bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'rpi'

Browse source
This commit is contained in:
Filippo Berto 2023-03-04 01:05:45 +01:00
commit 38fe5f2622
Signed by: bertof
GPG key ID: 9DBF7E6A1D2CE9ED
8 changed files with 146 additions and 284 deletions
Download patch file Download diff file Expand all files Collapse all files

49
flake.nix
View file

@ -216,6 +216,7 @@
./nixos_modules/bertof_user.nix
./nixos_modules/distributed.nix
./nixos_modules/remote-deploy.nix
./nixos_modules/extended_registry.nix
./nixos_modules/zerotier.nix
./nixos_modules/installer.nix
@ -279,19 +280,23 @@
};
};
# freyaConfig = {
# nixosConfigurations = rec {
# freya = nixpkgs.lib.nixosSystem rec {
# system = "aarch64-linux";
# modules = commonModules ++ [
# nixos-hardware.nixosModules.raspberry-pi-4
# ./freya/hardware-configuration.nix
# ./freya/configuration.nix
# { home-manager.users.bertof = import ./freya/hm.nix; }
# ];
# };
# };
# };
freyaConfig = {
nixosConfigurations = {
freya = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = commonModules ++ [
nixos-hardware.nixosModules.raspberry-pi-4
./freya/hardware-configuration.nix
./freya/configuration.nix
{ home-manager.users.bertof = import ./freya/hm.nix; }
({ lib, ... }: {
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
})
];
};
};
};
baldurConfig = {
nixosConfigurations = {
@ -369,6 +374,15 @@
self.nixosConfigurations.baldur;
};
};
freya = {
hostname = "192.168.1.2";
profiles.system = {
user = "root";
path = deploy-rs.lib.aarch64-linux.activate.nixos
self.nixosConfigurations.freya;
};
};
};
};
@ -382,6 +396,13 @@
format = "install-iso";
};
# Aarch64 base image
aarch64-base-image = nixos-generators.nixosGenerate {
system = flake-utils.lib.system.aarch64-linux;
modules = installerModules;
format = "sd-aarch64";
};
# Installer DigitalOcean
do-image = nixos-generators.nixosGenerate {
inherit system;
@ -396,7 +417,7 @@
basic
thorConfig
odinConfig
# freyaConfig
freyaConfig
baldurConfig
lokiConfig
deployments

239
freya/configuration.nix
View file

@ -1,37 +1,29 @@
{ pkgs, lib, ... }:
with lib; {
boot = {
# kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
{ pkgs, ... }: {
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
console = { font = "Lat2-Terminus16"; keyMap = "it"; };
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; };
systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
};
hardware = {
bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
opengl = {
enable = true;
driSupport = true;
};
raspberry-pi."4" = {
audio.enable = true;
fkms-3d.enable = true;
};
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
};
networking = {
hostName = "freya";
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
@ -39,7 +31,15 @@ with lib; {
useDHCP = false;
};
time.timeZone = "Europe/Rome";
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh = { enable = true; syntaxHighlighting.enable = true; };
};
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
services = {
avahi = {
@ -53,131 +53,23 @@ with lib; {
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
blueman.enable = true;
dbus.packages = [ pkgs.dconf ];
gnome.gnome-keyring.enable = true;
openssh = { enable = true; openFirewall = true; };
xserver = {
enable = true;
desktopManager.retroarch = {
enable = true;
package = pkgs.retroarchFull;
};
};
# bazarr = { enable = true; openFirewall = true; group = "users"; };
# blueman.enable = true;
dbus.packages = [ pkgs.dconf ];
# fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
# jackett = { enable = true; openFirewall = true; group = "users"; };
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
# logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
# plex = { enable = true; openFirewall = true; group = "users"; };
# power-profiles-daemon.enable = true;
# radarr = { enable = true; openFirewall = true; group = "users"; };
# samba-wsdd = { enable = true; discovery = true; };
# samba = {
# enable = true;
# enableNmbd = true;
# enableWinbindd = true;
# nsswins = true;
# extraConfig = ''
# workgroup = WORKGROUP
# load printers = no
# smb encrypt = required
# '';
# shares =
# let
# common = {
# "public" = "no";
# "writeable" = "yes";
# "create mask" = "0700";
# "directory mask" = "2700";
# "browseable" = "yes";
# "guest ok" = "no";
# "read only" = "no";
# "force group" = "users";
# };
# in
# {
# bertof = recursiveUpdate common {
# path = "/mnt/raid0/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano = recursiveUpdate common {
# path = "/mnt/raid0/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso = recursiveUpdate common {
# path = "/mnt/raid0/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# bertof_safe = recursiveUpdate common {
# path = "/mnt/raid1/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano_safe = recursiveUpdate common {
# path = "/mnt/raid1/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso_safe = recursiveUpdate common {
# path = "/mnt/raid1/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# };
# };
# sonarr = { enable = true; openFirewall = true; group = "users"; };
thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
# xserver = {
# # enable = true;
# videoDrivers = [ "nvidia" ];
# # layout = "it";
# # xkbOptions = "eurosign:e;";
# # libinput.enable = true;
# };
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = { username = "zoneminder"; createLocally = true; };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
# };
};
time.timeZone = "Europe/Rome";
users.users = {
bertof = {
isNormalUser = true;
@ -194,56 +86,7 @@ with lib; {
];
shell = pkgs.zsh;
};
# tiziano = {
# isNormalUser = true;
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
# };
# jellyfin.extraGroups = [ "video" ];
};
# services.snapper = {
# configs =
# let
# commonExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# in
# {
# bertof_raid0 = {
# subvolume = "/mnt/raid0/bertof";
# extraConfig = ''
# ALLOW_USERS="bertof"
# ${commonExtraConfig}
# '';
# };
# tiziano_raid0 = {
# subvolume = "/mnt/raid0/tiziano";
# extraConfig = ''
# ALLOW_USERS="tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# };
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
system.autoUpgrade = {
enable = true;
allowReboot = true;
flags = [ "--flake gitlab:bertof/nix-dotfiles" ];
};
system.stateVersion = "22.05";
system.stateVersion = "22.11";
}

