diff --git a/flake.nix b/flake.nix index d38d83b..25b9821 100644 --- a/flake.nix +++ b/flake.nix @@ -147,10 +147,10 @@ ] ++ osModules; }; - nixos-docker = nixpkgs.lib.nixosSystem { + nixos-karl-kvm-guest = nixpkgs.lib.nixosSystem { modules = [ - ./systems/nixos-docker + ./systems/nixos-karl-kvm-guest { nixpkgs.pkgs = pkgs; nix.registry.nixpkgs.flake = nixpkgs; diff --git a/os-mods/cachix/default.nix b/os-mods/cachix/default.nix index 9795187..1d3650f 100644 --- a/os-mods/cachix/default.nix +++ b/os-mods/cachix/default.nix @@ -11,6 +11,8 @@ let in { inherit imports; - nix.settings.substituters = [ "https://cache.nixos.org/" ]; - nix.settings.trusted-users = [ "root" "tristand" ]; + nix.settings = { + substituters = [ "https://cache.nixos.org/" ]; + trusted-users = [ "root" "tristand" ]; + }; } diff --git a/os-mods/common/default.nix b/os-mods/common/default.nix index 938db87..9b24693 100644 --- a/os-mods/common/default.nix +++ b/os-mods/common/default.nix @@ -88,9 +88,11 @@ openssh = { enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - settings.PubKeyAuthentication = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PubKeyAuthentication = true; + }; }; gvfs.enable = true; diff --git a/os-mods/network/default.nix b/os-mods/network/default.nix index 8007033..77c524f 100644 --- a/os-mods/network/default.nix +++ b/os-mods/network/default.nix @@ -3,16 +3,19 @@ , pkgs , ... }: { - networking.networkmanager.enable = true; - networking.nameservers = [ - "23.88.68.113#dns.vlt81.de" - "2a01:4f8:272:5917::baad:c0de#dns.vlt81.de" - "45.90.28.0#921984.dns.nextdns.io" - "45.90.30.0#921984.dns.nextdns.io" - "2a07:a8c0::#921984.dns.nextdns.io" - "2a07:a8c1::#921984.dns.nextdns.io" - # "100.64.0.8#dns.vlt81.de" - ]; + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + nameservers = [ + "23.88.68.113#dns.vlt81.de" + "2a01:4f8:272:5917::baad:c0de#dns.vlt81.de" + "45.90.28.0#921984.dns.nextdns.io" + "45.90.30.0#921984.dns.nextdns.io" + "2a07:a8c0::#921984.dns.nextdns.io" + "2a07:a8c1::#921984.dns.nextdns.io" + # "100.64.0.8#dns.vlt81.de" + ]; + }; services = { resolved = { diff --git a/systems/nixos-docker/default.nix b/systems/nixos-docker/default.nix deleted file mode 100644 index 94ff14b..0000000 --- a/systems/nixos-docker/default.nix +++ /dev/null @@ -1,188 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - imports = [ - # Include the results of the hardware scan. - ../../os-mods/common - ../../os-mods/cachix - ../../os-mods/network - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.useOSProber = true; - - networking.hostName = "nixos"; - - # Enable networking - networking.networkmanager.enable = true; - - fileSystems."/etc/nixos" = { - device = lib.mkForce "/home/reopen5194/nix"; - fsType = "none"; - options = [ "bind" ]; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - security.sudo.wheelNeedsPassword = false; - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.login1.suspend" || - action.id == "org.freedesktop.login1.suspend-multiple-sessions" || - action.id == "org.freedesktop.login1.hibernate" || - action.id == "org.freedesktop.login1.hibernate-multiple-sessions") - { - return polkit.Result.NO; - } - }); - ''; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - - wireplumber.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.reopen5194 = { - isNormalUser = true; - description = "reopen5194"; - extraGroups = [ "docker" "networkmanager" "wheel" ]; - packages = with pkgs; [ - firefox - kate - emacs - # thunderbird - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" - ]; - }; - - # Enable automatic login for the user. - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "reopen5194"; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - neovim - vim - curl - fish - netmaker - # wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - - # QemuGuest - services.qemuGuest.enable = true; - - # Virtualization - virtualisation.docker = { - enable = true; - # rootless = { - # enable = true; - # setSocketVariable = true; - # }; - daemon.settings = { - # fixed-cidr-v6 = "fd00::/80"; - # ipv6 = true; - dns = [ "9.9.9.9" "149.112.112.112" ]; - }; - }; - # allow to bind to priv ports - # boot.kernel.sysctl = { - # "net.ipv4.ip_unprivileged_port_start" = 79; - # }; - - networking.firewall.allowedTCPPortRanges = [ - { - from = 19999; - to = 19999; - } # netdata - ]; - - services.netdata = { - enable = true; - - config = { - global = { - # uncomment to reduce memory to 32 MB - #"page cache size" = 32; - - # update interval - "update every" = 15; - }; - db = { - "update every" = 5; - "storage tiers" = 3; - "dbengine multihost disk space MB" = 1024; - "dbengine tier 1 multihost disk space MB" = 1024; - "dbengine tier 2 multihost disk space MB" = 512; - "cleanup obsolete charts after secs" = 600; - }; - ml = { - # enable machine learning - "enabled" = "yes"; - }; - }; - - configDir = { - "stream.conf" = pkgs.writeText "stream.conf" '' - [8fcb63b3-8361-4339-a010-fc459c2132b0] - enabled = yes - default history = 36000 - default memory mode = dbengine - health enabled by default = auto - allow from = 192.