diff --git a/server/configuration.nix b/server/configuration.nix new file mode 100644 index 0000000..638de69 --- /dev/null +++ b/server/configuration.nix @@ -0,0 +1,148 @@ +{ config, pkgs, ... }: + +{ + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Enable networking + networking.networkmanager.enable = true; + networking.networkmanager.wifi.powersave = true; + networking.useDHCP = false; + networking.extraHosts = + '' + 100.75.7.116 harper.tail rss.duckland.org vault.duckland.org git.duckland.org photos.duckland.org recipes.duckland.org vault.duckland.org dashy.duckland.org music.duckland.org bandwidth.duckland.org bandwidth2.duckland.org speed.duckland.org cloud.duckland.org plex.duckland.org smoke.duckland.org smart.duckland.org drone.home.duckland.org webhook.home.duckland.org cal.duckland.org gluetun.config.duckland.org jelly.duckland.org harper + ''; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.utf8"; + + # Splash screen + boot.plymouth.enable = false; + boot.plymouth.theme = "breeze"; + + # Enable doas instead of sudo + security.sudo.enable = false; + security.doas.enable = true; + security.doas.extraRules = [{ + users = [ "don" ]; + keepEnv = true; + noPass = true; + }]; + + sound.enable = false; + security.rtkit.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.don = { + isNormalUser = true; + description = "Don Harper"; + extraGroups = [ "networkmanager" "wheel" "scanner" "lp" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = false; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + git-crypt + gitFull + gnupg + home-manager + keyutils + mosh + python310 + python310Packages.tldextract + python310Packages.pipx + python310Packages.setuptools + syncthing + tailscale + tmux + tmuxp + topgrade + #vim + wget + ]; + + programs.mtr.enable = true; + services.tailscale.enable = true; + # create a oneshot job to authenticate to Tailscale + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56 + ''; + }; + + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + #permitRootLogin = "yes"; + }; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + # always allow traffic from your Tailscale network + trustedInterfaces = [ "tailscale0" ]; + checkReversePath = "loose"; + + # allow the Tailscale UDP port through the firewall + allowedUDPPorts = [ config.services.tailscale.port ]; + + # allow you to SSH in over the public internet + allowedTCPPorts = [ 22 ]; + }; + + + system.stateVersion = "22.05"; # Did you read the comment? + programs.msmtp = { + enable = true; + accounts = { + default = { + auth = true; + tls = true; + from = "duck@duckland.org"; + host = "smtp.gmail.com"; + user = "duckunix@gmail.com"; + passwordeval = "cat /home/don/.smtp_password.txt"; + }; + }; + }; + nix.gc = { + automatic = true; + options = "-d"; + }; +} diff --git a/vm1/configuration.nix b/vm1/configuration.nix index 9b67888..0b31d92 100644 --- a/vm1/configuration.nix +++ b/vm1/configuration.nix @@ -2,182 +2,9 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./sway.nix + [ + /etc/nixos/hardware-configuration.nix + /home/don/nixos/server/configuration.nix ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - boot.kernelPackages = pkgs.linuxPackages_latest; - - networking.hostName = "vm1"; # Define your hostname. - - # Enable networking - networking.networkmanager.enable = true; - networking.networkmanager.wifi.powersave = true; - networking.useDHCP = false; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.utf8"; - - # Splash screen - boot.plymouth.enable = false; - boot.plymouth.theme = "breeze"; - - # Enable doas instead of sudo - security.sudo.enable = false; - security.doas.enable = true; - security.doas.extraRules = [{ - users = [ "don" ]; - keepEnv = true; - noPass = true; - }]; - - # Enable the X11 windowing system. - #services.xserver.enable = false; - - # Enable the GNOME Desktop Environment. - #services.xserver.displayManager.gdm.enable = true; - #services.xserver.desktopManager.gnome.enable = false; - - # Configure keymap in X11 - #services.xserver = { - #layout = "us"; - #xkbVariant = ""; - #}; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - xdg.portal.enable = true; # only needed if you are not doing Gnome - services.flatpak.