Compare commits
2 commits
624e55654d
...
abd59c27fc
Author | SHA1 | Date | |
---|---|---|---|
abd59c27fc | |||
|
2103ab9f6e |
23 changed files with 30 additions and 30 deletions
|
@ -8,7 +8,7 @@ ships with useful programs such as `nmtui`; the installation can still be done
|
||||||
through the terminal.
|
through the terminal.
|
||||||
|
|
||||||
### Disk Partitioning
|
### Disk Partitioning
|
||||||
For [impermanence](https://nixos.wiki/wiki/Impermanence), partitioning should
|
For [impermanence](https://wiki.nixos.org/wiki/Impermanence), partitioning should
|
||||||
be done as outlined in the [tmpfs as
|
be done as outlined in the [tmpfs as
|
||||||
root](https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/) blogpost, but with
|
root](https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/) blogpost, but with
|
||||||
`/nix` as a [LUKS-encrypted file
|
`/nix` as a [LUKS-encrypted file
|
||||||
|
@ -27,7 +27,7 @@ Systems](https://nixos.org/manual/nixos/stable/index.html#sec-luks-file-systems)
|
||||||
sections, ArchWiki's [LVM on
|
sections, ArchWiki's [LVM on
|
||||||
LUKS](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS),
|
LUKS](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS),
|
||||||
the unofficial NixOS wiki [Full Disk
|
the unofficial NixOS wiki [Full Disk
|
||||||
Encryption](https://nixos.wiki/wiki/Full_Disk_Encryption), and [this GitHub
|
Encryption](https://wiki.nixos.org/wiki/Full_Disk_Encryption), and [this GitHub
|
||||||
gist](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134).
|
gist](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134).
|
||||||
|
|
||||||
We create a 1GiB EFI boot partition (`/dev/sda1`) and the rest will be our
|
We create a 1GiB EFI boot partition (`/dev/sda1`) and the rest will be our
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
modulesPath,
|
modulesPath,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
|
# https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
];
|
];
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
}: {
|
}: {
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
# Main interface
|
# Main interface
|
||||||
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
|
# https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud
|
||||||
networks."10-lan" = {
|
networks."10-lan" = {
|
||||||
matchConfig.Name = "enp1s0";
|
matchConfig.Name = "enp1s0";
|
||||||
address = [
|
address = [
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
modulesPath,
|
modulesPath,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
|
# https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
# Main interface
|
# Main interface
|
||||||
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
|
# https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud
|
||||||
networks."10-lan" = {
|
networks."10-lan" = {
|
||||||
matchConfig.Name = "enp1s0";
|
matchConfig.Name = "enp1s0";
|
||||||
address = [
|
address = [
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
# Simple NixOS Mailserver.
|
# Simple NixOS Mailserver.
|
||||||
# https://nixos-mailserver.readthedocs.io
|
# https://nixos-mailserver.readthedocs.io
|
||||||
# https://nixos.wiki/wiki/Imapsync
|
# https://wiki.nixos.org/wiki/Imapsync
|
||||||
#
|
#
|
||||||
# DNS
|
# DNS
|
||||||
# Each domain delegates mail-handling to mail.caspervk.net using an MX
|
# Each domain delegates mail-handling to mail.caspervk.net using an MX
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
# Agenix manages the deployment of secrets by public-key encrypting them to
|
# Agenix manages the deployment of secrets by public-key encrypting them to
|
||||||
# each system's ssh host key. See the README for more information.
|
# each system's ssh host key. See the README for more information.
|
||||||
# https://github.com/ryantm/agenix
|
# https://github.com/ryantm/agenix
|
||||||
# https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes
|
# https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
# Docker is a utility to pack, ship and run any application as a lightweight
|
# Docker is a utility to pack, ship and run any application as a lightweight
|
||||||
# container.
|
# container.
|
||||||
# https://nixos.wiki/wiki/Docker
|
# https://wiki.nixos.org/wiki/Docker
|
||||||
|
|
||||||
virtualisation.docker = {
|
virtualisation.docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
# Fish is a Unix shell with a focus on interactivity and usability. Fish is
|
# Fish is a Unix shell with a focus on interactivity and usability. Fish is
|
||||||
# designed to give the user features by default, rather than by
|
# designed to give the user features by default, rather than by
|
||||||
# configuration.
|
# configuration.
|
||||||
# https://nixos.wiki/wiki/Fish
|
# https://wiki.nixos.org/wiki/Fish
|
||||||
# https://nixos.wiki/wiki/Command_Shell
|
# https://wiki.nixos.org/wiki/Command_Shell
|
||||||
|
|
||||||
programs.fish = {
|
programs.fish = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{home-manager, ...}: {
|
{home-manager, ...}: {
|
||||||
# Git version control system.
|
# Git version control system.
|
||||||
# https://nixos.wiki/wiki/Git
|
# https://wiki.nixos.org/wiki/Git
|
||||||
|
|
||||||
home-manager.users.caspervk = {
|
home-manager.users.caspervk = {
|
||||||
programs.git = {
|
programs.git = {
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
# in a structure based on the program or service rather than the
|
# in a structure based on the program or service rather than the
|
||||||
# implementation-specific details of where the output is saved to disk.
|
# implementation-specific details of where the output is saved to disk.
|
||||||
# https://nix-community.github.io/home-manager/
|
# https://nix-community.github.io/home-manager/
|
||||||
# https://nixos.wiki/wiki/Home_Manager
|
# https://wiki.nixos.org/wiki/Home_Manager
|
||||||
# https://nix-community.github.io/home-manager/options.html
|
# https://nix-community.github.io/home-manager/options.html
|
||||||
|
|
||||||
# Import Home Manager to make it part of the NixOS configuration
|
# Import Home Manager to make it part of the NixOS configuration
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
# stored in /nix/persist, into the tmpfs root partition on startup. For
|
# stored in /nix/persist, into the tmpfs root partition on startup. For
|
||||||
# example: /nix/persist/etc/machine-id is mounted to /etc/machine-id.
|
# example: /nix/persist/etc/machine-id is mounted to /etc/machine-id.
|
||||||
# https://github.com/nix-community/impermanence
|
# https://github.com/nix-community/impermanence
|
||||||
# https://nixos.wiki/wiki/Impermanence
|
# https://wiki.nixos.org/wiki/Impermanence
|
||||||
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
# https://nixos.wiki/wiki/Networking
|
# https://wiki.nixos.org/wiki/Networking
|
||||||
# https://nixos.wiki/wiki/Systemd-networkd
|
# https://wiki.nixos.org/wiki/Systemd-networkd
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
|
@ -34,8 +34,8 @@
|
||||||
# or
|
# or
|
||||||
# > sudo resolvectl log-level debug
|
# > sudo resolvectl log-level debug
|
||||||
# > sudo journalctl -fu systemd-resolved.service
|
# > sudo journalctl -fu systemd-resolved.service
|
||||||
# https://nixos.wiki/wiki/Encrypted_DNS
|
# https://wiki.nixos.org/wiki/Encrypted_DNS
|
||||||
# https://nixos.wiki/wiki/Systemd-resolved
|
# https://wiki.nixos.org/wiki/Systemd-resolved
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dnsovertls = "true";
|
dnsovertls = "true";
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
# https://nixos.wiki/wiki/Storage_optimization
|
# https://wiki.nixos.org/wiki/Storage_optimization
|
||||||
gc = {
|
gc = {
|
||||||
# Automatically run the nix garbage collector, removing files from
|
# Automatically run the nix garbage collector, removing files from
|
||||||
# the store that are not referenced by any generation.
|
# the store that are not referenced by any generation.
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# BorgBackup (short: Borg) is a deduplicating backup program.
