commit 08b84676a544cf5de0571fdf3740d521cef6c5b1
Author: Patrick Balsiger <frupii@gmail.com>
Date:   Fri Jul 7 08:49:04 2023 +0200

    initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0aef5e6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+nixos.qcow2
+result
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..47f4a3c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# Nix Configuration
+
+This repo contains my personal Nix / NixOS configuration.
+
+## Usage
+
+Run `ctl.sh` to see the list of commands to manage the system.
+
+```bash
+./ctl.sh
+
+ ~> OS
+
+    os-test           Rebuild and test OS without creating a new generation
+    os-rebuild        Rebuild OS and create new generation
+    os-upgrade        Upgrade channels and rebuild OS
+    vm                Build and run as VM
+
+ ~> Store
+
+    store-gc          Collecting garbage in nix-store
+    store-optimise    Optimise nix-store
+    search PACKAGE    Search for package
+
+ ~> Shell
+
+    shell NAME        Run a nix-shell from ./shell/
+```
diff --git a/ctl.sh b/ctl.sh
new file mode 100755
index 0000000..af060a2
--- /dev/null
+++ b/ctl.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+##
+## ~> OS
+##
+
+function info {
+	clear
+	cat motd
+	echo "NixOS Version $(nixos-version)"
+	sed -n 's/^##//p' ctl.sh
+}
+
+##    os-test           Rebuild and test OS without creating a new generation
+function os-test {
+	sudo nixos-rebuild --flake ./os#nixos test
+}
+
+##    os-rebuild        Rebuild OS and create new generation
+function os-rebuild {
+	echo "Rebuild OS"
+	sudo nixos-rebuild --flake ./os#nixos switch
+}
+
+##    os-upgrade        Upgrade channels and rebuild OS
+function os-upgrade {
+	echo "Upgrade channels and rebuild OS"
+	sudo nixos-rebuild --upgrade --flake ./os#nixos switch
+}
+
+##    vm                Build and run as VM
+function vm {
+	echo "Build and run configuration as VM"
+	rm *.qcow2
+	nixos-rebuild build-vm --flake ./os#nixos && result/bin/run-*-vm
+}
+
+##
+## ~> Store
+##
+
+##    store-gc          Collecting garbage in nix-store
+function store-gc {
+	echo "Collecting garbage"
+	nix-store --gc --print-roots | egrep -v "^(/nix/var|/run/\w+-system|\{memory|/proc)"
+}
+
+##    store-optimise    Optimise nix-store
+function store-optimise {
+	echo "Optimizing nix-store. This may take a moment..."
+	nix-store --optimise
+}
+
+##    search PACKAGE    Search for package
+function search {
+	nix search nixpkgs $1
+}
+
+##
+## ~> Shell
+##
+
+##    shell NAME        Run a nix-shell from ./shell/
+function shell {
+	nix-shell ./shell/$1.nix
+}
+
+${@:-info}
diff --git a/motd b/motd
new file mode 100644
index 0000000..c72845c
--- /dev/null
+++ b/motd
@@ -0,0 +1,12 @@
+
+ ███▄    █  ██▓▒██   ██▒ ▄████▄  ▄▄▄█████▓ ██▓    
+ ██ ▀█   █ ▓██▒▒▒ █ █ ▒░▒██▀ ▀█  ▓  ██▒ ▓▒▓██▒    
+▓██  ▀█ ██▒▒██▒░░  █   ░▒▓█    ▄ ▒ ▓██░ ▒░▒██░    
+▓██▒  ▐▌██▒░██░ ░ █ █ ▒ ▒▓▓▄ ▄██▒░ ▓██▓ ░ ▒██░    
+▒██░   ▓██░░██░▒██▒ ▒██▒▒ ▓███▀ ░  ▒██▒ ░ ░██████▒
+░ ▒░   ▒ ▒ ░▓  ▒▒ ░ ░▓ ░░ ░▒ ▒  ░  ▒ ░░   ░ ▒░▓  ░
+░ ░░   ░ ▒░ ▒ ░░░   ░▒ ░  ░  ▒       ░    ░ ░ ▒  ░
+   ░   ░ ░  ▒ ░ ░    ░  ░          ░        ░ ░   
+         ░  ░   ░    ░  ░ ░                   ░  ░
+                        ░                         
+
diff --git a/os/configuration.nix b/os/configuration.nix
new file mode 100644
index 0000000..b3ac87e
--- /dev/null
+++ b/os/configuration.nix
@@ -0,0 +1,128 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  nix = {
+    package = pkgs.nixFlakes;
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+
+  nixpkgs.config.allowUnfree = true;
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  #  networking.hostName = "nixos";
+  #  networking.networkmanager.enable = true;
+
+  #  time.timeZone = "Europe/Zurich";
+  #  i18n.defaultLocale = "en_US.UTF-8";
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+
+  # xserver
+  # services.xserver = {
+  #   enable = true;
+  #   layout = "ch";
+  #   xkbVariant = "";
+  #   # Enable the KDE Plasma Desktop Environment.
