ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

dennis the formatter (#75)

Browse Source 
* dennis the formatter

* changed comment

* fixup
This commit is contained in:
Dennis
2024-02-05 22:45:43 +01:00
committed by GitHub
parent 47a65a151c
commit 4c1e86907a
15 changed files with 247 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
systems/configuration.nix
View File

@ -1,4 +1,6 @@
{ lib, pkgs, config, ... }: {
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
@ -26,8 +28,6 @@
};
};
security.auditd.enable = true;
services = {
fail2ban = {
enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
@ -55,7 +55,6 @@
}
];
# all of these setting are recommended by lynis unless otherwise commented
settings = {
AllowAgentForwarding = "no";
AllowTcpForwarding = "no";
@ -71,14 +70,31 @@
PermitRootLogin = "no";
TcpKeepAlive = "no";
X11Forwarding = lib.mkDefault false;
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
KexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
Ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr" ];
Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
};
};
autopull = {
enable = true;
path = /root/dotfiles;
@ -86,11 +102,10 @@
};
};
nixpkgs.config.allowUnfree = true;
programs = {
git = {
enable = true;
lfs.enable = lib.mkDefault true;
config = {
interactive.singlekey = true;
pull.rebase = true;
@ -116,17 +131,16 @@
zsh = {
enable = true;
syntaxHighlighting.enable = true;
zsh-autoenv.enable = true;
enableCompletion = true;
enableBashCompletion = true;
ohMyZsh.enable = true;
autosuggestions = {
enable = true;
strategy = [ "completion" ];
async = true;
};
syntaxHighlighting.enable = true;
zsh-autoenv.enable = true;
enableCompletion = true;
enableBashCompletion = true;
ohMyZsh = { enable = true; };
};
nix-ld = {
@ -142,6 +156,7 @@
};
nix = {
diffSystem = true;
settings = {
experimental-features = [ "nix-command" "flakes" ];
keep-outputs = true;
@ -154,8 +169,6 @@
dates = "weekly";
options = "--delete-older-than 30d";
};
diffSystem = true;
};
system = {
@ -163,8 +176,6 @@
enable = true;
randomizedDelaySec = "1h";
persistent = true;
# Running this since this is private right now.
# Need to set up a ssh-key for github for autoUpgrade
flake = "git+ssh://git@github.com/RAD-Development/nix-dotfiles";
};
};

15
systems/jeeves-jr/configuration.nix
View File

@ -1,7 +1,10 @@
{ pkgs, ... }: {
time.timeZone = "America/New_York";
console.keyMap = "us";
networking.hostId = "1beb3026";
networking = {
hostId = "1beb3026";
firewall.enable = false;
};
boot = {
zfs.extraPools = [ "Main" ];
@ -14,16 +17,16 @@
enable = true;
recommendedDefaults = true;
logDriver = "local";
storageDriver = "overlay2";
daemon."settings" = {
experimental = true;
data-root = "/var/lib/docker";
exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = {
max-size = "10m";
max-file = "5";
};
data-root = "/var/lib/docker";
};
storageDriver = "overlay2";
};
podman = {
@ -34,7 +37,6 @@
environment = {
systemPackages = with pkgs; [ docker-compose ];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
@ -57,11 +59,8 @@
services = {
nfs.server.enable = true;
openssh.ports = [ 352 ];
smartd.enable = true;
sysstat.enable = true;
usbguard = {
@ -82,7 +81,5 @@
};
};
networking.firewall.enable = false;
system.stateVersion = "23.05";
}

56
systems/jeeves-jr/hardware.nix
View File

@ -1,35 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat";
};
swapDevices = [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
swapDevices = [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat";
};
};
}

31
systems/palatine-hill/configuration.nix
View File

@ -1,7 +1,18 @@
{ config, pkgs, ... }: {
time.timeZone = "America/New_York";
console.keyMap = "us";
networking.hostId = "dc2f9781";
systemd.services.hydra-notify.serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path;
networking = {
hostId = "dc2f9781";
firewall.enable = false;
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {
enableHybridCodec = true;
};
};
boot = {
zfs.extraPools = [ "ZFS-primary" ];
loader.grub.device = "/dev/sda";
@ -25,8 +36,6 @@
}];
};
nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; };
hardware = {
enableAllFirmware = true;
opengl = {
@ -43,6 +52,7 @@
};
virtualisation = {
# Disabling Podman as topgrade apparently prefers podman over docker and now I cant update anything :(
docker = {
enable = true;
recommendedDefaults = true;
@ -58,17 +68,12 @@
};
};
};
# Disabling as topgrade apparently prefers podman over docker and now I cant update anything :(
# podman = {
# enable = true;
# recommendedDefaults = true;
# };
};
environment.systemPackages = with pkgs; [ docker-compose jellyfin-ffmpeg ];
systemd.services.hydra-notify = { serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path; };
environment.systemPackages = with pkgs; [
docker-compose
jellyfin-ffmpeg
];
services = {
samba.enable = true;
@ -116,8 +121,6 @@
};
};
networking.firewall.enable = false;
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {

66
systems/palatine-hill/hardware.nix
View File

@ -1,37 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "mpt3sas" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b3b709ce-fe88-4267-be47-bf991a512cbe";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4CBA-2451";
fsType = "vfat";
};
swapDevices = [{ device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp72s0f3u1u2c2.useDHCP = lib.mkDefault true;
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
swapDevices = [{ device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; }];
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
availableKernelModules = [
"ahci"
"mpt3sas"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b3b709ce-fe88-4267-be47-bf991a512cbe";
fsType = "ext4";
};
"boot" = {
device = "/dev/disk/by-uuid/4CBA-2451";
fsType = "vfat";
};
};
}