commit f7ff1dcec9ce47e6416e8a1e9eb3675b386e5849 Author: Thomas Boerger Date: Sun Feb 20 17:46:48 2022 +0100 chore: initial commit diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..38b5c0c --- /dev/null +++ b/.editorconfig @@ -0,0 +1,16 @@ +# http://editorconfig.org + +root = true + +[*] +charset = utf-8 +insert_final_newline = true +trim_trailing_whitespace = true + +[Makefile] +indent_style = tab +indent_size = 4 + +[*.nix] +indent_style = space +indent_size = 2 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..12f386f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + +... diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..7a98528 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,8 @@ +{ + "extends": [ + "config:base" + ], + "labels": [ + "renovate" + ] +} \ No newline at end of file diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 0000000..aa8f5f2 --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,68 @@ +--- +repository: + name: nixos-config + description: Configuration for Nix on my NixOS machines + topics: workstation, nix, nixpkgs, nixos, home-manager + + private: false + has_issues: true + has_projects: false + has_wiki: false + has_downloads: false + + default_branch: master + + allow_squash_merge: true + allow_merge_commit: true + allow_rebase_merge: true + +labels: + - name: bug + color: d73a4a + description: Something isn't working + - name: documentation + color: 0075ca + description: Improvements or additions to documentation + - name: duplicate + color: cfd3d7 + description: This issue or pull request already exists + - name: enhancement + color: a2eeef + description: New feature or request + - name: good first issue + color: 7057ff + description: Good for newcomers + - name: help wanted + color: 008672 + description: Extra attention is needed + - name: invalid + color: e4e669 + description: This doesn't seem right + - name: question + color: d876e3 + description: Further information is requested + - name: renovate + color: 1d76db + description: Automated action from Renovate + - name: wontfix + color: ffffff + description: This will not be worked on + - name: hacktoberfest + color: d4c5f9 + description: Contribution at Hacktoberfest appreciated + +branches: + - name: master + protection: + required_status_checks: + strict: true + contexts: + - build + enforce_admins: false + restrictions: + apps: + - renovate + users: [] + teams: [] + +... diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..eb9f969 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,18 @@ +--- +name: build + +"on": + pull_request: + push: + branches: + - master + +jobs: + tests: + runs-on: ubuntu-latest + + steps: + - name: Clone source + uses: actions/checkout@v2.4.0 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c4a847d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/result diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..da0b761 --- /dev/null +++ b/Makefile @@ -0,0 +1,9 @@ +SHELL := bash + +.PHONY: update +update: + nix --extra-experimental-features "nix-command flakes" flake update + +.PHONY: switch +switch: + nixos-rebuild switch --flake . diff --git a/README.md b/README.md new file mode 100644 index 0000000..914c901 --- /dev/null +++ b/README.md @@ -0,0 +1,100 @@ +# nixos-config + +[![Build](https://github.com/tboerger/nixos-config/actions/workflows/build.yml/badge.svg)](https://github.com/tboerger/nixos-config/actions/workflows/build.yml) + +Provisioning for my NixOS systems based on [Nix][nix]. + +## Secrets + +Generally all secrets are encrypted with [agenix][agenix], so make sure to copy +the SSH keys from the `secrets` stick with these commands: + +```console +mkdir -p $HOME/.ssh +cp /mnt/secrets/ssh/id_* $HOME/.ssh/ +chmod u=rw,g=,o= $HOME/.ssh/id_* +``` + +## Prepare + +## Midgard + +### Bootstrap + +```console +bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/partitions)" midgard +nixos-install --root /mnt --flake github:tboerger/nixos-config\#midgard +``` + +### Updates + +If the repository had been cloned you could just execute `make switch`, +otherwise there is still this long option to update the deployment: + +```console +nixos-rebuild switch \ + --flake github:tboerger/nixos-config\#midgard +``` + +## Utgard + +### Bootstrap + +```console +bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/partitions)" utgard +nixos-install --root /mnt --flake github:tboerger/nixos-config\#utgard +``` + +### Updates + +If the repository had been cloned you could just execute `make switch`, +otherwise there is still this long option to update the deployment: + +```console +nixos-rebuild switch \ + --flake github:tboerger/nixos-config\#utgard +``` + +## Asgard + +### Bootstrap + +```console +bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/partitions)" asgard +nixos-install --root /mnt --flake github:tboerger/nixos-config\#asgard +``` + +### Updates + +If the repository had been cloned you could just execute `make switch`, +otherwise there is still this long option to update the deployment: + +```console +nixos-rebuild switch \ + --flake github:tboerger/nixos-config\#asgard +``` + +## Security + +If you find a security issue please contact thomas@webhippie.de first. + +## Contributing + +Fork -> Patch -> Push -> Pull Request + +## Authors + +- [Thomas Boerger](https://github.com/tboerger) + +## License + +Apache-2.0 + +## Copyright + +```console +Copyright (c) 2021 Thomas Boerger +``` + +[nix]: https://nixos.org/manual/nix/stable/ +[agenix]: https://github.com/ryantm/agenix diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..d19bd6f --- /dev/null +++ b/flake.nix @@ -0,0 +1,114 @@ +{ + description = "NixOS configurations by tboerger"; + + inputs = { + nixpkgs = { + url = "github:nixos/nixpkgs/nixpkgs-unstable"; + }; + + nur = { + url = "github:nix-community/NUR"; + }; + + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + homemanager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nur, ... }@inputs: + let + sharedNixosConfiguration = { config, pkgs, ... }: { + nix = { + package = pkgs.nixFlakes; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + binaryCaches = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + "https://nixpkgs.cachix.org" + "https://tboerger.cachix.org" + ]; + + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE=" + "tboerger.cachix.org-1:3Q1gyqgA9NsOshOgknDvc6fhA8gw0PFAf2qs5vJpeLU=" + ]; + + gc = { + automatic = true; + persistent = true; + dates = "weekly"; + options = "--delete-older-than 2w"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + + overlays = [ + self.overlay + nur.overlay + ]; + }; + }; + in + { + overlay = import ./overlays; + + nixosConfigurations = { + midgard = { + system = "x86_64-linux"; + inherit inputs; + + modules = [ + inputs.homemanager.nixosModules.home-manager + inputs.agenix.nixosModules.age + sharedNixosConfiguration + ./machines/midgard + ./profiles/thomas + ]; + }; + utgard = { + system = "x86_64-linux"; + inherit inputs; + + modules = [ + inputs.homemanager.nixosModules.home-manager + inputs.agenix.nixosModules.age + sharedNixosConfiguration + ./machines/utgard + ./profiles/thomas + ]; + }; + asgard = { + system = "x86_64-linux"; + inherit inputs; + + modules = [ + inputs.homemanager.nixosModules.home-manager + inputs.agenix.nixosModules.age + sharedNixosConfiguration + ./machines/asgard + ./profiles/thomas + ]; + }; + }; + + midgard = self.nixosConfigurations.midgard.system; + utgard = self.nixosConfigurations.utgard.system; + asgard = self.nixosConfigurations.asgard.system; + }; +} diff --git a/machines/asgard/boot.nix b/machines/asgard/boot.nix new file mode 100644 index 0000000..168d5e5 --- /dev/null +++ b/machines/asgard/boot.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { }; +} diff --git a/machines/asgard/default.nix b/machines/asgard/default.nix new file mode 100644 index 0000000..c3b8849 --- /dev/null +++ b/machines/asgard/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../modules + + ./filesystems.nix + ./boot.nix + ./hardware.nix + ./networking.nix + ]; + + system = { + stateVersion = "21.11"; + }; +} diff --git a/machines/asgard/filesystems.nix b/machines/asgard/filesystems.nix new file mode 100644 index 0000000..c2946b2 --- /dev/null +++ b/machines/asgard/filesystems.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + # swapDevices = [{ + # device = "/dev/disk/by-label/swap"; + # }]; + + # fileSystems."/" = { + # device = "/dev/disk/by-label/root"; + # fsType = "ext4"; + # options = [ + # "noatime" + # "discard" + # ]; + # }; + + # fileSystems."/home" = { + # device = "/dev/disk/by-label/home"; + # fsType = "ext4"; + # options = [ + # "noatime" + # "discard" + # ]; + # }; + + # fileSystems."/boot" = { + # device = "/dev/disk/by-label/boot"; + # fsType = "vfat"; + # }; +} diff --git a/machines/asgard/hardware.nix b/machines/asgard/hardware.nix new file mode 100644 index 0000000..ab8ff18 --- /dev/null +++ b/machines/asgard/hardware.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + hardware = { }; +} diff --git a/machines/asgard/networking.nix b/machines/asgard/networking.nix new file mode 100644 index 0000000..599ed25 --- /dev/null +++ b/machines/asgard/networking.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + networking = { + hostName = "asgard"; + defaultGateway = "192.168.1.1"; + + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + interfaces = { + enp2s0f0 = { + ipv4 = { + addresses = [{ + address = "192.168.1.10"; + prefixLength = 24; + }]; + }; + }; + }; + }; +} diff --git a/machines/midgard/boot.nix b/machines/midgard/boot.nix new file mode 100644 index 0000000..168d5e5 --- /dev/null +++ b/machines/midgard/boot.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { }; +} diff --git a/machines/midgard/default.nix b/machines/midgard/default.nix new file mode 100644 index 0000000..c3b8849 --- /dev/null +++ b/machines/midgard/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../modules + + ./filesystems.nix + ./boot.nix + ./hardware.nix + ./networking.nix + ]; + + system = { + stateVersion = "21.11"; + }; +} diff --git a/machines/midgard/filesystems.nix b/machines/midgard/filesystems.nix new file mode 100644 index 0000000..c2946b2 --- /dev/null +++ b/machines/midgard/filesystems.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + # swapDevices = [{ + # device = "/dev/disk/by-label/swap"; + # }]; + + # fileSystems."/" = { + # device = "/dev/disk/by-label/root"; + # fsType = "ext4"; + # options = [ + # "noatime" + # "discard" + # ]; + # }; + + # fileSystems."/home" = { + # device = "/dev/disk/by-label/home"; + # fsType = "ext4"; + # options = [ + # "noatime" + # "discard" + # ]; + # }; + + # fileSystems."/boot" = { + # device = "/dev/disk/by-label/boot"; + # fsType = "vfat"; + # }; +} diff --git a/machines/midgard/hardware.nix b/machines/midgard/hardware.nix new file mode 100644 index 0000000..ab8ff18 --- /dev/null +++ b/machines/midgard/hardware.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + hardware = { }; +} diff --git a/machines/midgard/networking.nix b/machines/midgard/networking.nix new file mode 100644 index 0000000..1b9575a --- /dev/null +++ b/machines/midgard/networking.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + networking = { + hostName = "midgard"; + defaultGateway = "192.168.1.1"; + + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + interfaces = { + enp2s0f0 = { + ipv4 = { + addresses = [{ + address = "192.168.1.5"; + prefixLength = 24; + }]; + }; + }; + }; + }; +} diff --git a/machines/modules/boot.nix b/machines/modules/boot.nix new file mode 100644 index 0000000..55076c3 --- /dev/null +++ b/machines/modules/boot.nix @@ -0,0 +1,40 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.boot; + +in + +{ + options = with lib; { + my = { + modules = { + boot = { + enable = mkEnableOption '' + Whether to enable boot module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + boot = { + kernelPackages = pkgs.linuxPackages_latest; + cleanTmpDir = true; + + loader = { + efi = { + canTouchEfiVariables = true; + }; + + systemd-boot = { + enable = true; + consoleMode = "2"; + editor = false; + }; + }; + }; + }; +} diff --git a/machines/modules/default.nix b/machines/modules/default.nix new file mode 100644 index 0000000..6238489 --- /dev/null +++ b/machines/modules/default.nix @@ -0,0 +1,57 @@ +{ pkgs, lib, config, options, ... }: + +{ + imports = [ + ./settings.nix + + ./boot.nix + ./haveged.nix + ./network.nix + ./nix.nix + ./openssh.nix + ./shells.nix + ./timesyncd.nix + ./tools.nix + ./users.nix + ]; + + my = { + modules = { + boot = { + enable = lib.mkDefault true; + }; + + haveged = { + enable = lib.mkDefault true; + }; + + network = { + enable = lib.mkDefault true; + }; + + nix = { + enable = lib.mkDefault true; + }; + + openssh = { + enable = lib.mkDefault true; + }; + + shells = { + enable = lib.mkDefault true; + }; + + timesyncd = { + enable = lib.mkDefault true; + }; + + tools = { + enable = lib.mkDefault true; + }; + + users = { + enable = lib.mkDefault true; + }; + }; + }; +} diff --git a/machines/modules/haveged.nix b/machines/modules/haveged.nix new file mode 100644 index 0000000..0e07b8a --- /dev/null +++ b/machines/modules/haveged.