commit 82916ad7183105037c43c2f291a050b24fd86f2a Author: Geir Okkenhaug Jerstad Date: Mon May 20 12:24:36 2024 +0200 initial commit here we are diff --git a/README b/README new file mode 100644 index 0000000..e69de29 diff --git a/appserver/aliases.nix b/appserver/aliases.nix new file mode 100644 index 0000000..b619bda --- /dev/null +++ b/appserver/aliases.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + tldr + eza + bat + ripgrep + ]; + environment.shellAliases = { + vi = "nvim"; + vim = "nvim"; + h = "tldr"; + # oxidized + ls = "eza -l"; + cat = "bat"; + grep = "rg"; + top = "btm --color gruvbox"; + # some tools + }; +} diff --git a/appserver/audiobook.nix b/appserver/audiobook.nix new file mode 100644 index 0000000..5db587f --- /dev/null +++ b/appserver/audiobook.nix @@ -0,0 +1,33 @@ +{ configs, pkgs, ... }: +let + audioBookShelfPort = 8000; +in +{ + environment.systemPackages = [ + pkgs.audiobookshelf + ]; + systemd.services = { + audiobookshelf = { + description = "Audiobookshelf"; + wantedBy = ["multi-user.target"]; + restartIfChanged = true; + environment = { + PORT = builtins.toString audioBookShelfPort; + HOST = "0.0.0.0"; + }; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "5"; + ExecStart = '' + ${pkgs.audiobookshelf}/bin/audiobookshelf + ''; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ audioBookShelfPort ]; + #services.audiobookshelf.enable = true; + #services.audiobookshelf.host = 0.0.0.0 ; + #services.audiobookshelf.port = 8000; + #services.audiobookshelf.openFirewall = true; +} diff --git a/appserver/calibre-web.nix b/appserver/calibre-web.nix new file mode 100644 index 0000000..be7d819 --- /dev/null +++ b/appserver/calibre-web.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: +{ + services.calibre-web = { + enable = true; + #group = "media"; + listen = { + ip = "0.0.0.0"; + port = 8083; + }; + options = { + calibreLibrary = "/mnt/remote/media/books/calibre/"; + enableBookUploading = true; + }; + }; + networking.firewall.allowedTCPPorts = [ 8083 ]; +} diff --git a/appserver/configuration-server1.nix b/appserver/configuration-server1.nix new file mode 100644 index 0000000..75292f8 --- /dev/null +++ b/appserver/configuration-server1.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./starship.nix + ./podman.nix + ./libvirt.nix + ./wg.nix + ./jellfin.nix + ]; + + # Swap zram + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.efiSysMountPoint = "/boot/"; + boot.loader.grub.device = "nodev"; + + # Disks and Updates + services.fstrim.enable = true; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + # Networking + networking.hostName = "server1"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "libvirt" "podman" ]; + packages = with pkgs; [ + bottom + ]; + }; + + environment.systemPackages = with pkgs; [ + neovim emacs nano curl htop glances neofetch + wget git wireguard-tools + ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.settings.PasswordAuthentication = false; + + # Enable Netdata + services.netdata.enable = true; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 19999 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + system.stateVersion = "23.05"; + +} diff --git a/appserver/configuration.nix b/appserver/configuration.nix new file mode 100644 index 0000000..6d511cb --- /dev/null +++ b/appserver/configuration.nix @@ -0,0 +1,96 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./starship.nix + ./aliases.nix + ./podman.nix + ./libvirt.nix + ./incus.nix + ./jellyfin.nix + ./tailscale.nix + ./calibre-web.nix + ./audiobook.nix + ./ollama.nix + #./soft-serve.nix + ]; + + # Swap zram + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.efiSysMountPoint = "/boot/"; + boot.loader.grub.device = "nodev"; + + # Disks and Updates + services.fstrim.enable = true; + + # Mount remote filesystem + fileSystems."/mnt/remote/media" = { + device = "10.0.0.8:/mnt/storage/media"; + fsType = "nfs"; + }; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + # Networking + networking.hostName = "server1"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" + "networkmanager" + "libvirt" + "podman" + "ollama" + "writefreely" + ]; + packages = with pkgs; [ + bottom + ]; + }; + + environment.systemPackages = with pkgs; [ + neovim emacs nano curl htop glances kitty + wget git inxi nethogs fastfetch + ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.settings.PasswordAuthentication = true; + + + # Enable Netdata + services.netdata.enable = true; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 19999 23231]; + networking.firewall.allowedUDPPorts = [ 22 23231 ]; + system.stateVersion = "23.05"; + +} diff --git a/appserver/configuration.nix.bak b/appserver/configuration.nix.bak new file mode 100644 index 0000000..b5fad9b --- /dev/null +++ b/appserver/configuration.nix.bak @@ -0,0 +1,118 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "server1"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.geir = { + isNormalUser = true; + initialPassword = "goj290873"; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + neovim + tree + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/appserver/hardware-configuration.nix b/appserver/hardware-configuration.nix new file mode 100644 index 0000000..da515cb --- /dev/null +++ b/appserver/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b101efbd-a6b3-494d-9c21-21187540dc8d"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E251-F60A"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp8s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/appserver/incus.nix b/appserver/incus.nix new file mode 100644 index 0000000..5eaaa6d --- /dev/null +++ b/appserver/incus.