Initial commit

2019-11-10 08:41:19 +00:00 · 2019-11-10 08:41:19 +00:00 · 5e384cac4c
commit 5e384cac4c
8 changed files with 349 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,43 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./packages.nix
+      ./networking.nix
+      ./services.nix
+      ./users.nix
+      ./nix-containers.nix
+    ];
+
+  boot = {
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+  };
+
+  # Select internationalisation properties.
+  i18n = {
+    consoleFont = "Lat2-Terminus16";
+    consoleKeyMap = "uk";
+    defaultLocale = "en_GB.UTF-8";
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/London";
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.09"; # Did you read the comment?
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/5f03569f-83a4-45a6-b316-bb792c758ac2";
+      fsType = "btrfs";
+      options = [ "subvol=nixos" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/5f03569f-83a4-45a6-b316-bb792c758ac2";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/mnt/storage" =
+    { device = "/dev/disk/by-uuid/d3ba175c-aa96-4613-a9e0-d34ad59616e6";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A649-113E";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d3b1291d-2f47-460a-b39b-3aafcd7b1e89"; }
+    ];
+
+  nix.maxJobs = lib.mkDefault 2;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
--- a/networking.nix
+++ b/networking.nix
@ -0,0 +1,67 @@
+{ config, pkgs, ... }:
+
+{
+  networking = {
+    hostName = "nixos-server";
+    defaultGateway = "10.0.20.1";
+    nameservers = [ "10.0.20.1" ];
+
+    nat = {
+      enable = true;
+      externalInterface = "enp2s0";
+      internalInterfaces = [ "wg0" ];
+    };
+
+    interfaces = {
+      enp2s0 = {
+        ipv4.addresses = [ {
+          address = "10.0.20.28";
+          prefixLength = 24;
+        } ];
+        ipv6.addresses = [ {
+          address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";
+          prefixLength = 128;
+        } ];
+      };
+    };
+
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "10.0.0.1/24" ];
+        privateKeyFile = "/home/michael/.wireguard/wg0-privkey";
+        listenPort = 45904;
+        peers = [ {
+          publicKey = "Pc/zbM+9SBYi7xgcrM6XSvvWUePydfg41ZSHSdhFsB8=";
+          allowedIPs = [ "10.0.0.2/32" ];
+        } {
+          publicKey = "RRybMt8Y8XhdqBqise5ooghYHOXdTjEWlxJ7rj5yB0A=";
+          allowedIPs = [ "10.0.0.3/32" ];
+        } {
+          publicKey = "B63CWCXFW7YIZDRO/yGFrSr/xeHtUHi7z2v9rpiwOXY=";
+          allowedIPs = [ "10.0.0.4/32" ];
+        } {
+          publicKey = "qel9ErmlZ6eQmnXEqOoon3pOfJWe+NvqTZ6o9ucZKFo=";
+          allowedIPs = [ "10.0.0.5/32" ];
+          } ];
+      };
+    };
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80   # http
+        22   # ssh
+        5201 # iperf
+        2049 # nfs
+      ];
+      allowedUDPPorts = [ 
+        45904 # wireguard 
+        5201  # iperf
+      ];
+
+      extraCommands = ''
+        iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp2s0 -j MASQUERADE
+      '';
+    };
+  };
+}
--- a/nix-containers.nix
+++ b/nix-containers.nix
@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+
+{
+  containers = {
+    nginx = {
+      autoStart = false;
+      config = { config, pkgs, ... }: {
+        networking = {
+          firewall.allowedTCPPorts = [ 80 ];
+        };
+        services.nginx = {
+          enable = true;
+          virtualHosts = {
+            www = {
+              listen = [ 
+                { addr = "0.0.0.0"; port = 80; } 
+                { addr = "[::]"; port = 80; }
+              ];
+              serverName = "nixos-server";
+              locations = {
+                "/" = {
+                  root = "/var/www";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+    ocd = {
+      autoStart = false;
+      bindMounts = {
+        "/go" = {
+          hostPath = "/home/michael/go";
