From e1e4c9664f33ca5801b38278a722bf306df5bd8c Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Tue, 15 Aug 2023 13:06:06 +0530 Subject: [PATCH] add flake output for rico1 --- README.md | 2 +- flake.nix | 18 ++++++++++++++++ hosts/rico1/containers/default.nix | 7 ++++++ hosts/rico1/default.nix | 33 +++++++++++++++++++++++++++++ hosts/rico1/hardware/default.nix | 3 +++ hosts/rico1/hardware/filesystem.nix | 11 ++++++++++ hosts/rico1/hardware/kernel.nix | 17 +++++++++++++++ hosts/rico1/programs/default.nix | 13 ++++++++++++ hosts/rico1/programs/neovim.nix | 8 +++++++ hosts/rico1/programs/starship.nix | 8 +++++++ hosts/rico1/programs/zsh.nix | 10 +++++++++ hosts/rico1/security.nix | 15 +++++++++++++ hosts/rico1/services/caddy.nix | 6 ++++++ hosts/rico1/services/default.nix | 3 +++ hosts/rico1/services/frpc.nix | 33 +++++++++++++++++++++++++++++ hosts/rico1/services/ssh.nix | 9 ++++++++ 16 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 hosts/rico1/containers/default.nix create mode 100644 hosts/rico1/default.nix create mode 100644 hosts/rico1/hardware/default.nix create mode 100644 hosts/rico1/hardware/filesystem.nix create mode 100644 hosts/rico1/hardware/kernel.nix create mode 100644 hosts/rico1/programs/default.nix create mode 100644 hosts/rico1/programs/neovim.nix create mode 100644 hosts/rico1/programs/starship.nix create mode 100644 hosts/rico1/programs/zsh.nix create mode 100644 hosts/rico1/security.nix create mode 100644 hosts/rico1/services/caddy.nix create mode 100644 hosts/rico1/services/default.nix create mode 100644 hosts/rico1/services/frpc.nix create mode 100644 hosts/rico1/services/ssh.nix diff --git a/README.md b/README.md index 94309d8..ad43840 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -# NixOS configuration for Skipper and Rico2 +# NixOS configuration for Skipper, Rico1 and Rico2 diff --git a/flake.nix b/flake.nix index ad85fa3..c95493e 100644 --- a/flake.nix +++ b/flake.nix @@ -82,6 +82,24 @@ } ]; }; + Rico1 = nixpkgs.lib.nixosSystem rec { + system = "aarch64-linux"; + pkgs = import nixpkgs { + inherit system; + inherit config; + }; + specialArgs = inputs // {inherit secrets;}; + modules = [ + { + system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; + } + + nixvim.nixosModules.nixvim + + ./common + ./hosts/rico1 + ]; + }; Rico2 = nixpkgs.lib.nixosSystem rec { system = "aarch64-linux"; pkgs = import nixpkgs { diff --git a/hosts/rico1/containers/default.nix b/hosts/rico1/containers/default.nix new file mode 100644 index 0000000..9d1b008 --- /dev/null +++ b/hosts/rico1/containers/default.nix @@ -0,0 +1,7 @@ +_: { + imports = [ ]; + + virtualisation.oci-containers = { + backend = "docker"; + }; +} diff --git a/hosts/rico1/default.nix b/hosts/rico1/default.nix new file mode 100644 index 0000000..68ef7c1 --- /dev/null +++ b/hosts/rico1/default.nix @@ -0,0 +1,33 @@ +{...}: { + imports = [ + ./hardware + ./programs + ./services + ./containers + ./security.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "Rico1"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + LC_ALL = "en_US.UTF-8"; + }; + supportedLocales = ["en_US.UTF-8/UTF-8"]; + }; + + time.timeZone = "Asia/Kolkata"; + system.stateVersion = "23.11"; +} diff --git a/hosts/rico1/hardware/default.nix b/hosts/rico1/hardware/default.nix new file mode 100644 index 0000000..15eca2b --- /dev/null +++ b/hosts/rico1/hardware/default.nix @@ -0,0 +1,3 @@ +{...}: { + imports = [./filesystem.nix ./kernel.nix]; +} diff --git a/hosts/rico1/hardware/filesystem.nix b/hosts/rico1/hardware/filesystem.nix new file mode 100644 index 0000000..c790e1e --- /dev/null +++ b/hosts/rico1/hardware/filesystem.nix @@ -0,0 +1,11 @@ +_: { + fileSystems."