dhimas/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
Hadi
2024-06-14 10:00:54 +02:00
parent 70a3473916
commit aae1271cf0
117 changed files with 616 additions and 1461 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
hosts/laptop/configuration.nix
View File

@@ -1,18 +1,14 @@
{ pkgs, config, ... }:
let
variable = import ../../variables.nix;
baseImports = [ ./hardware-configuration.nix ];
extraImports = [
(if variable.enableNvidia then ./nvidia.nix else null)
(if variable.enablePrime then ./prime.nix else null)
{ pkgs, config, ... }: {
imports = [
./hardware-configuration.nix
../shared/fonts.nix
# ../shared/nvidia.nix
# ../shared/prime.nix
../shared/testnvidia.nix
../shared/tuigreet.nix
./variables.nix
];
filteredImports = builtins.filter (x: x != null) extraImports;
in {
imports = baseImports ++ filteredImports;
# Bootloader.
boot = {
loader.efi.canTouchEfiVariables = true;
@@ -21,42 +17,48 @@ in {
consoleMode = "auto";
};
tmp.cleanOnBoot = true;
kernelPackages =
pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
};
# Networking
networking.networkmanager.enable = true;
networking.hostName = config.var.hostname;
networking.hostName = variable.hostName;
time.timeZone = variable.timeZone;
i18n.defaultLocale = variable.defaultLocale;
# Timezone and locale
time.timeZone = config.var.timeZone;
i18n.defaultLocale = config.var.defaultLocale;
i18n.extraLocaleSettings = {
LC_ADDRESS = variable.extraLocale;
LC_IDENTIFICATION = variable.extraLocale;
LC_MEASUREMENT = variable.extraLocale;
LC_MONETARY = variable.extraLocale;
LC_NAME = variable.extraLocale;
LC_NUMERIC = variable.extraLocale;
LC_PAPER = variable.extraLocale;
LC_TELEPHONE = variable.extraLocale;
LC_TIME = variable.extraLocale;
LC_ADDRESS = config.var.extraLocale;
LC_IDENTIFICATION = config.var.extraLocale;
LC_MEASUREMENT = config.var.extraLocale;
LC_MONETARY = config.var.extraLocale;
LC_NAME = config.var.extraLocale;
LC_NUMERIC = config.var.extraLocale;
LC_PAPER = config.var.extraLocale;
LC_TELEPHONE = config.var.extraLocale;
LC_TIME = config.var.extraLocale;
};
users.users.${variable.username} = {
# Users
users.users.${config.var.username} = {
isNormalUser = true;
description = "${variable.username} account";
description = "${config.var.username} account";
extraGroups = [ "networkmanager" "wheel" ];
};
services = {
xserver = {
xkb.layout = variable.keyboardLayout;
enable = true;
xkb.layout = config.var.keyboardLayout;
xkb.variant = "";
};
blueman.enable = true;
gnome.gnome-keyring.enable = true;
};
console.keyMap = variable.keyboardLayout;
console.keyMap = config.var.keyboardLayout;
# Shell
programs.zsh = {
enable = true;
loginShellInit = ''
@@ -65,24 +67,6 @@ in {
};
users.defaultUserShell = pkgs.zsh;
# faster rebuilding
documentation = {
enable = true;
doc.enable = false;
man.enable = true;
dev.enable = false;
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ networkmanagerapplet ];
nixpkgs.config.permittedInsecurePackages = [
"electron-25.9.0"
"nix-2.16.2"
]; # TODO: Remove this if not needed anymore
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
@@ -118,8 +102,12 @@ in {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
};
gc = if variable.enableAutoGarbageCollector then {
gc = if config.var.autoGarbageCollector then {
automatic = true;
persistent = true;
dates = "weekly";
@@ -128,22 +116,37 @@ in {
{ };
};
system.autoUpgrade = if variable.enableAutoUpgrade then {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ networkmanagerapplet ];
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
system.autoUpgrade = if config.var.autoUpgrade then {
enable = true;
dates = "04:00";
flake = "${config.users.users.${variable.username}.home}/.config/nixos";
flake = "${config.users.users.${config.var.username}.home}/.config/nixos";
flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
allowReboot = false;
} else
{ };
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys =
[ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
xdg.portal = {
enable = true;
configPackages = with pkgs; [ xdg-desktop-portal-gtk ];
};
services.libinput.enable = true;
programs.dconf.enable = true;
# Faster rebuilding
documentation = {
enable = true;
doc.enable = false;
man.enable = true;
dev.enable = false;
};
services.dbus.enable = true;
system.stateVersion = variable.stateVersion;
# Don't touch this
system.stateVersion = "24.05";
}

