lgmrszd/nix-cfg
1
0
Fork 0
mirror of https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git synced 2024-09-19 17:37:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added vps config, rearranged current one

Browse source
This commit is contained in:
Lgmrszd 2024-01-12 23:09:13 +03:00
parent 8da5147ff4
commit 8b5554e732
No known key found for this signature in database
GPG key ID: 9396B8BA6FBB14DE
8 changed files with 133 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
flake.nix
View file

@ -77,7 +77,7 @@
nixosConfigurations.lgm-nixos = nixpkgs.lib.nixosSystem rec {
inherit system;
specialArgs = {
secrets = import ./secrets {};
# secrets = import ./secrets {};
};
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
@ -95,13 +95,25 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.lgm = import ./home.nix;
home-manager.users.lgm = import ./hosts/laptop/home.nix;
home-manager.extraSpecialArgs = with specialArgs; {
inherit secrets;
# inherit secrets;
};
}
];
};
nixosConfigurations.lgm-vps1 = nixpkgs.lib.nixosSystem rec {
inherit system;
specialArgs = {
# secrets = import ./secrets {};
};
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
inputs.nh.nixosModules.default
./hosts/vps1/configuration.nix
./hosts/vps1/hardware-configuration.nix
];
};
};
}

19
hosts/laptop/configuration.nix
View file

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, pkgs-stable, secrets, ... }:
{ config, pkgs, pkgs-stable, ... }:
{
# boot.kernelPackages = pkgs.linuxPackages_zen;
@ -32,9 +32,9 @@
insmod fat
set root='hd0,gpt4'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.windows_efi_uuid}
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
else
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.windows_efi_uuid}
search --no-floppy --fs-uuid --set=root 8D94-2A4E
fi
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
@ -43,11 +43,11 @@
insmod fat
# set root='hd0,gpt4'
# if [ x$feature_platform_search_hint = xy ]; then
# search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.ventoy_efi_uuid}
# search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
# else
# search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid}
# search --no-floppy --fs-uuid --set=root BDAD-470D
# fi
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid}
search --no-floppy --fs-uuid --set=root BDAD-470D
chainloader /EFI/BOOT/BOOTX64.EFI
}
'';
@ -80,10 +80,10 @@
# ==[SECURITY]==
# LUKS options
# boot.initrd.luks.fido2Support = true;
boot.initrd.luks.devices = with secrets.drive-ids.luks; {
boot.initrd.luks.devices = {
crypted = {
inherit device;
inherit header;
device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
header = "/dev/disk/by-partuuid/3c43dda3-6a23-7148-add5-84354a28a59e";
preLVM = true;
crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ];
# fido2.credential = "";
@ -335,7 +335,6 @@
zramSwap = {
enable = true;
# swapDevices = 2;
# writebackDevice = secrets.drive-ids.volumes.swap;
};
# List services that you want to enable:

42
hosts/laptop/email.nix Normal file
View file

@ -0,0 +1,42 @@
{
accounts.email.accounts = {
"lgm-disroot" = {
primary = true;
address = "lgmrszd@disroot.org";
userName = "lgmrszd@disroot.org";
realName = "Lgmrszd";
gpg = {
key = "D3067BE844D3FC49535A47B29396B8BA6FBB14DE";
signByDefault = true;
};
imap = {
host = "disroot.org";
port = 993;
};
smtp = {
host = "disroot.org";
port = 465;
tls.enable = true;
};
thunderbird = {
enable = true;
profiles = [
"lgmrszd"
];
};
};
"lgm-gmail" = {
address = "lgmrszd@gmail.com";
userName = "lgmrszd@gmail.com";
realName = "Lgmrszd";
flavor = "gmail.com";
thunderbird = {
enable = true;
profiles = [
"lgmrszd"
];
};
};
};
}

14
hosts/laptop/hardware-configuration.nix
View file

@ -5,7 +5,9 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, secrets, ... }:
let
root = "/dev/vgmain/nixos";
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
@ -17,25 +19,25 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = secrets.drive-ids.volumes.root;
{ device = root;
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/nix" =
{ device = secrets.drive-ids.volumes.root;
{ device = root;
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/home" =
{ device = secrets.drive-ids.volumes.root;
{ device = root;
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = secrets.drive-ids.volumes.boot;
{ device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = [
"noauto"
@ -47,7 +49,7 @@
};
swapDevices =
[ { device = secrets.drive-ids.volumes.swap; }
[ { device = "/dev/vgmain/swap"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

17
home.nix → hosts/laptop/home.nix
View file

@ -1,15 +1,19 @@
{ config, osConfig, secrets, pkgs, ... }:
{ config, osConfig, pkgs, ... }:
{
home.username = "lgm";
home.homeDirectory = "/home/lgm";
imports = [
./email.nix
];
# https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
# Packages that should be installed to the user profile.
home.packages = with pkgs; [
# my scripts
((import ./scripts/rebuild.nix) {inherit pkgs;})
# ((import ../scripts/rebuild.nix) {inherit pkgs;}) # outdated
wineWowPackages.waylandFull
openconnect
# file editing
@ -151,11 +155,14 @@
programs.thunderbird = {
enable = true;
package = pkgs.thunderbird;
profiles = secrets.email-stuff.thunderbirdProfiles;
profiles = {
lgmrszd = {
isDefault = true;
withExternalGnupg = true;
};
};
};
accounts.email.accounts = secrets.email-stuff.emailAccounts;
# ---------
services.nextcloud-client = {

4
hosts/laptop/mounts.nix
View file

@ -3,13 +3,13 @@ with secrets.drive-ids; {
systemd.mounts = [
{
where = "/mounts/my_data";
what = mounts.my_data;
what = "/dev/disk/by-label/My_Data";
type = "ntfs3";
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
}
{
where = "/mounts/windows";
what = mounts.windows;
what = "/dev/disk/by-label/WinPart";
type = "ntfs3";
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
}

36
hosts/vps1/configuration.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
];
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking.hostName = "lgm-vps1";
networking.domain = "contaboserver.net";
services.openssh.enable = true;
services.openssh.ports = [ 37163 ];
services.endlessh-go = {
enable = true;
openFirewall = true;
port = 22;
};
programs.mosh.enable = true;
users.users.lgm = {
isNormalUser = true;
description = "lgm";
extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"];
shell = pkgs.fish;
};
system.stateVersion = "23.11";
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcHiU7AJfci41rk+CdON9oGkaMjOez1DzFN3NJFuSlC lgm@lgm-nixos'' ];
}

9
hosts/vps1/hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
}