/" = { + device = "/dev/disk/by-partlabel/NIXOS_ROOT"; + fsType = "btrfs"; + options = ["noatime" "compress=zstd"]; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/ESP"; + fsType = "vfat"; + }; +} diff --git a/hosts/rico1/hardware/kernel.nix b/hosts/rico1/hardware/kernel.nix new file mode 100644 index 0000000..2264185 --- /dev/null +++ b/hosts/rico1/hardware/kernel.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + ... +}: { + boot = { + initrd = { + availableKernelModules = [ + "usbhid" + "usb_storage" + ]; + systemd.enable = true; + }; + kernelPackages = pkgs.linuxPackages_latest; + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/hosts/rico1/programs/default.nix b/hosts/rico1/programs/default.nix new file mode 100644 index 0000000..e85c1c4 --- /dev/null +++ b/hosts/rico1/programs/default.nix @@ -0,0 +1,13 @@ +{pkgs, ...}: { + imports = [ + ./neovim.nix + ./starship.nix + ./zsh.nix + ]; + + programs.git.enable = true; + + environment.systemPackages = with pkgs; [ + git-crypt + ]; +} diff --git a/hosts/rico1/programs/neovim.nix b/hosts/rico1/programs/neovim.nix new file mode 100644 index 0000000..a70af6e --- /dev/null +++ b/hosts/rico1/programs/neovim.nix @@ -0,0 +1,8 @@ +_: { + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; +} diff --git a/hosts/rico1/programs/starship.nix b/hosts/rico1/programs/starship.nix new file mode 100644 index 0000000..3de1b05 --- /dev/null +++ b/hosts/rico1/programs/starship.nix @@ -0,0 +1,8 @@ +_: { + programs.starship = { + enable = true; + settings = { + add_newline = false; + }; + }; +} diff --git a/hosts/rico1/programs/zsh.nix b/hosts/rico1/programs/zsh.nix new file mode 100644 index 0000000..2a3cb10 --- /dev/null +++ b/hosts/rico1/programs/zsh.nix @@ -0,0 +1,10 @@ +_: { + programs = { + zsh = { + enable = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + }; + }; + environment.pathsToLink = ["/share/zsh"]; +} diff --git a/hosts/rico1/security.nix b/hosts/rico1/security.nix new file mode 100644 index 0000000..9cca61a --- /dev/null +++ b/hosts/rico1/security.nix @@ -0,0 +1,15 @@ +_: { + security = { + apparmor = { + enable = true; + enableCache = true; + }; + audit.enable = true; + auditd.enable = true; + sudo = { + wheelNeedsPassword = false; + }; + polkit.enable = true; + rtkit.enable = true; + }; +} diff --git a/hosts/rico1/services/caddy.nix b/hosts/rico1/services/caddy.nix new file mode 100644 index 0000000..38e3057 --- /dev/null +++ b/hosts/rico1/services/caddy.nix @@ -0,0 +1,6 @@ +{secrets, ...}: { + services.caddy = { + enable = true; + inherit (secrets.caddy_config) email; + }; +} diff --git a/hosts/rico1/services/default.nix b/hosts/rico1/services/default.nix new file mode 100644 index 0000000..46968a6 --- /dev/null +++ b/hosts/rico1/services/default.nix @@ -0,0 +1,3 @@ +{...}: { + imports = [./caddy.nix ./frpc.nix ./ssh.nix]; +} diff --git a/hosts/rico1/services/frpc.nix b/hosts/rico1/services/frpc.nix new file mode 100644 index 0000000..d7798dc --- /dev/null +++ b/hosts/rico1/services/frpc.nix @@ -0,0 +1,33 @@ +{ + pkgs, + secrets, + ... +}: let + inherit (secrets) frp_config; +in { + systemd.services.frpc = { + enable = true; + description = "FRP Client"; + after = ["network.target"]; + requires = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.frp}/bin/frpc -c /etc/frp/frpc.ini"; + Restart = "always"; + RestartSec = "5s"; + }; + }; + environment.etc."frp/frpc.ini".text = '' + [common] + server_addr = "${frp_config.ip}" + server_port = 7000 + authentication_method = token + token = "${frp_config.token}" + + [ssh.rico1] + type = tcp + local_port = 22 + remote_port = 6001 + ''; +} diff --git a/hosts/rico1/services/ssh.nix b/hosts/rico1/services/ssh.nix new file mode 100644 index 0000000..dc87d2f --- /dev/null +++ b/hosts/rico1/services/ssh.nix @@ -0,0 +1,9 @@ +_: { + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; +}