add flake output for rico1

2023-08-15 13:06:06 +05:30 · 2023-08-15 13:06:06 +05:30 · e1e4c9664f
commit e1e4c9664f
parent eaab371da3
16 changed files with 195 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,2 @@
-# NixOS configuration for Skipper and Rico2
+# NixOS configuration for Skipper, Rico1 and Rico2
--- a/flake.nix
+++ b/flake.nix
@ -82,6 +82,24 @@
            }
          ];
        };
        Rico1 = nixpkgs.lib.nixosSystem rec {
          system = "aarch64-linux";
          pkgs = import nixpkgs {
            inherit system;
            inherit config;
          };
          specialArgs = inputs // {inherit secrets;};
          modules = [
            {
              system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
            }
            nixvim.nixosModules.nixvim
            ./common
            ./hosts/rico1
          ];
        };
        Rico2 = nixpkgs.lib.nixosSystem rec {
          system = "aarch64-linux";
          pkgs = import nixpkgs {
--- a/hosts/rico1/containers/default.nix
+++ b/hosts/rico1/containers/default.nix
@ -0,0 +1,7 @@
 _: {
  imports = [ ];
  virtualisation.oci-containers = {
    backend = "docker";
  };
 }
--- a/hosts/rico1/default.nix
+++ b/hosts/rico1/default.nix
@ -0,0 +1,33 @@
 {...}: {
  imports = [
    ./hardware
    ./programs
    ./services
    ./containers
    ./security.nix
  ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.hostName = "Rico1";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
      LC_MEASUREMENT = "en_US.UTF-8";
      LC_MONETARY = "en_US.UTF-8";
      LC_NAME = "en_US.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "en_US.UTF-8";
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
      LC_ALL = "en_US.UTF-8";
    };
    supportedLocales = ["en_US.UTF-8/UTF-8"];
  };
  time.timeZone = "Asia/Kolkata";
  system.stateVersion = "23.11";
 }
--- a/hosts/rico1/hardware/default.nix
+++ b/hosts/rico1/hardware/default.nix
@ -0,0 +1,3 @@
 {...}: {
  imports = [./filesystem.nix ./kernel.nix];
 }
--- a/hosts/rico1/hardware/filesystem.nix
+++ b/hosts/rico1/hardware/filesystem.nix
@ -0,0 +1,11 @@
 _: {
  fileSystems."/" = {
    device = "/dev/disk/by-partlabel/NIXOS_ROOT";
    fsType = "btrfs";
    options = ["noatime" "compress=zstd"];
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-partlabel/ESP";
    fsType = "vfat";
  };
 }
--- a/hosts/rico1/hardware/kernel.nix
+++ b/hosts/rico1/hardware/kernel.nix
@ -0,0 +1,17 @@
 {
  lib,
  pkgs,
  ...
 }: {
  boot = {
    initrd = {
      availableKernelModules = [
        "usbhid"
        "usb_storage"
      ];
      systemd.enable = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
  };
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 }
--- a/hosts/rico1/programs/default.nix
+++ b/hosts/rico1/programs/default.nix
@ -0,0 +1,13 @@
 {pkgs, ...}: {
  imports = [
    ./neovim.nix
    ./starship.nix
    ./zsh.nix
  ];
  programs.git.enable = true;
  environment.systemPackages = with pkgs; [
    git-crypt
  ];
 }
--- a/hosts/rico1/programs/neovim.nix
+++ b/hosts/rico1/programs/neovim.nix
@ -0,0 +1,8 @@
 _: {
  programs.neovim = {
    enable = true;
    defaultEditor = true;
    viAlias = true;
    vimAlias = true;
  };
 }
--- a/hosts/rico1/programs/starship.nix
+++ b/hosts/rico1/programs/starship.nix
@ -0,0 +1,8 @@
 _: {
  programs.starship = {
    enable = true;
    settings = {
      add_newline = false;
    };
  };
 }
--- a/hosts/rico1/programs/zsh.nix
+++ b/hosts/rico1/programs/zsh.nix
@ -0,0 +1,10 @@
 _: {
  programs = {
    zsh = {
      enable = true;
      autosuggestions.enable = true;
      syntaxHighlighting.enable = true;
    };
  };
  environment.pathsToLink = ["/share/zsh"];
 }
--- a/hosts/rico1/security.nix
+++ b/hosts/rico1/security.nix
@ -0,0 +1,15 @@
 _: {
  security = {
    apparmor = {
      enable = true;
      enableCache = true;
    };
    audit.enable = true;
    auditd.enable = true;
    sudo = {
      wheelNeedsPassword = false;
    };
    polkit.enable = true;
    rtkit.enable = true;
  };
 }
--- a/hosts/rico1/services/caddy.nix
+++ b/hosts/rico1/services/caddy.nix
@ -0,0 +1,6 @@
 {secrets, ...}: {
  services.caddy = {
    enable = true;
    inherit (secrets.caddy_config) email;
  };
 }
--- a/hosts/rico1/services/default.nix
+++ b/hosts/rico1/services/default.nix
@ -0,0 +1,3 @@
 {...}: {
  imports = [./caddy.nix ./frpc.nix ./ssh.nix];
 }
--- a/hosts/rico1/services/frpc.nix
+++ b/hosts/rico1/services/frpc.nix
@ -0,0 +1,33 @@
 {
  pkgs,
  secrets,
  ...
 }: let
  inherit (secrets) frp_config;
 in {
  systemd.services.frpc = {
    enable = true;
    description = "FRP Client";
    after = ["network.target"];
    requires = ["network.target"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      Type = "simple";
      ExecStart = "${pkgs.frp}/bin/frpc -c /etc/frp/frpc.ini";
      Restart = "always";
      RestartSec = "5s";
    };
  };
  environment.etc."frp/frpc.ini".text = ''
    [common]
    server_addr = "${frp_config.ip}"
    server_port = 7000
    authentication_method = token
    token = "${frp_config.token}"
    [ssh.rico1]
    type = tcp
    local_port = 22
    remote_port = 6001
  '';
 }
--- a/hosts/rico1/services/ssh.nix
+++ b/hosts/rico1/services/ssh.nix
@ -0,0 +1,9 @@
 _: {
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
  };
 }
`@ -1,2 +1,2 @@`
	`# NixOS configuration for Skipper and Rico2`	`# NixOS configuration for Skipper, Rico1 and Rico2`