commit 24217b8cdf858f262f6b3fc697ac01c2fd81071d · pci.express/dotfiles

+43

common/default.nix

···

       1
       +
       {

     

       2
       +
         inputs,

     

       3
       +
         pkgs,

     

       4
       +
         config,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       {

     

       8
       +
         # Configuring Nix

     

       9
       +
         nix = {

     

       10
       +
           package = pkgs.lixPackageSets.latest.lix;

     

       11
       +
           channel.enable = false;

     

       12
       +
           nixPath = [ "nixpkgs=${config.nix.registry.nixpkgs.to.path}" ];

     

       13
       +
           registry = {

     

       14
       +
             n.flake = inputs.nixpkgs;

     

       15
       +
           };

     

       16
       +
           settings.auto-optimise-store = true;

     

       17
       +
           settings.experimental-features = [

     

       18
       +
             "nix-command"

     

       19
       +
             "flakes"

     

       20
       +
           ];

     

       21
       +
         };

     

       22
       +
         nixpkgs.config.allowUnfree = true;

     

       23
       +
       

     

       24
       +
         # Base Packages

     

       25
       +
         environment.systemPackages = with pkgs; [

     

       26
       +
           fastfetch

     

       27
       +
           neovim

     

       28
       +
           man-pages

     

       29
       +
           man-pages-posix

     

       30
       +
           gptfdisk

     

       31
       +
         ];

     

       32
       +
       

     

       33
       +
         # Localization

     

       34
       +
         time.timeZone = "America/Phoenix";

     

       35
       +
         i18n.defaultLocale = "en_US.UTF-8";

     

       36
       +
       

     

       37
       +
         # Other Settings

     

       38
       +
         documentation.dev.enable = true;

     

       39
       +
         security.sudo.wheelNeedsPassword = false;

     

       40
       +
         programs.zsh.enable = true;

     

       41
       +
         programs.git.enable = true;

     

       42
       +
         console.keyMap = "dvorak";

     

       43
       +
       }

+111

flake.lock

···

       1
       +
       {

     

       2
       +
         "nodes": {

     

       3
       +
           "flake-compat": {

     

       4
       +
             "flake": false,

     

       5
       +
             "locked": {

     

       6
       +
               "lastModified": 1696426674,

     

       7
       +
               "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",

     

       8
       +
               "owner": "edolstra",

     

       9
       +
               "repo": "flake-compat",

     

       10
       +
               "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",

     

       11
       +
               "type": "github"

     

       12
       +
             },

     

       13
       +
             "original": {

     

       14
       +
               "owner": "edolstra",

     

       15
       +
               "repo": "flake-compat",

     

       16
       +
               "type": "github"

     

       17
       +
             }

     

       18
       +
           },

     

       19
       +
           "lix": {

     

       20
       +
             "inputs": {

     

       21
       +
               "flake-compat": "flake-compat",

     

       22
       +
               "nix2container": "nix2container",

     

       23
       +
               "nixpkgs": [

     

       24
       +
                 "nixpkgs"

     

       25
       +
               ],

     

       26
       +
               "nixpkgs-regression": "nixpkgs-regression",

     

       27
       +
               "pre-commit-hooks": "pre-commit-hooks"

     

       28
       +
             },

     

       29
       +
             "locked": {

     

       30
       +
               "lastModified": 1747871314,

     

       31
       +
               "narHash": "sha256-UV82KwR0gBghOp+H98HYgaoJQZybKJ0zPsJXASKkP/s=",

     

       32
       +
               "rev": "5d49e26f710bb79145ed4e962154166a7edd81c1",

     

       33
       +
               "type": "tarball",

     

       34
       +
               "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5d49e26f710bb79145ed4e962154166a7edd81c1.tar.gz?rev=5d49e26f710bb79145ed4e962154166a7edd81c1"

     

       35
       +
             },

     

       36
       +
             "original": {

     

       37
       +
               "type": "tarball",

     

       38
       +
               "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"

     

       39
       +
             }

     

       40
       +
           },

     

       41
       +
           "nix2container": {

     

       42
       +
             "flake": false,

     

       43
       +
             "locked": {

     

       44
       +
               "lastModified": 1724996935,

     

       45
       +
               "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",

     

       46
       +
               "owner": "nlewo",

     

       47
       +
               "repo": "nix2container",

     

       48
       +
               "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",

     

       49
       +
               "type": "github"

     

       50
       +
             },

     

       51
       +
             "original": {

     

       52
       +
               "owner": "nlewo",

     

       53
       +
               "repo": "nix2container",

     

       54
       +
               "type": "github"

     

       55
       +
             }

     

       56
       +
           },

     

       57
       +
           "nixpkgs": {

     

       58
       +
             "locked": {

     

       59
       +
               "lastModified": 315532800,

     

