bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Preparation for deployment library

Browse source
This commit is contained in:
Filippo Berto 2022-08-31 16:04:33 +02:00
parent e4e09e1bf9
commit 1bc27dde82
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
12 changed files with 420 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

256
baldur/configuration.nix Normal file
View file

@ -0,0 +1,256 @@
{ pkgs, lib, ... }:
with lib;
{
# boot = {
# # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
# # kernelPackages = pkgs.linuxPackages_5_18;
# # loader = {
# # systemd-boot.enable = true;
# # efi.canTouchEfiVariables = true;
# # };
# };
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = with pkgs; [ kakoune tmux vim ];
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh = { enable = true; syntaxHighlighting.enable = true; };
};
networking = {
hostName = "baldur";
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
# networkmanager.enable = true;
# useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
# avahi = {
# enable = true;
# openFirewall = true;
# nssmdns = true;
# publish = {
# enable = true;
# addresses = true;
# domain = true;
# userServices = true;
# workstation = true;
# };
# extraServiceFiles = {
# ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
# };
# };
# bazarr = { enable = true; openFirewall = true; group = "users"; };
# blueman.enable = true;
dbus.packages = with pkgs; [ dconf ];
fail2ban = { enable = true; bantime-increment.enable = true; };
# gnome.gnome-keyring.enable = true;
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
# jackett = { enable = true; openFirewall = true; group = "users"; };
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
# logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
# plex = { enable = true; openFirewall = true; group = "users"; };
# power-profiles-daemon.enable = true;
# radarr = { enable = true; openFirewall = true; group = "users"; };
# samba-wsdd = { enable = true; discovery = true; };
# smartd = { enable = true; notifications.x11.enable = true; };
# sonarr = { enable = true; openFirewall = true; group = "users"; };
# thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
# xserver = {
# # enable = true;
# videoDrivers = [ "nvidia" ];
# # layout = "it";
# # xkbOptions = "eurosign:e;";
# # libinput.enable = true;
# };
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = { username = "zoneminder"; createLocally = true; };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
# };
};
users.users.bertof = {
isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
shell = pkgs.zsh;
};
# services.snapper = {
# configs =
# let
# commonExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# in
# {
# bertof_raid0 = {
# subvolume = "/mnt/raid0/bertof";
# extraConfig = ''
# ALLOW_USERS="bertof"
# ${commonExtraConfig}
# '';
# };
# tiziano_raid0 = {
# subvolume = "/mnt/raid0/tiziano";
# extraConfig = ''
# ALLOW_USERS="tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# };
# };
# systemd.packages = with pkgs; [ syncthing ];
# systemd.services =
# let
# common = {
# documentation = [ "man:syncthing(1)" ];
# startLimitIntervalSec = 60;
# startLimitBurst = 4;
# after = [ "network.target" ];
# environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 1;
# SuccessExitStatus = "3 4";
# RestartForceExitStatus = "3 4";
# Group = config.ids.gids.users;
# MemoryDenyWriteExecute = true;
# NoNewPrivileges = true;
# PrivateDevices = true;
# PrivateMounts = true;
# PrivateTmp = true;
# PrivateUsers = true;
# ProtectControlGroups = true;
# ProtectHostname = true;
# ProtectKernelModules = true;
# ProtectKernelTunables = true;
# RestrictNamespaces = true;
# RestrictRealtime = true;
# RestrictSUIDSGID = true;
# CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
# };
# };
# in
# {
# syncthing-bertof = recursiveUpdate common {
# description = "Syncthing service bertof";
# serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
# };
# syncthing-tiziano = recursiveUpdate common {
# description = "Syncthing service tiziano";
# serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
# };
# };
# networking.firewall = {
# enable = true;
# allowPing = true;
# allowedTCPPorts = [
# 445 # SAMBA
# 139 # SAMBA
# 5357 # SAMBA-WSDD
# 8123 # HOME ASSISTANT
# 8384 # SYNCTHING
# 8385 # SYNCTHING
# ];
# allowedUDPPorts = [
# 137 # SYNCTHING
# 138 # SYNCTHING
# 3702 # SAMBA-WSDD
# ];
# extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
# };
# virtualisation = {
# docker.enable = true;
# kvmgt.enable = true;
# libvirtd.enable = true;
# podman.enable = true;
# # virtualbox.host.enable = true;
# oci-containers.containers = {
# hass = {
# image = "ghcr.io/home-assistant/home-assistant:stable";
# environment = {
# TZ = "Europe/Rome";
# };
# extraOptions = [ "--privileged" "--network=host" "--pull=always" ];
# ports = [ "8123:8123" ];
# volumes = [
# "/var/lib/hass:/config"
# "/mnt/raid0/condiviso:/media"
# ];
# };
# };
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
# nixpkgs.config.allowUnfree = true;
# nix = {
# package = pkgs.nixFlakes;
# extraOptions = optionalString (config.nix.package == pkgs.nixFlakes)
# "experimental-features = nix-command flakes";
# };
# system.autoUpgrade = {
# enable = true;
# allowReboot = true;
# flags = [
# "-I"
# "nixos-config=/home/bertof/.config/nixpkgs/nixos/loki.nix"
# "--upgrade"
# ];
# };
system.stateVersion = "22.05";
}

