dhimas/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add server

Browse Source
This commit is contained in:
Hadi 2024-06-17 23:29:47 +02:00
parent d1b581fd58
commit 25d4dc93f1
8 changed files with 247 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml
View File

@ -5,3 +5,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *primary - *primary
- path_regex: secrets/server.yaml$
key_groups:
- age:
- *primary

18
flake.nix
View File

@ -48,6 +48,24 @@
]; ];
}; };
jack = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/laptop/configuration.nix
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = [ nur.overlay ];
_module.args = { inherit inputs; };
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."hadi" = import ./home/server.nix; # CHANGE ME
extraSpecialArgs = { inherit inputs; };
};
}
];
};
}; };
}; };
} }

49
home/server.nix Normal file
View File

@ -0,0 +1,49 @@
{ pkgs, config, ... }: {
imports = [
../hosts/laptop/variables.nix
# Programs
./programs/btop
./programs/nvim
# Scripts
./scripts # All scripts
# System
./system/git
./system/shell
./system/sops/server.nix
];
home = {
inherit (config.var) username;
inherit (config.var) homeDirectory;
packages = with pkgs; [
# Dev
go
cargo
nodejs
python3
jq
# Utils
fd
bc
gcc
zip
unzip
wget
curl
glow
wireguard-tools
pfetch
];
stateVersion = "24.05";
};
programs.home-manager.enable = true;
}

16
home/system/sops/server.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, inputs, ... }: {
imports = [ inputs.sops-nix.homeManagerModules.sops ];
home.packages = with pkgs; [ sops age ];
sops = {
age.keyFile = "/home/hadi/.config/sops/age/keys.txt";
defaultSopsFile = ../../../secrets/laptop.yaml;
secrets = {
sshconfig = { path = "/home/hadi/.ssh/config"; };
github-key = { path = "/home/hadi/.ssh/github"; };
};
};
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
}

104
hosts/server/configuration.nix Normal file
View File

@ -0,0 +1,104 @@
{ pkgs, config, ... }: {
imports = [ ./hardware-configuration.nix ./variables.nix ];
# Bootloader.
boot = {
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = true;
consoleMode = "auto";
};
tmp.cleanOnBoot = true;
kernelPackages =
pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
};
# Networking
networking.hostName = config.var.hostname;
# Timezone and locale
time.timeZone = config.var.timeZone;
i18n.defaultLocale = config.var.defaultLocale;
i18n.extraLocaleSettings = {
LC_ADDRESS = config.var.extraLocale;
LC_IDENTIFICATION = config.var.extraLocale;
LC_MEASUREMENT = config.var.extraLocale;
LC_MONETARY = config.var.extraLocale;
LC_NAME = config.var.extraLocale;
LC_NUMERIC = config.var.extraLocale;
LC_PAPER = config.var.extraLocale;
LC_TELEPHONE = config.var.extraLocale;
LC_TIME = config.var.extraLocale;
};
# Users
users.users.${config.var.username} = {
isNormalUser = true;
description = "${config.var.username} account";
extraGroups = [ "networkmanager" "wheel" ];
};
services = {
xserver = {
enable = true;
xkb.layout = config.var.keyboardLayout;
xkb.variant = "";
};
gnome.gnome-keyring.enable = true;
};
console.keyMap = config.var.keyboardLayout;
# Shell
programs.zsh = {
enable = true;
loginShellInit = ''
dbus-update-activation-environment --systemd DISPLAY
'';
};
users.defaultUserShell = pkgs.zsh;
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
};
gc = if config.var.autoGarbageCollector then {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
} else
{ };
};
nixpkgs.config.allowUnfree = true;
system.autoUpgrade = if config.var.autoUpgrade then {
enable = true;
dates = "04:00";
flake = "${config.var.configDirectory}";
flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
allowReboot = false;
} else
{ };
services.libinput.enable = true;
programs.dconf.enable = true;
# Faster rebuilding
documentation = {
enable = true;
doc.enable = false;
man.enable = true;
dev.enable = false;
};
services.dbus.enable = true;
# Don't touch this
system.stateVersion = "24.05";
}

