diff --git a/common/server.nix b/common/server.nix new file mode 100644 index 0000000..98f5a7d --- /dev/null +++ b/common/server.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + kitty.terminfo + ]; +} diff --git a/flake.lock b/flake.lock index ad652cf..44e7161 100644 --- a/flake.lock +++ b/flake.lock @@ -126,6 +126,27 @@ "type": "github" } }, + "home-manager-stable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager-unstable": { "inputs": { "nixpkgs": [ @@ -184,16 +205,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1688392541, - "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "lastModified": 1713995372, + "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -217,6 +238,7 @@ "root": { "inputs": { "fsh": "fsh", + "home-manager-stable": "home-manager-stable", "home-manager-unstable": "home-manager-unstable", "nixos-generators": "nixos-generators", "nixpkgs-stable": "nixpkgs-stable", diff --git a/flake.nix b/flake.nix index 078d074..5e7279b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,18 @@ { inputs = { nixpkgs-stable = { - url = "github:NixOS/nixpkgs/nixos-22.11"; + url = "github:NixOS/nixpkgs/nixos-23.11"; }; nixpkgs-unstable = { url = "github:NixOS/nixpkgs/nixos-unstable"; }; + home-manager-stable = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + home-manager-unstable = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -29,41 +34,12 @@ }; }; - outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-unstable, nixos-generators, vscode-extensions, ... }: + outputs = { self, nixpkgs-stable, nixpkgs-unstable, fsh, home-manager-stable, home-manager-unstable, nixos-generators, vscode-extensions, ... }: let home-manager = home-manager-unstable; overlays = [ fsh.overlays.default vscode-extensions.overlays.default - (final: prev: { - ndi = prev.ndi.overrideAttrs (self: super: { - version = "5.5.4"; - src = prev.pkgs.requireFile rec { - name = "${self.installerName}.tar.gz"; - sha256 = "sha256:7e5c54693d6aee6b6f1d6d49f48d4effd7281abd216d9ff601be2d55af12f7f5"; - message = self.installerName; - }; - unpackPhase = "unpackFile \${src}\necho y | ./${self.installerName}.sh\nsourceRoot=\"NDI SDK for Linux\";\n"; - installPhase = '' - mkdir $out - mv bin/x86_64-linux-gnu $out/bin - for i in $out/bin/*; do - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$i" - done - patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" $out/bin/ndi-record - mv lib/x86_64-linux-gnu $out/lib - for i in $out/lib/*; do - if [ -L "$i" ]; then continue; fi - patchelf --set-rpath "${prev.avahi}/lib:${prev.stdenv.cc.libc}/lib" "$i" - done - mv include examples $out/ - mkdir -p $out/share/doc/${self.pname}-${self.version} - mv licenses $out/share/doc/${self.pname}-${self.version}/licenses - mv documentation/* $out/share/doc/${self.pname}-${self.version}/ - ''; - } - ); - }) ]; overlays-module = ({ nixpkgs, ... }: { nixpkgs.overlays = overlays; @@ -116,6 +92,27 @@ ]; }; + nixosConfigurations.lea = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + overlays-module + ./hosts/lea/configuration.nix + ./roles/coredns + ./roles/postgres.nix + home-manager-stable.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.ash = { ... }: { + imports = [ + fsh.homeModules.fsh + ./home/ash + ]; + }; + } + ]; + }; + nixosConfigurations.emira = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/hosts/lea/configuration.nix b/hosts/lea/configuration.nix new file mode 100644 index 0000000..2e1ae0d --- /dev/null +++ b/hosts/lea/configuration.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ../../common/cachix.nix + ../../common/generic.nix + ../../common/server.nix + ../../common/tailscale.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sdb"; + boot.loader.grub.useOSProber = true; + + networking.hostName = "lea"; + + networking.networkmanager.enable = true; + + time.timeZone = "Europe/London"; + + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + services.xserver = { + layout = "gb"; + xkbVariant = ""; + }; + + console.keyMap = "uk"; + + nix.settings.trusted-users = [ "@wheel" ]; + + users.users.ash = { + isNormalUser = true; + description = "Ashley"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; []; + }; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + helix + ]; + + services.openssh.enable = true; + networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/lea/hardware-configuration.nix b/hosts/lea/hardware-configuration.nix new file mode 100644 index 0000000..547b4e6 --- /dev/null +++ b/hosts/lea/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_generic" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/72b9e472-7649-4141-9dc5-dccf4a8edfc6"; + fsType = "ext4"; + }; + fileSystems."/data" = + { device = "/dev/disk/by-uuid/22349b30-6c68-40eb-a095-5685dee19cac"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d229b237-c9b9-406c-bd10-d38037dfa51f"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/roles/coredns/ash.ley b/roles/coredns/ash.ley index f90d790..eaa6011 100644 --- a/roles/coredns/ash.ley +++ b/roles/coredns/ash.ley @@ -37,6 +37,12 @@ ana IN A 100.99.239.100 ; arch VM chelsie IN A 100.110.143.52 +; digital ocean vm (shorks.gay) +amity IN A 100.72.219.75 + +; New DB server +lea IN A 100.122.202.61 + ;; --- PERSONAL DEVICES --- ; PC mary IN A 100.111.252.38 @@ -44,6 +50,8 @@ mary IN A 100.111.252.38 ; Phone lyra IN A 100.123.71.10 +; Laptop (X250) +alex IN A 100.92.96.145 + ;; --- OTHER --- nucleoid IN A 142.132.178.131 - diff --git a/roles/postgres.nix b/roles/postgres.nix new file mode 100644 index 0000000..f3dddb2 --- /dev/null +++ b/roles/postgres.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: { + services.postgresql = { + enable = true; + ensureDatabases = [ "shorks-gay" ]; + enableTCPIP = true; + dataDir = "/data/postgresql/${config.services.postgresql.package.psqlSchema}"; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser origin-address auth-method + # ipv4 + host all all 127.0.0.1/32 trust + host all all 100.64.0.0/10 trust + # ipv6 + host all all ::1/128 trust + ''; + }; +}