69
baldur/hm.nix Normal file
View file

@ -0,0 +1,69 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [
(_: _: {
devEnvironment = (import ./environment.nix) {
# enableCpp = true;
enableData = true;
# enableGo = true;
# enableHtml = true;
# enableJavascript = true;
# enableJava = true;
# enableLatex = true;
enableNix = true;
# enableOffice = true;
# enablePython = true;
# enableRust = true;
enableShell = true;
# enableSpelling = true;
};
})
];
home = {
language.base = "it_IT.UTF-8";
keyboard = {
layout = "it";
options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ];
};
packages = with pkgs; [
file
htop
neofetch
nix-prefetch-scripts
ripgrep
wget
xclip
# yq
];
};
imports = [
../hm_modules/__basic.nix
../hm_modules/configurations.nix
# ../hm_modules/fonts.nix
../hm_modules/bash.nix
../hm_modules/bat.nix
# ../hm_modules/bottom.nix
# ../hm_modules/broot.nix
../hm_modules/dircolors.nix
../hm_modules/direnv.nix
# ../hm_modules/git.nix
# ../hm_modules/gpg.nix
../hm_modules/helix.nix
../hm_modules/info.nix
# ../hm_modules/jq.nix
# ../hm_modules/kakoune.nix
../hm_modules/keychain.nix
# ../hm_modules/kitty.nix
../hm_modules/lf.nix
../hm_modules/man.nix
# ../hm_modules/megasync.nix
# ../hm_modules/noti.nix
../hm_modules/ssh.nix
../hm_modules/starship.nix
../hm_modules/tmux.nix
../hm_modules/zoxide.nix
../hm_modules/zsh.nix
../hm_modules/shell_aliases.nix
];
}

13
flake.nix
View file

@ -50,6 +50,7 @@
homeManagerSettings = { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; }; homeManagerSettings = { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; };
commonBaseModules = [ commonBaseModules = [
./nixos_modules/bertof_user.nix
./nixos_modules/automatic-garbage-collection.nix ./nixos_modules/automatic-garbage-collection.nix
./nixos_modules/zerotier.nix ./nixos_modules/zerotier.nix
]; ];
@ -138,6 +139,17 @@
(homeManagerModules { bertof = import ./freya/hm.nix; }) ++ (homeManagerModules { bertof = import ./freya/hm.nix; }) ++
extraModules; extraModules;
}; };
baldurBaseModules = [
./baldur/configuration.nix
];
balurBuilder = { extraModules ? [ ] }: nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [{ nixpkgs = nixpkgsSettings { inherit system; }; }] ++
commonBaseModules ++ baldurBaseModules ++
(homeManagerModules { bertof = import ./baldur/hm.nix; }) ++
extraModules;
};
in in
(flake-utils.lib.eachDefaultSystem (system: rec { (flake-utils.lib.eachDefaultSystem (system: rec {
packages = pkgs-u { inherit system; }; packages = pkgs-u { inherit system; };
@ -169,6 +181,7 @@
# loki-unstable = lokiUnstable [ ]; # loki-unstable = lokiUnstable [ ];
freya = freyaBuilder { }; freya = freyaBuilder { };
baldur = balurBuilder { };
}; };
}; };
} }

1
freya/configuration.nix
View file

@ -174,7 +174,6 @@ with lib;
bertof = { bertof = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
# tiziano = { # tiziano = {

2
freya/hm.nix
View file

@ -54,7 +54,7 @@
../hm_modules/jq.nix ../hm_modules/jq.nix
# ../hm_modules/kakoune.nix # ../hm_modules/kakoune.nix
../hm_modules/keychain.nix ../hm_modules/keychain.nix
../hm_modules/kitty.nix # ../hm_modules/kitty.nix
../hm_modules/lf.nix ../hm_modules/lf.nix
../hm_modules/man.nix ../hm_modules/man.nix
../hm_modules/megasync.nix ../hm_modules/megasync.nix

