From 47c0e3911c1f97593bbff3c2fffe0797e21f5549 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Fri, 21 Jun 2024 20:03:49 -0400 Subject: [PATCH] update --- hosts/desktop/configuration.nix | 4 ++++ hosts/desktop/hardware-configuration.nix | 9 ++++----- hosts/desktop/home.nix | 9 +++++++++ modules/home-manager/i3/config | 2 ++ modules/home-manager/syncthing/default.nix | 9 +++++++++ modules/nixos/docker.nix | 3 +++ modules/nixos/nvidia.nix | 4 ++-- modules/nixos/postgres.nix | 18 ++++++++++++++++++ modules/nixos/ssh.nix | 9 +++++++++ modules/nixos/user.nix | 3 +++ 10 files changed, 63 insertions(+), 7 deletions(-) create mode 100644 modules/home-manager/syncthing/default.nix create mode 100644 modules/nixos/docker.nix create mode 100644 modules/nixos/postgres.nix create mode 100644 modules/nixos/ssh.nix diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 23ddc80..ab09cbd 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -7,6 +7,7 @@ inputs.home-manager.nixosModules.default ../../modules/nixos/bootloader.nix ../../modules/nixos/user.nix + ../../modules/nixos/ssh.nix ../../modules/nixos/nvidia.nix ../../modules/nixos/i3.nix ../../modules/nixos/nm.nix @@ -14,6 +15,8 @@ ../../modules/nixos/steam.nix ../../modules/nixos/env.nix ../../modules/nixos/1password.nix + ../../modules/nixos/postgres.nix + ../../modules/nixos/docker.nix ]; boot.kernelPackages = pkgs.linuxPackages_latest; @@ -33,6 +36,7 @@ wget git curl + lsof ]; home-manager = { diff --git a/hosts/desktop/hardware-configuration.nix b/hosts/desktop/hardware-configuration.nix index 3508a3f..b39fa03 100644 --- a/hosts/desktop/hardware-configuration.nix +++ b/hosts/desktop/hardware-configuration.nix @@ -14,18 +14,17 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/4dc20e43-03f8-4695-8bb5-ad9974215ac8"; + { device = "/dev/disk/by-uuid/f8d20844-226c-4375-9856-6ee29e08019c"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7F11-62C6"; + { device = "/dev/disk/by-uuid/FDF5-4C02"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; - swapDevices = - [ { device = "/dev/disk/by-uuid/51bbac0f-6f93-45ff-92b5-fea4d110c138"; } - ]; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 45f02fc..14716e3 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -14,6 +14,7 @@ ../../modules/home-manager/eza ../../modules/home-manager/bat ../../modules/home-manager/irssi + ../../modules/home-manager/syncthing ]; home.username = "mthomson"; home.homeDirectory = "/home/mthomson"; @@ -39,6 +40,14 @@ pasystray networkmanagerapplet mangohud + kubectl + k9s + kubeseal + velero + fluxcd + zoom-us + crawl + obsidian ]; home.sessionVariables = { diff --git a/modules/home-manager/i3/config b/modules/home-manager/i3/config index c37cb79..b959363 100644 --- a/modules/home-manager/i3/config +++ b/modules/home-manager/i3/config @@ -252,3 +252,5 @@ exec_always --no-startup-id dunst # pasystray exec_always --no-startup-id pasystray + +exec_always --no-startup-id syncthing diff --git a/modules/home-manager/syncthing/default.nix b/modules/home-manager/syncthing/default.nix new file mode 100644 index 0000000..e420b02 --- /dev/null +++ b/modules/home-manager/syncthing/default.nix @@ -0,0 +1,9 @@ +{ pkgs, config, ... }: + +{ + services = { + syncthing = { + enable = true; + }; + }; +} diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix new file mode 100644 index 0000000..a878015 --- /dev/null +++ b/modules/nixos/docker.nix @@ -0,0 +1,3 @@ +{ + virtualisation.docker.enable = true; +} diff --git a/modules/nixos/nvidia.nix b/modules/nixos/nvidia.nix index cee6526..bca3640 100644 --- a/modules/nixos/nvidia.nix +++ b/modules/nixos/nvidia.nix @@ -9,7 +9,7 @@ hardware.nvidia.modesetting.enable = true; hardware.nvidia.nvidiaSettings = true; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta; - services.xserver.videoDrivers = [ "nvidia "]; + services.xserver.videoDrivers = [ "nvidia" ]; } diff --git a/modules/nixos/postgres.nix b/modules/nixos/postgres.nix new file mode 100644 index 0000000..abd45f4 --- /dev/null +++ b/modules/nixos/postgres.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +{ + services.postgresql = { + enable = true; + ensureDatabases = [ "mydatabase" ]; + enableTCPIP = true; + port = 5432; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser origin-address auth-method + local all all trust + # ipv4 + host all all 127.0.0.1/32 trust + # ipv6 + host all all ::1/128 trust + ''; + }; +} diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix new file mode 100644 index 0000000..edf8d92 --- /dev/null +++ b/modules/nixos/ssh.nix @@ -0,0 +1,9 @@ +{ + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + #settings.PermitRootLogin = "yes"; + }; +} diff --git a/modules/nixos/user.nix b/modules/nixos/user.nix index 5b03d44..e48ac51 100644 --- a/modules/nixos/user.nix +++ b/modules/nixos/user.nix @@ -23,5 +23,8 @@ description = "Michael Thomson"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; []; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqLd5MRSD5GdVmFOgKGRq8t/I8I9xjH2gRMmNHSqtSPYWFx8xT8uOfwyHx1um73tMg99jb4LCs+OpTaTdEyitFygxF/UdSYvAwzP+Lg4p7n6vLljmt0V1i5Zbct3oPM5CKXsUaRZkNyJxB5gJEXe/wKQ3+xj59HV3+m6uw9MO72sI5PKSFIKQFA2LTCYkA2NfO+/VtrLwopcZ+fvIutdUgmaltA3ESWCglocQ+EDXFsdO/h2KUFN6sereT+EBVPC0ePbxWpT9gHZlpeHyPPDnDuj1lUYQisTVKiaRnyFk6FyLYyxquqk+kHX0vSGD/+tBQ/+NoE/ckp2XvjrM48M3+LqtTcOi5RnTHZFuP9NgKxUQyCGOntocNVJ50puLWgr1joFUdHABo3Xjaik0np0FL5QsfYFbNxY6x94OWUxYFUu+/ZRLMWhA3qab6+FcYo4nYB+VszNYv0kE0Lo0jk9EjACoDc/omS0i5P38wvMekwkE2k54U8CkkE+zB3gXtCATE+kN9/ueOy5W4xHhvnoRmMpFza2xO3LPIVB8mVTUiBRfwgz2+psb/AHQwsmORS9BzfA8QdaM1kbbmZo1F1iw8+m1ZCatos2xkcWgMwKfiT2224hZ7DsM+DAZ4IYQzxT7OBYknh7lX3kQeeficqF3Dlg2QLuAlOdnDqb2xyCSDyQ== mthomson" + ]; }; }