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: +{ + virtualisation.incus.enable = true; + + environment.systemPackages = with pkgs; [ + incus + lxc + ]; +} diff --git a/appserver/jellyfin.nix b/appserver/jellyfin.nix new file mode 100644 index 0000000..79489a4 --- /dev/null +++ b/appserver/jellyfin.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: +{ + services.jellyfin.enable = true; + networking.firewall.allowedTCPPorts = [ 8096 8920 ]; + networking.firewall.allowedUDPPorts = [ 1900 7359 ]; +} diff --git a/appserver/libvirt.nix b/appserver/libvirt.nix new file mode 100644 index 0000000..b2935e8 --- /dev/null +++ b/appserver/libvirt.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + virtualisation.libvirtd.enable = true; + environment.systemPackages = with pkgs; [ + qemu_kvm + libvirt + ]; +} diff --git a/appserver/nextcloud.nix b/appserver/nextcloud.nix new file mode 100644 index 0000000..8d1feb9 --- /dev/null +++ b/appserver/nextcloud.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +{ + # Nextcloud Config + environment.etc."nextcloud-admin-pass".text = "siKKerhet666"; + services.nextcloud = { + enable = true; + hostName = "server1.tail807ea.ts.net"; + + # Ssl Let'encrypt + #hostName = "cloud.geokkjer.eu"; + #https = true; + + # Auto-update Nextcloud Apps + autoUpdateApps.enable = true; + # Set what time makes sense for you + autoUpdateApps.startAt = "05:00:00"; + # enable redis cache + configureRedis = true; + # Create db locally , maybe not needed with sqlite + database.createLocally = true; + # Config options + config = { + dbtype = "sqlite"; + adminpassFile = "/etc/nextcloud-admin-pass"; + trustedProxies = [ "46.226.104.98" "100.75.29.52" ]; + extraTrustedDomains = [ "localhost" "*.cloudflare.net" "*.tail807ea.ts.net" "46.226.104.98" "*.geokkjer.eu" ]; + }; + }; +} diff --git a/appserver/ollama.nix b/appserver/ollama.nix new file mode 100644 index 0000000..8b5f951 --- /dev/null +++ b/appserver/ollama.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + ollama + ]; + systemd.services = { + ollama = { + description = "Server for local large language models"; + after = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + environment = { + HOME = "%S/ollama"; + OLLAMA_HOST = "0.0.0.0"; + OLLAMA_MODELS = "%S/ollama/models"; + }; + serviceConfig = { + Type = "simple"; + User = "ollama"; + Group = "ollama"; + Restart = "always"; + RestartSec = "3"; + WorkingDirectory = "/var/lib/ollama"; + StateDirectory = [ "ollama" ]; + DynamicUser = true; + ExecStart = "${pkgs.ollama}/bin/ollama serve"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 11434 ]; +} diff --git a/appserver/podman.nix b/appserver/podman.nix new file mode 100644 index 0000000..44f2f43 --- /dev/null +++ b/appserver/podman.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + virtualisation.podman.dockerSocket.enable = true; + + #virtualisation.defaultNetwork.settings.dns_enabled = true; + environment.systemPackages = with pkgs; [ + podman-tui + podman-compose + ]; + + } diff --git a/appserver/server1/nixos/aliases.nix b/appserver/server1/nixos/aliases.nix new file mode 100644 index 0000000..b619bda --- /dev/null +++ b/appserver/server1/nixos/aliases.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + tldr + eza + bat + ripgrep + ]; + environment.shellAliases = { + vi = "nvim"; + vim = "nvim"; + h = "tldr"; + # oxidized + ls = "eza -l"; + cat = "bat"; + grep = "rg"; + top = "btm --color gruvbox"; + # some tools + }; +} diff --git a/appserver/server1/nixos/audiobook.nix b/appserver/server1/nixos/audiobook.nix new file mode 100644 index 0000000..5db587f --- /dev/null +++ b/appserver/server1/nixos/audiobook.nix @@ -0,0 +1,33 @@ +{ configs, pkgs, ... }: +let + audioBookShelfPort = 8000; +in +{ + environment.systemPackages = [ + pkgs.audiobookshelf + ]; + systemd.services = { + audiobookshelf = { + description = "Audiobookshelf"; + wantedBy = ["multi-user.target"]; + restartIfChanged = true; + environment = { + PORT = builtins.toString audioBookShelfPort; + HOST = "0.0.0.0"; + }; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "5"; + ExecStart = '' + ${pkgs.audiobookshelf}/bin/audiobookshelf + ''; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ audioBookShelfPort ]; + #services.audiobookshelf.enable = true; + #services.audiobookshelf.host = 0.0.0.0 ; + #services.audiobookshelf.port = 8000; + #services.audiobookshelf.openFirewall = true; +} diff --git a/appserver/server1/nixos/calibre-web.nix b/appserver/server1/nixos/calibre-web.nix new file mode 100644 index 0000000..be7d819 --- /dev/null +++ b/appserver/server1/nixos/calibre-web.