|
# BorgBackup (short: Borg) is a deduplicating backup program.
|
||||||
# https://nixos.wiki/wiki/Borg_backup
|
# https://wiki.nixos.org/wiki/Borg_backup
|
||||||
# https://nixos.org/manual/nixos/stable/#module-borgbase
|
# https://nixos.org/manual/nixos/stable/#module-borgbase
|
||||||
# https://nixos.org/manual/nixos/stable/options#opt-services.borgbackup.jobs
|
# https://nixos.org/manual/nixos/stable/options#opt-services.borgbackup.jobs
|
||||||
# https://borgbackup.readthedocs.io/en/stable/
|
# https://borgbackup.readthedocs.io/en/stable/
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{home-manager, ...}: {
|
{home-manager, ...}: {
|
||||||
# https://flatpak.org/setup/NixOS
|
# https://flatpak.org/setup/NixOS
|
||||||
# https://nixos.wiki/wiki/Flatpak
|
# https://wiki.nixos.org/wiki/Flatpak
|
||||||
|
|
||||||
services.flatpak.enable = true;
|
services.flatpak.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# Gammestep automatically adjusts the screen's colour temperature. It's
|
# Gammestep automatically adjusts the screen's colour temperature. It's
|
||||||
# basically redshift for Wayland.
|
# basically redshift for Wayland.
|
||||||
# https://gitlab.com/chinstrap/gammastep
|
# https://gitlab.com/chinstrap/gammastep
|
||||||
# https://nixos.wiki/wiki/Gammastep
|
# https://wiki.nixos.org/wiki/Gammastep
|
||||||
|
|
||||||
home-manager.users.caspervk = {
|
home-manager.users.caspervk = {
|
||||||
services.gammastep = {
|
services.gammastep = {
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# PipeWire is a new low-level multimedia framework. It aims to offer capture
|
# PipeWire is a new low-level multimedia framework. It aims to offer capture
|
||||||
# and playback for both audio and video with minimal latency and support for
|
# and playback for both audio and video with minimal latency and support for
|
||||||
# PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
|
# PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
|
||||||
# https://nixos.wiki/wiki/PipeWire
|
# https://wiki.nixos.org/wiki/PipeWire
|
||||||
|
|
||||||
services.pipewire = {
|
services.pipewire = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# https://nixos.wiki/wiki/Sway
|
# https://wiki.nixos.org/wiki/Sway
|
||||||
|
|
||||||
programs.sway = {
|
programs.sway = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -295,7 +295,7 @@
|
||||||
auth include login
|
auth include login
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# https://nixos.wiki/wiki/Fonts
|
# https://wiki.nixos.org/wiki/Fonts
|
||||||
fonts = {
|
fonts = {
|
||||||
enableDefaultPackages = true;
|
enableDefaultPackages = true;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{home-manager, ...}: {
|
{home-manager, ...}: {
|
||||||
# https://nixos.wiki/wiki/Virt-manager
|
# https://wiki.nixos.org/wiki/Virt-manager
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
programs.virt-manager.enable = true;
|
programs.virt-manager.enable = true;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{pkgs, ...}: {
|
{pkgs, ...}: {
|
||||||
# https://nixos.wiki/wiki/Lutris
|
# https://wiki.nixos.org/wiki/Lutris
|
||||||
# https://nixos.wiki/wiki/Steam
|
# https://wiki.nixos.org/wiki/Steam
|
||||||
programs.steam.enable = true;
|
programs.steam.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -10,7 +10,7 @@ lib.mkIf (config.security.acme.certs != {}) {
|
||||||
# Instead of managing certificates in each individual service, NixOS supports
|
# Instead of managing certificates in each individual service, NixOS supports
|
||||||
# automatic certificate retrieval and renewal using
|
# automatic certificate retrieval and renewal using
|
||||||
# `security.acme.certs.<name>` through the ACME protocol.
|
# `security.acme.certs.<name>` through the ACME protocol.
|
||||||
# https://nixos.wiki/wiki/ACME
|
# https://wiki.nixos.org/wiki/ACME
|
||||||
# https://nixos.org/manual/nixos/stable/index.html#module-security-acme
|
# https://nixos.org/manual/nixos/stable/index.html#module-security-acme
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
lib.mkIf (config.services.caddy.virtualHosts != {}) {
|
lib.mkIf (config.services.caddy.virtualHosts != {}) {
|
||||||
# Caddy is a powerful, enterprise-ready, open source web server with
|
# Caddy is a powerful, enterprise-ready, open source web server with
|
||||||
# automatic HTTPS written in Go.
|
# automatic HTTPS written in Go.
|
||||||
# https://nixos.wiki/wiki/Caddy
|
# https://wiki.nixos.org/wiki/Caddy
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue