feat: add first nixos config

2024-04-06 07:22:48 +00:00 · 2024-04-06 07:22:48 +00:00 · 135b0e11c5
commit 135b0e11c5
7 changed files with 287 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,52 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  nix.settings.experimental-features = ["nix-command" "flakes" ];
+
+  networking.hostName = "nixos"; # Define your hostname.
+
+  users.users.yadunut = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      neovim
+      wget
+    ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG" ];
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+    wget
+    inputs.agenix.packages."${pkgs.system}".default
+  ];
+
+  age.secrets.tailscale.file = ./secrets/tailscale.age;
+
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.age.secrets.tailscale.path;
+    extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ];
+  };
+  environment.variables.EDITOR = "nvim";
+
+
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
+
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,145 @@
+{
+  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1712079060,
+        "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "1381a759b205dff7a6818733118d02253340fd5e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1710888565,
+        "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1712168706,
+        "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,28 @@
+{
+  description = "A very basic flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    agenix.url = "github:ryantm/agenix";
+    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager, agenix, ... }@inputs: {
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+
+      modules = [
+         ./configuration.nix
+	 agenix.nixosModules.default
+	 { _module.args = { inherit inputs; };}
+	 home-manager.nixosModules.home-manager
+	 {
+	   home-manager.useGlobalPkgs = true;
+	   home-manager.useUserPackages = true;
+	   home-manager.users.yadunut = import ./home.nix;
+	 }
+      ];
+    };
+  };
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9b9bda9c-372d-426d-9ad9-6fa9e54962cf";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/b759bc68-44db-46f1-9fa6-6580d0cf9243"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/home.nix
+++ b/home.nix
@ -0,0 +1,15 @@
+{ config, pkgs, ... } : 
+{
+  home.username = "yadunut";
+  home.homeDirectory = "/home/yadunut";
+
+  home.packages = with pkgs; [
+  ripgrep
+  ];
+
+  programs.starship.enable = true;
+  programs.home-manager.enable = true;
+
+  home.stateVersion = "23.11";
+}
+
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,8 @@
+let 
+  system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmQbdvFi1p8L5urBigTMuyD9yW0UbAPVKGzz2apANlc root@nixos";
+  systems = [ system1 ];
+in
+{
+  "tailscale.age".publicKeys = systems;
+}
+
--- a/secrets/tailscale.age
+++ b/secrets/tailscale.age
@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 wA3DxQ pH3kp+eYDfsbTO2lak1nzQgPfRW+QBGZi5PspFmITUg
+qA12EUb5CH1o1mLEwm9IB6b0ClWIVYdbUIjR94JiJJ0
+--- /gpZXEr0EYb0NujegrjHBfVuXezwAkD9D8t1YzmmO3Y
+@ðdâFÃq¢¶<12>EÑà9,ýGDÀaÑö=˜‰:ŠSgÀ¦§Ì%§IÜR<Ï)þ°G”Ý
+¯¶qº–º¬/|<7C>_ˆ0©2<C2A9>ÄyJ´C(ÿ