From 2ce1df7f50336a651d4ede6559e9ea210475f4c7 Mon Sep 17 00:00:00 2001 From: Sebastian Wendel Date: Mon, 20 Feb 2023 23:03:41 +0100 Subject: [PATCH] added a nixos configuration to build and deploy the gateway --- .envrc | 9 +- flake.lock | 352 +++++++++++++++++++++++++++----- flake.nix | 85 +++++++- nix/checks.nix | 25 --- nix/shell.nix | 10 +- software/gateway/boot.nix | 5 + software/gateway/default.nix | 66 ++++++ software/gateway/hardware.nix | 25 +++ software/gateway/locale.nix | 11 + software/gateway/networking.nix | 19 ++ software/gateway/nix.nix | 28 +++ software/gateway/security.nix | 14 ++ software/gateway/tools.nix | 39 ++++ software/gateway/users.nix | 14 ++ 14 files changed, 616 insertions(+), 86 deletions(-) create mode 100644 software/gateway/boot.nix create mode 100644 software/gateway/default.nix create mode 100644 software/gateway/hardware.nix create mode 100644 software/gateway/locale.nix create mode 100644 software/gateway/networking.nix create mode 100644 software/gateway/nix.nix create mode 100644 software/gateway/security.nix create mode 100644 software/gateway/tools.nix create mode 100644 software/gateway/users.nix diff --git a/.envrc b/.envrc index 14d7f00..450b63b 100644 --- a/.envrc +++ b/.envrc @@ -2,8 +2,13 @@ use flake +use_flake() { + watch_file flake.nix + watch_file flake.lock + watch_file nix/shell.nix + eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile")" +} + layout python3 -watch_file ./nix/shell.nix - eval "$shellHook" diff --git a/flake.lock b/flake.lock index 6cab444..e53eefd 100644 --- a/flake.lock +++ b/flake.lock @@ -1,13 +1,86 @@ { "nodes": { + "darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1674127017, + "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -17,6 +90,232 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils_2" + }, + "locked": { + "lastModified": 1676367705, + "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1675359654, + "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1676297861, + "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "1e0a05219f2a557d4622bc38f542abb360518795", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1676699914, + "narHash": "sha256-cM2Hd+odgCYWSUiYPZGW/4B+OI64S0lrdf9YR9ts9I4=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "9bbcc37b011b0d925f3115888ea77f58487619b8", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1676549890, + "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1673800717, + "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1676569297, + "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_3", + "flake-utils": [ + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1676513100, + "narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "darwin": "darwin", + "deploy-rs": "deploy-rs", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "impermanence": "impermanence", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "utils": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -30,53 +329,6 @@ "repo": "flake-utils", "type": "github" } - }, - "nixpkgs": { - "locked": { - "lastModified": 1667991831, - "narHash": "sha256-DHgEsLZI044B9T4AjA3K6+yB9/DqLr4dyA7OIx0FG7o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "872fceeed60ae6b7766cc0a4cd5bf5901b9098ec", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "pre-commit-hooks": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667992213, - "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "root": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "pre-commit-hooks": "pre-commit-hooks" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8440ff2..d9585c1 100644 --- a/flake.nix +++ b/flake.nix @@ -1,34 +1,107 @@ { - description = "IoT Platform"; + description = "FabNet IoT Platform"; + inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; - flake-utils.url = "github:numtide/flake-utils"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + darwin = { + url = "github:lnl7/nix-darwin/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + impermanence.url = "github:nix-community/impermanence"; + + nixos-hardware.url = "github:nixos/nixos-hardware"; pre-commit-hooks = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; + + deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = { + self, + darwin, nixpkgs, + deploy-rs, flake-utils, + nixos-hardware, + nixos-generators, ... } @ inputs: - flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] (system: { - devShells.default = import ./nix/shell.nix inputs system; - checks = import ./nix/checks.nix inputs system; + flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (localSystem: { + checks = import ./nix/checks.nix inputs localSystem; + + devShells.default = import ./nix/shell.nix inputs localSystem; + + packages = { + default = self.packages.x86_64-linux.gateway-vm; + + gateway-vm = nixos-generators.nixosGenerate { + pkgs = import nixpkgs {inherit localSystem;}; + system = "x86_64-linux"; + format = "vm"; + modules = [ + ./software/gateway + ]; + }; + + gateway-raspi = nixos-generators.nixosGenerate { + pkgs = import nixpkgs {inherit localSystem;}; + system = "aarch64-linux"; + format = "sd-aarch64"; + modules = [ + ./software/gateway + ]; + }; + }; + + nixosConfigurations.gateway = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./software/gateway + ]; + }; + pkgs = import nixpkgs { - inherit system; + inherit localSystem; config.allowUnfree = true; config.allowAliases = true; + config.allowUnsupportedSystem = true; + }; + + deploy.nodes.gateway = { + hostname = "fabnet"; + fastConnection = true; + profiles = { + system = { + sshUser = "fabnet"; + path = + deploy-rs.lib.aarch64-linux.activate.nixos + self.nixosConfigurations.gateway; + user = "root"; + }; + }; }; }); } diff --git a/nix/checks.nix b/nix/checks.nix index 1dc3cbb..5598e3c 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -10,31 +10,6 @@ with self.pkgs.${system}; { src = lib.cleanSource ../.; hooks = { alejandra.enable = true; - nix-linter.enable = true; - }; - settings = { - nix-linter.checks = [ - "DIYInherit" - "EmptyInherit" - "EmptyLet" - "EtaReduce" - "LetInInheritRecset" - "ListLiteralConcat" - "NegateAtom" - "SequentialLet" - "SetLiteralUpdate" - "UnfortunateArgName" - "UnneededRec" - "UnusedArg" - "UnusedLetBind" - "UpdateEmptySet" - "BetaReduction" - "EmptyVariadicParamSet" - "UnneededAntiquote" - "no-FreeLetInFunc" - "no-AlphabeticalArgs" - "no-AlphabeticalBindings" - ]; }; }; } diff --git a/nix/shell.nix b/nix/shell.nix index 254a7af..f393d83 100644 --- a/nix/shell.nix +++ b/nix/shell.nix @@ -1,7 +1,7 @@ {self, ...}: system: with self.pkgs.${system}; mkShell { - name = "iot-platform"; + name = "FabNet"; nativeBuildInputs = [ # Development @@ -27,9 +27,9 @@ with self.pkgs.${system}; yamllint # Nix + deploy-rs alejandra - nix - nix-linter + nixUnstable rnix-lsp # Service @@ -37,8 +37,12 @@ with self.pkgs.${system}; # Misc reuse + zstd + wget + raspberrypi-eeprom ]; shellHook = '' ${self.checks.${system}.pre-commit-check.shellHook} ''; + allowUnsupportedSystem = true; } diff --git a/software/gateway/boot.nix b/software/gateway/boot.nix new file mode 100644 index 0000000..cb1280d --- /dev/null +++ b/software/gateway/boot.nix @@ -0,0 +1,5 @@ +{lib, ...}: { + boot.kernel.sysctl = lib.mkDefault {"vm.swappiness" = 10;}; + boot.tmpOnTmpfs = lib.mkDefault true; + boot.cleanTmpDir = lib.mkDefault true; +} diff --git a/software/gateway/default.nix b/software/gateway/default.nix new file mode 100644 index 0000000..dc33930 --- /dev/null +++ b/software/gateway/default.nix @@ -0,0 +1,66 @@ +{ + lib, + pkgs, + config, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/all-hardware.nix") + (modulesPath + "/profiles/minimal.nix") + (modulesPath + "/profiles/base.nix") + ./boot.nix + ./hardware.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./security.nix + ./users.nix + ./tools.nix + ]; + system.stateVersion = lib.mkForce "23.05"; + + networking.hostName = "fabnet"; + networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName); + networking.firewall.allowedTCPPorts = lib.mkDefault [ + 1880 # Node-Red + 1883 # Mosquitto + 5000 # Octoprint + 3000 # Grafana + 8086 # InfluxDB + 9090 # Prometheus + ]; + + services.openssh.enable = lib.mkForce true; + services.haveged.enable = lib.mkDefault true; + services.fail2ban.enable = lib.mkDefault true; + + services.node-red.enable = lib.mkDefault true; + services.influxdb2.enable = lib.mkDefault true; + services.prometheus.enable = lib.mkDefault true; + services.octoprint.enable = lib.mkDefault true; + + services.grafana.enable = lib.mkDefault true; + services.grafana.settings.server.http_port = 7878; + services.grafana.provision.datasources.settings.datasources = lib.mkForce [ + { + name = "influxdb"; + type = "influxdb"; + url = "http://0.0.0.0:8086"; + } + { + type = "prometheus"; + name = "prometheus"; + url = "http://0.0.0.0:9090"; + } + ]; + + services.mosquitto.enable = lib.mkDefault true; + services.mosquitto.listeners = lib.mkDefault [ + { + address = "0.0.0.0"; + acl = ["pattern readwrite #"]; + omitPasswordAuth = lib.mkDefault true; + } + ]; +} diff --git a/software/gateway/hardware.nix b/software/gateway/hardware.nix new file mode 100644 index 0000000..8bf5428 --- /dev/null +++ b/software/gateway/hardware.