nixos-config/hosts/ni/default.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix

    ./modules/wireguard.nix

    (lib.mapHomeManagerUser "foo-dogsquared" {
      extraGroups = [
        "adbusers"
        "wheel"
        "audio"
        "docker"
        "podman"
        "networkmanager"
        "wireshark"
      ];
      hashedPassword =
        "$6$.cMYto0K0CHbpIMT$dRqyKs4q1ppzmTpdzy5FWP/V832a6X..FwM8CJ30ivK0nfLjQ7DubctxOZbeOtygfjcUd1PZ0nQoQpOg/WMvg.";
      isNormalUser = true;
      createHome = true;
      home = "/home/foo-dogsquared";
      description = "Gabriel Arazas";
    })
  ];

  disko.devices = import ./disko.nix {
    disks = [ "/dev/nvme0n1" ];
  };

  services.openssh.hostKeys = [{
    path = config.sops.secrets."ssh-key".path;
    type = "ed25519";
  }];

  # My portable music streaming server.
  services.gonic = {
    enable = true;
    settings = {
      listen-addr = "127.0.0.1:4747";
      cache-path = "/var/cache/gonic";
      music-path = [
        "/srv/music"
      ];
      podcast-path = "/var/cache/gonic/podcasts";

      jukebox-enabled = true;

      scan-interval = 1;
      scan-at-start-enabled = true;
    };
  };

  sops.secrets = lib.getSecrets ./secrets/secrets.yaml {
    "ssh-key" = { };
  };

  # The keyfile required for the secrets to be decrypted.
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";

  # Get the latest kernel for the desktop experience.
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Adding a bunch of emulated systems for cross-system building.
  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
    "riscv64-linux"
  ];

  # Wanna be a wannabe haxxor, kid?
  programs.wireshark.package = pkgs.wireshark;

  # We're using some better filesystems so we're using it.
  boot.initrd.supportedFilesystems = [ "btrfs" ];
  boot.supportedFilesystems = [ "btrfs" ];

  services.btrfs.autoScrub = {
    enable = true;
    fileSystems = [
      "/mnt/archives"
    ];
  };

  # My custom configuration with my custom modules starts here.
  profiles = {
    i18n.enable = true;
    archiving.enable = true;
    browsers = {
      firefox.enable = true;
      chromium.enable = true;
    };
    desktop = {
      enable = true;
      audio.enable = true;
      fonts.enable = true;
      hardware.enable = true;
      cleanup.enable = true;
      wine.enable = true;
    };
    dev = {
      enable = true;
      shell.enable = true;
      virtualization.enable = true;
      neovim.enable = true;
    };
    gaming = {
      enable = true;
      emulators.enable = true;
      retro-computing.enable = true;
    };
    filesystem = {
      tools.enable = true;
      setups.personal-webstorage.enable = true;
    };
    vpn.personal.enable = true;
  };

  # This is somewhat used for streaming games from it.
  programs.steam.remotePlay.openFirewall = true;

  programs.blender = {
    enable = true;
    package = pkgs.blender-with-packages {
      name = "foodogsquared-wrapped";
      packages = with pkgs.python3Packages; [ pandas ];
    };
    addons = with pkgs; [
      blender-blendergis
      blender-machin3tools
    ];
  };

  # Backup for the almighty archive, pls.
  tasks.backup-archive.enable = true;

  # The most extensible desktop environment with the greatest toolset of all
  # time (arguably but it is great).
  workflows.workflows.a-happy-gnome.enable = true;

  programs.wezterm.enable = true;
  programs.adb.enable = true;

  # Basically, the most basic nixpkgs configuration.
  environment.variables.NIXPKGS_CONFIG = lib.mkForce ./config/nixpkgs/config.nix;

  environment.systemPackages = with pkgs; [
    # Some sysadmin thingamajigs.
    openldap
    wireguard-tools
    (swh.swh-core.overrideAttrs (attrs: {
      pythonPath = with pkgs.swh; [
        swh-model
        swh-fuse
      ];
    }))