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: +{ + services.calibre-web = { + enable = true; + #group = "media"; + listen = { + ip = "0.0.0.0"; + port = 8083; + }; + options = { + calibreLibrary = "/mnt/remote/media/books/calibre/"; + enableBookUploading = true; + }; + }; + networking.firewall.allowedTCPPorts = [ 8083 ]; +} diff --git a/appserver/server1/nixos/configuration-server1.nix b/appserver/server1/nixos/configuration-server1.nix new file mode 100644 index 0000000..75292f8 --- /dev/null +++ b/appserver/server1/nixos/configuration-server1.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./starship.nix + ./podman.nix + ./libvirt.nix + ./wg.nix + ./jellfin.nix + ]; + + # Swap zram + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.efiSysMountPoint = "/boot/"; + boot.loader.grub.device = "nodev"; + + # Disks and Updates + services.fstrim.enable = true; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + # Networking + networking.hostName = "server1"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "libvirt" "podman" ]; + packages = with pkgs; [ + bottom + ]; + }; + + environment.systemPackages = with pkgs; [ + neovim emacs nano curl htop glances neofetch + wget git wireguard-tools + ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.settings.PasswordAuthentication = false; + + # Enable Netdata + services.netdata.enable = true; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 19999 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + system.stateVersion = "23.05"; + +} diff --git a/appserver/server1/nixos/configuration.nix b/appserver/server1/nixos/configuration.nix new file mode 100644 index 0000000..ebe829f --- /dev/null +++ b/appserver/server1/nixos/configuration.nix @@ -0,0 +1,96 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./starship.nix + ./aliases.nix + ./podman.nix + ./libvirt.nix + ./incus.nix + ./jellyfin.nix + ./tailscale.nix + ./calibre-web.nix + ./audiobook.nix + ./ollama.nix + #./soft-serve.nix + ]; + + # Swap zram + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.efi.efiSysMountPoint = "/boot/"; + boot.loader.grub.device = "nodev"; + + # Disks and Updates + services.fstrim.enable = true; + + # Mount remote filesystem + fileSystems."/mnt/remote/media" = { + device = "10.0.0.8:/mnt/storage/media"; + fsType = "nfs"; + }; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + # Networking + networking.hostName = "server1"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" + "networkmanager" + "libvirt" + "podman" + "ollama" + "writefreely" + ]; + packages = with pkgs; [ + bottom + ]; + }; + + environment.systemPackages = with pkgs; [ + neovim emacs nano curl htop glances kitty + wget git inxi nethogs fastfetch + ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.settings.PasswordAuthentication = false; + + + # Enable Netdata + services.netdata.enable = true; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 19999 23231]; + networking.firewall.allowedUDPPorts = [ 22 23231 ]; + system.stateVersion = "23.05"; + +} diff --git a/appserver/server1/nixos/incus.nix b/appserver/server1/nixos/incus.nix new file mode 100644 index 0000000..5eaaa6d --- /dev/null +++ b/appserver/server1/nixos/incus.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: +{ + virtualisation.incus.enable = true; + + environment.systemPackages = with pkgs; [ + incus + lxc + ]; +} diff --git a/appserver/server1/nixos/jellyfin.nix b/appserver/server1/nixos/jellyfin.nix new file mode 100644 index 0000000..79489a4 --- /dev/null +++ b/appserver/server1/nixos/jellyfin.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: +{ + services.jellyfin.enable = true; + networking.firewall.allowedTCPPorts = [ 8096 8920 ]; + networking.firewall.allowedUDPPorts = [ 1900 7359 ]; +} diff --git a/appserver/server1/nixos/libvirt.nix b/appserver/server1/nixos/libvirt.nix new file mode 100644 index 0000000..b2935e8 --- /dev/null +++ b/appserver/server1/nixos/libvirt.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + virtualisation.libvirtd.enable = true; + environment.systemPackages = with pkgs; [ + qemu_kvm + libvirt + ]; +} diff --git a/appserver/server1/nixos/nextcloud.nix b/appserver/server1/nixos/nextcloud.nix new file mode 100644 index 0000000..8d1feb9 --- /dev/null +++ b/appserver/server1/nixos/nextcloud.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +{ + # Nextcloud Config + environment.etc."nextcloud-admin-pass".text = "siKKerhet666"; + services.nextcloud = { + enable = true; + hostName = "server1.tail807ea.ts.net"; + + # Ssl Let'encrypt + #hostName = "cloud.geokkjer.eu"; + #https = true; + + # Auto-update Nextcloud Apps + autoUpdateApps.enable = true; + # Set what time makes sense for you + autoUpdateApps.startAt = "05:00:00"; + # enable redis cache + configureRedis = true; + # Create db locally , maybe not needed with sqlite + database.createLocally = true; + # Config options + config = { + dbtype = "sqlite"; + adminpassFile = "/etc/nextcloud-admin-pass"; + trustedProxies = [ "46.226.104.98" "100.75.29.52" ]; + extraTrustedDomains = [ "localhost" "*.cloudflare.net" "*.tail807ea.ts.net" "46.226.104.98" "*.geokkjer.eu" ]; + }; + }; +} diff --git a/appserver/server1/nixos/ollama.nix b/appserver/server1/nixos/ollama.nix new file mode 100644 index 0000000..8b5f951 --- /dev/null +++ b/appserver/server1/nixos/ollama.