diff --git a/baldur/configuration.nix b/baldur/configuration.nix new file mode 100644 index 0000000..206d77b --- /dev/null +++ b/baldur/configuration.nix @@ -0,0 +1,256 @@ +{ pkgs, lib, ... }: +with lib; +{ + # boot = { + # # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; + # # kernelPackages = pkgs.linuxPackages_5_18; + # # loader = { + # # systemd-boot.enable = true; + # # efi.canTouchEfiVariables = true; + # # }; + # }; + + console = { + font = "Lat2-Terminus16"; + keyMap = "it"; + }; + + environment = { + pathsToLink = [ "/share/zsh" ]; + systemPackages = with pkgs; [ kakoune tmux vim ]; + }; + + i18n.defaultLocale = "it_IT.UTF-8"; + + programs = { + dconf.enable = true; + gnupg.agent = { enable = true; enableSSHSupport = true; }; + zsh = { enable = true; syntaxHighlighting.enable = true; }; + }; + + networking = { + hostName = "baldur"; + # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; + # networkmanager.enable = true; + # useDHCP = false; + }; + + time.timeZone = "Europe/Rome"; + + services = { + # avahi = { + # enable = true; + # openFirewall = true; + # nssmdns = true; + # publish = { + # enable = true; + # addresses = true; + # domain = true; + # userServices = true; + # workstation = true; + # }; + # extraServiceFiles = { + # ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + # }; + # }; + # bazarr = { enable = true; openFirewall = true; group = "users"; }; + # blueman.enable = true; + dbus.packages = with pkgs; [ dconf ]; + fail2ban = { enable = true; bantime-increment.enable = true; }; + # gnome.gnome-keyring.enable = true; + # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; + # jackett = { enable = true; openFirewall = true; group = "users"; }; + # jellyfin = { enable = true; openFirewall = true; group = "users"; }; + # logind.lidSwitch = "ignore"; + # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; + openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; }; + # plex = { enable = true; openFirewall = true; group = "users"; }; + # power-profiles-daemon.enable = true; + # radarr = { enable = true; openFirewall = true; group = "users"; }; + # samba-wsdd = { enable = true; discovery = true; }; + # smartd = { enable = true; notifications.x11.enable = true; }; + # sonarr = { enable = true; openFirewall = true; group = "users"; }; + # thermald.enable = true; + # transmission = { + # enable = true; + # openFirewall = true; + # group = "users"; + # settings = { + # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; + # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; + # }; + # }; + # xserver = { + # # enable = true; + # videoDrivers = [ "nvidia" ]; + # # layout = "it"; + # # xkbOptions = "eurosign:e;"; + # # libinput.enable = true; + # }; + + # zoneminder = { + # enable = true; + # openFirewall = true; + # cameras = 3; + # hostname = "0.0.0.0"; + # database = { username = "zoneminder"; createLocally = true; }; + # }; + + # mysql = { + # # enable = true; + # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; + # }; + }; + + users.users.bertof = { + isNormalUser = true; + extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; + shell = pkgs.zsh; + }; + + # services.snapper = { + # configs = + # let + # commonExtraConfig = '' + # ALLOW_USERS="bertof" + # TIMELINE_CREATE=yes + # TIMELINE_CLEANUP=yes + # ''; + # in + # { + # bertof_raid0 = { + # subvolume = "/mnt/raid0/bertof"; + # extraConfig = '' + # ALLOW_USERS="bertof" + # ${commonExtraConfig} + # ''; + # }; + # tiziano_raid0 = { + # subvolume = "/mnt/raid0/tiziano"; + # extraConfig = '' + # ALLOW_USERS="tiziano" + # ${commonExtraConfig} + # ''; + # }; + # condiviso_raid0 = { + # subvolume = "/mnt/raid0/condiviso"; + # extraConfig = '' + # ALLOW_USERS="bertof tiziano" + # ${commonExtraConfig} + # ''; + # }; + # }; + # }; + + + # systemd.packages = with pkgs; [ syncthing ]; + # systemd.services = + # let + # common = { + # documentation = [ "man:syncthing(1)" ]; + # startLimitIntervalSec = 60; + # startLimitBurst = 4; + # after = [ "network.target" ]; + # environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; }; + # wantedBy = [ "default.target" ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 1; + # SuccessExitStatus = "3 4"; + # RestartForceExitStatus = "3 4"; + + # Group = config.ids.gids.users; + # MemoryDenyWriteExecute = true; + # NoNewPrivileges = true; + # PrivateDevices = true; + # PrivateMounts = true; + # PrivateTmp = true; + # PrivateUsers = true; + # ProtectControlGroups = true; + # ProtectHostname = true; + # ProtectKernelModules = true; + # ProtectKernelTunables = true; + # RestrictNamespaces = true; + # RestrictRealtime = true; + # RestrictSUIDSGID = true; + # CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ]; + # }; + # }; + # in + # { + # syncthing-bertof = recursiveUpdate common { + # description = "Syncthing service bertof"; + # serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; }; + # }; + # syncthing-tiziano = recursiveUpdate