Finalize Working Version (#1)

* Add more GNOME helpers.

* Fix typo, adjust output.

* Update readme.

* Add more programs and a TBD.

* Add OpenJDK 8 as well.

* More programs, fix mlocate, start working on GNOME settings.

* Add success message.

* Fixing favorites, for some reason the files are different on NixOS than systems using Ansible.

* Add cron. Start working on header details.

* Modify Python configuration for ansible playbooks.

* More work on Python. Still not getting success with psutil.

* NixOS, python, and psutil are still being dumb with ansible.

* Add imagemagick for compressing file sizes.

* Automatically create backups the first time this is run each day.

* Create an example file.

* More comments, SSHD config, a few fixes, some TBDs, and general reorganization.

* Add a disclaimer.

* Make the file look more like a developer wrote it.

* Try adding wallets. Exodus seems broken. Monero works.

* Start trying a different route for dconf settings. May require "home manager".

* Add Docker.

* Create a static and ansible file. Import them, and give examples of what they are for.

* Add comments brainstorming how to do the different setups.

* Add home-manager. Still no luck with dconf. Not in Ansible either.

* Add godot.

* Add zsh.

* Move to Godot4.

* Remove extra space.

* Add balena etcher for USB sticks.

* Remove etcher, seems to have broken ability to update or install anything.

* Add a bittorrent client.

* Remove excess ssh ports. They were probably for testing.
This commit is contained in:
Hyperling 2023-10-17 04:33:40 -07:00 committed by GitHub
parent 580c8757c6
commit 730eaf9faa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 404 additions and 46 deletions

View File

@ -1,2 +1,11 @@
# nixos
# My NixOS Configuration(s)
Configuration file and helper scripts for my NixOS setup.
Just startred researching NixOS at the end of August 2023 and seeing if it makes
more sense than using Ansible across a multitude of different OS's.
## DISCLAIMERS
### THIS PROJECT IS A WORK IN PROGRESS
Currently still considered early alpha phase. Things work, but still have a ways
to go before the system is completely ready for "production".

View File

@ -6,21 +6,56 @@
DIR="$(dirname -- "${BASH_SOURCE[0]}")"
PROG="$(basename -- "${BASH_SOURCE[0]}")"
nix_ext="nix"
nixos_dir="/etc/nixos"
date_YYYYMMDD="`date "+%Y%m%d"`"
backup_dir="$nixos_dir/${date_YYYYMMDD}_Backups"
## Main ##
echo "Requesting sudo password if it has not already been requested recently."
sudo echo "Success!"
# Make a backup if one does not already exist for today.
if [[ ! -e "$backup_dir" ]]; then
echo -e "\nSaving backups for today."
sudo mkdir -pv "$backup_dir"
sudo cp -v "$nixos_dir"/*."$nix_ext" "$backup_dir"/
fi
# Ensure unmaintained files exist for import.
nix_static=$nixos_dir/static.nix
if [[ ! -e $nix_static ]]; then
echo "Creating '$nix_static'."
echo -e "{ config, pkgs, nix, ... }:\n\n{\n #\n}" | sudo tee $nix_static
fi
nix_ansible=$nixos_dir/ansible.nix
if [[ ! -e $nix_ansible ]]; then
echo "Creating '$nix_ansible' from '$nix_static'."
cp -v $nix_static $nix_ansible
fi
# Start the chain.
sudo echo "Success!" &&
sleep 0 &&
# Essentials, jeez!
echo "Making sure that /bin/bash is available." &&
sudo ln -vqfs `which bash` /bin/bash &&
echo -e "\nMaking sure that /bin/bash is available." &&
sudo ln -vfs `which bash` /bin/bash &&
# Install Home Manager for usage in configuration.nix type files.
echo -e "\nAdd Home Manager." &&
sudo nix-channel \
--add https://github.com/nix-community/home-manager/archive/master.tar.gz \
home-manager
sudo nix-channel --update
# Main install.
echo "Switching to the new configuration." &&
sudo cp $DIR/configuration.nix /etc/nixos/configuration.nix &&
echo -e "\nSwitching to the new configuration." &&
sudo cp "$DIR"/*."$nix_ext" "$nixos_dir"/ &&
sudo nixos-rebuild switch &&
# Completed successfully.
echo -e "\nSuccess!" &&
exit 0
## Errors ##

25
ansible.nix.example Normal file
View File

@ -0,0 +1,25 @@
# The ansible.nix file is for the Hyperling Ansible project to maintain. It
# should never be altered by hand unless Ansible has been turned off cron.
# https://github.com/Hyperling/ansible
{ config, pkgs, nix, ... }:
{
# tasks/general/software/swap.yml
# Use general.ini to set up the swap commands and this should be generated.
swapDevices = [ { device = "/swapfile"; } ];
###
# TBD
##
# Should this file include others? Or use blockinfile? searching for the
# headers below and then add their contents if they are wanted? Doing more
# includes might get messy, would probably want an entire ansible folder
# rather than adding more stuff to the roor /etc/nixos directory.
###
## General ##
## Workstation ##
## Server ##
}

