From bae1555f87a400ca615c895d5e5de37c772a8a38 Mon Sep 17 00:00:00 2001
From: turtlebasket <turtlebasket@gmail.com>
Date: Sun, 1 Oct 2023 08:45:16 -0700
Subject: [PATCH] more nix stuff

---
 README.md                          |  43 +++++++++----
 thonkpad/nixhost/configuration.nix | 100 +++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+), 13 deletions(-)
 create mode 100644 thonkpad/nixhost/configuration.nix

diff --git a/README.md b/README.md
index 07001e5..813628b 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,33 @@
 # Michael's Homelab
 
-## Hosts 
+## Host List
 
-| Host | OS   | Services |
-| :--- | :--- | :------- |
-| [Cuddlefish](cuddlefish/) | ![CentOS](https://img.shields.io/badge/centos%207-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea |
-| [Thonkpad](thonkpad/) (portable) | ![Fedora](https://img.shields.io/badge/Fedora-294172?style=for-the-badge&logo=fedora&logoColor=white) | Misc. Projects |
-| [Rocktiplex](rocktiplex/) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom, Status Proxy, RSF Analytics |
-| Cloud8 (under repair) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux%209-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud |
-| [Backup](backup/) (off-site) | ![Ubuntu](https://img.shields.io/badge/Ubuntu-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) | Backup Storage |
+### Devices
 
-## SELinux Notes
+| Host | OS   | Purpose / Services |
+| :--- | :--- | :----------------- |
+| [Thonkpad](thonkpad/) (portable) | ![Fedora](https://img.shields.io/badge/Fedora_37-294172?style=for-the-badge&logo=fedora&logoColor=white) | Misc. Projects |
+| [Cuddlefish](cuddlefish/) | ![CentOS](https://img.shields.io/badge/centos_7-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0) | Gitea |
+| [Rocktiplex](rocktiplex/) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | Fathom, Status Proxy, RSF Analytics |
+| Cloud8 (under repair) | ![Rocky Linux](https://img.shields.io/badge/-Rocky%20Linux_9-%2310B981?style=for-the-badge&logo=rockylinux&logoColor=white) | NextCloud |
+
+### Virtualized Hosts
+
+| VM   | Kind | Machine | OS   | Purpose / Services |
+| :--- | :--- | :------ | :--- | :----------------- |
+| [NixHost](thonkpad/nixhost/) | KVM | Thonkpad | ![NixOS](https://img.shields.io/badge/NIXOS-5277C3.svg?style=for-the-badge&logo=NixOS&logoColor=white) | NixOS Testbed |
+
+### Off-site
+
+| Host | Provider | OS   | Purpose / Services |
+| :--- | :------- | :--- | :----------------- |
+| Backup1 | [TNAHosting](https://tnahosting.net/) | ![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04_LTS-E95420?style=for-the-badge&logo=ubuntu&logoColor=white) | Docker Volume Backups |
+
+## Docker 
+
+Most services are run as Docker containers.
+
+### SELinux Notes
 
 Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it temporarily, or make the following permanent change to `/etc/sysconfig/selinux`:
 
@@ -19,7 +36,7 @@ Docker volumes violate some SELinux policies. Use `setenforce 0` to disable it t
 SELINUX=permissive
 ```
 
-## Dockerized Cloudflared Notes
+### Dockerized Cloudflared Notes
 
 If a docker-compose file looks like this:
 
@@ -27,10 +44,10 @@ If a docker-compose file looks like this:
 services:
   gitea-server:
     image: gitea/gitea:1.19.3
-    ...
+    # ...
   gitea-cloudflared:
     image: cloudflare/cloudflared
-    ...
+    # ...
 ```
 
 Then in this case the name of the target service is `gitea-server`, and (per Docker's networking shenanigans), should be specified **directly by service name,** e.g.
@@ -39,7 +56,7 @@ Then in this case the name of the target service is `gitea-server`, and (per Doc
 https://git.michaellisano.com -> http://gitea-server:3000
 ```
 
-## Backup Decryption Notes
+## Backups
 
 Everything is encrypted with [age](https://github.com/FiloSottile/age).
 
diff --git a/thonkpad/nixhost/configuration.nix b/thonkpad/nixhost/configuration.nix
new file mode 100644
index 0000000..c6e9825
--- /dev/null
+++ b/thonkpad/nixhost/configuration.nix
@@ -0,0 +1,100 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Kernel options - text-only b/c QEMU
+  boot.kernelParams = [ "console=ttyS0" ];
+
+  # Use the GRUB 2 boot loader with BIOS ONLY.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  # NOTE: Because we are in a headless VM, removed:
+  # i18n, networking, X11, sound, CUPS/printing, touchpad
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.nixuser = {
+    isNormalUser = true;
+    home = "/home/nixuser";
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      python311
+      htop
+      bat
+      zsh
+      oh-my-zsh
+      starship
+    ];
+  };
+
+  users.defaultUserShell = pkgs.zsh;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    tree
+    neofetch
+    curl
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  programs.zsh = {
+    enable = true;
+    ohMyZsh = {
+      enable = true;
+      plugins = [ "git" ];
+      theme = "robbyrussell";
+    };
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings.PubkeyAuthentication = true;
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
+
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}