31
hosts/server/variables.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, ... }: {
imports = [ ../shared/variables-config.nix ];
config.var = {
hostname = "jack-nixos";
username = "hadi";
homeDirectory = "/home/" + config.var.username;
configDirectory = config.var.homeDirectory + "/.config/nixos";
keyboardLayout = "fr";
timeZone = "Europe/Paris";
defaultLocale = "en_US.UTF-8";
extraLocale = "fr_FR.UTF-8";
git = {
username = "Hadi";
email = "112569860+anotherhadi@users.noreply.github.com";
};
stateVersion = "24.05";
autoUpgrade = false;
autoGarbageCollector = false;
nextcloud = false;
sops = true;
obsidian = false;
theme = import ../themes/catppuccin.nix; # select your theme here
};
}

6
secrets/laptop.yaml
View File

@ -1,4 +1,4 @@
sshconfig: ENC[AES256_GCM,data:NJBCn27rgJi6tt53blTomEWk9ZvsT/k8ui1SJMbw38ZYasjEfI8I5NEgl/17cnAAqlgllYvfzALuD/6fBSx5UHw6w6GtxGangt0xzwo7IpeHMbn95JT9uqukM6YETN0RaKwpyKzYTrOvug4AtEvfebOmUN7YsXjI52Zfq+Hx0p2zQNdAzS2OaCzA1qLWrtxCqXbnmFRKL3wDBeiiedMlq+1ISn94gJf9FgrgMeboy8m4+xU1TweBTm3ryzeYm2oBcni6bLbsFPgH2dYUMU184BcmUKyPnZLz/eBXGP9XW3wIml5YscRKxXMn+zhSmz5MkfpVdz45dPmoONlyvDXAgVdve/+SAXYCC7rrRfZ2W0JkbvQYY9DhE6Ypac/Icp0hMCxz7uUxD6x1feLy,iv:jD/uDPaGWkGjp8g5Zp+mdu8i1g4IP8DPssH5Y+Bs5jg=,tag:k4sLHcSawgBpDt/0DiLBSA==,type:str] sshconfig: ENC[AES256_GCM,data:NfAnvSxrIwUyD3B5dM2rA6cNdb0dF5eVVK1veJD9Zzgb/s07ENNEE3BYLmvgwD4uNtRvdpb2Y4qRa36++90TPO1tRtwk39FYXa5aGDfBbNWO07XgXEIthQ8P9/C1aPNSpTPePqgLPylpvwcol0wPIfZ0wDvDoQb0T5NguOOnNno0Vc1WyLJ5A7kopbd4vZDeCMHqRT2b7ReF+o2X4PHFLhOVau22bOA8TSi/XVmlM0rtk7w36PRImLTpMLY9+4CRJ7G5Wkqxt3SpjnXMqovMiwxM3k0jgKbMvnC1jQmEzV5UOTNKZGDTkuJlQMpOVrjlQ8S19YiiFi5gtUncdO5DwFty62mZI17LSFHqVqGA8Wzpdqpgy87LMs43QHEm2/eNkny/cSWKsaibjYVp5OIhW2Ew5/jtNbOpQZ7sIxnfWJXhA5oWM6UonqAiQPX/dtEDGFfiItZJOs+P/9srYjOxIxTkWjo7Gfv3QoEo,iv:mrfA1YWCMfq1aidCgBoEhYKjlyHJZFhDsqI9jAI6HcE=,tag:f8AcZtUQOTEWfcHtbekcaw==,type:str]