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.haveged; + +in + +{ + options = with lib; { + my = { + modules = { + haveged = { + enable = mkEnableOption '' + Whether to enable haveged module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + services = { + haveged = { + enable = true; + }; + }; + }; +} diff --git a/machines/modules/network.nix b/machines/modules/network.nix new file mode 100644 index 0000000..68354c7 --- /dev/null +++ b/machines/modules/network.nix @@ -0,0 +1,37 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.network; + +in + +{ + options = with lib; { + my = { + modules = { + network = { + enable = mkEnableOption '' + Whether to enable network module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + programs = { + iftop = { + enable = true; + }; + + iotop = { + enable = true; + }; + + mtr = { + enable = true; + }; + }; + }; +} diff --git a/machines/modules/nix.nix b/machines/modules/nix.nix new file mode 100644 index 0000000..f635660 --- /dev/null +++ b/machines/modules/nix.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.nix; + +in + +{ + options = with lib; { + my = { + modules = { + nix = { + enable = mkEnableOption '' + Whether to enable nix module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + services = { + nix-daemon = { + enable = true; + }; + }; + }; +} diff --git a/machines/modules/openssh.nix b/machines/modules/openssh.nix new file mode 100644 index 0000000..b1f0c77 --- /dev/null +++ b/machines/modules/openssh.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.openssh; + +in + +{ + options = with lib; { + my = { + modules = { + openssh = { + enable = mkEnableOption '' + Whether to enable openssh module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + services = { + openssh = { + enable = true; + permitRootLogin = "yes"; + }; + }; + }; +} diff --git a/machines/modules/settings.nix b/machines/modules/settings.nix new file mode 100644 index 0000000..3ef57bf --- /dev/null +++ b/machines/modules/settings.nix @@ -0,0 +1,35 @@ +{ pkgs, lib, config, options, ... }: + +{ + options = with lib; { + my = { + modules = { }; + }; + }; + + config = { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; + + time = { + timeZone = "Europe/Berlin"; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + hardware = { + enableAllFirmware = true; + enableRedistributableFirmware = true; + }; + + security = { + sudo = { + wheelNeedsPassword = false; + }; + }; + }; +} diff --git a/machines/modules/shells.nix b/machines/modules/shells.nix new file mode 100644 index 0000000..ef117fc --- /dev/null +++ b/machines/modules/shells.nix @@ -0,0 +1,33 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.shells; + +in + +{ + options = with lib; { + my = { + modules = { + shells = { + enable = mkEnableOption '' + Whether to enable shells module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + programs = { + bash = { + enable = true; + }; + + zsh = { + enable = true; + }; + }; + }; +} diff --git a/machines/modules/timesyncd.nix b/machines/modules/timesyncd.nix new file mode 100644 index 0000000..e7ff18b --- /dev/null +++ b/machines/modules/timesyncd.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.timesyncd; + +in + +{ + options = with lib; { + my = { + modules = { + timesyncd = { + enable = mkEnableOption '' + Whether to enable timesyncd module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + services = { + timesyncd = { + enable = true; + }; + }; + }; +} diff --git a/machines/modules/tools.nix b/machines/modules/tools.nix new file mode 100644 index 0000000..8a48912 --- /dev/null +++ b/machines/modules/tools.nix @@ -0,0 +1,37 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.tools; +in + +{ + options = with lib; { + my = { + modules = { + tools = { + enable = mkEnableOption '' + Whether to enable tools module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + coreutils + htop + jq + nmap + rsync + tmux + tree + vim + wget + yq + ]; + }; + }; +} diff --git a/machines/modules/users.nix b/machines/modules/users.nix new file mode 100644 index 0000000..741a2ae --- /dev/null +++ b/machines/modules/users.