From 1d3d84f871e0ab498f401f189aaa3c4fc246012a Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 8 Feb 2021 13:42:35 +0100
Subject: [PATCH] Add minimal configuration

---
 configuration.nix      | 88 ++++++++++++++++++++++++++++++++++++++++++
 modules/datasync.nix   | 30 ++++++++++++++
 modules/networking.nix | 26 +++++++++++++
 shell.nix              |  9 -----
 4 files changed, 144 insertions(+), 9 deletions(-)
 create mode 100644 configuration.nix
 create mode 100644 modules/datasync.nix
 create mode 100644 modules/networking.nix
 delete mode 100644 shell.nix

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..eaec381
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,88 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Kernel configuration
+  boot = {
+    kernelPackages = pkgs.linuxPackages;
+    kernelModules = [ "kvm-amd" ];
+  };
+
+  # Bootloader configuration
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      configurationLimit = 50;
+    };
+    timeout = 3;
+  };
+
+  # Run Nix garbage collector, while avoiding compiling
+  nix = {
+    autoOptimiseStore = true;
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+    };
+    extraOptions = ''
+      keep-outputs = true
+      keep-derivations = true
+      gc-keep-outputs = true
+    '';
+  };
+
+  # Clean tmp directory on shutdown
+  boot.cleanTmpDir = true;
+
+  # Rotate logs after 14 days
+  services.journald.extraConfig = "SystemMaxFiles=14";
+
+  # Allow propietary software and build packages with Pulseaudio support
+  nixpkgs.config.allowUnfree = true;
+
+  # Scrub zpool monthly
+  services.zfs.autoScrub = {
+    enable = true;
+    interval = "monthly";
+  };
+
+  # Set timezone and synchronize NTP
+  time.timeZone = "Europe/Brussels";
+  services.chrony.enable = true;
+
+  # NixOS version
+  system.stateVersion = "20.09";
+
+  # Create coolneng user
+  users.users.coace = {
+    isNormalUser = true;
+    home = "/home/coace";
+    extraGroups = [ "wheel" "libvirtd" ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea"
+    ];
+  };
+
+  # Set shell and SSH for root user
+  users.users.root = {
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea"
+    ];
+  };
+
+  # Auto-upgrade the system
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+  };
+
+  # Import other configuration modules
+  imports = [
+    ./modules/hardware-configuration.nix
+    ./modules/networking.nix
+    ./modules/datasync.nix
+  ];
+
+}
diff --git a/modules/datasync.nix b/modules/datasync.nix
new file mode 100644
index 0000000..98d1c2b
--- /dev/null
+++ b/modules/datasync.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.samba = {
+    enable = true;
+    securityType = "share";
+    nsswins = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = samba
+      netbios name = samba
+      security = ${config.services.samba.securityType}
+      hosts allow = 192.168.1  localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares.public = {
+      # FIXME Change path accordingly
+      sharepath = "/mnt/Shares/Public";
+      browseable = "yes";
+      "read only" = "no";
+      "guest ok" = "yes";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "nobody";
+      "force group" = "nobody";
+    };
+  };
+}
diff --git a/modules/networking.nix b/modules/networking.nix
new file mode 100644
index 0000000..b570b9b
--- /dev/null
+++ b/modules/networking.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Enable zeroconf
+  services.avahi = {
+    enable = true;
+    nssmdns = true;
+    publish = {
+      enable = true;
+      userServices = true;
+      domain = true;
+      workstation = true;
+    };
+    reflector = true;
+  };
+
+  # