From d1facb3be7969f5bf6364be52a7c75e87b9939d6 Mon Sep 17 00:00:00 2001 From: Nathan Anderson Date: Sun, 17 Mar 2024 22:13:28 -0600 Subject: [PATCH] added shared server config file and modules --- flake.nix | 18 +++-- luci/default.nix | 31 ++++++++ luci/modules/home-manager/home.nix | 0 luci/{ => nixos}/hardware-configuration.nix | 6 ++ nate/modules/home-manager/home.nix | 11 +-- nate/nixos/hardware-configuration.nix | 6 ++ shared/modules/apps/firefox/firefox.nix | 80 +++++++++++++++++++++ shared/modules/user/main_user.nix | 53 ++++++++++++++ shared/nix-gc.nix | 28 ++++++++ shared/server-configuration.nix | 77 ++++++++++++++++++++ 10 files changed, 300 insertions(+), 10 deletions(-) create mode 100644 luci/default.nix create mode 100644 luci/modules/home-manager/home.nix rename luci/{ => nixos}/hardware-configuration.nix (93%) create mode 100644 shared/modules/apps/firefox/firefox.nix create mode 100644 shared/modules/user/main_user.nix create mode 100644 shared/nix-gc.nix create mode 100644 shared/server-configuration.nix diff --git a/flake.nix b/flake.nix index 6efe698..7e84519 100644 --- a/flake.nix +++ b/flake.nix @@ -21,12 +21,20 @@ in { nixosConfigurations = { - nixServer = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; + luci = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs timeZone system; + }; modules = [ - # nixpkgs.overlays = [ nur.overlay ]; - ./nixos/server_configuration.nix - inputs.home-manager.nixosModules.default + inputs.home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.luci = import ./luci/modules/home-manager/home.nix; + home-manager.extraSpecialArgs = { + inherit inputs outputs; + }; + } + ./luci/default.nix ]; }; nate = nixpkgs.lib.nixosSystem { diff --git a/luci/default.nix b/luci/default.nix new file mode 100644 index 0000000..1a5dd1d --- /dev/null +++ b/luci/default.nix @@ -0,0 +1,31 @@ +{ ... }: + let + userName = "luci"; + email = "luci@fosscat.com"; + hostName = "luci"; + in +{ + imports = [ + ./nixos/hardware-configuration.nix + ../shared/nix-gc.nix + ../shared/server-configuration.nix + ]; + + srvConfig = { + userName = userName; + hostName = hostName; + hostId = "09e1d908"; + email = email; + sshEnable = true; + nfsEnable = true; + }; + + # deskCfg = { + # userName = userName; + # hostName = hostName; + # de = desktop; + # installGaming = gaming; + # }; + + nixGc.enable = true; +} diff --git a/luci/modules/home-manager/home.nix b/luci/modules/home-manager/home.nix new file mode 100644 index 0000000..e69de29 diff --git a/luci/hardware-configuration.nix b/luci/nixos/hardware-configuration.nix similarity index 93% rename from luci/hardware-configuration.nix rename to luci/nixos/hardware-configuration.nix index 16da0fd..cd89ede 100644 --- a/luci/hardware-configuration.nix +++ b/luci/nixos/hardware-configuration.nix @@ -38,6 +38,12 @@ fsType = "zfs"; }; + # Bind mount for nfs export + fileSystems."/nfs_export" = { + device = "zdata/zdata/nfs"; + options = [ "bind" ]; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/nate/modules/home-manager/home.nix b/nate/modules/home-manager/home.nix index e52589b..947620d 100644 --- a/nate/modules/home-manager/home.nix +++ b/nate/modules/home-manager/home.nix @@ -36,7 +36,8 @@ # dbeaver cargo - kakoune + helix + # kakoune # flutter316 docker docker-compose @@ -45,8 +46,7 @@ nodejs_21 zig ### LSP's - kak-lsp - rnix-lsp # Nix LSP + nil # Nix LSP openscad-lsp nodePackages.typescript-language-server vscode-langservers-extracted # provides eslint, markdown, json, css, and html lsp @@ -146,7 +146,7 @@ # /etc/profiles/per-user/nate/etc/profile.d/hm-session-vars.sh # home.sessionVariables = { - EDITOR = "kak"; + EDITOR = "hx"; XDG_CURRENT_DESKTOP="sway"; }; @@ -190,13 +190,14 @@ ` cd $DIR } - alias p="fzf_projects source/" + alias p="fzf_projects ~/source/" alias ls="lsd" alias l="lsd --almost-all --long" alias llm="lsd --timesort --long" alias lS="lsd --oneline --classic" alias lt="lsd --tree --depth=2" + alias grep="rg" ''; }; diff --git a/nate/nixos/hardware-configuration.nix b/nate/nixos/hardware-configuration.nix index 29201f6..d99eb3c 100644 --- a/nate/nixos/hardware-configuration.nix +++ b/nate/nixos/hardware-configuration.nix @@ -28,6 +28,12 @@ fsType = "ext4"; }; + fileSystems."/home/nate/nfs" = { + device = "192.168.1.169:/nfs_export"; + fsType = "nfs"; + options = [ "nfsvers=4.2" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; # lazy mounting and auto disconnect after 600 seconds + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/shared/modules/apps/firefox/firefox.nix b/shared/modules/apps/firefox/firefox.nix new file mode 100644 index 0000000..09775a7 --- /dev/null +++ b/shared/modules/apps/firefox/firefox.nix @@ -0,0 +1,80 @@ +{lib, config, pkgs, inputs, ...