init commit so flakes work

2023-01-31 18:11:19 -05:00 · 2023-01-31 18:11:19 -05:00 · 076814d4b9
commit 076814d4b9
6 changed files with 106 additions and 0 deletions
--- a/.modules/base/hardware.nix
+++ b/.modules/base/hardware.nix
@ -0,0 +1,12 @@
+ {config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usbhid" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" "wl" ];
+#   boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/.modules/services/docker.nix
+++ b/.modules/services/docker.nix
@ -0,0 +1,8 @@
+_: { config, pkgs, lib, ... }:
+{
+    virtualisation.docker = {
+        enable = true;
+        liveRestore = false;
+        autoPrune.enable = true;
+    };
+}
--- a/.modules/services/openssh.nix
+++ b/.modules/services/openssh.nix
@ -0,0 +1,17 @@
+_: { config, pkgs, lib, ... }:
+
+{
+    services.openssh = lib.mkDefault{
+        enable = true;
+        openFirewall = true;
+        startWhenNeeded = true;
+        kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
+        passwordAuthentication = false;
+        kbdInteractiveAuthentication = false;
+        permitRootLogin = "no";
+    };
+    security.pam = mkDefault{
+        enableSSHAgentAuth = true;
+        services.sudo.sshAgentAuth = true;
+    };
+}
--- a/.modules/users/arouzing.nix
+++ b/.modules/users/arouzing.nix
@ -0,0 +1,12 @@
+_: { config, pkgs, lib, ... }:
+{
+    users.users.arouzing = {
+    isNormalUser = true;
+    initialPassword = "password~!@~";
+    openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAGm66rJsr8vjRCYDkH4lEPncPq27o6BHzpmRmkzOiM"
+    ];
+    description = "admin";
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,20 @@
+{
+    inputs = {
+        nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-22.11";
+        nixos-generators = {
+            url = "github:nix-community/nixos-generators";
+            inputs.nixpkgs.follows = "nixpkgs";
+        };
+    };
+    outputs = { self, nixpkgs, ... }@inputs:
+    {
+        example = nixos-generators.nixosGenerate {
+            system = "x86_64-linux";
+            modules = [
+                ./hosts/example.nix
+            ];
+            format = "qcow";
+        };
+        apps."x86_64-linux".default = lollypops.apps."x86_64-linux".default { configFlake = self; };
+    };
+}
--- a/hosts/example.nix
+++ b/hosts/example.nix
@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+        ./.modules/base/hardware.nix
+        ./.modules/services/docker.nix
+        ./.modules/arouzing.nix
+    ];
+
+    # base packages
+    environment.systemPackages = with pkgs; [
+      htop
+      vim
+      # tailscale
+    ];
+
+  networking = {
+    firewall.checkReversePath = "loose";
+    hostName = "example"; # Define your hostname.
+    networkmanager.enable = true;
+  };
+
+  services.tailscale.enable = true;
+
+  time.timeZone = "America/New_York";
+
+  # Open ports in the firewall.
+  networking.firewall = { 
+    enable = true;
+    allowedTCPPorts = [];
+    allowedUDPPorts = [];
+  };
+  ## main services
+  
+
+}