init commit so flakes work

2023-01-31 18:11:19 -05:00 · 2023-01-31 18:11:19 -05:00 · 076814d4b9
commit 076814d4b9
6 changed files with 106 additions and 0 deletions
--- a/.modules/base/hardware.nix
+++ b/.modules/base/hardware.nix
@ -0,0 +1,12 @@
 {config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usbhid" "sd_mod" "sdhci_pci" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" "wl" ];
 #   boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/.modules/services/docker.nix
+++ b/.modules/services/docker.nix
@ -0,0 +1,8 @@
 _: { config, pkgs, lib, ... }:
 {
    virtualisation.docker = {
        enable = true;
        liveRestore = false;
        autoPrune.enable = true;
    };
 }
--- a/.modules/services/openssh.nix
+++ b/.modules/services/openssh.nix
@ -0,0 +1,17 @@
 _: { config, pkgs, lib, ... }:
 {
    services.openssh = lib.mkDefault{
        enable = true;
        openFirewall = true;
        startWhenNeeded = true;
        kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
        passwordAuthentication = false;
        kbdInteractiveAuthentication = false;
        permitRootLogin = "no";
    };
    security.pam = mkDefault{
        enableSSHAgentAuth = true;
        services.sudo.sshAgentAuth = true;
    };
 }
--- a/.modules/users/arouzing.nix
+++ b/.modules/users/arouzing.nix
@ -0,0 +1,12 @@
 _: { config, pkgs, lib, ... }:
 {
    users.users.arouzing = {
    isNormalUser = true;
    initialPassword = "password~!@~";
    openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAGm66rJsr8vjRCYDkH4lEPncPq27o6BHzpmRmkzOiM"
    ];
    description = "admin";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,20 @@
 {
    inputs = {
        nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-22.11";
        nixos-generators = {
            url = "github:nix-community/nixos-generators";
            inputs.nixpkgs.follows = "nixpkgs";
        };
    };
    outputs = { self, nixpkgs, ... }@inputs:
    {
        example = nixos-generators.nixosGenerate {
            system = "x86_64-linux";
            modules = [
                ./hosts/example.nix
            ];
            format = "qcow";
        };
        apps."x86_64-linux".default = lollypops.apps."x86_64-linux".default { configFlake = self; };
    };
 }
--- a/hosts/example.nix
+++ b/hosts/example.nix
@ -0,0 +1,37 @@
 { config, pkgs, lib, ... }:
 {
  imports =
    [ # Include the results of the hardware scan.
        ./.modules/base/hardware.nix
        ./.modules/services/docker.nix
        ./.modules/arouzing.nix
    ];
    # base packages
    environment.systemPackages = with pkgs; [
      htop
      vim
      # tailscale
    ];
  networking = {
    firewall.checkReversePath = "loose";
    hostName = "example"; # Define your hostname.
    networkmanager.enable = true;
  };
  services.tailscale.enable = true;
  time.timeZone = "America/New_York";
  # Open ports in the firewall.
  networking.firewall = { 
    enable = true;
    allowedTCPPorts = [];
    allowedUDPPorts = [];
  };
  ## main services
 }