From a670aedce1c650fb179d046ec80bd05ca6a7f6cc Mon Sep 17 00:00:00 2001 From: beatzaplenty Date: Wed, 16 Jul 2025 13:33:23 +1000 Subject: [PATCH] new file: common/configuration.nix new file: common/hardware-configuration.nix new file: common/home.nix new file: flake.nix new file: hosts/docker/configuration.nix new file: hosts/nixos/configuration.nix new file: hosts/nixos/home.nix new file: hosts/server/configuration.nix new file: install.sh new file: prepare.sh --- common/configuration.nix | 48 ++++++++++++ common/hardware-configuration.nix | 33 ++++++++ common/home.nix | 30 ++++++++ flake.nix | 57 ++++++++++++++ hosts/docker/configuration.nix | 124 ++++++++++++++++++++++++++++++ hosts/nixos/configuration.nix | 111 ++++++++++++++++++++++++++ hosts/nixos/home.nix | 31 ++++++++ hosts/server/configuration.nix | 117 ++++++++++++++++++++++++++++ install.sh | 17 ++++ prepare.sh | 29 +++++++ 10 files changed, 597 insertions(+) create mode 100644 common/configuration.nix create mode 100644 common/hardware-configuration.nix create mode 100644 common/home.nix create mode 100644 flake.nix create mode 100644 hosts/docker/configuration.nix create mode 100644 hosts/nixos/configuration.nix create mode 100644 hosts/nixos/home.nix create mode 100644 hosts/server/configuration.nix create mode 100755 install.sh create mode 100755 prepare.sh diff --git a/common/configuration.nix b/common/configuration.nix new file mode 100644 index 0000000..94ad212 --- /dev/null +++ b/common/configuration.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + + ]; + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Australia/Brisbane"; + + # Enable QEMU agent + services.qemuGuest.enable = true; + + # Enable docker-compose + environment.systemPackages = with pkgs; [ + vim + btop + git + ]; +#Set root password +users.users.root = { + hashedPassword = "$6$Kwv9KAyvcurAViQF$H4.u3feqGE7lVoNgkFXhE3n2Pmo//9JYDTCz8ifrVHBxPjwa1xMby7tEZ8Bpt5MXs9Rkx6/YbZWxs5CpH0s/70"; +}; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + tree + ]; + hashedPassword = "$6$Kwv9KAyvcurAViQF$H4.u3feqGE7lVoNgkFXhE3n2Pmo//9JYDTCz8ifrVHBxPjwa1xMby7tEZ8Bpt5MXs9Rkx6/YbZWxs5CpH0s/70"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCq/Q5LvIXlZwO2kdeAN5nLGZ59nZB7JHYMEszHxmNtGMzv1lM31jiPNsr0z2EKVZhE7OOfa2IF9rhWYD7JUA9G0yzdZ4WTXFNGVVOJoOVH6vAF3XCxoVilOEwTc7h2Wiy+rzd0B28/3spffzQQWJhY6GRQVa8j+6xAGF60Fcvl1vLosYT9Bn2ZbK4TCWOwAn2jqXIieGpZdn/UNZbGOeKRiCvhktDfMAzuQzN/9jMu/oF4pkPn2X1UrsQdNlvp0Ci8md612MozIpncQJyAF1ADhunr3sMx0isUXiqD29R5DS4TftpekqLNLak+zcxFa8N7DcRNp3DcKfJvyTkwQrR4r+b7lFLYOLHLagSso9CzeW/paAS2q9I5SBm/2DtE1diLLg2jZikYcstsu/G5RgvbzbKqjiaMwTdXC3AMvDxQrs7U5pDRZFzoofG3cpODbTm+uy3m0kP70z0M1K45UbDG0p+itnTu9x40JbQEgefbx38AItNvAIx1A8HO4I1VX28= wayne@stream" + ]; + }; + + + # Enable the OpenSSH daemon. + services.openssh.enable = true; +} \ No newline at end of file diff --git a/common/hardware-configuration.nix b/common/hardware-configuration.nix new file mode 100644 index 0000000..6874fda --- /dev/null +++ b/common/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/common/home.nix b/common/home.nix new file mode 100644 index 0000000..a110dac --- /dev/null +++ b/common/home.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: + +{ + home.username = "nixos"; # your actual username + home.homeDirectory = "/home/nixos"; + home.stateVersion = "25.05"; # match your NixOS stateVersion + + programs.home-manager.enable = true; # mandatory to activate HM + + # Optional: packages + home.packages = with pkgs; [ + git + vim + tmux + ]; + + # Optional: set environment vars + home.sessionVariables = { + EDITOR = "vim"; + }; + + # Optional: enable bash (or zsh, fish...) + programs.bash.enable = true; + + # Optional: manage dotfiles via symlinks +# home.file = { +# ".tmux.conf".source = ./dotfiles/tmux.conf; +# ".config/nvim/init.vim".source = ./dotfiles/init.vim; +# }; +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c51f10a --- /dev/null +++ b/flake.nix @@ -0,0 +1,57 @@ +{ + description = "LAN NixOS configs"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-conf-editor.url = "github:snowfallorg/nixos-conf-editor"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, nixos-conf-editor, home-manager, ... } @ inputs: + let system = "x86_64-linux"; in { + nixosConfigurations = { + # automatically use each host folder by name + nixos = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./hosts/nixos/configuration.nix + ./common/hardware-configuration.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.nixos = import ./hosts/nixos/home.nix; + } + ]; + specialArgs = { inherit inputs; }; + }; + docker = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./hosts/docker/configuration.nix + ./common/hardware-configuration.