From b87d3ab26f35a1e6855145a1fb4d95ec38c881ff Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 5 Sep 2023 21:46:55 -0500 Subject: [PATCH] Unify nixos configs --- flake.nix | 18 +--- home.nix | 17 ++++ machines/beefcake-hardware.nix | 57 ------------ machines/thinker-hardware.nix | 27 ------ {machines => nixos}/beefcake.nix | 46 +++++++++- nixos/rascal.nix | 148 +++++++++++++++++++++++++++++++ {machines => nixos}/thinker.nix | 16 +++- 7 files changed, 221 insertions(+), 108 deletions(-) create mode 100644 home.nix delete mode 100644 machines/beefcake-hardware.nix delete mode 100644 machines/thinker-hardware.nix rename {machines => nixos}/beefcake.nix (94%) create mode 100644 nixos/rascal.nix rename {machines => nixos}/thinker.nix (93%) diff --git a/flake.nix b/flake.nix index 07173bb..fb712e0 100644 --- a/flake.nix +++ b/flake.nix @@ -11,24 +11,8 @@ outputs = inputs @ { self, ... }: { diskoConfigurations = import ./disko.nix; + homeConfigurations = import ./home.nix; - homeConfigurations = - # TODO: per arch? - let - system = "x86_64-linux"; - pkgs = inputs.nixpkgs.legacyPackages.${system}; - in - { - daniel = inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ - (import - ./daniel.nix - - pkgs) - ]; - }; - }; nixosConfigurations = { beefcake = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..a24a94b --- /dev/null +++ b/home.nix @@ -0,0 +1,17 @@ +inputs: +let + system = "x86_64-linux"; + pkgs = inputs.nixpkgs.legacyPackages.${system}; +in +{ + # TODO: per arch? + daniel = inputs.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ + (import + ./daniel.nix + + pkgs) + ]; + }; +} diff --git a/machines/beefcake-hardware.nix b/machines/beefcake-hardware.nix deleted file mode 100644 index e31d51c..0000000 --- a/machines/beefcake-hardware.nix +++ /dev/null @@ -1,57 +0,0 @@ -# Do not modify this file! It was generated by 'nixos-generate-config' -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64"; - fsType = "ext4"; - options = [ - "usrquota" - ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/7E3C-9018"; - fsType = "vfat"; - }; - - fileSystems."/storage" = - { - device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063"; - fsType = "btrfs"; - options = [ - "compress=zstd:5" - "space_cache=v2" - ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.eno3.useDHCP = lib.mkDefault true; - # networking.interfaces.eno4.useDHCP = lib.mkDefault true; - # networking.interfaces.enp68s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp68s0f1.useDHCP = lib.mkDefault true; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/machines/thinker-hardware.nix b/machines/thinker-hardware.nix deleted file mode 100644 index 29217e6..0000000 --- a/machines/thinker-hardware.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/machines/beefcake.nix b/nixos/beefcake.nix similarity index 94% rename from machines/beefcake.nix rename to nixos/beefcake.nix index 7b5b63b..6821555 100644 --- a/machines/beefcake.nix +++ b/nixos/beefcake.nix @@ -2,11 +2,49 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ config, pkgs, inputs, ... }: rec { +{ modulesPath, config, lib, pkgs, inputs, ... }: rec { nix.settings.experimental-features = [ "nix-command" "flakes" ]; - imports = [ - ./beefcake-hardware.nix - ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64"; + fsType = "ext4"; + options = [ + "usrquota" + ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/7E3C-9018"; + fsType = "vfat"; + }; + + fileSystems."/storage" = + { + device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063"; + fsType = "btrfs"; + options = [ + "compress=zstd:5" + "space_cache=v2" + ]; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; services.api-lyte-dev = rec { enable = true; diff --git a/nixos/rascal.nix b/nixos/rascal.nix new file mode 100644 index 0000000..10f1472 --- /dev/null +++ b/nixos/rascal.nix @@ -0,0 +1,148 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, modulesPath, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + imports = + [ + # Include the results of the hardware scan. + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/2e2ad73a-6264-4a7b-8439-9c05295d903d"; + fsType = "f2fs"; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "rascal"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.daniel = { + shell = pkgs.fish; + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + + ]; + }; + + users.users.beefcake = { + # used for restic backups + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + unstable.helix # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + unstable.zellij + tmux + curl + wget + exa + sd + smartmontools + fd + git + fish + ripgrep + rnix-lsp + wireguard-tools + tailscale + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + services.smartd.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + services.tailscale.enable = true; + + environment.variables = { + EDITOR = "hx"; + FISH_START_ZELLIJ = "true"; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; + networking.firewall.checkReversePath = "loose"; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.0.10.15/24" ]; + listenPort = 51820; + privateKeyFile = "/root/wg.key"; + + peers = [ + { + publicKey = "c6gERFUqFr8aTSyRF9c4IF2aah8WbUsO/Qo8QJQ2Hzk="; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "vpn4.h.lyte.dev:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + persistentKeepalive = 25; + } + ]; + }; + }; +} + diff --git a/machines/thinker.nix b/nixos/thinker.nix similarity index 93% rename from machines/thinker.nix rename to nixos/thinker.nix index 315e4f2..27a4cc9 100644 --- a/machines/thinker.nix +++ b/nixos/thinker.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). -{ pkgs, inputs, ... }: +{ modulesPath, pkgs, config, lib, inputs, ... }: let # this is unused because it's referenced by my sway config @@ -38,10 +38,16 @@ in { imports = [ - # Include the results of the hardware scan. - ./thinker-hardware.nix + (modulesPath + "/installer/scan/not-detected.nix") ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + # TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright # with this machine so it may not be necessary? # need to measure percentage lost per day, but I think it's around 10%/day @@ -54,6 +60,10 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + nixpkgs.config = { allowUnfree = true; packageOverrides = pkgs: {