setup repo structure (& test system config)

2025-01-25 22:24:37 +01:00 · 2025-01-25 22:24:37 +01:00 · 67c2250833
commit 67c2250833
12 changed files with 573 additions and 0 deletions
--- a/modules/base_system.nix
+++ b/modules/base_system.nix
@ -0,0 +1,114 @@
+#
+# Module that is included for all systems and configures basic NixOS setting that we want
+#
+{
+  modulesPath,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  # boot config
+  boot.initrd.systemd.enable = true;
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "xhci_pci"
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+  boot.loader.systemd-boot = {
+    enable = true;
+    configurationLimit = 25;
+    editor = false;
+  };
+
+  # settings for nix and nixos
+  nixpkgs.config.allowUnfree = true;
+  nix.settings = {
+    tarball-ttl = 60;
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+
+  # link flake source into /etc/nixos
+  environment.etc."nixos".source = ../.;
+
+  # locale settings
+  time.timeZone = lib.mkDefault "Europe/Berlin";
+  i18n = {
+    # https://man.archlinux.org/man/locale.7
+    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    extraLocaleSettings = lib.genAttrs [
+      "LC_CTYPE"
+      "LC_NUMERIC"
+      "LC_TIME"
+      "LC_COLLATE"
+      "LC_MONETARY"
+      "LC_PAPER"
+      "LC_NAME"
+      "LC_ADDRESS"
+      "LC_TELEPHONE"
+      "LC_MEASUREMENT"
+      "LC_IDENTIFICATION"
+    ] (key: "de_DE.UTF-8");
+  };
+  services.xserver.xkb.layout = lib.mkDefault "de";
+
+  # vconsole
+  console = {
+    font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u16n.psf.gz";
+    packages = lib.mkDefault [ pkgs.terminus_font ];
+    keyMap = lib.mkDefault "de";
+    useXkbConfig = lib.mkDefault true;
+  };
+
+  # ssh server
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  # misc software settings
+  home-manager.useGlobalPkgs = lib.mkDefault true;
+  programs.command-not-found.enable = false;
+  environment.localBinInPath = true;
+  services.qemuGuest.enable = true;
+
+  # derive sops key from ssh key if ssh is enable and configure host sepcific secrets
+  sops.age.sshKeyPaths = lib.mkIf config.services.openssh.enable [ "/etc/ssh/ssh_host_ed25519_key" ];
+  #sops.defaultSopsFile = ../data/secrets + "/${config.networking.fqdnOrHostName}.yml";
+
+  # additional apps
+  environment.systemPackages = with pkgs; [
+    git
+    helix
+    htop
+  ];
+  #environment.variables = {
+  #  EDITOR = "hx";
+  #  VISUAL = "hx";
+  #};
+}
--- a/modules/user_account.nix
+++ b/modules/user_account.nix
@ -0,0 +1,28 @@
+{
+  modulesPath,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  programs.fish.enable = true;
+
+  users.users.noc = {
+    createHome = true;
+    extraGroups = [
+      "wheel"
+    ];
+    home = "/home/noc";
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPaVpSL8G9Gs16bSNn9tDl29PiN0SwYZuYCMkp9baSua lilly"
+    ];
+    hashedPassword = "$y$j9T$V7Fvq4uxK/NywaPgqsTgx1$K4/tlsLOHCONtuG5CrQpv5.4/UPsjrtdWeal/qp1UwD";
+    isNormalUser = true;
+  };
+
+  home-manager.users.noc = {
+    home.preferXdgDirectories = true;
+  };
+}