bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial flake for loki

Browse source
This commit is contained in:
Filippo Berto 2022-05-20 14:55:33 +02:00
parent 02cb462b5a
commit 9e4ef04bec
6 changed files with 369 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1 +1 @@
result

21
flake.nix
View file

@ -86,6 +86,14 @@
./thor/configuration.nix ./thor/configuration.nix
]; ];
lokiBaseModules = [
{ nixpkgs = nixpkgsSettings; }
./loki/hardware-configuration.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
./loki/configuration.nix
];
# odinStable = extraModules: nixpkgs.lib.nixosSystem { # odinStable = extraModules: nixpkgs.lib.nixosSystem {
# inherit system; # inherit system;
# modules = odinBaseModules ++ [ # modules = odinBaseModules ++ [
@ -122,6 +130,15 @@
] ++ extraModules; ] ++ extraModules;
}; };
lokiUnstable = extraModules: unstable.lib.nixosSystem {
inherit system;
modules = lokiBaseModules ++ [
home-manager-unstable.nixosModules.home-manager
homeManagerSettings
{ home-manager.users.bertof = import ./home_manager/loki.nix; }
] ++ extraModules;
};
in in
{ {
packages.${system} = unstablePkgs; packages.${system} = unstablePkgs;
@ -140,6 +157,10 @@
odin-nvidia-unstable = odinUnstable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ]; odin-nvidia-unstable = odinUnstable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ];
# odin-intel-stable = odinStable [ ./odin/configuration-intel.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix]; # odin-intel-stable = odinStable [ ./odin/configuration-intel.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix];
# odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix]; # odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix];
loki = loki-unstable;
loki-unstable = lokiUnstable [];
}; };
}; };
} }

