diff --git a/hosts/ws-think/configuration.nix b/hosts/ws-think/configuration.nix new file mode 100644 index 0000000..a2bc101 --- /dev/null +++ b/hosts/ws-think/configuration.nix @@ -0,0 +1,107 @@ +{ + inputs, + pkgs, + lib, + ... +}: + +{ + # State version + system.stateVersion = "24.05"; + + # Machine hostname + networking.hostName = "ws-think"; + + # Admin users + users.users.jan.extraGroups = [ + "wheel" + "wireshark" + "podman" + "libvirtd" + ]; + + # Set up kerberos + security.krb5 = { + enable = true; + settings = { + libdefaults = { + rdns = false; + }; + realms = (inputs.secrets.gewis.krb5Realm); + }; + }; + + services.netbird = { + enable = true; + }; + + # SSH X11 forwarding + programs.ssh.forwardX11 = true; + + # Enable older samba versions + services.samba = { + enable = true; + settings = { + global = { + "invalid users" = [ "root" ]; + "passwd program" = "/run/wrappers/bin/passwd %u"; + "security" = "user"; + "client min protocol" = "NT1"; + }; + }; + }; + + # TODO: Remove once laptop is properly integrated into domain + programs.ssh = { + package = pkgs.openssh_gssapi; + extraConfig = '' + GSSAPIAuthentication yes + ''; + }; + + # Enable virtualisation for VMs + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + + # Enable wireshark + programs.wireshark = { + enable = true; + dumpcap.enable = true; + usbmon.enable = true; + }; + + # Enable Nix-LD + programs.nix-ld = { + enable = true; + }; + + # Set up wstunnel client + services.wstunnel = { + enable = true; + clients.wg-tunnel = { + connectTo = "wss://tunnel.bulthuis.dev:443"; + settings.local-to-remote = [ + "udp://51820:10.10.40.100:51820" + ]; + }; + }; + + # Enable flatpak + services.flatpak.enable = true; + + # Module setup + modules = { + profiles.laptop.enable = true; + }; + + # Set up podman + virtualisation.podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + + # Set up hardware + imports = [ ./hardware-configuration.nix ]; +} diff --git a/hosts/ws-think/hardware-configuration.nix b/hosts/ws-think/hardware-configuration.nix new file mode 100644 index 0000000..0634e83 --- /dev/null +++ b/hosts/ws-think/hardware-configuration.nix @@ -0,0 +1,58 @@ +{ ... }: + +{ + # Machine platform + nixpkgs.hostPlatform = "x86_64-linux"; + + # Set hostid (required for ZFS) + networking.hostId = "deadbeef"; + + modules.disko = { + enable = true; + profile = "ws-think"; + }; + + # Hardware configuration + hardware.enableRedistributableFirmware = true; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + hardware.cpu.intel.updateMicrocode = true; + + # Filesystems + fileSystems = { + "/" = { + device = "tank/root"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + "/nix" = { + device = "tank/nix"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + "/persist" = { + device = "tank/persist"; + fsType = "zfs"; + options = [ "zfsutil" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/46BF-DE2C"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + }; +} diff --git a/hosts/ws-think/users/jan.nix b/hosts/ws-think/users/jan.nix new file mode 100644 index 0000000..5ce02bb --- /dev/null +++ b/hosts/ws-think/users/jan.nix @@ -0,0 +1,31 @@ +{ + pkgs, + ... +}: + +{ + home.stateVersion = "25.11"; + + modules.profiles.jan.enable = true; + + # home.packages = with pkgs; [ + # opencloud-desktop + # code-nautilus + # nautilus-open-in-blackbox + # ]; + + xdg.desktopEntries = { + canvas = { + name = "Canvas"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=\"https://canvas.tue.nl\" --user-data-dir=/home/jan/.local/state/Canvas"; + settings.StartupWMClass = "chrome-canvas.tue.nl__-Default"; + }; + overleaf = { + name = "Overleaf"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=\"https://www.overleaf.com\" --user-data-dir=/home/jan/.local/state/Overleaf"; + settings.StartupWMClass = "chrome-www.overleaf.com__-Default"; + }; + }; +} diff --git a/profiles/disko/ws-think.nix b/profiles/disko/ws-think.nix new file mode 100644 index 0000000..8a40ac1 --- /dev/null +++ b/profiles/disko/ws-think.nix @@ -0,0 +1,65 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + imageSize = "64G"; # For test VMs + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + zfs = { + end = "-16G"; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + swap = { + size = "100%"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + zpool = { + tank = { + type = "zpool"; + rootFsOptions = { + compression = "zstd"; + }; + mountpoint = null; + postCreateHook = "zfs snapshot -r tank@blank && zfs hold -r blank tank@blank"; + + datasets = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + }; + nix = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + persist = { + type = "zfs_fs"; + mountpoint = "/persist"; + }; + }; + }; + }; + }; +}