From f1b0663985f990c902e7a3a74b504a91d473dee5 Mon Sep 17 00:00:00 2001 From: mc-fucker Date: Sat, 16 Oct 2021 12:30:41 +0200 Subject: [PATCH] Initial commit --- configuration.nix | 171 +++++++++++++++++++++++++++++++++++++ hardware-configuration.nix | 22 +++++ 2 files changed, 193 insertions(+) create mode 100644 configuration.nix create mode 100644 hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..7a69be9 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,171 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + let + unstable = import {}; + sshPubkeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch" + ]; + mc1 = "192.168.0.167"; + common_mc1_route = { + via = mc1; + prefixLength = 24; + }; + in + { + users.users = { + root.openssh.authorizedKeys.keys = sshPubkeys; + mc-fucker = { + isNormalUser = true; + openssh.authorizedKeys.keys = sshPubkeys; + hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1"; + extraGroups = [ "wheel" ]; + }; + }; + + nixpkgs.overlays = [ + (self: super: { + gitea = unstable.gitea; + }) + ]; + + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + time.timeZone = "Europe/Berlin"; + + networking.useDHCP = false; + + i18n.defaultLocale = "en_GB.UTF-8"; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + htop + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ 3000 2222 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + + networking = { + nameservers = [ mc1 ]; + defaultGateway = "192.168.0.1"; + interfaces.ens192.ipv4 = { + addresses = [ { + address = "192.168.0.165"; + prefixLength = 24; + } ]; + routes = [ + (common_mc1_route // { address = "192.168.1.0"; }) + (common_mc1_route // { address = "192.168.2.0"; }) + (common_mc1_route // { address = "192.168.3.0"; }) + ]; + }; + }; + + zramSwap = { + enable = true; + #memoryMax = 8000000000; + memoryPercent = 500; + algorithm = "lzo-rle"; + }; + + programs.zsh = { + enable = true; + interactiveShellInit = '' + source ${pkgs.grml-zsh-config}/etc/zsh/zshrc + # Make user colour green in prompt instead of default blue + #zstyle ':prompt:grml:left:items:user' pre '%F{green}%B' + export QUOTING_STYLE=literal + ''; + promptInit = ""; # otherwise it'll override the grml prompt + syntaxHighlighting.enable = true; + autosuggestions = { + enable = true; + highlightStyle = "fg=cyan"; + }; + shellAliases = { + "ip" = "ip -c"; + "nt" = "nixos-rebuild test"; + "ns" = "nixos-rebuild switch"; + "nsu" = "nixos-rebuild switch --upgrade"; + }; + }; + + users.defaultUserShell = pkgs.zsh; + + security.sudo.wheelNeedsPassword = false; + + services = { + openssh.enable = true; + + zabbixAgent = { + enable = true; + openFirewall = true; + server = mc1; + }; + + gitea = { + enable = true; + domain = "dev.mc-fucker.cool"; + rootUrl = "https://dev.mc-fucker.cool"; + log.level = "Info"; + database = { + createDatabase = false; + host = "192.168.2.5"; + type = "postgres"; + port = 5432; + name = "giteadb"; + passwordFile = /run/keys/gitea-dbpassword; + }; + settings = { + service = { + REGISTER_MANUAL_CONFIRM = true; + }; + server = { + START_SSH_SERVER = true; + SSH_SERVER_HOST_KEYS = "ssh/gitea.ed25519"; + #SSH_SERVER_KEY_EXCHANGES = "curve25519-sha256@libssh.org"; + # SSH_PORT = 2222; + # SSH_LISTEN_PORT = 2222; + }; + }; + ssh.clonePort = 2222; + }; + }; +} + +# vim: set et ts=2 sw=2 ai diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..e589968 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,22 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "floppy" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/92494416-3ec5-4bcd-adc9-11375646fe80"; + fsType = "btrfs"; + options = [ "compress-force=zstd:7" ]; + }; + + swapDevices = [ ]; + +}