* - ''; - }; - }; - - zramSwap.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/systems/nixos-docker/hardware-configuration.nix b/systems/nixos-docker/hardware-configuration.nix deleted file mode 100644 index 2d9f8fb..0000000 --- a/systems/nixos-docker/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens19.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/systems/nixos-karl-kvm-guest/default.nix b/systems/nixos-karl-kvm-guest/default.nix new file mode 100644 index 0000000..1198db7 --- /dev/null +++ b/systems/nixos-karl-kvm-guest/default.nix @@ -0,0 +1,194 @@ +{ config +, pkgs +, modulesPath +, lib +, ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ../../os-mods/common + ../../os-mods/cachix + ../../os-mods/network + ]; + + # Bootloader. + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + initrd = { + availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + zramSwap.enable = true; + + networking.hostName = "nixos-karl-kvm-guest"; + + fileSystems."/etc/nixos" = { + device = lib.mkForce "/home/reopen5194/nix"; + fsType = "none"; + options = [ "bind" ]; + }; + + sound.enable = true; + + security = { + rtkit.enable = true; + sudo.wheelNeedsPassword = false; + polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.suspend" || + action.id == "org.freedesktop.login1.suspend-multiple-sessions" || + action.id == "org.freedesktop.login1.hibernate" || + action.id == "org.freedesktop.login1.hibernate-multiple-sessions") + { + return polkit.Result.NO; + } + }); + ''; + }; + + services = { + xserver = { + enable = true; + + displayManager = { + sddm.enable = true; + autoLogin = { + enable = true; + user = "reopen5194"; + }; + }; + desktopManager.plasma5.enable = true; + + # Configure keymap in X11 + layout = "us"; + xkbVariant = ""; + }; + + printing.enable = true; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + wireplumber.enable = true; + }; + # QemuGuest + qemuGuest.enable = true; + + netdata = { + enable = true; + + config = { + global = { + # uncomment to reduce memory to 32 MB + #"page cache size" = 32; + + # update interval + "update every" = 15; + }; + db = { + "update every" = 5; + "storage tiers" = 3; + "dbengine multihost disk space MB" = 1024; + "dbengine tier 1 multihost disk space MB" = 1024; + "dbengine tier 2 multihost disk space MB" = 512; + "cleanup obsolete charts after secs" = 600; + }; + ml = { + # enable machine learning + "enabled" = "yes"; + }; + }; + + configDir = { + "stream.conf" = pkgs.writeText "stream.conf" '' + [8fcb63b3-8361-4339-a010-fc459c2132b0] + enabled = yes + default history = 36000 + default memory mode = dbengine + health enabled by default = auto + allow from = 192.* + ''; + }; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.reopen5194 = { + isNormalUser = true; + description = "reopen5194"; + extraGroups = [ "docker" "networkmanager" "wheel" ]; + packages = with pkgs; [ + firefox + kate + emacs + # thunderbird + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim + vim + curl + fish + netmaker + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + # Virtualization + virtualisation.docker = { + enable = true; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + daemon.settings = { + # fixed-cidr-v6 = "fd00::/80"; + # ipv6 = true; + dns = [ "9.9.9.9" "149.112.112.112" ]; + }; + }; + # allow to bind to priv ports + # boot.kernel.sysctl = { + # "net.ipv4.ip_unprivileged_port_start" = 79; + # }; + + networking.firewall.allowedTCPPortRanges = [ + { + from = 19999; + to = 19999; + } # netdata + ]; + + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/systems/nixos-pulse/default.nix b/systems/nixos-pulse/default.nix index 33dc816..f54b149 100644 --- a/systems/nixos-pulse/default.nix +++ b/systems/nixos-pulse/default.nix @@ -73,8 +73,8 @@ 192.168.0.190 vpn.oekonzept.de 192.168.0.180 vewasmb.oekonzept.de 192.168.0.91 puppet.oekonzept.de - 192.168.0.245 nixos-docker.oekonzept.de 192.168.0.245 cloud.oekonzept.net + 192.168.0.245 nixos-karl-kvm-guest.oekonzept.de ''; useDHCP = lib.mkDefault true; interfaces = { diff --git a/users/tester.nix b/users/tester.nix index 063239f..1d7ceb1 100644 --- a/users/tester.nix +++ b/users/tester.nix @@ -16,6 +16,7 @@ config.home = { username = "tester"; + stateVersion = "23.05"; }; }