commit 24d6c993b01e16fc9f167a0a34b643bf80aa9842 · soopy.moe/gensokyo

+81

configuration.nix

···

       1
       +
       # Edit this configuration file to define what should be installed on

     

       2
       +
       # your system.  Help is available in the configuration.nix(5) man page

     

       3
       +
       # and in the NixOS manual (accessible by running `nixos-help`).

     

       4
       +
       

     

       5
       +
       { config, pkgs, ... }:

     

       6
       +
       

     

       7
       +
       {

     

       8
       +
         imports =

     

       9
       +
           [ # Include the results of the hardware scan.

     

       10
       +
             ./hardware-configuration.nix

     

       11
       +
             

     

       12
       +
             ./programs

     

       13
       +
             ./networking

     

       14
       +
           ];

     

       15
       +
       

     

       16
       +
         boot.loader.efi = {

     

       17
       +
           canTouchEfiVariables = true;

     

       18
       +
           efiSysMountPoint = "/boot/efi";

     

       19
       +
         };

     

       20
       +
       

     

       21
       +
         boot.loader.grub = {

     

       22
       +
           enable = true;

     

       23
       +
           device = "nodev";

     

       24
       +
           efiSupport = true;

     

       25
       +
         };

     

       26
       +
       

     

       27
       +
         # Set your time zone.

     

       28
       +
         time.timeZone = "Asia/Hong_Kong";

     

       29
       +
       

     

       30
       +
         # Select internationalisation properties.

     

       31
       +
         i18n.defaultLocale = "en_US.UTF-8";

     

       32
       +
         console = {

     

       33
       +
           font = "Lat2-Terminus16";

     

       34
       +
           keyMap = "us";

     

       35
       +
         };

     

       36
       +
       

     

       37
       +
         # Enable CUPS to print documents.

     

       38
       +
         # services.printing.enable = true;

     

       39
       +
       

     

       40
       +
         # Enable sound.

     

       41
       +
         sound.enable = false;

     

       42
       +
       

     

       43
       +
         # Define a user account. Don't forget to set a password with ‘passwd’.

     

       44
       +
         users.users.cassie = {

     

       45
       +
           isNormalUser = true;

     

       46
       +
           extraGroups = [ "wheel" ];

     

       47
       +
           openssh = {

     

       48
       +
               authorizedKeys.keyFiles = [ "/etc/nixos/creds/ssh/cassie" ];

     

       49
       +
           };

     

       50
       +
           packages = with pkgs; [];

     

       51
       +
         };

     

       52
       +
       

     

       53
       +
         programs.tmux = {

     

       54
       +
           enable = true;

     

       55
       +
           newSession = true;

     

       56
       +
           keyMode = "vi";

     

       57
       +
           historyLimit = 10000;

     

       58
       +
         };

     

       59
       +
       

     

       60
       +
         # Some programs need SUID wrappers, can be configured further or are

     

       61
       +
         # started in user sessions.

     

       62
       +
         #programs.mtr.enable = true;

     

       63
       +
         # programs.gnupg.agent = {

     

       64
       +
         #   enable = true;

     

       65
       +
         #   enableSSHSupport = true;

     

       66
       +
         # };

     

       67
       +
       

     

       68
       +
         # Copy the NixOS configuration file and link it from the resulting system

     

       69
       +
         # (/run/current-system/configuration.nix). This is useful in case you

     

       70
       +
         # accidentally delete configuration.nix.

     

       71
       +
         # system.copySystemConfiguration = true;

     

       72
       +
       

     

       73
       +
         # This value determines the NixOS release from which the default

     

       74
       +
         # settings for stateful data, like file locations and database versions

     

       75
       +
         # on your system were taken. It's perfectly fine and recommended to leave

     

       76
       +
         # this value at the release version of the first install of this system.

     

       77
       +
         # Before changing this value read the documentation for this option

     

       78
       +
         # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).

     

       79
       +
         system.stateVersion = "23.05"; # Did you read the comment?