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.users; +in + +{ + options = with lib; { + my = { + modules = { + users = { + enable = mkEnableOption '' + Whether to enable users module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + users = { + defaultUserShell = pkgs.zsh; + mutableUsers = false; + }; + + users = { + root = { + shell = pkgs.zsh; + hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0"; + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris" + ]; + }; + }; + }; + }; + }; +} diff --git a/machines/utgard/boot.nix b/machines/utgard/boot.nix new file mode 100644 index 0000000..5f68a44 --- /dev/null +++ b/machines/utgard/boot.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { + kernelModules = [ + "kvm-intel" + "wl" + ]; + + extraModulePackages = [ + config.boot.kernelPackages.broadcom_sta + ]; + + initrd = { + availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "firewire_ohci" + "usb_storage" + "usbhid" + "sd_mod" + "sdhci_pci" + ]; + + kernelModules = [ + "dm-snapshot" + ]; + }; + }; +} diff --git a/machines/utgard/default.nix b/machines/utgard/default.nix new file mode 100644 index 0000000..c3b8849 --- /dev/null +++ b/machines/utgard/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../modules + + ./filesystems.nix + ./boot.nix + ./hardware.nix + ./networking.nix + ]; + + system = { + stateVersion = "21.11"; + }; +} diff --git a/machines/utgard/filesystems.nix b/machines/utgard/filesystems.nix new file mode 100644 index 0000000..1a1c9ea --- /dev/null +++ b/machines/utgard/filesystems.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + swapDevices = [{ + device = "/dev/disk/by-label/swap"; + }]; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + options = [ + "noatime" + "discard" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-label/home"; + fsType = "ext4"; + options = [ + "noatime" + "discard" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; +} diff --git a/machines/utgard/hardware.nix b/machines/utgard/hardware.nix new file mode 100644 index 0000000..7ccdce4 --- /dev/null +++ b/machines/utgard/hardware.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + hardware = { + cpu = { + intel = { + updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; + }; + }; +} diff --git a/machines/utgard/networking.nix b/machines/utgard/networking.nix new file mode 100644 index 0000000..957594a --- /dev/null +++ b/machines/utgard/networking.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + networking = { + hostName = "utgard"; + defaultGateway = "192.168.1.1"; + + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + interfaces = { + enp2s0f0 = { + ipv4 = { + addresses = [{ + address = "192.168.1.11"; + prefixLength = 24; + }]; + }; + }; + }; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..126e865 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,3 @@ +self: super: + +{ } diff --git a/profiles/modules/default.nix b/profiles/modules/default.nix new file mode 100644 index 0000000..d56f7fd --- /dev/null +++ b/profiles/modules/default.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, config, options, ... }: + +{ + imports = [ + ./settings.nix + + ./dircolors.nix + ./lsd.nix + ./neovim.nix + ./readline.nix + ./starship.nix + ./zsh.nix + ]; + + my = { + modules = { + dircolors = { + enable = lib.mkDefault true; + }; + + lsd = { + enable = lib.mkDefault true; + }; + + neovim = { + enable = lib.mkDefault true; + }; + + readline = { + enable = lib.mkDefault true; + }; + + starship = { + enable = lib.mkDefault true; + }; + + zsh = { + enable = lib.mkDefault true; + }; + }; + }; +} diff --git a/profiles/modules/dircolors.nix b/profiles/modules/dircolors.nix new file mode 100644 index 0000000..ce245fa --- /dev/null +++ b/profiles/modules/dircolors.nix @@ -0,0 +1,220 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.dircolors; + +in + +{ + options = with lib; { + my = { + modules = { + dircolors = { + enable = mkEnableOption '' + Whether to enable dircolors module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + dircolors = { + enable = true; + + enableBashIntegration = true; + enableZshIntegration = true; + + settings = { + RESET = "0"; + DIR = "00;38;5;33"; + LINK = "01;38;5;37"; + MULTIHARDLINK = "00"; + FIFO = "48;5;230;38;5;136;01"; + SOCK = "48;5;230;38;5;136;01"; + DOOR = "48;5;230;38;5;136;01"; + BLK = "48;5;230;38;5;244;01"; + CHR = "48;5;230;38;5;244;01"; + ORPHAN = "48;5;235;38;5;160"; + MISSING = "00"; + SETUID = "48;5;160;38;5;230"; + SETGID = "48;5;136;38;5;230"; + CAPABILITY = "30;41"; + STICKY_OTHER_WRITABLE = "48;5;64;38;5;230"; + OTHER_WRITABLE = "48;5;235;38;5;33"; + STICKY = "48;5;33;38;5;230"; + EXEC = "01;38;5;64"; + ".tar" = "00;38;5;61"; + ".tgz" = "01;38;5;61"; + ".arj" = "01;38;5;61"; + ".taz" = "01;38;5;61"; + ".lzh" = "01;38;5;61"; + ".lzma" = "01;38;5;61"; + ".tlz" = "01;38;5;61"; + ".txz" = "01;38;5;61"; + ".zip" = "01;38;5;61"; + ".zst" = "01;38;5;61"; + ".z" = "01;38;5;61"; + ".Z" = "01;38;5;61"; + ".dz" = "01;38;5;61"; + ".gz" = "01;38;5;61"; + ".lz" = "01;38;5;61"; + ".xz" = "01;38;5;61"; + ".bz2" = "01;38;5;61"; + ".bz" = "01;38;5;61"; + ".tbz" = "01;38;5;61"; + ".tbz2" = "01;38;5;61"; + ".tz" = "01;38;5;61"; + ".deb" = "01;38;5;61"; + ".rpm" = "01;38;5;61"; + ".jar" = "01;38;5;61"; + ".rar" = "01;38;5;61"; + ".ace" = "01;38;5;61"; + ".zoo" = "01;38;5;61"; + ".cpio" = "01;38;5;61"; + ".7z" = "01;38;5;61"; + ".rz" = "01;38;5;61"; + ".apk" = "01;38;5;61"; + ".gem" = "01;38;5;61"; + ".jpg" = "00;38;5;136"; + ".JPG" = "00;38;5;136"; + ".jpeg" = "00;38;5;136"; + ".gif" = "00;38;5;136"; + ".bmp" = "00;38;5;136"; + ".pbm" = "00;38;5;136"; + ".pgm" = "00;38;5;136"; + ".ppm" = "00;38;5;136"; + ".tga" = "00;38;5;136"; + ".xbm" = "00;38;5;136"; + ".xpm" = "00;38;5;136"; + ".tif" = "00;38;5;136"; + ".tiff" = "00;38;5;136"; + ".png" = "00;38;5;136"; + ".PNG" = "00;38;5;136"; + ".svg" = "00;38;5;136"; + ".svgz" = "00;38;5;136"; + ".mng" = "00;38;5;136"; + ".pcx" = "00;38;5;136"; + ".dl" = "00;38;5;136"; + ".xcf" = "00;38;5;136"; + ".xwd" = "00;38;5;136"; + ".yuv" = "00;38;5;136"; + ".cgm" = "00;38;5;136"; + ".emf" = "00;38;5;136"; + ".eps" = "00;38;5;136"; + ".CR2" = "00;38;5;136"; + ".ico" = "00;38;5;136"; + ".nef" = "00;38;5;136"; + ".NEF" = "00;38;5;136"; + ".webp" = "00;38;5;136"; + ".tex" = "01;38;5;245"; + ".rdf" = "01;38;5;245"; + ".owl" = "01;38;5;245"; + ".n3" = "01;38;5;245"; + ".ttl" = "01;38;5;245"; + ".nt" = "01;38;5;245"; + ".torrent" = "01;38;5;245"; + ".xml" = "01;38;5;245"; + "*Makefile" = "01;38;5;245"; + "*Rakefile" = "01;38;5;245"; + "*Dockerfile" = "01;38;5;245"; + "*build.xml" = "01;38;5;245"; + "*rc" = "01;38;5;245"; + "*1" = "01;38;5;245"; + ".nfo" = "01;38;5;245"; + "*README" = "01;38;5;245"; + "*README.txt" = "01;38;5;245"; + "*readme.txt" = "01;38;5;245"; + ".md" = "01;38;5;245"; + "*README.markdown" = "01;38;5;245"; + ".ini" = "01;38;5;245"; + ".yml" = "01;38;5;245"; + ".cfg" = "01;38;5;245"; + ".conf" = "01;38;5;245"; + ".h" = "01;38;5;245"; + ".hpp" = "01;38;5;245"; + ".c" = "01;38;5;245"; + ".cpp" = "01;38;5;245"; + ".cxx" = "01;38;5;245"; + ".cc" = "01;38;5;245"; + ".objc" = "01;38;5;245"; + ".sqlite" = "01;38;5;245"; + ".go" = "01;38;5;245"; + ".sql" = "01;38;5;245"; + ".csv" = "01;38;5;245"; + ".log" = "00;38;5;240"; + ".bak" = "00;38;5;240"; + ".aux" = "00;38;5;240"; + ".lof" = "00;38;5;240"; + ".lol" = "00;38;5;240"; + ".lot" = "00;38;5;240"; + ".out" = "00;38;5;240"; + ".toc" = "00;38;5;240"; + ".bbl" = "00;38;5;240"; + ".blg" = "00;38;5;240"; + "*~" = "00;38;5;240"; + "*#" = "00;38;5;240"; + ".part" = "00;38;5;240"; + ".incomplete" = "00;38;5;240"; + ".swp" = "00;38;5;240"; + ".tmp" = "00;38;5;240"; + ".temp" = "00;38;5;240"; + ".o" = "00;38;5;240"; + ".pyc" = "00;38;5;240"; + ".class" = "00;38;5;240"; + ".cache" = "00;38;5;240"; + ".aac" = "00;38;5;166"; + ".au" = "00;38;5;166"; + ".flac" = "00;38;5;166"; + ".mid" = "00;38;5;166"; + ".midi" = "00;38;5;166"; + ".mka" = "00;38;5;166"; + ".mp3" = "00;38;5;166"; + ".mpc" = "00;38;5;166"; + ".ogg" = "00;38;5;166"; + ".opus" = "00;38;5;166"; + ".ra" = "00;38;5;166"; + ".wav" = "00;38;5;166"; + ".m4a" = "00;38;5;166"; + ".axa" = "00;38;5;166"; + ".oga" = "00;38;5;166"; + ".spx" = "00;38;5;166"; + ".xspf" = "00;38;5;166"; + ".mov" = "01;38;5;166"; + ".MOV" = "01;38;5;166"; + ".mpg" = "01;38;5;166"; + ".mpeg" = "01;38;5;166"; + ".m2v" = "01;38;5;166"; + ".mkv" = "01;38;5;166"; + ".ogm" = "01;38;5;166"; + ".mp4" = "01;38;5;166"; + ".m4v" = "01;38;5;166"; + ".mp4v" = "01;38;5;166"; + ".vob" = "01;38;5;166"; + ".qt" = "01;38;5;166"; + ".nuv" = "01;38;5;166"; + ".wmv" = "01;38;5;166"; + ".asf" = "01;38;5;166"; + ".rm" = "01;38;5;166"; + ".rmvb" = "01;38;5;166"; + ".flc" = "01;38;5;166"; + ".avi" = "01;38;5;166"; + ".fli" = "01;38;5;166"; + ".flv" = "01;38;5;166"; + ".gl" = "01;38;5;166"; + ".m2ts" = "01;38;5;166"; + ".divx" = "01;38;5;166"; + ".webm" = "01;38;5;166"; + ".axv" = "01;38;5;166"; + ".anx" = "01;38;5;166"; + ".ogv" = "01;38;5;166"; + ".ogx" = "01;38;5;166"; + }; + }; + }; + }; + }; +} diff --git a/profiles/modules/lsd.nix b/profiles/modules/lsd.nix new file mode 100644 index 0000000..b0b5258 --- /dev/null +++ b/profiles/modules/lsd.nix @@ -0,0 +1,32 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.lsd; + +in + +{ + options = with lib; { + my = { + modules = { + lsd = { + enable = mkEnableOption '' + Whether to enable lsd module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + lsd = { + enable = true; + enableAliases = true; + }; + }; + }; + }; +} diff --git a/profiles/modules/neovim.nix b/profiles/modules/neovim.nix new file mode 100644 index 0000000..9de27ad --- /dev/null +++ b/profiles/modules/neovim.nix @@ -0,0 +1,31 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.neovim; + +in + +{ + options = with lib; { + my = { + modules = { + neovim = { + enable = mkEnableOption '' + Whether to enable neovim module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + neovim = { + enable = true; + }; + }; + }; + }; +} diff --git a/profiles/modules/readline.nix b/profiles/modules/readline.nix new file mode 100644 index 0000000..cd78c7f --- /dev/null +++ b/profiles/modules/readline.nix @@ -0,0 +1,36 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.readline; + +in + +{ + options = with lib; { + my = { + modules = { + readline = { + enable = mkEnableOption '' + Whether to enable readline module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + readline = { + enable = true; + + bindings = { + "\e[5~" = "history-search-backward"; + "\e[6~" = "history-search-forward"; + }; + }; + }; + }; + }; +} diff --git a/profiles/modules/settings.nix b/profiles/modules/settings.nix new file mode 100644 index 0000000..27401be --- /dev/null +++ b/profiles/modules/settings.nix @@ -0,0 +1,11 @@ +{ pkgs, lib, config, options, ... }: + +{ + options = with lib; { + my = { + username = mkOption { + type = types.str; + }; + }; + }; +} diff --git a/profiles/modules/starship.nix b/profiles/modules/starship.nix new file mode 100644 index 0000000..9a3fdf7 --- /dev/null +++ b/profiles/modules/starship.nix @@ -0,0 +1,43 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.starship; + +in + +{ + options = with lib; { + my = { + modules = { + starship = { + enable = mkEnableOption '' + Whether to enable starship module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + starship = { + enable = true; + + settings = { + add_newline = true; + battery = { + disabled = true; + }; + directory = { + truncation_length = 5; + truncate_to_repo = false; + truncation_symbol = "…/"; + }; + }; + }; + }; + }; + }; +} diff --git a/profiles/modules/zsh.nix b/profiles/modules/zsh.nix new file mode 100644 index 0000000..5103df0 --- /dev/null +++ b/profiles/modules/zsh.nix @@ -0,0 +1,71 @@ +{ pkgs, lib, config, options, ... }: + +let + cfg = config.my.modules.zsh; + +in + +{ + options = with lib; { + my = { + modules = { + zsh = { + enable = mkEnableOption '' + Whether to enable zsh module + ''; + }; + }; + }; + }; + + config = with lib; + mkIf cfg.enable { + home-manager.users."${config.my.username}" = { config, ... }: { + programs = { + zsh = { + enable = true; + enableCompletion = true; + enableAutosuggestions = true; + enableSyntaxHighlighting = true; + + history = { + size = 10000000; + save = 10000000; + extended = true; + }; + + shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; + + rgrep = "grep -Rn"; + hgrep = "fc -El 0 | grep"; + history = "fc -l 1"; + sha256sum = "shasum -a 256"; + }; + + sessionVariables = { + EDITOR = "vim"; + PAGER = "less"; + CLICOLOR = "1"; + GREP_COLOR = "1;33"; + IGNOREEOF = "1"; + }; + + oh-my-zsh = { + enable = true; + + plugins = [ + "systemd" + "sudo" + "history-substring-search" + "encode64" + "rsync" + "tmux" + ]; + }; + }; + }; + }; + }; +} diff --git a/profiles/thomas/default.nix b/profiles/thomas/default.nix new file mode 100644 index 0000000..240859f --- /dev/null +++ b/profiles/thomas/default.nix @@ -0,0 +1,50 @@ +{ pkgs, inputs, system, lib, ... }: + +let + username = "thomas"; + fullname = "Thomas Boerger"; + +in + +{ + imports = [ + ../modules + ]; + + my = { + username = "${username}"; + + modules = { }; + }; + + users = { + users = { + "${username}" = { + description = "${fullname}"; + shell = pkgs.zsh; + isNormalUser = true; + hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0"; + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris" + ]; + }; + }; + extraGroups = [ + "wheel" + ]; + }; + }; + }; + + home-manager.users."