github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str] github-key: ENC[AES256_GCM,data:xUgFMlBo8e+3eXqNscxbby1dWug3SgUagDiNUe/IGVbU6cczkaJ3uOaB0OuRBQ8AYhOLkzXj0pIKjUrElHwmYrhURtS1aF4SFEGJsjhhobNA//j3E2/5/nLVjfco+lRzyHdwmsNhEUCqEhsXrrodJMb39H4b5oip3z0rjc729YveiWUKQxXVZVPurp3nq9yNnix9R4CA6XYFRW6T6MNqgPD5qhbcDlhxLb/SN+uI5h+5eZIS24VDWlKaTaCLL5KLhZmfuA37SquOQ+edi9Yg8MnfrZkMrp/3qmAjP2rSQLMOc4QdQCLQBQSf0/snpydgLwY+FoJmMSztwtkqUdIZWOfDUJbJxegEOrAR68jLTNbp+GYiDn3thtOZDiK5p/M1amjCT+A9qeFMed5WS+aZHNTRbR9UcfiP6+48MGZFt1mr7q+/CoL04/DTp0w6tUf6/SZD31NvTJDqngkhpc0ZH9Dh5+2JcnBWpq25AM36kZTn1hIQCLNTr/oGWZXSLA2tksAhQCaUcFj4IIh6Bl96,iv:GEJsAs5NriwENYTV/VShgJF6iMmrtTwNiXOvfXyEP8E=,tag:nfZgsFqaet075GjQAoVZxQ==,type:str]
gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str] gitlab-key: ENC[AES256_GCM,data:6271Tg7LIJsXAw7Co32vva+iUWv+eRAfVfXaGkoirHxiPTAgZfq8yDpGJwti2D/aFnLvbURcUgp3B5zy1aURu9puXi6QMu3orJOE2Zx0dX3lyeHyIhOZ1hAWsQxwBDkJYODuMZbIKHNrF26Mkk6smFF9SrGoADZGxY7XSou/iopw6yrLvQAXP6lN55PQvoP5/ek/QzKNwjJAbAjp7FjjtPqPUbUdj7bfIfr9avs6gpRYnRzb2H3auyhb5qvyuRWnKu4+FeZUofC7HnfRU1eSI8UzG49Rg4f2b1Xqr0JtsjvEmuRx7lbptINXEAjW7zaSZ2B9NgotWPIzkNZRNZkuTEaOulBf5iH3wJ9GM1FcbUu2gpCt6y+CMIk5QkVvETYtKuALLbcPx9/sc90doiH1411LeKQCs5l88BBILG9KPkKmXiGGUVNxzFtjbRYQIUEmmyl95kPPEdCkkzGzHXNfE3F9HRu4MCGKPK2yZPZtCXd3Jp1b21wKSIRNYqLqxru+J8eLSljd3czO0SuTG/Vx,iv:E+y3aVLaiStlPLTQBqyfJuEXtAQyOvDUYS+XfuOHuA0=,tag:6d1IAsGcmcpgL1pE9dDcbw==,type:str]
sops: sops:
@ -16,8 +16,8 @@ sops:
cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw== FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-14T00:58:02Z" lastmodified: "2024-06-17T21:29:39Z"
mac: ENC[AES256_GCM,data:+kfbw85KY9+HKgpXWEtLo69A6V/tzDzqGEwZUSK3paqKweMB9/qjjfttViqb+CJpJ9UXC+pXBKD+G+eCVjz0sO8zuulf/95+20XZx/IQHNHqLMzoJSSMNEpJVo8LgYaiRDwKkRh8AaWrAvEGSNWckf5ftl+krLasXu60o8835og=,iv:FEDkZKznyvqxw+YEzH3m0I5MS99LDI31DYeDn5OjQEo=,tag:EdQk5Q8PGSnKXO3p8yJrwg==,type:str] mac: ENC[AES256_GCM,data:+YazS1pi3GhdcCbRaEI0Jry1djMy1fZukk0g/EYQBZSHrrigN90J7KevcL4iYbXScADswiQjV8o33UtLv71czADY7ZDry8SmlMF/Zt3mDf2poY9eiacFzo99dDaf/t8QoQedZQI27mINaO2ZBxjO9YOcjU6gj9FVmNEFX5uQqII=,iv:MZ+zzn91wETMgjNkdL35PcqfVpega+p67Z22xlB4rMQ=,tag:vu2k5vGrTeBGc114+9QinQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

