From 956a0e3bbcedef9f3472ea5cae64950468701c38 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Tue, 5 Oct 2021 23:45:02 +0200 Subject: [PATCH] Initial commit --- flake.lock | 47 +++++++++ flake.nix | 136 +++++++++++++++++++++++++ lib/default.nix | 5 + lib/host.nix | 47 +++++++++ lib/user.nix | 49 +++++++++ modules/system/boot/default.nix | 83 +++++++++++++++ modules/system/core/default.nix | 69 +++++++++++++ modules/system/default.nix | 8 ++ modules/system/nixos/default.nix | 19 ++++ modules/users/applications/default.nix | 26 +++++ modules/users/default.nix | 11 ++ modules/users/fish/default.nix | 29 ++++++ modules/users/git/default.nix | 41 ++++++++ modules/users/gpg/default.nix | 32 ++++++ modules/users/input/default.nix | 22 ++++ modules/users/ssh/default.nix | 23 +++++ 16 files changed, 647 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 lib/default.nix create mode 100644 lib/host.nix create mode 100644 lib/user.nix create mode 100644 modules/system/boot/default.nix create mode 100644 modules/system/core/default.nix create mode 100644 modules/system/default.nix create mode 100644 modules/system/nixos/default.nix create mode 100644 modules/users/applications/default.nix create mode 100644 modules/users/default.nix create mode 100644 modules/users/fish/default.nix create mode 100644 modules/users/git/default.nix create mode 100644 modules/users/gpg/default.nix create mode 100644 modules/users/input/default.nix create mode 100644 modules/users/ssh/default.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e14fdb3 --- /dev/null +++ b/flake.lock @@ -0,0 +1,47 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1632256651, + "narHash": "sha256-+jbZKohfqTjp/5SwudwIhYzmFqmGDlIG99V5lOE4Yjg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "58aa667e28ca4a6a2159b1f3258ef5d494d5ecb6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1631962327, + "narHash": "sha256-h2fgtNHozEcB42BQ1QVWAJUpQ1FA3gpgq/RrOKAxbfE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bc9b956714ed6eac5f8888322aac5bc41389defa", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7c80554 --- /dev/null +++ b/flake.nix @@ -0,0 +1,136 @@ +{ + description = "System config"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { nixpkgs, home-manager, ... }@inputs: + let + inherit (nixpkgs) lib; + + util = import ./lib { + inherit system pkgs home-manager lib; + overlays = (pkgs.overlays); + }; + + inherit (util) user; + inherit (util) host; + + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ ]; + }; + + system = "x86_64-linux"; + + nixosConfig = { + boot = { + type = "qemu-bios"; + qemu = true; + grubInstallDevice = "/dev/vda"; + }; + core.enable = true; + }; + + vm2Config = { + boot = { + type = "uefi"; + qemu = true; + }; + core.enable = true; + }; + + nixosUsers = [{ + name = "erwin"; + groups = [ "wheel" "networkmanager" "video" ]; + uid = 1000; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNoTcRsAxDwpiIj6nhUXwzSQjtcgKCR0RDlzP57wi0W erwin@horusvr-ws2" + ]; + }]; + + in { + homeManagerConfigurations = { + erwin = user.mkHMUser { + userConfig = { + git.enable = true; + ssh.enable = true; + applications.enable = true; + gpg.enable = true; + fish.enable = true; + }; + username = "erwin"; + }; + }; + + nixosConfigurations = { + vm1 = host.mkHost { + name = "vm1"; + NICs = [ "enp1s0" ]; + kernelPackage = pkgs.linuxPackages; + initrdMods = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + "virtio_net" + "virtio_mmio" + "virtio_scsi" + "9p" + "9pnet_virtio" + ]; + kernelMods = + [ "kvm-amd" "virtio_balloon" "virtio_console" "virtio_rng" ]; + kernelParams = [ ]; + systemConfig = nixosConfig; + + users = nixosUsers; + + cpuCores = 6; + }; + + vm2 = host.mkHost { + name = "vm2"; + NICs = [ "enp1s0" ]; + kernelPackage = pkgs.linuxPackages; + initrdMods = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + "virtio_net" + "virtio_mmio" + "virtio_scsi" + "9p" + "9pnet_virtio" + ]; + kernelMods = + [ "kvm-amd" "virtio_balloon" "virtio_console" "virtio_rng" ]; + kernelParams = [ ]; + systemConfig = vm2Config; + + users = nixosUsers; + + cpuCores = 4; + }; + + loki = host.mkHost { + name = "loki"; + NICs = [ "enp4s0" ]; + kernelPackage = pkgs.linuxPackages; + initrdMods = [ "nvme" "xhci_pci" "ahci" ]; + kernelMods = [ "kvm-amd" ]; + }; + }; + }; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..8f8b1f9 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,5 @@ +{ pkgs, home-manager, system, lib, overlays, ... }: +rec { + user = import ./user.nix { inherit pkgs home-manager lib system overlays; }; + host = import ./host.nix { inherit system pkgs home-manager lib user; }; +} diff --git a/lib/host.nix b/lib/host.nix new file mode 100644 index 0000000..79133bf --- /dev/null +++ b/lib/host.nix @@ -0,0 +1,47 @@ +{ system, pkgs, home-manager, lib, user, ... }: +with builtins; +{ + mkHost = { name, NICs, initrdMods, kernelMods, kernelParams, kernelPackage, + systemConfig, cpuCores, users, wifi ? [], + gpuTempSensor ? null, cpuTempSensor ? null + }: + let + networkCfg = listToAttrs (map (n: { + name = "${n}"; value = { useDHCP = true; }; + }) NICs); + + userCfg = { + inherit name NICs systemConfig cpuCores gpuTempSensor cpuTempSensor; + }; + + sys_users = (map (u: user.mkSystemUser u) users); + in lib.nixosSystem { + inherit system; + + modules = [ + { + imports = [ ../modules/system ] ++ sys_users; + + eb = systemConfig; + + environment.etc = { + "hmsystemdata.json".text = toJSON userCfg; + }; + + networking.hostName = "${name}"; + networking.interfaces = networkCfg; + networking.wireless.interfaces = wifi; + + boot.initrd.availableKernelModules = initrdMods; + boot.kernelModules = kernelMods; + boot.kernelParams = kernelParams; + boot.kernelPackages = kernelPackage; + + nixpkgs.pkgs = pkgs; + nix.maxJobs = lib.mkDefault cpuCores; + + system.stateVersion = "21.05"; + } + ]; + }; +} diff --git a/lib/user.nix b/lib/user.nix new file mode 100644 index 0000000..42de624 --- /dev/null +++ b/lib/user.nix @@ -0,0 +1,49 @@ +{ pkgs, home-manager, lib, system, overlays, ... }: +with builtins; +{ + mkHMUser = { userConfig, username }: + home-manager.lib.homeManagerConfiguration { + inherit system username pkgs; + stateVersion = "21.05"; + configuration = + let + trySettings = tryEval (fromJSON (readFile /etc/hmsystemdata.json)); + machineData = if trySettings.success then trySettings.value else {}; + + machineModule = { pkgs, config, lib, ... }: { + options.machineData = lib.mkOption { + default = {}; + description = "Settings passed from nixos system config. If not present it will be empty."; + }; + + config.machineData = machineData; + }; + in { + erwin = userConfig; + + nixpkgs.overlays = overlays; + nixpkgs.config.allowUnfree = true; + + systemd.user.startServices = true; + home.stateVersion = "21.05"; + home.username = username; + home.homeDirectory = "/home/${username}"; + + imports = [ ../modules/users machineModule ]; + }; + homeDirectory = "/home/${username}"; + }; + + mkSystemUser = { name, groups, uid, shell, ... }: + { + users.users."