       60
       +
               "narHash": "sha256-83yvDLYXJ71qoOuRJ8pN/8MGabwQx/83Q24O/AmdecI=",

     

       61
       +
               "rev": "8c441601c43232976179eac52dde704c8bdf81ed",

     

       62
       +
               "type": "tarball",

     

       63
       +
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre804181.8c441601c432/nixexprs.tar.xz?rev=8c441601c43232976179eac52dde704c8bdf81ed"

     

       64
       +
             },

     

       65
       +
             "original": {

     

       66
       +
               "type": "tarball",

     

       67
       +
               "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"

     

       68
       +
             }

     

       69
       +
           },

     

       70
       +
           "nixpkgs-regression": {

     

       71
       +
             "locked": {

     

       72
       +
               "lastModified": 1643052045,

     

       73
       +
               "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",

     

       74
       +
               "owner": "NixOS",

     

       75
       +
               "repo": "nixpkgs",

     

       76
       +
               "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",

     

       77
       +
               "type": "github"

     

       78
       +
             },

     

       79
       +
             "original": {

     

       80
       +
               "owner": "NixOS",

     

       81
       +
               "repo": "nixpkgs",

     

       82
       +
               "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",

     

       83
       +
               "type": "github"

     

       84
       +
             }

     

       85
       +
           },

     

       86
       +
           "pre-commit-hooks": {

     

       87
       +
             "flake": false,

     

       88
       +
             "locked": {

     

       89
       +
               "lastModified": 1733318908,

     

       90
       +
               "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",

     

       91
       +
               "owner": "cachix",

     

       92
       +
               "repo": "git-hooks.nix",

     

       93
       +
               "rev": "6f4e2a2112050951a314d2733a994fbab94864c6",

     

       94
       +
               "type": "github"

     

       95
       +
             },

     

       96
       +
             "original": {

     

       97
       +
               "owner": "cachix",

     

       98
       +
               "repo": "git-hooks.nix",

     

       99
       +
               "type": "github"

     

       100
       +
             }

     

       101
       +
           },

     

       102
       +
           "root": {

     

       103
       +
             "inputs": {

     

       104
       +
               "lix": "lix",

     

       105
       +
               "nixpkgs": "nixpkgs"

     

       106
       +
             }

     

       107
       +
           }

     

       108
       +
         },

     

       109
       +
         "root": "root",

     

       110
       +
         "version": 7

     

       111
       +
       }

+30

flake.nix

···

       1
       +
       {

     

       2
       +
         inputs = {

     

       3
       +
           nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz";

     

       4
       +
           lix = {

     

       5
       +
             url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";

     

       6
       +
             inputs.nixpkgs.follows = "nixpkgs";

     

       7
       +
           };

     

       8
       +
         };

     

       9
       +
         outputs =

     

       10
       +
           { self, ... }@inputs:

     

       11
       +
           let

     

       12
       +
             inherit (inputs) nixpkgs;

     

       13
       +
             inherit (inputs.nixpkgs) lib;

     

       14
       +
             specialArgs = { inherit inputs; };

     

       15
       +
             forAllSystems =

     

       16
       +
               function: lib.genAttrs lib.systems.flakeExposed (system: function nixpkgs.legacyPackages.${system});

     

       17
       +
           in

     

       18
       +
           {

     

       19
       +
             nixosConfigurations = {

     

       20
       +
               hetzner = nixpkgs.lib.nixosSystem {

     

       21
       +
                 inherit specialArgs;

     

       22
       +
                 modules = [

     

       23
       +
                   ./common

     

       24
       +
                   ./hetzner

     

       25
       +
                 ];

     

       26
       +
               };

     

       27
       +
             };

     

       28
       +
             formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style);

     

       29
       +
           };

     

       30
       +
       }

+63

hetzner/default.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
       +
         imports = [ ./hardware.nix ];

     

       4
       +
       

     

       5
       +
         # Running Services

     

       6
       +
         services = {

     

       7
       +
           openssh.enable = true;

     

       8
       +
           openssh.settings.PasswordAuthentication = false;

     

       9
       +
         };

     

       10
       +
       

     

       11
       +
         # Base Packages

     

       12
       +
         environment.systemPackages = with pkgs; [

     

       13
       +
           ghostty.terminfo

     

       14
       +
           tmux

     

       15
       +
           arch-install-scripts

     

       16
       +
           tcpdump

     

       17
       +
           dig

     

       18
       +
         ];

     

       19
       +
       

     

       20
       +
         # Network Setup

     

       21
       +
         networking = {

     

       22
       +
           hostName = "hetzner";

     

       23
       +
           nameservers = [

     

       24
       +
             "9.9.9.9"

     

       25
       +
             "149.112.112.112"

     

       26
       +
           ];

     

       27
       +
           useDHCP = true; # Switch this to a static setup later

     

