bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update loki configuration

Browse source
This commit is contained in:
Filippo Berto 2022-12-26 21:54:26 +01:00
parent 091fc65b2f
commit 55c1ffee33
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
9 changed files with 131 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

123
loki/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ pkgs, lib, ... }:
with lib; {
boot = {
binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
@ -140,13 +140,13 @@ with lib; {
in
{
bertof = recursiveUpdate common {
path = "/mnt/raid0/bertof";
path = "/home/bertof/";
comment = "Bertof samba share";
"force user" = "bertof";
"valid users" = "bertof";
};
tiziano = recursiveUpdate common {
path = "/mnt/raid0/tiziano";
path = "/home/tiziano/";
comment = "Tiziano samba share";
"force user" = "tiziano";
"valid users" = "tiziano";
@ -160,27 +160,6 @@ with lib; {
"force create mode" = "0660";
"force directory mode" = "2770";
};
bertof_safe = recursiveUpdate common {
path = "/mnt/raid1/bertof";
comment = "Bertof samba share";
"force user" = "bertof";
"valid users" = "bertof";
};
tiziano_safe = recursiveUpdate common {
path = "/mnt/raid1/tiziano";
comment = "Tiziano samba share";
"force user" = "tiziano";
"valid users" = "tiziano";
};
condiviso_safe = recursiveUpdate common {
path = "/mnt/raid1/condiviso";
comment = "Samba share condiviso";
"valid users" = "bertof tiziano";
"create mask" = "0770";
"directory mask" = "2770";
"force create mode" = "0660";
"force directory mode" = "2770";
};
};
};
smartd = {
@ -248,9 +227,15 @@ with lib; {
};
tiziano = {
isNormalUser = true;
extraGroups = [
"audio"
"input"
"video"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k"
];
shell = pkgs.zsh;
};
jellyfin.extraGroups = [ "video" ];
};
@ -259,21 +244,34 @@ with lib; {
configs =
let
commonExtraConfig = ''
ALLOW_USERS="bertof"
TIMELINE_CREATE=yes
TIMELINE_CLEANUP=yes
'';
in
{
bertof_raid0 = {
subvolume = "/mnt/raid0/bertof";
subvolume = "/home/bertof/raid0";
extraConfig = ''
ALLOW_USERS="bertof"
${commonExtraConfig}
'';
};
tiziano_raid0 = {
subvolume = "/mnt/raid0/tiziano";
subvolume = "/home/tiziano/raid0";
extraConfig = ''
ALLOW_USERS="tiziano"
${commonExtraConfig}
'';
};
bertof_raid1 = {
subvolume = "/home/bertof/raid1";
extraConfig = ''
ALLOW_USERS="bertof"
${commonExtraConfig}
'';
};
tiziano_raid1 = {
subvolume = "/home/tiziano/raid1";
extraConfig = ''
ALLOW_USERS="tiziano"
${commonExtraConfig}
@ -286,73 +284,16 @@ with lib; {
${commonExtraConfig}
'';
};
condiviso_raid1 = {
subvolume = "/mnt/raid1/condiviso";
extraConfig = ''
ALLOW_USERS="bertof tiziano"
${commonExtraConfig}
'';
};
};
};
systemd.packages = with pkgs; [ syncthing ];
systemd.services =
let
common = {
documentation = [ "man:syncthing(1)" ];
startLimitIntervalSec = 60;
startLimitBurst = 4;
after = [ "network.target" ];
environment = {
STNORESTART = "yes";
STNOUPGRADE = "yes";
};
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 1;
SuccessExitStatus = "3 4";
RestartForceExitStatus = "3 4";
Group = config.ids.gids.users;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = [
"~CAP_SYS_PTRACE"
"~CAP_SYS_ADMIN"
"~CAP_SETGID"
"~CAP_SETUID"
"~CAP_SETPCAP"
"~CAP_SYS_TIME"
"~CAP_KILL"
];
};
};
in
{
syncthing-bertof = recursiveUpdate common {
description = "Syncthing service bertof";
serviceConfig = {
User = "bertof";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config";
};
};
syncthing-tiziano = recursiveUpdate common {
description = "Syncthing service tiziano";
serviceConfig = {
User = "tiziano";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config";
};
};
};
networking.firewall = {
enable = true;
allowPing = true;

