diff --git a/flake.nix b/flake.nix index b405aa9..289915f 100644 --- a/flake.nix +++ b/flake.nix @@ -216,6 +216,7 @@ ./nixos_modules/bertof_user.nix ./nixos_modules/distributed.nix + ./nixos_modules/remote-deploy.nix ./nixos_modules/extended_registry.nix ./nixos_modules/zerotier.nix ./nixos_modules/installer.nix @@ -279,19 +280,23 @@ }; }; - # freyaConfig = { - # nixosConfigurations = rec { - # freya = nixpkgs.lib.nixosSystem rec { - # system = "aarch64-linux"; - # modules = commonModules ++ [ - # nixos-hardware.nixosModules.raspberry-pi-4 - # ./freya/hardware-configuration.nix - # ./freya/configuration.nix - # { home-manager.users.bertof = import ./freya/hm.nix; } - # ]; - # }; - # }; - # }; + freyaConfig = { + nixosConfigurations = { + freya = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = commonModules ++ [ + nixos-hardware.nixosModules.raspberry-pi-4 + ./freya/hardware-configuration.nix + ./freya/configuration.nix + + { home-manager.users.bertof = import ./freya/hm.nix; } + ({ lib, ... }: { + boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + }) + ]; + }; + }; + }; baldurConfig = { nixosConfigurations = { @@ -369,6 +374,15 @@ self.nixosConfigurations.baldur; }; }; + + freya = { + hostname = "192.168.1.2"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.aarch64-linux.activate.nixos + self.nixosConfigurations.freya; + }; + }; }; }; @@ -382,6 +396,13 @@ format = "install-iso"; }; + # Aarch64 base image + aarch64-base-image = nixos-generators.nixosGenerate { + system = flake-utils.lib.system.aarch64-linux; + modules = installerModules; + format = "sd-aarch64"; + }; + # Installer DigitalOcean do-image = nixos-generators.nixosGenerate { inherit system; @@ -396,7 +417,7 @@ basic thorConfig odinConfig - # freyaConfig + freyaConfig baldurConfig lokiConfig deployments diff --git a/freya/configuration.nix b/freya/configuration.nix index cd97163..142f461 100644 --- a/freya/configuration.nix +++ b/freya/configuration.nix @@ -1,37 +1,29 @@ -{ pkgs, lib, ... }: -with lib; { - boot = { - # kernelPackages = pkgs.linuxPackages_latest; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; +{ pkgs, ... }: { - console = { - font = "Lat2-Terminus16"; - keyMap = "it"; - }; + console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; - systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; }; + systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; }; + }; + + hardware = { + bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + opengl = { + enable = true; + driSupport = true; + }; + raspberry-pi."4" = { + audio.enable = true; + fkms-3d.enable = true; + }; }; i18n.defaultLocale = "it_IT.UTF-8"; - programs = { - dconf.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - zsh = { - enable = true; - syntaxHighlighting.enable = true; - }; - }; - networking = { hostName = "freya"; # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; @@ -39,7 +31,15 @@ with lib; { useDHCP = false; }; - time.timeZone = "Europe/Rome"; + programs = { + dconf.enable = true; + gnupg.agent = { enable = true; enableSSHSupport = true; }; + zsh = { enable = true; syntaxHighlighting.enable = true; }; + }; + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; services = { avahi = { @@ -53,131 +53,23 @@ with lib; { userServices = true; workstation = true; }; - extraServiceFiles = { - ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + }; + blueman.enable = true; + dbus.packages = [ pkgs.dconf ]; + gnome.gnome-keyring.enable = true; + openssh = { enable = true; openFirewall = true; }; + xserver = { + enable = true; + desktopManager.retroarch = { + enable = true; + package = pkgs.retroarchFull; }; }; - # bazarr = { enable = true; openFirewall = true; group = "users"; }; - # blueman.enable = true; - dbus.packages = [ pkgs.dconf ]; - # fail2ban = { enable = true; bantime-increment.enable = true; }; - gnome.gnome-keyring.enable = true; - # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; - # jackett = { enable = true; openFirewall = true; group = "users"; }; - # jellyfin = { enable = true; openFirewall = true; group = "users"; }; - # logind.lidSwitch = "ignore"; - # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; - openssh = { - enable = true; - openFirewall = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - # plex = { enable = true; openFirewall = true; group = "users"; }; - # power-profiles-daemon.enable = true; - # radarr = { enable = true; openFirewall = true; group = "users"; }; - # samba-wsdd = { enable = true; discovery = true; }; - # samba = { - # enable = true; - # enableNmbd = true; - # enableWinbindd = true; - # nsswins = true; - # extraConfig = '' - # workgroup = WORKGROUP - # load printers = no - # smb encrypt = required - # ''; - # shares = - # let - # common = { - # "public" = "no"; - # "writeable" = "yes"; - # "create mask" = "0700"; - # "directory mask" = "2700"; - # "browseable" = "yes"; - # "guest ok" = "no"; - # "read only" = "no"; - # "force group" = "users"; - # }; - # in - # { - # bertof = recursiveUpdate common { - # path = "/mnt/raid0/bertof"; - # comment = "Bertof samba share"; - # "force user" = "bertof"; - # "valid users" = "bertof"; - # }; - # tiziano = recursiveUpdate common { - # path = "/mnt/raid0/tiziano"; - # comment = "Tiziano samba share"; - # "force user" = "tiziano"; - # "valid users" = "tiziano"; - # }; - # condiviso = recursiveUpdate common { - # path = "/mnt/raid0/condiviso"; - # comment = "Samba share condiviso"; - # "valid users" = "bertof tiziano"; - # "create mask" = "0770"; - # "directory mask" = "2770"; - # "force create mode" = "0660"; - # "force directory mode" = "2770"; - # }; - # bertof_safe = recursiveUpdate common { - # path = "/mnt/raid1/bertof"; - # comment = "Bertof samba share"; - # "force user" = "bertof"; - # "valid users" = "bertof"; - # }; - # tiziano_safe = recursiveUpdate common { - # path = "/mnt/raid1/tiziano"; - # comment = "Tiziano samba share"; - # "force user" = "tiziano"; - # "valid users" = "tiziano"; - # }; - # condiviso_safe = recursiveUpdate common { - # path = "/mnt/raid1/condiviso"; - # comment = "Samba share condiviso"; - # "valid users" = "bertof tiziano"; - # "create mask" = "0770"; - # "directory mask" = "2770"; - # "force create mode" = "0660"; - # "force directory mode" = "2770"; - # }; - # }; - # }; - # sonarr = { enable = true; openFirewall = true; group = "users"; }; - thermald.enable = true; - # transmission = { - # enable = true; - # openFirewall = true; - # group = "users"; - # settings = { - # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; - # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; - # }; - # }; - # xserver = { - # # enable = true; - # videoDrivers = [ "nvidia" ]; - # # layout = "it"; - # # xkbOptions = "eurosign:e;"; - # # libinput.enable = true; - # }; - - # zoneminder = { - # enable = true; - # openFirewall = true; - # cameras = 3; - # hostname = "0.0.0.0"; - # database = { username = "zoneminder"; createLocally = true; }; - # }; - - # mysql = { - # # enable = true; - # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; - # }; }; + time.timeZone = "Europe/Rome"; + users.users = { bertof = { isNormalUser = true; @@ -194,56 +86,7 @@ with lib; { ]; shell = pkgs.zsh; }; - # tiziano = { - # isNormalUser = true; - # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; - # }; - # jellyfin.extraGroups = [ "video" ]; }; - # services.snapper = { - # configs = - # let - # commonExtraConfig = '' - # ALLOW_USERS="bertof" - # TIMELINE_CREATE=yes - # TIMELINE_CLEANUP=yes - # ''; - # in - # { - # bertof_raid0 = { - # subvolume = "/mnt/raid0/bertof"; - # extraConfig = '' - # ALLOW_USERS="bertof" - # ${commonExtraConfig} - # ''; - # }; - # tiziano_raid0 = { - # subvolume = "/mnt/raid0/tiziano"; - # extraConfig = '' - # ALLOW_USERS="tiziano" - # ${commonExtraConfig} - # ''; - # }; - # condiviso_raid0 = { - # subvolume = "/mnt/raid0/condiviso"; - # extraConfig = '' - # ALLOW_USERS="bertof tiziano" - # ${commonExtraConfig} - # ''; - # }; - # }; - # }; - - security.sudo.extraConfig = '' - Defaults pwfeedback - ''; - - system.autoUpgrade = { - enable = true; - allowReboot = true; - flags = [ "--flake gitlab:bertof/nix-dotfiles" ]; - }; - - system.stateVersion = "22.05"; + system.stateVersion = "22.11"; } diff --git a/freya/hardware-configuration.nix b/freya/hardware-configuration.nix new file mode 100644 index 0000000..909421d --- /dev/null +++ b/freya/hardware-configuration.nix @@ -0,0 +1,30 @@ +{ lib, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + # networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/freya/hm.nix b/freya/hm.nix index 6de1636..0d5a13c 100644 --- a/freya/hm.nix +++ b/freya/hm.nix @@ -1,23 +1,4 @@ { pkgs, ... }: { - nixpkgs.overlays = [ - (_: _: { - devEnvironment = (import ./environment.nix) { - # enableCpp = true; - enableData = true; - # enableGo = true; - # enableHtml = true; - # enableJavascript = true; - # enableJava = true; - # enableLatex = true; - enableNix = true; - # enableOffice = true; - # enablePython = true; - # enableRust = true; - enableShell = true; - # enableSpelling = true; - }; - }) - ]; home = { language.base = "it_IT.UTF-8"; keyboard = { @@ -26,37 +7,20 @@ }; packages = builtins.attrValues { inherit (pkgs) - file htop neofetch nix-prefetch-scripts ripgrep wget xclip yq; + cava gallery-dl procps wireguard-tools httpie; }; }; imports = [ ../hm_modules/__basic.nix - ../hm_modules/configurations.nix - # ../hm_modules/fonts.nix - ../hm_modules/bash.nix - ../hm_modules/bat.nix - ../hm_modules/bottom.nix - ../hm_modules/broot.nix - ../hm_modules/dircolors.nix - ../hm_modules/direnv.nix - ../hm_modules/git.nix - ../hm_modules/gpg.nix + ../hm_modules/cava.nix + ../hm_modules/dunst.nix ../hm_modules/helix.nix - ../hm_modules/info.nix - ../hm_modules/jq.nix - # ../hm_modules/kakoune.nix - ../hm_modules/keychain.nix - # ../hm_modules/kitty.nix + ../hm_modules/kitty.nix ../hm_modules/lf.nix - ../hm_modules/man.nix - ../hm_modules/megasync.nix - ../hm_modules/noti.nix - ../hm_modules/ssh.nix - ../hm_modules/starship.nix - ../hm_modules/tmux.nix - ../hm_modules/zoxide.nix - ../hm_modules/zsh.nix - ../hm_modules/shell_aliases.nix + ../hm_modules/spotifyd.nix + ../hm_modules/xidlehook.nix ]; + + home.stateVersion = "22.11"; } diff --git a/nixos_modules/remote-deploy.nix b/nixos_modules/remote-deploy.nix index 5a02408..9efcfda 100644 --- a/nixos_modules/remote-deploy.nix +++ b/nixos_modules/remote-deploy.nix @@ -1,8 +1,8 @@ -{ +{ lib, ... }: { services.openssh = { enable = true; openFirewall = true; - permitRootLogin = "prohibit-password"; + permitRootLogin = lib.mkDefault "prohibit-password"; passwordAuthentication = false; kbdInteractiveAuthentication = false; }; diff --git a/odin/hm.nix b/odin/hm.nix index b7608b5..024788a 100644 --- a/odin/hm.nix +++ b/odin/hm.nix @@ -16,15 +16,14 @@ # mycrypto # pcmanfm # pulseaudio - retroarchFull # signal-desktop # slack # wineFull arandr authy bitwarden