3
hm_modules/webapp.nix
View file

@ -1,7 +1,8 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
# Categories: https://specifications.freedesktop.org/menu-spec/latest/apa.html#main-category-registry # Categories: https://specifications.freedesktop.org/menu-spec/latest/apa.html#main-category-registry
let let
cmd = link: "google-chrome-stable --app=${link}"; # cmd = link: "google-chrome-stable --app=${link}";
cmd = link: "firefox ${link}";
links = [ links = [
{ desktopName = "Google Calendar"; link = "https://google.com/calendar"; categories = [ "Office" ]; } { desktopName = "Google Calendar"; link = "https://google.com/calendar"; categories = [ "Office" ]; }
{ desktopName = "Google Keep"; link = "https://keep.google.com"; categories = [ "Office" ]; } { desktopName = "Google Keep"; link = "https://keep.google.com"; categories = [ "Office" ]; }

1
loki/configuration.nix
View file

@ -194,7 +194,6 @@ with lib;
bertof = { bertof = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
tiziano = { tiziano = {

7
nixos_modules/bertof_user.nix Normal file
View file

@ -0,0 +1,7 @@
{
users.users.bertof = {
isNormalUser = true;
extraGroups = [ "network" "networkmanager" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
};
}

1
odin/common_configuration.nix
View file

@ -122,7 +122,6 @@ with lib;
isNormalUser = true; isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
}; };
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:

136
odin/hardware-configuration.nix
View file

@ -14,85 +14,91 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@root" "x-gvfs-hide" ];
options = [ "subvol=@root" "x-gvfs-hide" ]; };
};
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@nix" "x-gvfs-hide" ];
options = [ "subvol=@nix" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/82DB-3444";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "vfat";
fsType = "btrfs"; options = [ "x-gvfs-hide" ];
options = [ "subvol=@bertof" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Giochi/SSD" = # fileSystems."/var/lib/docker/btrfs" =
{ # { device = "/nix/@root/var/lib/docker/btrfs";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; # fsType = "none";
fsType = "btrfs"; # options = [ "bind" ];
options = [ "subvol=@bertof_games" "x-gvfs-hide" ]; # };
};
fileSystems."/boot" = fileSystems."/home/bertof" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/82DB-3444"; fsType = "btrfs";
fsType = "vfat"; options = [ "subvol=@bertof/@home" "x-gvfs-hide" ];
}; };
fileSystems."/home/bertof/Musica" = fileSystems."/home/bertof/Documenti" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@documents" "x-gvfs-hide" ];
options = [ "subvol=@bertof_music" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Video" = fileSystems."/home/bertof/Documenti/Git" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@git" "x-gvfs-hide" ];
options = [ "subvol=@bertof_videos" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Immagini" = fileSystems."/home/bertof/Musica" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@music" "x-gvfs-hide" ];
options = [ "subvol=@bertof_images" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Scaricati" = fileSystems."/home/bertof/Video" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@videos" "x-gvfs-hide" ];
options = [ "subvol=@bertof_downloads" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Documenti" = fileSystems."/home/bertof/Immagini" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@images" "x-gvfs-hide" ];
options = [ "subvol=@bertof_documents" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Documenti/Git" = fileSystems."/home/bertof/Giochi/SSD" = {
{ device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c"; fsType = "btrfs";
fsType = "btrfs"; options = [ "subvol=@bertof/@games" "x-gvfs-hide" ];
options = [ "subvol=@bertof_git" "x-gvfs-hide" ]; };
};
fileSystems."/home/bertof/Scaricati" = {
device = "/dev/disk/by-uuid/c6e3d4df-4861-48a5-8107-d6fd1addad8c";
fsType = "btrfs";
options = [ "subvol=@bertof/@downloads" "x-gvfs-hide" ];
};
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/5f3cf424-2bd8-4352-a778-1bb067cb5700"; }]; [{ device = "/dev/disk/by-uuid/5f3cf424-2bd8-4352-a778-1bb067cb5700"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp60s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
# networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

2
odin/hm.nix
View file

@ -54,7 +54,7 @@
# keepassxc # keepassxc
krita krita
kubectl kubectl
# lutris lutris
meld meld
# minecraft # minecraft
mmv-go mmv-go

2
thor/configuration.nix
View file

@ -152,9 +152,7 @@ with lib;
users.users.bertof = { users.users.bertof = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
shell = pkgs.zsh; shell = pkgs.zsh;
useDefaultShell = false;
}; };
virtualisation = { virtualisation = {