#+PROPERTY: header-args :mkdirp yes * Systems I have opted to use NixOS for my systems moving forward. You can read a bit more about this move [[https://blog.gabrielsimmer.com/posts/from-guix-to-nixos][here]]. I haven't dabbled with custom configuration too much so this is pretty close to the default configuration. ** London London is my primary desktop. #+begin_src nix :tangle nix/configuration.nix { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; nixpkgs.config.allowUnfree = true; boot.kernelPackages = pkgs.linuxPackages_latest; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "london"; # i18n stuff. time.timeZone = "Europe/London"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # Networking stuff. networking.useDHCP = false; networking.interfaces.enp4s0.useDHCP = true; services.tailscale.enable = true; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; hardware.opengl = { enable = true; extraPackages = with pkgs; [ vaapiIntel vaapiVdpau libvdpau-va-gl ]; setLdLibraryPath = true; driSupport32Bit = true; }; # Required for Proton games to function. programs.steam.enable = true; # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; # Configure keymap in X11 services.xserver.layout = "us"; # Disabled and replaced with Pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; programs.zsh.enable = true; users.users.gsimmer = { isNormalUser = true; shell = pkgs.zsh; extraGroups = [ "wheel" "networkmanager" ]; }; environment.systemPackages = with pkgs; [ vim wget firefox emacs curl podman tailscale ]; services.flatpak.enable = true; xdg.portal.enable = true; programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; networking.firewall.enable = false; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? } #+end_src My goal here is to leverage the hardware configuration generated by the NixOS to seperate out the specific-to-my-current-hardware configuration. #+begin_src nix :tangle nix/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; services.xserver = { libinput = { enable = true; mouse = { accelProfile = "flat"; }; }; }; fileSystems."/" = { device = "/dev/disk/by-uuid/eb8699bd-a9e9-4166-8879-559b244caa20"; fsType = "ext4"; options = [ "noatime" "nodiratime" "discard" ]; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/D582-4408"; fsType = "vfat"; options = [ "noatime" "nodiratime" "discard" ]; }; fileSystems."/mnt/wd" = { device = "/dev/disk/by-partlabel/WD"; fsType = "ext4"; options = [ "noatime" "nodiratime" "discard" ]; }; fileSystems."/mnt/fhg" = { device = "/dev/disk/by-label/FHG"; fsType = "ext4"; options = [ "noatime" "nodiratime" "discard" ]; }; swapDevices = [ { device = "/dev/disk/by-uuid/8a0c74ad-a88f-4ecd-a6ac-d7985355bce6"; } ]; # high-resolution display hardware.video.hidpi.enable = lib.mkDefault true; } #+end_src ** Raspberry Pis I have two Raspberry Pis - a 3B+ ("watcher"), and a 4 ("panda"). Watcher serves as a watchdog for my self hosted services, usually living on Panda. *** The Installer Image Very minimal changes required here, only really need to enabled the SSH daemon and add my key so I can push the actual configuration. I might investigate bundling the "real" configurations into the live installer image, so I have to run fewer commands. [[https://nixos.wiki/wiki/NixOS_on_ARM#Getting_the_installer][More info on the NixOS Wiki]] #+begin_src nix :tangle nix/image-configuration.nix { ... }: { imports = [ ]; services.sshd.enable = true; services.ntp.enable = true; users.users.gsimmer = { isNormalUser = true; extraGroups = [ "wheel" ]; password = "pass"; # This gets changed. Don't get any ideas. openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"]; }; } #+end_src *** Watcher Watcher is my Raspberry Pi 3B+ responsible for monitoring various services and devices on my network (and generally the wider web). It uses [[https://github.com/gmemstr/platypus][Platypus]] (my custom monitoring platform) for this, along with some cron jobs to curl the services themselves. Actually declaractive install of Platypus is TODO, once I have the next release tagged. #+begin_src nix :tangle nix/watcher-configuration.nix { config, pkgs, lib, ... }: { boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; boot.kernelPackages = pkgs.linuxPackages_latest; services.sshd.enable = true; services.ntp.enable = true; users.users.gsimmer = { isNormalUser = true; extraGroups = [ "wheel" ]; password = "pass"; # This gets changed. Don't get any ideas. openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"]; }; environment.systemPackages = [ pkgs.git pkgs.curl ]; systemd.user.services.ensure-curlscript = { script = '' # At some point this will pull down a more complete script. echo "Done!" ''; wantedBy = [ "multi-user.target" ]; }; # Enable cron services services.cron = { enable = true; systemCronJobs = [ "*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://pw.gmem.ca > /home/gsimmer/pw-status" "*/5 * * * * gsimmer curl -I -o /dev/null -w \"$(date)|\\%{http_code}\" https://hue.gmem.ca > /home/gsimmer/hue-status" ]; }; fileSystems = { "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; }; }; networking.firewall.enable = false; } #+end_src *** Panda Panda is a general-purpose Raspberry Pi 4, responsible for hosting some network shares and my password manager (using [[https://github.com/dani-garcia/vaultwarden][Vaultwarden]]). Largely TODO, this currently runs Raspbian until I'm happy with my testbed. #+begin_src nix :tangle nix/panda-configuration.nix { ... }: { imports = [ ]; # put your own configuration here, for example ssh keys: users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com" ]; } #+end_src