From 8b814c2e6dcfbc0c2ed1edab785f2be8b5f0ab11 Mon Sep 17 00:00:00 2001 From: sinavir Date: Thu, 18 Jan 2024 18:55:22 +0100 Subject: [PATCH] add configuration to deploy on a PC --- common-config/default.nix | 8 +++++ common-config/disko.nix | 41 ++++++++++++++++++++++++ common-config/hardware-configuration.nix | 20 ++++++++++++ common-config/nix-conf.nix | 15 +++++++++ common-config/programs.nix | 25 +++++++++++++++ common-config/ssh.nix | 7 ++++ configuration.nix | 6 +++- npins/sources.json | 13 ++++++++ virtualisation.nix | 9 ++++++ 9 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 common-config/default.nix create mode 100644 common-config/disko.nix create mode 100644 common-config/hardware-configuration.nix create mode 100644 common-config/nix-conf.nix create mode 100644 common-config/programs.nix create mode 100644 common-config/ssh.nix create mode 100644 virtualisation.nix diff --git a/common-config/default.nix b/common-config/default.nix new file mode 100644 index 0000000..069c4c0 --- /dev/null +++ b/common-config/default.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./ssh.nix + ./programs.nix + ./nix-conf.nix + ./hardware-configuration.nix + ]; +} diff --git a/common-config/disko.nix b/common-config/disko.nix new file mode 100644 index 0000000..fd672ae --- /dev/null +++ b/common-config/disko.nix @@ -0,0 +1,41 @@ +_: +{ + disko.devices = { + disk = { + sdb = { + device = "/dev/sdb"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + end = "-4G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + swap = { + name = "swap"; + size = "100%"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/common-config/hardware-configuration.nix b/common-config/hardware-configuration.nix new file mode 100644 index 0000000..e62a55c --- /dev/null +++ b/common-config/hardware-configuration.nix @@ -0,0 +1,20 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (let sources = import ../npins; in sources.disko + "/module.nix") + ./disko.nix + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/common-config/nix-conf.nix b/common-config/nix-conf.nix new file mode 100644 index 0000000..1824e91 --- /dev/null +++ b/common-config/nix-conf.nix @@ -0,0 +1,15 @@ +{ + lib, + pkgs, + config, + metadata, + nodes, + name, + ... +}: { + nix.settings = { + trusted-users = ["root" "@wheel"]; + auto-optimise-store = true; + extra-experimental-features = ["nix-command" "flakes"]; + }; +} diff --git a/common-config/programs.nix b/common-config/programs.nix new file mode 100644 index 0000000..7398223 --- /dev/null +++ b/common-config/programs.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + lib, + ... +}: { + environment.systemPackages = with pkgs; [ + colmena + dig + eza + git + htop + screen + tcpdump + ]; + + environment.shellAliases = { + l = "eza -lah --git --git-repos-no-status"; + }; + + programs.mosh.enable = !(builtins.elem config.networking.hostName []); + programs.mtr.enable = true; + + programs.vim.defaultEditor = true; +} diff --git a/common-config/ssh.nix b/common-config/ssh.nix new file mode 100644 index 0000000..9509ac2 --- /dev/null +++ b/common-config/ssh.nix @@ -0,0 +1,7 @@ +{ + #users.users.root = { + # openssh.authorizedKeys.keyFiles = [./ssh.keys]; + #}; + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; +} diff --git a/configuration.nix b/configuration.nix index 431e7a9..9ff35ff 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,7 +1,8 @@ ({ modulesPath, config, lib, pkgs, ... }: { imports = [ ./modules - "${modulesPath}/profiles/qemu-guest.nix" + ./virtualisation.nix + ./common-config ./games.nix ./retroarch ]; @@ -29,9 +30,12 @@ services.xserver.displayManager.startx.enable = true; services.xserver.libinput.enable = true; + users.mutableUsers = false; users.users.arcade = { isNormalUser = true; home = "/home/arcade"; + extraGroups = [ "wheel" ]; + inherit (import ./opsec.nix) hashedPassword; }; services.getty.autologinUser = "arcade"; diff --git a/npins/sources.json b/npins/sources.json index e61f449..650bd63 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,18 @@ { "pins": { + "disko": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://github.com/nix-community/disko" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "v1.3.0", + "revision": "aef9a509db64a081186af2dc185654d78dc8e344", + "url": null, + "hash": "1lrnvgd5w41wrgidp3vwv2ahpvl0a61c2lai6qs16ri71g00kqn0" + }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", diff --git a/virtualisation.nix b/virtualisation.nix new file mode 100644 index 0000000..672562a --- /dev/null +++ b/virtualisation.nix @@ -0,0 +1,9 @@ +{ + virtualisation.vmVariant = { + # Give some fresh air to the vm + virtualisation = { + cores = 2; + memorySize = 4096; + }; + }; +}