felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2026-03-13 03:24:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: felix:943e4c84d967e2390a71adec1fff00c23a28c6a7
Branches Tags
felix:master
felix:nixos-23.11
..
compare: felix:fb60b7c054b9a676849f62469bb09dabce0adc7c
Branches Tags
felix:master
felix:nixos-23.11

No commits in common. "943e4c84d967e2390a71adec1fff00c23a28c6a7" and "fb60b7c054b9a676849f62469bb09dabce0adc7c" have entirely different histories.
943e4c84d9 ... fb60b7c054

14 changed files with 175 additions and 228 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community",
"repo": "disko",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github"
},
"original": {
@ -114,11 +114,11 @@
]
},
"locked": {
"lastModified": 1769069492,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"type": "github"
},
"original": {
@ -222,11 +222,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1769086393,
"narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
"lastModified": 1768584846,
"narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
"rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
"type": "github"
},
"original": {
@ -237,11 +237,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1769089682,
"narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
"lastModified": 1768323494,
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
"rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
"type": "github"
},
"original": {
@ -297,11 +297,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -354,11 +354,11 @@
]
},
"locked": {
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"lastModified": 1768481291,
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -97,7 +97,6 @@
keep-sorted.enable = true;
markdownlint.enable = true;
nil.enable = true;
nixf-diagnose.enable = true;
nixfmt-rfc-style.enable = true;
shellcheck.enable = true;
statix.enable = true;

6
images/base-config.nix
View file

@ -50,8 +50,10 @@
};
};
my.profiles.core.nix.enable = true;
my.profiles.core.packages.enable = true;
imports = [
../profiles/core/core.nix
../profiles/core/nix.nix
];
documentation = {
enable = lib.mkDefault false;

25
images/flake-module.nix
View file

@ -1,16 +1,10 @@
{ self, ... }:
let
inherit (self.inputs) nixos-generators sops-nix;
defaultModules = [
{
imports = [
./base-config.nix
sops-nix.nixosModules.sops
];
_module.args.inputs = self.inputs;
}
../profiles
];
inherit (self.inputs) nixos-generators;
defaultModule = {
imports = [ ./base-config.nix ];
_module.args.inputs = self.inputs;
};
in
{
perSystem =
@ -20,14 +14,16 @@ in
install-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
inherit pkgs;
modules = defaultModules;
modules = [ defaultModule ];
format = "install-iso";
};
# install-sd-aarch64 = nixos-generators.nixosGenerate {
# system = "aarch64-linux";
# inherit pkgs;
# modules = defaultModules;
# modules = [
# defaultModule
# ];
# format = "sd-aarch64-installer";
# };
};
@ -39,7 +35,8 @@ in
# {
# nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# }
# ] ++ defaultModules;
# defaultModule
# ];
# };
#};
}

1
modules/hardware/yubikey/default.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
let

1
modules/services/remote-build/default.nix
View file

@ -19,7 +19,6 @@ in
users.users.nixremote = {
isSystemUser = true;
group = "nixremote";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@workman"
];

46
profiles/core/core.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, ... }:
{
# Packages
environment.systemPackages = with pkgs; [
bandwhich # bandwidth monitor
bind # dns tools (dig, etc)
borgbackup # backup tool
cryptsetup # luks volume management
delta # git diff viewer
fd # find replacement in rust
file # show file type
fzf # fuzzy finder
gettext # localization tools
git # version control
gptfdisk # disk partitioning tools
htop # process monitor
jq # json processor
killall # kill processes by name
lsof # list open files
mosh # mobile shell
mtr # network diagnostic tool
multipath-tools # disk multipathing tools (kpartx)
neovim # text editor
nmap # network scanner
nmon # performance monitor
ouch # de-/compression tool
pciutils # lspci
progress # show progress of coreutils commands
pv # pipe viewer
reptyr # reparent process to new terminal
rsync # remote file sync
screen # terminal multiplexer
sd # sed replacement
stress-ng # stress testing
tmux # terminal multiplexer
unzip # unzip tools
usbutils # lsusb
vim # text editor
wget # file downloader
whois # domain lookup
xcp # rust cp replacement
zip # zip tools
];
time.timeZone = "Europe/Berlin";
}

32
profiles/core/default.nix
View file

@ -1,31 +1,23 @@
{
config,
lib,
pkgs,
inputs,
...
}:
}@args:
let
cfg = config.my.profiles.core;
in
{
imports = [
./kernel-modules.nix
./network.nix
./nix.nix
./packages.nix
./users.nix
];
options.my.profiles.core.enable = lib.mkEnableOption "core profile";
config = lib.mkIf cfg.enable {
my.profiles.core = {
packages.enable = lib.mkDefault true;
kernel-modules.enable = lib.mkDefault true;
network.enable = lib.mkDefault true;
nix.enable = lib.mkDefault true;
users.enable = lib.mkDefault true;
};
time.timeZone = "Europe/Berlin";
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
(import ./core.nix args)
(import ./modules.nix args)
(import ./network.nix args)
(import ./nix.nix args)
(import ./users.nix args)
]
);
}

21
profiles/core/kernel-modules.nix
View file

@ -1,21 +0,0 @@
{ config, lib, ... }:
let
cfg = config.my.profiles.core.kernel-modules;
in
{
options.my.profiles.core.kernel-modules.enable = lib.mkEnableOption "kernel module profile";
config = lib.mkIf cfg.enable {
boot.initrd.availableKernelModules = [
"ahci"
"e1000e"
"ehci_pci"
"nvme"
"sd_mod"
"uas"
"usbhid"
"usb_storage"
"xhci_pci"
];
};
}