common { + # description = "Syncthing service tiziano"; + # serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; }; + # }; + # }; + + # networking.firewall = { + # enable = true; + # allowPing = true; + # allowedTCPPorts = [ + # 445 # SAMBA + # 139 # SAMBA + # 5357 # SAMBA-WSDD + # 8123 # HOME ASSISTANT + # 8384 # SYNCTHING + # 8385 # SYNCTHING + # ]; + # allowedUDPPorts = [ + # 137 # SYNCTHING + # 138 # SYNCTHING + # 3702 # SAMBA-WSDD + # ]; + # extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; + # }; + + # virtualisation = { + # docker.enable = true; + # kvmgt.enable = true; + # libvirtd.enable = true; + # podman.enable = true; + # # virtualbox.host.enable = true; + + # oci-containers.containers = { + # hass = { + # image = "ghcr.io/home-assistant/home-assistant:stable"; + # environment = { + # TZ = "Europe/Rome"; + # }; + # extraOptions = [ "--privileged" "--network=host" "--pull=always" ]; + # ports = [ "8123:8123" ]; + # volumes = [ + # "/var/lib/hass:/config" + # "/mnt/raid0/condiviso:/media" + # ]; + # }; + # }; + # }; + + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; + + # nixpkgs.config.allowUnfree = true; + # nix = { + # package = pkgs.nixFlakes; + # extraOptions = optionalString (config.nix.package == pkgs.nixFlakes) + # "experimental-features = nix-command flakes"; + # }; + + # system.autoUpgrade = { + # enable = true; + # allowReboot = true; + # flags = [ + # "-I" + # "nixos-config=/home/bertof/.config/nixpkgs/nixos/loki.nix" + # "--upgrade" + # ]; + # }; + + system.stateVersion = "22.05"; +} diff --git a/baldur/hm.nix b/baldur/hm.nix new file mode 100644 index 0000000..0676db0 --- /dev/null +++ b/baldur/hm.nix @@ -0,0 +1,69 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (_: _: { + devEnvironment = (import ./environment.nix) { + # enableCpp = true; + enableData = true; + # enableGo = true; + # enableHtml = true; + # enableJavascript = true; + # enableJava = true; + # enableLatex = true; + enableNix = true; + # enableOffice = true; + # enablePython = true; + # enableRust = true; + enableShell = true; + # enableSpelling = true; + }; + }) + ]; + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it"; + options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ]; + }; + packages = with pkgs; [ + file + htop + neofetch + nix-prefetch-scripts + ripgrep + wget + xclip + # yq + ]; + }; + imports = [ + ../hm_modules/__basic.nix + + ../hm_modules/configurations.nix + # ../hm_modules/fonts.nix + ../hm_modules/bash.nix + ../hm_modules/bat.nix + # ../hm_modules/bottom.nix + # ../hm_modules/broot.nix + ../hm_modules/dircolors.nix + ../hm_modules/direnv.nix + # ../hm_modules/git.nix + # ../hm_modules/gpg.nix + ../hm_modules/helix.nix + ../hm_modules/info.nix + # ../hm_modules/jq.nix + # ../hm_modules/kakoune.nix + ../hm_modules/keychain.nix + # ../hm_modules/kitty.nix + ../hm_modules/lf.nix + ../hm_modules/man.nix + # ../hm_modules/megasync.nix + # ../hm_modules/noti.nix + ../hm_modules/ssh.nix + ../hm_modules/starship.nix + ../hm_modules/tmux.nix + ../hm_modules/zoxide.nix + ../hm_modules/zsh.nix + ../hm_modules/shell_aliases.nix + ]; +} diff --git a/flake.nix b/flake.nix index aeb99bf..927d05c 100644 --- a/flake.nix +++ b/flake.nix @@ -50,6 +50,7 @@ homeManagerSettings = { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; }; commonBaseModules = [ + ./nixos_modules/bertof_user.nix ./nixos_modules/automatic-garbage-collection.nix ./nixos_modules/zerotier.nix ]; @@ -138,6 +139,17 @@ (homeManagerModules { bertof = import ./freya/hm.nix; }) ++ extraModules; }; + + baldurBaseModules = [ + ./baldur/configuration.nix + ]; + balurBuilder = { extraModules ? [ ] }: nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [{ nixpkgs = nixpkgsSettings { inherit system; }; }] ++ + commonBaseModules ++ baldurBaseModules ++ + (homeManagerModules { bertof = import ./baldur/hm.nix; }) ++ + extraModules; + }; in (flake-utils.lib.eachDefaultSystem (system: rec { packages = pkgs-u { inherit system; }; @@ -169,6 +181,7 @@ # loki-unstable = lokiUnstable [ ]; freya = freyaBuilder { }; + baldur = balurBuilder { }; }; }; } diff --git a/freya/configuration.nix b/freya/configuration.nix index a2b6286..52cce1d 100644 --- a/freya/configuration.nix +++ b/freya/configuration.nix @@ -174,7 +174,6 @@ with lib; bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; shell = pkgs.zsh; }; # tiziano = { diff --git a/freya/hm.nix b/freya/hm.nix index 1d6f519..ae62fc1 100644 --- a/freya/hm.nix +++ b/freya/hm.nix @@ -54,7 +54,7 @@ ../hm_modules/jq.nix # ../hm_modules/kakoune.nix ../hm_modules/keychain.nix - ../hm_modules/kitty.nix + # ../hm_modules/kitty.nix ../hm_modules/lf.nix ../hm_modules/man.nix ../hm_modules/megasync.nix diff --git a/hm_modules/webapp.nix b/hm_modules/webapp.nix index 5d083cf..26bc9f9 100644 --- a/hm_modules/webapp.nix +++ b/hm_modules/webapp.nix @@ -1,7 +1,8 @@ { pkgs, lib, ... }: # Categories: https://specifications.freedesktop.org/menu-spec/latest/apa.html#main-category-registry