${name}" = { + name = name; + isNormalUser = true; + isSystemUser = false; + extraGroups = groups; + uid = uid; + initialPassword = "helloworld"; + shell = shell; + }; + }; +} diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix new file mode 100644 index 0000000..5ee6a5c --- /dev/null +++ b/modules/system/boot/default.nix @@ -0,0 +1,83 @@ +{ pkgs, config, lib, ... }: +with lib; + +let cfg = config.eb.boot; +in { + options.eb.boot = { + type = mkOption { + description = "Type of boot. Default bios."; + default = null; + type = types.enum [ "bios" "uefi" ]; + }; + + qemu = mkOption { + description = "Set to true if running in qemu"; + default = false; + type = types.bool; + }; + + grubInstallDevice = mkOption { + description = "The disk to install Grub to"; + type = types.nullOr types.str; + default = null; + }; + }; + + config = mkMerge [ + { + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; + } + (mkIf (cfg.type == "bios") { + boot.loader = { + grub = { + enable = true; + version = 2; + device = cfg.grubInstallDevice; + efiSupport = false; + useOSProber = true; + extraEntries = '' + menuentry "Reboot" { + reboot + } + menuentry "Power off" { + halt + } + ''; + }; + }; + + }) + (mkIf (cfg.type == "uefi") { + boot.loader = { + systemd-boot = { + enable = true; + editor = false; + configurationLimit = 10; + }; + + efi.canTouchEfiVariables = true; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + }) + (mkIf (cfg.qemu) { + boot.initrd.postDeviceCommands = '' + # Set the system time from the hardware clock to work around a + # bug in qemu-kvm > 1.5.2 where the VM clock is initialized + # to the *boot time* of the host. + hwclock -s + ''; + + services.qemuGuest.enable = true; + }) + ]; +} diff --git a/modules/system/core/default.nix b/modules/system/core/default.nix new file mode 100644 index 0000000..62b9bbc --- /dev/null +++ b/modules/system/core/default.nix @@ -0,0 +1,69 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.eb.core; +in { + options.eb.core = { + enable = mkOption { + description = "Enable core options"; + type = types.bool; + default = true; + }; + }; + + config = mkIf (cfg.enable) { + nix = { + package = pkgs.nixUnstable; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 10d"; + }; + }; + + environment.shells = [ pkgs.fish pkgs.zsh pkgs.bash ]; + + console = { + font = "Lat2-Terminus16"; + keyMap = "colemak"; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "Europe/Amsterdam"; + + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + hardware.enableRedistributableFirmware = lib.mkDefault true; + + environment.systemPackages = with pkgs; [ + unzip + + zsh + fish + + gawk + gnused + + curl + xh + + bottom + acpi + pstree + + git + + patchelf + nix-index + manix + + neovim + ]; + + security.sudo.extraConfig = ''Defaults env_reset,timestamp_timeout=5,insults,lecture="always"''; + security.sudo.execWheelOnly = true; + + services.openssh.enable = true; + + }; +} diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..467a211 --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,8 @@ +{ pkgs, config, lib, ... }: +{ + imports = [ + ./boot + ./core + ./nixos + ]; +} diff --git a/modules/system/nixos/default.nix b/modules/system/nixos/default.nix new file mode 100644 index 0000000..c240523 --- /dev/null +++ b/modules/system/nixos/default.nix @@ -0,0 +1,19 @@ +{ pkgs, config, lib, ... }: +with lib; +let + cfg = config.eb.nixos; +in { + options.eb.nixos = { + enable = mkOption { + description = "Whether to enable nixos settings"; + type = types.bool; + default = false; + }; + }; + + config = mkIf (cfg.enable) { + environment.systemPackages = [ + ]; + + }; +} diff --git a/modules/users/applications/default.nix b/modules/users/applications/default.nix new file mode 100644 index 0000000..263a492 --- /dev/null +++ b/modules/users/applications/default.nix @@ -0,0 +1,26 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.erwin.applications; +in { + options.erwin.applications = { + enable = mkOption { + description = "Enable a set of common applications"; + type = types.bool; + default = false; + }; + }; + + config = mkIf (cfg.enable) { + home.sessionVariables = { + EDITOR = "vim"; + }; + + home.packages = with pkgs; [ + neovim + ]; + + fonts.fontconfig.enable = true; + }; +} diff --git a/modules/users/default.nix b/modules/users/default.nix new file mode 100644 index 0000000..8a4971e --- /dev/null +++ b/modules/users/default.nix @@ -0,0 +1,11 @@ +{ pkgs, config, lib, ... }: + +{ + imports = [ + ./applications + ./fish + ./git + ./gpg + ./ssh + ]; +} diff --git a/modules/users/fish/default.nix b/modules/users/fish/default.nix new file mode 100644 index 0000000..590ea3d --- /dev/null +++ b/modules/users/fish/default.nix @@ -0,0 +1,29 @@ +{ pkgs, config, lib, ... }: +with lib; + +let cfg = config.erwin.fish; +in { + options.erwin.fish = { + enable = mkOption { + description = "Enable fish shell"; + type = types.bool; + default = false; + }; + }; + + config = mkIf (cfg.enable) (let starship = pkgs.starship; + in { + programs.starship = { + enable = true; + enableFishIntegration = true; + }; + + programs.fish = { + enable = true; + + # interactiveShellInit = '' + # source ("${starship}/bin/starship" init fish --print-full-init | psub) + # ''; + }; + }); +} diff --git a/modules/users/git/default.nix b/modules/users/git/default.nix new file mode 100644 index 0000000..e358672 --- /dev/null +++ b/modules/users/git/default.nix @@ -0,0 +1,41 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.erwin.git; +in { + options.erwin.git = { + enable = mkOption { + description = "Enable git"; + type = types.bool; + default = false; + }; + + userName = mkOption { + description = "Name for git"; + type = types.str; + default = "Erwin Boskma"; + }; + + userEmail = mkOption { + description = "Email for git"; + type = types.str; + default = "erwin@datarift.nl"; + }; + }; + + config = mkIf (cfg.enable) { + programs.git = { + enable = true; + userName = cfg.userName; + userEmail = cfg.userEmail; + extraConfig = { + credential.helper = "${pkgs.git.override { withLibsecret = true; }}/bin/git-credential-libsecret"; + }; + }; + + home.packages = with pkgs; [ + ]; + }; +} + diff --git a/modules/users/gpg/default.nix b/modules/users/gpg/default.nix new file mode 100644 index 0000000..bc22408 --- /dev/null +++ b/modules/users/gpg/default.nix @@ -0,0 +1,32 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.erwin.gpg; +in { + options.erwin.gpg = { + enable = mkOption { + description = "Enable GPG"; + type = types.bool; + default = false; + }; + }; + + config = mkIf (cfg.enable) { + home.packages = with pkgs; [ + pinentry-curses + ]; + + programs.gpg = { + enable = true; + }; + + services.gpg-agent = { + enable = true; + pinentryFlavor = "curses"; + enableSshSupport = true; + defaultCacheTtlSsh = 14400; + maxCacheTtlSsh = 14400; + }; + }; +} diff --git a/modules/users/input/default.nix b/modules/users/input/default.nix new file mode 100644 index 0000000..6518b34 --- /dev/null +++ b/modules/users/input/default.nix @@ -0,0 +1,22 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.erwin.input; +in { + options.erwin.input = { + enable = mkOption { + description = "Enable input configuration"; + type = types.bool; + default = false; + }; + }; + + config = mkIf (cfg.enable) { + home.keyboard = { + layout = "us"; + variant = "colemak"; + options = []; + }; + }; +} diff --git a/modules/users/ssh/default.nix b/modules/users/ssh/default.nix new file mode 100644 index 0000000..64183b9 --- /dev/null +++ b/modules/users/ssh/default.nix @@ -0,0 +1,23 @@ +{ pkgs, config, lib, ... }: +with lib; + +let + cfg = config.erwin.ssh; +in { + options.erwin.ssh = { + enable = mkOption { + description = "Enable ssh"; + type = types.bool; + default = false; + }; + + }; + + config = mkIf (cfg.enable) { + home.packages = with pkgs; [ + ]; + programs.ssh = { + enable = true; + }; + }; +}