feat(luna): initial luna configuration

2023-10-27 01:46:14 -05:00 · 2023-10-27 01:46:14 -05:00 · 4e0f171a2e
commit 4e0f171a2e
parent 1588ab30f5
10 changed files with 185 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -18,5 +18,13 @@
        impermanence.nixosModules.impermanence
      ];
    };
    nixosConfigurations.luna = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = inputs;
      modules = [
        ./hosts/luna
        impermanence.nixosModules.impermanence
      ];
    };
  };
 }
--- a/hosts/luna/default.nix
+++ b/hosts/luna/default.nix
@ -1,9 +1,8 @@
 { config, lib, nixpkgs, ... }:
 {
  imports = [
    ./modules
-    ./os/filesystem.nix
+    ./os
  ];
  system.stateVersion = "23.11";
 }
--- a/hosts/luna/modules/networking.nix
+++ b/hosts/luna/modules/networking.nix
@ -0,0 +1,87 @@
 { inputs, lib, pkgs, hostname, ... }:
 let
  hostname = "luna";
  networks_dhcp_use_dns = "no";
  networks_dhcp = "yes";
  networks_multicast_dns = "yes";
  networks_ipv6_privacy = "yes";
  networks_ipv6_accept_ra = "yes";
  networks_network_config = {
    DHCP = networks_dhcp;
    MulticastDNS = networks_multicast_dns;
    IPv6PrivacyExtensions = networks_ipv6_privacy;
    IPv6AcceptRA = networks_ipv6_accept_ra;
  };
  resolved_nameservers = [
    "1.1.1.1#cloudflare-dns.com"
    "9.9.9.9#dns.quad9.net"
    "8.8.8.8#dns.google"
    "2606:4700:4700::1111#cloudflare-dns.com"
    "2620:fe::9#dns.quad9.net"
    "2001:4860:4860::8888#dns.google"
  ];
  resolved_fallback_nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
 in
 {
  systemd.network = {
    enable = true;
    networks = {
      "10-wlan" = {
        matchConfig.Name = [ "wl*" ];
        networkConfig = networks_network_config;
        dhcpV4Config = {
          RouteMetric = 600;
          UseDNS = networks_dhcp_use_dns;
        };
        ipv6AcceptRAConfig = {
          RouteMetric = 600;
          UseDNS = networks_dhcp_use_dns;
        };
      };
      "10-ethernet" = {
        matchConfig.name = [ "en*" "eth*" ];
        networkConfig = networks_network_config;
        dhcpV4Config = {
          RouteMetric = 100;
          UseDNS = networks_dhcp_use_dns;
        };
        ipv6AcceptRAConfig = {
          RouteMetric = 100;
          UseDNS = networks_dhcp_use_dns;
        };
      };
      "10-wwan" = {
        matchConfig.name = [ "ww*" ];
        networkConfig = networks_network_config;
        dhcpV4Config = {
          RouteMetric = 700;
          UseDNS = networks_dhcp_use_dns;
        };
        ipv6AcceptRAConfig = {
          RouteMetric = 700;
          UseDNS = networks_dhcp_use_dns;
        };
      };
    };
  };
  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = [ "~." ];
    fallbackDns = resolved_fallback_nameservers;
    llmnr = "true";
    extraConfig = ''
      MulticastDNS=yes
      DNSOverTLS=yes
      CacheFromLocalhost=no
      Cache=yes
    '';
  };
  networking = {
    hostName = "${hostname}";
  };
 }
--- a/hosts/luna/modules/nix.nix
+++ b/hosts/luna/modules/nix.nix
@ -0,0 +1,16 @@
 { pkgs, ... }:
 {
  nix = {
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
      auto-optimise-store = true;
      trusted-users = ["@wheel"];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
  };
 }
--- a/hosts/luna/modules/programs.nix
+++ b/hosts/luna/modules/programs.nix
@ -0,0 +1,17 @@
 { pkgs, ... }:
 {
  nixpkgs.config.allowUnfree = true;
  programs = {
    zsh.enable = true;
    neovim = {
      enable = true;
      defaultEditor = true;
    };
  };
  environment.systemPackages = with pkgs; [
    "vim"
  ];
 }
--- a/hosts/luna/modules/ssh.nix
+++ b/hosts/luna/modules/ssh.nix
@ -0,0 +1,15 @@
 { pkgs, ... }:
 {
  services.openssh = {
    enable = true;
    settings = {
      passwordAuthentication = false;
      PermitRootLogin = "prohibit-password";
      startWhenNeeded = true;
    };
    ports = [
      2200
    ];
  };
 }
--- a/hosts/luna/modules/user.nix
+++ b/hosts/luna/modules/user.nix
@ -0,0 +1,15 @@
 { pkgs, user, ... }:
 let
 user = "price";
 in
 {
  users.users = {
    root = {
      openssh.authorizedKeys.keys = [
        "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ9ODXLAIfGH/7VNobQsp5nwBvNoh+pQMEH7s2jkHpkqAAAACHNzaDpsdW5h"
      ];
      initialPassword = "pass";
    };
  };
 }
--- a/hosts/luna/os/boot.nix
+++ b/hosts/luna/os/boot.nix
@ -0,0 +1,16 @@
 { ... }:
 {
    boot = {
    initrd = {
      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
      kernelModules = [ ];
    };
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };
 }
--- a/hosts/luna/os/default.nix
+++ b/hosts/luna/os/default.nix
@ -0,0 +1,10 @@
 { ... }:
 {
  imports = [
    ./boot.nix
    ./filesystem.nix
  ];
  system.stateVersion = "23.11";
 }
--- a/hosts/luna/os/filesystem.nix
+++ b/hosts/luna/os/filesystem.nix
@ -3,22 +3,6 @@
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot = {
    initrd = {
      availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
      kernelModules = [ ];
    };
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };
  swapDevices = [{ device = "/dev/disk/by-label/NixOS-Swap"; }];
  swapDevices = [{ device = "/swap/swapfile"; }];
  fileSystems = {
    "/" = {
      device = "none";