22
secrets/server.yaml Normal file
View File

@ -0,0 +1,22 @@
sshconfig: ENC[AES256_GCM,data:4js0EtQXcazsMDoF3LFmEqvDSxviZFTLtmyd0XgS4PTcf7exHj586EqxJRMQuT318PyPH+KzYU5XV1OwnZl8c5G0ZSivj2AJewAPe0JtByqrBA6xEiozDGP8s8YezELZs2MebVHHWxzn+g/HsJM3QFoR3g==,iv:l1pS/K2GHNJ8aztgYGvtksP3QR4qqhIDRLiWg6dwGzc=,tag:adAmwETO0gmeC0jGGkFSmg==,type:str]
github-key: ENC[AES256_GCM,data:6u7+Rq+FYhYvfHoCNeQ2zKHVzsw9gbsFcoEcEMHc5gDenLwjTBTvY5TroIY5X8SvDh656N8WsOTIYGqbRyNY1bnCsMt9Q6rlanIlc1BGp77bctztImp0KKbMctDDvG+6FVqvdmO5gwO1+lUB/uX4Sb6DeFGrizDyhoKZlTrA7GHnYh4prryimlSnlwzhXTtpqQ7fzyniNShXlJPgQfGB7Z3LJCmMEUs4CHVRuuIIgRm/wk5muhJmynKsuB8l0tSqVDaNQjTrxE95p021ivCiEHWULf6+Z31u5tTG+yps2y5kpSP08Op9mk1aB7Wrcg/vh52wWvedpTuqLSeJCzxbLWrmeMq8d9J402ZH8jgI2WfqgWHdHotODrD12n5nA5b6gnoQ7N793FuQPKu4YfMbCvZN5gdzNrfmAuAaSCTq1XTr4z8As81LIZxbj22uyRSEvZM6biqVZOIk7I0FZMN2BnWVZLYOoC+fyeedh/I1ZqYWuvswCUBowrVJ875eo+/+2JEcRiXIGcLFsuPsbw8R,iv:gv6qb91ZvkOIT6QuQZvLuotxGaBv1nK8ytagDWtiWBQ=,tag:2tXUNGiA/5xhxCXC5v4D3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVWN4YjZqczB3Q21WL1lz
ckROWkhRditHblVHVEpOS0E0aGVqdW14M0ZvCkNzRXlCOWFBWmQwTGpTYVdFRlpq
bFdOR2pSTEZpUVpvUHo2NklrQm5EU1kKLS0tIFZ5ZWhYcHg1Z0hTOTZIdHR1QUxv
cmVxVC8rVDlWMUdZaGw3bmdOaWZGS1EKYahBlc8XpB5UdKZQkvxbLcKQ/xkFJjWo
FSfQWnjhe/a7BJtJEcKZkjOQU0mYqlSu+uT2RA9diCQeRUJPRF+nAw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-17T21:29:06Z"
mac: ENC[AES256_GCM,data:Qf8iaIs0aGxMxR1GjN40OOYDuTWZbPjbr4yo93rlXNyUvvSdr57NHMFX6jnMuTpYCqZ2gvjbrplN5FOP4f+EsPis6OPHO61S3WHBmsV4vhB0BZBKdKV2bQZERxxVQEBKE9KzaHmYvpWbFzHhTnv+/8notxFUjgVGdT0UQ/CMJVM=,iv:f+T4v9Igbn+O8VnCePPCGwGv66rPjslmPC8A3EP4ti8=,tag:XjYYVAMDhgdboypCyiUriQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1