lgmrszd/nix-cfg
1
0
Fork 0
mirror of https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git synced 2024-11-22 11:17:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added vps config, rearranged current one

Browse source
This commit is contained in:
Lgmrszd 2024-01-12 23:09:13 +03:00
parent 8da5147ff4
commit 8b5554e732
No known key found for this signature in database
GPG key ID: 9396B8BA6FBB14DE
8 changed files with 133 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
flake.nix
View file

@ -77,7 +77,7 @@
nixosConfigurations.lgm-nixos = nixpkgs.lib.nixosSystem rec { nixosConfigurations.lgm-nixos = nixpkgs.lib.nixosSystem rec {
inherit system; inherit system;
specialArgs = { specialArgs = {
secrets = import ./secrets {}; # secrets = import ./secrets {};
}; };
modules = [ modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; }) ({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
@ -95,13 +95,25 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.lgm = import ./home.nix; home-manager.users.lgm = import ./hosts/laptop/home.nix;
home-manager.extraSpecialArgs = with specialArgs; { home-manager.extraSpecialArgs = with specialArgs; {
inherit secrets; # inherit secrets;
}; };
} }
]; ];
}; };
nixosConfigurations.lgm-vps1 = nixpkgs.lib.nixosSystem rec {
inherit system;
specialArgs = {
# secrets = import ./secrets {};
};
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
inputs.nh.nixosModules.default
./hosts/vps1/configuration.nix
./hosts/vps1/hardware-configuration.nix
];
};
}; };
} }

19
hosts/laptop/configuration.nix
View file

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, pkgs-stable, secrets, ... }: { config, pkgs, pkgs-stable, ... }:
{ {
# boot.kernelPackages = pkgs.linuxPackages_zen; # boot.kernelPackages = pkgs.linuxPackages_zen;
@ -32,9 +32,9 @@
insmod fat insmod fat
set root='hd0,gpt4' set root='hd0,gpt4'
if [ x$feature_platform_search_hint = xy ]; then if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.windows_efi_uuid} search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
else else
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.windows_efi_uuid} search --no-floppy --fs-uuid --set=root 8D94-2A4E
fi fi
chainloader /EFI/Microsoft/Boot/bootmgfw.efi chainloader /EFI/Microsoft/Boot/bootmgfw.efi
} }
@ -43,11 +43,11 @@
insmod fat insmod fat
# set root='hd0,gpt4' # set root='hd0,gpt4'
# if [ x$feature_platform_search_hint = xy ]; then # if [ x$feature_platform_search_hint = xy ]; then
# search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.ventoy_efi_uuid} # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
# else # else
# search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} # search --no-floppy --fs-uuid --set=root BDAD-470D
# fi # fi
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid} search --no-floppy --fs-uuid --set=root BDAD-470D
chainloader /EFI/BOOT/BOOTX64.EFI chainloader /EFI/BOOT/BOOTX64.EFI
} }
''; '';
@ -80,10 +80,10 @@
# ==[SECURITY]== # ==[SECURITY]==
# LUKS options # LUKS options
# boot.initrd.luks.fido2Support = true; # boot.initrd.luks.fido2Support = true;
boot.initrd.luks.devices = with secrets.drive-ids.luks; { boot.initrd.luks.devices = {
crypted = { crypted = {
inherit device; device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
inherit header; header = "/dev/disk/by-partuuid/3c43dda3-6a23-7148-add5-84354a28a59e";
preLVM = true; preLVM = true;
crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ];
# fido2.credential = ""; # fido2.credential = "";
@ -335,7 +335,6 @@
zramSwap = { zramSwap = {
enable = true; enable = true;
# swapDevices = 2; # swapDevices = 2;
# writebackDevice = secrets.drive-ids.volumes.swap;
}; };
# List services that you want to enable: # List services that you want to enable:

