bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Basic freya config

Browse source
This commit is contained in:
Filippo Berto 2022-08-29 18:11:55 +02:00
parent 70d0060df5
commit e4e09e1bf9
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
6 changed files with 380 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

47
flake.nix
View file

@ -124,23 +124,22 @@
(homeManagerModules { bertof = import ./loki/hm.nix; }) ++
extraModules;
};
in
{
nixosConfigurations = rec {
thor = thorBuilder { };
odin = odin-intel;
odin-intel = odinIntelBuilder { };
odin-nvidia = odinNvidiaBuilder { };
loki = lokiBuilder { };
# loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ];
# loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
# loki-unstable = lokiUnstable [ ];
freyaBaseModules = [
# ./freya/hardware-configuration.nix
nixos-hardware.nixosModules.raspberry-pi."4"
./freya/configuration.nix
];
freyaBuilder = { extraModules ? [ ] }: nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules =
[{ nixpkgs = nixpkgsSettings { inherit system; }; }] ++
commonBaseModules ++ freyaBaseModules ++
(homeManagerModules { bertof = import ./freya/hm.nix; }) ++
extraModules;
};
} // (flake-utils.lib.eachDefaultSystem (system: rec {
in
(flake-utils.lib.eachDefaultSystem (system: rec {
packages = pkgs-u { inherit system; };
checks = {
@ -155,5 +154,21 @@
${self.checks.${system}.pre-commit-check.shellHook}
'';
};
}));
})) // {
nixosConfigurations = rec {
thor = thorBuilder { };
odin = odin-intel;
odin-intel = odinIntelBuilder { };
odin-nvidia = odinNvidiaBuilder { };
loki = lokiBuilder { };
# loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ];
# loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
# loki-unstable = lokiUnstable [ ];
freya = freyaBuilder { };
};
};
}

277
freya/configuration.nix Normal file
View file

@ -0,0 +1,277 @@
{ pkgs, lib, ... }:
with lib;
{
boot = {
binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
kernelPackages = pkgs.linuxPackages_5_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = with pkgs; [ kakoune tmux vim ];
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh = { enable = true; syntaxHighlighting.enable = true; };
};
networking = {
hostName = "freya";
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
networkmanager.enable = true;
useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
# bazarr = { enable = true; openFirewall = true; group = "users"; };
# blueman.enable = true;
dbus.packages = with pkgs; [ dconf ];
# fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
# jackett = { enable = true; openFirewall = true; group = "users"; };
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
# logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
# plex = { enable = true; openFirewall = true; group = "users"; };
# power-profiles-daemon.enable = true;
# radarr = { enable = true; openFirewall = true; group = "users"; };
# samba-wsdd = { enable = true; discovery = true; };
# samba = {
# enable = true;
# enableNmbd = true;
# enableWinbindd = true;
# nsswins = true;
# extraConfig = ''
# workgroup = WORKGROUP
# load printers = no
# smb encrypt = required
# '';
# shares =
# let
# common = {
# "public" = "no";
# "writeable" = "yes";
# "create mask" = "0700";
# "directory mask" = "2700";
# "browseable" = "yes";
# "guest ok" = "no";
# "read only" = "no";
# "force group" = "users";
# };
# in
# {
# bertof = recursiveUpdate common {
# path = "/mnt/raid0/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano = recursiveUpdate common {
# path = "/mnt/raid0/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso = recursiveUpdate common {
# path = "/mnt/raid0/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# bertof_safe = recursiveUpdate common {
# path = "/mnt/raid1/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano_safe = recursiveUpdate common {
# path = "/mnt/raid1/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso_safe = recursiveUpdate common {
# path = "/mnt/raid1/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# };
# };
smartd = { enable = true; notifications.x11.enable = true; };
# sonarr = { enable = true; openFirewall = true; group = "users"; };
thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
# xserver = {
# # enable = true;
# videoDrivers = [ "nvidia" ];
# # layout = "it";
# # xkbOptions = "eurosign:e;";
# # libinput.enable = true;
# };
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = { username = "zoneminder"; createLocally = true; };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
# };
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
shell = pkgs.zsh;
};
# tiziano = {
# isNormalUser = true;
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
# };
# jellyfin.extraGroups = [ "video" ];
};
# services.snapper = {
# configs =
# let
# commonExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# in
# {
# bertof_raid0 = {
# subvolume = "/mnt/raid0/bertof";
# extraConfig = ''
# ALLOW_USERS="bertof"
# ${commonExtraConfig}
# '';
# };
# tiziano_raid0 = {
# subvolume = "/mnt/raid0/tiziano";
# extraConfig = ''
# ALLOW_USERS="tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# };
# };
# systemd.packages = with pkgs; [ syncthing ];
# systemd.services =
# let
# common = {
# documentation = [ "man:syncthing(1)" ];
# startLimitIntervalSec = 60;
# startLimitBurst = 4;
# after = [ "network.target" ];
# environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 1;
# SuccessExitStatus = "3 4";
# RestartForceExitStatus = "3 4";
# Group = config.ids.gids.users;
# MemoryDenyWriteExecute = true;
# NoNewPrivileges = true;
# PrivateDevices = true;
# PrivateMounts = true;
# PrivateTmp = true;
# PrivateUsers = true;
# ProtectControlGroups = true;
# ProtectHostname = true;
# ProtectKernelModules = true;
# ProtectKernelTunables = true;
# RestrictNamespaces = true;
# RestrictRealtime = true;
# RestrictSUIDSGID = true;
# CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
# };
# };
# in
# {
# syncthing-bertof = recursiveUpdate common {
# description = "Syncthing service bertof";
# serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
# };
# syncthing-tiziano = recursiveUpdate common {
# description = "Syncthing service tiziano";
# serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
# };
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
system.autoUpgrade = {
enable = true;
allowReboot = true;
flags = [ "--flake gitlab:bertof/nix-dotfiles" ];
};
system.stateVersion = "22.05";
}

