From 8b5554e732498631342e50fbb96c95799bb03e8b Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Fri, 12 Jan 2024 23:09:13 +0300 Subject: [PATCH] Added vps config, rearranged current one --- flake.nix | 18 +++++++++-- hosts/laptop/configuration.nix | 19 ++++++----- hosts/laptop/email.nix | 42 +++++++++++++++++++++++++ hosts/laptop/hardware-configuration.nix | 14 +++++---- home.nix => hosts/laptop/home.nix | 17 +++++++--- hosts/laptop/mounts.nix | 4 +-- hosts/vps1/configuration.nix | 36 +++++++++++++++++++++ hosts/vps1/hardware-configuration.nix | 9 ++++++ 8 files changed, 133 insertions(+), 26 deletions(-) create mode 100644 hosts/laptop/email.nix rename home.nix => hosts/laptop/home.nix (95%) create mode 100644 hosts/vps1/configuration.nix create mode 100644 hosts/vps1/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 64b6681..2c038e0 100644 --- a/flake.nix +++ b/flake.nix @@ -77,7 +77,7 @@ nixosConfigurations.lgm-nixos = nixpkgs.lib.nixosSystem rec { inherit system; specialArgs = { - secrets = import ./secrets {}; + # secrets = import ./secrets {}; }; modules = [ ({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; }) @@ -95,13 +95,25 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.lgm = import ./home.nix; + home-manager.users.lgm = import ./hosts/laptop/home.nix; home-manager.extraSpecialArgs = with specialArgs; { - inherit secrets; + # inherit secrets; }; } ]; }; + nixosConfigurations.lgm-vps1 = nixpkgs.lib.nixosSystem rec { + inherit system; + specialArgs = { + # secrets = import ./secrets {}; + }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; }) + inputs.nh.nixosModules.default + ./hosts/vps1/configuration.nix + ./hosts/vps1/hardware-configuration.nix + ]; + }; }; } diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 3e4b061..7efc7c4 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). -{ config, pkgs, pkgs-stable, secrets, ... }: +{ config, pkgs, pkgs-stable, ... }: { # boot.kernelPackages = pkgs.linuxPackages_zen; @@ -32,9 +32,9 @@ insmod fat set root='hd0,gpt4' if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.windows_efi_uuid} + search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E else - search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.windows_efi_uuid} + search --no-floppy --fs-uuid --set=root 8D94-2A4E fi chainloader /EFI/Microsoft/Boot/bootmgfw.efi } @@ -43,11 +43,11 @@ insmod fat # set root='hd0,gpt4' # if [ x$feature_platform_search_hint = xy ]; then - # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.ventoy_efi_uuid} + # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D # else - # search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} + # search --no-floppy --fs-uuid --set=root BDAD-470D # fi - search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} + search --no-floppy --fs-uuid --set=root BDAD-470D chainloader /EFI/BOOT/BOOTX64.EFI } ''; @@ -80,10 +80,10 @@ # ==[SECURITY]== # LUKS options # boot.initrd.luks.fido2Support = true; - boot.initrd.luks.devices = with secrets.drive-ids.luks; { + boot.initrd.luks.devices = { crypted = { - inherit device; - inherit header; + device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1"; + header = "/dev/disk/by-partuuid/3c43dda3-6a23-7148-add5-84354a28a59e"; preLVM = true; crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; # fido2.credential = ""; @@ -335,7 +335,6 @@ zramSwap = { enable = true; # swapDevices = 2; - # writebackDevice = secrets.drive-ids.volumes.swap; }; # List services that you want to enable: diff --git a/hosts/laptop/email.nix b/hosts/laptop/email.nix new file mode 100644 index 0000000..1d8c0e6 --- /dev/null +++ b/hosts/laptop/email.nix @@ -0,0 +1,42 @@ +{ + accounts.email.accounts = { + "lgm-disroot" = { + primary = true; + address = "lgmrszd@disroot.org"; + userName = "lgmrszd@disroot.org"; + realName = "Lgmrszd"; + gpg = { + key = "D3067BE844D3FC49535A47B29396B8BA6FBB14DE"; + signByDefault = true; + }; + imap = { + host = "disroot.org"; + port = 993; + }; + smtp = { + host = "disroot.org"; + port = 