Finalize Working Version (#1)

* Add more GNOME helpers.

* Fix typo, adjust output.

* Update readme.

* Add more programs and a TBD.

* Add OpenJDK 8 as well.

* More programs, fix mlocate, start working on GNOME settings.

* Add success message.

* Fixing favorites, for some reason the files are different on NixOS than systems using Ansible.

* Add cron. Start working on header details.

* Modify Python configuration for ansible playbooks.

* More work on Python. Still not getting success with psutil.

* NixOS, python, and psutil are still being dumb with ansible.

* Add imagemagick for compressing file sizes.

* Automatically create backups the first time this is run each day.

* Create an example file.

* More comments, SSHD config, a few fixes, some TBDs, and general reorganization.

* Add a disclaimer.

* Make the file look more like a developer wrote it.

* Try adding wallets. Exodus seems broken. Monero works.

* Start trying a different route for dconf settings. May require "home manager".

* Add Docker.

* Create a static and ansible file. Import them, and give examples of what they are for.

* Add comments brainstorming how to do the different setups.

* Add home-manager. Still no luck with dconf. Not in Ansible either.

* Add godot.

* Add zsh.

* Move to Godot4.

* Remove extra space.

* Add balena etcher for USB sticks.

* Remove etcher, seems to have broken ability to update or install anything.

* Add a bittorrent client.

* Remove excess ssh ports. They were probably for testing.

README.md

@@ -1,2 +1,11 @@
-# nixos
+# My NixOS Configuration(s)
 Configuration file and helper scripts for my NixOS setup.
+
+Just startred researching NixOS at the end of August 2023 and seeing if it makes
+more sense than using Ansible across a multitude of different OS's.
+
+## DISCLAIMERS
+### THIS PROJECT IS A WORK IN PROGRESS
+
+Currently still considered early alpha phase. Things work, but still have a ways
+to go before the system is completely ready for "production".

activate.sh

@@ -6,21 +6,56 @@
 DIR="$(dirname -- "${BASH_SOURCE[0]}")"
 PROG="$(basename -- "${BASH_SOURCE[0]}")"
 
+nix_ext="nix"
+nixos_dir="/etc/nixos"
+date_YYYYMMDD="`date "+%Y%m%d"`"
+backup_dir="$nixos_dir/${date_YYYYMMDD}_Backups"
+
 ## Main ##
 
 echo "Requesting sudo password if it has not already been requested recently."
+sudo echo "Success!"
+
+# Make a backup if one does not already exist for today.
+if [[ ! -e "$backup_dir" ]]; then
+	echo -e "\nSaving backups for today."
+	sudo mkdir -pv "$backup_dir"
+	sudo cp -v "$nixos_dir"/*."$nix_ext" "$backup_dir"/
+fi
+
+# Ensure unmaintained files exist for import.
+nix_static=$nixos_dir/static.nix
+if [[ ! -e $nix_static ]]; then
+	echo "Creating '$nix_static'."
+	echo -e "{ config, pkgs, nix, ... }:\n\n{\n  #\n}" | sudo tee $nix_static
+fi
+nix_ansible=$nixos_dir/ansible.nix
+if [[ ! -e $nix_ansible ]]; then
+	echo "Creating '$nix_ansible' from '$nix_static'."
+	cp -v $nix_static $nix_ansible
+fi
 
 # Start the chain.
-sudo echo "Success!" &&
+sleep 0 &&
 
 	# Essentials, jeez!
-	echo "Making sure that /bin/bash is available." &&
+	echo -e "\nMaking sure that /bin/bash is available." &&
-	sudo ln -vqfs `which bash` /bin/bash &&
+	sudo ln -vfs `which bash` /bin/bash &&
+
+	# Install Home Manager for usage in configuration.nix type files.
+	echo -e "\nAdd Home Manager." &&
+	sudo nix-channel \
+		--add https://github.com/nix-community/home-manager/archive/master.tar.gz \
+		home-manager
+	sudo nix-channel --update
 
 	# Main install.
-	echo "Switching to the new configuration." &&
+	echo -e "\nSwitching to the new configuration." &&
-	sudo cp $DIR/configuration.nix /etc/nixos/configuration.nix &&
+	sudo cp "$DIR"/*."$nix_ext" "$nixos_dir"/ &&
 	sudo nixos-rebuild switch &&
+
+	# Completed successfully.
+	echo -e "\nSuccess!" &&
 	exit 0
 
