youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

add nixos configuration for Cape

Browse source
This commit is contained in:
ulic-youthlic 2025-01-27 10:55:21 +08:00
parent a69f8cd125
commit cf03484587
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
20 changed files with 310 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

57
nixos/configurations/Cape/default.nix Normal file
View file

@ -0,0 +1,57 @@
{
pkgs,
...
}:
{
imports = [
./networking.nix
./stylix.nix
./hardware-configuration.nix
./users
./disko-config.nix
];
youthlic = {
home-manager = {
enable = true;
unixName = "alice";
hostName = "Cape";
};
programs = {
openssh.enable = true;
tailscale.enable = true;
caddy = {
enable = true;
baseDomain = "youthlic.fun";
};
};
};
programs.gnupg.agent = {
enable = true;
};
networking.hostName = "Cape";
time.timeZone = "America/New_York";
services.printing.enable = true;
environment.systemPackages = with pkgs; [
nix-output-monitor
wget
git
vim
helix
btop
];
environment.variables.EDITOR = "hx";
services.dbus.implementation = "broker";
boot.loader.grub = {
enable = true;
};
system.stateVersion = "24.11";
}

37
nixos/configurations/Cape/disko-config.nix Normal file
View file

@ -0,0 +1,37 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
};
"@home" = {
mountpoint = "/home";
};
"@nix" = {
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

24
nixos/configurations/Cape/hardware-configuration.nix Normal file
View file

@ -0,0 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

26
nixos/configurations/Cape/networking.nix Normal file
View file

@ -0,0 +1,26 @@
{ ... }:
{
systemd.network = {
enable = true;
wait-online.enable = true;
networks = {
"ens3" = {
matchConfig.Name = "ens3";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
networkmanager.enable = false;
useNetworkd = true;
useDHCP = false;
nftables = {
enable = true;
};
firewall.enable = true;
};
}

27
nixos/configurations/Cape/stylix.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, rootPath, ... }:
{
stylix = {
enable = true;
image = rootPath + "/assets/wallpaper/01.png";
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-dark.yaml";
fonts = {
serif = {
package = pkgs.lxgw-wenkai;
name = "LXGW WenKai";
};
sansSerif = {
package = pkgs.noto-fonts-cjk-serif;
name = "Noto Serif CJK SC";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
}

1
nixos/configurations/Cape/users/cape.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9MU2xZ175iLWcULZkU6crhocFgjcvUHXf0ttJ6Vbp david@Tytonidae

20
nixos/configurations/Cape/users/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
users.users.alice = {
initialHashedPassword = "$y$j9T$eS5zCi4W.4IPpf3P8Tb/o1$xhumXY1.PJKmTguNi/zlljLbLemNGiubWoUEc878S36";
isNormalUser = true;
description = "alice";
extraGroups = [
"networkmanager"
"libvirtd"
"wheel"
"video"
];
};
programs.fish.enable = true;
users.users.alice.shell = pkgs.fish;
users.users.alice.openssh.authorizedKeys.keyFiles = [
./cape.pub
];
}

3
nixos/modules/caddy.nix
View file

@ -16,5 +16,8 @@ in
services.caddy = {
enable = true;
};
networking.firewall = {
allowedTCPPorts = [ 443 ];
};
};
}

1
nixos/modules/dae/config.dae
View file

@ -61,6 +61,7 @@ routing {
pname(mihomo) -> must_direct
# pname(systemd-resolve) -> must_direct
dip(107.174.145.140) -> must_direct
domain(full: time.windows.com) -> must_direct
domain(regex: ".*wgetcloud.*v2ray.*") -> must_direct
domain(suffix: "hit.edu.cn") -> must_direct

2
nixos/modules/open-webui.nix
View file

@ -23,7 +23,7 @@ in
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf caddy-cfg.enable {
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.caddy.virtualHosts = {
"open-webui.${caddy-cfg.baseDomain}" = {
extraConfig = ''

1
nixos/modules/openssh.nix
View file

@ -11,6 +11,7 @@ in
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;

1
nixos/modules/tailscale.nix
View file

@ -11,6 +11,7 @@ in
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
openFirewall = true;
};
};
}

2
nixos/modules/transmission.nix
View file

@ -41,7 +41,7 @@ in
let
caddy-cfg = config.youthlic.programs.caddy;
in
lib.mkIf caddy-cfg.enable {
lib.mkIf (cfg.enable && caddy-cfg.enable) {
services.transmission = {
openRPCPort = lib.mkForce false;
settings = {