From ccc9af28fd204545c33f1b7135c55b9833c7caa4 Mon Sep 17 00:00:00 2001 From: oddlama Date: Fri, 9 Dec 2022 15:44:27 +0100 Subject: [PATCH] feat: add test config for nom --- core/default.nix | 86 ++++++++++++++++++++++++++++++++++++++++ core/nix.nix | 30 ++++++++++++++ core/resolved.nix | 30 ++++++++++++++ core/tmux.nix | 14 +++++++ hardware/efi.nix | 11 ++++++ hardware/yubikey.nix | 4 ++ hardware/zfs.nix | 16 ++++++++ hosts/nom/default.nix | 92 +++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 283 insertions(+) create mode 100644 core/default.nix create mode 100644 core/nix.nix create mode 100644 core/resolved.nix create mode 100644 core/tmux.nix create mode 100644 hardware/efi.nix create mode 100644 hardware/yubikey.nix create mode 100644 hardware/zfs.nix create mode 100644 hosts/nom/default.nix diff --git a/core/default.nix b/core/default.nix new file mode 100644 index 0000000..81fb003 --- /dev/null +++ b/core/default.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: let + dummyConfig = pkgs.writeText "configuration.nix" '' + assert builtins.trace "This is a dummy config, use deploy-rs!" false; + { } + ''; +in { + imports = [ + ./nix.nix + ./resolved.nix + ./tmux.nix + ./xdg.nix + ./ssh.nix + ]; + + boot.kernelParams = ["log_buf_len=10M"]; + + environment = { + etc."nixos/configuration.nix".source = dummyConfig; + pathsToLink = [ + "/share/zsh" + ]; + systemPackages = with pkgs; [ + neovim + ]; + }; + + # Disable unnecessary stuff from the nixos defaults. + services.udisks2.enable = false; + networking.dhcpcd.enable = false; + networking.firewall.enable = false; + security.sudo.enable = false; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + verbose = true; + }; + + time.timeZone = lib.mkDefault "Europe/Berlin"; + i18n.defaultLocale = "C.UTF-8"; + + networking = { + # When using systemd-networkd it's still possible to use this option, + # but it's recommended to use it in conjunction with explicit per-interface + # declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkForce false; + useNetworkd = true; + wireguard.enable = true; + }; + + nix.nixPath = [ + "nixos-config=${dummyConfig}" + "nixpkgs=/run/current-system/nixpkgs" + "nixpkgs-overlays=/run/current-system/overlays" + ]; + + nixpkgs.config.allowUnfree = true; + + programs = { + zsh = { + enable = true; + enableGlobalCompInit = false; + }; + }; + + system = { + extraSystemBuilderCmds = '' + ln -sv ${pkgs.path} $out/nixpkgs + ln -sv ${../nix/overlays} $out/overlays + ''; + + stateVersion = "22.11"; + }; + + systemd = { + enableUnifiedCgroupHierarchy = true; + network.wait-online.anyInterface = true; + }; + + users.mutableUsers = false; +} diff --git a/core/nix.nix b/core/nix.nix new file mode 100644 index 0000000..21be458 --- /dev/null +++ b/core/nix.nix @@ -0,0 +1,30 @@ +{ + nix = { + settings = { + auto-optimise-store = true; + allowed-users = ["@wheel"]; + trusted-users = ["root" "@wheel"]; + system-features = ["recursive-nix"]; + substituters = [ + "https://nix-config.cachix.org" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + cores = 0; + max-jobs = "auto"; + }; + daemonCPUSchedPolicy = "batch"; + daemonIOSchedPriority = 5; + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + experimental-features = nix-command flakes recursive-nix + flake-registry = /etc/nix/registry.json + ''; + optimise.automatic = true; + gc.automatic = true; + }; +} diff --git a/core/resolved.nix b/core/resolved.nix new file mode 100644 index 0000000..9e75dcb --- /dev/null +++ b/core/resolved.nix @@ -0,0 +1,30 @@ +{lib, ...