restructure and rename directories

2023-10-22 22:30:51 +02:00 · 2023-10-22 22:30:51 +02:00 · 36b2ded537
commit 36b2ded537
parent 81313d1d5d
23 changed files with 29 additions and 20 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -0,0 +1,130 @@
+{ pkgs, config, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  boot = {
+    loader.systemd-boot.enable = true;
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.gdm = {
+        enable = true;
+      };
+      desktopManager.gnome.enable = true;
+      excludePackages = with pkgs; [ xterm ];
+    };
+
+    printing = {
+      enable = true;
+      drivers = [ pkgs.hplip pkgs.gutenprint ];
+    };
+  };
+
+  users = {
+    users.pim = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "docker" ];
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [
+      wget
+      curl
+      git
+      btop
+      ripgrep
+      vim
+      dogdns
+      tree
+      bat
+    ];
+    gnome.excludePackages = with pkgs; [
+      gnome.totem
+      gnome-tour
+      gnome.epiphany
+      gnome.geary
+      gnome-console
+      gnome.gnome-music
+    ];
+  };
+
+  system.stateVersion = "23.05";
+
+  programs.ssh.knownHosts = {
+    dmz = {
+      hostNames = ["*.dmz"];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
+      certAuthority = true;
+    };
+
+    hypervisors = {
+      hostNames = ["*.hyp"];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
+      certAuthority = true;
+    };
+  };
+
+  security.sudo.extraConfig = ''
+    Defaults        timestamp_timeout=30
+  '';
+
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+
+    gc = {
+      automatic = true;
+      persistent = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+  };
+
+  age = {
+    identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
+
+    secrets = {
+      wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
+      wg-quick-home-preshared-key.file = ../secrets/wg-quick-home-preshared-key.age;
+    };
+  };
+
+  networking = {
+    hostName = "x260";
+
+    wg-quick.interfaces.home = {
+      privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
+      address = [
+        "10.225.191.4/24"
+        "fd11:5ee:bad:c0de::4/64"
+      ];
+      dns = [ "192.168.30.8" ];
+      peers = [{
+        presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
+        endpoint = "84.245.14.149:51820";
+        publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+        allowedIPs = [
+          "0.0.0.0/0"
+          "::0/0"
+        ];
+      }];
+    };
+  };
+
+  virtualisation.docker = {
+    enable = true;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+}
--- a/nixos/hardware-configuration.nix
+++ b/nixos/hardware-configuration.nix
@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/87DA-B083";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}