Configuration for my NixOS based systems and Home Manager
Add odin
+298
-27
+8
flake.nix
+8
flake.nix
···
83
83
{
84
84
# incomplete
85
85
nixosConfigurations.odin = basicSystem {
86
+
extraGroups = [
87
+
"libvirtd"
88
+
"qemu-libvirtd"
89
+
"docker"
90
+
];
86
91
unstable = true;
92
+
modules = [
93
+
./host-specific/odin/configuration.nix
94
+
];
87
95
};
88
96
nixosConfigurations.misaki = basicSystem {
89
97
unstable = true;
-6
host-specific/misaki/services.nix
-6
host-specific/misaki/services.nix
···
36
36
# This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices.
37
37
services.hardware.bolt.enable = true;
38
38
39
-
# Tailscale
40
-
services.tailscale = {
41
-
enable = true;
42
-
useRoutingFeatures = "client";
43
-
};
44
-
45
39
# Containers and VMs
46
40
virtualisation = {
47
41
podman = {
+6
host-specific/odin/boot.nix
+6
host-specific/odin/boot.nix
+62
host-specific/odin/configuration.nix
+62
host-specific/odin/configuration.nix
···
1
+
# Edit this configuration file to define what should be installed on
2
+
## your system. Help is available in the configuration.nix(5) man page, on
3
+
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
4
+
5
+
{ ... }:
6
+
{
7
+
imports = [
8
+
# Include the results of the hardware scan.
9
+
./hardware-configuration.nix
10
+
./boot.nix
11
+
./networking.nix
12
+
#./gui.nix
13
+
./packages.nix
14
+
./services.nix
15
+
];
16
+
17
+
nixpkgs.config.allowUnfree = true;
18
+
19
+
# Set your time zone.
20
+
time.timeZone = "America/Chicago";
21
+
22
+
# Select internationalisation properties.
23
+
i18n.defaultLocale = "en_US.UTF-8";
24
+
# console = {
25
+
# font = "Lat2-Terminus16";
26
+
# keyMap = "us";
27
+
# useXkbConfig = true; # use xkb.options in tty.
28
+
# };
29
+
30
+
# Automatic doc cache generation
31
+
documentation.man.generateCaches = true;
32
+
33
+
# Automatic system upgrades
34
+
system.autoUpgrade = {
35
+
enable = true;
36
+
dates = "09:00";
37
+
randomizedDelaySec = "45min";
38
+
};
39
+
40
+
# Automatic Garbage Collection
41
+
nix.gc.automatic = true;
42
+
nix.gc.options = "--delete-older-than 8d";
43
+
44
+
# This option defines the first version of NixOS you have installed on this particular machine,
45
+
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
46
+
#
47
+
# Most users should NEVER change this value after the initial install, for any reason,
48
+
# even if you've upgraded your system to a new NixOS release.
49
+
#
50
+
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
51
+
# so changing it will NOT upgrade your system.
52
+
#
53
+
# This value being lower than the current NixOS release does NOT mean your system is
54
+
# out of date, out of support, or vulnerable.
55
+
#
56
+
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
57
+
# and migrated your data accordingly.
58
+
#
59
+
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
60
+
system.stateVersion = "23.11"; # Did you read the comment?
61
+
62
+
}
-2
host-specific/odin/default.nix
-2
host-specific/odin/default.nix
+98
host-specific/odin/gui.nix
+98
host-specific/odin/gui.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
# Enable the X11 windowing system.
4
+
services.xserver = {
5
+
enable = true;
6
+
videoDrivers = [ "amdgpu" ];
7
+
};
8
+
9
+
# Fix for HIP libraries
10
+
systemd.tmpfiles.rules = [
11
+
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
12
+
];
13
+
14
+
# Configure keymap in X11
15
+
# services.xserver.xkb.layout = "us";
16
+
# services.xserver.xkb.options = "eurosign:e,caps:escape";
17
+
18
+
# Enable CUPS to print documents.
19
+
# services.printing.enable = true;
20
+
21
+
# Enable sound.
22
+
security.rtkit.enable = true;
23
+
services.pipewire = {
24
+
enable = true;
25
+
alsa.enable = true;
26
+
alsa.support32Bit = true;
27
+
pulse.enable = true;
28
+
wireplumber.enable = true;
29
+
};
30
+
31
+
# Graphics and parallel compute configuration
32
+
hardware.graphics = {
33
+
enable = true;
34
+
extraPackages = with pkgs; [
35
+
libva
36
+
mesa
37
+
rocmPackages.clr.icd
38
+
];
39
+
};
40
+
41
+
# Enable touchpad support (enabled default in most desktopManager).
42
+
# services.xserver.libinput.enable = true;
43
+
44
+
# Fonts
45
+
fonts.packages = with pkgs; [
46
+
fira-code
47
+
fira-code-symbols
48
+
noto-fonts
49
+
noto-fonts-cjk-sans
50
+
noto-fonts-color-emoji
51
+
nerd-fonts.fira-code
52
+
];
53
+
54
+
# Polkit is a dependency of Sway. It's responsible for handling security policies
55
+
security.polkit.enable = true;
56
+
57
+
# Enable the sway window manager
58
+
programs.sway = {
59
+
enable = true;
60
+
#package = unstable.sway;
61
+
wrapperFeatures.gtk = true;
62
+
};
63
+
# Use greetd as the displaymanager
64
+
#services.xserver.displayManager.greetd.enable = true;
65
+
#services.xserver.displayManager.lightdm.enable = false;
66
+
services.displayManager.sddm.enable = true;
67
+
services.displayManager.defaultSession = "sway";
68
+
services.displayManager.autoLogin = {
69
+
enable = true;
70
+
user = "noah";
71
+
};
72
+
73
+
# i3, for when I need XOrg
74
+
services.xserver.windowManager.i3 = {
75
+
enable = true;
76
+
extraPackages = with pkgs; [
77
+
dmenu
78
+
i3status
79
+
i3lock
80
+
i3blocks
81
+
];
82
+
};
83
+
84
+
xdg.portal = {
85
+
enable = true;
86
+
wlr.enable = true;
87
+
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
88
+
};
89
+
xdg.mime = {
90
+
enable = true;
91
+
defaultApplications = {
92
+
"x-scheme-handler/http" = "org.firefox.firefox.desktop";
93
+
"x-scheme-handler/https" = "org.firefox.firefox.desktop";
94
+
};
95
+
};
96
+
services.dbus.enable = true;
97
+
services.gnome.gnome-keyring.enable = true;
98
+
}
+43
-4
host-specific/odin/networking.nix
+43
-4
host-specific/odin/networking.nix
···
12
12
networkConfig.DHCP = "yes";
13
13
linkConfig.RequiredForOnline = "no";
14
14
};
15
+
16
+
networking.tempAddresses = "disabled";
17
+
15
18
networking.useNetworkd = true;
16
-
# TODO: static IP @ 192.168.1.2
19
+
# TODO: static IP @ 192.168.1.6
17
20
18
21
# Configure network proxy if necessary
19
22
# networking.proxy.default = "http://user:password@proxy:port/";
···
22
25
# networking.firewall.allowedTCPPorts = [ ... ];
23
26
# networking.firewall.allowedUDPPorts = [ ... ];
24
27
# Or disable the firewall altogether.
25
-
# TODO: allow some ports
26
-
networking.firewall.enable = true;
28
+
networking.firewall = {
29
+
enable = true;
30
+
allowPing = true;
31
+
allowedUDPPorts = [ ];
32
+
allowedUDPPortRanges = [ ];
33
+
allowedTCPPorts = [
34
+
2375
35
+
3000
36
+
];
37
+
};
27
38
28
39
services.avahi = {
29
40
enable = true;
30
-
nssmdns = true;
41
+
nssmdns4 = true;
42
+
nssmdns6 = true;
43
+
ipv6 = true;
31
44
openFirewall = true;
32
45
publish = {
33
46
enable = true;
34
47
addresses = true;
35
48
workstation = true;
49
+
userServices = true;
50
+
domain = true;
36
51
};
37
52
};
38
53
54
+
# NFS mounts
55
+
56
+
fileSystems = {
57
+
"/srv/shokuhou" = {
58
+
device = "192.168.1.3:/srv/shokuhou";
59
+
fsType = "nfs";
60
+
options = [
61
+
"nfsvers=4"
62
+
"user"
63
+
"x-system.automount"
64
+
"x-system.idle-timeout=600"
65
+
];
66
+
};
67
+
"/srv/mentalout" = {
68
+
device = "192.168.1.3:/srv/mentalout";
69
+
fsType = "nfs";
70
+
options = [
71
+
"nfsvers=4"
72
+
"user"
73
+
"x-system.automount"
74
+
"x-system.idle-timeout=600"
75
+
];
76
+
};
77
+
};
39
78
}
+44
-1
host-specific/odin/packages.nix
+44
-1
host-specific/odin/packages.nix
···
46
46
environment.systemPackages = with pkgs; [
47
47
neovim
48
48
appimage-run
49
+
tzdata
49
50
wget
50
51
kitty
52
+
file
51
53
w3m
52
54
fishPlugins.fzf-fish
53
55
fzf
54
56
qemu
57
+
qemu-user
58
+
qemu-utils
59
+
qemu_full
55
60
OVMF
61
+
#9p stuff
62
+
diod
63
+
plan9port
64
+
vis
65
+
rc
66
+
ncdu
67
+
68
+
smartmontools
56
69
57
70
# Sway stuff
58
71