+          isReadOnly = false;
+        };
+      };
+      config = { config, pkgs, ... }: {
+        networking = {
+          firewall.allowedTCPPorts = [ 8000 ];
+        };
+        environment.systemPackages = with pkgs; [
+          go_bootstrap
+        ];
+      };
+    };
+  };
+}
+
--- a/packages.nix
+++ b/packages.nix
@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    exa
+    wget
+    htop
+    git
+    (import ./vim.nix)
+    neovim
+    nix-index
+    python2
+    python3
+    usbutils
+    pciutils
+    tmux
+    neofetch
+    nix-zsh-completions
+    zsh-completions
+    lm_sensors
+    wireguard
+    wireguard-tools
+    nmap
+    iperf3
+    go_1_12
+    smartmontools
+    python37Packages.glances
+  ];
+
+  programs = {
+    zsh = {
+      enable = true;
+      autosuggestions.enable = true;
+      enableCompletion = true;
+      ohMyZsh.enable = true;
+    };
+  };
+}
--- a/services.nix
+++ b/services.nix
@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+  services = {
+    openssh = {
+      enable = true;
+      ports = [ 22 ];
+      passwordAuthentication = false;
+      permitRootLogin = "no";
+      authorizedKeysFiles = [ ".ssh/authorized_keys" ];
+      challengeResponseAuthentication = false;
+    };
+
+    nfs.server = {
+      enable = true;
+      exports = ''
+        /mnt/storage/backup       10.0.20.2(rw,nohide,no_root_squash,no_subtree_check)
+        /mnt/storage              10.0.1.5(rw,nohide,no_root_squash,no_subtree_check)
+      '';
+    };
+  };
+}
--- a/users.nix
+++ b/users.nix
@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.michael = {
+    isNormalUser = true;
+    home = "/home/michael";
+    description = "Michael";
+    extraGroups = [ "wheel" "michael" ];
+    shell = pkgs.zsh;
+    uid = 1000;
+  };
+}
--- a/vim.nix
+++ b/vim.nix
@ -0,0 +1,74 @@
+with import <nixpkgs> {};
+
+vim_configurable.customize {
+  name = "vim";
+  vimrcConfig.customRC = ''
+if v:lang =~ "utf8$" || v:lang =~ "UTF-8$"
+   set fileencodings=ucs-bom,utf-8,latin1
+endif
+
+set nocompatible	" Use Vim defaults (much better!)
+set bs=indent,eol,start		" allow backspacing over everything in insert mode
+"set ai			" always set autoindenting on
+"set backup		" keep a backup file
+set viminfo='20,\"50	" read/write a .viminfo file, don't store more
+			" than 50 lines of registers
+set history=50		" keep 50 lines of command line history
+set ruler		" show the cursor position all the time
+
+" Only do this part when compiled with support for autocommands
+if has("autocmd")
+  augroup fedora
+  autocmd!
+  " In text files, always limit the width of text to 78 characters
+  " autocmd BufRead *.txt set tw=78
+  " When editing a file, always jump to the last cursor position
+  autocmd BufReadPost *
+  \ if line("'\"") > 0 && line ("'\"") <= line("$") |
+  \   exe "normal! g'\"" |
+  \ endif
+  " don't write swapfile on most commonly used directories for NFS mounts or USB sticks
+  autocmd BufNewFile,BufReadPre /media/*,/run/media/*,/mnt/* set directory=~/tmp,/var/tmp,/tmp
+  " start with spec file template
+  autocmd BufNewFile *.spec 0r /usr/share/vim/vimfiles/template.spec
+  augroup END
+endif
+
+if has("cscope") && filereadable("/usr/bin/cscope")
+   set csprg=/usr/bin/cscope
+   set csto=0
+   set cst
+   set nocsverb
+   " add any database in current directory
+   if filereadable("cscope.out")
+      cs add $PWD/cscope.out
+   " else add database pointed to by environment
+   elseif $CSCOPE_DB != ""
+      cs add $CSCOPE_DB
+   endif
+   set csverb
+endif
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+filetype plugin on
+
+if &term=="xterm"
+     set t_Co=8
+     set t_Sb=[4%dm
+     set t_Sf=[3%dm
+endif
+
+" Don't wake up system with blinking cursor:
+" http://www.linuxpowertop.org/known.php
+let &guicursor = &guicursor . ",a:blinkon0"
+
+:set tabstop=4 shiftwidth=4 expandtab
+:set number
+  '';
+}