diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..60c672b --- /dev/null +++ b/flake.lock @@ -0,0 +1,213 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1676153903, + "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1674127017, + "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_2" + }, + "locked": { + "lastModified": 1675935446, + "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2dce7f1a55e785a22d61668516df62899278c9e4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1676297861, + "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "1e0a05219f2a557d4622bc38f542abb360518795", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1674641431, + "narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1676300157, + "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "deploy-rs": "deploy-rs", + "home-manager": "home-manager", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs_2" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..e256499 --- /dev/null +++ b/flake.nix @@ -0,0 +1,65 @@ +{ + description = "NixOS configuration"; + + inputs = { + # Main nixpkgs channel + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # Import home-manager modules + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + # Import deploy-rs for deployments + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + + # Import nixos hardware quirks settings + #nixos-hardware.url = "github:NixOS/nixos-hardware"; + + #ssssh secret!! Agenix install + agenix.url = "github:ryantm/agenix"; + + #import nixos-generators for building images + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + }; + + outputs = + inputs@{ self, nixpkgs, home-manager, nixos-generators, deploy-rs, agenix, ... }: { + nixosConfigurations = { + HyperV = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + # specialArgs = { inherit inputs; }; # Pass flake inputs to our config + modules = [ + ./hosts/HyperV/configuration.nix + ./modules + ]; + }; + + }; + + packages.x86_64-linux = { + HV = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + modules = [ + ./hosts/HyperV/configuration.nix + ./hosts/HyperV/hyperv.nix + ./modules + ]; + format = "hyperv"; + }; + }; + + deploy.nodes.HyperV = { + sshUser = "sstent"; + user = "root"; + hostname = "192.168.1.230"; + remoteBuild = true; + magicRollback = false; + profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.HyperV; + }; + + }; +} diff --git a/hosts/HyperV/configuration.nix b/hosts/HyperV/configuration.nix new file mode 100644 index 0000000..2c11239 --- /dev/null +++ b/hosts/HyperV/configuration.nix @@ -0,0 +1,47 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) + +{ lib, config, pkgs, modulesPath, ... }: { + # You can import other NixOS modules here + + imports = [ + # Include my hardware settings. + ./hardware.nix + # Include static network settings. + ./networking.nix + "${modulesPath}/virtualisation/hyperv-image.nix" + + ]; + + nixpkgs = { config = { allowUnfree = true; }; }; + + nix = { + settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + }; + }; + + networking.hostName = "HyperV"; + + boot.loader.systemd-boot.enable = true; + system.stateVersion = "23.05"; + + mymods = { + gnome.enable = true; + user_sstent.enable = true; + sshd.enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + environment.etc."ssh/ssh_host_rsa_key".source = ./ssh/ssh_host_rsa_key; + environment.etc."ssh/ssh_host_rsa_key".mode = "0400"; + environment.etc."ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub; + environment.etc."ssh/ssh_host_ed25519_key".source = ./ssh/ssh_host_ed25519_key; + environment.etc."ssh/ssh_host_ed25519_key".mode = "0400"; + environment.etc."ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub; + + + +} diff --git a/hosts/HyperV/hardware.nix b/hosts/HyperV/hardware.nix new file mode 100644 index 0000000..1ae7d0a --- /dev/null +++ b/hosts/HyperV/hardware.nix @@ -0,0 +1,39 @@ +# This is just an example, you should generate yours with nixos-generate-config and put it in here. +{ + config, + lib, + modulesPath, + pkgs, + ... +}: { + # Set your system kind (needed for flakes) + nixpkgs.hostPlatform = "x86_64-linux"; + virtualisation.hypervGuest.videoMode = "1920x1080"; + + boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = ["hv_sock"]; + + + # fileSystems."/" = { + # device = "/dev/disk/by-label/nixos"; + # autoResize = true; + # fsType = "ext4"; + # }; + + # fileSystems."/boot" = { + # device = "/dev/disk/by-label/ESP"; + # fsType = "vfat"; + # }; + + fileSystems."/mnt/Public" = { + device = "//192.168.1.109/Public"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + # in ["${automount_opts},credentials=/etc/nixos/smb-secrets"]; + in ["${automount_opts}"]; + }; + +} diff --git a/hosts/HyperV/hyperv.nix b/hosts/HyperV/hyperv.nix new file mode 100644 index 0000000..7048b48 --- /dev/null +++ b/hosts/HyperV/hyperv.nix @@ -0,0 +1,11 @@ + +{ lib, config, pkgs, ... }: { + # You can import other NixOS modules here + hyperv = { + baseImageSize = 8096; + }; + +# environment.etc = { +# nixos.source = ../..; +# }; +} \ No newline at end of file diff --git a/hosts/HyperV/networking.nix b/hosts/HyperV/networking.nix new file mode 100644 index 0000000..252d0e7 --- /dev/null +++ b/hosts/HyperV/networking.nix @@ -0,0 +1,24 @@ +{...}: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + useDHCP = false; + nameservers = [ + "192.168.1.1" + "192.168.1.250" + "8.8.8.8" + "8.8.4.4" + ]; + defaultGateway = { + address = "192.168.1.1"; + }; + interfaces.eth0 = { + ipv4.addresses = [ + { + address = "192.168.1.230"; + prefixLength = 24; + } + ]; + }; + }; +} \ No newline at end of file diff --git a/hosts/HyperV/ssh/ssh_host_ed25519_key b/hosts/HyperV/ssh/ssh_host_ed25519_key new file mode 100755 index 0000000..5acf773 --- /dev/null +++ b/hosts/HyperV/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwAAAAJAcdclzHHXJ +cwAAAAtzc2gtZWQyNTUxOQAAACBRqPpgqp6hRtY97TI6Mz5vDrhL62QDJsO7oZtkOacFwA +AAAEC5jt0tLdgOmfZOlDMV4bDqH5Q4/8/mYmVdQxGwArBYaVGo+mCqnqFG1j3tMjozPm8O +uEvrZAMmw7uhm2Q5pwXAAAAAC3Jvb3RASHlwZXJWAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/hosts/HyperV/ssh/ssh_host_ed25519_key.pub b/hosts/HyperV/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..2cc973a --- /dev/null +++ b/hosts/HyperV/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGo+mCqnqFG1j3tMjozPm8OuEvrZAMmw7uhm2Q5pwXA root@HyperV diff --git a/hosts/HyperV/ssh/ssh_host_rsa_key b/hosts/HyperV/ssh/ssh_host_rsa_key new file mode 100755 index 0000000..11e1ced --- /dev/null +++ b/hosts/HyperV/ssh/ssh_host_rsa_key @@ -0,0 +1,49 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu3QxrgwAonrh29w4HbWy8 +d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0uUXhIyKjaUaT4365SZuvi +Z4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJAjmXz1iBZzfpvBNDi6NM +wMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqppujQJzfO5u1he/TK0xny +zhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3d/qFAofdGbO6AolU1Huk +8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJeyyqsh1J2bSkN7eBtdQm +J3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I7866Sc4m+jmkC7Mho6w/j6r +R0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjGloLzXDpIFc5aLdjD8OZy +QY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhlyj8bCjsk3A1uphznQSNd +ncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j65WyTQVS9hzKR/qZI+3so +sAAAdA4yuADeMrgA0AAAAHc3NoLXJzYQAAAgEAxa9NADvaI8tkW31dhAmJwbcP0bxhkSMu +3QxrgwAonrh29w4HbWy8d6L2SELUZPg8/Lp8PmtE73usEtnpcpuLJkO6J2NXn6LMPZJH0u +UXhIyKjaUaT4365SZuviZ4ZPj7NYeaWBc5E15Z5YGSXmjjleSy/LNpPLzGVRlvXQ6x23kJ +AjmXz1iBZzfpvBNDi6NMwMVcDDAg648I8Yl1M/xxEschqYmdQG1h1ZwcqfewMjG5wgXKqp +pujQJzfO5u1he/TK0xnyzhcKeteYboUlRjkJrM0d18Jt7uhf7xtBUq3ol7zMYq0vnWGdv3 +d/qFAofdGbO6AolU1Huk8tq7Y/A8yMI/ex6yRU7Ohxx2u5R+2FABtIiPOk6/a5YFrWdTcJ +eyyqsh1J2bSkN7eBtdQmJ3kH4I1bFLFHEw7rXjiLC/TJlnYf6+CBi1fJ+rm91zq5q9I786 +6Sc4m+jmkC7Mho6w/j6rR0ro88DSIB9Ov36pxkuj+Iue2oSPfOh0rCoVt6h93wHo1qTVjG +loLzXDpIFc5aLdjD8OZyQY42ONYpZ3bdKd2DahrtLodXuM8+TwGOcbHrrv1MkGoIVJ3Zhl +yj8bCjsk3A1uphznQSNdncZSRwtAcKqcC8veRSFop54ohNvKNY2QOvNmrht82xlRNVh3j6 +5WyTQVS9hzKR/qZI+3sosAAAADAQABAAACAAbEawLkiaGrD0rwfjiMaQpYHXMFG2PwC+Um +TTHlWf6g+vWXJdrxm3wO+JZdr06rjs7qBWHPo0L9fVUB37N8LqXHMMKzbGb7GDnNXacTD5 +yKgR27Nqzdg+a/S5A32ew+976L31U/qkUG+FXaeyu/NHdHpnbvH12kare0ELNjUuRb/tp0 +JUXEVl21tMsq76eClhiNSQrjxOS7d0dpeLkoXaiSZ40ZuGfhtrUszHBnGcGGIUFKmHcBpW +IvYMu4j9PFaVeTID0+OJN2MgKUgzR6ThQ/sF5I0jy0af7tTNHo3ZhTpYjLieDCC7nD5XNW +gKInC4MbO3VlxSEnAG0N3tdbfIElbx3aakWo4f7LOicALeubmO0alOl6CexAhiErPySZVY ++XyjyoOWDcmqXe9Ax+l8RH+8fMLuf/DYJNXVGqkKUyEHnfe4pLOsLNhHBUyJg/gZooO6MZ +QJurI1Yo9kfVkNFvKf4coNnvd1BSvE5ADxHX+7pOliBJScZP9G6Twy7KMlkvshdgBm3JFk +/rTW7s1iVgLN6C595P2TfsnZxU0zN9M/sLZ9bNxQLHPpw+TxpVFHVcw4CsGjgRSLVnw89R +qbDEchGOQemp0d4lD8taOdyivUyaqUi0/oAWgfOKPeY5mu+EtfHFyw5s3mvOItPosSqE/F +x40PtaQnGT0xHOAa+5AAABAErqDojSOOgK6kQtaUn5RQmzXVYrMYGENfmpRzumz46sPILG +gNY2uBMAbit5GCLQIqsnooQTZNzo55pmMxAgZkWqbSfM3Askr3vzSpctG7mCis7UTsWYKv +HwPA98pS2n57u8Hjrkwzp6QxQvRaFwoH2AyUQvQeaT0g8UObngtBqIN7BgE8bgjQV7Ks2b +xDmmGgJpX16Njy1ZBSFv/jNwcVQ/Bup/1Sn/4JtAOFeOAaNxR0zq/ZNmPGvLsnH2wkZz+e +f+jUnASvKekypAXtLex+QuvIiX73HzTYkjV7XmiPnJTzX2glEoyLMpFOWrrTeo/uzNuSLo +YBBNwltu1PPEp4UAAAEBAPJ8UGMzYkmecByxURFftKBbRYFtkTBm7TNnbR5KI1K/QKpKjQ +4o/iaNo06127/r9bUkcFNCPwyWJD8lDlbIpkV0nkrZ4xSze7Mr4alo76gjS6rVCtf9BkDv +N4yBAZl+SBUghsZeBH6JCbG+PrDI2evQitgZrVdGDbaaxcki/jOGVtQLhZrSMq+7vADkKl +dRYRxe9bVYHowl6pWKpXYIwuVjNjj6CT/jP7Ct4koAmMWLNMUUJKYEDCvmbq8dOEG0R5Ax +/m7xv0/GfuymTJ2+vx4RsEbTj2cl8Ouc7h5mNI89ngzg1GTOxjToAFinWvwlzw0G4+jLaj +cg9PowZKK9z8kAAAEBANCzyWUouibyKpmmsfZvqp27PD/ItQxinba6lbV1uLQ+r+dqFbMo +dcOjjNfYeRqrruVpeF7PXCiVYyds8dXKoa7CGtQUUsyLnQxOra7jFAbt3ZNdrAAwlQ64J1 +zPc2cd8avca+SuszPD8sOHmrjYqWMgeZbxpm0CRuN9EeN1FhGe4kMOi7vtzkjA0UZnwKbe +0gZS67AQ3CqwEuWvGqUisX+wejzFAWsamYzd3zxqQ5OFtTeoD83Iw8KtlNrhosRKIJ6k0O +p8rrDiAOx/A8qVmcXSr0c2RbRJSwYJkL2cuBRGoT3+XWa7e4HXlmVOKZsgfbBUsWl5rFB/ +zudLA/fCobMAAAALcm9vdEBIeXBlclY= +-----END OPENSSH PRIVATE KEY----- diff --git a/hosts/HyperV/ssh/ssh_host_rsa_key.pub b/hosts/HyperV/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..1bbd6a2 --- /dev/null +++ b/hosts/HyperV/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFr00AO9ojy2RbfV2ECYnBtw/RvGGRIy7dDGuDACieuHb3DgdtbLx3ovZIQtRk+Dz8unw+a0Tve6wS2elym4smQ7onY1efosw9kkfS5ReEjIqNpRpPjfrlJm6+Jnhk+Ps1h5pYFzkTXlnlgZJeaOOV5LL8s2k8vMZVGW9dDrHbeQkCOZfPWIFnN+m8E0OLo0zAxVwMMCDrjwjxiXUz/HESxyGpiZ1AbWHVnByp97AyMbnCBcqqmm6NAnN87m7WF79MrTGfLOFwp615huhSVGOQmszR3Xwm3u6F/vG0FSreiXvMxirS+dYZ2/d3+oUCh90Zs7oCiVTUe6Ty2rtj8DzIwj97HrJFTs6HHHa7lH7YUAG0iI86Tr9rlgWtZ1Nwl7LKqyHUnZtKQ3t4G11CYneQfgjVsUsUcTDuteOIsL9MmWdh/r4IGLV8n6ub3XOrmr0jvzrpJzib6OaQLsyGjrD+PqtHSujzwNIgH06/fqnGS6P4i57ahI986HSsKhW3qH3fAejWpNWMaWgvNcOkgVzlot2MPw5nJBjjY41ilndt0p3YNqGu0uh1e4zz5PAY5xseuu/UyQaghUndmGXKPxsKOyTcDW6mHOdBI12dxlJHC0BwqpwLy95FIWinniiE28o1jZA682auG3zbGVE1WHePrlbJNBVL2HMpH+pkj7eyiw== root@HyperV diff --git a/modules/base.nix b/modules/base.nix new file mode 100644 index 0000000..b6db285 --- /dev/null +++ b/modules/base.nix @@ -0,0 +1,18 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) + +{ lib, config, pkgs, inputs, ... }: { + # You can import other NixOS modules here + + # imports = [ + # #./hardware-configuration.nix + # ]; + + imports = [ inputs.agenix.nixosModules.default ]; + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = + [ pkgs.cifs-utils inputs.agenix.packages.x86_64-linux.default ]; + age.secrets.secret1.file = ../../secrets/secret1.age; + +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..b35c445 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + # New module organization + ./gnome + ./base.nix + ./ssh.nix + ./user.nix + ]; +} \ No newline at end of file diff --git a/modules/gnome/default.nix b/modules/gnome/default.nix new file mode 100644 index 0000000..9b5fc92 --- /dev/null +++ b/modules/gnome/default.nix @@ -0,0 +1,68 @@ +# This is your system's configuration file. +# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) + +{ lib, config, pkgs, ... }: { + + #define option to enable this + options.mymods.gnome.enable = lib.mkEnableOption "Enable Gnome Env"; + + config = lib.mkIf config.mymods.gnome.enable { + users.users.gdm.extraGroups = [ "video" ]; + + services.xserver = { + enable = true; + modules = [ pkgs.xorg.xf86videofbdev ]; + videoDrivers = [ "hyperv_fb" ]; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + displayManager.startx.enable = true; + }; + + environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour ]) + ++ (with pkgs.gnome; [ + cheese # webcam tool + gnome-music + #gnome-terminal + #gedit # text editor + epiphany # web browser + geary # email reader + #evince # document viewer + gnome-characters + totem # video player + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]); + + ## https://github.com/NixOS/nixpkgs/issues/126265 + ## watch https://github.com/NixOS/nixpkgs/pull/83928 + services.xrdp = { + # enable = true; + # defaultWindowManager = "${pkgs.gnome3.gnome-shell}/bin/gnome-shell"; + package = pkgs.xrdp.overrideAttrs (oldAttrs: { + configureFlags = oldAttrs.configureFlags ++ [ "--enable-vsock" ]; + postInstall = oldAttrs.postInstall + '' + substituteInPlace $out/etc/xrdp/xrdp.ini \ + --replace "port=3389" "port=vsock://-1:3389" \ + --replace "security_layer=negotiate" "security_layer=rdp" \ + --replace "crypt_level=high" "crypt_level=none" \ + --replace "bitmap_compression=true" "bitmap_compression=false" + + substituteInPlace $out/etc/xrdp/sesman.ini \ + --replace "X11DisplayOffset=10" "X11DisplayOffset=0" \ + --replace "FuseMountName=thinclient_drives" "FuseMountName=shared_drives" + ''; + }); + }; + # --replace "use_vsock=false" "use_vsock=true" \ + + environment.etc."X11/Xwrapper.config".text = '' + allowed_users=anybody + ''; + services.xrdp.enable = true; + services.xrdp.defaultWindowManager = "gnome-shell"; + networking.firewall.allowedTCPPorts = [ 3389 ]; + + }; +} diff --git a/modules/home-manager/base.nix b/modules/home-manager/base.nix new file mode 100644 index 0000000..c48181c --- /dev/null +++ b/modules/home-manager/base.nix @@ -0,0 +1,62 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the + # paths it should manage. + home.username = "sstent"; + home.homeDirectory = "/home/sstent"; + #targets.genericLinux.enable = true; + + # changes in each release. + # home.stateVersion = "22.05"; + home.stateVersion = "23.05"; + programs.bash.enable = true; + programs.firefox.enable = true; + programs.gnome-terminal.enable = true; + programs.gnome-terminal.profile = { + "f2afd3c7-cb35-4d08-b6c2-523b444be64d" = { + visibleName = "Stu"; + showScrollbar = true; + default = true; + font = "DejaVu Sans Mono 12"; + colors = { + backgroundColor = "rgb(23,20,33)"; + foregroundColor = "rgb(208,207,204)"; + palette = [ + "#272224" + "#FF473D" + "#3DCCB2" + "#FF9600" + "#3B7ECB" + "#F74C6D" + "#00B5FC" + "#3E3E3E" + "#52494C" + "#FF6961" + "#85E6D4" + "#FFB347" + "#779ECB" + "#F7A8B8" + "#55CDFC" + "#EEEEEC" + ]; + }; + }; + }; + xdg.configFile."gnome-initial-setup-done".text = "yes"; + xdg.configFile."gtk-3.0/bookmarks".text = '' + file:///mnt/Public Public + ''; + dconf.settings = { + # ... + "org/gnome/shell" = { + favorite-apps = [ + "firefox.desktop" + "org.gnome.Terminal.desktop" + "org.gnome.Nautilus.desktop" + ]; + }; + "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; }; + + }; + } \ No newline at end of file diff --git a/modules/home-manager/configs/nicotine b/modules/home-manager/configs/nicotine new file mode 100644 index 0000000..c93ffe0 --- /dev/null +++ b/modules/home-manager/configs/nicotine @@ -0,0 +1,245 @@ +[server] +login = shapechecker +passw = 6EbCdhRR7yUdN5ImeY9S +server = ('server.slsknet.org', 2242) +interface = +ctcpmsgs = False +autosearch = [] +autoreply = +portrange = (2234, 2239) +upnp = True +upnp_interval = 4 +auto_connect_startup = True +userlist = [] +banlist = [] +ignorelist = [] +ipignorelist = {} +ipblocklist = {} +autojoin = ['nicotine'] +autoaway = 15 +away = False +private_chatrooms = False +command_aliases = {} + +[transfers] +incompletedir = /home/sstent/.local/share/nicotine/incomplete +downloaddir = /home/sstent/.local/share/nicotine/downloads +uploaddir = /home/sstent/.local/share/nicotine/received +usernamesubfolders = False +shared = [] +buddyshared = [] +uploadbandwidth = 50 +uselimit = False +usealtlimits = False +uploadlimit = 1000 +uploadlimitalt = 100 +downloadlimit = 0 +downloadlimitalt = 100 +preferfriends = False +useupslots = False +uploadslots = 2 +afterfinish = +afterfolder = +lock = True +reverseorder = False +fifoqueue = False +usecustomban = False +limitby = True +customban = Banned, don't bother retrying +usecustomgeoblock = False +customgeoblock = Sorry, your country is blocked +queuelimit = 10000 +filelimit = 100 +buddysharestrustedonly = False +friendsnolimits = False +groupdownloads = folder_grouping +groupuploads = folder_grouping +geoblock = False +geoblockcc = [''] +remotedownloads = True +uploadallowed = 2 +autoclear_downloads = False +autoclear_uploads = False +uploadsinsubdirs = True +rescanonstartup = True +enablefilters = False +downloadregexp = (\\(.*\.url|albumart(_{........-....-....-....-............}_)?(_?(large|small))?\.jpg|desktop\.ini|folder\.jpg|thumbs\.db)$) +downloadfilters = [['desktop.ini', 1], ['folder.jpg', 1], ['*.url', 1], ['thumbs.db', 1], ['albumart(_{........-....-....-....-............}_)?(_?(large|small))?\\.jpg', 0]] +download_doubleclick = 2 +upload_doubleclick = 2 +downloadsexpanded = True +uploadsexpanded = True + +[userinfo] +descr = '' +pic = + +[userbrowse] +expand_folders = True + +[words] +censored = [] +autoreplaced = {'teh ': 'the ', 'taht ': 'that ', 'tihng': 'thing', 'youre': "you're", 'jsut': 'just', 'thier': 'their', 'tihs': 'this'} +censorfill = * +censorwords = False +replacewords = False +tab = True +cycle = False +dropdown = False +characters = 3 +roomnames = False +buddies = True +roomusers = True +commands = True +aliases = True +onematch = False + +[logging] +debug = False +debugmodes = [] +debuglogsdir = /home/sstent/.local/share/nicotine/logs/debug +logcollapsed = True +transferslogsdir = /home/sstent/.local/share/nicotine/logs/transfers +rooms_timestamp = %H:%M:%S +private_timestamp = %Y-%m-%d %H:%M:%S +log_timestamp = %Y-%m-%d %H:%M:%S +privatechat = True +chatrooms = True +transfers = False +debug_file_output = False +roomlogsdir = /home/sstent/.local/share/nicotine/logs/rooms +privatelogsdir = /home/sstent/.local/share/nicotine/logs/private +readroomlogs = True +readroomlines = 15 +readprivatelines = 15 +rooms = ['nicotine'] + +[privatechat] +store = True +users = [] + +[columns] +file_search = {} +download = {} +upload = {} +user_browse = {} +buddy_list = {} +chat_room = {'nicotine': {}} + +[searches] +expand_searches = True +group_searches = folder_grouping +maxresults = 150 +enable_history = True +history = [] +enablefilters = False +filters_visible = False +defilter = ['', '', '', '', False, '', ''] +filtercc = [] +filterin = [] +filterout = [] +filtersize = [] +filterbr = [] +filtertype = [] +search_results = True +max_displayed_results = 1500 +min_search_chars = 3 +remove_special_chars = True +private_search_results = True + +[ui] +dark_mode = False +header_bar = True +icontheme = +chatme = #908e8b +chatremote = +chatlocal = +chathilite = #5288ce +urlcolor = #5288ce +useronline = #16bb5c +useraway = #c9ae13 +useroffline = #e04f5e +usernamehotspots = True +usernamestyle = bold +textbg = +search = +searchq = GREY +inputcolor = +spellcheck = True +exitdialog = 1 +tab_default = +tab_hilite = #497ec2 +tab_changed = #497ec2 +tab_select_previous = True +tabmain = Top +tabrooms = Top +tabprivate = Top +tabinfo = Top +tabbrowse = Top +tabsearch = Top +tab_status_icons = True +globalfont = Normal +chatfont = Normal +tabclosers = True +searchfont = Normal +listfont = Normal +browserfont = Normal +transfersfont = Normal +last_tab_id = +modes_visible = {'search': True, 'downloads': True, 'uploads': True, 'userbrowse': True, 'userinfo': True, 'private': True, 'userlist': True, 'chatrooms': True, 'interests': True} +modes_order = ['search', 'downloads', 'uploads', 'userbrowse', 'userinfo', 'private', 'userlist', 'chatrooms', 'interests'] +buddylistinchatrooms = tab +trayicon = True +startup_hidden = False +filemanager = +speechenabled = False +speechprivate = User %(user)s told you: %(message)s +speechrooms = In room %(room)s, user %(user)s said: %(message)s +speechcommand = flite -t $ +width = 800 +height = 600 +xposition = -1 +yposition = -1 +maximized = True +urgencyhint = True +file_path_tooltips = True +reverse_file_paths = True + +[private_rooms] +rooms = {} + +[urls] +protocols = {} + +[interests] +likes = [] +dislikes = [] + +[players] +default = +npothercommand = +npplayer = mpris +npformatlist = [] +npformat = + +[notifications] +notification_window_title = True +notification_tab_colors = False +notification_popup_sound = False +notification_popup_file = True +notification_popup_folder = True +notification_popup_private_message = True +notification_popup_chatroom = False +notification_popup_chatroom_mention = True + +[plugins] +enable = True +enabled = [] + +[statistics] +started_downloads = 0 +completed_downloads = 0 +downloaded_size = 0 +started_uploads = 0 +completed_uploads = 0 +uploaded_size = 0 diff --git a/modules/home-manager/nicotine.nix b/modules/home-manager/nicotine.nix new file mode 100644 index 0000000..ce63a82 --- /dev/null +++ b/modules/home-manager/nicotine.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + home.packages = with pkgs; [ + nicotine-plus + ]; + xdg.configFile."nicotine/config.old".source = ./configs/nicotine; + } \ No newline at end of file diff --git a/modules/homemanager_hyperv.nix b/modules/homemanager_hyperv.nix new file mode 100644 index 0000000..ca6f1c8 --- /dev/null +++ b/modules/homemanager_hyperv.nix @@ -0,0 +1,76 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the + # paths it should manage. + home.username = "sstent"; + home.homeDirectory = "/home/sstent"; + #targets.genericLinux.enable = true; + + # changes in each release. + # home.stateVersion = "22.05"; + home.stateVersion = "23.05"; + + home.shellAliases = { + revert_base_config = "sudo cp /etc/nixos/{orig_,}configuration.nix; sudo cp /etc/nixos/{orig_,}flake.nix; sudo cp /etc/nixos/{orig_,}homemanager.nix; sudo nixos-generate-config"; + }; + + # Let Home Manager install and manage itself. + # programs.home-manager.enable = true; + home.packages = with pkgs; [ + nicotine-plus + gnomeExtensions.mullvad-indicator + mullvad-vpn + ]; + programs.bash.enable = true; + programs.firefox.enable = true; + programs.gnome-terminal.enable = true; + programs.gnome-terminal.profile = { + "f2afd3c7-cb35-4d08-b6c2-523b444be64d" = { + visibleName = "Stu"; + showScrollbar = true; + default = true; + font = "DejaVu Sans Mono 12"; + colors = { + backgroundColor = "rgb(23,20,33)"; + foregroundColor = "rgb(208,207,204)"; + palette = [ + "#272224" + "#FF473D" + "#3DCCB2" + "#FF9600" + "#3B7ECB" + "#F74C6D" + "#00B5FC" + "#3E3E3E" + "#52494C" + "#FF6961" + "#85E6D4" + "#FFB347" + "#779ECB" + "#F7A8B8" + "#55CDFC" + "#EEEEEC" + ]; + }; + }; + }; + xdg.configFile."nicotine/config.old".source = ./configs/nicotine; + xdg.configFile."gnome-initial-setup-done".text = "yes"; + xdg.configFile."gtk-3.0/bookmarks".text = '' + file:///mnt/Public Public + ''; + dconf.settings = { + # ... + "org/gnome/shell" = { + favorite-apps = [ + "firefox.desktop" + "org.gnome.Terminal.desktop" + "org.gnome.Nautilus.desktop" + + ]; + }; + "org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; }; + + }; + } \ No newline at end of file diff --git a/modules/ssh.nix b/modules/ssh.nix new file mode 100644 index 0000000..f6c9076 --- /dev/null +++ b/modules/ssh.nix @@ -0,0 +1,16 @@ +{ lib, config, pkgs, ... }: { + + #define option to enable this + options.mymods.sshd.enable = lib.mkEnableOption "Enable SSH"; + + config = lib.mkIf config.mymods.sshd.enable { +services.openssh = { + enable = true; + settings.permitRootLogin = "no"; + settings.passwordAuthentication = false; +}; + + networking.firewall.allowedTCPPorts = [ 22 ]; + +}; +} \ No newline at end of file diff --git a/modules/user.nix b/modules/user.nix new file mode 100644 index 0000000..8ac6bc5 --- /dev/null +++ b/modules/user.nix @@ -0,0 +1,19 @@ +{ lib, config, pkgs, ... }: { + +options.mymods.user_sstent.enable = lib.mkEnableOption "Create sstent user"; + +config = lib.mkIf config.mymods.user_sstent.enable { + users.users = { + sstent = { + initialPassword = "farscape5"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" + ]; + extraGroups = [ "wheel" "video" ]; + }; + }; + security.sudo.wheelNeedsPassword = false; + +}; +} \ No newline at end of file diff --git a/result b/result new file mode 120000 index 0000000..9bcb8df --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/gcif5m5129qmsf525m75dhhjqz4xfsh8-nixos-hyperv-23.05.20230213.545c7a3-x86_64-linux \ No newline at end of file diff --git a/secrets/secret1.age b/secrets/secret1.age new file mode 100644 index 0000000..485bfc6 --- /dev/null +++ b/secrets/secret1.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa 54tmtw +t+UTY3Qh6jSy9pBIhaZLjWgpMiTD+x5rJ2+nD5tIuCWDL3U5h8Z4L99cVKOIsnMU +8XMlaPdJnd6Y6A1RuCDzqzhnjCIcYXoWMBNSe6JgJ/dKi69q/fO8GNrt6LN1SNIg +tAaMOIuF6mL0vXonaIkAU8zXIsJvDSlN7aKt3eIOYvq/0WdBMTC7pbkHJ6UcA2DF +gVIAnZ2hMzDZ1VwklSywGYoCcVh7IQXY588loDb/X9vgpXyVfxmIldgx0BulnHHH +fikV51VUT4xpIM0dPfLwM5EEfddUVCinHZGE4i1gM7t6bkmW6ePdAeSWpLgM/olJ +jPmcMO7goV4WuGGmkliICA +-> ssh-ed25519 KLPP8w tOUeFUot+3c5/uCMmRf2+iEff44oH1+16LodxcZ8tRI +Lh/DGBwAxreX1mikM1vXYmwTpTMQfzdk0OfAS9ZcWgg +-> ^>!"k-grease Oao +HDL8eWp4pvf8tLucvncf6e8rdeL+Jx0wqc29gX3LiW1/39wDngd85ldEwJwTNpLm +wsYQibvHluCFNeduW95Y41nvScAU1E+DdtbvkFQ9 +--- Hs1+jKn3TiUMbCnplc713eslRXWB+wZNa671sCh/Fv0 +‘.¯Yö-"®N-ã9ðbtÓéŸ>CyJzç˜ÍÓÌÛÀ!)"x³ëaˆ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..ca3e467 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,11 @@ +let + sstent = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"; + users = [ sstent ]; + + HyperV = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE"; + systems = [ HyperV ]; +in +{ + "secret1.age".publicKeys = [ sstent HyperV ]; + "secret2.age".publicKeys = users ++ systems; +} \ No newline at end of file