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.don = { - isNormalUser = true; - description = "Don Harper"; - extraGroups = [ "networkmanager" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" - ]; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - #citrix_workspace - firefox - git-crypt - gitFull - gnupg - home-manager - mosh - pulseaudio - python311 - qutebrowser - syncthing - tailscale - tmux - tmuxp - topgrade - vim - wget - zoom-us - ]; - - programs.mtr.enable = true; - - services.tailscale.enable = true; - # create a oneshot job to authenticate to Tailscale - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56 - ''; - }; - - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - passwordAuthentication = false; - kbdInteractiveAuthentication = false; - #permitRootLogin = "yes"; - }; - - # Open ports in the firewall. - networking.firewall = { - enable = true; - # always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - checkReversePath = "loose"; - - # allow the Tailscale UDP port through the firewall - allowedUDPPorts = [ config.services.tailscale.port ]; - - # allow you to SSH in over the public internet - allowedTCPPorts = [ 22 ]; - }; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? - nixpkgs.config.firefox.enableGnomeExtenions = true; - services.gnome.chrome-gnome-shell.enable = true; - + networking.hostName = "vm1"; } diff --git a/vm1/hm.out b/vm1/hm.out deleted file mode 100644 index 1fda1a6..0000000 --- a/vm1/hm.out +++ /dev/null @@ -1,73 +0,0 @@ -+ PATH=/nix/store/n95s7s6ilkjc7xwqml93acxzj6k0hsfn-coreutils-9.1/bin:/nix/store/k0kpf3r2k1d8p9h0gmx23msw3qrybkfk-findutils-4.9.0/bin:/nix/store/xh696lkivvygg8bkpvj95vv3qspp2awx-gettext-0.21/bin:/nix/store/5mgbisml783jj5mscxjsr4hlbmn25cyr-gnused-4.8/bin:/nix/store/zx12hry89d798p3qp97rm6mfxx2453hr-less-608/bin:/nix/store/s3apaf0hrvmy6fkg95nlkhi4mlm6gj10-nixos-option/bin:/run/wrappers/bin:/home/don/.local/share/flatpak/exports/bin:/var/lib/flatpak/exports/bin:/home/don/.nix-profile/bin:/etc/profiles/per-user/don/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin -+ set -euo pipefail -+ export TEXTDOMAIN=home-manager -+ TEXTDOMAIN=home-manager -+ export TEXTDOMAINDIR=/nix/store/3dfrrvps5p9pflkmrmm2wgky7kgk01r8-home-manager/share/locale -+ TEXTDOMAINDIR=/nix/store/3dfrrvps5p9pflkmrmm2wgky7kgk01r8-home-manager/share/locale -+ source /nix/store/xc42m2j2znv5n2px2fhy0phgraldhlbc-home-manager.sh -++ setupColors -++ normalColor= -++ errorColor= -++ warnColor= -++ noteColor= -++ [[ ! -v NO_COLOR ]] -++ [[ -t 1 ]] -+ readonly NIX_STATE_DIR=/nix/var/nix -+ NIX_STATE_DIR=/nix/var/nix -+ EXTRA_NIX_PATH=() -+ HOME_MANAGER_CONFIG_ATTRIBUTE= -+ PASSTHROUGH_OPTS=() -+ COMMAND= -+ COMMAND_ARGS=() -+ FLAKE_ARG= -+ [[ 1 -gt 0 ]] -+ opt=switch -+ shift -+ case $opt in -+ COMMAND=switch -+ [[ 0 -gt 0 ]] -+ [[ -z switch ]] -+ case $COMMAND in -+ doSwitch -+ setWorkDir -+ [[ ! -v WORK_DIR ]] -++ mktemp --tmpdir -d home-manager-build.XXXXXXXXXX -+ WORK_DIR=/tmp/home-manager-build.qMRWGAwNts -+ trap 'rm -r '\''/tmp/home-manager-build.qMRWGAwNts'\''' EXIT -+ local generation -+ generation=/tmp/home-manager-build.qMRWGAwNts/generation -+ setFlakeAttribute -+ local configFlake=/home/don/.config/nixpkgs/flake.nix -+ [[ -z '' ]] -+ [[ ! -v HOME_MANAGER_CONFIG ]] -+ [[ -e /home/don/.config/nixpkgs/flake.nix ]] -+ [[ -n '' ]] -+ [[ -v FLAKE_CONFIG_URI ]] -+ doBuildAttr --out-link /tmp/home-manager-build.qMRWGAwNts/generation --attr activationPackage -+ setConfigFile -+ [[ -v HOME_MANAGER_CONFIG ]] -+ local defaultConfFile=/home/don/.config/nixpkgs/home.nix -+ local confFile -+ for confFile in "$defaultConfFile" "$HOME/.nixpkgs/home.nix" -+ [[ -e /home/don/.config/nixpkgs/home.nix ]] -++ realpath /home/don/.config/nixpkgs/home.nix -+ HOME_MANAGER_CONFIG=/home/don/.config/nixpkgs/home.nix -+ return -+ setHomeManagerNixPath -+ local path -+ for path in "" "${XDG_CONFIG_HOME:-$HOME/.config}/nixpkgs/home-manager" "$HOME/.nixpkgs/home-manager" -+ [[ -e '' ]] -+ [[ '' =~ ^https?:// ]] -+ for path in "" "${XDG_CONFIG_HOME:-$HOME/.config}/nixpkgs/home-manager" "$HOME/.nixpkgs/home-manager" -+ [[ -e /home/don/.config/nixpkgs/home-manager ]] -+ [[ /home/don/.config/nixpkgs/home-manager =~ ^https?:// ]] -+ for path in "" "${XDG_CONFIG_HOME:-$HOME/.config}/nixpkgs/home-manager" "$HOME/.nixpkgs/home-manager" -+ [[ -e /home/don/.nixpkgs/home-manager ]] -+ [[ /home/don/.nixpkgs/home-manager =~ ^https?:// ]] -+ extraArgs=('--out-link' '/tmp/home-manager-build.qMRWGAwNts/generation' '--attr' 'activationPackage') -+ local extraArgs -+ [[ -v VERBOSE ]] -+ nix-build '' --out-link /tmp/home-manager-build.qMRWGAwNts/generation --attr activationPackage --argstr confPath /home/don/.config/nixpkgs/home.nix --argstr confAttr '' -error: file 'home-manager/home-manager/home-manager.nix' was not found in the Nix search path (add it using $NIX_PATH or -I) -+ return -+ rm -r /tmp/home-manager-build.qMRWGAwNts diff --git a/vm1/result b/vm1/result deleted file mode 120000 index f88a91b..0000000 --- a/vm1/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/d780b28md07w3hqniy0px6wp3y6axm1b-nixos-system-vm1-22.11pre409157.da6a05816e7 \ No newline at end of file diff --git a/vm1/sway.nix b/vm1/sway.nix deleted file mode 100644 index 4bc2fde..0000000 --- a/vm1/sway.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - # bash script to let dbus know about important env variables and - # propogate them to relevent services run at the end of sway config - # see - # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist - # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts - # some user services to make sure they have the correct environment variables - dbus-sway-environment = pkgs.writeTextFile { - name = "dbus-sway-environment"; - destination = "/bin/dbus-sway-environment"; - executable = true; - - text = '' - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway - systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr - systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr - ''; - }; - - # currently, there is some friction between sway and gtk: - # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland - # the suggested way to set gtk settings is with gsettings - # for gsettings to work, we need to tell it where the schemas are - # using the XDG_DATA_DIR environment variable - # run at the end of sway config - configure-gtk = pkgs.writeTextFile { - name = "configure-gtk"; - destination = "/bin/configure-gtk"; - executable = true; - text = let - schema = pkgs.gsettings-desktop-schemas; - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; - in '' - export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS - gnome_schema=org.gnome.desktop.interface - gsettings set $gnome_schema gtk-theme 'Dracula' - ''; - }; - - -in -{ - environment.systemPackages = with pkgs; [ - alacritty # gpu accelerated terminal - sway - dbus-sway-environment - configure-gtk - wayland - glib # gsettings - dracula-theme # gtk theme - gnome3.adwaita-icon-theme # default gnome cursors - swaylock-effects - swayidle - grim # screenshot functionality - slurp # screenshot functionality - wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout - bemenu # wayland clone of dmenu - mako # notification system developed by swaywm maintainer - waybar - ]; - - - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; - - - # xdg-desktop-portal works by exposing a series of D-Bus interfaces - # known as portals under a well-known name - # (org.freedesktop.portal.Desktop) and object path - # (/org/freedesktop/portal/desktop). - # The portal interfaces include APIs for file access, opening URIs, - # printing and others. - services.dbus.enable = true; - xdg.portal = { - enable = true; - wlr.enable = true; - # gtk portal needed to make gtk apps happy - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; - gtkUsePortal = true; - }; - - # enable sway window manager - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - services.greetd.package = "greetd.wlgreet"; - -}