commit 24217b8cdf858f262f6b3fc697ac01c2fd81071d · pci.express/dotfiles

+43

common/default.nix

··· 1 + { 2 + inputs, 3 + pkgs, 4 + config, 5 + ... 6 + }: 7 + { 8 + # Configuring Nix 9 + nix = { 10 + package = pkgs.lixPackageSets.latest.lix; 11 + channel.enable = false; 12 + nixPath = [ "nixpkgs=${config.nix.registry.nixpkgs.to.path}" ]; 13 + registry = { 14 + n.flake = inputs.nixpkgs; 15 + }; 16 + settings.auto-optimise-store = true; 17 + settings.experimental-features = [ 18 + "nix-command" 19 + "flakes" 20 + ]; 21 + }; 22 + nixpkgs.config.allowUnfree = true; 23 + 24 + # Base Packages 25 + environment.systemPackages = with pkgs; [ 26 + fastfetch 27 + neovim 28 + man-pages 29 + man-pages-posix 30 + gptfdisk 31 + ]; 32 + 33 + # Localization 34 + time.timeZone = "America/Phoenix"; 35 + i18n.defaultLocale = "en_US.UTF-8"; 36 + 37 + # Other Settings 38 + documentation.dev.enable = true; 39 + security.sudo.wheelNeedsPassword = false; 40 + programs.zsh.enable = true; 41 + programs.git.enable = true; 42 + console.keyMap = "dvorak"; 43 + }

+111

flake.lock

··· 1 + { 2 + "nodes": { 3 + "flake-compat": { 4 + "flake": false, 5 + "locked": { 6 + "lastModified": 1696426674, 7 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 8 + "owner": "edolstra", 9 + "repo": "flake-compat", 10 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 11 + "type": "github" 12 + }, 13 + "original": { 14 + "owner": "edolstra", 15 + "repo": "flake-compat", 16 + "type": "github" 17 + } 18 + }, 19 + "lix": { 20 + "inputs": { 21 + "flake-compat": "flake-compat", 22 + "nix2container": "nix2container", 23 + "nixpkgs": [ 24 + "nixpkgs" 25 + ], 26 + "nixpkgs-regression": "nixpkgs-regression", 27 + "pre-commit-hooks": "pre-commit-hooks" 28 + }, 29 + "locked": { 30 + "lastModified": 1747871314, 31 + "narHash": "sha256-UV82KwR0gBghOp+H98HYgaoJQZybKJ0zPsJXASKkP/s=", 32 + "rev": "5d49e26f710bb79145ed4e962154166a7edd81c1", 33 + "type": "tarball", 34 + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/5d49e26f710bb79145ed4e962154166a7edd81c1.tar.gz?rev=5d49e26f710bb79145ed4e962154166a7edd81c1" 35 + }, 36 + "original": { 37 + "type": "tarball", 38 + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" 39 + } 40 + }, 41 + "nix2container": { 42 + "flake": false, 43 + "locked": { 44 + "lastModified": 1724996935, 45 + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", 46 + "owner": "nlewo", 47 + "repo": "nix2container", 48 + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", 49 + "type": "github" 50 + }, 51 + "original": { 52 + "owner": "nlewo", 53 + "repo": "nix2container", 54 + "type": "github" 55 + } 56 + }, 57 + "nixpkgs": { 58 + "locked": { 59 + "lastModified": 315532800, 60 + "narHash": "sha256-83yvDLYXJ71qoOuRJ8pN/8MGabwQx/83Q24O/AmdecI=", 61 + "rev": "8c441601c43232976179eac52dde704c8bdf81ed", 62 + "type": "tarball", 63 + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre804181.8c441601c432/nixexprs.tar.xz?rev=8c441601c43232976179eac52dde704c8bdf81ed" 64 + }, 65 + "original": { 66 + "type": "tarball", 67 + "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz" 68 + } 69 + }, 70 + "nixpkgs-regression": { 71 + "locked": { 72 + "lastModified": 1643052045, 73 + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", 74 + "owner": "NixOS", 75 + "repo": "nixpkgs", 76 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 77 + "type": "github" 78 + }, 79 + "original": { 80 + "owner": "NixOS", 81 + "repo": "nixpkgs", 82 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 83 + "type": "github" 84 + } 85 + }, 86 + "pre-commit-hooks": { 87 + "flake": false, 88 + "locked": { 89 + "lastModified": 1733318908, 90 + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", 91 + "owner": "cachix", 92 + "repo": "git-hooks.nix", 93 + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", 94 + "type": "github" 95 + }, 96 + "original": { 97 + "owner": "cachix", 98 + "repo": "git-hooks.nix", 99 + "type": "github" 100 + } 101 + }, 102 + "root": { 103 + "inputs": { 104 + "lix": "lix", 105 + "nixpkgs": "nixpkgs" 106 + } 107 + } 108 + }, 109 + "root": "root", 110 + "version": 7 111 + }

