awkawb/linode-nixos-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Andrew Bryant
2024-12-29 15:42:43 -05:00
commit 80acbe079c
20 changed files with 300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
nixos-config/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./hardware
./services
./nix.nix
./state-version.nix
./system-packages.nix
./timezone.nix
];
}

39
nixos-config/hardware/boot.nix Normal file
View File

@@ -0,0 +1,39 @@
{ lib, ... }:
{
boot = {
# Enable LISH and Linode Booting w/ GRUB
loader = {
# Increase Timeout to Allow LISH Connection
# NOTE: The image generator tries to set a timeout of 0, so we must force
timeout = lib.mkDefault 10;
grub = {
enable = true;
forceInstall = true;
device = "nodev";
fsIdentifier = "label";
# Allow serial connection for GRUB to be able to use LISH
extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
};
};
# Add Required Kernel Modules
# NOTE: These are not documented in the install guide
initrd.availableKernelModules = [
"virtio_pci"
"virtio_scsi"
"ahci"
"sd_mod"
];
# Set Up LISH Serial Connection
kernelParams = [ "console=ttyS0,19200n8" ];
kernelModules = [ "virtio_net" ];
};
}

3
nixos-config/hardware/cpu.nix Normal file
View File

@@ -0,0 +1,3 @@
{
hardware.cpu.amd.updateMicrocode = true;
}

10
nixos-config/hardware/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [
./boot.nix
./cpu.nix
./file-systems.nix
./networking.nix
./swap-devices.nix
];
}

9
nixos-config/hardware/file-systems.nix Normal file
View File

@@ -0,0 +1,9 @@
{
fileSystems = {
"/" = {
device = "/dev/sda";
fsType = "ext4";
autoResize = true;
};
};
}

26
nixos-config/hardware/networking.nix Normal file
View File

@@ -0,0 +1,26 @@
{ lib
, domain ? "linode-domain"
, hostname ? "linode-hostname"
, ... }:
{
networking = {
useDHCP = lib.mkForce false;
usePredictableInterfaceNames = false;
interfaces.eth0 = {
useDHCP = true;
# Linode expects IPv6 privacy extensions to be disabled, so disable them
# See: https://www.linode.com/docs/guides/manual-network-configuration/#static-vs-dynamic-addressing
tempAddress = "disabled";
};
domain = domain;
hostName = hostname;
firewall = {
enable = true;
};
};
}

3
nixos-config/hardware/swap-devices.nix Normal file
View File

@@ -0,0 +1,3 @@
{
swapDevices = [ { device = "/dev/sdb"; } ];
}

15
nixos-config/nix.nix Normal file
View File

@@ -0,0 +1,15 @@
{
nix = {
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "weekly";
};
};
}

5
nixos-config/services/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
imports = [
./openssh.nix
];
}

12
nixos-config/services/openssh.nix Normal file
View File

@@ -0,0 +1,12 @@
{
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
}

3
nixos-config/state-version.nix Normal file
View File

@@ -0,0 +1,3 @@
{
system.stateVersion = "24.11";
}

30
nixos-config/system-packages.nix Normal file
View File

@@ -0,0 +1,30 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs;
[
# Install diagnostic tools for Linode support
inetutils
mtr
sysstat
# Base image packages
busybox
gnumake
neovim
wget
];
programs.zsh =
{
enable = true;
vteIntegration = true;
autosuggestions.enable = true;
enableCompletion = true;
ohMyZsh.enable = true;
syntaxHighlighting.enable = true;
};
}

3
nixos-config/timezone.nix Normal file
View File

@@ -0,0 +1,3 @@
{
time.timeZone = "America/New_York";
}