}: +let + cfg = config.firefoxApp; +in +{ + # imports = [ + # inputs.nur.hmModules.nur + # ]; + + options.firefoxApp = { + enable = lib.mkEnableOption "enable firefox browser"; + }; + config = lib.mkIf cfg.enable { + programs.firefox = { + # Add pipewire support + package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {}); + enable = true; + profiles = { + default = { + id = 0; + name = "default"; + isDefault = true; + extensions = with pkgs; [ + nur.repos.rycee.firefox-addons.darkreader + nur.repos.rycee.firefox-addons.keepassxc-browser + nur.repos.crazazy.firefox-addons.ublock-origin + ]; + search = { + # Replace default firefox search engine config with this one + force = true; + default = "Startpage"; + engines = { + "Startpage" = { + urls = [{ + template = "https://www.startpage.com/sp/search?query={searchTerms}"; + }]; + }; + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + }; + }; + settings = { + "browser.startup.blankWindow" = true; + "browser.startup.homepage" = "https://www.startpage.com/do/mypage.pl?prfe=11898a1adf7b7dfb587580692f358773a11ca25e993b8e077476641cec033319e15f2449c345f5be919fd0a082015c3e4ed23143bd4337512466c04c2999831a54abca2eaeb42963c63ff064"; + "browser.newtabpage.enabled" = false; + "browser.search.region" = "US"; + "browser.search.isUS" = true; + "distribution.searchplugins.defaultLocale" = "en-US"; + "general.useragent.locale" = "en-US"; + "extensions.activeThemeID" = "{831b8843-7251-4306-9521-e688f18b4aeb}"; + "privacy.trackingprotection.enable" = true; + "privacy.trackingprotection.emailtracking.enable" = true; + "privacy.trackingprotection.socialtracking.enable" = true; + "privacy.clearOnShutdown.cookies" = true; + "browser.safebrowsing.passwords.enabled" = false; + "browser.migrate.interactions.passwords" = false; + "pref.privacy.disable_button.view_passwords" = false; + "signon.rememberSignon" = false; + "extensions.formautofill.creditCards.enabled" = false; + "extensions.formautofill.addresses.enabled" = false; + "browser.toolbars.bookmarks.visibility" = "always"; + # "browser.newtabpage.pinned" = [{ + # title = "NixOS"; + # url = "https://nixos.org"; + # }]; + }; + }; + }; + }; + }; +} diff --git a/shared/modules/user/main_user.nix b/shared/modules/user/main_user.nix new file mode 100644 index 0000000..830f8c2 --- /dev/null +++ b/shared/modules/user/main_user.nix @@ -0,0 +1,53 @@ +{ lib, config, pkgs, ... }: + +let + cfg = config.main_user; +in +{ + options.main_user = { + enable = lib.mkEnableOption "enable user module"; + + isDesktopUser = lib.mkOption { + default = false; + example = true; + description = "Add additional user groups for desktop users"; + }; + + userName = lib.mkOption { + default = "mainuser"; + description = "username"; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.${cfg.userName} = lib.mkMerge [ + { + isNormalUser = true; + initialPassword = "password"; + + description = "main user"; + shell = pkgs.zsh; + } + + (lib.mkIf (!cfg.isDesktopUser) { + extraGroups = [ + "wheel" + "networkmanager" + cfg.userName + ]; + }) + (lib.mkIf cfg.isDesktopUser { + extraGroups = [ + "wheel" + "networkmanager" + "corectrl" + cfg.userName + "video" + "audio" + # For android + "adbusers" + ]; + }) + ]; + }; +} diff --git a/shared/nix-gc.nix b/shared/nix-gc.nix new file mode 100644 index 0000000..7e22d15 --- /dev/null +++ b/shared/nix-gc.nix @@ -0,0 +1,28 @@ +{lib, pkgs, config, ...}: +let + cfg = config.nixGc; +in +{ + options.nixGc = { + enable = lib.mkEnableOption "enable nix gc default settings"; + }; + + config = lib.mkIf cfg.enable { + # Limit the number of generations to keep + boot.loader.systemd-boot.configurationLimit = 5; + + # Perform garbage collection weekly to maintain low disk usage + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; + + # Optimize storage + # You can also manually optimize the store via: + # nix-store --optimise + # Refer to the following link for more details: + # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store + nix.settings.auto-optimise-store = true; + }; +} diff --git a/shared/server-configuration.nix b/shared/server-configuration.nix new file mode 100644 index 0000000..5c34012 --- /dev/null +++ b/shared/server-configuration.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, timeZone, ... }: +let + srvConfig = config.serverConfig; +in +{ + options.srvConfig = { + userName = lib.mkOption { + type = lib.types.str; + description = "Main username for system"; + }; + hostName = lib.mkOption { + type = lib.types.str; + description = "Hostname for system"; + }; + hostId = lib.mkOption { + type = lib.types.str; + description = "Host ID"; + }; + email = lib.mkOption { + type = lib.types.str; + description = "Email for server box"; + }; + sshEnable = lib.mkOption { + default = false; + description = "Whether to enable ssh server"; + }; + nfsEnable = lib.mkOption { + default = false; + }; + }; + + imports = [ + ./modules/user/main_user.nix + ]; + + # Enable flakes feature + nix.settings.experimental-features = [ + "nix-command" "flakes" + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking = { + hostId = srvConfig.hostId; + hostName = srvConfig.hostName; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networkmanager.enable = true; # Easiest to use and most distros use this by default. + }; + + time.timeZone = timeZone; + + main_user = { + enable = true; + userName = srvConfig.userName; + isDesktopUser = false; + }; + + services.openssh = lib.mkIf srvConfig.sshEnable { + enable = true; + }; + + services.nfs.server = lib.mkIf srvConfig.nfsEnable { + enable = true; + exports = '' + /nfs_export 1192.168.1.149(rw,fsid=0,no_subtree_check) + ''; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "23.11"; # Did you read the comment? +}