Incorporate NixOS configuration
TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
This commit is contained in:
parent
b53ae61db2
commit
695de12482
4 changed files with 166 additions and 21 deletions
|
@ -1,35 +1,140 @@
|
||||||
{ config, pkgs, ... }:
|
{ pkgs ? import <nixpkgs> {}, ... }:
|
||||||
|
|
||||||
# TODO(wpcarro): Refactor to prefer nested attribute for configuration values
|
|
||||||
# instead of using one-liner field accessors.
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [ ./hardware.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# TODO(wpcarro): Is this correct? I believe my laptop only supports BIOS and
|
# Use the systemd-boot EFI boot loader.
|
||||||
# not UEFI.
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "socrates";
|
networking = {
|
||||||
networking.wireless.enable = true;
|
hostName = "socrates";
|
||||||
# Don't remove this.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false
|
||||||
networking.useDHCP = false;
|
# here. Per-interface useDHCP will be mandatory in the future, so this
|
||||||
networking.interfaces.enp2s0f1.useDHCP = true;
|
# generated config replicates the default behaviour.
|
||||||
networking.interfaces.wlp3s0.useDHCP = true;
|
useDHCP = false;
|
||||||
|
networkmanager.enable = true;
|
||||||
|
interfaces.enp2s0f1.useDHCP = true;
|
||||||
|
interfaces.wlp3s0.useDHCP = true;
|
||||||
|
firewall.allowedTCPPorts = [ 9418 80 443 ];
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "UTC";
|
time.timeZone = "UTC";
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
emacs
|
curl
|
||||||
|
direnv
|
||||||
|
emacs26-nox
|
||||||
|
gnupg
|
||||||
|
htop
|
||||||
|
pass
|
||||||
|
vim
|
||||||
|
certbot
|
||||||
|
tree
|
||||||
|
git
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh.enable = true;
|
users = {
|
||||||
|
# I need a git group to run the git server.
|
||||||
|
groups.git = {};
|
||||||
|
|
||||||
users.users.wpcarro = {
|
users.wpcarro = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "git" "wheel" ];
|
||||||
|
shell = pkgs.fish;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.git = {
|
||||||
|
group = "git";
|
||||||
|
isNormalUser = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "20.09";
|
nix = {
|
||||||
|
# Expose depot as <depot>, nixpkgs as <nixpkgs>
|
||||||
|
nixPath = [
|
||||||
|
"briefcase=/home/wpcarro/briefcase"
|
||||||
|
"depot=/home/wpcarro/depot"
|
||||||
|
"nixpkgs=/home/wpcarro/nixpkgs"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Allow wpcarro to call nixos-rebuild
|
||||||
|
trustedUsers = [ "root" "wpcarro" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
##############################################################################
|
||||||
|
# Services
|
||||||
|
##############################################################################
|
||||||
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
services.lorri.enable = true;
|
||||||
|
|
||||||
|
# TODO(wpcarro): Expose the Monzo credentials to this job. Currently they're
|
||||||
|
# managed with direnv and pass, which presumably systemd isn't accessing.
|
||||||
|
systemd.user.services.monzo-token-server = {
|
||||||
|
enable = true;
|
||||||
|
description = "Ensure my Monzo access token is valid";
|
||||||
|
script = "/home/wpcarro/.nix-profile/bin/token-server";
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
WorkingDirectory = "%h/briefcase/monzo_ynab";
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.gitDaemon = {
|
||||||
|
enable = true;
|
||||||
|
basePath = "/srv/git";
|
||||||
|
exportAll = true;
|
||||||
|
repositories = [ "/srv/git/briefcase" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Since I'm using this laptop as a server in my flat, I'd prefer to close its
|
||||||
|
# lid.
|
||||||
|
services.logind.lidSwitch = "ignore";
|
||||||
|
|
||||||
|
# Provision SSL certificates to support HTTPS connections.
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.certs."wpcarro.dev".email = "wpcarro@gmail.com";
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
enableReload = true;
|
||||||
|
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
|
||||||
|
commonHttpConfig = ''
|
||||||
|
log_format json_combined escape=json
|
||||||
|
'{'
|
||||||
|
'"time_local":"$time_local",'
|
||||||
|
'"remote_addr":"$remote_addr",'
|
||||||
|
'"remote_user":"$remote_user",'
|
||||||
|
'"request":"$request",'
|
||||||
|
'"status": "$status",'
|
||||||
|
'"body_bytes_sent":"$body_bytes_sent",'
|
||||||
|
'"request_time":"$request_time",'
|
||||||
|
'"http_referrer":"$http_referer",'
|
||||||
|
'"http_user_agent":"$http_user_agent"'
|
||||||
|
'}';
|
||||||
|
access_log syslog:server=unix:/dev/log json_combined;
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts.blog = {
|
||||||
|
serverName = "blog.wpcarro.dev";
|
||||||
|
useACMEHost = "wpcarro.dev";
|
||||||
|
addSSL = true;
|
||||||
|
extraConfig = ''
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:80
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
30
nixos/hardware.nix
Normal file
30
nixos/hardware.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/aadf1a77-1e98-4b5f-8e74-abf8e77bda34";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/1613-35B9";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
nix.maxJobs = lib.mkDefault 2;
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
# This expression can be used to create NixOS .iso images.
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
9
nixos/rebuild.nix
Normal file
9
nixos/rebuild.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}, ... }:
|
||||||
|
|
||||||
|
pkgs.writeShellScriptBin "rebuild" ''
|
||||||
|
set -ue
|
||||||
|
sudo nixos-rebuild \
|
||||||
|
-I nixos-config=/home/wpcarro/briefcase/nixos/configuration.nix \
|
||||||
|
-I nixpkgs=/home/wpcarro/nixpkgs \
|
||||||
|
switch
|
||||||
|
''
|
Loading…
Reference in a new issue