     

       80
       +
       }

     

       81
       +

+12

creds/ssh/cassie

···

       1
       +
       # SmartCards

     

       2
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvCpt7yWIptJ9XFBhwVIj9zR30OzkWI976B/P5+0whD cardno:13 901 056

     

       3
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvCpt7yWIptJ9XFBhwVIj9zR30OzkWI976B/P5+0whD cardno:19 302 295

     

       4
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMjRM3BNkLbU57RyfUx7kOlZeBEj/NByr1PfXri82aP cardno:19 302 432

     

       5
       +
       

     

       6
       +
       # Static devices

     

       7
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPTbZL0dq0ynBl8fy9yZmrKVWd/fOybZoqBKchP0MPM sophie@marisa

     

       8
       +
       

     

       9
       +
       # Phones

     

       10
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIELnUun49XZwfj535a5COURTKF85A79jn7oyUt4EDa8+ u0_a288@localhost

     

       11
       +
       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsxx+UE9xiHbQM+lKF5CbDcZOlu0AGg7rrzMbldJARO u0_a282@localhost

     

       12
       +

+71

hardware-configuration.nix

···

       1
       +
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       +
       # and may be overwritten by future invocations.  Please make changes

     

       3
       +
       # to /etc/nixos/configuration.nix instead.

     

       4
       +
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       +
       

     

       6
       +
       {

     

       7
       +
         imports =

     

       8
       +
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       +
           ];

     

       10
       +
       

     

       11
       +
         boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sr_mod" ];

     

       12
       +
         boot.initrd.kernelModules = [ "dm-snapshot" ];

     

       13
       +
         boot.kernelModules = [ "kvm-intel" ];

     

       14
       +
         boot.extraModulePackages = [ ];

     

       15
       +
       

     

       16
       +
         fileSystems."/" =

     

       17
       +
           { device = "/dev/disk/by-uuid/0b38be0c-5365-4f02-85b8-72f37bb2ddf8";

     

       18
       +
             fsType = "btrfs";

     

       19
       +
           };

     

       20
       +
       

     

       21
       +
         fileSystems."/var/log" =

     

       22
       +
           { device = "/dev/disk/by-uuid/e6ff7c96-3bef-4a17-9114-64ef1460fc00";

     

       23
       +
             fsType = "btrfs";

     

       24
       +
           };

     

       25
       +
       

     

       26
       +
         fileSystems."/var/log/audit" =

     

       27
       +
           { device = "/dev/disk/by-uuid/a20e2995-7297-4f69-af89-b58ff314e029";

     

       28
       +
             fsType = "btrfs";

     

       29
       +
           };

     

       30
       +
       

     

       31
       +
         fileSystems."/srv/osm-data" =

     

       32
       +
           { device = "/dev/disk/by-uuid/3c1a8b58-fbe6-4522-8e27-72419b3c2d6f";

     

       33
       +
             fsType = "btrfs";

     

       34
       +
           };

     

       35
       +
       

     

       36
       +
         fileSystems."/boot" =

     

       37
       +
           { device = "/dev/disk/by-uuid/9E0F-3FDE";

     

       38
       +
             fsType = "vfat";

     

       39
       +
           };

     

       40
       +
       

     

       41
       +
         fileSystems."/boot/efi" =

     

       42
       +
           { device = "/dev/disk/by-uuid/9EB1-FA5A";

     

       43
       +
             fsType = "vfat";

     

       44
       +
           };

     

       45
       +
       

     

       46
       +
         fileSystems."/srv/www/keine" =

     

       47
       +
           { device = "/dev/disk/by-uuid/0a0e102a-b1ac-44a2-947b-2ec505b532ad";

     

       48
       +
             fsType = "btrfs";

     

       49
       +
           };

     

       50
       +
       

     

       51
       +
         fileSystems."/home" =

     

       52
       +
           { device = "/dev/disk/by-uuid/50165105-6b82-4228-9640-2d32ce45f76e";

     

       53
       +
             fsType = "btrfs";

     

       54
       +
           };

     

       55
       +
       

     

       56
       +
         swapDevices =

     

       57
       +
           [ { device = "/dev/disk/by-uuid/efd68464-2e0c-4aaf-8264-519dd7d05ddf"; }

     

       58
       +
           ];

     

       59
       +
       

     

       60
       +
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       61
       +
         # (the default) this is the recommended approach. When using systemd-networkd it's

     

       62
       +
         # still possible to use this option, but it's recommended to use it in conjunction

     

       63
       +
         # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

     

       64
       +
         networking.useDHCP = lib.mkDefault true;

     

