feat: added server configuration and setup sops-nix

2 files changed, 435 insertions, 0 deletions

diff --git a/computers/nixy.nix b/computers/nixy.nix
new file mode 100644
index 0000000..e7b7fbe
--- /dev/null
+++ b/computers/nixy.nix
@@ -0,0 +1,266 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, inputs, ... }:
+{
+    imports =
+	    [ # Include the results of the hardware scan.
+		    ../hardware-setups/tuf.nix
+            ../modules/nix.nix
+            ../modules/nvidia.nix
+            inputs.YATwm.nixosModules.default
+            #inputs.spicetify-nix.nixosModules.default
+	    ];
+    
+    # Use the systemd-boot EFI boot loader.
+    boot = {
+        loader.grub.enable = true;
+        loader.grub.device = "nodev";
+        loader.grub.efiSupport = true;
+	    loader.grub.enableCryptodisk = true;
+        # loader.grub.useOSProber = true;
+        loader.efi.canTouchEfiVariables = true;
+        kernel.sysctl."kernel.sysrq" = 502;
+        plymouth.enable = true;
+    };
+
+
+    networking.hostName = "nixy"; # Define your hostname.
+    # Pick only one of the below networking options.
+    # networking.wireless.enable = true;	# Enables wireless support via wpa_supplicant.
+    networking.networkmanager.enable = true;	# Easiest to use and most distros use this by default.
+
+    networking.firewall = {
+        allowedUDPPorts = [ 51820 ];
+    };
+    networking.wireguard.enable = false;
+    networking.wireguard.interfaces.wg0 = {
+        ips = [ "10.200.200.2/32" ];
+        listenPort = 51820;
+
+        privateKeyFile = "/home/boss/.wg/peer_A.key";
+
+        peers = [
+            {
+                publicKey = "wQSg97FyVqWqkwMbmq1SLolf/MWlt9tIJuE5vKyDiRI=";
+
+                allowedIPs = [ "0.0.0.0/0" ];
+
+                endpoint = "139.144.99.248:51820";
+
+                persistentKeepalive = 25;
+            }
+        ];
+    };
+
+    # Set your time zone.
+    time.timeZone = "NZ";
+
+    # Configure network proxy if necessary
+    # networking.proxy.default = "http://user:password@proxy:port/";
+    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+    # Select internationalisation properties.
+    i18n.defaultLocale = "en_US.UTF-8";
+    console = {
+	    font = "Lat2-Terminus16";
+	    #keyMap = "us";
+	    #useXkbConfig = true; # use xkbOptions in tty.
+    };
+
+    # Enable the X11 windowing system.
+    services.xserver = {
+	    enable = true;
+
+	    desktopManager = {
+		    xterm.enable = false;
+            #default = "none";
+	    };
+        
+        deviceSection = ''
+                      Option "DRI" "2"
+                      Option "TearFree" "true"
+                      '';
+
+	    windowManager.i3 = {
+		    enable = true;
+		    package = pkgs.i3-gaps;
+	    };
+
+        windowManager.YATwm = {
+            enable = true;
+            package = inputs.YATwm.packages.x86_64-linux.YATwm;
+        };
+	};
+    programs.i3lock.enable = true;
+    programs.hyprland = {
+        enable = true;
+        #package = inputs.hyprland.packages.${pkgs.system}.hyprland;
+        #portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
+    };
+    services.displayManager = {
+		#defaultSession = "none+i3";
+		sddm.enable = true;
+        #sddm.theme = "catppuccin-macchiato";
+        # ly.enable = true;
+	};
+	# services.xserver.displayManager = {
+    #     lightdm.enable = true;
+    # };
+
+	# Configure keymap in X11
+	services.xserver.xkb.layout = "us";
+	services.xserver.xkb.options = "caps:super";
+
+
+    security.pam.services.swaylock = {};
+
+	# Enable CUPS to print documents.
+	services.printing.enable = true;
+    services.printing.drivers = [ pkgs.hplip ];
+    services.avahi = {
+        enable = true;
+        nssmdns4 = true;
+        openFirewall = true;
+    };
+
+	# Enable sound.
+	#sound.enable = true;
+	services.pipewire =
+	    {
+		    enable = true;
+		    alsa.enable = false;
+		    alsa.support32Bit = false;
+		    pulse.enable = true;
+	    };
+
+    services.upower.enable = true;
+
+	# Enable touchpad support (enabled default in most desktopManager).