 ## Errors ##

ansible.nix.example

@@ -0,0 +1,25 @@
+# The ansible.nix file is for the Hyperling Ansible project to maintain. It
+# should never be altered by hand unless Ansible has been turned off cron.
+#   https://github.com/Hyperling/ansible
+{ config, pkgs, nix, ... }:
+
+{
+  # tasks/general/software/swap.yml
+  # Use general.ini to set up the swap commands and this should be generated.
+  swapDevices = [ { device = "/swapfile"; } ];
+
+  ###
+  # TBD
+  ##
+  # Should this file include others? Or use blockinfile? searching for the
+  # headers below and then add their contents if they are wanted? Doing more
+  # includes might get messy, would probably want an entire ansible folder
+  # rather than adding more stuff to the roor /etc/nixos directory.
+  ###
+
+  ## General ##
+
+  ## Workstation ##
+
+  ## Server ##
+}

configuration.nix

@@ -2,13 +2,56 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+###############################################################################
+# Helpful Documentation
+#
+#   NixOS Manual:
+#     https://nixos.org/manual/nixos/stable/
+#
+#   NixOS All Options:
+#      https://nixos.org/manual/nixos/stable/options.html
+#
+#   Option Search:
+#     https://search.nixos.org/options
+#
+#   Package Search:
+#     https://search.nixos.org/packages
+###############################################################################
+
+###############################################################################
+# TBD
+# Make each section is own $.nix file and include it based on Ansible checks.
+###############################################################################
+
+{ config, pkgs, nix, ... }:
 
 {
-  imports =
+  #############################################################################
-    [ # Include the results of the hardware scan.
+  # System Configuration
-      ./hardware-configuration.nix
+  #############################################################################
-    ];
+
+  imports =[
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    # Include any static entries that are handled outside of this project.
+    ./static.nix
+    # Include anything that Ansible has created.
+    ./ansible.nix
+    # Home Manager.
+    <home-manager/nixos>
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+  #############################################################################
+  # System Package Configuration
+  #############################################################################
 
   # Bootloader.
   boot.loader.grub.enable = true;
@@ -23,6 +66,25 @@
   # Enable grub cryptodisk
   boot.loader.grub.enableCryptodisk=true;
 
+  # TBD: Does not work. Goes in "nix.conf"?
+  #nix.extraOptions = "
+  #  --extra-experimental-features
+  #";
+
+  #############################################################################
+  # General Networking Configuration
+  #############################################################################
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # TBD: Should this be here?
   boot.initrd.luks.devices."luks-39ae7203-d5af-47bf-95f6-b4f0eefebfc6".keyFile = "/crypto_keyfile.bin";
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
@@ -30,8 +92,9 @@
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
-  # Enable networking
+  #############################################################################
-  networking.networkmanager.enable = true;
+  # Locale
+  #############################################################################
 
   # Set your time zone.
   time.timeZone = "America/Phoenix";
@@ -51,6 +114,25 @@
     LC_TIME = "en_US.UTF-8";
   };
 
+  #############################################################################
+  # User Setup
+  #############################################################################
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.ling = {
+    isNormalUser = true;
+    description = "Hyperling";
+    extraGroups = [ "networkmanager" "wheel" "sudo" "mlocate" "docker" ];
+    #packages = with pkgs; [
+    #  #firefox
+    #  #thunderbird
+    #];
+  };
+
+  #############################################################################
+  # Desktop Environment
+  #############################################################################
+
   # Enable the X11 windowing system.
   services.xserver.enable = true;
 
@@ -58,6 +140,83 @@
   services.xserver.displayManager.gdm.enable = true;
   services.xserver.desktopManager.gnome.enable = true;
 