    # For debugging build environments in Nix packages.
    cntr

    # Searchsploit.
    exploitdb
  ];

  # Enable Guix service.
  services.guix.enable = true;

  # Set your time zone.
  time.timeZone = "Asia/Manila";

  # Doxxing myself.
  location = {
    latitude = 15.0;
    longitude = 121.0;
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;

  services.auto-cpufreq.enable = true;
  services.thermald.enable = true;
  services.avahi.enable = true;

  # We'll go with a software firewall. We're mostly configuring it as if we're
  # using a server even though the chances of that is pretty slim.
  networking = {
    nftables.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22 # Secure Shells.
      ];
    };
  };

  services.resolved.domains = [
    "~plover.foodogsquared.one"
    "~0.27.172.in-addr.arpa"
    "~0.28.172.in-addr.arpa"
  ];

  system.stateVersion = "23.11"; # Yes! I read the comment!
}
flake.nix: update hosts default config 2022-07-28 09:29:58 +00:00			`{ config, pkgs, lib, ... }:`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00
			`{`
Update various configurations Flake outputs, hosts, users, and formatting of Nix files. et cetera, et cetera. 2021-12-11 05:37:27 +00:00			`imports = [`
			`# Include the results of the hardware scan.`
Format the Nix files properly 2021-11-25 13:45:48 +00:00			`./hardware-configuration.nix`
host/ni: use Guix module from guix-overlay 2022-01-31 07:39:21 +00:00
hosts/ni: modularize Wireguard I also added a conditional configuration for systemd-networkd and a condition for the default which should be enabled when NetworkManager is enabled. Ideally this should be the default when systemd-networkd is not enabled but since they are the only network manager, we'll let it slide. 2023-07-05 03:40:40 +00:00			`./modules/wireguard.nix`

profiles/users: move as a library function 2022-07-09 05:54:05 +00:00			`(lib.mapHomeManagerUser "foo-dogsquared" {`
hosts/ni: update config 2022-08-10 04:14:11 +00:00			`extraGroups = [`
			`"adbusers"`
			`"wheel"`
			`"audio"`
			`"docker"`
			`"podman"`
			`"networkmanager"`
profiles/dev: add Wireshark 2023-02-11 01:01:31 +00:00			`"wireshark"`
hosts/ni: update config 2022-08-10 04:14:11 +00:00			`];`
profiles/users: move as a library function 2022-07-09 05:54:05 +00:00			`hashedPassword =`
			`"$6$.cMYto0K0CHbpIMT$dRqyKs4q1ppzmTpdzy5FWP/V832a6X..FwM8CJ30ivK0nfLjQ7DubctxOZbeOtygfjcUd1PZ0nQoQpOg/WMvg.";`
			`isNormalUser = true;`
			`createHome = true;`
			`home = "/home/foo-dogsquared";`
hosts/ni: add decorative parts of the configuration 2023-01-26 05:10:56 +00:00			`description = "Gabriel Arazas";`
profiles/users: move as a library function 2022-07-09 05:54:05 +00:00			`})`
Format the Nix files properly 2021-11-25 13:45:48 +00:00			`];`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00
hosts/ni: add disko device config 2023-06-30 05:38:22 +00:00			`disko.devices = import ./disko.nix {`
			`disks = [ "/dev/nvme0n1" ];`
			`};`