+    security.rtkit.enable = true;
+    services.libinput = {
+        enable = true;
+		mouse = {
+			accelProfile = "flat";
+		};
+	};
+
+	# Define a user account. Don't forget to set a password with ‘passwd’.
+	users.users.boss = {
+	    isNormalUser = true;
+	    extraGroups = [ "wheel" "networkmanager" "input" "uinput" ];
+	};
+
+	fonts.packages = with pkgs; [
+	    #(nerdfonts.override { fonts = [ "Cousine" ]; })
+        nerd-fonts.cousine
+	];
+
+	# List packages installed in system profile. To search, run:
+	# $ nix search wget
+	environment.systemPackages = with pkgs;
+	    [
+		    vim
+		    firefox
+		    pfetch
+		    neofetch
+            pinentry-gtk2
+            git
+	    ];
+    documentation.dev.enable = true;
+    
+    hardware.graphics.enable32Bit = true;
+    programs.steam = {
+        enable = true;
+        extraCompatPackages = with pkgs; [
+            proton-ge-bin
+        ];
+    };
+
+	# Some programs need SUID wrappers, can be configured further or are
+	# started in user sessions.
+	# programs.mtr.enable = true;
+	programs.gnupg = {
+        agent = {
+	        enable = true;
+            pinentryPackage = pkgs.pinentry-gtk2;
+        };
+	    #	 enableSSHSupport = true;
+	};
+
+    hardware.bluetooth.enable = true; # enables support for Bluetooth
+    hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
+    services.blueman.enable = true;
+
+    systemd.tmpfiles.rules = [
+        "f /var/lib/systemd/linger/boss" # enables lingering
+    ];
+
+    
+    services.ratbagd.enable = true;
+
+    stylix = {
+        enable = true;
+        
+        base16Scheme = "${pkgs.base16-schemes}/share/themes/material-palenight.yaml";
+
+        image = ../wallpaper.png;
+        targets.grub.useImage = true;
+
+        opacity = {
+            terminal = 0.8;
+        };
+
+        polarity = "dark";
+
+        fonts = {
+            monospace = {
+                package = pkgs.nerd-fonts.cousine;
+                name = "Cousine Nerd Font Mono";
+            };
+
+            serif = {
+                package = pkgs.dejavu_fonts;
+                name = "DejaVu Serif";
+            };
+
+            sansSerif = {
+                package = pkgs.dejavu_fonts;
+                name = "DejaVu Sans";
+            };
+
+            emoji = {
+                package = pkgs.noto-fonts-emoji;
+                name = "Noto Color Emoji";
+            };
+            
+            sizes = {
+                terminal = 10;
+                applications = 10;
+                desktop = 10;
+                popups = 10;
+            };
+        };
+
+        cursor = {
+            package = pkgs.nordzy-cursor-theme;
+            name = "Nordzy-cursors";
+            size = 20;
+        };
+    };
+
+	# Copy the NixOS configuration file and link it from the resulting system
+	# (/run/current-system/configuration.nix). This is useful in case you
+	# accidentally delete configuration.nix.
+	# system.copySystemConfiguration = true;
+
+	# This value determines the NixOS release from which the default
+	# settings for stateful data, like file locations and database versions
+	# on your system were taken. It‘s perfectly fine and recommended to leave
+	# this value at the release version of the first install of this system.
+	# Before changing this value read the documentation for this option
+	# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+	system.stateVersion = "24.05"; # Did you read the comment?
+
+}
diff --git a/computers/server.nix b/computers/server.nix
new file mode 100644
index 0000000..4e66375
--- /dev/null
+++ b/computers/server.nix
@@ -0,0 +1,169 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, inputs, ... }:
+
+{
+    imports =
+        [ # Include the results of the hardware scan.
+            ../hardware-setups/linode.nix
+            ../modules/nix.nix
+            inputs.STK.nixosModules.default
+            inputs.sops.nixosModules.sops
+        ];
+
+    # Use the GRUB 2 boot loader.
+    boot.loader.grub.enable = true;
+    # boot.loader.grub.efiSupport = true;
+    # boot.loader.grub.efiInstallAsRemovable = true;
+    # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+    # Define on which hard drive you want to install Grub.