let - cmd = link: "google-chrome-stable --app=${link}"; + # cmd = link: "google-chrome-stable --app=${link}"; + cmd = link: "firefox ${link}"; links = [ { desktopName = "Google Calendar"; link = "https://google.com/calendar"; categories = [ "Office" ]; } { desktopName = "Google Keep"; link = "https://keep.google.com"; categories = [ "Office" ]; } diff --git a/loki/configuration.nix b/loki/configuration.nix index 6e4677c..d2f99dd 100644 --- a/loki/configuration.nix +++ b/loki/configuration.nix @@ -194,7 +194,6 @@ with lib; bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; shell = pkgs.zsh; }; tiziano = { diff --git a/nixos_modules/bertof_user.nix b/nixos_modules/bertof_user.nix new file mode 100644 index 0000000..2fb5af1 --- /dev/null +++ b/nixos_modules/bertof_user.nix @@ -0,0 +1,7 @@ +{ + users.users.bertof = { + isNormalUser = true; + extraGroups = [ "network" "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; + }; +} diff --git a/odin/common_configuration.nix b/odin/common_configuration.nix index d9d441c..3b68f14 100644 --- a/odin/common_configuration.nix +++ b/odin/common_configuration.nix @@ -122,7 +122,6 @@ with lib; isNormalUser = true; extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; }; # List packages installed in system profile. To search, run: diff --git a/odin/hardware-configuration.nix b/odin/hardware-configuration.nix index 9dac5dd..0d20004 100644 --- a/odin/hardware-configuration.nix +++ b/odin/hardware-configuration.nix @@ -14,85 +14,91 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@root" "x-gvfs-hide" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@root" "x-gvfs-hide" ]; + }; - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@nix" "x-gvfs-hide" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@nix" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof" "x-gvfs-hide" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/82DB-3444"; + fsType = "vfat"; + options = [ "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Giochi/SSD" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_games" "x-gvfs-hide" ]; - }; + # fileSystems."/var/lib/docker/btrfs" = + # { device = "/nix/@root/var/lib/docker/btrfs"; + # fsType = "none"; + # options = [ "bind" ]; + # }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/82DB-3444"; - fsType = "vfat"; - }; + fileSystems."/home/bertof" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@home" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Musica" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_music" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Documenti" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@documents" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Video" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_videos" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Documenti/Git" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@git" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Immagini" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_images" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Musica" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@music" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Scaricati" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_downloads" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Video" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@videos" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Documenti" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_documents" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Immagini" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@images" "x-gvfs-hide" ]; + }; - fileSystems."/home/bertof/Documenti/Git" = - { - device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; - fsType = "btrfs"; - options = [ "subvol=@bertof_git" "x-gvfs-hide" ]; - }; + fileSystems."/home/bertof/Giochi/SSD" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@games" "x-gvfs-hide" ]; + }; + + fileSystems."/home/bertof/Scaricati" = { + device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; + fsType = "btrfs"; + options = [ "subvol=@bertof/@downloads" "x-gvfs-hide" ]; + }; swapDevices = [{ device = "/dev/disk/by-uuid/5f3cf424-2bd8-4352-a778-1bb067cb5700"; }]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp60s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + # networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/odin/hm.nix b/odin/hm.nix index 064287b..2d1330c 100644 --- a/odin/hm.nix +++ b/odin/hm.nix @@ -54,7 +54,7 @@ # keepassxc krita kubectl - # lutris + lutris meld # minecraft mmv-go diff --git a/thor/configuration.nix b/thor/configuration.nix index 08e302d..a959117 100644 --- a/thor/configuration.nix +++ b/thor/configuration.nix @@ -152,9 +152,7 @@ with lib; users.users.bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; shell = pkgs.zsh; - useDefaultShell = false; }; virtualisation = {