30
freya/hardware-configuration.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
# networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

52
freya/hm.nix
View file

@ -1,23 +1,4 @@
{ pkgs, ... }: {
nixpkgs.overlays = [
(_: _: {
devEnvironment = (import ./environment.nix) {
# enableCpp = true;
enableData = true;
# enableGo = true;
# enableHtml = true;
# enableJavascript = true;
# enableJava = true;
# enableLatex = true;
enableNix = true;
# enableOffice = true;
# enablePython = true;
# enableRust = true;
enableShell = true;
# enableSpelling = true;
};
})
];
home = {
language.base = "it_IT.UTF-8";
keyboard = {
@ -26,37 +7,20 @@
};
packages = builtins.attrValues {
inherit (pkgs)
file htop neofetch nix-prefetch-scripts ripgrep wget xclip yq;
cava gallery-dl procps wireguard-tools httpie;
};
};
imports = [
../hm_modules/__basic.nix
../hm_modules/configurations.nix
# ../hm_modules/fonts.nix
../hm_modules/bash.nix
../hm_modules/bat.nix
../hm_modules/bottom.nix
../hm_modules/broot.nix
../hm_modules/dircolors.nix
../hm_modules/direnv.nix
../hm_modules/git.nix
../hm_modules/gpg.nix
../hm_modules/cava.nix
../hm_modules/dunst.nix
../hm_modules/helix.nix
../hm_modules/info.nix
../hm_modules/jq.nix
# ../hm_modules/kakoune.nix
../hm_modules/keychain.nix
# ../hm_modules/kitty.nix
../hm_modules/kitty.nix
../hm_modules/lf.nix
../hm_modules/man.nix
../hm_modules/megasync.nix
../hm_modules/noti.nix
../hm_modules/ssh.nix
../hm_modules/starship.nix
../hm_modules/tmux.nix
../hm_modules/zoxide.nix
../hm_modules/zsh.nix
../hm_modules/shell_aliases.nix
../hm_modules/spotifyd.nix
../hm_modules/xidlehook.nix
];
home.stateVersion = "22.11";
}

4
nixos_modules/remote-deploy.nix
View file

@ -1,8 +1,8 @@
{
{ lib, ... }: {
services.openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "prohibit-password";
permitRootLogin = lib.mkDefault "prohibit-password";
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
};

9
odin/hm.nix
View file

@ -16,15 +16,14 @@
# mycrypto
# pcmanfm
# pulseaudio
retroarchFull
# signal-desktop
# slack
# wineFull
arandr authy bitwarden cava discord dmenu droidcam easyeffects evince
gallery-dl krita meld openvpn p7zip pavucontrol pentablet-driver postman
procps pulseaudio shotwell skypeforlinux spotify tdesktop teams
thunderbird transmission-gtk virt-manager virt-viewer wireguard-tools
xournalpp zoom-us gucharmap handbrake httpie inkscape;
gallery-dl gucharmap handbrake httpie inkscape krita meld openvpn p7zip
pavucontrol pentablet-driver postman procps pulseaudio retroarchFull
shotwell skypeforlinux spotify tdesktop teams thunderbird transmission-gtk
virt-manager virt-viewer wireguard-tools xournalpp zoom-us;
inherit (pkgs.gnome)
# geary
# gnome-boxes

4
secrets/secrets.nix
View file

@ -17,7 +17,9 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
loki =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb";
systems = [ odin thor baldur loki ];
freya =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBclEOy4xs9yBp4RgfTf1FPeqTdERM6d6nDhnMQ3WVGI";
systems = [ odin thor baldur loki freya ];
in
{
# "oauth_proxy_client_credentials.age".publicKeys = users ++ systems;

