diff --git a/README.md b/README.md index 2e8e715..6ce5351 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,11 @@ -# nixos +# My NixOS Configuration(s) Configuration file and helper scripts for my NixOS setup. + +Just startred researching NixOS at the end of August 2023 and seeing if it makes +more sense than using Ansible across a multitude of different OS's. + +## DISCLAIMERS +### THIS PROJECT IS A WORK IN PROGRESS + +Currently still considered early alpha phase. Things work, but still have a ways +to go before the system is completely ready for "production". diff --git a/activate.sh b/activate.sh index a9e9c5c..50cee74 100755 --- a/activate.sh +++ b/activate.sh @@ -6,21 +6,56 @@ DIR="$(dirname -- "${BASH_SOURCE[0]}")" PROG="$(basename -- "${BASH_SOURCE[0]}")" +nix_ext="nix" +nixos_dir="/etc/nixos" +date_YYYYMMDD="`date "+%Y%m%d"`" +backup_dir="$nixos_dir/${date_YYYYMMDD}_Backups" + ## Main ## echo "Requesting sudo password if it has not already been requested recently." +sudo echo "Success!" + +# Make a backup if one does not already exist for today. +if [[ ! -e "$backup_dir" ]]; then + echo -e "\nSaving backups for today." + sudo mkdir -pv "$backup_dir" + sudo cp -v "$nixos_dir"/*."$nix_ext" "$backup_dir"/ +fi + +# Ensure unmaintained files exist for import. +nix_static=$nixos_dir/static.nix +if [[ ! -e $nix_static ]]; then + echo "Creating '$nix_static'." + echo -e "{ config, pkgs, nix, ... }:\n\n{\n #\n}" | sudo tee $nix_static +fi +nix_ansible=$nixos_dir/ansible.nix +if [[ ! -e $nix_ansible ]]; then + echo "Creating '$nix_ansible' from '$nix_static'." + cp -v $nix_static $nix_ansible +fi # Start the chain. -sudo echo "Success!" && +sleep 0 && # Essentials, jeez! - echo "Making sure that /bin/bash is available." && - sudo ln -vqfs `which bash` /bin/bash && + echo -e "\nMaking sure that /bin/bash is available." && + sudo ln -vfs `which bash` /bin/bash && + + # Install Home Manager for usage in configuration.nix type files. + echo -e "\nAdd Home Manager." && + sudo nix-channel \ + --add https://github.com/nix-community/home-manager/archive/master.tar.gz \ + home-manager + sudo nix-channel --update # Main install. - echo "Switching to the new configuration." && - sudo cp $DIR/configuration.nix /etc/nixos/configuration.nix && + echo -e "\nSwitching to the new configuration." && + sudo cp "$DIR"/*."$nix_ext" "$nixos_dir"/ && sudo nixos-rebuild switch && + + # Completed successfully. + echo -e "\nSuccess!" && exit 0 ## Errors ## diff --git a/ansible.nix.example b/ansible.nix.example new file mode 100644 index 0000000..0605013 --- /dev/null +++ b/ansible.nix.example @@ -0,0 +1,25 @@ +# The ansible.nix file is for the Hyperling Ansible project to maintain. It +# should never be altered by hand unless Ansible has been turned off cron. +# https://github.com/Hyperling/ansible +{ config, pkgs, nix, ... }: + +{ + # tasks/general/software/swap.yml + # Use general.ini to set up the swap commands and this should be generated. + swapDevices = [ { device = "/swapfile"; } ]; + + ### + # TBD + ## + # Should this file include others? Or use blockinfile? searching for the + # headers below and then add their contents if they are wanted? Doing more + # includes might get messy, would probably want an entire ansible folder + # rather than adding more stuff to the roor /etc/nixos directory. + ### + + ## General ## + + ## Workstation ## + + ## Server ## +} diff --git a/configuration.nix b/configuration.nix index 47e63cf..cd18bd0 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,13 +2,56 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +############################################################################### +# Helpful Documentation +# +# NixOS Manual: +# https://nixos.org/manual/nixos/stable/ +# +# NixOS All Options: +# https://nixos.org/manual/nixos/stable/options.html +# +# Option Search: +# https://search.nixos.org/options +# +# Package Search: +# https://search.nixos.org/packages +############################################################################### + +############################################################################### +# TBD +# Make each section is own $.nix file and include it based on Ansible checks. +############################################################################### + +{ config, pkgs, nix, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + ############################################################################# + # System Configuration + ############################################################################# + + imports =[ + # Include the results of the hardware scan. + ./hardware-configuration.nix + # Include any static entries that are handled outside of this project. + ./static.nix + # Include anything that Ansible has created. + ./ansible.nix + # Home