Declare Everything. #10

New Issue

Open

opened 2024-08-19 12:24:24 -07:00 by Jafner · 4 comments

Jafner commented 2024-08-19 12:24:24 -07:00

Owner

Copy Link

As I've noticed a pattern in some of the recent issues I've opened, and some I was thinking about opening, this issue will cover progress toward the philosophical goal of configuring all components of the Jafner.net lab declaratively. This goal is not attainable in its entirety, but can be pursued with the understanding that compromises must be made.

As I've noticed a pattern in some of the recent issues I've opened, and some I was thinking about opening, this issue will cover progress toward the philosophical goal of configuring all components of the Jafner.net lab declaratively. This goal is not attainable in its entirety, but can be pursued with the understanding that compromises must be made.

Jafner referenced this issue 2024-08-19 12:25:32 -07:00

Investigate declarative configuration for `barbarian`, `paladin`, and `monk` TrueNAS hosts #9

Jafner referenced this issue 2024-08-19 12:25:48 -07:00

Write declarative configuration for `druid` Digital Ocean droplet #8

Jafner commented 2024-08-19 16:08:36 -07:00

Author

Owner

Copy Link

Some of our mid- and long-term TODOs related to this:

• NixOS configurations for main desktop and laptop, perhaps in a subdirectory of dotfiles/.
• NixOS configurations for homelab worker hosts (fighter, druid, ranger, cleric, bard).
• CI/CD for Wizard (VyOS) configuration.
• Find some way to declaratively configure TrueNAS hosts.

Some of our mid- and long-term TODOs related to this: - NixOS configurations for main desktop and laptop, perhaps in a subdirectory of [`dotfiles/`](dotfiles/). - NixOS configurations for homelab worker hosts (`fighter`, `druid`, `ranger`, `cleric`, `bard`). - CI/CD for Wizard (VyOS) configuration. - Find some way to declaratively configure TrueNAS hosts.

Jafner commented 2024-09-05 15:02:43 -07:00

Author

Owner

Copy Link

configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, inputs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      inputs.home-manager.nixosModules.default
    ];
  
  home-manager = {
    extraSpecialArgs = { inherit inputs; };
    users = {
      "joey" = import ./home.nix;
    };
  };

  security.sudo = {
    enable = true;
    extraRules = [{
      commands = [
        {
          command = "ALL";
          options = [ "NOPASSWD" ];
        }
      ];
      groups = [ "wheel" ];
    }];
  };
  
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "America/Los_Angeles";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.
  services.xserver.enable = true;

  # Enable the KDE Plasma Desktop Environment.
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;

  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "us";
    variant = "";
  };

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.joey = {
    isNormalUser = true;
    description = "Joey";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      kdePackages.kate
    #  thunderbird
    ];
  };

  # Enable automatic login for the user.
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "joey";

  # Install firefox.
  programs.firefox.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vscodium
    wl-clipboard
    tree
  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #  wget
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?

}

`configuration.nix` ```nix # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, inputs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix inputs.home-manager.nixosModules.default ]; home-manager = { extraSpecialArgs = { inherit inputs; }; users = { "joey" = import ./home.nix; }; }; security.sudo = { enable = true; extraRules = [{ commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; groups = [ "wheel" ]; }]; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "nixos"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/Los_Angeles"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; # Enable the X11 windowing system. # You can disable this if you're only using the Wayland session. services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; # Configure keymap in X11 services.xserver.xkb = { layout = "us"; variant = ""; }; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.joey = { isNormalUser = true; description = "Joey"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; [ kdePackages.kate # thunderbird ]; }; # Enable automatic login for the user. services.displayManager.autoLogin.enable = true; services.displayManager.autoLogin.user = "joey"; # Install firefox. programs.firefox.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vscodium wl-clipboard tree # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? } ```

Jafner commented 2024-09-05 15:03:18 -07:00

Author

Owner

Copy Link

flake.nix

{
  description = "Nixos config flake";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, ... }@inputs: 
  let
    system = "x86_64-linux";
    pkgs = nixpkgs.legacyPackages.${system};
  in
  {
    nixosConfigurations.default = nixpkgs.lib.nixosSystem {
      specialArgs = {inherit inputs;};
      modules = [
        ./configuration.nix
        inputs.home-manager.nixosModules.default
      ];
    };
  };
}

`flake.nix` ```nix { description = "Nixos config flake"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, ... }@inputs: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; in { nixosConfigurations.default = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ ./configuration.nix inputs.home-manager.nixosModules.default ]; }; }; } ```

Jafner commented 2024-09-05 15:03:41 -07:00

Author

Owner

Copy Link

home.nix

{ config, pkgs, ... }:

{
  # Home Manager needs a bit of information about you and the paths it should
  # manage.
  home.username = "joey";
  home.homeDirectory = "/home/joey";

  # This value determines the Home Manager release that your configuration is
  # compatible with. This helps avoid breakage when a new Home Manager release
  # introduces backwards incompatible changes.
  #
  # You should not change this value, even if you update Home Manager. If you do
  # want to update the value, then make sure to first check the Home Manager
  # release notes.
  home.stateVersion = "24.05"; # Please read the comment before changing.