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + ollama + ]; + systemd.services = { + ollama = { + description = "Server for local large language models"; + after = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + environment = { + HOME = "%S/ollama"; + OLLAMA_HOST = "0.0.0.0"; + OLLAMA_MODELS = "%S/ollama/models"; + }; + serviceConfig = { + Type = "simple"; + User = "ollama"; + Group = "ollama"; + Restart = "always"; + RestartSec = "3"; + WorkingDirectory = "/var/lib/ollama"; + StateDirectory = [ "ollama" ]; + DynamicUser = true; + ExecStart = "${pkgs.ollama}/bin/ollama serve"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 11434 ]; +} diff --git a/appserver/server1/nixos/podman.nix b/appserver/server1/nixos/podman.nix new file mode 100644 index 0000000..44f2f43 --- /dev/null +++ b/appserver/server1/nixos/podman.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + virtualisation.podman.dockerSocket.enable = true; + + #virtualisation.defaultNetwork.settings.dns_enabled = true; + environment.systemPackages = with pkgs; [ + podman-tui + podman-compose + ]; + + } diff --git a/appserver/server1/nixos/soft-serve.nix b/appserver/server1/nixos/soft-serve.nix new file mode 100644 index 0000000..1f555bb --- /dev/null +++ b/appserver/server1/nixos/soft-serve.nix @@ -0,0 +1,48 @@ +{ pkgs, configs, ... }: + { + services.soft-serve.enable = true; + services.soft-serve.settings = { + name = "geokkjer's repos"; + log_format = "text"; + ssh = { + listen_addr = "0.0.0.0:23231"; + public_url = "ssh://git.geokkjer.eu:23231"; + max_timeout = 30; + idle_timeout = 120; + }; + stats.listen_addr = ":23233"; + }; + } +#+end80808080 * Ollama + +#+begin_src nix :tangle ollama.nix + { config, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ollama + ]; + systemd.services = { + ollama = { + description = "Server for local large language models"; + after = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + environment = { + HOME = "%S/ollama"; + OLLAMA_HOST = "0.0.0.0"; + OLLAMA_MODELS = "%S/ollama/models"; + }; + serviceConfig = { + Type = "simple"; + User = "ollama"; + Group = "ollama"; + Restart = "always"; + RestartSec = "3"; + WorkingDirectory = "/var/lib/ollama"; + StateDirectory = [ "ollama" ]; + DynamicUser = true; + ExecStart = "${pkgs.ollama}/bin/ollama serve"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 11434 ]; + } diff --git a/appserver/server1/nixos/starship.nix b/appserver/server1/nixos/starship.nix new file mode 100644 index 0000000..d935427 --- /dev/null +++ b/appserver/server1/nixos/starship.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + starship + ]; +} diff --git a/appserver/server1/nixos/tailscale.nix b/appserver/server1/nixos/tailscale.nix new file mode 100644 index 0000000..e4942fd --- /dev/null +++ b/appserver/server1/nixos/tailscale.nix @@ -0,0 +1,18 @@ +{config, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tailscale + ]; + + services.tailscale.enable = true; + networking.firewall = { + # trace: warning: Strict reverse path filtering breaks Tailscale exit node + # use and some subnet routing setups. Consider setting + # `networking.firewall.checkReversePath` = 'loose' + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + }; + } +#+end80808080 * nginx + +#+begin_src nix diff --git a/appserver/server1/nixos/wg.nix b/appserver/server1/nixos/wg.nix new file mode 100644 index 0000000..b0d3741 --- /dev/null +++ b/appserver/server1/nixos/wg.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + { + networking.firewall.checkReversePath = "loose"; + networking.wg-quick.interfaces = { + wg0 = { + address = [ "192.168.100.3/24" ]; # "fdc9:281f:04d7:9ee9::2/64" + #dns = [ "192.168.100.1" "192.168.1.1" ]; # "fdc9:281f:04d7:9ee9::1" + privateKeyFile = "/root/wireguard-keys/private"; + peers = [ + { + publicKey = ""; + presharedKeyFile = "/root/wireguard-keys/preshared"; + allowedIPs = [ "192.168.100.1/24" ]; # "::/0" + endpoint = "46.226.104.98:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; + } diff --git a/appserver/server1/nixos/writefreely.nix b/appserver/server1/nixos/writefreely.nix new file mode 100644 index 0000000..9667411 --- /dev/null +++ b/appserver/server1/nixos/writefreely.nix @@ -0,0 +1,26 @@ +{ pkgs, configs, ... }: +{ + services.writefreely = { + enable = true; + admin.name = "geir@geokkjer.eu"; + host = "blog.geokkjer.eu"; + database = { + type = "sqlite3"; + #filename = "writefreely.db"; + #database = "writefreely"; + }; + nginx = { + # Enable Nginx and configure it to serve WriteFreely. + enable = true; + }; + settings = { + server = { + port = 8088; + bind = "0.0.0.0"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8088 ]; + networking.firewall.allowedUDPPorts = [ 8088 ]; +} diff --git a/appserver/soft-serve.nix b/appserver/soft-serve.nix new file mode 100644 index 0000000..1f555bb --- /dev/null +++ b/appserver/soft-serve.nix @@ -0,0 +1,48 @@ +{ pkgs, configs, ... }: + { + services.soft-serve.enable = true; + services.soft-serve.settings = { + name = "geokkjer's repos"; + log_format = "text"; + ssh = { + listen_addr = "0.0.0.0:23231"; + public_url = "ssh://git.geokkjer.eu:23231"; + max_timeout = 30; + idle_timeout = 120; + }; + stats.listen_addr = ":23233"; + }; + } +#+end80808080 * Ollama + +#+begin_src nix :tangle ollama.nix + { config, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ollama + ]; + systemd.services = { + ollama = { + description = "Server for local large language models"; + after = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + environment = { + HOME = "%S/ollama"; + OLLAMA_HOST = "0.0.0.0"; + OLLAMA_MODELS = "%S/ollama/models"; + }; + serviceConfig = { + Type = "simple"; + User = "ollama"; + Group = "ollama"; + Restart = "always"; + RestartSec = "3"; + WorkingDirectory = "/var/lib/ollama"; + StateDirectory = [ "ollama" ]; + DynamicUser = true; + ExecStart = "${pkgs.ollama}/bin/ollama serve"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 11434 ]; + } diff --git a/appserver/starship.nix b/appserver/starship.nix new file mode 100644 index 0000000..d935427 --- /dev/null +++ b/appserver/starship.