diff --git a/flake.lock b/flake.lock index debc4e6..7e42d1f 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1701697399, - "narHash": "sha256-zJGl5joStnzkTWwFfT0EIXu55rgIee3OfgPvhQu+LCo=", + "lastModified": 1701943344, + "narHash": "sha256-CNZG1dJCBeFpv99jXv2lhFbDnHoW4X36uQZkq9oddGI=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "dd9a3fb2d1b5dbf002b2879bcfc78d5f09dec562", + "rev": "76101810b33c875a90f0a002edfc6a0744529a5c", "type": "github" }, "original": { @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1700927249, - "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=", + "lastModified": 1701905325, + "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=", "owner": "nix-community", "repo": "disko", - "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22", + "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe", "type": "github" }, "original": { @@ -175,12 +175,12 @@ ] }, "locked": { - "lastModified": 1701609479, - "narHash": "sha256-mcEnMz7XB3K57ZX16VXoEkswljSNGXdMuUu5+g8a8R8=", - "rev": "e504e8d01f950776c3a3160ba38c5957a1b89e66", - "revCount": 3152, + "lastModified": 1701728041, + "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=", + "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf", + "revCount": 3154, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/nix-community/home-manager/0.1.3152%2Brev-e504e8d01f950776c3a3160ba38c5957a1b89e66/018c300f-f44e-7449-9e8d-6080a6ca42e2/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/nix-community/home-manager/0.1.3154%2Brev-ac7216918cd65f3824ba7817dea8f22e61221eaf/018c36ef-b711-7d13-9b93-76b97d62673a/source.tar.gz" }, "original": { "type": "tarball", @@ -272,11 +272,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1701718080, + "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", "type": "github" }, "original": { @@ -288,12 +288,12 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701253981, - "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", - "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", - "revCount": 554114, + "lastModified": 1701718080, + "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", + "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", + "revCount": 556224, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.554114%2Brev-e92039b55bcd58469325ded85d4f58dd5a4eaf58/018c246f-3485-7920-b58c-92909d475b54/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.556224%2Brev-2c7f3c0fb7c08a0814627611d9d7d45ab6d75335/018c4130-1dfe-7107-b79c-75c69c756ef4/source.tar.gz" }, "original": { "type": "tarball", @@ -318,11 +318,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1701626906, - "narHash": "sha256-ugr1QyzzwNk505ICE4VMQzonHQ9QS5W33xF2FXzFQ00=", + "lastModified": 1701693815, + "narHash": "sha256-7BkrXykVWfkn6+c1EhFA3ko4MLi3gVG0p9G96PNnKTM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0c6d8c783336a59f4c59d4a6daed6ab269c4b361", + "rev": "09ec6a0881e1a36c29d67497693a67a16f4da573", "type": "github" }, "original": { @@ -350,11 +350,11 @@ }, "nur": { "locked": { - "lastModified": 1701714282, - "narHash": "sha256-zyKTUmKWi7Cp8z+zizQ2+MNvEti5CFF/RPd8sCz+Q8M=", + "lastModified": 1701943932, + "narHash": "sha256-NzgrKKsqPlrkfDIIVFa8jcdXsEVevg2MJIXGxq0ksdE=", "owner": "nix-community", "repo": "NUR", - "rev": "39a4843b4eda2835c8c39b0d0eff9ffacba41bc6", + "rev": "97d7d67e7b65802bd40dabd12fd98c21578af64b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6ac78bb..d38d83b 100644 --- a/flake.nix +++ b/flake.nix @@ -147,6 +147,19 @@ ] ++ osModules; }; + nixos-docker = nixpkgs.lib.nixosSystem { + modules = + [ + ./systems/nixos-docker + { + nixpkgs.pkgs = pkgs; + nix.registry.nixpkgs.flake = nixpkgs; + home-manager.sharedModules = hmModules; + home-manager.extraSpecialArgs = args; + } + ] + ++ osModules; + }; }; }; } diff --git a/os-mods/common/default.nix b/os-mods/common/default.nix index 71132aa..5147d8c 100644 --- a/os-mods/common/default.nix +++ b/os-mods/common/default.nix @@ -63,7 +63,7 @@ ]; fileSystems."/etc/nixos" = { - device = "/home/tristand/nix"; + device = lib.mkDefault "/home/tristand/nix"; fsType = "none"; options = [ "bind" ]; }; @@ -89,6 +89,7 @@ enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; + settings.PubKeyAuthentication = true; }; gvfs.enable = true; diff --git a/systems/nixos-docker/default.nix b/systems/nixos-docker/default.nix new file mode 100644 index 0000000..94511d6 --- /dev/null +++ b/systems/nixos-docker/default.nix @@ -0,0 +1,171 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ../../os-mods/common + ../../os-mods/cachix + ../../os-mods/network + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = true; + + networking.hostName = "nixos"; + + # Enable networking + networking.networkmanager.enable = true; + + fileSystems."/etc/nixos" = { + device = lib.mkForce "/home/reopen5194/nix"; + fsType = "none"; + options = [ "bind" ]; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + security.sudo.wheelNeedsPassword = false; + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.suspend" || + action.id == "org.freedesktop.login1.suspend-multiple-sessions" || + action.id == "org.freedesktop.login1.hibernate" || + action.id == "org.freedesktop.login1.hibernate-multiple-sessions") + { + return polkit.Result.NO; + } + }); + ''; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + wireplumber.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.reopen5194 = { + isNormalUser = true; + description = "reopen5194"; + extraGroups = [ "docker" "networkmanager" "wheel" ]; + packages = with pkgs; [ + firefox + kate + emacs + # thunderbird + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + ]; + }; + + # Enable automatic login for the user. + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "reopen5194"; + + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim + vim + curl + fish + netmaker + # wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + + + # QemuGuest + services.qemuGuest.enable = true; + + # Virtualization + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + services.netdata = { + enable = true; + + config = { + global = { + # uncomment to reduce memory to 32 MB + #"page cache size" = 32; + + # update interval + "update every" = 15; + }; + db = { + "update every" = 5; + "storage tiers" = 3; + "dbengine multihost disk space MB" = 1024; + "dbengine tier 1 multihost disk space MB" = 1024; + "dbengine tier 2 multihost disk space MB" = 512; + "cleanup obsolete charts after secs" = 600; + }; + ml = { + # enable machine learning + "enabled" = "yes"; + }; + }; + + configDir = { + "stream.conf" = pkgs.writeText "stream.conf" '' + [8fcb63b3-8361-4339-a010-fc459c2132b0] + enabled = yes + default history = 36000 + default memory mode = dbengine + health enabled by default = auto + allow from = 192.* + ''; + }; + }; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/systems/nixos-docker/hardware-configuration.nix b/systems/nixos-docker/hardware-configuration.nix new file mode 100644 index 0000000..786bb55 --- /dev/null +++ b/systems/nixos-docker/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/systems/nixos-pulse/default.nix b/systems/nixos-pulse/default.nix index f293d75..33dc816 100644 --- a/systems/nixos-pulse/default.nix +++ b/systems/nixos-pulse/default.nix @@ -73,6 +73,8 @@ 192.168.0.190 vpn.oekonzept.de 192.168.0.180 vewasmb.oekonzept.de 192.168.0.91 puppet.oekonzept.de + 192.168.0.245 nixos-docker.oekonzept.de + 192.168.0.245 cloud.oekonzept.net ''; useDHCP = lib.mkDefault true; interfaces = {