nix on git yippee

2025-05-30 01:51:13 -04:00 · 2025-05-30 01:51:13 -04:00 · 981186a787
commit 981186a787
17 changed files with 579 additions and 0 deletions
--- a/modules/common/services.nix
+++ b/modules/common/services.nix
@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+{
+  # system packages + services
+  environment.systemPackages = with pkgs; [
+    vim 
+    wget
+    fastfetch
+    lsof
+    btop
+    git
+    openssl
+    stdenv
+    gnumake
+    parted
+    zfs
+
+    code-server
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+    package = pkgs.docker.override {
+      buildGoModule = pkgs.buildGo123Module;
+    };
+  };
+
+  services.openssh.enable         = true;
+  services.printing.enable        = true;
+  services.tailscale.enable       = true;
+  services.tailscale.useRoutingFeatures = "both";
+}
--- a/modules/common/system.nix
+++ b/modules/common/system.nix
@ -0,0 +1,51 @@
+{ pkgs, config, ... }:
+{
+  # boot, networking, locale, stateVersion
+  boot.loader.systemd-boot.enable     = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  boot.supportedFilesystems = [ "zfs" ];
+  fileSystems."/boot".options = [ "umask=0077" ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.trim.enable = true;
+
+  networking = {
+    firewall.enable = false;
+    firewall.trustedInterfaces = [
+	    "tailscale0"
+    ];
+    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
+    useDHCP       = true;
+    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
+  };
+
+  services.resolved = {
+    enable      = true;
+    dnssec      = "true";
+    domains     = [ "~." ];
+    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
+    dnsovertls  = "true";
+  };
+
+  systemd.services.fancontrol = {
+    enable = true;
+    description = "Fan speed control";
+    serviceConfig = {
+      ExecStart = "${pkgs.lm_sensors}/bin/fancontrol";
+      Restart = "always";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  environment.variables.EDITOR = "neovim";
+
+  time.timeZone     = "America/New_York";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  system.stateVersion = "24.11";
+}
+
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+{
+  users.users.regent = {
+    isNormalUser    = true;
+    extraGroups     = [ "docker" "wheel" ];
+    packages        = with pkgs; [ tree ];
+  };
+
+  security.sudo.enable             = true;
+  security.sudo.wheelNeedsPassword = false;
+}
+