${username}" = { config, ... }: { + home = { + homeDirectory = "/home/${username}"; + + sessionPath = [ + "$HOME/.local/bin" + ]; + }; + }; +} diff --git a/scripts/partitions b/scripts/partitions new file mode 100755 index 0000000..73dcafa --- /dev/null +++ b/scripts/partitions @@ -0,0 +1,155 @@ +#!/usr/bin/env bash +set -eo pipefail + +if [ "${#}" -ne 1 ]; then + echo "Missing host name!" + exit 1 +fi + +if [ "${EUID}" -ne 0 ]; then + echo "Please run as root" + exit 1 +fi + +while true; do + read -p "Are you sure you want to wipe all partitions? " awnser + + case ${awnser} in + [Yy]*) + break + ;; + [Nn]*) + exit + ;; + *) + echo "Please answer yes or no!" + ;; + esac +done + +case "${1}" in + "utgard") + SWAP_SIZE=24G + ROOT_SIZE=50G + HOME_SIZE=50G + ROOT_DISK=/dev/sda + + echo "----> Drop existing partitions" + sgdisk --zap-all /dev/sda + sgdisk -og /dev/sda + sgdisk --zap-all /dev/sdb + sgdisk -og /dev/sdb + + ;; + "asgard") + SWAP_SIZE=24G + ROOT_SIZE=50G + HOME_SIZE=50G + ROOT_DISK=/dev/sde + + echo "----> Drop existing partitions" + sgdisk --zap-all /dev/sda + sgdisk -og /dev/sda + sgdisk --zap-all /dev/sdb + sgdisk -og /dev/sdb + sgdisk --zap-all /dev/sdc + sgdisk -og /dev/sdc + sgdisk --zap-all /dev/sdd + sgdisk -og /dev/sdd + sgdisk --zap-all /dev/sde + sgdisk -og /dev/sde + + ;; + *) + SWAP_SIZE=24G + ROOT_SIZE=50G + HOME_SIZE=50G + ROOT_DISK=/dev/sda + + echo "----> Drop existing partitions" + sgdisk --zap-all /dev/sda + sgdisk -og /dev/sda + + ;; +esac + +echo "-----> Create boot partition" +sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot ${ROOT_DISK} + +echo "-----> Create root partition" +sgdisk -n 0:0:0 -t 0:8300 -c 0:data ${ROOT_DISK} + +echo "-----> Create data pv" +pvcreate /dev/disk/by-partlabel/data + +echo "-----> Create data vg" +vgcreate system /dev/disk/by-partlabel/data + +echo "-----> Create swap volume" +lvcreate --size ${SWAP_SIZE} --name swap system + +echo "-----> Create root volume" +lvcreate --size ${ROOT_SIZE} --name root system + +echo "-----> Create home volume" +lvcreate --size ${HOME_SIZE} --name home system + +echo "-----> Enable swap partition" +mkswap -L swap /dev/system/swap +swapon /dev/system/swap + +echo "-----> Create root filesystem" +mkfs.ext4 -L root /dev/system/root + +echo "-----> Mount root filesystem" +mount -t ext4 /dev/system/root /mnt + +echo "-----> Create home filesystem" +mkfs.ext4 -L home /dev/system/home + +echo "-----> Mount home filesystem" +mkdir /mnt/home +mount -t ext4 /dev/system/home /mnt/home + +echo "-----> Create boot filesystem" +mkfs.vfat -n boot /dev/disk/by-partlabel/boot + +echo "-----> Wait for boot" +sleep 3 + +echo "-----> Mount boot filesystem" +mkdir /mnt/boot +mount /dev/disk/by-label/boot /mnt/boot + +case "${1}" in + "utgard") + echo "-----> Create tank partition" + sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb + + echo "-----> Create tank pv" + pvcreate /dev/disk/by-partlabel/tank + + echo "-----> Create tank vg" + vgcreate tank /dev/disk/by-partlabel/tank + + ;; + + "asgard") + echo "-----> Create tank partition" + sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sda + sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb + sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdc + sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdd + + echo "-----> Create raid volume" + mdadm --create /dev/md0 --level=1 --raid-devices=4 /dev/sda1 /dev/sdb1 + mdadm --create /dev/md1 --level=1 --raid-devices=4 /dev/sdc1 /dev/sdd1 + + echo "-----> Create tank pv" + pvcreate /dev/md0 /dev/md1 + + echo "-----> Create tank vg" + vgcreate tank /dev/md0 /dev/md1 + + ;; +esac diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..f61040b --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +{ pkgs ? import { } }: + +pkgs.mkShell { + buildInputs = with pkgs; [ + nixpkgs-fmt + gnumake + nixUnstable + ]; +}