View File

@ -2,13 +2,56 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
###############################################################################
# Helpful Documentation
#
# NixOS Manual:
# https://nixos.org/manual/nixos/stable/
#
# NixOS All Options:
# https://nixos.org/manual/nixos/stable/options.html
#
# Option Search:
# https://search.nixos.org/options
#
# Package Search:
# https://search.nixos.org/packages
###############################################################################
###############################################################################
# TBD
# Make each section is own $.nix file and include it based on Ansible checks.
###############################################################################
{ config, pkgs, nix, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
#############################################################################
# System Configuration
#############################################################################
imports =[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Include any static entries that are handled outside of this project.
./static.nix
# Include anything that Ansible has created.
./ansible.nix
# Home Manager.
<home-manager/nixos>
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
#############################################################################
# System Package Configuration
#############################################################################
# Bootloader.
boot.loader.grub.enable = true;
@ -23,6 +66,25 @@
# Enable grub cryptodisk
boot.loader.grub.enableCryptodisk=true;
# TBD: Does not work. Goes in "nix.conf"?
#nix.extraOptions = "
# --extra-experimental-features
#";
#############################################################################
# General Networking Configuration
#############################################################################
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# TBD: Should this be here?
boot.initrd.luks.devices."luks-39ae7203-d5af-47bf-95f6-b4f0eefebfc6".keyFile = "/crypto_keyfile.bin";
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -30,8 +92,9 @@
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
#############################################################################
# Locale
#############################################################################
# Set your time zone.
time.timeZone = "America/Phoenix";
@ -51,6 +114,25 @@
LC_TIME = "en_US.UTF-8";
};
#############################################################################
# User Setup
#############################################################################
# Define a user account. Don't forget to set a password with passwd.
users.users.ling = {
isNormalUser = true;
description = "Hyperling";
extraGroups = [ "networkmanager" "wheel" "sudo" "mlocate" "docker" ];
#packages = with pkgs; [
# #firefox
# #thunderbird
#];
};
#############################################################################
# Desktop Environment
#############################################################################
# Enable the X11 windowing system.
services.xserver.enable = true;
@ -58,6 +140,83 @@
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Remove the GNOME default packages.
#services.gnome.core-utilities.enable = false;
###
# GSettings, DConf type stuff.
##
# https://nixos.wiki/wiki/GNOME
#services.xserver.desktopManager.gnome = {
# extraGSettingsOverrides = ''
# # Favorite apps in gnome-shell
# [org.gnome.shell]
# favorite-apps= \
# [ 'org.gnome.Terminal.desktop', 'gnome-system-monitor.desktop' \
# , 'org.gnome.Nautilus.desktop' \
# , 'librewolf.desktop', 'firefox.desktop' \
# , 'org.gnome.Evolution.desktop', 'deltachat.desktop' \
# , 'codium.desktop' \
# , 'org.shotcut.Shotcut.desktop', 'lbry.desktop' \
# , 'android-studio.desktop' \
# , 'signal-desktop.desktop' \
# ]
#
# # TBD Need to finish figuring out how to load these.
# [org.gnome.shell.extensions.dash-to-dock]
# dock-position='LEFT'
# dock-fixed=true
# dash-max-icon-size=28
# '';
#
# extraGSettingsOverridePackages = [
# pkgs.gnome.gnome-shell # for org.gnome.shell, not sure if it works TBD.
# #pkgs.gnomeExtensions.dash-to-dock # TBD Not sure what to do here yet.
# ];
#};
# Maybe try this?
# https://hoverbear.org/blog/declarative-gnome-configuration-in-nixos/
#programs.dconf.enable = true;
#dconf.settings = {
# "org/gnome/shell/" = {
# favorite-apps = [
# "org.gnome.Terminal.desktop"
# "gnome-system-monitor.desktop"
# "org.gnome.Nautilus.desktop"
# "librewolf.desktop"
# "firefox.desktop"
# "org.gnome.Evolution.desktop"
# "deltachat.desktop"
# "codium.desktop"
# "org.shotcut.Shotcut.desktop"
# "lbry.desktop"
# "android-studio.desktop"
# "signal-desktop.desktop"
# ];
# };
#};
# Or this?
# https://rycee.gitlab.io/home-manager/index.html#sec-install-nixos-module
# https://rycee.gitlab.io/home-manager/options.html#opt-dconf.settings
#programs.dconf.enable = true;
#home-manager.users.ling = { pkgs, ... }: {
