diff --git a/flake.nix b/flake.nix index b67723f..aeb99bf 100644 --- a/flake.nix +++ b/flake.nix @@ -124,23 +124,22 @@ (homeManagerModules { bertof = import ./loki/hm.nix; }) ++ extraModules; }; - in - { - nixosConfigurations = rec { - - thor = thorBuilder { }; - - odin = odin-intel; - odin-intel = odinIntelBuilder { }; - odin-nvidia = odinNvidiaBuilder { }; - - loki = lokiBuilder { }; - # loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ]; - # loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ]; - # loki-unstable = lokiUnstable [ ]; + freyaBaseModules = [ + # ./freya/hardware-configuration.nix + nixos-hardware.nixosModules.raspberry-pi."4" + ./freya/configuration.nix + ]; + freyaBuilder = { extraModules ? [ ] }: nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = + [{ nixpkgs = nixpkgsSettings { inherit system; }; }] ++ + commonBaseModules ++ freyaBaseModules ++ + (homeManagerModules { bertof = import ./freya/hm.nix; }) ++ + extraModules; }; - } // (flake-utils.lib.eachDefaultSystem (system: rec { + in + (flake-utils.lib.eachDefaultSystem (system: rec { packages = pkgs-u { inherit system; }; checks = { @@ -155,5 +154,21 @@ ${self.checks.${system}.pre-commit-check.shellHook} ''; }; - })); + })) // { + nixosConfigurations = rec { + + thor = thorBuilder { }; + + odin = odin-intel; + odin-intel = odinIntelBuilder { }; + odin-nvidia = odinNvidiaBuilder { }; + + loki = lokiBuilder { }; + # loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ]; + # loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ]; + # loki-unstable = lokiUnstable [ ]; + + freya = freyaBuilder { }; + }; + }; } diff --git a/freya/configuration.nix b/freya/configuration.nix new file mode 100644 index 0000000..a2b6286 --- /dev/null +++ b/freya/configuration.nix @@ -0,0 +1,277 @@ +{ pkgs, lib, ... }: +with lib; +{ + boot = { + binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; + kernelPackages = pkgs.linuxPackages_5_18; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + console = { + font = "Lat2-Terminus16"; + keyMap = "it"; + }; + + environment = { + pathsToLink = [ "/share/zsh" ]; + systemPackages = with pkgs; [ kakoune tmux vim ]; + }; + + i18n.defaultLocale = "it_IT.UTF-8"; + + programs = { + dconf.enable = true; + gnupg.agent = { enable = true; enableSSHSupport = true; }; + zsh = { enable = true; syntaxHighlighting.enable = true; }; + }; + + networking = { + hostName = "freya"; + # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; + networkmanager.enable = true; + useDHCP = false; + }; + + time.timeZone = "Europe/Rome"; + + services = { + avahi = { + enable = true; + openFirewall = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + }; + }; + # bazarr = { enable = true; openFirewall = true; group = "users"; }; + # blueman.enable = true; + dbus.packages = with pkgs; [ dconf ]; + # fail2ban = { enable = true; bantime-increment.enable = true; }; + gnome.gnome-keyring.enable = true; + # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; + # jackett = { enable = true; openFirewall = true; group = "users"; }; + # jellyfin = { enable = true; openFirewall = true; group = "users"; }; + # logind.lidSwitch = "ignore"; + # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; + openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; }; + # plex = { enable = true; openFirewall = true; group = "users"; }; + # power-profiles-daemon.enable = true; + # radarr = { enable = true; openFirewall = true; group = "users"; }; + # samba-wsdd = { enable = true; discovery = true; }; + # samba = { + # enable = true; + # enableNmbd = true; + # enableWinbindd = true; + # nsswins = true; + # extraConfig = '' + # workgroup = WORKGROUP + # load printers = no + # smb encrypt = required + # ''; + # shares = + # let + # common = { + # "public" = "no"; + # "writeable" = "yes"; + # "create mask" = "0700"; + # "directory mask" = "2700"; + # "browseable" = "yes"; + # "guest ok" = "no"; + # "read only" = "no"; + # "force group" = "users"; + # }; + # in + # { + # bertof = recursiveUpdate common { + # path = "/mnt/raid0/bertof"; + # comment = "Bertof samba share"; + # "force user" = "bertof"; + # "valid users" = "bertof"; + # }; + # tiziano = recursiveUpdate common { + # path = "/mnt/raid0/tiziano"; + # comment = "Tiziano samba share"; + # "force user" = "tiziano"; + # "valid users" = "tiziano"; + # }; + # condiviso = recursiveUpdate common { + # path = "/mnt/raid0/condiviso"; + # comment = "Samba share condiviso"; + # "valid users" = "bertof tiziano"; + # "create mask" = "0770"; + # "directory mask" = "2770"; + # "force create mode" = "0660"; + # "force directory mode" = "2770"; + # }; + # bertof_safe = recursiveUpdate common { + # path = "/mnt/raid1/bertof"; + # comment = "Bertof samba share"; + # "force user" = "bertof"; + # "valid users" = "bertof"; + # }; + # tiziano_safe = recursiveUpdate common { + # path = "/mnt/raid1/tiziano"; + # comment = "Tiziano samba share"; + # "force user" = "tiziano"; + # "valid users" = "tiziano"; + # }; + # condiviso_safe = recursiveUpdate common { + # path = "/mnt/raid1/condiviso"; + # comment = "Samba share condiviso"; + # "valid users" = "bertof tiziano"; + # "create mask" = "0770"; + # "directory mask" = "2770"; + # "force create mode" = "0660"; + # "force directory mode" = "2770"; + # }; + # }; + # }; + smartd = { enable = true; notifications.x11.enable = true; }; + # sonarr = { enable = true; openFirewall = true; group = "users"; }; + thermald.enable = true; + # transmission = { + # enable = true; + # openFirewall = true; + # group = "users"; + # settings = { + # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; + # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; + # }; + # }; + # xserver = { + # # enable = true; + # videoDrivers = [ "nvidia" ]; + # # layout = "it"; + # # xkbOptions = "eurosign:e;"; + # # libinput.enable = true; + # }; + + # zoneminder = { + # enable = true; + # openFirewall = true; + # cameras = 3; + # hostname = "0.0.0.0"; + # database = { username = "zoneminder"; createLocally = true; }; + # }; + + # mysql = { + # # enable = true; + # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; + # }; + }; + + users.users = { + bertof = { + isNormalUser = true; + extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ]; + shell = pkgs.zsh; + }; + # tiziano = { + # isNormalUser = true; + # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; + # }; + # jellyfin.extraGroups = [ "video" ]; + }; + + # services.snapper = { + # configs = + # let + # commonExtraConfig = '' + # ALLOW_USERS="bertof" + # TIMELINE_CREATE=yes + # TIMELINE_CLEANUP=yes + # ''; + # in + # { + # bertof_raid0 = { + # subvolume = "/mnt/raid0/bertof"; + # extraConfig = '' + # ALLOW_USERS="bertof" + # ${commonExtraConfig} + # ''; + # }; + # tiziano_raid0 = { + # subvolume = "/mnt/raid0/tiziano"; + # extraConfig = '' + # ALLOW_USERS="tiziano" + # ${commonExtraConfig} + # ''; + # }; + # condiviso_raid0 = { + # subvolume = "/mnt/raid0/condiviso"; + # extraConfig = '' + # ALLOW_USERS="bertof tiziano" + # ${commonExtraConfig} + # ''; + # }; + # }; + # }; + + # systemd.packages = with pkgs; [ syncthing ]; + # systemd.services = + # let + # common = { + # documentation = [ "man:syncthing(1)" ]; + # startLimitIntervalSec = 60; + # startLimitBurst = 4; + # after = [ "network.target" ]; + # environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; }; + # wantedBy = [ "default.target" ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 