commit 359258dcde95943c827540994c85f8add1ec51c0 Author: fqbn207 Date: Thu Jan 9 04:54:38 2025 +0100 kekl diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..69c003f --- /dev/null +++ b/configuration.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: +{ + imports = + [ + ./hardware-configuration.nix + + # modules + ./modules/jellyfin.nix + ./modules/iperf.nix + ./modules/networking.nix + ./modules/virt.nix + ./modules/sec.nix + ./modules/pkgs.nix + ./modules/user.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + programs = { + gnupg = { + agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; + + services = { + openssh = { + enable = true; + }; + }; + + system.stateVersion = "24.11"; + +} + diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..637ebb4 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/boot" = + { + device = "/dev/disk/by-uuid/2742-5C4A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + "/" = + { + device = "/dev/disk/by-uuid/95ea99d1-a02f-48a2-803a-57c0c4993ec3"; + fsType = "ext4"; + }; + "/media/MEDIA" = + { + device = "/dev/disk/by-label/MEDIA"; + fsType = "ext4"; + }; + "/media/WD_2TB" = + { + device = "/dev/disk/by-label/WD_2TB"; + fsType = "ext4"; + }; + + }; + + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/.user.nix.swp b/modules/.user.nix.swp new file mode 100644 index 0000000..8436af1 Binary files /dev/null and b/modules/.user.nix.swp differ diff --git a/modules/iperf.nix b/modules/iperf.nix new file mode 100644 index 0000000..435b32d --- /dev/null +++ b/modules/iperf.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + services = { + iperf3 = { + enable = true; + }; + }; +} diff --git a/modules/jellyfin.nix b/modules/jellyfin.nix new file mode 100644 index 0000000..af6c9c4 --- /dev/null +++ b/modules/jellyfin.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + services = { + jellyfin = { + enable = true; + }; + }; +} diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 0000000..e84db3e --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + networking = { + hostName = "odessa"; + networkmanager = { + enable = true; + }; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 1337 5021 8000 8080 ]; + }; + }; +} diff --git a/modules/pkgs.nix b/modules/pkgs.nix new file mode 100644 index 0000000..f2a5ac3 --- /dev/null +++ b/modules/pkgs.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + vim + wget + neofetch + git + curl + unzip + htop + btop + iftop + ]; +} diff --git a/modules/sec.nix b/modules/sec.nix new file mode 100644 index 0000000..abb5e56 --- /dev/null +++ b/modules/sec.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + security = { + doas = { + enable = true; + extraRules = [ + { + users = [ "fabian" ]; + noPass = true; + keepEnv = true; + } + ]; + }; + }; +} diff --git a/modules/user.nix b/modules/user.nix new file mode 100644 index 0000000..cf6f915 --- /dev/null +++ b/modules/user.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + users.users.fabian = { + isNormalUser = true; + initialPassword = "1601"; + extraGroups = [ "wheel" "docker" "input" "plugdev" ]; + }; +} diff --git a/modules/virt.nix b/modules/virt.nix new file mode 100644 index 0000000..c7c18fa --- /dev/null +++ b/modules/virt.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + docker-compose + ]; + + virtualisation = { + docker = { + enable = true; + }; + }; +}