#
# home.packages = [ pkgs.atool pkgs.httpie ];
#
# dconf.settings = {
# "/org/gnome/shell/extensions/dash-to-dock" = {
# dock-position = "'LEFT'";
# dock-fixed = true;
# dash-max-icon-size = 24;
# };
# };
#
#};
##
# Configure keymap in X11
services.xserver = {
layout = "us";
@ -87,25 +246,22 @@
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.ling = {
isNormalUser = true;
description = "Hyperling";
extraGroups = [ "networkmanager" "wheel" "sudo" ];
packages = with pkgs; [
#firefox
#thunderbird
];
};
#############################################################################
# Package Management
#############################################################################
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
###
# List packages installed in system profile.
##
# To search for names, run `nix search wget` or use the website in the header.
environment.systemPackages = with pkgs; [
###
# General
ansible
##
#ansible # try installing under Python then maybe it can use psutil?
vim
mlocate
git
@ -115,26 +271,98 @@
wget
nmap
lynis
htop
neofetch
cowsay
cron
zsh
# Python Setup
# Main documentation
# https://nixos.org/manual/nixpkgs/stable/#python
# See what modules are available, and which Python they are attached to:
# ls -l $(find "$(dirname $(which python))/.." -name site-packages)
# Looks like 3.10, not 3.11 like was being installed. So annoying!
# https://discourse.nixos.org/t/python3-not-importing-modules/22061/2
#python3
(python3.withPackages(ps: with ps; [
pip # Works fine! Can access via `pip` or `python -m pip`.
psutil # Not working. Not in path nor `-m`. Maybe not supposed to be, but ansible dconf module still saying "ModuleNotFoundError: No module named 'psutil'" Maybe add to ansible's python somehow?
ansible # Nope, not accessible!!! WHAT!!!
ansible-core # It's here! Thanks https://pypi.org/project/ansible/, psutil still not available though!!!!!!!!!!!!!
]))
#python3Packages.pip
#python3Packages.psutil # This does not work either, nor any 310 type versions.
#python3Packages.ansible # This does not work either, nor any 310 type versions.
###
###
# Coding
##
vscodium
android-studio
dbeaver
bash
kotlin
nodejs
ksh
zsh
zulu # OpenJDK
#zulu8 # OpenJDK 8
#python2
#python
#godot # If using C#
godot_4 # If using Godot Script
###
###
# Editing
##
gimp
shotcut
openshot-qt
obs-studio
ffmpeg
###
###
# Workstation
gnomeExtensions.dock-from-dash
evolution
signal-desktop
lbry
##
gnomeExtensions.dash-to-dock
gnome.nautilus
gnome.gnome-tweaks
gnome.dconf-editor
#gnome.gnome-terminal # This does not theme well and is different from Console.
gnome.gnome-system-monitor
gnome.gedit
gnome.geary
gnome.evince
librewolf
firefox
htop
evolution
deltachat-desktop
signal-desktop
lbry
libreoffice
vlc
remmina
imagemagick
#etcher # Broken as of 20231013, uses too old a version of Electron.
transmission
# Wallets
#exodus # Not being found, 403 error.
monero-gui
###
###
# Server
##
# Not needed, prefer setting 'virtualisation.docker.enable'.
#docker
#docker-buildx
#docker-compose
###
];
# Some programs need SUID wrappers, can be configured further or are
@ -145,23 +373,40 @@
# enableSSHSupport = true;
# };
# List services that you want to enable:
## List services that you want to enable ##
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Configure the OpenSSH daemon.
services.openssh = {
enable = true;
ports = [
22
];
settings = {
PermitRootLogin = "no";
AllowTcpForwarding = "no";
ClientAliveInterval = 60;
ClientAliveCountMax = 2;
Compression = "no";
LogLevel = "VERBOSE";
MaxAuthTries = 3;
MaxSessions = 2;
TCPKeepAlive = "no";
X11Forwarding = false;
AllowAgentForwarding = "no";
PermitEmptyPasswords = "no";
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
#############################################################################
# Non-System Package Configuration
#############################################################################
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
# Be able to use the locate command.
services.locate.locate = pkgs.mlocate;
services.locate.localuser = null;
services.locate.enable = true;
# Docker
virtualisation.docker.enable = true;
}

View File

@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
networking.hostName = "my-nixos-system"; # Define your hostname.
fileSystems."/" = {
device = "/dev/disk/by-uuid/abc-123-456-xyz";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-1337-h4x0r-c00l-3ncrypt10n".device = "/dev/disk/by-uuid/more-alphabet-soup";
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0f1u6u3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

9
static.nix.example Normal file
View File

@ -0,0 +1,9 @@
# File for adding system-specific configurations outside of any project, system,
# or ansible maintained files. Any specific recommendations are below.
{ config, pkgs, nix, ... }:
{
# This would be a good place to set up your swap file or partition if not
# using the Ansible project. It maintains this in ansible.nix, not here.
swapDevices = [ { device = "/swapfile"; } ];
}