+  #   displayManager.sddm.enable = true;
+  #   desktopManager.plasma5.enable = true;
+  # };
+  # Configure console keymap
+  #console.keyMap = "sg";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = false;
+  # security.rtkit.enable = true;
+  # services.pipewire = {
+  #   enable = true;
+  #   alsa.enable = true;
+  #   alsa.support32Bit = true;
+  #   pulse.enable = true;
+  #   # If you want to use JACK applications, uncomment this
+  #   #jack.enable = true;
+
+  #   # use the example session manager (no others are packaged yet so this is enabled by default,
+  #   # no need to redefine it in your config for now)
+  #   #media-session.enable = true;
+  # };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  #  users.users.master = {
+  #    isNormalUser = true;
+  #    description = "master";
+  #    extraGroups = [ "networkmanager" "wheel" ];
+  #    packages = with pkgs; [
+  #      kate
+  #    ];
+  #  };
+
+  # Allow unfree packages
+  #nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  #  environment.systemPackages = with pkgs; [
+  #    fd
+  #    fzf
+  #    ripgrep
+  #    jq
+  #    git
+  #    pinentry
+  #    vim
+  #    gcc
+  #    unzip
+  #    wget
+  #    plasma5Packages.bismuth
+  #    kdeconnect
+  #    firefox
+  #    thunderbird
+  #    remmina
+  #  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+  # networking.firewall = {
+  #   enable = true;
+  #   allowedTCPPortRanges = [
+  #     { from = 1714; to = 1764; } # KDE Connect
+  #   ];
+  #   allowedUDPPortRanges = [
+  #     { from = 1714; to = 1764; } # KDE Connect
+  #   ];
+  # };
+
+}
diff --git a/os/flake.lock b/os/flake.lock
new file mode 100644
index 0000000..08b64a3
--- /dev/null
+++ b/os/flake.lock
@@ -0,0 +1,49 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1687871164,
+        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1688109178,
+        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/os/flake.nix b/os/flake.nix
new file mode 100644
index 0000000..bdbf03a
--- /dev/null
+++ b/os/flake.nix
@@ -0,0 +1,29 @@
+{
+  description = "flake for nixos";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    home-manager.url = "github:nix-community/home-manager/release-23.05";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager }: {
+    nixosConfigurations = {
+      nixos = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          home-manager.nixosModules.home-manager
+          ./configuration.nix
+          ./system/i18n.nix
+          ./system/network.nix
+          ./system/sound.nix
+          ./system/xserver.nix
+          ./system/virtualisation.nix
+          ./system/packages.nix
+          ./users/demo.nix
+          ./users/master.nix
+        ];
+      };
+    };
+  };
+}
diff --git a/os/hardware-configuration.nix b/os/hardware-configuration.nix
new file mode 100644
index 0000000..eb883ee
--- /dev/null
+++ b/os/hardware-configuration.nix
@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/6ee375f9-a8ab-4160-b2d7-99678ed98ada";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/3354-0135";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/a9ace4f2-ac01-41fa-9be9-67f9cc1fad34"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/os/system/i18n.nix b/os/system/i18n.nix
new file mode 100644
index 0000000..bf5296b
--- /dev/null
+++ b/os/system/i18n.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }: {
+
+  time.timeZone = "Europe/Zurich";
+  i18n.defaultLocale = "en_US.UTF-8";
+  console.keyMap = "sg";
+}
diff --git a/os/system/network.nix b/os/system/network.nix
new file mode 100644
index 0000000..d07f699
--- /dev/null
+++ b/os/system/network.nix
@@ -0,0 +1,20 @@
+{ pkgs, ... }: {
+
+  networking = {
+
+    hostName = "nixos";
+    networkmanager.enable = true;
+
+    firewall = {
+      enable = true;
+      allowedTCPPortRanges = [