43
secrets/spotify_password.age
View file

@ -1,21 +1,24 @@
age-encryption.org/v1
-> ssh-ed25519 13iwjQ 9aoog/kXoUjWDvBc9PWsuiDqosDZZ2V9O2K5ZS5R/HM
68DRiAN5GaU5SowcxkzJTQ3llZHDHiVYEj9AkNYvnTc
-> ssh-ed25519 7MB20A GDfksSg6a17FEPYshKpnw23KRx4cHZFn/9CSzBGxrn0
ICWw//xtkwcjHuHoLTXTzpDa1du8J6bG2QacjTV6fs4
-> ssh-ed25519 ieE3Vw EJkUKGOgjA8a3D5umr3I7VpOtjVix903hbF6o2TfKmg
ISY9RdtzRoX554WxIM2uW7iBG2LzuecnazlgY5dFoio
-> ssh-ed25519 lC44xg PzOCoNzINU9MUeUNo47oPofF1XclvMXE+vz0ELjGiiI
KymnQOnLvJm1X0KabTFiKRiHo+x9olhLYUeDuoCMRzE
-> ssh-ed25519 IvyYug CEqfcL5R0kkC2x2s6kb9lePx9Kt3j+pazymbsmeijGI
Nsw3/j4KT/8ZHDthSLljqEBJvvfQ1AaSw0uIZMq33Yc
-> ssh-ed25519 v7O/FA BWzFBCTXSURu97zS41saKbK6sNLXxCzD2CiGX4VhgBQ
F9IhjUqkfpg6kOo6WLtzxyRJ1c9A3uSF3jHxFmH9WB8
-> ssh-ed25519 Wzv8ew IjPoGA720sr+Ke9Klt9tOWl9YYJJZ6E+zJF89Meztzs
A85Kgs6R91eH/MZ64D8tFUpDPMrAWzFp8fkZk1nbMgw
-> ssh-ed25519 XgC3XA 3qyHI8WIto41UStTx2nUR8YP7rCd7Ax61Xc+zx4FPSo
MJBvA4fEuKtjsB7EIxdVuVEXaW0t3IEgZzirKAwrOEI
-> np;-grease 1)BDO$X)
/+zl7WOsIa1rwc+B6gKI4nkqwV6vcA
--- qhruLmvOui+PeIZb1vGFu+ZxUkeJn/RwvaGhZicxj5s
:çê$ÉpFD ½w#¤ÆÞ\YeªwÁ éí}¼ÕüÂ}|`Š/\úw<C3BA>ûsPa7¿cW¹
-> ssh-ed25519 13iwjQ /Rmmvw0p6DZ7aGnMemqE4o/T5egJ2nRr6Ea7RABaoX0
H/jX5rPg2RG6vFdR4pc7Z+slx2kFF4cPzW/LI46LkAU
-> ssh-ed25519 7MB20A XcQg1psOjZXueouNw8sg3WRVLIm5rnAZY8DdsOoXlQg
e9cjUymnPxbKEF98RWK6JjzI/y4qWIhWEk4keIG2UgQ
-> ssh-ed25519 ieE3Vw Pvvi73SMREG9baVcT68OL9/DYdMYiNWRPBYfzK/ltlQ
YzxiQX2lHmnNH79c7AABg/3Gz02Zc+BXzg2PMcYTdYA
-> ssh-ed25519 lC44xg 17PRg8lmBxejX2B6enYCFbp8nVArOzfpsKdmpemZUXI
bNboF5jbhxJvM+kIOghcJygvNDvJEMMcMdPYonSB31A
-> ssh-ed25519 IvyYug KZ0FT8OYhCEUlKO13YpwRXYcKAQKlR2Nqh2GnEUHMRI
teURFNlCUoQGFvZnYD+Gj+xwLjJA6CzMl5FB58bMxHs
-> ssh-ed25519 v7O/FA uJwWy77gKJvbS1gpd8GvVcyjvfCPgtBEXOR2KH5pZHc
chawOJvYoJUg7U4k8U33i7fgoDCWP42s22C9RsoOw30
-> ssh-ed25519 Wzv8ew Jptd53uF7c0qIyGIq+m5Pn1gV3jajTdglkVwBvFR2GQ
/UgadCGML7iuJSSPqRoef9AhV10oKCBSJM+/lz4eHes
-> ssh-ed25519 XgC3XA k94WW5viGatt5zKkeXEbQYep8GOiNS1oRj/k1spkdjo
OJVFSqYfiy8JvC/JxKyDl2idF7CBCUUmtCHHiru3vNE
-> ssh-ed25519 l795CA mKZKQvx4rGJMbTBse7O05VofBZpYESCQKT6AhzTT9Ec
xLNtv4RGq88UTMXB1+HhYAKfoDJhSQA6VACcyle+sEg
-> }15U*uy@-grease <7zx}O
IPc7fEI8wgTJgmjMZebEM8GEE7wzdMRQ61FLog/fKRsxqeoIoykiKJnEAGKxgQkE
A3vAHJyb7gasd3I
--- BSHDp5Toqplk2opWHZE8HYoepxgCze2O8D3YUu9DU04
÷‡Á‰æü`iC†ààú±½"¨ß$²HÕÎNq¹ÎÁ<C38E>6gíÆNl#÷‡5Ÿ