aly/nixos
1
0
Fork 0
mirror of https://github.com/alyssadev/nixos.git synced 2025-10-14 04:59:39 +10:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: aly:565c8a032888e5f2aac5718d05e99045f8a29c61
Branches Tags
aly:main
..
compare: aly:8b2a86d99c0dd50727231b6ad6911adf5b772e9c
Branches Tags
aly:main

No commits in common. "565c8a032888e5f2aac5718d05e99045f8a29c61" and "8b2a86d99c0dd50727231b6ad6911adf5b772e9c" have entirely different histories.
565c8a0328 ... 8b2a86d99c

9 changed files with 38 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

6
aly-server.md
View file

@ -1,6 +0,0 @@
samba
ps3netsrv
xbox360 srv
retronas
openmediavault?
btrfs

1
data/authorized_keys.nix
View file

@ -4,5 +4,4 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos"
] ]

82
flake.lock generated
View file

@ -1,26 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": [],
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1754433428,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm",
"repo": "agenix",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -65,7 +44,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -82,27 +61,6 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -204,22 +162,6 @@
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1758589230, "lastModified": 1758589230,
"narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
@ -242,7 +184,7 @@
"nixpkgs" "nixpkgs"
], ],
"nuschtosSearch": "nuschtosSearch", "nuschtosSearch": "nuschtosSearch",
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1758373036, "lastModified": 1758373036,
@ -305,11 +247,10 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "home-manager": "home-manager",
"home-manager": "home-manager_2",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur" "nur": "nur"
} }
@ -343,21 +284,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

25
flake.nix
View file

@ -18,11 +18,9 @@
url = "github:nix-community/nixvim/nixos-25.05"; url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix.url = "github:ryantm/agenix";
agenix.inputs.darwin.follows = "";
}; };
outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: { outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: {
nixosConfigurations = { nixosConfigurations = {
"aly-laptop" = nixpkgs.lib.nixosSystem { "aly-laptop" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -41,27 +39,6 @@
} }
]; ];
}; };
"aly-server" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nur.modules.nixos.default
nix-flatpak.nixosModules.nix-flatpak
nixvim.nixosModules.nixvim
./hw/aly-server.nix
./system/aly-server.nix
agenix.nixosModules.default
{
environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
}
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.aly = import ./home/aly.nix;
}
# TODO
];
};
}; };
}; };
} }

30
home/aly.nix
View file

@ -3,28 +3,28 @@
{ {
home.username = "aly"; home.username = "aly";
home.homeDirectory = "/home/aly"; home.homeDirectory = "/home/aly";
# xresources.properties = { xresources.properties = {
# "Xcursor.size" = 16; "Xcursor.size" = 16;
# "Xft.dpi" = 300; "Xft.dpi" = 300;
# }; };
home.packages = with pkgs; [ home.packages = with pkgs; [
# gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils
ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd
gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool
pciutils usbutils nix-output-monitor pciutils usbutils nix-output-monitor
]; ];
# programs.firefox = { programs.firefox = {
# enable = true; enable = true;
# profiles.default = { profiles.default = {
# extensions = { extensions = {
# packages = with pkgs.nur.repos.rycee.firefox-addons; [ packages = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
# ]; ];
# }; };
# }; };
# }; };
programs.git = { programs.git = {
enable = true; enable = true;

41
hw/aly-server.nix
View file

@ -1,41 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EF0E-1E4B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/mnt/storage" =
{ device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f";
fsType = "btrfs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.hypervGuest.enable = true;
}

12
system/aly-laptop.nix
View file

@ -13,16 +13,4 @@
lidSwitchDocked = "ignore"; lidSwitchDocked = "ignore";
lidSwitchExternalPower = "ignore"; lidSwitchExternalPower = "ignore";
}; };
services.flatpak.enable = true;
services.flatpak.packages = [
"com.moonlight_stream.Moonlight"
];
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
pulse.enable = true;
};
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
}) })

112
system/aly-server.nix
View file

@ -1,112 +0,0 @@
({ config, pkgs, agenix, ... }: {
networking.hostName = "aly-server";
networking.networkmanager.enable = true;
networking.firewall.allowedTCPPorts = [
80 443 445 3923 5656 5030 5031 50300
4747 8989 7878 8686 13378 6767 9696 4545
52568 50000
];
networking.firewall.allowedUDPPorts = [
137 138 139 50000
];
services.openvpn.servers = {
server = { config = '' config /home/aly/.secrets/server.ovpn ''; };
};
system.stateVersion = "25.05";
virtualisation.hypervGuest.enable = true;
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
boot.blacklistedKernelModules = [ "hyperv_fb" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs
];
programs.nixvim.enable = true;
programs.nixvim.defaultEditor = true;
security.sudo.wheelNeedsPassword = false;
time.timeZone = "Australia/Brisbane";
users.users.aly = {
isNormalUser = true;
description = "aly";
hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/";
openssh.authorizedKeys.keys = import ../data/authorized_keys.nix;
extraGroups = [ "networkmanager" "wheel" "docker" ];
};
services.openssh = {
enable = true;
settings = {
X11Forwarding = true;
PermitRootLogin = "no";
PasswordAuthentication = true;
};
openFirewall = true;
};
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "aly-server";
"netbios name" = "aly-server";
"disable netbios" = "yes";
"wide links" = "yes";
"allow insecure wide links" = "yes";
"security" = "user";
"min protocol" = "SMB2_02";
"max protocol" = "SMB3_11";
"hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"interfaces" = "lo eth0 docker0 tun0";
"bind interfaces only" = "yes";
};
"storage" = {
"path" = "/mnt/storage";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"guest only" = "no";
"inherit acls" = "no";
"inherit permissions" = "no";
"store dos attributes" = "no";
"follow symlinks" = "yes";
"valid users" = "aly";
"create mask" = "0664";
"directory mask" = "0775";
};
"media" = {
"path" = "/mnt/storage/media";
"browseable" = "yes";
"read only" = "yes";
"guest ok" = "yes";
"hide special files" = "yes";
"inherit acls" = "no";
"inherit permissions" = "no";
"store dos attributes" = "no";
"follow symlinks" = "yes";
};
"mirror" = {
"path" = "/mnt/storage/mirror";
"browseable" = "yes";
"read only" = "yes";
"guest ok" = "yes";
"hide special files" = "yes";
"inherit acls" = "no";
"inherit permissions" = "no";
"store dos attributes" = "no";
"follow symlinks" = "yes";
};
};
};
})

20
system/global.nix
View file

@ -12,6 +12,15 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
services.flatpak.enable = true;
services.flatpak.packages = [
"com.moonlight_stream.Moonlight"
];
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
pulse.enable = true;
};
time.timeZone = "Australia/Brisbane"; time.timeZone = "Australia/Brisbane";
users.users.aly = { users.users.aly = {
isNormalUser = true; isNormalUser = true;
@ -21,13 +30,20 @@
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" ];
}; };
# Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
X11Forwarding = true; X11Forwarding = true;
PermitRootLogin = "no"; PermitRootLogin = "no"; # disable root login
PasswordAuthentication = true; PasswordAuthentication = true; # disable password login
}; };
openFirewall = true; openFirewall = true;
}; };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
}) })