13
hosts/laptop/prime.nix
View File

@@ -1,13 +0,0 @@
{
hardware.nvidia.prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
# sync.enable = true;
amdgpuBusId = "PCI:5:0:0";
nvidiaBusId = "PCI:1:0:0";
};
}

6
hosts/laptop/tailscale.nix
View File

@@ -1,6 +0,0 @@
{
services.tailscale = {
enable = true;
authKeyFile = "/etc/tailscalepwd";
};
}

79
hosts/laptop/variables.nix Normal file
View File

@@ -0,0 +1,79 @@
{ config, ... }: {
imports = [ ../shared/variables-config.nix ];
config.var = {
hostname = "nixy";
username = "hadi";
homeDirectory = "/home/" + config.var.username;
keyboardLayout = "fr";
timeZone = "Europe/Paris";
defaultLocale = "en_US.UTF-8";
extraLocale = "fr_FR.UTF-8";
git = {
username = "Hadi";
email = "112569860+anotherhadi@users.noreply.github.com";
};
stateVersion = "24.05";
autoUpgrade = false;
autoGarbageCollector = false;
sops = true;
nextcloud = true;
nvidia = true;
nvidiaPrime = true;
theme = {
wallpaper = "Lofi-Computer.png";
font-mono = "FiraCode Nerd Font Mono";
font = "SFProDisplay Nerd Font";
rounding = 15;
gaps-in = 12;
gaps-out = config.var.theme.gaps-in * 2;
border-size = 4;
fetch = "nerdfetch"; # "nerdfetch" | "neofetch" | "none"
waybar = {
transparent = true;
float = true;
};
colors = {
c0 = "2F2F2F"; # black
c1 = "f7768e"; # red
c2 = "73daca"; # green
c3 = "e0af68"; # yellow
c4 = "4973CB"; # blue
c5 = "A594FD"; # magenta
c6 = "7dcfff"; # cyan
c7 = "FFFFFF"; # white
c8 = "3F3F3F"; # bright black
c9 = "f7869e"; # bright red
c10 = "83eada"; # bright green
c11 = "f0bf78"; # bright yellow
c12 = "8ab2f7"; # bright blue
c13 = "A988F8"; # bright magenta
c14 = "8ddfff"; # bright cyan
c15 = "f4f5f7"; # bright white
bg = "040404";
fg = config.var.theme.colors.c7;
bgalt = "131313";
fgalt = config.var.theme.colors.c15;
accent = config.var.theme.colors.c4;
accentFg = config.var.theme.colors.c0;
# Should make those automtic
accentName = "blue";
accentNumber = "4";
};
};
};
}

13
hosts/server/cloudflared.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [ cloudflared ];
services.cloudflared = {
enable = true;
tunnels = {
"55ac0504-4ba0-4ea7-bf38-6d04ca7e45c3" = {
credentialsFile = "/etc/cloudflaredpwd";
default = "http_status:404";
ingress = { };
};
};
};
}

90
hosts/server/configuration.nix
View File

@@ -1,90 +0,0 @@
{ pkgs, config, ... }:
let variable = import ../../variables.nix;
in {
imports = [
./hardware-configuration.nix
./openssh.nix
./nextcloud.nix
./firewall.nix
./nginx.nix
./cloudflared.nix
./tailscale.nix
];
boot = {
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = true;
consoleMode = "auto";
};
tmp.cleanOnBoot = true;
};
networking.hostName = variable.server.hostName;
time.timeZone = variable.timeZone;
i18n.defaultLocale = variable.defaultLocale;
i18n.extraLocaleSettings = {
LC_ADDRESS = variable.extraLocale;
LC_IDENTIFICATION = variable.extraLocale;
LC_MEASUREMENT = variable.extraLocale;
LC_MONETARY = variable.extraLocale;
LC_NAME = variable.extraLocale;
LC_NUMERIC = variable.extraLocale;
LC_PAPER = variable.extraLocale;
LC_TELEPHONE = variable.extraLocale;
LC_TIME = variable.extraLocale;
};
users.users.${variable.username} = {
isNormalUser = true;
description = "${variable.username} account";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVDICWA/+W3Qqgoxw6pIwPAjRmTYKWnsEPD/cRTNgzP hadi@heaven"
];
};
console.keyMap = variable.keyboardLayout;
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
security.rtkit.enable = true;
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
};
gc = if variable.server.enableAutoGarbageCollector then {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
} else
{ };
};
system.autoUpgrade = if variable.server.enableAutoUpgrade then {
enable = true;
dates = "04:00";
flake = "${config.users.users.${variable.username}.home}/.config/nixos";
flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
allowReboot = false;
} else
{ };
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys =
[ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
};
services.dbus.enable = true;
system.stateVersion = variable.server.stateVersion;
}

