From c1cb9a5da60347d488b382c2f730124455a5cc3f Mon Sep 17 00:00:00 2001 From: Marcus Huntemann Date: Wed, 21 Aug 2024 23:56:00 +0000 Subject: [PATCH] first commit --- README.md | 4 +++ configuration.nix | 81 +++++++++++++++++++++++++++++++++++++++++++++++ flake.lock | 27 ++++++++++++++++ flake.nix | 14 ++++++++ 4 files changed, 126 insertions(+) create mode 100644 README.md create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..9c48976 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# my nixbox configuration + +This is my nixbox configuration it runs a gitea CI runner and podman, so it is very minimal, + diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..15447af --- /dev/null +++ b/configuration.nix @@ -0,0 +1,81 @@ +{ pkgs, lib, modulesPath, ... }: { + imports = [ +(modulesPath + "/virtualisation/proxmox-lxc.nix") +#(fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master") +]; + environment.systemPackages = with pkgs; [ + vim + gitea-actions-runner + podman-compose # start group of containers for dev + podman-tui + dive + neovim + ]; + + nix.settings.experimental-features = "nix-command flakes"; + + boot.isContainer = true; + + virtualisation.containers.enable = true; + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + + # Set the system version + system.stateVersion = "unstable"; + + # Enable OpenSSH + services.sshd.enable = true; + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # services.vscode-server.enable = true; + + services.gitea-actions-runner.instances = { + runner1 = { + token = "Pxh7t6Ip39SFjWQyhCjb7xsRC73k5l3JY3jYYzzD"; + url = "http://gitea.lan:3000/"; + name = "runner1"; + enable = true; + labels = [ "ubuntu-latest:docker://ubuntu:latest" ]; + }; + }; + + + # Don't use the host's nix-daemon + environment.variables.NIX_REMOTE = lib.mkForce ""; + + users.mutableUsers = false; #just activate temporarily to enforce user passwords are original as in this configuration + users.users.huntemann = { + isNormalUser = true; + # password = "hallo"; + hashedPassword = "$y$j9T$hW.doX2GXbs.bfEjlD5B0/$pG0DPva0RvbG3V0gfWUVAXWDPlIiHzr8MmhCUJuVzG2"; + openssh.authorizedKeys.keys = [ +"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6LLy8IibZsCar/hC2U86lFTp4Of2YO+SMm69p+jh6k Marcus macbook" +]; + + + extraGroups = [ "wheel" ]; + }; + +security.sudo.extraRules = [ + { + users = [ "huntemann" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; # Allows running all commands without a password + } + ]; + } +]; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d1c19fb --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1723991338, + "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c4f537c --- /dev/null +++ b/flake.nix @@ -0,0 +1,14 @@ +# /etc/nixos/flake.nix +{ + inputs = { + # same version number as in system.stateVersion of + # configuration.nix. + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = inputs@{ self, nixpkgs, ... }: { + nixosConfigurations.nixbox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + }; +}