       28
       +
           firewall.enable = false;

     

       29
       +
           nftables = {

     

       30
       +
             enable = true;

     

       31
       +
             ruleset = builtins.readFile ./nftables.conf;

     

       32
       +
           };

     

       33
       +
         };

     

       34
       +
       

     

       35
       +
         # User Account

     

       36
       +
         users.users.sydney = {

     

       37
       +
           description = "Sydney Angelia";

     

       38
       +
           isNormalUser = true;

     

       39
       +
           extraGroups = [ "wheel" ];

     

       40
       +
           shell = pkgs.zsh;

     

       41
       +
           openssh.authorizedKeys.keys = [

     

       42
       +
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRJWbyvyeo8ykLovPOR+EuwqmjOsSrBBckpicVWhULl mac"

     

       43
       +
           ];

     

       44
       +
         };

     

       45
       +
       

     

       46
       +
         # Boot/Firmware stuff

     

       47
       +
         boot = {

     

       48
       +
           loader.systemd-boot.enable = true;

     

       49
       +
           loader.efi.canTouchEfiVariables = true;

     

       50
       +
           kernelPackages = pkgs.linuxPackages_latest;

     

       51
       +
           kernel.sysctl = {

     

       52
       +
             "net.ipv4.conf.all.forwarding" = true;

     

       53
       +
             "net.ipv6.conf.all.forwarding" = true;

     

       54
       +
           };

     

       55
       +
         };

     

       56
       +
       

     

       57
       +
         # Miscellaneous settings

     

       58
       +
         system.stateVersion = "24.05";

     

       59
       +
         nix.settings.trusted-users = [

     

       60
       +
           "@wheel"

     

       61
       +
         ];

     

       62
       +
       

     

       63
       +
       }

+42

hetzner/hardware.nix

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         modulesPath,

     

       6
       +
         ...

     

       7
       +
       }:

     

       8
       +
       

     

       9
       +
       {

     

       10
       +
         imports = [

     

       11
       +
           (modulesPath + "/profiles/qemu-guest.nix")

     

       12
       +
         ];

     

       13
       +
       

     

       14
       +
         boot.initrd.availableKernelModules = [

     

       15
       +
           "xhci_pci"

     

       16
       +
           "virtio_scsi"

     

       17
       +
           "sr_mod"

     

       18
       +
         ];

     

       19
       +
         boot.initrd.kernelModules = [ ];

     

       20
       +
         boot.kernelModules = [ ];

     

       21
       +
         boot.extraModulePackages = [ ];

     

       22
       +
       

     

       23
       +
         fileSystems."/" = {

     

       24
       +
           device = "/dev/disk/by-uuid/05f49fc9-4c48-4802-8066-b61707850649";

     

       25
       +
           fsType = "ext4";

     

       26
       +
         };

     

       27
       +
       

     

       28
       +
         fileSystems."/boot" = {

     

       29
       +
           device = "/dev/disk/by-uuid/4AF2-5252";

     

       30
       +
           fsType = "vfat";

     

       31
       +
           options = [

     

       32
       +
             "fmask=0077"

     

       33
       +
             "dmask=0077"

     

       34
       +
           ];

     

       35
       +
         };

     

       36
       +
       

     

       37
       +
         swapDevices = [ ];

     

       38
       +
       

     

       39
       +
         networking.useDHCP = lib.mkDefault true;

     

       40
       +
       

     

       41
       +
         nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

     

       42
       +
       }

+29

hetzner/nftables.conf

···

       1
       +
       flush ruleset

     

       2
       +
       

     

       3
       +
       define wan_iface = "enp1s0"

     

       4
       +
       

     

       5
       +
       table inet filter {

     

       6
       +
         chain inbound_wan {

     

       7
       +
           icmp type echo-request limit rate 5/second accept

     

       8
       +
           tcp dport { 22, 80, 443 } accept

     

       9
       +
           udp dport { 12345 } accept

     

       10
       +
           icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept

     

       11
       +
           icmpv6 type echo-request limit rate 5/second accept

     

       12
       +
         }

     

       13
       +
       

     

       14
       +
         chain input {

     

       15
       +
           type filter hook input priority 0

     

       16
       +
           policy drop

     

       17
       +
       

     

       18
       +
           ct state vmap { invalid : drop, established : accept, related : accept }

     

       19
       +
       

     

       20
       +
           iifname vmap { lo : accept, $wan_iface: jump inbound_wan }

     

       21
       +
         }

     

       22
       +
       

     

       23
       +
         chain forward {

     

       24
       +
           type filter hook forward priority 0

     

       25
       +
           policy drop

     

       26
       +
       

     

       27
       +
           ct state vmap { established : accept, related : accept, invalid : drop }

     

       28
       +
         }

     

       29
       +
       }