commit 2a5e18f4940ad47d06e60a54033ba84f757eaf1a Author: Yisroel Baum Date: Sun Mar 22 22:15:52 2026 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e4e5f6c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*~ \ No newline at end of file diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..e67daef --- /dev/null +++ b/configuration.nix @@ -0,0 +1,209 @@ +{ + config, + pkgs, + ... +}: +let + domainName = "yisroelbaum.com"; +in +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.enableContainers = true; + + boot.initrd.luks.devices = { + "luks-59b7ec9a-0ff6-4be8-addd-fb2fff9981a4" = { + device = "/dev/disk/by-uuid/59b7ec9a-0ff6-4be8-addd-fb2fff9981a4"; + }; + }; + networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Asia/Jerusalem"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_IL"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + security.sudo.extraConfig = '' + Defaults timestamp_timeout=120 + ''; + + services.logind.settings.Login = { + HandleLidSwitch = "ignore"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.yisroel = { + isNormalUser = true; + description = "Yisroel"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + # thunderbird + ]; + }; + fonts.packages = with pkgs; [ + nerd-fonts.fira-code + ]; + virtualisation.containers.enable = true; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + # Install firefox. + programs.firefox.enable = true; + + users.users.nginx.extraGroups = [ "acme" ]; + services.nginx = { + enable = true; + virtualHosts = { + "${domainName}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + root = "/var/www/yisroelbaum"; + }; + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + }; + }; + "jellyfin.${domainName}" = { + forceSSL = true; + useACMEHost = "${domainName}"; + locations = { + "/" = { + proxyPass = "http://localhost:8096"; + }; + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + }; + }; + }; + }; + security.acme = { + defaults.webroot = "/var/lib/acme/acme-challenge/"; + acceptTerms = true; + defaults.email = "yisroel.d.baum@gmail.com"; + certs = { + "${domainName}" = { + webroot = "/var/lib/acme/.challenges"; + group = config.services.nginx.group; + extraDomainNames = [ + "jellyfin.${domainName}" + "www.${domainName}" + ]; + reloadServices = [ + "nginx" + ]; + }; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + emacs + dig + htop + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + services.jellyfin = { + enable = true; + }; + + # List services that you want to enable: + services.dnsmasq = { + enable = true; + }; + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.11"; # Did you read the comment? + +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..87d6e69 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773814637, + "narHash": "sha256-GNU+ooRmrHLfjlMsKdn0prEKVa0faVanm0jrgu1J/gY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fea3b367d61c1a6592bc47c72f40a9f3e6a53e96", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..6d87417 --- /dev/null +++ b/flake.nix @@ -0,0 +1,19 @@ +{ + description = "A simple NixOS flake"; + + inputs = { + # NixOS official package source, using the nixos-25.11 branch here + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + }; + + outputs = { self, nixpkgs, ... }@inputs: { + # Please replace my-nixos with your hostname + nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { + modules = [ + # Import the previous configuration.nix we used, + # so the old configuration file still takes effect + ./configuration.nix + ]; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..81b0dda --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/mapper/luks-4ca28d1a-6920-4dad-9e33-4c1f4bb400d1"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-4ca28d1a-6920-4dad-9e33-4c1f4bb400d1".device = "/dev/disk/by-uuid/4ca28d1a-6920-4dad-9e33-4c1f4bb400d1"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/737D-7A34"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/mapper/luks-59b7ec9a-0ff6-4be8-addd-fb2fff9981a4"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}