commit 135b0e11c585dccf12a8ce2654b3e118f65670ff Author: Yadunand Prem Date: Sat Apr 6 07:22:48 2024 +0000 feat: add first nixos config diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..9f056e0 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + nix.settings.experimental-features = ["nix-command" "flakes" ]; + + networking.hostName = "nixos"; # Define your hostname. + + users.users.yadunut = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + neovim + wget + ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" ]; + }; + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + git + neovim + wget + inputs.agenix.packages."${pkgs.system}".default + ]; + + age.secrets.tailscale.file = ./secrets/tailscale.age; + + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale.path; + extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ]; + }; + environment.variables.EDITOR = "nvim"; + + + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..ecb8c7e --- /dev/null +++ b/flake.lock @@ -0,0 +1,145 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1712079060, + "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", + "owner": "ryantm", + "repo": "agenix", + "rev": "1381a759b205dff7a6818733118d02253340fd5e", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1712168706, + "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b07313d --- /dev/null +++ b/flake.nix @@ -0,0 +1,28 @@ +{ + description = "A very basic flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + agenix.url = "github:ryantm/agenix"; + home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, home-manager, agenix, ... }@inputs: { + nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + ./configuration.nix + agenix.nixosModules.default + { _module.args = { inherit inputs; };} + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.yadunut = import ./home.nix; + } + ]; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..8c470b9 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9b9bda9c-372d-426d-9ad9-6fa9e54962cf"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/b759bc68-44db-46f1-9fa6-6580d0cf9243"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..787e526 --- /dev/null +++ b/home.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... } : +{ + home.username = "yadunut"; + home.homeDirectory = "/home/yadunut"; + + home.packages = with pkgs; [ + ripgrep + ]; + + programs.starship.enable = true; + programs.home-manager.enable = true; + + home.stateVersion = "23.11"; +} + diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..aaef073 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmQbdvFi1p8L5urBigTMuyD9yW0UbAPVKGzz2apANlc root@nixos"; + systems = [ system1 ]; +in +{ + "tailscale.age".publicKeys = systems; +} + diff --git a/secrets/tailscale.age b/secrets/tailscale.age new file mode 100644 index 0000000..9db5970 --- /dev/null +++ b/secrets/tailscale.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 wA3DxQ pH3kp+eYDfsbTO2lak1nzQgPfRW+QBGZi5PspFmITUg +qA12EUb5CH1o1mLEwm9IB6b0ClWIVYdbUIjR94JiJJ0 +--- /gpZXEr0EYb0NujegrjHBfVuXezwAkD9D8t1YzmmO3Y +@dFqE9,GDa=:Sg%IR<)G +q/|_02yJC( \ No newline at end of file