Initial commit for just calembel.

Based on https://christine.website/blog/morph-setup-2021-04-25
2 years ago · b7a5bb12e8
7 changed files with 227 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+*.swp
+*.gcroots
--- a/common/default.nix
+++ b/common/default.nix
@ -0,0 +1,23 @@
+# inputs to this NixOS module. We don't use any here
+# so we can ignore them all.
+{ ... }:
+
+{
+  imports = [
+    ./users
+  ];
+ 
+  boot.cleanTmpDir = true;
+  
+  # Automatically optimize the Nix store to save space
+  # by hard-linking identical files together.
+  # These savings add up.
+  nix.autoOptimiseStore = true;
+  
+  # Limit the systemd journal to 100 MB of disk or the
+  # last 7 days of logs, whichever happens first.
+  services.journald.extraConfig = ''
+    SystemMaxUse=100M
+    MaxFileSec=7day
+  '';
+}
--- a/common/users/default.nix
+++ b/common/users/default.nix
@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.nora = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      "SHA256:Me7hh7eJUYBRJ5NZIxPa+LOC3A4tBhD19v6KrCJFd7s"
+    ];
+  };
+  
+  users.users.root.openssh.authorizedKeys.keys =
+    config.users.users.nora.openssh.authorizedKeys.keys;
+}
--- a/hosts/calembel/configuration.nix
+++ b/hosts/calembel/configuration.nix
@ -0,0 +1,132 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "calembel"; # Define your hostname.
+  networking.wireless.enable = false;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  time.timeZone = "America/Chicago";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.enp9s0.useDHCP = true;
+  networking.interfaces.wlp7s0.useDHCP = false;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  networking.wireguard.enable = true;
+  
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Enable the Plasma 5 Desktop Environment.
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;  
+
+  # Configure keymap in X11
+  services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.nora = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    zsh
+    vim 
+    wget
+    curl
+    firefox
+    bitwarden
+    bitwarden-cli
+    mullvad-vpn
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.mullvad-vpn.enable = true;
+  services.avahi = {
+    enable = true;
+    nssmdns = true;
+    publish.addresses = true;
+    publish.hinfo = true;
+  };
+
+  services.syncthing = {
+    enable = true;
+    user = "nora";
+    dataDir = "/home/nora/Sync";
+    configDir = "/home/nora/.config/syncthing";
+  };
+
+  programs.steam.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+}
+
--- a/hosts/calembel/hardware-configuration.nix
+++ b/hosts/calembel/hardware-configuration.nix
@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9a7c74c1-55c5-4561-bf56-da71c9ccbac5";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C080-BEE5";
+      fsType = "vfat";
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/bd65772b-3c4e-40e0-9f6a-70cc939286cc";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/e56eac1c-0bd9-46fa-8cb7-15f744a95169"; }
+    ];
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/ops/home/network.nix
+++ b/ops/home/network.nix
@ -0,0 +1,11 @@
+{
+  network = {
+    description = "Home network";
+  };
+
+  "calembel" = { config, pkgs, lib, ... }: {
+    imports = [ ../../common ../../hosts/calembel/configuration.nix ];
+    deployment.targetUser = "root";
+    deployment.targetHost = "127.0.0.1";
+  };
+}
--- a/ops/home/push
+++ b/ops/home/push
@ -0,0 +1,9 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -p morph -i bash
+
+set -e
+
+morph build --keep-result ./network.nix
+morph push ./network.nix
+morph deploy ./network.nix switch
+