commit b0d3cab8897dc7785210426f8e97c28c6fb113c5 Author: Shahab Dogar Date: Tue Aug 20 07:44:53 2024 +0500 initial commit diff --git a/nixos/configuration.nix b/nixos/configuration.nix new file mode 100644 index 0000000..0e85bfd --- /dev/null +++ b/nixos/configuration.nix @@ -0,0 +1,151 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, meta, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ]; + + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = meta.hostname; # Define your hostname. + # Pick only one of the below networking options. + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Asia/Karachi"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + #useXkbConfig = true; # use xkb.options in tty. + }; + + # Fixes for longhorn + systemd.tmpfiles.rules = [ + "L+ /usr/local/bin - - - - /run/current-system/sw/bin/" + ]; + virtualisation.docker.logDriver = "json-file"; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + services.k3s = { + enable = true; + role = "server"; + tokenFile = /var/lib/rancher/k3s/server/token; + extraFlags = toString ([ + "--write-kubeconfig-mode \"0644\"" + "--cluster-init" + "--disable servicelb" + "--disable traefik" + "--disable local-storage" + ] ++ (if meta.hostname == "homelab-0" then [] else [ + "--server https://homelab-0:6443" + ])); + clusterInit = (meta.hostname == "homelab-0"); + }; + + services.openiscsi = { + enable = true; + name = "iqn.2016-04.com.open-iscsi:${meta.hostname}"; + }; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.shahab = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + tree + ]; + # Created using mkpasswd + hashedPassword = "$6$.ZlYnf2cZph4tCbM$E/JJUDirRV8MZrgX4Rh.Pi1q95tev1ZxcKjPA1I.uURv56qoWcC39MJWO9S2T5MlkPVbSLGiM8Ihfz9mERImo/"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD/V4jLpuk7uAovkbHFr6uulfBKZmsH+BqmXIR2aYD0" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + neovim + k3s + cifs-utils + nfs-utils + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ 80 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} diff --git a/nixos/disko-config.nix b/nixos/disko-config.nix new file mode 100644 index 0000000..36219d9 --- /dev/null +++ b/nixos/disko-config.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + vdb = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "128M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/home/shahab" = { }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = [ "compress=zstd" "noatime" ]; + mountpoint = "/nix"; + }; + }; + + mountpoint = "/partition-root"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/flake.lock b/nixos/flake.lock new file mode 100644 index 0000000..d6e3d85 --- /dev/null +++ b/nixos/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724031427, + "narHash": "sha256-o1HdAf+7IGv9M13R3c+zc/sJ0QgeEnhsvHBcodI4UpM=", + "owner": "nix-community", + "repo": "disko", + "rev": "4e719b38fa7c85f4f65d0308ca7084c91e7bdd6d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1723938990, + "narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nixos/flake.nix b/nixos/flake.nix new file mode 100644 index 0000000..7be07a7 --- /dev/null +++ b/nixos/flake.nix @@ -0,0 +1,35 @@ +{ + description = "Homelab NixOS Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + # Disko + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, disko, ... }@inputs: let + nodes = [ + "homelab-0" + "homelab-1" + "homelab-2" + ]; + in { + nixosConfigurations = builtins.listToAttrs (map (name: { + name = name; + value = nixpkgs.lib.nixosSystem { + specialArgs = { + meta = { hostname = name; }; + }; + system = "x86_64-linux"; + modules = [ + # Modules + disko.nixosModules.disko + ./hardware-configuration.nix + ./disko-config.nix + ./configuration.nix + ]; + }; + }) nodes); + }; +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix new file mode 100644 index 0000000..9512663 --- /dev/null +++ b/nixos/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}