Manager. + + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + + ############################################################################# + # System Package Configuration + ############################################################################# # Bootloader. boot.loader.grub.enable = true; @@ -23,6 +66,25 @@ # Enable grub cryptodisk boot.loader.grub.enableCryptodisk=true; + # TBD: Does not work. Goes in "nix.conf"? + #nix.extraOptions = " + # --extra-experimental-features + #"; + + ############################################################################# + # General Networking Configuration + ############################################################################# + + # Enable networking + networking.networkmanager.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # TBD: Should this be here? boot.initrd.luks.devices."luks-39ae7203-d5af-47bf-95f6-b4f0eefebfc6".keyFile = "/crypto_keyfile.bin"; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -30,8 +92,9 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking - networking.networkmanager.enable = true; + ############################################################################# + # Locale + ############################################################################# # Set your time zone. time.timeZone = "America/Phoenix"; @@ -51,6 +114,25 @@ LC_TIME = "en_US.UTF-8"; }; + ############################################################################# + # User Setup + ############################################################################# + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.ling = { + isNormalUser = true; + description = "Hyperling"; + extraGroups = [ "networkmanager" "wheel" "sudo" "mlocate" "docker" ]; + #packages = with pkgs; [ + # #firefox + # #thunderbird + #]; + }; + + ############################################################################# + # Desktop Environment + ############################################################################# + # Enable the X11 windowing system. services.xserver.enable = true; @@ -58,6 +140,83 @@ services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; + # Remove the GNOME default packages. + #services.gnome.core-utilities.enable = false; + + ### + # GSettings, DConf type stuff. + ## + # https://nixos.wiki/wiki/GNOME + #services.xserver.desktopManager.gnome = { + # extraGSettingsOverrides = '' + # # Favorite apps in gnome-shell + # [org.gnome.shell] + # favorite-apps= \ + # [ 'org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop' \ + # , 'org.gnome.Nautilus.desktop' \ + # , 'librewolf.desktop', 'firefox.desktop' \ + # , 'org.gnome.Evolution.desktop', 'deltachat.desktop' \ + # , 'codium.desktop' \ + # , 'org.shotcut.Shotcut.desktop', 'lbry.desktop' \ + # , 'android-studio.desktop' \ + # , 'signal-desktop.desktop' \ + # ] + # + # # TBD Need to finish figuring out how to load these. + # [org.gnome.shell.extensions.dash-to-dock] + # dock-position='LEFT' + # dock-fixed=true + # dash-max-icon-size=28 + # ''; + # + # extraGSettingsOverridePackages = [ + # pkgs.gnome.gnome-shell # for org.gnome.shell, not sure if it works TBD. + # #pkgs.gnomeExtensions.dash-to-dock # TBD Not sure what to do here yet. + # ]; + #}; + + # Maybe try this? + # https://hoverbear.org/blog/declarative-gnome-configuration-in-nixos/ + #programs.dconf.enable = true; + #dconf.settings = { + # "org/gnome/shell/" = { + # favorite-apps = [ + # "org.gnome.Terminal.desktop" + # "gnome-system-monitor.desktop" + # "org.gnome.Nautilus.desktop" + # "librewolf.desktop" + # "firefox.desktop" + # "org.gnome.Evolution.desktop" + # "deltachat.desktop" + # "codium.desktop" + # "org.shotcut.Shotcut.desktop" + # "lbry.desktop" + # "android-studio.desktop" + # "signal-desktop.desktop" + # ]; + # }; + #}; + + # Or this? + # https://rycee.gitlab.io/home-manager/index.html#sec-install-nixos-module + # https://rycee.gitlab.io/home-manager/options.html#opt-dconf.settings + #programs.dconf.enable = true; + #home-manager.users.ling = { pkgs, ... }: { + # + # home.packages = [ pkgs.atool pkgs.httpie ]; + # + # dconf.settings = { + # "/org/gnome/shell/extensions/dash-to-dock" = { + # dock-position = "'LEFT'"; + # dock-fixed = true; + # dash-max-icon-size = 24; + # }; + # }; + # + #}; + + ## + # Configure keymap in X11 services.xserver = { layout = "us"; @@ -87,25 +246,22 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.ling = { - isNormalUser = true; - description = "Hyperling"; - extraGroups = [ "networkmanager" "wheel" "sudo" ]; - packages = with pkgs; [ - #firefox - #thunderbird - ]; - }; + ############################################################################# + # Package Management + ############################################################################# # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget + ### + # List