From 3a44b124561f544c229c0042cd0b91d055a33409 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Thu, 11 Apr 2024 01:37:43 -0700 Subject: Add work VM and redo entire flake layout --- hosts/richese/default.nix | 200 +++++++++++++++++++++++++++++++ hosts/richese/disks.nix | 98 +++++++++++++++ hosts/richese/hardware-configuration.nix | 46 +++++++ 3 files changed, 344 insertions(+) create mode 100644 hosts/richese/default.nix create mode 100644 hosts/richese/disks.nix create mode 100644 hosts/richese/hardware-configuration.nix (limited to 'hosts/richese') diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix new file mode 100644 index 0000000..f068784 --- /dev/null +++ b/hosts/richese/default.nix @@ -0,0 +1,200 @@ +{ config, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader.grub.device = "/dev/sda"; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; + + documentation.dev.enable = true; + documentation.man.enable = true; + + environment.systemPackages = with pkgs; [ + acl + ansible + autoconf + automake + bash + bc + bind + binutils + bpftools + bzip2 + cmake + colordiff + conntrack-tools + coreutils + cpio + curl + diffutils + dig + dmenu + enscript + ethtool + evince + expect + feh + file + findutils + fio + fortune + fping + gcc + gcr + geeqie + ghostscript + #gimp-with-plugins + gimp + git + gnugrep + gnupatch + gnused + gnutar + google-chrome + gv + gzip + helm + i3 + i3status + imagemagick + inkscape + inxi + iotop + ipcalc + iperf + iproute2 + iputils + jq + less + libreoffice + lshw + lsof + lvm2 + mariadb + mutt + nano + netcat-openbsd + nettools + nix-index + nmap + oath-toolkit + openldap + openssl + openstackclient + patchelf + (pass.withExtensions (ext: with ext; [pass-otp])) + pass + pavucontrol + pciutils + perl + pkg-config + polkit_gnome + poppler_utils + procps + psmisc + pv + pwgen + python3 + qpwgraph + qrencode + recode + rsync + sqlite + st + stoken + strace + sysstat + tcpdump + traceroute + tree + unixtools.xxd + unrar + unzip + util-linux + vim + virtualenv + wdiff + weechat + wget + wireshark + whois + xclip + xdotool + xorg.xdpyinfo + xsnow + xz + zip + zstd + ]; + + imports = [ + ./hardware-configuration.nix + ../common/core + ../common/optional/pipewire.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "2d990f74"; + hostName = "richese"; + nftables.enable = true; + }; + + programs.atop.enable = true; + programs.firefox.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.iftop.enable = true; + programs.mtr.enable = true; + programs.tmux.enable = true; + programs.zsh.enable = true; + + security.polkit = { + enable = true; + extraConfig = '' + polkit.addRule(function(action, subject) { + if ( + subject.isInGroup("users") + && ( + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" + ) + ) + { + return polkit.Result.YES; + } + }) + ''; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + + system.stateVersion = "23.11"; + + virtualisation.virtualbox.guest.enable = true; + # no longer in unstable apparently + #virtualisation.virtualbox.guest.x11 = true; +} diff --git a/hosts/richese/disks.nix b/hosts/richese/disks.nix new file mode 100644 index 0000000..9f05d48 --- /dev/null +++ b/hosts/richese/disks.nix @@ -0,0 +1,98 @@ +{ + disko.devices = { + disk = { + sda = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "4M"; + type = "EF02"; + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + extraArgs = [ "-n boot" ]; + }; + }; + swap = { + size = "16G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + dnodesize = "auto"; + xattr = "sa"; + relatime = "on"; + normalization = "formD"; + encryption = "aes-256-gcm"; + keyformat = "passphrase"; + keylocation = "file:///tmp/data.keyfile"; + compression = "on"; + }; + postCreateHook = '' + zfs set keylocation="prompt" rpool + ''; + options = { + ashift = "12"; + #autotrim = "on"; + }; + datasets = { + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/richese/hardware-configuration.nix b/hosts/richese/hardware-configuration.nix new file mode 100644 index 0000000..dc9fd42 --- /dev/null +++ b/hosts/richese/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/local/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + fileSystems."/nix" = + { device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/root" = + { device = "rpool/user/home/root"; + fsType = "zfs"; + }; + + fileSystems."/home/nipsy" = + { device = "rpool/user/home/nipsy"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + + virtualisation.virtualbox.guest.enable = true; +} -- cgit v1.2.3