13
hosts/server/firewall.nix
View File

@@ -1,13 +0,0 @@
{
services.fail2ban = {
enable = true;
maxretry = 3;
ignoreIP = [ "127.0.0.0/8" "10.0.0.0/8" "192.168.0.0/16" ];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
}

38
hosts/server/hardware-configuration.nix
View File

@@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7c6e7955-f1bb-474e-bd86-bbf66c4168fd";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/89E0-5218";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
hosts/server/nextcloud.nix
View File

@@ -1,21 +0,0 @@
{ pkgs, config, ... }: {
environment.systemPackages = with pkgs; [ nextcloud29 ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.anotherhadi.com";
config.adminpassFile = "/etc/nextcloudpwd";
https = true;
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://localhost:8080";
proxyWebsockets = true;
};
};
}

11
hosts/server/nginx.nix
View File

@@ -1,11 +0,0 @@
{
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall = { allowedTCPPorts = [ 80 443 ]; };
}

1
hosts/server/ntfy.nix
View File

@@ -1 +0,0 @@
{ services.ntfy = { enable = true; }; }

26
hosts/server/openssh.nix
View File

@@ -1,26 +0,0 @@
{
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
ports = [ 22 ];
banner = ''
HEAVEN:
This system is for the use of authorized users only. Individuals using this
computer system without authority, or in excess of their authority, are
subject to having all of their activities on this system monitored and
recorded by system personnel.
In the course of monitoring individuals improperly using this system, or in
the course of system maintenance, the activities of authorized users may also
be monitored.
Anyone using this system expressly consents to such monitoring and is advised
that if such monitoring reveals possible evidence of criminal activity,
system personnel may provide the evidence of such monitoring to law
enforcement officials.
'';
};
}

0
hosts/server/pihole.nix
View File

6
hosts/server/tailscale.nix
View File

@@ -1,6 +0,0 @@
{
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
}

21
hosts/server/vaultwarden.nix
View File

@@ -1,21 +0,0 @@
let
port = 8222;
signup = false;
in {
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.anotherhadi.com";
SIGNUPS_ALLOWED = signup;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = port;
ROCKET_LOG = "critical";
};
};
services.nginx.virtualHosts."bw.anotherhadi.com" = {
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
};
networking.firewall.allowedTCPPorts = [ port ];
}

0
hosts/laptop/fonts.nix → hosts/shared/fonts.nix
View File

4
hosts/laptop/nvidia.nix → hosts/shared/nvidia.nix
View File

@@ -12,10 +12,10 @@
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.production;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

13
hosts/shared/prime.nix Normal file
View File

@@ -0,0 +1,13 @@
{
hardware.nvidia.prime = {
# offload = {
# enable = true;
# enableOffloadCmd = true;
# };
sync.enable = true;
amdgpuBusId = "PCI:5:0:0";
nvidiaBusId = "PCI:1:0:0";
};
}

52
hosts/shared/testnvidia.nix Normal file
View File

@@ -0,0 +1,52 @@
{ lib, pkgs, config, ... }:
let
nvidiaDriverChannel =
config.boot.kernelPackages.nvidiaPackages.beta; # stable, latest, etc.
in {
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ]; # or "nvidiaLegacy470 etc.
boot.kernelParams =
lib.optionals (lib.elem "nvidia" config.services.xserver.videoDrivers) [
"nvidia-drm.modeset=1"
"nvidia_drm.fbdev=1"
];
environment.variables = {
VK_DRIVER_FILES =
/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json;
GBM_BACKEND = "nvidia-drm";
WLR_NO_HARDWARE_CURSORS = "1";
LIBVA_DRIVER_NAME = "nvidia"; # hardware acceleration
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
};
nixpkgs.config = {
nvidia.acceptLicense = true;
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"cudatoolkit"
"nvidia-persistenced"
"nvidia-settings"
"nvidia-x11"
];
};
hardware = {
nvidia = {
open = false;
nvidiaSettings = false;
powerManagement.enable =
false; # This can cause sleep/suspend to fail and saves entire VRAM to /tmp/
modesetting.enable = true;
package = nvidiaDriverChannel;
};
opengl = {
enable = true;
package = nvidiaDriverChannel;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
nvidia-vaapi-driver
vaapiVdpau
libvdpau-va-gl
];
};
};
}

0
hosts/laptop/tuigreet.nix → hosts/shared/tuigreet.nix
View File

8
hosts/shared/variables-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{ lib, ... }: {
options = {
var = lib.mkOption {
type = lib.types.attrs;
default = { };
};
};
}