From 25d4dc93f1817ca7f5ccae3315cfff9af36acf02 Mon Sep 17 00:00:00 2001 From: Hadi <112569860+anotherhadi@users.noreply.github.com> Date: Mon, 17 Jun 2024 23:29:47 +0200 Subject: [PATCH] add server --- .sops.yaml | 4 ++ flake.nix | 18 ++++++ home/server.nix | 49 ++++++++++++++++ home/system/sops/server.nix | 16 +++++ hosts/server/configuration.nix | 104 +++++++++++++++++++++++++++++++++ hosts/server/variables.nix | 31 ++++++++++ secrets/laptop.yaml | 6 +- secrets/server.yaml | 22 +++++++ 8 files changed, 247 insertions(+), 3 deletions(-) create mode 100644 home/server.nix create mode 100644 home/system/sops/server.nix create mode 100644 hosts/server/configuration.nix create mode 100644 hosts/server/variables.nix create mode 100644 secrets/server.yaml diff --git a/.sops.yaml b/.sops.yaml index 7b61982..d9fb033 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,3 +5,7 @@ creation_rules: key_groups: - age: - *primary + - path_regex: secrets/server.yaml$ + key_groups: + - age: + - *primary diff --git a/flake.nix b/flake.nix index adfafe4..2d49fd3 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,24 @@ ]; }; + jack = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/laptop/configuration.nix + inputs.home-manager.nixosModules.home-manager + { + nixpkgs.overlays = [ nur.overlay ]; + _module.args = { inherit inputs; }; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users."hadi" = import ./home/server.nix; # CHANGE ME + extraSpecialArgs = { inherit inputs; }; + }; + } + ]; + }; + }; }; } diff --git a/home/server.nix b/home/server.nix new file mode 100644 index 0000000..317f401 --- /dev/null +++ b/home/server.nix @@ -0,0 +1,49 @@ +{ pkgs, config, ... }: { + + imports = [ + ../hosts/laptop/variables.nix + + # Programs + ./programs/btop + ./programs/nvim + + # Scripts + ./scripts # All scripts + + # System + ./system/git + ./system/shell + ./system/sops/server.nix + ]; + + home = { + inherit (config.var) username; + inherit (config.var) homeDirectory; + + packages = with pkgs; [ + # Dev + go + cargo + nodejs + python3 + jq + + # Utils + fd + bc + gcc + zip + unzip + wget + curl + glow + wireguard-tools + pfetch + ]; + + stateVersion = "24.05"; + }; + + programs.home-manager.enable = true; + +} diff --git a/home/system/sops/server.nix b/home/system/sops/server.nix new file mode 100644 index 0000000..09fd384 --- /dev/null +++ b/home/system/sops/server.nix @@ -0,0 +1,16 @@ +{ pkgs, inputs, ... }: { + imports = [ inputs.sops-nix.homeManagerModules.sops ]; + + home.packages = with pkgs; [ sops age ]; + + sops = { + age.keyFile = "/home/hadi/.config/sops/age/keys.txt"; + defaultSopsFile = ../../../secrets/laptop.yaml; + secrets = { + sshconfig = { path = "/home/hadi/.ssh/config"; }; + github-key = { path = "/home/hadi/.ssh/github"; }; + }; + }; + + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; +} diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix new file mode 100644 index 0000000..c9ad8e4 --- /dev/null +++ b/hosts/server/configuration.nix @@ -0,0 +1,104 @@ +{ pkgs, config, ... }: { + imports = [ ./hardware-configuration.nix ./variables.nix ]; + + # Bootloader. + boot = { + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot = { + enable = true; + consoleMode = "auto"; + }; + tmp.cleanOnBoot = true; + kernelPackages = + pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc. + }; + + # Networking + networking.hostName = config.var.hostname; + + # Timezone and locale + time.timeZone = config.var.timeZone; + i18n.defaultLocale = config.var.defaultLocale; + i18n.extraLocaleSettings = { + LC_ADDRESS = config.var.extraLocale; + LC_IDENTIFICATION = config.var.extraLocale; + LC_MEASUREMENT = config.var.extraLocale; + LC_MONETARY = config.var.extraLocale; + LC_NAME = config.var.extraLocale; + LC_NUMERIC = config.var.extraLocale; + LC_PAPER = config.var.extraLocale; + LC_TELEPHONE = config.var.extraLocale; + LC_TIME = config.var.extraLocale; + }; + + # Users + users.users.${config.var.username} = { + isNormalUser = true; + description = "${config.var.username} account"; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + services = { + xserver = { + enable = true; + xkb.layout = config.var.keyboardLayout; + xkb.variant = ""; + }; + gnome.gnome-keyring.enable = true; + }; + console.keyMap = config.var.keyboardLayout; + + # Shell + programs.zsh = { + enable = true; + loginShellInit = '' + dbus-update-activation-environment --systemd DISPLAY + ''; + }; + users.defaultUserShell = pkgs.zsh; + + nix = { + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + substituters = [ "https://hyprland.cachix.org" ]; + trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + ]; + }; + gc = if config.var.autoGarbageCollector then { + automatic = true; + persistent = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + } else + { }; + }; + + nixpkgs.config.allowUnfree = true; + + system.autoUpgrade = if config.var.autoUpgrade then { + enable = true; + dates = "04:00"; + flake = "${config.var.configDirectory}"; + flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]; + allowReboot = false; + } else + { }; + + services.libinput.enable = true; + programs.dconf.enable = true; + + # Faster rebuilding + documentation = { + enable = true; + doc.enable = false; + man.enable = true; + dev.enable = false; + }; + + services.dbus.enable = true; + + # Don't touch this + system.stateVersion = "24.05"; +} diff --git a/hosts/server/variables.nix b/hosts/server/variables.nix new file mode 100644 index 0000000..545c699 --- /dev/null +++ b/hosts/server/variables.nix @@ -0,0 +1,31 @@ +{ config, ... }: { + imports = [ ../shared/variables-config.nix ]; + + config.var = { + hostname = "jack-nixos"; + username = "hadi"; + homeDirectory = "/home/" + config.var.username; + configDirectory = config.var.homeDirectory + "/.config/nixos"; + + keyboardLayout = "fr"; + + timeZone = "Europe/Paris"; + defaultLocale = "en_US.UTF-8"; + extraLocale = "fr_FR.UTF-8"; + + git = { + username = "Hadi"; + email = "112569860+anotherhadi@users.noreply.github.com"; + }; + + stateVersion = "24.05"; + + autoUpgrade = false; + autoGarbageCollector = false; + nextcloud = false; + sops = true; + obsidian = false; + + theme = import ../themes/catppuccin.nix; # select your theme here + }; +} diff --git a/secrets/laptop.yaml b/secrets/laptop.yaml index 8d6916a..a606276 100644 --- a/secrets/laptop.yaml +++ b/secrets/laptop.yaml @@ -1,4 +1,4 @@ -sshconfig: ENC[AES256_GCM,data:NJBCn27rgJi6tt53blTomEWk9ZvsT/k8ui1SJMbw38ZYasjEfI8I5NEgl/17cnAAqlgllYvfzALuD/6fBSx5UHw6w6GtxGangt0xzwo7IpeHMbn95JT9uqukM6YETN0RaKwpyKzYTrOvug4AtEvfebOmUN7YsXjI52Zfq+Hx0p2zQNdAzS2OaCzA1qLWrtxCqXbnmFRKL3wDBeiiedMlq+1ISn94gJf9FgrgMeboy8m4+xU1TweBTm3ryzeYm2oBcni6bLbsFPgH2dYUMU184BcmUKyPnZLz/eBXGP9XW3wIml5YscRKxXMn+zhSmz5MkfpVdz45dPmoONlyvDXAgVdve/+SAXYCC7rrRfZ2W0JkbvQYY9DhE6Ypac/Icp0hMCxz7uUxD6x1feLy,iv:jD/uDPaGWkGjp8g5Zp+mdu8i1g4IP8DPssH5Y+Bs5jg=,tag:k4sLHcSawgBpDt/0DiLBSA==,type:str] +sshconfig: ENC[AES256_GCM,data:NfAnvSxrIwUyD3B5dM2rA6cNdb0dF5eVVK1veJD9Zzgb/s07ENNEE3BYLmvgwD4uNtRvdpb2Y4qRa36++90TPO1tRtwk39FYXa5aGDfBbNWO07XgXEIthQ8P9/C1aPNSpTPePqgLPylpvwcol0wPIfZ0wDvDoQb0T5NguOOnNno0Vc1WyLJ5A7kopbd4vZDeCMHqRT2b7ReF+o2X4PHFLhOVau22bOA8TSi/XVmlM0rtk7w36PRImLTpMLY9+4CRJ7G5Wkqxt3SpjnXMqovMiwxM3k0jgKbMvnC1jQmEzV5UOTNKZGDTkuJlQMpOVrjlQ8S19YiiFi5gtUncdO5DwFty62mZI17LSFHqVqGA8Wzpdqpgy87LMs43QHEm2/eNkny/cSWKsaibjYVp5OIhW2Ew5/jtNbOpQZ7sIxnfWJXhA5oWM6UonqAiQPX/dtEDGFfiItZJOs+P/9srYjOxIxTkWjo7Gfv3QoEo,iv:mrfA1YWCMfq1aidCgBoEhYKjlyHJZFhDsqI9jAI6HcE=,tag:f8AcZtUQOTEWfcHtbekcaw==,type:str] github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str] gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str] sops: @@ -16,8 +16,8 @@ sops: cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-14T00:58:02Z" - mac: ENC[AES256_GCM,data:+kfbw85KY9+HKgpXWEtLo69A6V/tzDzqGEwZUSK3paqKweMB9/qjjfttViqb+CJpJ9UXC+pXBKD+G+eCVjz0sO8zuulf/95+20XZx/IQHNHqLMzoJSSMNEpJVo8LgYaiRDwKkRh8AaWrAvEGSNWckf5ftl+krLasXu60o8835og=,iv:FEDkZKznyvqxw+YEzH3m0I5MS99LDI31DYeDn5OjQEo=,tag:EdQk5Q8PGSnKXO3p8yJrwg==,type:str] + lastmodified: "2024-06-17T21:29:39Z" + mac: ENC[AES256_GCM,data:+YazS1pi3GhdcCbRaEI0Jry1djMy1fZukk0g/EYQBZSHrrigN90J7KevcL4iYbXScADswiQjV8o33UtLv71czADY7ZDry8SmlMF/Zt3mDf2poY9eiacFzo99dDaf/t8QoQedZQI27mINaO2ZBxjO9YOcjU6gj9FVmNEFX5uQqII=,iv:MZ+zzn91wETMgjNkdL35PcqfVpega+p67Z22xlB4rMQ=,tag:vu2k5vGrTeBGc114+9QinQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/secrets/server.yaml b/secrets/server.yaml new file mode 100644 index 0000000..d401b70 --- /dev/null +++ b/secrets/server.yaml @@ -0,0 +1,22 @@ +sshconfig: ENC[AES256_GCM,data:4js0EtQXcazsMDoF3LFmEqvDSxviZFTLtmyd0XgS4PTcf7exHj586EqxJRMQuT318PyPH+KzYU5XV1OwnZl8c5G0ZSivj2AJewAPe0JtByqrBA6xEiozDGP8s8YezELZs2MebVHHWxzn+g/HsJM3QFoR3g==,iv:l1pS/K2GHNJ8aztgYGvtksP3QR4qqhIDRLiWg6dwGzc=,tag:adAmwETO0gmeC0jGGkFSmg==,type:str] +github-key: ENC[AES256_GCM,data:6u7+Rq+FYhYvfHoCNeQ2zKHVzsw9gbsFcoEcEMHc5gDenLwjTBTvY5TroIY5X8SvDh656N8WsOTIYGqbRyNY1bnCsMt9Q6rlanIlc1BGp77bctztImp0KKbMctDDvG+6FVqvdmO5gwO1+lUB/uX4Sb6DeFGrizDyhoKZlTrA7GHnYh4prryimlSnlwzhXTtpqQ7fzyniNShXlJPgQfGB7Z3LJCmMEUs4CHVRuuIIgRm/wk5muhJmynKsuB8l0tSqVDaNQjTrxE95p021ivCiEHWULf6+Z31u5tTG+yps2y5kpSP08Op9mk1aB7Wrcg/vh52wWvedpTuqLSeJCzxbLWrmeMq8d9J402ZH8jgI2WfqgWHdHotODrD12n5nA5b6gnoQ7N793FuQPKu4YfMbCvZN5gdzNrfmAuAaSCTq1XTr4z8As81LIZxbj22uyRSEvZM6biqVZOIk7I0FZMN2BnWVZLYOoC+fyeedh/I1ZqYWuvswCUBowrVJ875eo+/+2JEcRiXIGcLFsuPsbw8R,iv:gv6qb91ZvkOIT6QuQZvLuotxGaBv1nK8ytagDWtiWBQ=,tag:2tXUNGiA/5xhxCXC5v4D3w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVWN4YjZqczB3Q21WL1lz + ckROWkhRditHblVHVEpOS0E0aGVqdW14M0ZvCkNzRXlCOWFBWmQwTGpTYVdFRlpq + bFdOR2pSTEZpUVpvUHo2NklrQm5EU1kKLS0tIFZ5ZWhYcHg1Z0hTOTZIdHR1QUxv + cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo + FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-17T21:29:06Z" + mac: ENC[AES256_GCM,data:Qf8iaIs0aGxMxR1GjN40OOYDuTWZbPjbr4yo93rlXNyUvvSdr57NHMFX6jnMuTpYCqZ2gvjbrplN5FOP4f+EsPis6OPHO61S3WHBmsV4vhB0BZBKdKV2bQZERxxVQEBKE9KzaHmYvpWbFzHhTnv+/8notxFUjgVGdT0UQ/CMJVM=,iv:f+T4v9Igbn+O8VnCePPCGwGv66rPjslmPC8A3EP4ti8=,tag:XjYYVAMDhgdboypCyiUriQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1