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + starship + ]; +} diff --git a/appserver/tailscale.nix b/appserver/tailscale.nix new file mode 100644 index 0000000..e4942fd --- /dev/null +++ b/appserver/tailscale.nix @@ -0,0 +1,18 @@ +{config, pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tailscale + ]; + + services.tailscale.enable = true; + networking.firewall = { + # trace: warning: Strict reverse path filtering breaks Tailscale exit node + # use and some subnet routing setups. Consider setting + # `networking.firewall.checkReversePath` = 'loose' + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + }; + } +#+end80808080 * nginx + +#+begin_src nix diff --git a/appserver/wg.nix b/appserver/wg.nix new file mode 100644 index 0000000..b0d3741 --- /dev/null +++ b/appserver/wg.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + { + networking.firewall.checkReversePath = "loose"; + networking.wg-quick.interfaces = { + wg0 = { + address = [ "192.168.100.3/24" ]; # "fdc9:281f:04d7:9ee9::2/64" + #dns = [ "192.168.100.1" "192.168.1.1" ]; # "fdc9:281f:04d7:9ee9::1" + privateKeyFile = "/root/wireguard-keys/private"; + peers = [ + { + publicKey = ""; + presharedKeyFile = "/root/wireguard-keys/preshared"; + allowedIPs = [ "192.168.100.1/24" ]; # "::/0" + endpoint = "46.226.104.98:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; + } diff --git a/appserver/writefreely.nix b/appserver/writefreely.nix new file mode 100644 index 0000000..9667411 --- /dev/null +++ b/appserver/writefreely.nix @@ -0,0 +1,26 @@ +{ pkgs, configs, ... }: +{ + services.writefreely = { + enable = true; + admin.name = "geir@geokkjer.eu"; + host = "blog.geokkjer.eu"; + database = { + type = "sqlite3"; + #filename = "writefreely.db"; + #database = "writefreely"; + }; + nginx = { + # Enable Nginx and configure it to serve WriteFreely. + enable = true; + }; + settings = { + server = { + port = 8088; + bind = "0.0.0.0"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8088 ]; + networking.firewall.allowedUDPPorts = [ 8088 ]; +} diff --git a/laptop/aliases.nix b/laptop/aliases.nix new file mode 100644 index 0000000..723b30d --- /dev/null +++ b/laptop/aliases.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + tldr + eza + bat + ripgrep + ]; + environment.shellAliases = { + vi = "nvim"; + vim = "nvim"; + h = "tldr"; + # oxidized + ls = "eza -l"; + cat = "bat"; + grep = "rg"; + top = "btm --color gruvbox"; + # some tools + + }; +} diff --git a/laptop/asciidoc.nix b/laptop/asciidoc.nix new file mode 100644 index 0000000..036c5d0 --- /dev/null +++ b/laptop/asciidoc.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; + [ + asciidoc-full asciidoctor + ]; +} diff --git a/laptop/configuration.nix b/laptop/configuration.nix new file mode 100644 index 0000000..b94b028 --- /dev/null +++ b/laptop/configuration.nix @@ -0,0 +1,190 @@ +{ config, pkgs, ... }: +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./zsh.nix + ./tuigreet.nix + ./sway.nix + ./kitty.nix + #./cosmic.nix + ./tty.nix + ./aliases.nix + ./fonts.nix + ./k8s.nix + ./tail.nix + ./asciidoc.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + services.fstrim.enable = true; + + # Networking + networking.networkmanager.enable = true; + networking.hostName = "idea"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + # Enable the Desktop Environment. + programs.steam.enable = true; + #services.teamviewer.enable = true; + + # Configure keymap in X11 + services.xserver = { + layout = "no"; + xkbVariant = ""; + }; + + # Configure console keymap + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "nb_NO.utf8"; + LC_IDENTIFICATION = "nb_NO.utf8"; + LC_MEASUREMENT = "nb_NO.utf8"; + LC_MONETARY = "nb_NO.utf8"; + LC_NAME = "nb_NO.utf8"; + LC_NUMERIC = "nb_NO.utf8"; + LC_PAPER = "nb_NO.utf8"; + LC_TELEPHONE = "nb_NO.utf8"; + LC_TIME = "nb_NO.utf8"; + }; + + # Enable CUPS to print documents. + services.printing.enable = false; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enble flakes and other experimental features + nix = { + extraOptions = "experimental-features = nix-command flakes"; + package = pkgs.nixFlakes; + }; + # Enable nix-2.15.3 for some reaseon something depends on it + nixpkgs.config.permittedInsecurePackages = [ + "nix-2.15.3" + ]; + + services.emacs.enable = true; + + # User account. + nix.settings.trusted-users = [ "root" "geir" ]; + environment.localBinInPath = true; + users.users.geir = { + isNormalUser = true; + description = "Geir Okkenhaug Jerstad"; + extraGroups = [ "networkmanager" "wheel" ]; + shell = pkgs.zsh; + packages = with pkgs; [ + discord teamviewer evince + # Browsers + firefox qutebrowser + # Monitoring tools + htop glances bottom fwupd + # shells & terminals + terminator foot kitty + starship + nushell + fzf + # Multiplexers + screen + tmux + zellij + # Editors & command line text utils + mc + neovim + poppler_utils + emacs + emacsPackages.vterm + libvterm libtool + magic-wormhole + protonvpn-cli + ytfzf + nix-direnv + # + mpv + # DevSecOps + virt-manager + # Audio tools + ncpamixer + # blog + haunt + ]; + }; + + environment.systemPackages = with pkgs; [ + git hut unzip fastfetch + wget curl + neofetch inxi mlocate + tailscale bluez-tools + # Languages + zig + python3 python3Packages.pip + guile + go gotools golint + rustup + # language servers + zls + python3Packages.python-lsp-server + rnix-lsp + gopls + luajitPackages.lua-lsp + nodePackages.bash-language-server + vimPlugins.cmp-nvim-lsp + ccls + rnix-lsp + gdb + # building software + qemu + cmake + gcc + bintools + gnutar + sccache + ncurses + ]; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + networking.firewall.enable = true; + system.stateVersion = "22.11"; +} diff --git a/laptop/configuration.nix~ b/laptop/configuration.nix~ new file mode 100644 index 0000000..633d37d --- /dev/null +++ b/laptop/configuration.nix~ @@ -0,0 +1,189 @@ +{ config, pkgs, ... }: +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./zsh.nix + ./tuigreet.nix + ./sway.nix + ./kitty.nix + #./cosmic.nix + ./tty.nix + ./aliases.nix + ./fonts.nix + ./k8s.nix + ./tail.nix + ./asciidoc.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + + # Enable all unfree hardware support. + hardware.firmware = with pkgs; [ firmwareLinuxNonfree ]; + hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; + nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; + + services.fstrim.enable = true; + + # Networking + networking.networkmanager.enable = true; + networking.hostName = "idea"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + # Enable the Desktop Environment. + programs.steam.enable = true; + #services.teamviewer.enable = true; + + # Configure keymap in X11 + services.xserver = { + layout = "no"; + xkbVariant = ""; + }; + + # Configure console keymap + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "nb_NO.utf8"; + LC_IDENTIFICATION = "nb_NO.utf8"; + LC_MEASUREMENT = "nb_NO.utf8"; + LC_MONETARY = "nb_NO.utf8"; + LC_NAME = "nb_NO.utf8"; + LC_NUMERIC = "nb_NO.utf8"; + LC_PAPER = "nb_NO.utf8"; + LC_TELEPHONE = "nb_NO.utf8"; + LC_TIME = "nb_NO.utf8"; + }; + + # Enable CUPS to print documents. + services.printing.enable = false; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enble flakes and other experimental features + nix = { + extraOptions = "experimental-features = nix-command flakes"; + package = pkgs.nixFlakes; + }; + # Enable nix-2.15.3 for some reaseon something depends on it + nixpkgs.config.permittedInsecurePackages = [ + "nix-2.15.3" + ]; + + services.emacs.enable = true; + + # User account. + nix.settings.trusted-users = [ "root" "geir" ]; + environment.localBinInPath = true; + users.users.geir = { + isNormalUser = true; + description = "Geir Okkenhaug Jerstad"; + extraGroups = [ "networkmanager" "wheel" ]; + shell = pkgs.zsh; + packages = with pkgs; [ + discord teamviewer evince + # Browsers + firefox qutebrowser + # Monitoring tools + htop glances bottom fwupd + # shells & terminals + terminator foot kitty + starship + nushell + fzf + # Multiplexers + screen + tmux + zellij + # Editors & command line text utils + mc + neovim + poppler_utils + emacs + emacsPackages.vterm + libvterm libtool + magic-wormhole + protonvpn-cli + ytfzf + nix-direnv + # + mpv + # DevSecOps + virt-manager + # Audio tools + ncpamixer + # blog + haunt + ]; + }; + + environment.systemPackages = with pkgs; [ + git hut unzip fastfetch + wget curl + neofetch inxi mlocate + tailscale bluez-tools + # Languages + zig + python3 python3Packages.pip + guile + go gotools golint + rustup + # language servers + zls + python3Packages.python-lsp-server + rnix-lsp + gopls + luajitPackages.lua-lsp + nodePackages.bash-language-server + vimPlugins.cmp-nvim-lsp + ccls + rnix-lsp + # building software + qemu + cmake + gcc + bintools + gnutar + sccache + ncurses + ]; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + networking.firewall.enable = true; + system.stateVersion = "22.11"; +} diff --git a/laptop/fonts.nix b/laptop/fonts.nix new file mode 100644 index 0000000..899a9ca --- /dev/null +++ b/laptop/fonts.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: +{ + fonts.packages = with pkgs; [ + # Fonts + fira-code + fira-mono + fira-code-symbols + meslo-lgs-nf + ]; +} diff --git a/laptop/hardware-configuration.nix b/laptop/hardware-configuration.nix new file mode 100644 index 0000000..9a88065 --- /dev/null +++ b/laptop/hardware-configuration.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c00b4f87-0c38-45e8-a65e-acb63b837124"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/28E2-7988"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/laptop/k8s.nix b/laptop/k8s.nix new file mode 100644 index 0000000..bd36dca --- /dev/null +++ b/laptop/k8s.