hosts/ni: update config and store secrets 2022-07-17 05:25:36 +00:00			`services.openssh.hostKeys = [{`
hosts: remove host path prefix for sops keys It is more explicit and elegant but more of a pain to manage especially with the new function. It was structured that way for other hosts' secrets but it isn't really used in practice. We could just enforce a convention such as a `hosts` prefix to contain those secrets. 2023-07-05 05:11:47 +00:00			`path = config.sops.secrets."ssh-key".path;`
hosts/ni: update config and store secrets 2022-07-17 05:25:36 +00:00			`type = "ed25519";`
			`}];`
hosts/ni: update secrets code 2022-12-31 03:13:27 +00:00
config: add comments 2023-09-11 02:14:39 +00:00			`# My portable music streaming server.`
hosts/ni: add Gonic server 2023-05-27 05:17:35 +00:00			`services.gonic = {`
			`enable = true;`
			`settings = {`
			`listen-addr = "127.0.0.1:4747";`
			`cache-path = "/var/cache/gonic";`
			`music-path = [`
			`"/srv/music"`
			`];`
			`podcast-path = "/var/cache/gonic/podcasts";`

			`jukebox-enabled = true;`

			`scan-interval = 1;`
			`scan-at-start-enabled = true;`
			`};`
			`};`

config: convert to lib.getSecrets 2023-07-05 03:38:58 +00:00			`sops.secrets = lib.getSecrets ./secrets/secrets.yaml {`
hosts: remove host path prefix for sops keys It is more explicit and elegant but more of a pain to manage especially with the new function. It was structured that way for other hosts' secrets but it isn't really used in practice. We could just enforce a convention such as a `hosts` prefix to contain those secrets. 2023-07-05 05:11:47 +00:00			`"ssh-key" = { };`
config: convert to lib.getSecrets 2023-07-05 03:38:58 +00:00			`};`
hosts/ni: update secrets code 2022-12-31 03:13:27 +00:00
config: add comments 2023-09-11 02:14:39 +00:00			`# The keyfile required for the secrets to be decrypted.`
hosts/ni: update config and store secrets 2022-07-17 05:25:36 +00:00			`sops.age.keyFile = "/var/lib/sops-nix/key.txt";`

config: add comments 2023-09-11 02:14:39 +00:00			`# Get the latest kernel for the desktop experience.`
hosts/ni: switch `boot.kernelPackages` to latest Linux packages 2023-03-19 01:58:18 +00:00			`boot.kernelPackages = pkgs.linuxPackages_latest;`
config: add comments 2023-09-11 02:14:39 +00:00
			`# Adding a bunch of emulated systems for cross-system building.`
update profiles and user configs 2022-05-20 06:47:09 +00:00			`boot.binfmt.emulatedSystems = [`
			`"aarch64-linux"`
			`"riscv64-linux"`
			`];`

config: add comments 2023-09-11 02:14:39 +00:00			`# Wanna be a wannabe haxxor, kid?`
profiles/dev: add Wireshark 2023-02-11 01:01:31 +00:00			`programs.wireshark.package = pkgs.wireshark;`

config: add comments 2023-09-11 02:14:39 +00:00			`# We're using some better filesystems so we're using it.`
hosts/ni: update host config 2022-07-14 00:20:02 +00:00			`boot.initrd.supportedFilesystems = [ "btrfs" ];`
			`boot.supportedFilesystems = [ "btrfs" ];`

			`services.btrfs.autoScrub = {`
			`enable = true;`
			`fileSystems = [`
			`"/mnt/archives"`
			`];`
			`};`

Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`# My custom configuration with my custom modules starts here.`
Restructure the modules While it is easier to maintain the modules by prefixing them all with `modules`, it is not easy when used from other flakes and/or modules. This is my attempt on making it easier with appropriate namespaces. Update home-manager user from the restructure 2022-01-09 05:38:59 +00:00			`profiles = {`
hosts/ni: update host config 2022-07-14 00:20:02 +00:00			`i18n.enable = true;`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`archiving.enable = true;`
hosts/ni: enable browser NixOS profiles 2023-09-17 05:54:45 +00:00			`browsers = {`
			`firefox.enable = true;`
			`chromium.enable = true;`
			`};`
profiles/system: rename to profiles/desktop The need for configuring desktop and server in separate profiles is becoming more obvious. Not to mention, most of the system config from profiles/system is obviously more desktop-oriented. 2022-11-29 13:03:30 +00:00			`desktop = {`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`enable = true;`
			`audio.enable = true;`
Update users NixOS module Welp, that's one step for more convenient and separate user-specific configuration. It's a tad simpler than https://github.com/divnix/devos but I want to work my way towards a similar setup. It's just a little overwhelming starting with that framework. 2021-11-27 11:21:08 +00:00			`fonts.enable = true;`
Add library and desktop modules 2021-12-06 07:27:51 +00:00			`hardware.enable = true;`
Update various configurations Flake outputs, hosts, users, and formatting of Nix files. et cetera, et cetera. 2021-12-11 05:37:27 +00:00			`cleanup.enable = true;`
profiles/desktop: update app list for Wine submodule 2023-06-05 09:44:11 +00:00			`wine.enable = true;`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`};`
			`dev = {`
			`enable = true;`
			`shell.enable = true;`
Update home-manager modules and related configs 2021-11-29 09:56:24 +00:00			`virtualization.enable = true;`
Remove editor module for NixOS The dedicated editor module for NixOS has been removed seeing as it is barely used. The only exception is Neovim which is moved into `modules.dev.neovim`. 2021-12-25 12:35:55 +00:00			`neovim.enable = true;`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`};`
hosts/ni: update profile 2023-06-06 05:50:17 +00:00			`gaming = {`
			`enable = true;`
			`emulators.enable = true;`
			`retro-computing.enable = true;`
			`};`
hosts/ni: add filesystem setup 2023-07-24 07:24:49 +00:00			`filesystem = {`
			`tools.enable = true;`
			`setups.personal-webstorage.enable = true;`
			`};`
hosts/ni: update profile 2023-06-06 05:50:17 +00:00			`vpn.personal.enable = true;`
Restructure the modules While it is easier to maintain the modules by prefixing them all with `modules`, it is not easy when used from other flakes and/or modules. This is my attempt on making it easier with appropriate namespaces. Update home-manager user from the restructure 2022-01-09 05:38:59 +00:00			`};`
hosts/ni: update config For now, we're removing the backup media task just to make it easier to install for non-local setups. It is pretty much the only thing that requires the most secrets and I want to easily showcase my NixOS setup or something like that. Enabling the task is still in the local changes, just not to be committed. 2022-06-12 05:47:55 +00:00
hosts/ni: enable Steam Remote Play 2023-09-17 05:57:44 +00:00			`# This is somewhat used for streaming games from it.`
			`programs.steam.remotePlay.openFirewall = true;`

hosts/ni: add Blender configuration 2023-09-27 06:22:39 +00:00			`programs.blender = {`
			`enable = true;`
			`package = pkgs.blender-with-packages {`
			`name = "foodogsquared-wrapped";`
			`packages = with pkgs.python3Packages; [ pandas ];`
			`};`
			`addons = with pkgs; [`
			`blender-blendergis`
			`blender-machin3tools`
			`];`
			`};`

hosts/ni: update and reformat config 2023-09-17 05:58:59 +00:00			`# Backup for the almighty archive, pls.`
hosts/plover: disable multimedia archive task 2023-03-03 09:13:40 +00:00			`tasks.backup-archive.enable = true;`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00
hosts/ni: update and reformat config 2023-09-17 05:58:59 +00:00			`# The most extensible desktop environment with the greatest toolset of all`
			`# time (arguably but it is great).`
			`workflows.workflows.a-happy-gnome.enable = true;`
hosts/ni: update config 2022-08-10 04:14:11 +00:00
			`programs.wezterm.enable = true;`
			`programs.adb.enable = true;`