  # The home.packages option allows you to install Nix packages into your
  # environment.
  home.packages = [
    # # Adds the 'hello' command to your environment. It prints a friendly
    # # "Hello, world!" when run.
    # pkgs.hello

    # # It is sometimes useful to fine-tune packages, for example, by applying
    # # overrides. You can do that directly here, just don't forget the
    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
    # # fonts?
    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })

    # # You can also create simple shell scripts directly inside your
    # # configuration. For example, this adds a command 'my-hello' to your
    # # environment:
    # (pkgs.writeShellScriptBin "my-hello" ''
    #   echo "Hello, ${config.home.username}!"
    # '')
  ];

  # Home Manager is pretty good at managing dotfiles. The primary way to manage
  # plain files is through 'home.file'.
  home.file = {
    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
    # # symlink to the Nix store copy.
    # ".screenrc".source = dotfiles/screenrc;

    # # You can also set the file content immediately.
    # ".gradle/gradle.properties".text = ''
    #   org.gradle.console=verbose
    #   org.gradle.daemon.idletimeout=3600000
    # '';
  };

  # Home Manager can also manage your environment variables through
  # 'home.sessionVariables'. These will be explicitly sourced when using a
  # shell provided by Home Manager. If you don't want to manage your shell
  # through Home Manager then you have to manually source 'hm-session-vars.sh'
  # located at either
  #
  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
  #
  # or
  #
  #  ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
  #
  # or
  #
  #  /etc/profiles/per-user/joey/etc/profile.d/hm-session-vars.sh
  #
  home.sessionVariables = {
    # EDITOR = "emacs";
  };

  # Let Home Manager install and manage itself.
  programs.home-manager.enable = true;
}

`home.nix` ```nix { config, pkgs, ... }: { # Home Manager needs a bit of information about you and the paths it should # manage. home.username = "joey"; home.homeDirectory = "/home/joey"; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release # introduces backwards incompatible changes. # # You should not change this value, even if you update Home Manager. If you do # want to update the value, then make sure to first check the Home Manager # release notes. home.stateVersion = "24.05"; # Please read the comment before changing. # The home.packages option allows you to install Nix packages into your # environment. home.packages = [ # # Adds the 'hello' command to your environment. It prints a friendly # # "Hello, world!" when run. # pkgs.hello # # It is sometimes useful to fine-tune packages, for example, by applying # # overrides. You can do that directly here, just don't forget the # # parentheses. Maybe you want to install Nerd Fonts with a limited number of # # fonts? # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) # # You can also create simple shell scripts directly inside your # # configuration. For example, this adds a command 'my-hello' to your # # environment: # (pkgs.writeShellScriptBin "my-hello" '' # echo "Hello, ${config.home.username}!" # '') ]; # Home Manager is pretty good at managing dotfiles. The primary way to manage # plain files is through 'home.file'. home.file = { # # Building this configuration will create a copy of 'dotfiles/screenrc' in # # the Nix store. Activating the configuration will then make '~/.screenrc' a # # symlink to the Nix store copy. # ".screenrc".source = dotfiles/screenrc; # # You can also set the file content immediately. # ".gradle/gradle.properties".text = '' # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; }; # Home Manager can also manage your environment variables through # 'home.sessionVariables'. These will be explicitly sourced when using a # shell provided by Home Manager. If you don't want to manage your shell # through Home Manager then you have to manually source 'hm-session-vars.sh' # located at either # # ~/.nix-profile/etc/profile.d/hm-session-vars.sh # # or # # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh # # or # # /etc/profiles/per-user/joey/etc/profile.d/hm-session-vars.sh # home.sessionVariables = { # EDITOR = "emacs"; }; # Let Home Manager install and manage itself. programs.home-manager.enable = true; } ```

Jafner added this to the Declarative Infrastructure milestone 2024-10-19 21:35:42 -07:00

Jafner referenced this issue from a commit 2024-10-28 18:06:13 -07:00

#10 Reorganize Nix code

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Declarative Infrastructure

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/Jafner.net#10

No description provided.