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + talosctl + kubectl + kind + k9s + ]; +} diff --git a/laptop/k8s.nix~ b/laptop/k8s.nix~ new file mode 100644 index 0000000..6e5b8c3 --- /dev/null +++ b/laptop/k8s.nix~ @@ -0,0 +1,3 @@ +{ pkgs, ... }: +{ +} diff --git a/laptop/kitty.nix b/laptop/kitty.nix new file mode 100644 index 0000000..38e8dd5 --- /dev/null +++ b/laptop/kitty.nix @@ -0,0 +1,7 @@ +{ config, pkgs, lib, ... }: +{ + environment.systemPackages = with pkgs; + [ + kitty kitty-themes termpdfpy + ]; +} diff --git a/laptop/nix-direnv.nix b/laptop/nix-direnv.nix new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/laptop/nix-direnv.nix @@ -0,0 +1 @@ + diff --git a/laptop/nixvim.nix b/laptop/nixvim.nix new file mode 100644 index 0000000..19ec603 --- /dev/null +++ b/laptop/nixvim.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: +{ + imports = [ ] + let + nixvim = import (builtins.fetchGit { + url = "https://github.com/nix-community/nixvim"; + # When using a different channel you can use `ref = "nixos-"` to set it here + }); + in + { + programs.nixvim = { + enable = true; + + colorschemes.gruvbox.enable = true; + plugins.lightline.enable = true; + + plugins.lsp = { + enable = true; + + servers = { + rust-analyzer = { + enable = true; + installCargo = true; + }; + }; + }; + }; + } +} diff --git a/laptop/river.nix b/laptop/river.nix new file mode 100644 index 0000000..2c33270 --- /dev/null +++ b/laptop/river.nix @@ -0,0 +1,9 @@ +{ configs, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + river + ]; + programs.river = { + enable = true; + }; +} diff --git a/laptop/sway.nix b/laptop/sway.nix new file mode 100644 index 0000000..9b7f1b1 --- /dev/null +++ b/laptop/sway.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: + let + dbus-sway-environment = pkgs.writeTextFile { + name = "dbus-sway-environment"; + destination = "/bin/dbus-sway-environment"; + executable = true; + text = '' + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_C URRENT_DESKTOP=sway + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr + ''; + }; + +in + { + environment.systemPackages = with pkgs; [ + sway + dbus-sway-environment + wayland + xdg-utils # for opening default programs when clicking links + glib # gsettings + dracula-theme # gtk theme + swaylock + swayidle + grim # screenshot functionality + slurp # screenshot functionality + wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout + mako # notification system developed by swaywm maintainer + waybar + gammastep + fuzzel + ]; + + # xdg-desktop-portal works by exposing a series of D-Bus interfaces + # known as portals under a well-known name + # (org.freedesktop.portal.Desktop) and object path + # (/org/freedesktop/portal/desktop). + # The portal interfaces include APIs for file access, opening URIs, + # printing and others. + services.dbus.enable = true; + xdg.portal.wlr.enable = true; + # enable sway window manager + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + } diff --git a/laptop/tail.nix b/laptop/tail.nix new file mode 100644 index 0000000..955fa26 --- /dev/null +++ b/laptop/tail.nix @@ -0,0 +1,9 @@ +{ pkgs, ...}: + +{ + environment.systemPackages = with pkgs; [ + tailscale + ]; + + services.tailscale.enable = true; + } diff --git a/laptop/tty.nix b/laptop/tty.nix new file mode 100644 index 0000000..b09a9f6 --- /dev/null +++ b/laptop/tty.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + services.getty.greetingLine = ''\l''; + + console = { + earlySetup = true; + + # Joker palette + colors = [ + "1b161f" + "ff5555" + "54c6b5" + "d5aa2a" + "bd93f9" + "ff79c6" + "8be9fd" + "bfbfbf" + + "1b161f" + "ff6e67" + "5af78e" + "ffce50" + "caa9fa" + "ff92d0" + "9aedfe" + "e6e6e6" + ]; + }; +} diff --git a/laptop/tuigreet.nix b/laptop/tuigreet.nix new file mode 100644 index 0000000..e01f6a3 --- /dev/null +++ b/laptop/tuigreet.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "geir"; + }; + }; + }; + environment.systemPackages = with pkgs; + [ + greetd.tuigreet + ]; +} diff --git a/laptop/zsh.nix b/laptop/zsh.nix new file mode 100644 index 0000000..6ec8588 --- /dev/null +++ b/laptop/zsh.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; + [ + zsh + zsh-completions + nix-zsh-completions + starship + direnv + ]; + + programs.zsh.enable = true; + programs.zsh.syntaxHighlighting.enable = true; + programs.zsh.autosuggestions.enable = true; + } diff --git a/workstation/atuin.nix b/workstation/atuin.nix new file mode 100644 index 0000000..35b12f4 --- /dev/null +++ b/workstation/atuin.nix @@ -0,0 +1,10 @@ +{ pkgs, configs, ... }: +{ + environment.systemPackages = with pkgs; + [ + atuin + ]; + services.atuin.enable = true; + + +} diff --git a/workstation/configuration.nix b/workstation/configuration.nix new file mode 100644 index 0000000..c172732 --- /dev/null +++ b/workstation/configuration.nix @@ -0,0 +1,159 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./k8s.nix + ./podman.nix + ]; + + # Kernel + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + mirroredBoots = [ + { devices = [ "nodev"]; path = "/boot"; } + ]; + }; + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # firmaware + services.fwupd.enable = true; + # Bluetooth + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + services.blueman.enable = true; + # enable unfree + nixpkgs.config.allowUnfree = true; + # Network + networking.hostName = "nixos-work"; + services.tailscale.enable = true; + networking.networkmanager.enable = true; + networking.hostId = "8425e349"; + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + # TuiGreet + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "geir"; + }; + }; + }; + + # Sway + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + # gtk portal needed to make gtk apps happy + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + + + # Configure keymap in X11 + services.xserver.xkb.layout = "no"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + dina-font + proggyfonts + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + ]; + + sound.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + programs.steam.enable = true; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + firefox ncpamixer starship discord fastfetch + ]; + }; + programs.bash.blesh.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + foot kitty terminator + dbus + greetd.tuigreet + wayland + xdg-utils + swaylock swayidle swaybg waybar fuzzel gammastep mako + neovim emacs + neofetch glances inxi htop bottom + wget curl + git + mc eza du-dust + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # zfs options + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + networking.firewall.enable = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/workstation/configuration.nix~ b/workstation/configuration.nix~ new file mode 100644 index 0000000..7b2aeb7 --- /dev/null +++ b/workstation/configuration.nix~ @@ -0,0 +1,158 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./k8s.nix + ]; + + # Kernel + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + mirroredBoots = [ + { devices = [ "nodev"]; path = "/boot"; } + ]; + }; + zramSwap = { + enable = true; + algorithm = "zstd"; + }; + # firmaware + services.fwupd.enable = true; + # Bluetooth + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + services.blueman.enable = true; + # enable unfree + nixpkgs.config.allowUnfree = true; + # Network + networking.hostName = "nixos-work"; + services.tailscale.enable = true; + networking.networkmanager.enable = true; + networking.hostId = "8425e349"; + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + # TuiGreet + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "geir"; + }; + }; + }; + + # Sway + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + # gtk portal needed to make gtk apps happy + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + }; + + + + # Configure keymap in X11 + services.xserver.xkb.layout = "no"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + dina-font + proggyfonts + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + ]; + + sound.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + programs.steam.enable = true; + + users.users.geir = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + firefox ncpamixer starship discord fastfetch + ]; + }; + programs.bash.blesh.enable = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + foot kitty terminator + dbus + greetd.tuigreet + wayland + xdg-utils + swaylock swayidle swaybg waybar fuzzel gammastep mako + neovim emacs + neofetch glances inxi htop bottom + wget curl + git + mc eza du-dust + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # zfs options + services.zfs.autoScrub.enable = true; + services.zfs.trim.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 22 ]; + networking.firewall.enable = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/workstation/hardware-configuration.nix b/workstation/hardware-configuration.nix new file mode 100644 index 0000000..af28c76 --- /dev/null +++ b/workstation/hardware-configuration.nix @@ -0,0 +1,63 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zpool/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "zpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "zpool/var"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "zpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/257B-AB7E"; + fsType = "vfat"; + }; + fileSystems."/home/geir/games" = + { device = "stuffpool/games"; + fsType = "zfs"; + }; + + fileSystems."/home/geir/virtual" = + { device = "stuffpool/virtual"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/workstation/hardware-configuration.nix~ b/workstation/hardware-configuration.nix~ new file mode 100644 index 0000000..a7d5915 --- /dev/null +++ b/workstation/hardware-configuration.nix~ @@ -0,0 +1,54 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zpool/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "zpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "zpool/var"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "zpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/257B-AB7E"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/workstation/k8s.nix b/workstation/k8s.nix new file mode 100644 index 0000000..bd36dca --- /dev/null +++ b/workstation/k8s.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + talosctl + kubectl + kind + k9s + ]; +} diff --git a/workstation/podman.nix b/workstation/podman.nix new file mode 100644 index 0000000..44f2f43 --- /dev/null +++ b/workstation/podman.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + virtualisation.podman.dockerSocket.enable = true; + + #virtualisation.defaultNetwork.settings.dns_enabled = true; + environment.systemPackages = with pkgs; [ + podman-tui + podman-compose + ]; + + }