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.nixos = import ./common/home.nix; + } + ]; + }; + server = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./hosts/server/configuration.nix + ./common/hardware-configuration.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.nixos = import ./common/home.nix; + } + ]; + }; + + }; + }; +} diff --git a/hosts/docker/configuration.nix b/hosts/docker/configuration.nix new file mode 100644 index 0000000..8ccda05 --- /dev/null +++ b/hosts/docker/configuration.nix @@ -0,0 +1,124 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs, ... }: + +let + pythonEnv = pkgs.python3.withPackages (ps: with ps; [ + docker + pytz + ]); +in + +{ + imports = + [ # Include the results of the hardware scan. + ../../common/configuration.nix + ]; + + networking.hostName = "docker"; # Define your hostname. + virtualisation.docker.enable = true; + + # Enable docker-compose + environment.systemPackages = with pkgs; [ + docker-compose + ]; + + # Mount docker persistent data + fileSystems."/mnt/docker-persistent-data" = { + device = "/dev/disk/by-label/docker-data"; + fsType = "ext4"; + options = [ "defaults" "nofail" "noatime" ]; + }; + +# Create nextcloud cron scheduled task +systemd.services.nextcloud = { + description = "Nextcloud scheduled task"; + script = ''docker-compose -f ~/docker/nextcloud/docker-compose.yml exec -u 33 webapp php ./cron.php''; + serviceConfig = { + Type = "oneshot"; + User = "nixos"; + }; + path = with pkgs; [ docker docker-compose ]; +}; + +systemd.timers.nextcloud = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*:0/5"; + Persistent = true; + }; +}; + +# create update task + + systemd.services.update-containers = { + description = "Update Docker Compose Containers"; + after = [ "docker.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "nixos"; + WorkingDirectory = "/home/nixos/docker"; + ExecStart = "${pythonEnv}/bin/python3 /home/nixos/docker/update-containers.py"; + StandardOutput = "journal"; + StandardError = "journal"; + }; + + path = [ pkgs.docker pkgs.docker-compose ]; # Ensures docker CLI is available in $PATH + }; + + +systemd.timers.update-containers = { + description = "Weekly + Reboot container update"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5min"; # Run 5 minutes after boot + OnUnitActiveSec = "1w"; # Run every week after last run + Persistent = true; # Catch up if system was off + }; +}; + +#Add sym links to data on users home folder +system.userActivationScripts.createDockerSymlink.text = '' + ln -sf /mnt/docker-persistent-data/docker /home/nixos/docker +''; +system.userActivationScripts.createSetupSymlink.text = '' + ln -sf /mnt/docker-persistent-data/setup /home/nixos/setup +''; + + users.users.nixos.extraGroups = [ "docker" ]; + services.openssh.settings.PermitRootLogin = "yes"; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 80 8080 443 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.sta> + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix new file mode 100644 index 0000000..82d16cd --- /dev/null +++ b/hosts/nixos/configuration.nix @@ -0,0 +1,111 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, inputs,... }: +let + nixosConfEditor = builtins.getFlake "github:snowfallorg/nixos-conf-editor"; +in { +#{ + environment.systemPackages = with pkgs; [ + inputs.nixos-conf-editor.packages.${pkgs.system}.nixos-conf-editor + nodejs + appimage-run + seahorse + ]; + + + + imports = + [ # Include the results of the hardware scan. + ../../common/configuration.nix + ]; + + # Bootloader. + boot.loader.grub.useOSProber = true; + + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + i18n.defaultLocale = "en_AU.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_AU.UTF-8"; + LC_IDENTIFICATION = "en_AU.UTF-8"; + LC_MEASUREMENT = "en_AU.UTF-8"; + LC_MONETARY = "en_AU.UTF-8"; + LC_NAME = "en_AU.UTF-8"; + LC_NUMERIC = "en_AU.UTF-8"; + LC_PAPER = "en_AU.UTF-8"; + LC_TELEPHONE = "en_AU.UTF-8"; + LC_TIME = "en_AU.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the Cinnamon Desktop Environment. + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.cinnamon.enable = true; +# services.xserver.desktopManager.xfce.