mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-22 03:07:56 +01:00
Added vps config, rearranged current one
This commit is contained in:
parent
8da5147ff4
commit
8b5554e732
8 changed files with 133 additions and 26 deletions
18
flake.nix
18
flake.nix
|
@ -77,7 +77,7 @@
|
|||
nixosConfigurations.lgm-nixos = nixpkgs.lib.nixosSystem rec {
|
||||
inherit system;
|
||||
specialArgs = {
|
||||
secrets = import ./secrets {};
|
||||
# secrets = import ./secrets {};
|
||||
};
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
|
||||
|
@ -95,13 +95,25 @@
|
|||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
|
||||
home-manager.users.lgm = import ./home.nix;
|
||||
home-manager.users.lgm = import ./hosts/laptop/home.nix;
|
||||
|
||||
home-manager.extraSpecialArgs = with specialArgs; {
|
||||
inherit secrets;
|
||||
# inherit secrets;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
nixosConfigurations.lgm-vps1 = nixpkgs.lib.nixosSystem rec {
|
||||
inherit system;
|
||||
specialArgs = {
|
||||
# secrets = import ./secrets {};
|
||||
};
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = my-overlays; })
|
||||
inputs.nh.nixosModules.default
|
||||
./hosts/vps1/configuration.nix
|
||||
./hosts/vps1/hardware-configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||
|
||||
{ config, pkgs, pkgs-stable, secrets, ... }:
|
||||
{ config, pkgs, pkgs-stable, ... }:
|
||||
|
||||
{
|
||||
# boot.kernelPackages = pkgs.linuxPackages_zen;
|
||||
|
@ -32,9 +32,9 @@
|
|||
insmod fat
|
||||
set root='hd0,gpt4'
|
||||
if [ x$feature_platform_search_hint = xy ]; then
|
||||
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.windows_efi_uuid}
|
||||
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
|
||||
else
|
||||
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.windows_efi_uuid}
|
||||
search --no-floppy --fs-uuid --set=root 8D94-2A4E
|
||||
fi
|
||||
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
|
||||
}
|
||||
|
@ -43,11 +43,11 @@
|
|||
insmod fat
|
||||
# set root='hd0,gpt4'
|
||||
# if [ x$feature_platform_search_hint = xy ]; then
|
||||
# search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 ${secrets.drive-ids.volumes.ventoy_efi_uuid}
|
||||
# search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
|
||||
# else
|
||||
# search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid}
|
||||
# search --no-floppy --fs-uuid --set=root BDAD-470D
|
||||
# fi
|
||||
search --no-floppy --fs-uuid --set=root ${secrets.drive-ids.volumes.ventoy_efi_uuid}
|
||||
search --no-floppy --fs-uuid --set=root BDAD-470D
|
||||
chainloader /EFI/BOOT/BOOTX64.EFI
|
||||
}
|
||||
'';
|
||||
|
@ -80,10 +80,10 @@
|
|||
# ==[SECURITY]==
|
||||
# LUKS options
|
||||
# boot.initrd.luks.fido2Support = true;
|
||||
boot.initrd.luks.devices = with secrets.drive-ids.luks; {
|
||||
boot.initrd.luks.devices = {
|
||||
crypted = {
|
||||
inherit device;
|
||||
inherit header;
|
||||
device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
|
||||
header = "/dev/disk/by-partuuid/3c43dda3-6a23-7148-add5-84354a28a59e";
|
||||
preLVM = true;
|
||||
crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ];
|
||||
# fido2.credential = "";
|
||||
|
@ -335,7 +335,6 @@
|
|||
zramSwap = {
|
||||
enable = true;
|
||||
# swapDevices = 2;
|
||||
# writebackDevice = secrets.drive-ids.volumes.swap;
|
||||
};
|
||||
|
||||
# List services that you want to enable:
|
||||
|
|
42
hosts/laptop/email.nix
Normal file
42
hosts/laptop/email.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{
|
||||
accounts.email.accounts = {
|
||||
"lgm-disroot" = {
|
||||
primary = true;
|
||||
address = "lgmrszd@disroot.org";
|
||||
userName = "lgmrszd@disroot.org";
|
||||
realName = "Lgmrszd";
|
||||
gpg = {
|
||||
key = "D3067BE844D3FC49535A47B29396B8BA6FBB14DE";
|
||||
signByDefault = true;
|
||||
};
|
||||
imap = {
|
||||
host = "disroot.org";
|
||||
port = 993;
|
||||
};
|
||||
smtp = {
|
||||
host = "disroot.org";
|
||||
port = 465;
|
||||
tls.enable = true;
|
||||
};
|
||||