69
freya/hm.nix Normal file
View file

@ -0,0 +1,69 @@
{ pkgs, ... }:
{
nixpkgs.overlays = [
(_: _: {
devEnvironment = (import ./environment.nix) {
# enableCpp = true;
enableData = true;
# enableGo = true;
# enableHtml = true;
# enableJavascript = true;
# enableJava = true;
# enableLatex = true;
enableNix = true;
# enableOffice = true;
# enablePython = true;
# enableRust = true;
enableShell = true;
# enableSpelling = true;
};
})
];
home = {
language.base = "it_IT.UTF-8";
keyboard = {
layout = "it";
options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ];
};
packages = with pkgs; [
file
htop
neofetch
nix-prefetch-scripts
ripgrep
wget
xclip
yq
];
};
imports = [
../hm_modules/__basic.nix
../hm_modules/configurations.nix
../hm_modules/fonts.nix
../hm_modules/bash.nix
../hm_modules/bat.nix
../hm_modules/bottom.nix
../hm_modules/broot.nix
../hm_modules/dircolors.nix
../hm_modules/direnv.nix
../hm_modules/git.nix
../hm_modules/gpg.nix
../hm_modules/helix.nix
../hm_modules/info.nix
../hm_modules/jq.nix
# ../hm_modules/kakoune.nix
../hm_modules/keychain.nix
../hm_modules/kitty.nix
../hm_modules/lf.nix
../hm_modules/man.nix
../hm_modules/megasync.nix
../hm_modules/noti.nix
../hm_modules/ssh.nix
../hm_modules/starship.nix
../hm_modules/tmux.nix
../hm_modules/zoxide.nix
../hm_modules/zsh.nix
../hm_modules/shell_aliases.nix
];
}

2
loki/hm.nix
View file

@ -52,7 +52,7 @@
../hm_modules/helix.nix
../hm_modules/info.nix
../hm_modules/jq.nix
../hm_modules/kakoune.nix
# ../hm_modules/kakoune.nix
../hm_modules/keychain.nix
../hm_modules/kitty.nix
../hm_modules/lf.nix

2
odin/hm.nix
View file

@ -134,7 +134,7 @@
../hm_modules/gtk_theme.nix
../hm_modules/helix.nix
# ../hm_modules/joystickwake.nix
../hm_modules/kakoune.nix
# ../hm_modules/kakoune.nix
# ../hm_modules/keepassxc.nix
../hm_modules/kitty.nix
../hm_modules/libinput-gestures.nix

2
thor/hm.nix
View file

@ -104,7 +104,7 @@
../hm_modules/gtk_theme.nix
../hm_modules/helix.nix
../hm_modules/joystickwake.nix
../hm_modules/kakoune.nix
# ../hm_modules/kakoune.nix
# ../hm_modules/keepassxc.nix
../hm_modules/kitty.nix
../hm_modules/mangohud.nix