From 8c47a51a4101c8a2aa6f6bb2719be68feb14e593 Mon Sep 17 00:00:00 2001 From: Snorre Ettrup Altschul Date: Fri, 28 Feb 2025 23:13:51 +0100 Subject: [PATCH] AIGHR --- configuration.nix | 104 +++++++++++++++++++++++++++++++++++++++++++ disko.nix | 110 ++++++++++++++++++++++++++++++++++++++++++++++ flake.lock | 69 +++++++++++++++++++++++++++++ flake.nix | 45 +++++++++++++++++++ home.nix | 14 ++++++ passwd | 1 + 6 files changed, 343 insertions(+) create mode 100644 configuration.nix create mode 100644 disko.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home.nix create mode 100644 passwd diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..08de9dc --- /dev/null +++ b/configuration.nix @@ -0,0 +1,104 @@ +{ + pkgs, + inputs, + modulesPath, + lib, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") # Temporary + ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = true; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + timeout = 0; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + nix.optimise = { + automatic = true; + dates = ["05:00"]; + }; + + networking.hostName = "enis"; + networking.hostId = "2ead098f"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = []; + allowedUDPPorts = []; + }; + + home-manager = { + extraSpecialArgs = {inherit inputs;}; + users = { + "enis" = import ./home.nix; + }; + }; + + users.users."enis" = { + isNormalUser = true; + hashedPasswordFile = "./password"; + extraGroups = [ + "networkmanager" + "audio" + "wheel" + ]; + + shell = pkgs.zsh; + }; + + programs.zsh = { + enable = true; + enableGlobalCompInit = true; + }; + + programs.ssh.startAgent = true; + programs.nano.enable = false; + + environment.systemPackages = with pkgs; [ + wget + curl + git + vim + ]; + + environment.variables = { + EDITOR = "vim"; + }; + + time.timeZone = "Europe/Copenhagen"; + + security.sudo = { + enable = true; + extraConfig = '' + Defaults lecture = never + ''; + }; + + programs.mtr.enable = true; + programs.gnupg.agent.enable = true; + + services.thermald.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + AllowUsers = ["enis"]; + PermitRootLogin = "no"; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/disko.nix b/disko.nix new file mode 100644 index 0000000..98f8568 --- /dev/null +++ b/disko.nix @@ -0,0 +1,110 @@ +{ lib +, root-disk ? "Expected a mf disk brother" +, raid-disks ? "Expected disks for raid" +, ... +}: { + disko.devices = { + disk = + { + root = { + type = "disk"; + device = root-disk; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + } + // lib.attrsets.genAttrs raid-disks ( + name: { + device = "/dev/" + name; + content = { + type = "gpt"; + partitions.raid-pool = { + size = "100%"; + content = { + type = "zfs"; + pool = "zraid"; + }; + }; + }; + } + ); + + zpool = { + zroot = { + type = "zpool"; + rootFsOptions = { + mountpoint = "none"; + compression = "zstd"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "false"; + }; + options = { + ashift = "12"; + }; + datasets = { + "root" = { + type = "zfs_fs"; + options = { + # encryption = "aes-256-gcm"; + # keyformat = "passphrase"; + # keylocation = "prompt"; + }; + mountpoint = "/"; + }; + + "root/nix" = { + type = "zfs_fs"; + options.mountpoint = "/nix"; + mountpoint = "/nix"; + }; + }; + }; + + zraid = lib.mkIf (builtins.length raid-disks > 0) { + type = "zpool"; + mode = "raidz"; + options = { + ashift = "12"; + autotrim = "on"; + autoexpand = "on"; + }; + rootFsOptions = { + compression = "zstd"; + mountpoint = "none"; + }; + datasets = { + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..52f8388 --- /dev/null +++ b/flake.lock @@ -0,0 +1,69 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "owner": "nix-community", + "repo": "disko", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740699498, + "narHash": "sha256-r9hkKzX99CGiP1ZqH0e+SWKK4CMsRNRLyotuwrUjhTI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b71edac7a3167026aabea82a54d08b1794088c21", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b9b69b2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "Configuration for NAS Server"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + self, + nixpkgs, + ... + } @ inputs: let + system = "x86_64-linux"; + pkgs = import nixpkgs {inherit system;}; + in { + formatter.${system} = pkgs.alejandra; + + nixosConfigurations = { + server = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + inputs.disko.nixosModules.default + (import ./disko.nix { + lib = pkgs.lib; + root-disk = "/dev/vda"; + raid-disks = []; + }) + inputs.home-manager.nixosModules.default + + ./configuration.nix + ]; + }; + }; + }; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..29745b0 --- /dev/null +++ b/home.nix @@ -0,0 +1,14 @@ +{...}: { + imports = []; + + home.username = "enis"; + home.homeDirectory = "/home/enis"; + + programs.home-manager.enable = true; + + home.sessionVariables = { + EDITOR = "vim"; + }; + + home.stateVersion = "24.11"; +} diff --git a/passwd b/passwd new file mode 100644 index 0000000..adc7c33 --- /dev/null +++ b/passwd @@ -0,0 +1 @@ +$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3