thunderbird = {
|
||||
enable = true;
|
||||
profiles = [
|
||||
"lgmrszd"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
"lgm-gmail" = {
|
||||
address = "lgmrszd@gmail.com";
|
||||
userName = "lgmrszd@gmail.com";
|
||||
realName = "Lgmrszd";
|
||||
flavor = "gmail.com";
|
||||
thunderbird = {
|
||||
enable = true;
|
||||
profiles = [
|
||||
"lgmrszd"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,7 +5,9 @@
|
|||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, secrets, ... }:
|
||||
|
||||
let
|
||||
root = "/dev/vgmain/nixos";
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
|
@ -17,25 +19,25 @@
|
|||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = secrets.drive-ids.volumes.root;
|
||||
{ device = root;
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = secrets.drive-ids.volumes.root;
|
||||
{ device = root;
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = secrets.drive-ids.volumes.root;
|
||||
{ device = root;
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = secrets.drive-ids.volumes.boot;
|
||||
{ device = "/dev/disk/by-label/boot";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"noauto"
|
||||
|
@ -47,7 +49,7 @@
|
|||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = secrets.drive-ids.volumes.swap; }
|
||||
[ { device = "/dev/vgmain/swap"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
{ config, osConfig, secrets, pkgs, ... }:
|
||||
{ config, osConfig, pkgs, ... }:
|
||||
|
||||
{
|
||||
home.username = "lgm";
|
||||
home.homeDirectory = "/home/lgm";
|
||||
|
||||
imports = [
|
||||
./email.nix
|
||||
];
|
||||
|
||||
# https://nixos-and-flakes.thiscute.world/nixos-with-flakes/start-using-home-manager
|
||||
|
||||
# Packages that should be installed to the user profile.
|
||||
home.packages = with pkgs; [
|
||||
# my scripts
|
||||
((import ./scripts/rebuild.nix) {inherit pkgs;})
|
||||
# ((import ../scripts/rebuild.nix) {inherit pkgs;}) # outdated
|
||||
wineWowPackages.waylandFull
|
||||
openconnect
|
||||
# file editing
|
||||
|
@ -151,10 +155,13 @@
|
|||
programs.thunderbird = {
|
||||
enable = true;
|
||||
package = pkgs.thunderbird;
|
||||
profiles = secrets.email-stuff.thunderbirdProfiles;
|
||||
profiles = {
|
||||
lgmrszd = {
|
||||
isDefault = true;
|
||||
withExternalGnupg = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
accounts.email.accounts = secrets.email-stuff.emailAccounts;
|
||||
|
||||
# ---------
|
||||
|
|
@ -3,13 +3,13 @@ with secrets.drive-ids; {
|
|||
systemd.mounts = [
|
||||
{
|
||||
where = "/mounts/my_data";
|
||||
what = mounts.my_data;
|
||||
what = "/dev/disk/by-label/My_Data";
|
||||
type = "ntfs3";
|
||||
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
|
||||
}
|
||||
{
|
||||
where = "/mounts/windows";
|
||||
what = mounts.windows;
|
||||
what = "/dev/disk/by-label/WinPart";
|
||||
type = "ntfs3";
|
||||
options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
|
||||
}
|
||||
|
|
36
hosts/vps1/configuration.nix
Normal file
36
hosts/vps1/configuration.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ pkgs, ... }: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
|
||||
];
|
||||
|
||||
programs.fish.enable = true;
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
networking.hostName = "lgm-vps1";
|
||||
networking.domain = "contaboserver.net";
|
||||
services.openssh.enable = true;
|
||||
services.openssh.ports = [ 37163 ];
|
||||
|
||||
services.endlessh-go = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
port = 22;
|
||||
};
|
||||
|
||||
programs.mosh.enable = true;
|
||||
|
||||
users.users.lgm = {
|
||||
isNormalUser = true;
|
||||
description = "lgm";
|
||||
extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"];
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOcHiU7AJfci41rk+CdON9oGkaMjOez1DzFN3NJFuSlC lgm@lgm-nixos'' ];
|
||||
}
|
9
hosts/vps1/hardware-configuration.nix
Normal file
9
hosts/vps1/hardware-configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
|
||||
|
||||
}
|
Loading…
Reference in a new issue