0
loki.nix → home_manager/loki.nix
View file

306
loki/configuration.nix Normal file
View file

@ -0,0 +1,306 @@
{ config, pkgs, lib, ... }:
{
boot = {
binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
kernelPackages = pkgs.linuxPackages_5_17;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = with pkgs; [ kakoune tmux vim ];
};
hardware = {
nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
nvidia.prime = {
offload.enable = false;
sync.enable = true;
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
opengl = {
enable = true;
extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau ];
};
bluetooth.enable = true;
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh = { enable = true; syntaxHighlighting.enable = true; };
};
networking = {
hostName = "loki";
interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
networkmanager.enable = true;
useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
bazarr = { enable = true; openFirewall = true; group = "users"; };
blueman.enable = true;
dbus.packages = with pkgs; [ dconf ];
fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
gvfs = { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; };
jackett = { enable = true; openFirewall = true; group = "users"; };
logind.lidSwitch = "ignore";
node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
plex = { enable = true; openFirewall = true; group = "users"; };
power-profiles-daemon.enable = true;
radarr = { enable = true; openFirewall = true; group = "users"; };
samba-wsdd = { enable = true; discovery = true; };
samba = {
enable = true;
enableNmbd = true;
enableWinbindd = true;
nsswins = true;
extraConfig = ''
workgroup = WORKGROUP
load printers = no
smb encrypt = required
'';
shares = let common = {
"public" = "no";
"writeable" = "yes";
"create mask" = "0700";
"directory mask" = "2700";
"browseable" = "yes";
"guest ok" = "no";
"read only" = "no";
"force group" = "users";
}; in
{
bertof = common // {
path = "/mnt/raid/bertof";
comment = "Bertof samba share";
"force user" = "bertof";
"valid users" = "bertof";
};
tiziano = common // {
path = "/mnt/raid/tiziano";
comment = "Tiziano samba share";
"force user" = "tiziano";
"valid users" = "tiziano";
};
condiviso = common // {
path = "/mnt/raid/condiviso";
comment = "Samba share condiviso";
"valid users" = "bertof tiziano";
"create mask" = "0770";
"directory mask" = "2770";
"force create mode" = "0660";
"force directory mode" = "2770";
};
bertof_safe = common // {
path = "/mnt/raid1/bertof";
comment = "Bertof samba share";
"force user" = "bertof";
"valid users" = "bertof";
};
tiziano_safe = common // {
path = "/mnt/raid1/tiziano";
comment = "Tiziano samba share";
"force user" = "tiziano";
"valid users" = "tiziano";
};
condiviso_safe = common // {
path = "/mnt/raid1/condiviso";
comment = "Samba share condiviso";
"valid users" = "bertof tiziano";
"create mask" = "0770";
"directory mask" = "2770";
"force create mode" = "0660";
"force directory mode" = "2770";
};
};
};
smartd = { enable = true; notifications.x11.enable = true; };
sonarr = { enable = true; openFirewall = true; group = "users"; };
thermald.enable = true;
transmission = {
enable = true;
openFirewall = true;
group = "users";
settings = {
download-dir = "/mnt/raid/condiviso/Scaricati/Torrent";
incomplete-dir = "/mnt/raid/condiviso/Scaricati/Torrent/.incomplete";
};
};
xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
layout = "it";
xkbOptions = "eurosign:e;";
libinput.enable = true;
};
zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "usb" "video" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
shell = pkgs.zsh;
};
tiziano = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
};
};
# services.snapper = {
# configs =
# let
# bertofExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# common = { extraConfig = bertofExtraConfig; };
# in
# {
# bertof_home = common // { subvolume = "/home/bertof"; };
# };
# };
systemd.packages = with pkgs; [ syncthing ];
systemd.services = let common = {
after = [ "network.target" ];
environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
SuccessExitStatus = "2 3 4";
RestartForceExitStatus = "3 4";
Group = config.ids.gids.users;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
};
}; in
{
syncthing-bertof = common // {
description = "Syncthing service bertof";
serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid/bertof/Syncthing/.config"; };
};
syncthing-tiziano = common // {
description = "Syncthing service tiziano";
serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid/tiziano/Syncthing/.config"; };
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
445 # SAMBA
139 # SAMBA
5357 # SAMBA-WSDD
8123 # HOME ASSISTANT
8384 # SYNCTHING
8385 # SYNCTHING
];
allowedUDPPorts = [
137 # SYNCTHING
138 # SYNCTHING
3702 # SAMBA-WSDD
];
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
};
virtualisation = {
docker.enable = true;
kvmgt.enable = true;
libvirtd.enable = true;
podman.enable = true;
virtualbox.host.enable = true;
oci-containers.containers = {
hass = {
image = "ghcr.io/home-assistant/home-assistant:stable";
environment = {
TZ = "Europe/Rome";
};
extraOptions = [ "--privileged" "--network=host" "--pull=always" ];
ports = [ "8123:8123" ];
volumes = [
"/var/lib/hass:/config"
"/mnt/raid/condiviso:/media"
];
};
};
};
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.nixFlakes;
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes)
"experimental-features = nix-command flakes";
gc.automatic = true;
};
system.autoUpgrade = {
enable = true;
allowReboot = true;
flags = [
"-I"
"nixos-config=/home/bertof/.config/nixpkgs/nixos/loki.nix"
"--upgrade"
];
};
system.stateVersion = "21.11";
}

38
loki/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "uas" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eb51e914-c9ab-400d-bd2a-004a3b788caa";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8A71-E5EB";
fsType = "vfat";
};
fileSystems."/mnt/raid" = {
device = "/dev/sdc";
fsType = "btrfs";
};
fileSystems."/mnt/raid1" = {
device = "/dev/sde1";
fsType = "btrfs";
};
swapDevices = [ ];
}

14
thor/configuration.nix
View file

@ -46,17 +46,9 @@
programs = { programs = {
dconf.enable = true; dconf.enable = true;
flashrom.enable = true; flashrom.enable = true;
gnupg.agent = { gnupg.agent = { enable = true; enableSSHSupport = true; };
enable = true; steam = { enable = true; };
enableSSHSupport = true; zsh = { enable = true; syntaxHighlighting.enable = true; };
};
steam = {
enable = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
}; };
networking = { networking = {