iac/nix
1
0
Fork 0
mirror of https://github.com/0x1d/nix.git synced 2025-12-14 05:56:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
0x1d
2023-07-07 08:49:04 +02:00
commit 08b84676a5
18 changed files with 524 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
nixos.qcow2
result

28
README.md Normal file
View File

@@ -0,0 +1,28 @@
# Nix Configuration
This repo contains my personal Nix / NixOS configuration.
## Usage
Run `ctl.sh` to see the list of commands to manage the system.
```bash
./ctl.sh
~> OS
os-test Rebuild and test OS without creating a new generation
os-rebuild Rebuild OS and create new generation
os-upgrade Upgrade channels and rebuild OS
vm Build and run as VM
~> Store
store-gc Collecting garbage in nix-store
store-optimise Optimise nix-store
search PACKAGE Search for package
~> Shell
shell NAME Run a nix-shell from ./shell/
```

68
ctl.sh Executable file
View File

@@ -0,0 +1,68 @@
#!/usr/bin/env bash
##
## ~> OS
##
function info {
clear
cat motd
echo "NixOS Version $(nixos-version)"
sed -n 's/^##//p' ctl.sh
}
## os-test Rebuild and test OS without creating a new generation
function os-test {
sudo nixos-rebuild --flake ./os#nixos test
}
## os-rebuild Rebuild OS and create new generation
function os-rebuild {
echo "Rebuild OS"
sudo nixos-rebuild --flake ./os#nixos switch
}
## os-upgrade Upgrade channels and rebuild OS
function os-upgrade {
echo "Upgrade channels and rebuild OS"
sudo nixos-rebuild --upgrade --flake ./os#nixos switch
}
## vm Build and run as VM
function vm {
echo "Build and run configuration as VM"
rm *.qcow2
nixos-rebuild build-vm --flake ./os#nixos && result/bin/run-*-vm
}
##
## ~> Store
##
## store-gc Collecting garbage in nix-store
function store-gc {
echo "Collecting garbage"
nix-store --gc --print-roots | egrep -v "^(/nix/var|/run/\w+-system|\{memory|/proc)"
}
## store-optimise Optimise nix-store
function store-optimise {
echo "Optimizing nix-store. This may take a moment..."
nix-store --optimise
}
## search PACKAGE Search for package
function search {
nix search nixpkgs $1
}
##
## ~> Shell
##
## shell NAME Run a nix-shell from ./shell/
function shell {
nix-shell ./shell/$1.nix
}
${@:-info}

12
motd Normal file
View File

@@ -0,0 +1,12 @@
███▄ █ ██▓▒██ ██▒ ▄████▄ ▄▄▄█████▓ ██▓
██ ▀█ █ ▓██▒▒▒ █ █ ▒░▒██▀ ▀█ ▓ ██▒ ▓▒▓██▒
▓██ ▀█ ██▒▒██▒░░ █ ░▒▓█ ▄ ▒ ▓██░ ▒░▒██░
▓██▒ ▐▌██▒░██░ ░ █ █ ▒ ▒▓▓▄ ▄██▒░ ▓██▓ ░ ▒██░
▒██░ ▓██░░██░▒██▒ ▒██▒▒ ▓███▀ ░ ▒██▒ ░ ░██████▒
░ ▒░ ▒ ▒ ░▓ ▒▒ ░ ░▓ ░░ ░▒ ▒ ░ ▒ ░░ ░ ▒░▓ ░
░ ░░ ░ ▒░ ▒ ░░░ ░▒ ░ ░ ▒ ░ ░ ░ ▒ ░
░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░

128
os/configuration.nix Normal file
View File

@@ -0,0 +1,128 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
nix = {
package = pkgs.nixFlakes;
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
system.stateVersion = "23.05";
nixpkgs.config.allowUnfree = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# networking.hostName = "nixos";
# networking.networkmanager.enable = true;
# time.timeZone = "Europe/Zurich";
# i18n.defaultLocale = "en_US.UTF-8";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
# xserver
# services.xserver = {
# enable = true;
# layout = "ch";
# xkbVariant = "";
# # Enable the KDE Plasma Desktop Environment.
# displayManager.sddm.enable = true;
# desktopManager.plasma5.enable = true;
# };
# Configure console keymap
#console.keyMap = "sg";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
# sound.enable = true;
# hardware.pulseaudio.enable = false;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# # If you want to use JACK applications, uncomment this
# #jack.enable = true;
# # use the example session manager (no others are packaged yet so this is enabled by default,
# # no need to redefine it in your config for now)
# #media-session.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.master = {
# isNormalUser = true;
# description = "master";
# extraGroups = [ "networkmanager" "wheel" ];
# packages = with pkgs; [
# kate
# ];
# };
# Allow unfree packages
#nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# fd
# fzf
# ripgrep
# jq
# git
# pinentry
# vim
# gcc
# unzip
# wget
# plasma5Packages.bismuth
# kdeconnect
# firefox
# thunderbird
# remmina
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# networking.firewall = {
# enable = true;
# allowedTCPPortRanges = [
# { from = 1714; to = 1764; } # KDE Connect
# ];
# allowedUDPPortRanges = [
# { from = 1714; to = 1764; } # KDE Connect
# ];
# };
}

49
os/flake.lock generated Normal file
View File

@@ -0,0 +1,49 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1688109178,
"narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

29
os/flake.nix Normal file
View File

@@ -0,0 +1,29 @@
{
description = "flake for nixos";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
home-manager.url = "github:nix-community/home-manager/release-23.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager }: {
nixosConfigurations = {
nixos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./configuration.nix
./system/i18n.nix
./system/network.nix
./system/sound.nix
./system/xserver.nix
./system/virtualisation.nix
./system/packages.nix
./users/demo.nix
./users/master.nix
];
};
};
};
}

43
os/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/6ee375f9-a8ab-4160-b2d7-99678ed98ada";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/3354-0135";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/a9ace4f2-ac01-41fa-9be9-67f9cc1fad34"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
os/system/i18n.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }: {
time.timeZone = "Europe/Zurich";
i18n.defaultLocale = "en_US.UTF-8";
console.keyMap = "sg";
}

20
os/system/network.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }: {
networking = {
hostName = "nixos";
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
};
};
}

21
os/system/packages.nix Normal file
View File

@@ -0,0 +1,21 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
fd
fzf
ripgrep
jq
git
gnumake
pinentry
vim
gcc
unzip
wget
plasma5Packages.bismuth
kdeconnect
firefox
thunderbird
remmina
docker-buildx
];
}

11
os/system/sound.nix Normal file
View File

@@ -0,0 +1,11 @@
{ pkgs, ... }: {
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

3
os/system/virtualisation.nix Normal file
View File

@@ -0,0 +1,3 @@
{ pkgs, ... }: {
virtualisation.docker.enable = true;
}

9
os/system/xserver.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }: {
services.xserver = {
enable = true;
layout = "ch";
xkbVariant = "";
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
};
}

5
os/users/demo.nix Normal file
View File

@@ -0,0 +1,5 @@
{ pkgs, ... }: {
users.users.demo.isNormalUser = true;
users.users.demo.initialPassword = "demo";
system.stateVersion = "23.05";
}

54
os/users/master.nix Normal file
View File

@@ -0,0 +1,54 @@
{ pkgs, ... }: {
users.users.master = {
isNormalUser = true;
description = "master";
initialPassword = "master";
extraGroups = [ "networkmanager" "wheel" "docker" ];
};
home-manager.users.master = {
home.stateVersion = "23.05";
home.username = "master";
home.homeDirectory = "/home/master";
home.packages = with pkgs; [
nerdfonts
tmux
btop
ranger
vscode
nodejs
terraform
consul
nomad
packer
cargo
kubectl
chromium
];
programs.home-manager.enable = true;
programs.bash = {
enable = true;
};
programs.starship = {
enable = true;
enableBashIntegration = true;
settings = {
directory.fish_style_pwd_dir_length = 1;
directory.truncation_length = 2;
};
};
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
};
};
}

18
shell/hashi.nix Normal file
View File

@@ -0,0 +1,18 @@
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
in
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
buildInputs = with pkgs; [
gnumake
dnsutils
netcat
ansible
terraform
consul
unstable.nomad_1_5
vault
nomad-pack
waypoint
];
}

18
shell/k8s.nix Normal file
View File

@@ -0,0 +1,18 @@
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
in
{ pkgs ? import <nixpkgs> {
config.allowUnfree = true;
}
}:
pkgs.mkShell {
buildInputs = with pkgs; [
dnsutils
netcat
terraform
kubectl
kubernetes-helm
k9s
lens
];
}