diff --git a/aly-server.md b/aly-server.md new file mode 100644 index 0000000..f457a8d --- /dev/null +++ b/aly-server.md @@ -0,0 +1,6 @@ +samba +ps3netsrv +xbox360 srv +retronas +openmediavault? +btrfs diff --git a/data/authorized_keys.nix b/data/authorized_keys.nix index 0ceb696..0d20f26 100644 --- a/data/authorized_keys.nix +++ b/data/authorized_keys.nix @@ -4,4 +4,5 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos" ] diff --git a/flake.lock b/flake.lock index 5943b5f..9eec9d7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": [], + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -44,7 +65,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -61,6 +82,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -162,6 +204,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1758589230, "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", @@ -184,7 +242,7 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1758373036, @@ -247,10 +305,11 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix": "agenix", + "home-manager": "home-manager_2", "nix-flatpak": "nix-flatpak", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "nur": "nur" } @@ -284,6 +343,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 74d9ffa..17e93b5 100644 --- a/flake.nix +++ b/flake.nix @@ -18,9 +18,11 @@ url = "github:nix-community/nixvim/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + agenix.url = "github:ryantm/agenix"; + agenix.inputs.darwin.follows = ""; }; - outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: { + outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: { nixosConfigurations = { "aly-laptop" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -39,6 +41,27 @@ } ]; }; + "aly-server" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nur.modules.nixos.default + nix-flatpak.nixosModules.nix-flatpak + nixvim.nixosModules.nixvim + ./hw/aly-server.nix + ./system/aly-server.nix + agenix.nixosModules.default + { + environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; + } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.aly = import ./home/aly.nix; + } + # TODO + ]; + }; }; }; } diff --git a/home/aly.nix b/home/aly.nix index 4e73a90..5ef4a91 100644 --- a/home/aly.nix +++ b/home/aly.nix @@ -3,28 +3,28 @@ { home.username = "aly"; home.homeDirectory = "/home/aly"; - xresources.properties = { - "Xcursor.size" = 16; - "Xft.dpi" = 300; - }; +# xresources.properties = { +# "Xcursor.size" = 16; +# "Xft.dpi" = 300; +# }; home.packages = with pkgs; [ - gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic +# gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool pciutils usbutils nix-output-monitor ]; - programs.firefox = { - enable = true; - profiles.default = { - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock - ]; - }; - }; - }; +# programs.firefox = { +# enable = true; +# profiles.default = { +# extensions = { +# packages = with pkgs.nur.repos.rycee.firefox-addons; [ +# ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock +# ]; +# }; +# }; +# }; programs.git = { enable = true; diff --git a/hw/aly-server.nix b/hw/aly-server.nix new file mode 100644 index 0000000..4fbc60f --- /dev/null +++ b/hw/aly-server.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EF0E-1E4B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/mnt/storage" = + { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + virtualisation.hypervGuest.enable = true; +} diff --git a/system/aly-laptop.nix b/system/aly-laptop.nix index 22bb3f0..4817113 100644 --- a/system/aly-laptop.nix +++ b/system/aly-laptop.nix @@ -13,4 +13,16 @@ lidSwitchDocked = "ignore"; lidSwitchExternalPower = "ignore"; }; + services.flatpak.enable = true; + services.flatpak.packages = [ + "com.moonlight_stream.Moonlight" + ]; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; }) diff --git a/system/aly-server.nix b/system/aly-server.nix new file mode 100644 index 0000000..bd75550 --- /dev/null +++ b/system/aly-server.nix @@ -0,0 +1,112 @@ +({ config, pkgs, agenix, ... }: { + networking.hostName = "aly-server"; + networking.networkmanager.enable = true; + networking.firewall.allowedTCPPorts = [ + 80 443 445 3923 5656 5030 5031 50300 + 4747 8989 7878 8686 13378 6767 9696 4545 + 52568 50000 + ]; + networking.firewall.allowedUDPPorts = [ + 137 138 139 50000 + ]; + services.openvpn.servers = { + server = { config = '' config /home/aly/.secrets/server.ovpn ''; }; + }; + system.stateVersion = "25.05"; + virtualisation.hypervGuest.enable = true; + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + virtualisation.oci-containers.backend = "docker"; + boot.blacklistedKernelModules = [ "hyperv_fb" ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs + ]; + programs.nixvim.enable = true; + programs.nixvim.defaultEditor = true; + security.sudo.wheelNeedsPassword = false; + + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + }; + + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; + PasswordAuthentication = true; + }; + openFirewall = true; + }; + + services.samba-wsdd.enable = true; + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "aly-server"; + "netbios name" = "aly-server"; + "disable netbios" = "yes"; + "wide links" = "yes"; + "allow insecure wide links" = "yes"; + "security" = "user"; + "min protocol" = "SMB2_02"; + "max protocol" = "SMB3_11"; + "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + "interfaces" = "lo eth0 docker0 tun0"; + "bind interfaces only" = "yes"; + }; + "storage" = { + "path" = "/mnt/storage"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "guest only" = "no"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; + "valid users" = "aly"; + "create mask" = "0664"; + "directory mask" = "0775"; + }; + "media" = { + "path" = "/mnt/storage/media"; + "browseable" = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + "hide special files" = "yes"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; + }; + "mirror" = { + "path" = "/mnt/storage/mirror"; + "browseable" = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + "hide special files" = "yes"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; + }; + }; + }; +}) diff --git a/system/global.nix b/system/global.nix index 0491fbb..87d6d2d 100644 --- a/system/global.nix +++ b/system/global.nix @@ -12,15 +12,6 @@ networking.networkmanager.enable = true; - services.flatpak.enable = true; - services.flatpak.packages = [ - "com.moonlight_stream.Moonlight" - ]; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - pulse.enable = true; - }; time.timeZone = "Australia/Brisbane"; users.users.aly = { isNormalUser = true; @@ -30,20 +21,13 @@ extraGroups = [ "networkmanager" "wheel" ]; }; - # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { X11Forwarding = true; - PermitRootLogin = "no"; # disable root login - PasswordAuthentication = true; # disable password login + PermitRootLogin = "no"; + PasswordAuthentication = true; }; openFirewall = true; }; - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; })