15
profiles/core/modules.nix Normal file
View file

@ -0,0 +1,15 @@
_: {
boot.initrd = {
availableKernelModules = [
"ahci"
"e1000e"
"ehci_pci"
"nvme"
"sd_mod"
"uas"
"usbhid"
"usb_storage"
"xhci_pci"
];
};
}

26
profiles/core/network.nix
View file

@ -1,20 +1,12 @@
{ config, lib, ... }:
let
cfg = config.my.profiles.core.network;
in
{
options.my.profiles.core.network.enable = lib.mkEnableOption "core network profile";
_: {
networking.networkmanager = {
enable = true;
config = lib.mkIf cfg.enable {
networking.networkmanager = {
enable = true;
unmanaged = [
"interface-name:br-*" # docker compose bridges
"interface-name:docker?" # docker default bridge
"interface-name:veth*" # docker veth devices
"interface-name:virbr?" # libvirt default bridge
];
};
unmanaged = [
"interface-name:br-*" # docker compose bridges
"interface-name:docker?" # docker default bridge
"interface-name:veth*" # docker veth devices
"interface-name:virbr?" # libvirt default bridge
];
};
}

71
profiles/core/nix.nix
View file

@ -1,49 +1,36 @@
{ inputs, ... }:
{
config,
lib,
inputs,
...
}:
let
cfg = config.my.profiles.core.nix;
in
{
options.my.profiles.core.nix.enable = lib.mkEnableOption "core nix profile";
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
config = lib.mkIf cfg.enable {
nix = {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
settings = {
trusted-users = [
"root"
"@wheel"
];
auto-optimise-store = true;
builders-use-substitutes = true;
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
registry = {
nixpkgs.flake = inputs.nixpkgs;
unstable.flake = inputs.nixpkgs-unstable;
};
settings = {
trusted-users = [
"root"
"@wheel"
];
auto-optimise-store = true;
builders-use-substitutes = true;
};
# auto upgrade with own flakes
system.autoUpgrade = {
enable = true;
flake = "github:Stunkymonkey/nixos";
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
registry = {
nixpkgs.flake = inputs.nixpkgs;
unstable.flake = inputs.nixpkgs-unstable;
};
};
# auto upgrade with own flakes
system.autoUpgrade = {
enable = true;
flake = "github:Stunkymonkey/nixos";
};
}

55
profiles/core/packages.nix
View file

@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.profiles.core.packages;
in
{
options.my.profiles.core.packages.enable = lib.mkEnableOption "core packages profile";
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
bandwhich # bandwidth monitor
bind # dns tools (dig, etc)
borgbackup # backup tool
cryptsetup # luks volume management
delta # git diff viewer
fd # find replacement in rust
file # show file type
fzf # fuzzy finder
gettext # localization tools
git # version control
gptfdisk # disk partitioning tools
htop # process monitor
jq # json processor
killall # kill processes by name
lsof # list open files
mosh # mobile shell
mtr # network diagnostic tool
multipath-tools # disk multipathing tools (kpartx)
neovim # text editor
nmap # network scanner
nmon # performance monitor
ouch # de-/compression tool
pciutils # lspci
progress # show progress of coreutils commands
pv # pipe viewer
reptyr # reparent process to new terminal
rsync # remote file sync
screen # terminal multiplexer
sd # sed replacement
stress-ng # stress testing
tmux # terminal multiplexer
unzip # unzip tools
usbutils # lsusb
vim # text editor
wget # file downloader
whois # domain lookup
xcp # rust cp replacement
zip # zip tools
];
};
}

67
profiles/core/users.nix
View file

@ -1,42 +1,35 @@
{ config, lib, ... }:
let
cfg = config.my.profiles.core.users;
in
{ config, ... }:
{
options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile";
sops.secrets."users/felix/password".neededForUsers = true;
sops.secrets."users/felix/password" = { };
config = lib.mkIf cfg.enable {
sops.secrets."users/felix/password".neededForUsers = true;
sops.secrets."users/felix/password" = { };
users.users.felix = {
isNormalUser = true;
home = "/home/felix";
group = "felix";
extraGroups = [
"adbusers" # adb control
"audio" # sound control
"cdrom" # emulate cds
"dialout" # serial-console
"docker" # usage of `docker` socket
"input" # mouse control
"libvirtd" # kvm control
"networkmanager" # wireless configuration
"podman" # usage of `podman` socket
"seat" # access to input devices
"video" # screen control
"wheel" # `sudo` for the user.
];
hashedPasswordFile = config.sops.secrets."users/felix/password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
];
};
users.users.felix = {
isNormalUser = true;
home = "/home/felix";
group = "felix";
extraGroups = [
"adbusers" # adb control
"audio" # sound control
"cdrom" # emulate cds
"dialout" # serial-console
"docker" # usage of `docker` socket
"input" # mouse control
"libvirtd" # kvm control
"networkmanager" # wireless configuration
"podman" # usage of `podman` socket
"seat" # access to input devices
"video" # screen control
"wheel" # `sudo` for the user.
];
hashedPasswordFile = config.sops.secrets."users/felix/password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
];
};
users.groups.felix = {
gid = 1000;
};
users.groups.felix = {
gid = 1000;
};
}