+30

flake.nix

··· 1 + { 2 + inputs = { 3 + nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"; 4 + lix = { 5 + url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; 6 + inputs.nixpkgs.follows = "nixpkgs"; 7 + }; 8 + }; 9 + outputs = 10 + { self, ... }@inputs: 11 + let 12 + inherit (inputs) nixpkgs; 13 + inherit (inputs.nixpkgs) lib; 14 + specialArgs = { inherit inputs; }; 15 + forAllSystems = 16 + function: lib.genAttrs lib.systems.flakeExposed (system: function nixpkgs.legacyPackages.${system}); 17 + in 18 + { 19 + nixosConfigurations = { 20 + hetzner = nixpkgs.lib.nixosSystem { 21 + inherit specialArgs; 22 + modules = [ 23 + ./common 24 + ./hetzner 25 + ]; 26 + }; 27 + }; 28 + formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); 29 + }; 30 + }

+63

hetzner/default.nix

··· 1 + { pkgs, ... }: 2 + { 3 + imports = [ ./hardware.nix ]; 4 + 5 + # Running Services 6 + services = { 7 + openssh.enable = true; 8 + openssh.settings.PasswordAuthentication = false; 9 + }; 10 + 11 + # Base Packages 12 + environment.systemPackages = with pkgs; [ 13 + ghostty.terminfo 14 + tmux 15 + arch-install-scripts 16 + tcpdump 17 + dig 18 + ]; 19 + 20 + # Network Setup 21 + networking = { 22 + hostName = "hetzner"; 23 + nameservers = [ 24 + "9.9.9.9" 25 + "149.112.112.112" 26 + ]; 27 + useDHCP = true; # Switch this to a static setup later 28 + firewall.enable = false; 29 + nftables = { 30 + enable = true; 31 + ruleset = builtins.readFile ./nftables.conf; 32 + }; 33 + }; 34 + 35 + # User Account 36 + users.users.sydney = { 37 + description = "Sydney Angelia"; 38 + isNormalUser = true; 39 + extraGroups = [ "wheel" ]; 40 + shell = pkgs.zsh; 41 + openssh.authorizedKeys.keys = [ 42 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRJWbyvyeo8ykLovPOR+EuwqmjOsSrBBckpicVWhULl mac" 43 + ]; 44 + }; 45 + 46 + # Boot/Firmware stuff 47 + boot = { 48 + loader.systemd-boot.enable = true; 49 + loader.efi.canTouchEfiVariables = true; 50 + kernelPackages = pkgs.linuxPackages_latest; 51 + kernel.sysctl = { 52 + "net.ipv4.conf.all.forwarding" = true; 53 + "net.ipv6.conf.all.forwarding" = true; 54 + }; 55 + }; 56 + 57 + # Miscellaneous settings 58 + system.stateVersion = "24.05"; 59 + nix.settings.trusted-users = [ 60 + "@wheel" 61 + ]; 62 + 63 + }

+42

hetzner/hardware.nix

··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + modulesPath, 6 + ... 7 + }: 8 + 9 + { 10 + imports = [ 11 + (modulesPath + "/profiles/qemu-guest.nix") 12 + ]; 13 + 14 + boot.initrd.availableKernelModules = [ 15 + "xhci_pci" 16 + "virtio_scsi" 17 + "sr_mod" 18 + ]; 19 + boot.initrd.kernelModules = [ ]; 20 + boot.kernelModules = [ ]; 21 + boot.extraModulePackages = [ ]; 22 + 23 + fileSystems."/" = { 24 + device = "/dev/disk/by-uuid/05f49fc9-4c48-4802-8066-b61707850649"; 25 + fsType = "ext4"; 26 + }; 27 + 28 + fileSystems."/boot" = { 29 + device = "/dev/disk/by-uuid/4AF2-5252"; 30 + fsType = "vfat"; 31 + options = [ 32 + "fmask=0077" 33 + "dmask=0077" 34 + ]; 35 + }; 36 + 37 + swapDevices = [ ]; 38 + 39 + networking.useDHCP = lib.mkDefault true; 40 + 41 + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 42 + }

+29

hetzner/nftables.conf

··· 1 + flush ruleset 2 + 3 + define wan_iface = "enp1s0" 4 + 5 + table inet filter { 6 + chain inbound_wan { 7 + icmp type echo-request limit rate 5/second accept 8 + tcp dport { 22, 80, 443 } accept 9 + udp dport { 12345 } accept 10 + icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept 11 + icmpv6 type echo-request limit rate 5/second accept 12 + } 13 + 14 + chain input { 15 + type filter hook input priority 0 16 + policy drop 17 + 18 + ct state vmap { invalid : drop, established : accept, related : accept } 19 + 20 + iifname vmap { lo : accept, $wan_iface: jump inbound_wan } 21 + } 22 + 23 + chain forward { 24 + type filter hook forward priority 0 25 + policy drop 26 + 27 + ct state vmap { established : accept, related : accept, invalid : drop } 28 + } 29 + }