feat(luna): initial luna configuration

2023-10-27 01:46:14 -05:00 · 2023-10-27 01:46:14 -05:00 · 4e0f171a2e
commit 4e0f171a2e
parent 1588ab30f5
10 changed files with 185 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -18,5 +18,13 @@
        impermanence.nixosModules.impermanence
      ];
    };
+    nixosConfigurations.luna = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = inputs;
+      modules = [
+        ./hosts/luna
+        impermanence.nixosModules.impermanence
+      ];
+    };
  };
 }
--- a/hosts/luna/default.nix
+++ b/hosts/luna/default.nix
@ -1,9 +1,8 @@
 { config, lib, nixpkgs, ... }:
-
 {
  imports = [
    ./modules
-    ./os/filesystem.nix
+    ./os
  ];
  system.stateVersion = "23.11";
 }
--- a/hosts/luna/modules/networking.nix
+++ b/hosts/luna/modules/networking.nix
@ -0,0 +1,87 @@
+{ inputs, lib, pkgs, hostname, ... }:
+
+let
+  hostname = "luna";
+  networks_dhcp_use_dns = "no";
+  networks_dhcp = "yes";
+  networks_multicast_dns = "yes";
+  networks_ipv6_privacy = "yes";
+  networks_ipv6_accept_ra = "yes";
+  networks_network_config = {
+    DHCP = networks_dhcp;
+    MulticastDNS = networks_multicast_dns;
+    IPv6PrivacyExtensions = networks_ipv6_privacy;
+    IPv6AcceptRA = networks_ipv6_accept_ra;
+  };
+  resolved_nameservers = [
+    "1.1.1.1#cloudflare-dns.com"
+    "9.9.9.9#dns.quad9.net"
+    "8.8.8.8#dns.google"
+    "2606:4700:4700::1111#cloudflare-dns.com"
+    "2620:fe::9#dns.quad9.net"
+    "2001:4860:4860::8888#dns.google"
+  ];
+  resolved_fallback_nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+in
+{
+  systemd.network = {
+    enable = true;
+    networks = {
+      "10-wlan" = {
+        matchConfig.Name = [ "wl*" ];
+        networkConfig = networks_network_config;
+        dhcpV4Config = {
+          RouteMetric = 600;
+          UseDNS = networks_dhcp_use_dns;
+        };
+        ipv6AcceptRAConfig = {
+          RouteMetric = 600;
+          UseDNS = networks_dhcp_use_dns;
+        };
+      };
+      "10-ethernet" = {
+        matchConfig.name = [ "en*" "eth*" ];
+        networkConfig = networks_network_config;
+        dhcpV4Config = {
+          RouteMetric = 100;
+          UseDNS = networks_dhcp_use_dns;
+        };
+        ipv6AcceptRAConfig = {
+          RouteMetric = 100;
+          UseDNS = networks_dhcp_use_dns;
+        };
+      };
+      "10-wwan" = {
+        matchConfig.name = [ "ww*" ];
+        networkConfig = networks_network_config;
+        dhcpV4Config = {
+          RouteMetric = 700;
+          UseDNS = networks_dhcp_use_dns;
+        };
+        ipv6AcceptRAConfig = {
+          RouteMetric = 700;
+          UseDNS = networks_dhcp_use_dns;
+        };
+      };
+
+    };
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = resolved_fallback_nameservers;
+    llmnr = "true";
+    extraConfig = ''
+      MulticastDNS=yes
+      DNSOverTLS=yes
+      CacheFromLocalhost=no
+      Cache=yes
+    '';
+  };
+  networking = {
+    hostName = "${hostname}";
+  };
+
+}
--- a/hosts/luna/modules/nix.nix
+++ b/hosts/luna/modules/nix.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }:
+
+{
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+      trusted-users = ["@wheel"];
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+  };
+}
--- a/hosts/luna/modules/programs.nix
+++ b/hosts/luna/modules/programs.nix
@ -0,0 +1,17 @@
+{ pkgs, ... }:
+
+{
+  nixpkgs.config.allowUnfree = true;
+
+  programs = {
+    zsh.enable = true;
+    neovim = {
+      enable = true;
+      defaultEditor = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    "vim"
+  ];
+}
--- a/hosts/luna/modules/ssh.nix
+++ b/hosts/luna/modules/ssh.nix
@ -0,0 +1,15 @@
+{ pkgs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      passwordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+      startWhenNeeded = true;
+    };
+    ports = [
+      2200
+    ];
+  };
+}
--- a/hosts/luna/modules/user.nix
+++ b/hosts/luna/modules/user.nix
@ -0,0 +1,15 @@
+{ pkgs, user, ... }:
+
+let
+ user = "price";
+in
+{
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ9ODXLAIfGH/7VNobQsp5nwBvNoh+pQMEH7s2jkHpkqAAAACHNzaDpsdW5h"
+      ];
+      initialPassword = "pass";
+    };
+  };
+}
--- a/hosts/luna/os/boot.nix
+++ b/hosts/luna/os/boot.nix
@ -0,0 +1,16 @@
+{ ... }:
+{
+    boot = {
+    initrd = {
+      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+      kernelModules = [ ];
+    };
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+}
--- a/hosts/luna/os/default.nix
+++ b/hosts/luna/os/default.nix
@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  imports = [
+    ./boot.nix
+    ./filesystem.nix
+  ];
+  system.stateVersion = "23.11";
+}
+
--- a/hosts/luna/os/filesystem.nix
+++ b/hosts/luna/os/filesystem.nix
@ -3,22 +3,6 @@
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix") ];

-  boot = {
-    initrd = {
-      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-      kernelModules = [ ];
-    };
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
-  };
-
-  swapDevices = [{ device = "/dev/disk/by-label/NixOS-Swap"; }];
-  swapDevices = [{ device = "/swap/swapfile"; }];
-
  fileSystems = {
    "/" = {
      device = "none";