wdisplays
···
63
76
grim
64
77
swayidle
65
78
swaylock
66
-
gnome3.adwaita-icon-theme
79
+
adwaita-icon-theme
67
80
dracula-theme
68
81
glib
69
82
xdg-utils
···
71
84
configure-gtk
72
85
dbus-sway-environment
73
86
dbus
87
+
pkg-config
88
+
zlib
89
+
# why wouldn't I want documentation on my system
90
+
man-pages
91
+
man-pages-posix
92
+
linuxPackages_latest.perf
74
93
];
94
+
documentation.dev.enable = true;
75
95
76
96
# Fix dynamically linked libraries for unpackaged binaries
77
97
programs.nix-ld = {
···
80
100
# Add missing dynamic libraries for unpackaged programs HERE
81
101
# NOT in environment.systemPackages
82
102
zlib
103
+
openssl
104
+
sqlite
105
+
libunwind
106
+
libglvnd
107
+
libclang
108
+
systemdLibs
83
109
];
110
+
};
111
+
programs.nix-index = {
112
+
enable = true;
113
+
enableFishIntegration = true;
114
+
enableBashIntegration = false;
115
+
enableZshIntegration = false;
84
116
};
85
117
118
+
# Run other bins in QEMU
119
+
boot.binfmt.emulatedSystems = [
120
+
"aarch64-linux"
121
+
"riscv64-linux"
122
+
];
123
+
# UEFI firmware support for QEMU
124
+
systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
125
+
86
126
# Logseq uses an ancient version of Electron, so we enable that
87
127
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
88
128
···
93
133
"discord"
94
134
"spotify"
95
135
"obsidian"
136
+
"unstable.obsidian"
96
137
"tailscale"
138
+
"google-chrome"
139
+
"slack"
97
140
];
98
141
}
+8
-11
host-specific/odin/services.nix
+8
-11
host-specific/odin/services.nix
···
5
5
# programs.mtr.enable = true;
6
6
programs.gnupg.agent = {
7
7
enable = true;
8
-
enableSSHSupport = true;
8
+
enableSSHSupport = false;
9
9
};
10
10
11
11
# Fish shell, the best
···
13
13
14
14
# List services that you want to enable:
15
15
16
-
# Enable the OpenSSH daemon.
17
-
services.openssh.enable = true;
18
-
19
-
# This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices.
20
-
services.hardware.bolt.enable = true;
21
-
22
-
# Tailscale
23
-
services.tailscale = {
16
+
services.redis.servers."" = {
24
17
enable = true;
25
-
useRoutingFeatures = "client";
26
18
};
27
19
28
20
# Containers and VMs
29
21
virtualisation = {
30
22
podman = {
31
-
enable = true;
23
+
enable = false;
32
24
dockerCompat = true;
33
25
defaultNetwork.settings.dns_enabled = true;
26
+
dockerSocket.enable = true;
27
+
};
28
+
docker = {
29
+
enable = true;
30
+
storageDriver = "overlay2";
34
31
};
35
32
};
36
33
}
+13
-3
secrets/secrets.nix
+13
-3
secrets/secrets.nix
···
1
1
let
2
-
noah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki";
2
+
noah = [
3
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki"
4
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin"
5
+
];
3
6
misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos";
4
7
edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos";
5
-
hosts = [ misaki edge ];
8
+
odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos";
9
+
touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos";
10
+
hosts = [
11
+
misaki
12
+
edge
13
+
odin
14
+
touma-wsl
15
+
];
6
16
in
7
17
{
8
-
"porkbun-api-key.age".publicKeys = [ noah misaki ];
18
+
"porkbun-api-key.age".publicKeys = [ misaki ] ++ noah;
9
19
"noah-hashed-password.age".publicKeys = hosts;
10
20
}
+16
services.nix
+16
services.nix
···
7
7
8
8
# Fish shell, the best
9
9
programs.fish.enable = true;
10
+
11
+
# Tailscale
12
+
services.tailscale = {
13
+
enable = true;
14
+
useRoutingFeatures = "client";
15
+
};
16
+
17
+
# Enable the OpenSSH daemon.
18
+
services.openssh = {
19
+
enable = true;
20
+
openFirewall = true;
21
+
settings.PasswordAuthentication = false;
22
+
};
23
+
24
+
# MOSH, SSH over flakey connections
25
+
programs.mosh.enable = true;
10
26
}