+    # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+    # networking.hostName = "nixos"; # Define your hostname.
+    # Pick only one of the below networking options.
+    # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+    # Set your time zone.
+    # time.timeZone = "Europe/Amsterdam";
+
+    # Configure network proxy if necessary
+    # networking.proxy.default = "http://user:password@proxy:port/";
+    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+    # Select internationalisation properties.
+    # i18n.defaultLocale = "en_US.UTF-8";
+    # console = {
+    #   font = "Lat2-Terminus16";
+    #   keyMap = "us";
+    #   useXkbConfig = true; # use xkb.options in tty.
+    # };
+
+    # Enable the X11 windowing system.
+    # services.xserver.enable = true;
+
+    security.sudo.wheelNeedsPassword = false;
+
+    sops.defaultSopsFile = ../secrets/test.yaml;
+    sops.defaultSopsFormat = "yaml";
+    
+    sops.age.keyFile = "/home/boss/.config/sops/age/keys.txt";
+
+    sops.secrets = {
+        test-value = {};
+    };
+    
+    services.httpd = {
+        enable = false;
+        virtualHosts."172.105.172.191" = {
+            documentRoot = "/srv/httpd";
+        };
+    };
+    
+
+    # Configure keymap in X11
+    # services.xserver.xkb.layout = "us";
+    # services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+    # Enable CUPS to print documents.
+    # services.printing.enable = true;
+
+    # Enable sound.
+    # services.pulseaudio.enable = true;
+    # OR
+    # services.pipewire = {
+    #   enable = true;
+    #   pulse.enable = true;
+    # };
+
+    # Enable touchpad support (enabled default in most desktopManager).
+    # services.libinput.enable = true;
+
+    # Define a user account. Don't forget to set a password with ‘passwd’.
+    users.users.boss = {
+        isNormalUser = true;
+        extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user.
+        home = "/home/boss";
+        openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ];
+    };
+
+    # programs.firefox.enable = true;
+
+    # List packages installed in system profile.
+    # You can use https://search.nixos.org/ to find more packages (and options).
+    environment.systemPackages = with pkgs; [
+        vim
+        emacs
+        inetutils
+        mtr
+        sysstat
+        git
+    ];
+
+    # Some programs need SUID wrappers, can be configured further or are
+    # started in user sessions.
+    # programs.mtr.enable = true;
+    # programs.gnupg.agent = {
+    #   enable = true;
+    #   enableSSHSupport = true;
+    # };
+
+    # List services that you want to enable:
+
+    # Enable the OpenSSH daemon.
+    # services.openssh.enable = true;
+    services.openssh = {
+        enable = true;
+        settings.PermitRootLogin = "no";
+        settings.PasswordAuthentication = false;
+    };
+
+    services.superTuxKarts = {
+        enable = true;
+	    port = 2757;
+        serverOptions = {
+            server-name = "LUG STK server";
+            server-mode = 0;
+            server-difficulty = 3;
+	        private-server-password = "lug@uoa";
+            motd = "Server for LUG@UoA\nChampionship coming soon!";
+        };
+    };
+
+    # Open ports in the firewall.
+    # networking.firewall.allowedTCPPorts = [ ... ];
+    # networking.firewall.allowedUDPPorts = [ ... ];
+    # Or disable the firewall altogether.
+    # networking.firewall.enable = false;
+
+    networking.usePredictableInterfaceNames = false;
+    networking.useDHCP = false;
+    networking.interfaces.eth0.useDHCP = true;
+
+    # Copy the NixOS configuration file and link it from the resulting system
+    # (/run/current-system/configuration.nix). This is useful in case you
+    # accidentally delete configuration.nix.
+    # system.copySystemConfiguration = true;
+
+    # This option defines the first version of NixOS you have installed on this particular machine,
+    # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+    #
+    # Most users should NEVER change this value after the initial install, for any reason,
+    # even if you've upgraded your system to a new NixOS release.
+    #
+    # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+    # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+    # to actually do that.
+    #
+    # This value being lower than the current NixOS release does NOT mean your system is
+    # out of date, out of support, or vulnerable.
+    #
+    # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+    # and migrated your data accordingly.
+    #
+    # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+    system.stateVersion = "25.05"; # Did you read the comment?
+
+}