hosts/ni: update and reformat config 2023-09-17 05:58:59 +00:00			`# Basically, the most basic nixpkgs configuration.`
hosts/ni: update nixpkgs configuration 2023-09-24 11:20:05 +00:00			`environment.variables.NIXPKGS_CONFIG = lib.mkForce ./config/nixpkgs/config.nix;`
hosts/ni: create system-wide nixpkgs config 2023-07-05 03:39:44 +00:00
Clean up the files 2022-02-02 04:25:03 +00:00			`environment.systemPackages = with pkgs; [`
hosts/ni: add wireguard-tools to system packages 2023-01-20 05:15:53 +00:00			`# Some sysadmin thingamajigs.`
hosts/ni: update LDAP-related settings - Add OpenLDAP to the system packages. - Fix the file permission for the LDAP password secret. 2023-01-17 14:25:15 +00:00			`openldap`
hosts/ni: add wireguard-tools to system packages 2023-01-20 05:15:53 +00:00			`wireguard-tools`
hosts/ni: add more administrative tools 2023-03-03 09:18:42 +00:00			`(swh.swh-core.overrideAttrs (attrs: {`
			`pythonPath = with pkgs.swh; [`
			`swh-model`
hosts/ni: add `swh fs` 2023-05-09 08:17:09 +00:00			`swh-fuse`
hosts/ni: add more administrative tools 2023-03-03 09:18:42 +00:00			`];`
			`}))`
hosts/ni: update LDAP-related settings - Add OpenLDAP to the system packages. - Fix the file permission for the LDAP password secret. 2023-01-17 14:25:15 +00:00
hosts/ni: add cntr for debugging Nix builds 2023-02-06 08:08:19 +00:00			`# For debugging build environments in Nix packages.`
			`cntr`
hosts/ni: add more administrative tools 2023-03-03 09:18:42 +00:00
			`# Searchsploit.`
			`exploitdb`
Clean up the files 2022-02-02 04:25:03 +00:00			`];`

host/ni: use Guix module from guix-overlay 2022-01-31 07:39:21 +00:00			`# Enable Guix service.`
flake.nix: use Nix-built Guix service module 2022-08-27 05:30:04 +00:00			`services.guix.enable = true;`
host/ni: use Guix module from guix-overlay 2022-01-31 07:39:21 +00:00
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`# Set your time zone.`
			`time.timeZone = "Asia/Manila";`

			`# Doxxing myself.`
			`location = {`
			`latitude = 15.0;`
			`longitude = 121.0;`
			`};`

			`# Some programs need SUID wrappers, can be configured further or are`
			`# started in user sessions.`
			`programs.mtr.enable = true;`

Update flake and users config 2021-12-19 09:39:18 +00:00			`services.auto-cpufreq.enable = true;`
			`services.thermald.enable = true;`
Update `ni` configuration 2021-12-26 10:43:49 +00:00			`services.avahi.enable = true;`
Update flake and users config 2021-12-19 09:39:18 +00:00
hosts/ni: enable nftables-based firewall 2023-01-18 03:10:31 +00:00			`# We'll go with a software firewall. We're mostly configuring it as if we're`
			`# using a server even though the chances of that is pretty slim.`
			`networking = {`
			`nftables.enable = true;`
			`firewall = {`
			`enable = true;`
			`allowedTCPPorts = [`
			`22 # Secure Shells.`
			`];`
			`};`
			`};`

hosts/ni: update personal VPN config 2023-06-19 04:28:33 +00:00			`services.resolved.domains = [`
			`"~plover.foodogsquared.one"`
			`"~0.27.172.in-addr.arpa"`
			`"~0.28.172.in-addr.arpa"`
			`];`

hosts: update system state version to 23.11 2023-08-03 05:29:00 +00:00			`system.stateVersion = "23.11"; # Yes! I read the comment!`
Rewrite as a flake I revisited NixOS this week and I've rewritten my NixOS config from scratch. I must say I really like Nix flakes. For whatever reason it just clicked and I understood more programming with Nix despite my previous experience which is not good. Could be just the fact I had a break for a long time from completely using Nix (I still used it on non-NixOS distros). Eh... I still took some things from the original inspiration of this configuration so there's that. 2021-11-25 11:55:30 +00:00			`}`