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "au"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. +# services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + users.users.nixos.extraGroups = [ "networkmanager" ]; # Enable ‘sudo’ for the user. + + # Install firefox. + programs.firefox.enable = true; + + system.stateVersion = "25.05"; # Did you read the comment? + + + nix.settings.experimental-features = "nix-command flakes"; +services.xrdp.enable = true; +services.xrdp.defaultWindowManager = "cinnamon-session"; +services.xrdp.openFirewall = true; + +# systemd.services.nextcloud-appimage = { +# enable = true; +# Unit = { +# Description = "Nextcloud AppImage client"; +# After = [ "graphical-session.target" ]; +# Wants = [ "graphical-session.target" ]; # optional but helpful +# }; +# Service = { +# ExecStart = "/run/current-system/sw/bin/appimage-run /home/nixos/Applications/Nextcloud.AppImage --background"; +# Restart = "on-failure"; +# # You can add RestartSec = "5s"; if you like +# }; +# Install = { +# WantedBy = [ "default.target" ]; +# }; +# }; + +} diff --git a/hosts/nixos/home.nix b/hosts/nixos/home.nix new file mode 100644 index 0000000..c00b577 --- /dev/null +++ b/hosts/nixos/home.nix @@ -0,0 +1,31 @@ +{ config, pkgs, lib, ... }: + +{ + home.username = "nixos"; # your actual username + home.homeDirectory = "/home/nixos"; + home.stateVersion = "25.05"; # match your NixOS stateVersion + + programs.home-manager.enable = true; # mandatory to activate HM + + # Optional: packages + home.packages = with pkgs; [ + git + vim + tmux + nextcloud-client + ]; + + # Optional: set environment vars + home.sessionVariables = { + EDITOR = "vim"; + }; + + # Optional: enable bash (or zsh, fish...) + programs.bash.enable = true; + services.nextcloud-client = { + enable = true; + # Optionally start in background directly + startInBackground = true; + }; + +} \ No newline at end of file diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix new file mode 100644 index 0000000..f12c0f5 --- /dev/null +++ b/hosts/server/configuration.nix @@ -0,0 +1,117 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs,... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../../common/configuration.nix + ]; + + networking.hostName = "server"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Mount server data + fileSystems."/srv" = { + device = "/dev/disk/by-label/server-data"; + fsType = "ext4"; + options = [ "defaults" ]; + }; + + fileSystems."/backup" = { + device = "/dev/disk/by-label/backup-data"; + fsType = "ext4"; + options = [ "defaults" ]; + }; + +#Add sym links to data on users home folder +system.userActivationScripts.createDockerSymlink.text = '' + ln -sf /srv/scripts /home/nixos/scripts +''; +#system.userActivationScripts.createSetupSymlink.text = '' +# ln -sf /mnt/docker-persistent-data/setup /home/nixos/setup +#''; + +services.nfs.server = { + enable = true; + exports = '' + /srv/ 192.168.2.0/24(rw,sync,no_subtree_check) + /backup 192.168.2.0/24(rw,sync,no_subtree_check) + ''; +}; + + security.sudo = { + enable = true; + extraRules = [ + { + users = [ "nixos" ]; + commands = [ + { + command = "/run/current-system/sw/bin/rsync"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + }; + + + systemd.services.backup = { + description = "Backup data"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "root"; +# WorkingDirectory = "/home/nixos/scripts"; + ExecStart = "${pkgs.bash}/bin/bash -e /srv/scripts/rsync.sh"; + StandardOutput = "journal"; + StandardError = "journal"; + }; +path = with pkgs; [ bash rsync openssh coreutils ]; + }; + + +systemd.timers.backup = { + description = "Daily backup"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnUnitActiveSec = "1d"; # Run every day after last run + Persistent = true; # Catch up if system was off + }; +}; + + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 2049 ]; +# networking.firewall.allowedUDPPorts = [ 111 2049 20048 ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.sta> + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..3cc9fef --- /dev/null +++ b/install.sh @@ -0,0 +1,17 @@ +# set root user password + +$target = $1 +$configfile = $2 + +ssh-keygen -f "/home/wayne/.ssh/known_hosts" -R $target + + +# copy ssh cert to server +ssh-copy-id root@$target + +# Copy cofiguration file +scp ~/scripts/nixos/$configfile root@$target:/root/configuration.nix +scp ~/scripts/nixos/prepare.sh root@$target:/root + +# prepare server +ssh root@$target 'bash /root/prepare.sh' diff --git a/prepare.sh b/prepare.sh new file mode 100755 index 0000000..31c5328 --- /dev/null +++ b/prepare.sh @@ -0,0 +1,29 @@ +#create MBR table +parted /dev/sda -- mklabel msdos +#create nixos partition +parted /dev/sda -- mkpart primary 1MB -8GB +#set nixos partition to bootable +parted /dev/sda -- set 1 boot on +# create swap partition +parted /dev/sda -- mkpart primary linux-swap -8GB 100% + +#format OS partition +mkfs.ext4 -L nixos /dev/sda1 +#format swap +mkswap -L swap /dev/sda2 + +#activate swap +swapon /dev/sda2 + +#mount nixos partition +mount /dev/disk/by-label/nixos /mnt + +#Generate config +nixos-generate-config --root /mnt/ + +#copy customised configuration over +cp configuration.nix /mnt/etc/nixos/configuration.nix + +nixos-install --no-root-passwd + +reboot \ No newline at end of file