cava discord dmenu droidcam easyeffects evince - gallery-dl krita meld openvpn p7zip pavucontrol pentablet-driver postman - procps pulseaudio shotwell skypeforlinux spotify tdesktop teams - thunderbird transmission-gtk virt-manager virt-viewer wireguard-tools - xournalpp zoom-us gucharmap handbrake httpie inkscape; + gallery-dl gucharmap handbrake httpie inkscape krita meld openvpn p7zip + pavucontrol pentablet-driver postman procps pulseaudio retroarchFull + shotwell skypeforlinux spotify tdesktop teams thunderbird transmission-gtk + virt-manager virt-viewer wireguard-tools xournalpp zoom-us; inherit (pkgs.gnome) # geary # gnome-boxes diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c8f07fd..ddee0af 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,7 +17,9 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw"; loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb"; - systems = [ odin thor baldur loki ]; + freya = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBclEOy4xs9yBp4RgfTf1FPeqTdERM6d6nDhnMQ3WVGI"; + systems = [ odin thor baldur loki freya ]; in { # "oauth_proxy_client_credentials.age".publicKeys = users ++ systems; diff --git a/secrets/spotify_password.age b/secrets/spotify_password.age index 2c78e47..fb7a5c7 100644 --- a/secrets/spotify_password.age +++ b/secrets/spotify_password.age @@ -1,21 +1,24 @@ age-encryption.org/v1 --> ssh-ed25519 13iwjQ 9aoog/kXoUjWDvBc9PWsuiDqosDZZ2V9O2K5ZS5R/HM -68DRiAN5GaU5SowcxkzJTQ3llZHDHiVYEj9AkNYvnTc --> ssh-ed25519 7MB20A GDfksSg6a17FEPYshKpnw23KRx4cHZFn/9CSzBGxrn0 -ICWw//xtkwcjHuHoLTXTzpDa1du8J6bG2QacjTV6fs4 --> ssh-ed25519 ieE3Vw EJkUKGOgjA8a3D5umr3I7VpOtjVix903hbF6o2TfKmg -ISY9RdtzRoX554WxIM2uW7iBG2LzuecnazlgY5dFoio --> ssh-ed25519 lC44xg PzOCoNzINU9MUeUNo47oPofF1XclvMXE+vz0ELjGiiI -KymnQOnLvJm1X0KabTFiKRiHo+x9olhLYUeDuoCMRzE --> ssh-ed25519 IvyYug CEqfcL5R0kkC2x2s6kb9lePx9Kt3j+pazymbsmeijGI -Nsw3/j4KT/8ZHDthSLljqEBJvvfQ1AaSw0uIZMq33Yc --> ssh-ed25519 v7O/FA BWzFBCTXSURu97zS41saKbK6sNLXxCzD2CiGX4VhgBQ -F9IhjUqkfpg6kOo6WLtzxyRJ1c9A3uSF3jHxFmH9WB8 --> ssh-ed25519 Wzv8ew IjPoGA720sr+Ke9Klt9tOWl9YYJJZ6E+zJF89Meztzs -A85Kgs6R91eH/MZ64D8tFUpDPMrAWzFp8fkZk1nbMgw --> ssh-ed25519 XgC3XA 3qyHI8WIto41UStTx2nUR8YP7rCd7Ax61Xc+zx4FPSo -MJBvA4fEuKtjsB7EIxdVuVEXaW0t3IEgZzirKAwrOEI --> np;-grease 1)BDO$X) -/+zl7WOsIa1rwc+B6gKI4nkqwV6vcA ---- qhruLmvOui+PeIZb1vGFu+ZxUkeJn/RwvaGhZicxj5s -:$pFD w#\Yew }}|`/\wsPa7cW \ No newline at end of file +-> ssh-ed25519 13iwjQ /Rmmvw0p6DZ7aGnMemqE4o/T5egJ2nRr6Ea7RABaoX0 +H/jX5rPg2RG6vFdR4pc7Z+slx2kFF4cPzW/LI46LkAU +-> ssh-ed25519 7MB20A XcQg1psOjZXueouNw8sg3WRVLIm5rnAZY8DdsOoXlQg +e9cjUymnPxbKEF98RWK6JjzI/y4qWIhWEk4keIG2UgQ +-> ssh-ed25519 ieE3Vw Pvvi73SMREG9baVcT68OL9/DYdMYiNWRPBYfzK/ltlQ +YzxiQX2lHmnNH79c7AABg/3Gz02Zc+BXzg2PMcYTdYA +-> ssh-ed25519 lC44xg 17PRg8lmBxejX2B6enYCFbp8nVArOzfpsKdmpemZUXI +bNboF5jbhxJvM+kIOghcJygvNDvJEMMcMdPYonSB31A +-> ssh-ed25519 IvyYug KZ0FT8OYhCEUlKO13YpwRXYcKAQKlR2Nqh2GnEUHMRI +teURFNlCUoQGFvZnYD+Gj+xwLjJA6CzMl5FB58bMxHs +-> ssh-ed25519 v7O/FA uJwWy77gKJvbS1gpd8GvVcyjvfCPgtBEXOR2KH5pZHc +chawOJvYoJUg7U4k8U33i7fgoDCWP42s22C9RsoOw30 +-> ssh-ed25519 Wzv8ew Jptd53uF7c0qIyGIq+m5Pn1gV3jajTdglkVwBvFR2GQ +/UgadCGML7iuJSSPqRoef9AhV10oKCBSJM+/lz4eHes +-> ssh-ed25519 XgC3XA k94WW5viGatt5zKkeXEbQYep8GOiNS1oRj/k1spkdjo +OJVFSqYfiy8JvC/JxKyDl2idF7CBCUUmtCHHiru3vNE +-> ssh-ed25519 l795CA mKZKQvx4rGJMbTBse7O05VofBZpYESCQKT6AhzTT9Ec +xLNtv4RGq88UTMXB1+HhYAKfoDJhSQA6VACcyle+sEg +-> }15U*uy@-grease <7zx}O +IPc7fEI8wgTJgmjMZebEM8GEE7wzdMRQ61FLog/fKRsxqeoIoykiKJnEAGKxgQkE +A3vAHJyb7gasd3I +--- BSHDp5Toqplk2opWHZE8HYoepxgCze2O8D3YUu9DU04 +`iC"$HNq6gNl#5 \ No newline at end of file