commit 076814d4b9f28e481f44150afe9cc9d9a61120e3 Author: arouzing Date: Tue Jan 31 18:11:19 2023 -0500 init commit so flakes work diff --git a/.modules/base/hardware.nix b/.modules/base/hardware.nix new file mode 100644 index 0000000..911c2a2 --- /dev/null +++ b/.modules/base/hardware.nix @@ -0,0 +1,12 @@ + {config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usbhid" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; +# boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/.modules/services/docker.nix b/.modules/services/docker.nix new file mode 100644 index 0000000..f7bbff1 --- /dev/null +++ b/.modules/services/docker.nix @@ -0,0 +1,8 @@ +_: { config, pkgs, lib, ... }: +{ + virtualisation.docker = { + enable = true; + liveRestore = false; + autoPrune.enable = true; + }; +} \ No newline at end of file diff --git a/.modules/services/openssh.nix b/.modules/services/openssh.nix new file mode 100644 index 0000000..b390dcf --- /dev/null +++ b/.modules/services/openssh.nix @@ -0,0 +1,17 @@ +_: { config, pkgs, lib, ... }: + +{ + services.openssh = lib.mkDefault{ + enable = true; + openFirewall = true; + startWhenNeeded = true; + kexAlgorithms = [ "curve25519-sha256@libssh.org" ]; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + permitRootLogin = "no"; + }; + security.pam = mkDefault{ + enableSSHAgentAuth = true; + services.sudo.sshAgentAuth = true; + }; +} \ No newline at end of file diff --git a/.modules/users/arouzing.nix b/.modules/users/arouzing.nix new file mode 100644 index 0000000..f033176 --- /dev/null +++ b/.modules/users/arouzing.nix @@ -0,0 +1,12 @@ +_: { config, pkgs, lib, ... }: +{ + users.users.arouzing = { + isNormalUser = true; + initialPassword = "password~!@~"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAGm66rJsr8vjRCYDkH4lEPncPq27o6BHzpmRmkzOiM" + ]; + description = "admin"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + }; +} \ No newline at end of file diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..568a548 --- /dev/null +++ b/flake.nix @@ -0,0 +1,20 @@ +{ + inputs = { + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + outputs = { self, nixpkgs, ... }@inputs: + { + example = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + ./hosts/example.nix + ]; + format = "qcow"; + }; + apps."x86_64-linux".default = lollypops.apps."x86_64-linux".default { configFlake = self; }; + }; +} \ No newline at end of file diff --git a/hosts/example.nix b/hosts/example.nix new file mode 100644 index 0000000..0fd1a62 --- /dev/null +++ b/hosts/example.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./.modules/base/hardware.nix + ./.modules/services/docker.nix + ./.modules/arouzing.nix + ]; + + # base packages + environment.systemPackages = with pkgs; [ + htop + vim + # tailscale + ]; + + networking = { + firewall.checkReversePath = "loose"; + hostName = "example"; # Define your hostname. + networkmanager.enable = true; + }; + + services.tailscale.enable = true; + + time.timeZone = "America/New_York"; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + allowedTCPPorts = []; + allowedUDPPorts = []; + }; + ## main services + + +} \ No newline at end of file