+  # Remove the GNOME default packages.
+  #services.gnome.core-utilities.enable = false;
+
+  ###
+  # GSettings, DConf type stuff.
+  ##
+  #   https://nixos.wiki/wiki/GNOME
+  #services.xserver.desktopManager.gnome = {
+  #  extraGSettingsOverrides = ''
+  #    # Favorite apps in gnome-shell
+  #    [org.gnome.shell]
+  #    favorite-apps= \
+  #      [ 'org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop' \
+  #      , 'org.gnome.Nautilus.desktop' \
+  #      , 'librewolf.desktop', 'firefox.desktop' \
+  #      , 'org.gnome.Evolution.desktop', 'deltachat.desktop' \
+  #      , 'codium.desktop' \
+  #      , 'org.shotcut.Shotcut.desktop', 'lbry.desktop' \
+  #      , 'android-studio.desktop' \
+  #      , 'signal-desktop.desktop' \
+  #      ]
+  #
+  #    # TBD Need to finish figuring out how to load these.
+  #    [org.gnome.shell.extensions.dash-to-dock]
+  #    dock-position='LEFT'
+  #    dock-fixed=true
+  #    dash-max-icon-size=28
+  #  '';
+  #
+  #  extraGSettingsOverridePackages = [
+  #    pkgs.gnome.gnome-shell # for org.gnome.shell, not sure if it works TBD.
+  #    #pkgs.gnomeExtensions.dash-to-dock # TBD Not sure what to do here yet.
+  #  ];
+  #};
+
+  # Maybe try this?
+  #   https://hoverbear.org/blog/declarative-gnome-configuration-in-nixos/
+  #programs.dconf.enable = true;
+  #dconf.settings = {
+  #  "org/gnome/shell/" = {
+  #    favorite-apps = [
+  #      "org.gnome.Terminal.desktop"
+  #      "gnome-system-monitor.desktop"
+  #      "org.gnome.Nautilus.desktop"
+  #      "librewolf.desktop"
+  #      "firefox.desktop"
+  #      "org.gnome.Evolution.desktop"
+  #      "deltachat.desktop"
+  #      "codium.desktop"
+  #      "org.shotcut.Shotcut.desktop"
+  #      "lbry.desktop"
+  #      "android-studio.desktop"
+  #      "signal-desktop.desktop"
+  #    ];
+  #  };
+  #};
+
+  # Or this?
+  # https://rycee.gitlab.io/home-manager/index.html#sec-install-nixos-module
+  # https://rycee.gitlab.io/home-manager/options.html#opt-dconf.settings
+  #programs.dconf.enable = true;
+  #home-manager.users.ling = { pkgs, ... }: {
+  #
+  #  home.packages = [ pkgs.atool pkgs.httpie ];
+  #
+  #  dconf.settings = {
+  #    "/org/gnome/shell/extensions/dash-to-dock" = {
+  #      dock-position = "'LEFT'";
+  #      dock-fixed = true;
+  #      dash-max-icon-size = 24;
+  #    };
+  #  };
+  #
+  #};
+
+  ##
+
   # Configure keymap in X11
   services.xserver = {
     layout = "us";
@@ -87,25 +246,22 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  #############################################################################
-  users.users.ling = {
+  # Package Management
-    isNormalUser = true;
+  #############################################################################
-    description = "Hyperling";
-    extraGroups = [ "networkmanager" "wheel" "sudo" ];
-    packages = with pkgs; [
-      #firefox
-      #thunderbird
-    ];
-  };
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
-  # List packages installed in system profile. To search, run:
+  ###
-  # $ nix search wget
+  # List packages installed in system profile.
+  ##
+  # To search for names, run `nix search wget` or use the website in the header.
   environment.systemPackages = with pkgs; [
+    ###
     # General
-    ansible
+    ##
+    #ansible # try installing under Python then maybe it can use psutil?
     vim
     mlocate
     git
@@ -115,26 +271,98 @@
     wget
     nmap
     lynis
+    htop
+    neofetch
+    cowsay
+    cron
+    zsh
 
+    # Python Setup
+    # Main documentation
+    #   https://nixos.org/manual/nixpkgs/stable/#python
+    # See what modules are available, and which Python they are attached to:
+    #   ls -l $(find "$(dirname $(which python))/.."  -name site-packages)
+    #     Looks like 3.10, not 3.11 like was being installed. So annoying!
+    #   https://discourse.nixos.org/t/python3-not-importing-modules/22061/2
+    #python3
+    (python3.withPackages(ps: with ps; [
+      pip    # Works fine! Can access via `pip` or `python -m pip`.
+      psutil # Not working. Not in path nor `-m`. Maybe not supposed to be, but ansible dconf module still saying "ModuleNotFoundError: No module named 'psutil'" Maybe add to ansible's python somehow?
+      ansible # Nope, not accessible!!! WHAT!!!
+      ansible-core # It's here! Thanks https://pypi.org/project/ansible/, psutil still not available though!!!!!!!!!!!!!
+    ]))
+    #python3Packages.pip
+    #python3Packages.psutil # This does not work either, nor any 310 type versions.
+    #python3Packages.ansible # This does not work either, nor any 310 type versions.
+    ###
+
+    ###
     # Coding
+    ##
     vscodium
     android-studio
+    dbeaver
+    bash
+    kotlin
+    nodejs
+    ksh
+    zsh
+    zulu  # OpenJDK
+    #zulu8 # OpenJDK 8
+    #python2
+    #python
+    #godot # If using C#
+    godot_4 # If using Godot Script
+    ###
 
+    ###
     # Editing
+    ##
+    gimp
     shotcut
     openshot-qt
+    obs-studio
     ffmpeg
+    ###
 
+    ###
     # Workstation
-    gnomeExtensions.dock-from-dash
+    ##
-    evolution
+    gnomeExtensions.dash-to-dock
-    signal-desktop
+    gnome.nautilus
-    lbry
+    gnome.gnome-tweaks
+    gnome.dconf-editor
+    #gnome.gnome-terminal # This does not theme well and is different from Console.
+    gnome.gnome-system-monitor
+    gnome.gedit
+    gnome.geary
+    gnome.evince
     librewolf
     firefox
-    htop
+    evolution
+    deltachat-desktop
+    signal-desktop
+    lbry
     libreoffice
     vlc
+    remmina
+    imagemagick
+    #etcher # Broken as of 20231013, uses too old a version of Electron.
+    transmission
+
+    # Wallets
+    #exodus # Not being found, 403 error.
+    monero-gui
+    ###
+
+    ###
+    # Server
+    ##
+    # Not needed, prefer setting 'virtualisation.docker.enable'.
+    #docker
+    #docker-buildx
+    #docker-compose
+    ###
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -145,23 +373,40 @@
   #   enableSSHSupport = true;
   # };
 
-  # List services that you want to enable:
+  ## List services that you want to enable ##
 
-  # Enable the OpenSSH daemon.
+  # Configure the OpenSSH daemon.
-  # services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    ports = [
+      22
+    ];
+    settings = {
+      PermitRootLogin = "no";
+      AllowTcpForwarding = "no";
+      ClientAliveInterval = 60;
+      ClientAliveCountMax = 2;
+      Compression = "no";
+      LogLevel = "VERBOSE";
+      MaxAuthTries = 3;
+      MaxSessions = 2;
+      TCPKeepAlive = "no";
+      X11Forwarding = false;
+      AllowAgentForwarding = "no";
+      PermitEmptyPasswords = "no";
+    };
+  };
 
-  # Open ports in the firewall.
+  #############################################################################
-  # networking.firewall.allowedTCPPorts = [ ... ];
+  # Non-System Package Configuration
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  #############################################################################
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
 
-  # This value determines the NixOS release from which the default
+  # Be able to use the locate command.
-  # settings for stateful data, like file locations and database versions
+  services.locate.locate = pkgs.mlocate;
-  # on your system were taken. It‘s perfectly fine and recommended to leave
+  services.locate.localuser = null;
-  # this value at the release version of the first install of this system.
+  services.locate.enable = true;
-  # Before changing this value read the documentation for this option
+
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  # Docker
-  system.stateVersion = "23.05"; # Did you read the comment?
+  virtualisation.docker.enable = true;
 
 }

hardware-configuration.nix.example

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  networking.hostName = "my-nixos-system"; # Define your hostname.
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/abc-123-456-xyz";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-1337-h4x0r-c00l-3ncrypt10n".device = "/dev/disk/by-uuid/more-alphabet-soup";
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp5s0f1u6u3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

static.nix.example

@@ -0,0 +1,9 @@
+# File for adding system-specific configurations outside of any project, system,
+# or ansible maintained files. Any specific recommendations are below.
+{ config, pkgs, nix, ... }:
+
+{
+  # This would be a good place to set up your swap file or partition if not
+  # using the Ansible project. It maintains this in ansible.nix, not here.
+  swapDevices = [ { device = "/swapfile"; } ];
+}