
|||
hardware.opengl = { |
|||
enable = true; |
|||
driSupport = true; |
|||
driSupport32Bit = true; |
|||
}; |
|||
services.xserver.videoDrivers = [ "qxl" ]; |
|||
# services.qemuGuest.enable = true; |
|||
services.spice-vdagentd.enable = true; |
|||
} |
@ -0,0 +1,53 @@ |
|||
{ config, lib, pkgs, ... }: |
|||
|
|||
{ |
|||
networking.extraHosts = |
|||
'' |
|||
10.0.100.5 kiki kiki.gec.im |
|||
10.0.100.6 tama tama.gec.im |
|||
10.0.100.7 kate kate.gec.im |
|||
10.0.100.8 mika mika.gec.im |
|||
10.0.100.13 gaming-pc gaming-pc.gec.im |
|||
''; |
|||
|
|||
networking.localCommands = |
|||
'' |
|||
/run/current-system/sw/bin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT |
|||
''; |
|||
|
|||
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0; |
|||
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0; |
|||
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0; |
|||
|
|||
virtualisation.libvirtd = { |
|||
enable = true; |
|||
qemu = { |
|||
package = pkgs.qemu_full; |
|||
runAsRoot = true; |
|||
swtpm.enable = true; |
|||
ovmf = { |
|||
enable = true; |
|||
packages = [(pkgs.OVMF.override { |
|||
secureBoot = true; |
|||
tpmSupport = true; |
|||
}).fd]; |
|||
}; |
|||
}; |
|||
}; |
|||
|
|||
environment.systemPackages = with pkgs; [ |
|||
(python311.withPackages(ps: with ps; [ pip pandas requests libvirt lxml packaging ])) |
|||
qemu_full |
|||
libvirt |
|||
swtpm |
|||
edk2 |
|||
]; |
|||
|
|||
# Compatibility with libvirt internals. |
|||
system.activationScripts.binqemu = { |
|||
text = |
|||
'' |
|||
ln -sfn /run/current-system/sw/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64 |
|||
''; |
|||
}; |
|||
} |
@ -0,0 +1,14 @@ |
|||
{ config, lib, pkgs, ... }: |
|||
|
|||
{ |
|||
boot.supportedFilesystems = [ "zfs" ]; |
|||
|
|||
# Set kernel to latest compatible version with ZFS. |
|||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; |
|||
|
|||
environment.systemPackages = with pkgs; [ |
|||
zfs |
|||
]; |
|||
|
|||
services.zfs.autoScrub.enable = true; |
|||
} |
@ -0,0 +1,13 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Import modules. |
|||
imports = [ |
|||
../modules/nixos/common.nix |
|||
../modules/nixos/network.nix |
|||
../modules/nixos/users.nix |
|||
../modules/nixos/management.nix |
|||
../modules/nixos/desktop.nix |
|||
../modules/nixos/docker.nix |
|||
]; |
|||
} |
@ -0,0 +1,9 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Import modules. |
|||
imports = [ |
|||
./desktop.nix |
|||
../modules/nixos/gaming.nix |
|||
]; |
|||
} |
@ -0,0 +1,18 @@ |
|||
{ config, lib, pkgs, settings, ... }: |
|||
|
|||
{ |
|||
# Import modules. |
|||
imports = [ |
|||
../modules/nixos/common.nix |
|||
../modules/nixos/network.nix |
|||
../modules/nixos/users.nix |
|||
../modules/nixos/management.nix |
|||
../modules/nixos/monitoring.nix |
|||
../modules/nixos/virtualization.nix |
|||
]; |
|||
|
|||
# Allow unsupported SPF+ modules. |
|||
boot.kernelParams = [ |
|||
"ixgbe.allow_unsupported_sfp=1" |
|||
]; |
|||
} |
@ -0,0 +1,20 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# Change into script dir. |
|||
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit |
|||
nixosDir=$(pwd) |
|||
|
|||
# Get short hostname to work with host specific configurations. |
|||
host=$(hostname -s) |
|||
if [[ -n $nixHostOverride ]]; then |
|||
host=$nixHostOverride |
