From 1554b3118cbc4bdba1648027b7f7cc92fc76fa7c Mon Sep 17 00:00:00 2001 From: Noa Aarts Date: Fri, 15 Mar 2024 19:51:54 +0100 Subject: [PATCH] add config for my server --- flake.lock | 240 +++++++++++++++++++++++- hosts/server/configuration.nix | 137 ++++++++++++++ hosts/server/disk-config.nix | 56 ++++++ hosts/server/hardware-configuration.nix | 25 +++ hosts/server/home.nix | 96 ++++++++++ hosts/server/root.nix | 81 ++++++++ 6 files changed, 626 insertions(+), 9 deletions(-) create mode 100644 hosts/server/configuration.nix create mode 100644 hosts/server/disk-config.nix create mode 100644 hosts/server/hardware-configuration.nix create mode 100644 hosts/server/home.nix create mode 100644 hosts/server/root.nix diff --git a/flake.lock b/flake.lock index aabbe26..b952f60 100644 --- a/flake.lock +++ b/flake.lock @@ -111,7 +111,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, @@ -129,7 +129,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_4" }, "locked": { "lastModified": 1701680307, @@ -208,6 +208,129 @@ "type": "github" } }, + "hyprcursor": { + "inputs": { + "hyprlang": "hyprlang", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1710257359, + "narHash": "sha256-43re5pzE/cswFAgw92/ugsB3+d5ufDaCcLtl9ztKfBo=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "1761f6cefd77f4fcd2039d930c88d6716ddc4974", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "hyprcursor": "hyprcursor", + "hyprland-protocols": "hyprland-protocols", + "hyprlang": "hyprlang_2", + "nixpkgs": "nixpkgs", + "systems": "systems_2", + "wlroots": "wlroots", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1710519433, + "narHash": "sha256-KODRuf2tf2SueqCEcj6Pu5cpBy8WcXsM0DkEeR5noBk=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "a958884b5259ec5d6a2c97078b373c722ae20c39", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1691753796, + "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "nixpkgs": [ + "hyprland", + "hyprcursor", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1709914708, + "narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprlang_2": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1709914708, + "narHash": "sha256-bR4o3mynoTa1Wi4ZTjbnsZ6iqVcPGriXp56bZh5UFTk=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "a685493fdbeec01ca8ccdf1f3655c044a8ce2fe2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, "nix-colors": { "inputs": { "base16-schemes": "base16-schemes", @@ -250,15 +373,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1710451336, - "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", - "owner": "nixos", + "lastModified": 1710272261, + "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "d691274a972b3165335d261cc4671335f5c67de9", + "rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -279,6 +402,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1710451336, + "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d691274a972b3165335d261cc4671335f5c67de9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", @@ -337,12 +476,43 @@ "inputs": { "automapaper": "automapaper", "home-manager": "home-manager", + "hyprland": "hyprland", "nix-colors": "nix-colors", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim" } }, "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -357,7 +527,7 @@ "type": "github" } }, - "systems_2": { + "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -371,6 +541,58 @@ "repo": "default", "type": "github" } + }, + "wlroots": { + "flake": false, + "locked": { + "host": "gitlab.freedesktop.org", + "lastModified": 1709983277, + "narHash": "sha256-wXWIJLd4F2JZeMaihWVDW/yYXCLEC8OpeNJZg9a9ly8=", + "owner": "wlroots", + "repo": "wlroots", + "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", + "type": "gitlab" + }, + "original": { + "host": "gitlab.freedesktop.org", + "owner": "wlroots", + "repo": "wlroots", + "rev": "50eae512d9cecbf0b3b1898bb1f0b40fa05fe19b", + "type": "gitlab" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1709299639, + "narHash": "sha256-jYqJM5khksLIbqSxCLUUcqEgI+O2LdlSlcMEBs39CAU=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "2d2fb547178ec025da643db57d40a971507b82fe", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } } }, "root": "root", diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix new file mode 100644 index 0000000..57b040a --- /dev/null +++ b/hosts/server/configuration.nix @@ -0,0 +1,137 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ pkgs, inputs, nix-colors, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # LOVE me some blob + hardware.enableRedistributableFirmware = true; + hardware.enableAllFirmware = true; + + networking.hostName = "NoasServer"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + nix = { + settings = { + # auto optimise every so often + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + substituters = ["https://hyprland.cachix.org"]; + trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + }; + gc.automatic = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "nl_NL.UTF-8"; + LC_IDENTIFICATION = "nl_NL.UTF-8"; + LC_MEASUREMENT = "nl_NL.UTF-8"; + LC_MONETARY = "nl_NL.UTF-8"; + LC_NAME = "nl_NL.UTF-8"; + LC_NUMERIC = "nl_NL.UTF-8"; + LC_PAPER = "nl_NL.UTF-8"; + LC_TELEPHONE = "nl_NL.UTF-8"; + LC_TIME = "nl_NL.UTF-8"; + }; + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.noa = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + firefox + tree + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWtje7dGqyrBY7PLq6DANvUR6yfungQNsXGkTO6PP6/ noa@NoasPCArch" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + sddm + git + zsh + neovim + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + programs.zsh.enable = true; + + home-manager = { + extraSpecialArgs = { + inherit inputs; + inherit nix-colors; + }; + users = { + "noa" = import ./home.nix; + "root" = import ./root.nix; + }; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.05"; # Did you read the comment? + +} diff --git a/hosts/server/disk-config.nix b/hosts/server/disk-config.nix new file mode 100644 index 0000000..544dc63 --- /dev/null +++ b/hosts/server/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix new file mode 100644 index 0000000..59d59c2 --- /dev/null +++ b/hosts/server/hardware-configuration.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/server/home.nix b/hosts/server/home.nix new file mode 100644 index 0000000..2c53f17 --- /dev/null +++ b/hosts/server/home.nix @@ -0,0 +1,96 @@ +{ config, pkgs, inputs, ... }: + +{ + imports = + [ + inputs.nixvim.homeManagerModules.nixvim + ../../common/zsh.nix + ../../common/git.nix + ../../common/nvim/nvim.nix + ]; + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "noa"; + home.homeDirectory = "/home/noa"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + nixpkgs.config.allowUnfree = true; + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = with pkgs; [ + file + unzip + zip + + dig + mtr + + btop + lsd + + lm_sensors + + # Programming langs + go + nodejs + rustup + ]; + + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/noa/etc/profile.d/hm-session-vars.sh + # + + home.sessionVariables = { + EDITOR = "nvim"; + TERM = "kitty"; + }; + + xdg = { + enable = true; + }; + + xdg.userDirs = { + enable = true; + createDirectories = true; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/hosts/server/root.nix b/hosts/server/root.nix new file mode 100644 index 0000000..022c0da --- /dev/null +++ b/hosts/server/root.nix @@ -0,0 +1,81 @@ +{ config, pkgs, inputs, ... }: + +{ + imports = + [ + inputs.nixvim.homeManagerModules.nixvim + ../../common/zsh.nix + ../../common/git.nix + ../../common/nvim/nvim.nix + ]; + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "root"; + home.homeDirectory = "/root"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + nixpkgs.config.allowUnfree = true; + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = with pkgs; [ + file + unzip + zip + + dig + mtr + + lsd + ]; + + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/noa/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + EDITOR = "nvim"; + TERM = "kitty"; + }; + + xdg.userDirs.enable = true; + xdg.userDirs.createDirectories = true; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +}