From ec4f968d73f08cc0f0bf338f6a19bc19e6c9d1d6 Mon Sep 17 00:00:00 2001 From: Stefan Ellmauthaler Date: Fri, 9 Feb 2024 22:43:59 +0100 Subject: [PATCH] Add machine kotys --- machines/kotys/default.nix | 95 +++++++++++++++++++++++ machines/kotys/hardware-configuration.nix | 38 +++++++++ 2 files changed, 133 insertions(+) create mode 100644 machines/kotys/default.nix create mode 100644 machines/kotys/hardware-configuration.nix diff --git a/machines/kotys/default.nix b/machines/kotys/default.nix new file mode 100644 index 0000000..aaf4689 --- /dev/null +++ b/machines/kotys/default.nix @@ -0,0 +1,95 @@ +{ + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { + imports = [ + ../../common/users.nix + ./hardware-configuration.nix + ]; + + elss = { + # base system + base.enable = true; + # setup locale and font settings + locale.enable = true; + # setup sshd + sshd.enable = true; + # configure zsh + zsh.enable = true; + # enable X11 with lightdm and i3 + graphical = { + enable = false; + # set dpi if used in mobile applications + # dpi = 180; + }; + + # enable deamon to generate nix-index-db + nix-index-db-update.enable = false; + + # add TUD vpn + openvpn.enable = false; + + # enable sops + sops = { + enable = false; + }; + + # enable server services + server = { + enable = false; + acme.staging = false; + }; + + # enable wireguard + wireguard.enable = false; + + # enable podman + container.podman.enable = true; + + # user setup + users = { + enable = true; + admins = ["ellmau"]; + users = []; + + meta = { + ellmau.git = { + signDefault = false; + }; + }; + }; + }; + fileSystems."/".options = ["noatime"]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking = { + interfaces.ens3 = { + ipv4.addresses = [ + { + address = "213.109.163.8"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "2a03:4000:35:11::"; + prefixLength = 64; + } + ]; + }; + enableIPv6 = false; + defaultGateway = "213.109.160.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + nameservers = ["8.8.8.8"]; + # port for a podman container + firewall.allowedTCPPorts = [8888]; + }; + system.stateVersion = "23.11"; +} diff --git a/machines/kotys/hardware-configuration.nix b/machines/kotys/hardware-configuration.nix new file mode 100644 index 0000000..5d65231 --- /dev/null +++ b/machines/kotys/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d56cbded-5e03-4fa2-bcfd-3a284bdae664"; + fsType = "xfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/12CE-A600"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/e9ec410f-8e92-4daf-a0b8-90828df6f96f"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}