1; + # SuccessExitStatus = "3 4"; + # RestartForceExitStatus = "3 4"; + + # Group = config.ids.gids.users; + # MemoryDenyWriteExecute = true; + # NoNewPrivileges = true; + # PrivateDevices = true; + # PrivateMounts = true; + # PrivateTmp = true; + # PrivateUsers = true; + # ProtectControlGroups = true; + # ProtectHostname = true; + # ProtectKernelModules = true; + # ProtectKernelTunables = true; + # RestrictNamespaces = true; + # RestrictRealtime = true; + # RestrictSUIDSGID = true; + # CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ]; + # }; + # }; + # in + # { + # syncthing-bertof = recursiveUpdate common { + # description = "Syncthing service bertof"; + # serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; }; + # }; + # syncthing-tiziano = recursiveUpdate common { + # description = "Syncthing service tiziano"; + # serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; }; + # }; + # }; + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; + + system.autoUpgrade = { + enable = true; + allowReboot = true; + flags = [ "--flake gitlab:bertof/nix-dotfiles" ]; + }; + + system.stateVersion = "22.05"; +} diff --git a/freya/hm.nix b/freya/hm.nix new file mode 100644 index 0000000..1d6f519 --- /dev/null +++ b/freya/hm.nix @@ -0,0 +1,69 @@ +{ pkgs, ... }: +{ + nixpkgs.overlays = [ + (_: _: { + devEnvironment = (import ./environment.nix) { + # enableCpp = true; + enableData = true; + # enableGo = true; + # enableHtml = true; + # enableJavascript = true; + # enableJava = true; + # enableLatex = true; + enableNix = true; + # enableOffice = true; + # enablePython = true; + # enableRust = true; + enableShell = true; + # enableSpelling = true; + }; + }) + ]; + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it"; + options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ]; + }; + packages = with pkgs; [ + file + htop + neofetch + nix-prefetch-scripts + ripgrep + wget + xclip + yq + ]; + }; + imports = [ + ../hm_modules/__basic.nix + + ../hm_modules/configurations.nix + ../hm_modules/fonts.nix + ../hm_modules/bash.nix + ../hm_modules/bat.nix + ../hm_modules/bottom.nix + ../hm_modules/broot.nix + ../hm_modules/dircolors.nix + ../hm_modules/direnv.nix + ../hm_modules/git.nix + ../hm_modules/gpg.nix + ../hm_modules/helix.nix + ../hm_modules/info.nix + ../hm_modules/jq.nix + # ../hm_modules/kakoune.nix + ../hm_modules/keychain.nix + ../hm_modules/kitty.nix + ../hm_modules/lf.nix + ../hm_modules/man.nix + ../hm_modules/megasync.nix + ../hm_modules/noti.nix + ../hm_modules/ssh.nix + ../hm_modules/starship.nix + ../hm_modules/tmux.nix + ../hm_modules/zoxide.nix + ../hm_modules/zsh.nix + ../hm_modules/shell_aliases.nix + ]; +} diff --git a/loki/hm.nix b/loki/hm.nix index 0d58f51..1d6f519 100644 --- a/loki/hm.nix +++ b/loki/hm.nix @@ -52,7 +52,7 @@ ../hm_modules/helix.nix ../hm_modules/info.nix ../hm_modules/jq.nix - ../hm_modules/kakoune.nix + # ../hm_modules/kakoune.nix ../hm_modules/keychain.nix ../hm_modules/kitty.nix ../hm_modules/lf.nix diff --git a/odin/hm.nix b/odin/hm.nix index f8b0d5d..064287b 100644 --- a/odin/hm.nix +++ b/odin/hm.nix @@ -134,7 +134,7 @@ ../hm_modules/gtk_theme.nix ../hm_modules/helix.nix # ../hm_modules/joystickwake.nix - ../hm_modules/kakoune.nix + # ../hm_modules/kakoune.nix # ../hm_modules/keepassxc.nix ../hm_modules/kitty.nix ../hm_modules/libinput-gestures.nix diff --git a/thor/hm.nix b/thor/hm.nix index 6e69e95..427d6b2 100644 --- a/thor/hm.nix +++ b/thor/hm.nix @@ -104,7 +104,7 @@ ../hm_modules/gtk_theme.nix ../hm_modules/helix.nix ../hm_modules/joystickwake.nix - ../hm_modules/kakoune.nix + # ../hm_modules/kakoune.nix # ../hm_modules/keepassxc.nix ../hm_modules/kitty.nix ../hm_modules/mangohud.nix