add dev machine to flake

2024-08-11 22:19:39 +02:00 · 2024-08-11 22:19:39 +02:00 · 5b53465e2c
commit 5b53465e2c
parent 912a42c450
4 changed files with 130 additions and 9 deletions
--- a/config.ini
+++ b/config.ini
@ -6,7 +6,7 @@ port = 6600

 [ui]
 hostname = [::1]
-port = 8443
+port = 443
 tls = yes
 cert = cert.pem
 key = key.pem
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,109 @@
+{ lib, pkgs, ... }:
+
+{
+  networking = {
+    hostName = "sanic";
+    useNetworkd = true;
+    nameservers = [
+      "172.23.42.1"
+    ];
+    defaultGateway = {
+      address = "172.23.42.1";
+      interface = "eth0";
+    };
+    interfaces.eth0 = {
+      ipv4.addresses = [{
+        address = "172.23.43.102";
+        prefixLength = 23;
+      }];
+    };
+  };
+  services.resolved = {
+    enable = true;
+    llmnr = "true";
+    dnssec = "allow-downgrade";
+    dnsovertls = "opportunistic";
+  };
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  users.users.xengi = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11"
+    ];
+    packages = with pkgs; [
+      kitty # for terminfo
+    ];
+  };
+
+  nix = {
+    optimise = {
+      automatic = true;
+      dates = [ "00:00" ];
+    };
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 10d";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git # required for flakes
+    vim
+    nvd
+  ];
+
+  services = {
+    openssh = {
+      enable = true;
+      settings.PasswordAuthentication = false;
+    };
+  };
+
+  programs = {
+    fish = {
+      enable = true;
+      interactiveShellInit = ''
+        function upgrade --description "Upgrade NixOS system"
+          cd /etc/nixos
+          nix flake update
+          cd -
+          nixos-rebuild switch --upgrade
+          nvd diff (ls -d1v /nix/var/nix/profiles/system-*-link|tail -n 2)
+        end
+      '';
+    };
+    vim.defaultEditor = true;
+    mtr.enable = true;
+  };
+
+  security = {
+    sudo.execWheelOnly = true;
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      80 # HTTP/1
+      443 # HTTP/2
+    ];
+    allowedUDPPorts = [
+      443 # HTTP/3
+    ];
+  };
+
+  system.stateVersion = "24.05";
+}
+
--- a/flake.lock
+++ b/flake.lock
@ -43,16 +43,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1722957468,
-        "narHash": "sha256-SQ0TCC4aklOhN/OzcztrKqDLY8SjpIZcyvTulzhDXs0=",
+        "lastModified": 1723282977,
+        "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2a13929e1f191b3690dd2f2db13098b04adb9043",
+        "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,10 +1,10 @@
 {
-  description = "chaos music control";
+  description = "sanic - chaos music control";
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = github:NixOS/nixpkgs/nixos-24.05;
+    flake-utils.url = github:numtide/flake-utils;
    gomod2nix = {
-      url = "github:tweag/gomod2nix";
+      url = github:tweag/gomod2nix;
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "flake-utils";
    };
@ -36,6 +36,18 @@
          mpc-cli
        ];
      };
+      nixosConfigurations."sanic" = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          {
+            environment.systemPackages = with pkgs; [
+              sanic
+            ];
+          }
+          "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
+          ./configuration.nix
+        ];
+      };
    }
  );
 }