90
loki/hardware-configuration.nix
View file

@ -1,10 +1,9 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
@ -29,27 +28,10 @@
fsType = "vfat";
};
fileSystems."/mnt/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
};
fileSystems."/var/lib/docker/btrfs" = {
device = "/var/lib/docker/btrfs";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/mnt/raid0/bertof" = {
fileSystems."/var/lib/zoneminder/events" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@bertof" ];
};
fileSystems."/mnt/raid0/tiziano" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@tiziano" ];
options = [ "subvol=@zoneminder" ];
};
fileSystems."/mnt/raid0/condiviso" = {
@ -58,10 +40,58 @@
options = [ "subvol=@condiviso" ];
};
fileSystems."/var/lib/zoneminder/events" = {
fileSystems."/mnt/raid1/condiviso" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/home/bertof/raid0" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@zoneminder" ];
options = [ "subvol=@bertof" ];
};
fileSystems."/home/bertof/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
options = [ "subvol=@bertof" ];
};
fileSystems."/home/tiziano/raid0" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@tiziano" ];
};
fileSystems."/home/tiziano/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
options = [ "subvol=@tiziano" ];
};
fileSystems."/home/tiziano/Condiviso/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/home/tiziano/Condiviso/raid0" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/home/bertof/Condiviso/raid0" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/home/bertof/Condiviso/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
swapDevices = [ ];
@ -70,12 +100,12 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault false;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
networking.interfaces.eno1.useDHCP = lib.mkDefault true;
networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

54
loki/hm.nix
View file

@ -1,44 +1,16 @@
{ pkgs, ... }: {
nixpkgs.overlays = [
(_: _: {
devEnvironment = (import ./environment.nix) {
# enableCpp = true;
enableData = true;
# enableGo = true;
# enableHtml = true;
# enableJavascript = true;
# enableJava = true;
# enableLatex = true;
enableNix = true;
# enableOffice = true;
# enablePython = true;
# enableRust = true;
enableShell = true;
# enableSpelling = true;
};
})
];
{
home = {
language.base = "it_IT.UTF-8";
keyboard = {
layout = "it";
options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ];
};
packages = with pkgs; [
file
htop
neofetch
ripgrep
wget
xclip
yq
];
};
imports = [
../hm_modules/__basic.nix
# ../hm_modules/development/cpp.nix
../hm_modules/development/data.nix
# ../hm_modules/development/data.nix
# ../hm_modules/development/go.nix
# ../hm_modules/development/javascript.nix
# ../hm_modules/development/latex.nix
@ -46,30 +18,12 @@
# ../hm_modules/development/python.nix
# ../hm_modules/development/rust.nix
../hm_modules/fonts.nix
../hm_modules/bash.nix
../hm_modules/bat.nix
../hm_modules/bottom.nix
../hm_modules/broot.nix
../hm_modules/dircolors.nix
../hm_modules/direnv.nix
../hm_modules/git.nix
../hm_modules/gpg.nix
../hm_modules/helix.nix
../hm_modules/info.nix
../hm_modules/jq.nix
# ../hm_modules/kakoune.nix
../hm_modules/keychain.nix
../hm_modules/kakoune.nix
../hm_modules/kitty.nix
../hm_modules/lf.nix
../hm_modules/man.nix
../hm_modules/megasync.nix
../hm_modules/noti.nix
../hm_modules/ssh.nix
../hm_modules/starship.nix
../hm_modules/tmux.nix
../hm_modules/zoxide.nix
../hm_modules/zsh.nix
../hm_modules/syncthing.nix
../hm_modules/shell_aliases.nix
];

22
loki/hm_tiziano.nix Normal file
View file

@ -0,0 +1,22 @@
{
home = {
language.base = "it_IT.UTF-8";
keyboard = {
layout = "it";
options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ];
};
};
imports = [
../hm_modules/__basic.nix
../hm_modules/helix.nix
../hm_modules/kakoune.nix
../hm_modules/kitty.nix
../hm_modules/lf.nix
../hm_modules/syncthing_tiziano.nix
../hm_modules/shell_aliases.nix
];
home.stateVersion = "21.11";
}