465; + tls.enable = true; + }; + thunderbird = { + enable = true; + profiles = [ + "lgmrszd" + ]; + }; + }; + + "lgm-gmail" = { + address = "lgmrszd@gmail.com"; + userName = "lgmrszd@gmail.com"; + realName = "Lgmrszd"; + flavor = "gmail.com"; + thunderbird = { + enable = true; + profiles = [ + "lgmrszd" + ]; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index ccdcc18..65f2eb8 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -5,7 +5,9 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, secrets, ... }: - +let + root = "/dev/vgmain/nixos"; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -17,25 +19,25 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = secrets.drive-ids.volumes.root; + { device = root; fsType = "btrfs"; options = [ "subvol=root" ]; }; fileSystems."/nix" = - { device = secrets.drive-ids.volumes.root; + { device = root; fsType = "btrfs"; options = [ "subvol=nix" ]; }; fileSystems."/home" = - { device = secrets.drive-ids.volumes.root; + { device = root; fsType = "btrfs"; options = [ "subvol=home" ]; }; fileSystems."/boot" = - { device = secrets.drive-ids.volumes.boot; + { device = "/dev/disk/by-label/boot"; fsType = "vfat"; options = [ "noauto" @@ -47,7 +49,7 @@ }; swapDevices = - [ { device = secrets.drive-ids.volumes.swap; } + [ { device = "/dev/vgmain/swap"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/home.nix b/hosts/laptop/home.nix similarity index 95% rename from home.nix rename to hosts/laptop/home.nix index ded60c6..bfb9cc5 100644 --- a/home.nix +++ b/hosts/laptop/home.nix @@ -1,15 +1,19 @@ -{ config, osConfig, secrets, pkgs, ... }: +{ config, osConfig, pkgs, ... }: { home.username = "lgm"; home.homeDirectory = "/home/lgm"; + imports = [ + ./email.nix + ]; + # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager # Packages that should be installed to the user profile. home.packages = with pkgs; [ # my scripts - ((import ./scripts/rebuild.nix) {inherit pkgs;}) + # ((import ../scripts/rebuild.nix) {inherit pkgs;}) # outdated wineWowPackages.waylandFull openconnect # file editing @@ -151,11 +155,14 @@ programs.thunderbird = { enable = true; package = pkgs.thunderbird; - profiles = secrets.email-stuff.thunderbirdProfiles; + profiles = { + lgmrszd = { + isDefault = true; + withExternalGnupg = true; + }; + }; }; - accounts.email.accounts = secrets.email-stuff.emailAccounts; - # --------- services.nextcloud-client = { diff --git a/hosts/laptop/mounts.nix b/hosts/laptop/mounts.nix index 70be7d6..2737ec6 100644 --- a/hosts/laptop/mounts.nix +++ b/hosts/laptop/mounts.nix @@ -3,13 +3,13 @@ with secrets.drive-ids; { systemd.mounts = [ { where = "/mounts/my_data"; - what = mounts.my_data; + what = "/dev/disk/by-label/My_Data"; type = "ntfs3"; options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; } { where = "/mounts/windows"; - what = mounts.windows; + what = "/dev/disk/by-label/WinPart"; type = "ntfs3"; options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; } diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix new file mode 100644 index 0000000..c64f5ef --- /dev/null +++ b/hosts/vps1/configuration.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + + + ]; + + programs.fish.enable = true; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "lgm-vps1"; + networking.domain = "contaboserver.net"; + services.openssh.enable = true; + services.openssh.ports = [ 37163 ]; + + services.endlessh-go = { + enable = true; + openFirewall = true; + port = 22; + }; + + programs.mosh.enable = true; + + users.users.lgm = { + isNormalUser = true; + description = "lgm"; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"]; + shell = pkgs.fish; + }; + + system.stateVersion = "23.11"; + users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcHiU7AJfci41rk+CdON9oGkaMjOez1DzFN3NJFuSlC lgm@lgm-nixos'' ]; +} diff --git a/hosts/vps1/hardware-configuration.nix b/hosts/vps1/hardware-configuration.nix new file mode 100644 index 0000000..08ea065 --- /dev/null +++ b/hosts/vps1/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; + +}