+        { from = 1714; to = 1764; } # KDE Connect
+      ];
+      allowedUDPPortRanges = [
+        { from = 1714; to = 1764; } # KDE Connect
+      ];
+    };
+
+  };
+
+}
diff --git a/os/system/packages.nix b/os/system/packages.nix
new file mode 100644
index 0000000..df5cf9a
--- /dev/null
+++ b/os/system/packages.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    fd
+    fzf
+    ripgrep
+    jq
+    git
+    gnumake
+    pinentry
+    vim
+    gcc
+    unzip
+    wget
+    plasma5Packages.bismuth
+    kdeconnect
+    firefox
+    thunderbird
+    remmina
+    docker-buildx
+  ];
+}
diff --git a/os/system/sound.nix b/os/system/sound.nix
new file mode 100644
index 0000000..3f591d7
--- /dev/null
+++ b/os/system/sound.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }: {
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+}
diff --git a/os/system/virtualisation.nix b/os/system/virtualisation.nix
new file mode 100644
index 0000000..1f712ec
--- /dev/null
+++ b/os/system/virtualisation.nix
@@ -0,0 +1,3 @@
+{ pkgs, ... }: {
+  virtualisation.docker.enable = true;
+}
diff --git a/os/system/xserver.nix b/os/system/xserver.nix
new file mode 100644
index 0000000..b155101
--- /dev/null
+++ b/os/system/xserver.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  services.xserver = {
+    enable = true;
+    layout = "ch";
+    xkbVariant = "";
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5.enable = true;
+  };
+}
diff --git a/os/users/demo.nix b/os/users/demo.nix
new file mode 100644
index 0000000..0ee1cf8
--- /dev/null
+++ b/os/users/demo.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }: {
+  users.users.demo.isNormalUser = true;
+  users.users.demo.initialPassword = "demo";
+  system.stateVersion = "23.05";
+}
diff --git a/os/users/master.nix b/os/users/master.nix
new file mode 100644
index 0000000..6b06d77
--- /dev/null
+++ b/os/users/master.nix
@@ -0,0 +1,54 @@
+{ pkgs, ... }: {
+
+  users.users.master = {
+    isNormalUser = true;
+    description = "master";
+    initialPassword = "master";
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+
+  home-manager.users.master = {
+
+    home.stateVersion = "23.05";
+    home.username = "master";
+    home.homeDirectory = "/home/master";
+    home.packages = with pkgs; [
+      nerdfonts
+      tmux
+      btop
+      ranger
+      vscode
+      nodejs
+      terraform
+      consul
+      nomad
+      packer
+      cargo
+      kubectl
+      chromium
+    ];
+
+    programs.home-manager.enable = true;
+
+    programs.bash = {
+      enable = true;
+    };
+
+    programs.starship = {
+      enable = true;
+      enableBashIntegration = true;
+      settings = {
+        directory.fish_style_pwd_dir_length = 1;
+        directory.truncation_length = 2;
+      };
+    };
+
+    programs.neovim = {
+      enable = true;
+      defaultEditor = true;
+      viAlias = true;
+      vimAlias = true;
+      vimdiffAlias = true;
+    };
+  };
+}
diff --git a/shell/hashi.nix b/shell/hashi.nix
new file mode 100644
index 0000000..38c4b10
--- /dev/null
+++ b/shell/hashi.nix
@@ -0,0 +1,18 @@
+let
+  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
+in
+{ pkgs ? import <nixpkgs> { } }:
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    gnumake
+    dnsutils
+    netcat
+    ansible
+    terraform
+    consul
+    unstable.nomad_1_5
+    vault
+    nomad-pack
+    waypoint
+  ];
+}
diff --git a/shell/k8s.nix b/shell/k8s.nix
new file mode 100644
index 0000000..d1e493d
--- /dev/null
+++ b/shell/k8s.nix
@@ -0,0 +1,18 @@
+let
+  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
+in
+{ pkgs ? import <nixpkgs> {
+    config.allowUnfree = true;
+  }
+}:
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    dnsutils
+    netcat
+    terraform
+    kubectl
+    kubernetes-helm
+    k9s
+    lens
+  ];
+}