packages installed in system profile. + ## + # To search for names, run `nix search wget` or use the website in the header. environment.systemPackages = with pkgs; [ + ### # General - ansible + ## + #ansible # try installing under Python then maybe it can use psutil? vim mlocate git @@ -115,26 +271,98 @@ wget nmap lynis + htop + neofetch + cowsay + cron + zsh + # Python Setup + # Main documentation + # https://nixos.org/manual/nixpkgs/stable/#python + # See what modules are available, and which Python they are attached to: + # ls -l $(find "$(dirname $(which python))/.." -name site-packages) + # Looks like 3.10, not 3.11 like was being installed. So annoying! + # https://discourse.nixos.org/t/python3-not-importing-modules/22061/2 + #python3 + (python3.withPackages(ps: with ps; [ + pip # Works fine! Can access via `pip` or `python -m pip`. + psutil # Not working. Not in path nor `-m`. Maybe not supposed to be, but ansible dconf module still saying "ModuleNotFoundError: No module named 'psutil'" Maybe add to ansible's python somehow? + ansible # Nope, not accessible!!! WHAT!!! + ansible-core # It's here! Thanks https://pypi.org/project/ansible/, psutil still not available though!!!!!!!!!!!!! + ])) + #python3Packages.pip + #python3Packages.psutil # This does not work either, nor any 310 type versions. + #python3Packages.ansible # This does not work either, nor any 310 type versions. + ### + + ### # Coding + ## vscodium android-studio + dbeaver + bash + kotlin + nodejs + ksh + zsh + zulu # OpenJDK + #zulu8 # OpenJDK 8 + #python2 + #python + #godot # If using C# + godot_4 # If using Godot Script + ### + ### # Editing + ## + gimp shotcut openshot-qt + obs-studio ffmpeg + ### + ### # Workstation - gnomeExtensions.dock-from-dash - evolution - signal-desktop - lbry + ## + gnomeExtensions.dash-to-dock + gnome.nautilus + gnome.gnome-tweaks + gnome.dconf-editor + #gnome.gnome-terminal # This does not theme well and is different from Console. + gnome.gnome-system-monitor + gnome.gedit + gnome.geary + gnome.evince librewolf firefox - htop + evolution + deltachat-desktop + signal-desktop + lbry libreoffice vlc + remmina + imagemagick + #etcher # Broken as of 20231013, uses too old a version of Electron. + transmission + + # Wallets + #exodus # Not being found, 403 error. + monero-gui + ### + + ### + # Server + ## + # Not needed, prefer setting 'virtualisation.docker.enable'. + #docker + #docker-buildx + #docker-compose + ### ]; # Some programs need SUID wrappers, can be configured further or are @@ -145,23 +373,40 @@ # enableSSHSupport = true; # }; - # List services that you want to enable: + ## List services that you want to enable ## - # Enable the OpenSSH daemon. - # services.openssh.enable = true; + # Configure the OpenSSH daemon. + services.openssh = { + enable = true; + ports = [ + 22 + ]; + settings = { + PermitRootLogin = "no"; + AllowTcpForwarding = "no"; + ClientAliveInterval = 60; + ClientAliveCountMax = 2; + Compression = "no"; + LogLevel = "VERBOSE"; + MaxAuthTries = 3; + MaxSessions = 2; + TCPKeepAlive = "no"; + X11Forwarding = false; + AllowAgentForwarding = "no"; + PermitEmptyPasswords = "no"; + }; + }; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; + ############################################################################# + # Non-System Package Configuration + ############################################################################# - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? + # Be able to use the locate command. + services.locate.locate = pkgs.mlocate; + services.locate.localuser = null; + services.locate.enable = true; + + # Docker + virtualisation.docker.enable = true; } diff --git a/hardware-configuration.nix.example b/hardware-configuration.nix.example new file mode 100644 index 0000000..068903d --- /dev/null +++ b/hardware-configuration.nix.example @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + networking.hostName = "my-nixos-system"; # Define your hostname. + + fileSystems."/" = { + device = "/dev/disk/by-uuid/abc-123-456-xyz"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-1337-h4x0r-c00l-3ncrypt10n".device = "/dev/disk/by-uuid/more-alphabet-soup"; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0f1u6u3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/static.nix.example b/static.nix.example new file mode 100644 index 0000000..ba353cc --- /dev/null +++ b/static.nix.example @@ -0,0 +1,9 @@ +# File for adding system-specific configurations outside of any project, system, +# or ansible maintained files. Any specific recommendations are below. +{ config, pkgs, nix, ... }: + +{ + # This would be a good place to set up your swap file or partition if not + # using the Ansible project. It maintains this in ansible.nix, not here. + swapDevices = [ { device = "/swapfile"; } ]; +}