42
hosts/laptop/email.nix Normal file
View file

@ -0,0 +1,42 @@
{
accounts.email.accounts = {
"lgm-disroot" = {
primary = true;
address = "lgmrszd@disroot.org";
userName = "lgmrszd@disroot.org";
realName = "Lgmrszd";
gpg = {
key = "D3067BE844D3FC49535A47B29396B8BA6FBB14DE";
signByDefault = true;
};
imap = {
host = "disroot.org";
port = 993;
};
smtp = {
host = "disroot.org";
port = 465;
tls.enable = true;
};
thunderbird = {
enable = true;
profiles = [
"lgmrszd"
];
};
};
"lgm-gmail" = {
address = "lgmrszd@gmail.com";
userName = "lgmrszd@gmail.com";
realName = "Lgmrszd";
flavor = "gmail.com";
thunderbird = {
enable = true;
profiles = [
"lgmrszd"
];
};
};
};
}

14
hosts/laptop/hardware-configuration.nix
View file

@ -5,7 +5,9 @@
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, secrets, ... }: { config, lib, pkgs, modulesPath, secrets, ... }:
let
root = "/dev/vgmain/nixos";
in
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
@ -17,25 +19,25 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = secrets.drive-ids.volumes.root; { device = root;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=root" ]; options = [ "subvol=root" ];
}; };
fileSystems."/nix" = fileSystems."/nix" =
{ device = secrets.drive-ids.volumes.root; { device = root;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" ]; options = [ "subvol=nix" ];
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = secrets.drive-ids.volumes.root; { device = root;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" ]; options = [ "subvol=home" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = secrets.drive-ids.volumes.boot; { device = "/dev/disk/by-label/boot";
fsType = "vfat"; fsType = "vfat";
options = [ options = [
"noauto" "noauto"
@ -47,7 +49,7 @@
}; };
swapDevices = swapDevices =
[ { device = secrets.drive-ids.volumes.swap; } [ { device = "/dev/vgmain/swap"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

17
home.nix → hosts/laptop/home.nix
View file

@ -1,15 +1,19 @@
{ config, osConfig, secrets, pkgs, ... }: { config, osConfig, pkgs, ... }:
{ {
home.username = "lgm"; home.username = "lgm";
home.homeDirectory = "/home/lgm"; home.homeDirectory = "/home/lgm";
imports = [
./email.nix
];
# https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager # https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
# Packages that should be installed to the user profile. # Packages that should be installed to the user profile.
home.packages = with pkgs; [ home.packages = with pkgs; [
# my scripts # my scripts
((import ./scripts/rebuild.nix) {inherit pkgs;}) # ((import ../scripts/rebuild.nix) {inherit pkgs;}) # outdated
wineWowPackages.waylandFull wineWowPackages.waylandFull
openconnect openconnect
# file editing # file editing
@ -151,10 +155,13 @@
programs.thunderbird = { programs.thunderbird = {
enable = true; enable = true;
package = pkgs.thunderbird; package = pkgs.thunderbird;
profiles = secrets.email-stuff.thunderbirdProfiles; profiles = {
lgmrszd = {
isDefault = true;
withExternalGnupg = true;
};
};
}; };
accounts.email.accounts = secrets.email-stuff.emailAccounts;
# --------- # ---------

4
hosts/laptop/mounts.nix
View file

@ -3,13 +3,13 @@ with secrets.drive-ids; {
systemd.mounts = [ systemd.mounts = [
{ {
where = "/mounts/my_data"; where = "/mounts/my_data";
what = mounts.my_data; what = "/dev/disk/by-label/My_Data";
type = "ntfs3"; type = "ntfs3";
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
} }
{ {
where = "/mounts/windows"; where = "/mounts/windows";
what = mounts.windows; what = "/dev/disk/by-label/WinPart";
type = "ntfs3"; type = "ntfs3";
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
} }

36
hosts/vps1/configuration.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
];
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking.hostName = "lgm-vps1";
networking.domain = "contaboserver.net";
services.openssh.enable = true;
services.openssh.ports = [ 37163 ];
services.endlessh-go = {
enable = true;
openFirewall = true;
port = 22;
};
programs.mosh.enable = true;
users.users.lgm = {
isNormalUser = true;
description = "lgm";
extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"];
shell = pkgs.fish;
};
system.stateVersion = "23.11";
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcHiU7AJfci41rk+CdON9oGkaMjOez1DzFN3NJFuSlC lgm@lgm-nixos'' ];
}

9
hosts/vps1/hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
}