}: { + networking = { + firewall = { + allowedTCPPorts = [5355]; + allowedUDPPorts = [5353 5355]; + }; + networkmanager.dns = "systemd-resolved"; + }; + + services.resolved = { + enable = true; + dnssec = "allow-downgrade"; + fallbackDns = [ + "1.1.1.1" + "2606:4700:4700::1111" + "8.8.8.8" + "2001:4860:4860::8844" + ]; + llmnr = "true"; + extraConfig = '' + Domains=~. + MulticastDNS=true + ''; + }; + + system.nssDatabases.hosts = lib.mkMerge [ + (lib.mkBefore ["mdns_minimal [NOTFOUND=return]"]) + (lib.mkAfter ["mdns"]) + ]; +} diff --git a/core/tmux.nix b/core/tmux.nix new file mode 100644 index 0000000..d7b5078 --- /dev/null +++ b/core/tmux.nix @@ -0,0 +1,14 @@ +{ + programs.tmux = { + enable = true; + aggressiveResize = true; + clock24 = true; + escapeTime = 0; + historyLimit = 10000; + # breaks tmate + newSession = false; + secureSocket = false; + shortcut = "g"; + terminal = "tmux-256color"; + }; +} diff --git a/hardware/efi.nix b/hardware/efi.nix new file mode 100644 index 0000000..9357f9f --- /dev/null +++ b/hardware/efi.nix @@ -0,0 +1,11 @@ +{lib, ...}: { + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + configurationLimit = 15; + }; + timeout = lib.mkDefault 2; + }; + console.earlySetup = true; +} diff --git a/hardware/yubikey.nix b/hardware/yubikey.nix new file mode 100644 index 0000000..a500e34 --- /dev/null +++ b/hardware/yubikey.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + services.udev.packages = with pkgs; [yubikey-personalization libu2f-host]; + services.pcscd.enable = true; +} diff --git a/hardware/zfs.nix b/hardware/zfs.nix new file mode 100644 index 0000000..a693d45 --- /dev/null +++ b/hardware/zfs.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + boot.supportedFilesystems = ["zfs"]; + + environment.systemPackages = with pkgs; [zfs]; + + services.zfs = { + autoScrub = { + enable = true; + interval = "weekly"; + }; + trim = { + enable = true; + interval = "weekly"; + }; + }; +} diff --git a/hosts/nom/default.nix b/hosts/nom/default.nix new file mode 100644 index 0000000..89fca56 --- /dev/null +++ b/hosts/nom/default.nix @@ -0,0 +1,92 @@ +{ + config, + nixos-hardware, + pkgs, + ... +}: { + imports = [ + nixos-hardware.common-cpu-intel + nixos-hardware.common-gpu-intel + nixos-hardware.common-pc-laptop + nixos-hardware.common-pc-laptop-ssd + ../../core + + ../../hardware/efi.nix + ../../users/oddlama + + #./state.nix + ]; + + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = []; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + supportedFilesystems = ["zfs"]; + tmpOnTmpfs = true; + }; + + console = { + font = "ter-v28n"; + keyMap = "de-latin1-nodeadkeys"; + packages = with pkgs; [terminus_font]; + }; + + fileSystems = { + "/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["defaults" "noatime" "size=20%" "mode=755"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/FDA7-5E38"; + fsType = "vfat"; + }; + "/nix" = { + device = "/dev/disk/by-uuid/4610a590-b6b8-4a8f-82a3-9ec7592911eb"; + fsType = "ext4"; + options = ["defaults" "noatime"]; + neededForBoot = true; + }; + }; + + hardware = { + enableRedistributableFirmware = true; + enableAllFirmware = true; + video.hidpi.enable = lib.mkDefault true; + opengl.enable = true; + }; + + networking = { + hostId = "4313abca"; + hostName = "nom"; + wireless.iwd.enable = true; + }; + + powerManagement.cpuFreqGovernor = "performance"; + + services = { + fwupd.enable = true; + smartd.enable = true; + }; + + systemd.network.networks = { + wired = { + DHCP = "yes"; + matchConfig.MACAddress = "1c:83:41:30:ab:9b"; + dhcpV4Config.RouteMetric = 10; + dhcpV6Config.RouteMetric = 10; + }; + wireless = { + DHCP = "yes"; + matchConfig.MACAddress = "60:dd:8e:12:67:bd"; + dhcpV4Config.RouteMetric = 40; + dhcpV6Config.RouteMetric = 40; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.root = { + initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; + openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"]; + }; +}