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: { + hardware.bluetooth.enable = lib.mkDefault true; + hardware.i2c.enable = lib.mkDefault true; + hardware.sensor.iio.enable = lib.mkDefault true; + + services.fwupd.enable = lib.mkDefault true; + services.upower.enable = lib.mkDefault true; + services.tlp.enable = lib.mkDefault true; + + programs.usbtop.enable = lib.mkDefault true; + + environment.systemPackages = with pkgs; [ + dmidecode + lshw + pciutils + usbutils + ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/software/gateway/locale.nix b/software/gateway/locale.nix new file mode 100644 index 0000000..a611e1f --- /dev/null +++ b/software/gateway/locale.nix @@ -0,0 +1,11 @@ +{lib, ...}: { + time.timeZone = lib.mkDefault "Europe/Berlin"; + + console.keyMap = lib.mkDefault "de"; + + i18n.supportedLocales = lib.mkDefault ["en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8"]; + i18n.extraLocaleSettings = lib.mkDefault { + LANG = "en_US.UTF-8"; + LC_ALL = "en_US.UTF-8"; + }; +} diff --git a/software/gateway/networking.nix b/software/gateway/networking.nix new file mode 100644 index 0000000..d8aba51 --- /dev/null +++ b/software/gateway/networking.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: { + networking.firewall.enable = lib.mkForce true; + networking.wireless.enable = lib.mkDefault true; + networking.networkmanager.enable = lib.mkDefault true; + + services.avahi.enable = lib.mkDefault true; + services.avahi.nssmdns = lib.mkDefault true; + services.avahi.publish.enable = lib.mkDefault true; + services.avahi.publish.addresses = lib.mkDefault true; + services.avahi.publish.domain = lib.mkDefault true; + services.avahi.publish.userServices = lib.mkDefault true; + services.avahi.publish.workstation = lib.mkDefault true; + services.avahi.extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; +} diff --git a/software/gateway/nix.nix b/software/gateway/nix.nix new file mode 100644 index 0000000..970afce --- /dev/null +++ b/software/gateway/nix.nix @@ -0,0 +1,28 @@ +{ + pkgs, + lib, + ... +}: { + nix.package = pkgs.nixUnstable; + nix.gc.automatic = lib.mkForce true; + nix.optimise.automatic = lib.mkDefault true; + nix.settings.require-sigs = lib.mkForce true; + nix.settings.auto-optimise-store = lib.mkDefault true; + nix.settings.allowed-users = lib.mkDefault ["@wheel"]; + nix.settings.trusted-users = lib.mkDefault ["root" "@wheel"]; + nix.settings.substituters = lib.mkDefault [ + "https://arm.cachix.org/" + "https://nix-community.cachix.org" + "https://nix-config.cachix.org" + ]; + nix.settings.trusted-public-keys = lib.mkDefault [ + "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4=" + ]; + nix.extraOptions = '' + experimental-features = nix-command flakes + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; +} diff --git a/software/gateway/security.nix b/software/gateway/security.nix new file mode 100644 index 0000000..d40e0fc --- /dev/null +++ b/software/gateway/security.nix @@ -0,0 +1,14 @@ +{ + pkgs, + lib, + ... +}: { + security.protectKernelImage = lib.mkDefault true; + security.forcePageTableIsolation = lib.mkDefault true; + + security.polkit.enable = lib.mkDefault true; + security.apparmor.enable = lib.mkDefault true; + + security.sudo.enable = lib.mkDefault true; + security.sudo.wheelNeedsPassword = lib.mkDefault false; +} diff --git a/software/gateway/tools.nix b/software/gateway/tools.nix new file mode 100644 index 0000000..e596cd6 --- /dev/null +++ b/software/gateway/tools.nix @@ -0,0 +1,39 @@ +{ + pkgs, + lib, + ... +}: { + programs.neovim.enable = lib.mkDefault true; + programs.neovim.viAlias = lib.mkDefault true; + programs.neovim.vimAlias = lib.mkDefault true; + programs.neovim.defaultEditor = lib.mkDefault true; + + programs.zsh.enable = lib.mkDefault true; + programs.zsh.ohMyZsh.enable = lib.mkDefault true; + programs.zsh.enableCompletion = lib.mkDefault true; + programs.zsh.enableBashCompletion = lib.mkDefault true; + programs.zsh.enableGlobalCompInit = lib.mkDefault false; + programs.zsh.autosuggestions.enable = lib.mkDefault true; + programs.zsh.interactiveShellInit = lib.mkDefault "source '${pkgs.grml-zsh-config}/etc/zsh/zshrc'"; + + programs.mtr.enable = lib.mkDefault true; + + environment.systemPackages = with pkgs; [ + exfat + sshfs + strace + tmux + curl + httpie + gotop + htop + mc + git + neofetch + pstree + ranger + screen + tree + whois + ]; +} diff --git a/software/gateway/users.nix b/software/gateway/users.nix new file mode 100644 index 0000000..a19411c --- /dev/null +++ b/software/gateway/users.nix @@ -0,0 +1,14 @@ +{ + lib, + pkgs, + ... +}: { + users.mutableUsers = lib.mkDefault true; + users.users.fabnet = { + isNormalUser = lib.mkDefault true; + initialPassword = lib.mkDefault "fabnet"; + extraGroups = lib.mkDefault ["wheel"]; + createHome = lib.mkDefault true; + shell = lib.mkForce pkgs.zsh; + }; +}