       65
       +
         # networking.interfaces.br0.useDHCP = lib.mkDefault true;

     

       66
       +
         # networking.interfaces.eno1.useDHCP = lib.mkDefault true;

     

       67
       +
       

     

       68
       +
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       69
       +
         powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

     

       70
       +
         hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       71
       +
       }

+11

networking/default.nix

···

       1
       +
       { ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         imports = [

     

       5
       +
           ./firewall.nix

     

       6
       +
           ./interface.nix

     

       7
       +
         ];

     

       8
       +
       

     

       9
       +
         networking.hostName = "koumakan";

     

       10
       +
         networking.networkmanager.enable = true;

     

       11
       +
       }

+11

networking/firewall.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         networking.firewall = {

     

       5
       +
           enable = true;

     

       6
       +
           allowedTCPPorts = [

     

       7
       +
             22 # ssh

     

       8
       +
             80 443 # http[s]

     

       9
       +
           ];

     

       10
       +
         };

     

       11
       +
       }

+4

networking/interface.nix

···

       1
       +
       { ... } :

     

       2
       +
       {

     

       3
       +
         networking.networkmanager.ethernet.macAddress = builtins.readFile ../creds/nma.cry;

     

       4
       +
       }

+13

programs/default.nix

···

       1
       +
       { ... }: 

     

       2
       +
       {

     

       3
       +
         imports = [

     

       4
       +
           ./nix.nix

     

       5
       +
           ./editors.nix

     

       6
       +
           ./shells.nix

     

       7
       +
       

     

       8
       +
           ./ssh.nix

     

       9
       +
           ./scm.nix

     

       10
       +
       

     

       11
       +
           ./misc.nix

     

       12
       +
         ];

     

       13
       +
       }

+10

programs/editors.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         programs.neovim = {

     

       5
       +
           enable = true;

     

       6
       +
           defaultEditor = true;

     

       7
       +
           viAlias = true;

     

       8
       +
           vimAlias = true;

     

       9
       +
         };

     

       10
       +
       }

+17

programs/misc.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         # Miscellaneous packages that do not have an option. 

     

       5
       +
         # It is recommended to use packages.<package>.enable when possible.

     

       6
       +
       

     

       7
       +
         # To search for a specific package, run this command.

     

       8
       +
         # $ nix search wget

     

       9
       +
         environment.systemPackages = with pkgs; [

     

       10
       +
           wget

     

       11
       +
           curl

     

       12
       +
           ripgrep

     

       13
       +
           gnupg

     

       14
       +
           pinentry

     

       15
       +
           git-crypt

     

       16
       +
         ];

     

       17
       +
       }

+9

programs/nix.nix

···

       1
       +
       { ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         nix.settings.experimental-features = [

     

       5
       +
           "nix-command"

     

       6
       +
           "flakes"

     

       7
       +
         ];

     

       8
       +
       }

     

       9
       +

+9

programs/scm.nix

···

       1
       +
       { ... }: 

     

       2
       +
       {

     

       3
       +
         programs.git = {

     

       4
       +
           enable = true;

     

       5
       +
           config = {

     

       6
       +
             init.defaultBranch = "main";

     

       7
       +
           };

     

       8
       +
         };

     

       9
       +
       }

+19

programs/shells.nix

···

       1
       +
       { ... }: 

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         programs.zsh = {

     

       5
       +
           enable = true;

     

       6
       +
           histSize = 50000;

     

       7
       +
       

     

       8
       +
           # plugins

     

       9
       +
           syntaxHighlighting.enable = true;

     

       10
       +
       

     

       11
       +
           ohMyZsh = {

     

       12
       +
             enable = true;

     

       13
       +
             theme = "crcandy";

     

       14
       +
             plugins = [

     

       15
       +
               "git"

     

       16
       +
             ];

     

       17
       +
           };

     

       18
       +
         };

     

       19
       +
       }

+13

programs/ssh.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         # Enable the OpenSSH daemon.

     

       5
       +
         services.openssh = {

     

       6
       +
           enable = true;

     

       7
       +
           settings = {

     

       8
       +
             PermitRootLogin = "no";

     

       9
       +
             PasswordAuthentication = false;

     

       10
       +
             

     

       11
       +
           };

     

       12
       +
         };

     

       13
       +
       }