|||
fi |
|||
|
|||
# Confirm host configuration is available; If not, we should not continue. |
|||
if ! grep -q "nixosConfigurations.$host" flake.nix; then |
|||
host="default" |
|||
fi |
|||
|
|||
# Rebuild and switch. |
|||
# shellcheck disable=SC2068 |
|||
nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@ |
@ -0,0 +1,8 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# Change into script dir. |
|||
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit |
|||
nixosDir=$(pwd) |
|||
|
|||
# Sync configuration via rsync. |
|||
rsync -av --delete --exclude settings.nix --exclude hardware-configuration.nix "$nixosDir/" "$1:nixos/" |
@ -0,0 +1,30 @@ |
|||
rec { |
|||
system = "x86_64-linux"; |
|||
timezone = "America/Chicago"; |
|||
locale = "en_US.UTF-8"; |
|||
packages = "stable"; |
|||
profile = "desktop"; |
|||
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id")); |
|||
hostName = "nixos"; |
|||
videoDrivers = "unknown"; |
|||
disk = { |
|||
device = "/dev/sda"; |
|||
swapSize = "8G"; |
|||
luks = false; |
|||
}; |
|||
user = { |
|||
name = "grmrgecko"; |
|||
description = "James Coleman"; |
|||
hashedPassword = ""; |
|||
openssh.authorizedKeys.keys = []; |
|||
autoLogin = false; |
|||
}; |
|||
root = { |
|||
hashedPassword = user.hashedPassword; |
|||
openssh.authorizedKeys.keys = user.openssh.authorizedKeys.keys; |
|||
}; |
|||
git = { |
|||
name = "GRMrGecko"; |
|||
email = "grmrgecko@gmail.com"; |
|||
}; |
|||
} |
@ -0,0 +1,32 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
# Change into script dir. |
|||
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null || exit |
|||
nixosDir=$(pwd) |
|||
|
|||
# Get short hostname to work with host specific configurations. |
|||
host=$(hostname -s) |
|||
if [[ -n $nixHostOverride ]]; then |
|||
host=$nixHostOverride |
|||
fi |
|||
|
|||
# Confirm host configuration is available; If not, we should not continue. |
|||
if ! grep -q "nixosConfigurations.$host" flake.nix; then |
|||
host="default" |
|||
fi |
|||
|
|||
# Update nixpkgs. |
|||
if ! sudo -u grmrgecko nix flake update "$nixosDir"; then |
|||
echo "Update failed" |
|||
exit 1 |
|||
fi |
|||
|
|||
# Add updated lock file to git staging for rebuild below. |
|||
sudo -u grmrgecko git add flake.lock |
|||
|
|||
# Commit update. |
|||
sudo -u grmrgecko git commit -m "Flake update $(date)" |
|||
|
|||
# Rebuild and switch. |
|||
# shellcheck disable=SC2068 |
|||
nixos-rebuild switch --impure --flake "path:$nixosDir/#$host" $@ |
@ -0,0 +1,24 @@ |
|||
{pkgs, settings, ...}: |
|||
|
|||
{ |
|||
imports = [ |
|||
../modules/home/git.nix |
|||
../modules/home/zsh.nix |
|||
]; |
|||
|
|||
home.username = settings.user.name; |
|||
home.homeDirectory = "/home/${settings.user.name}"; |
|||
|
|||
# Let Home Manager install and manage itself. |
|||
programs.home-manager.enable = true; |
|||
|
|||
# This value determines the Home Manager release that your |
|||
# configuration is compatible with. This helps avoid breakage |
|||
# when a new Home Manager release introduces backwards |
|||
# incompatible changes. |
|||
# |
|||
# You can update Home Manager without changing this value. See |
|||
# the Home Manager release notes for a list of state version |
|||
# changes in each release. |
|||
home.stateVersion = "23.11"; |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue