mirror of
https://github.com/ivabus/nixos
synced 2024-11-22 00:15:06 +03:00
Aughhthghhhgh
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
f9d23bbb12
commit
06d253b189
11 changed files with 36 additions and 12 deletions
22
README.md
22
README.md
|
@ -24,6 +24,22 @@ Apple Silicon hosts require additional `--impure` flag for firmware installation
|
||||||
- vetus (iMac 27" 2017)
|
- vetus (iMac 27" 2017)
|
||||||
- celerrime (MacBook Air M2)
|
- celerrime (MacBook Air M2)
|
||||||
|
|
||||||
|
## Modules
|
||||||
|
|
||||||
|
Module example:
|
||||||
|
```nix
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.my.MODULE;
|
||||||
|
in {
|
||||||
|
options.my.MODULE.enable = lib.mkEnableOption "Enable MODULE";
|
||||||
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
MODULE_CONFIGURATION
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## Shells
|
## Shells
|
||||||
|
|
||||||
I "made" some shell in [shells/](./shells).
|
I "made" some shell in [shells/](./shells).
|
||||||
|
@ -35,3 +51,9 @@ I install my dotfiles with prepared script
|
||||||
```shell
|
```shell
|
||||||
curl https://iva.bz/nix | sh
|
curl https://iva.bz/nix | sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
|
||||||
|
- Setup services (which I host)
|
||||||
|
- Setup "secret" roles (I need them)
|
||||||
|
- Setup router
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.firewall.allowPing = true;
|
networking.firewall.allowPing = true;
|
||||||
|
|
||||||
networking.useNetworkd = lib.mkDefault true;
|
networking.useNetworkd = lib.mkDefault true;
|
||||||
systemd.network.wait-online.enable = lib.mkDefault false;
|
systemd.network.wait-online.enable = lib.mkDefault false;
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
|
|
||||||
# Cute banner, right?
|
# Cute banner, r-right?
|
||||||
banner = ''
|
banner = ''
|
||||||
|
|
||||||
Authorized access only!
|
Authorized access only!
|
||||||
|
@ -14,7 +14,4 @@ If you are not authorized to access or use this system, disconnect now!
|
||||||
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: I don't use it
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
}
|
}
|
|
@ -19,6 +19,8 @@
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
"kernel.sysrq" = 0;
|
"kernel.sysrq" = 0;
|
||||||
|
|
||||||
|
# Picked from https://github.com/trimstray/the-practical-linux-hardening-guide/wiki/Network-stack
|
||||||
|
|
||||||
"net.ipv4.icmp_ignore_bogus_error_responces" = 1;
|
"net.ipv4.icmp_ignore_bogus_error_responces" = 1;
|
||||||
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
|
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
|
||||||
"net.ipv4.conf.default.rp_filter" = 1;
|
"net.ipv4.conf.default.rp_filter" = 1;
|
||||||
|
|
|
@ -5,16 +5,17 @@ let
|
||||||
in rec {
|
in rec {
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
users.groups.ivabus = { gid = 1000; };
|
||||||
users.users.ivabus = {
|
users.users.ivabus = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
# Figure out groups I need
|
group = "ivabus";
|
||||||
extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"];
|
extraGroups = [ "users" "wheel" ];
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
tree
|
tree
|
||||||
cargo
|
cargo
|
||||||
rustc
|
rustc
|
||||||
neofetch
|
neofetch # I use NixOS BTW
|
||||||
htop
|
htop
|
||||||
];
|
];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
|
|
@ -2,7 +2,7 @@ rec {
|
||||||
common = import ./common;
|
common = import ./common;
|
||||||
roles = import ./roles;
|
roles = import ./roles;
|
||||||
|
|
||||||
modules = { pkgs, ... }: rec {
|
modules = { pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
common
|
common
|
||||||
roles
|
roles
|
||||||
|
|
|
@ -20,7 +20,7 @@ in {
|
||||||
devel.enable = true;
|
devel.enable = true;
|
||||||
gaming.enable = true;
|
gaming.enable = true;
|
||||||
graphical.enable = true;
|
graphical.enable = true;
|
||||||
latex.enable = true;
|
latex.enable = false;
|
||||||
virtualisation.enable = true;
|
virtualisation.enable = true;
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-client.enable = true;
|
||||||
};
|
};
|
||||||
|
@ -37,4 +37,3 @@ in {
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@ in {
|
||||||
llvm
|
llvm
|
||||||
lld
|
lld
|
||||||
python3Full
|
python3Full
|
||||||
|
gnumake
|
||||||
automake
|
automake
|
||||||
autoconf
|
autoconf
|
||||||
meson
|
meson
|
||||||
|
|
|
@ -7,7 +7,7 @@ in {
|
||||||
config = lib.mkIf (cfg.enable){
|
config = lib.mkIf (cfg.enable){
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
# Maybe I don't need to use -full variant of texlive
|
# Maybe I don't need to use -full variant of texlive
|
||||||
# I should find distribution I actually need
|
# TODO: I should find distribution I actually need
|
||||||
texlive.combined.scheme-full
|
texlive.combined.scheme-full
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,6 +5,7 @@ let
|
||||||
in {
|
in {
|
||||||
options.my.roles.virtualisation.enable = lib.mkEnableOption "Enable tools for virtualisation";
|
options.my.roles.virtualisation.enable = lib.mkEnableOption "Enable tools for virtualisation";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
# TODO: Think if I ever need virtualisation
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
qemu_full
|
qemu_full
|
||||||
|
|
|
@ -10,7 +10,7 @@ in {
|
||||||
persistentKeys = true;
|
persistentKeys = true;
|
||||||
settings = {
|
settings = {
|
||||||
Peers = [
|
Peers = [
|
||||||
# Maybe add more peers, not only mine
|
# TODO: Maybe add more peers, not only mine. But for now it's ok
|
||||||
"tls://ygg.iva.bz:50002"
|
"tls://ygg.iva.bz:50002"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue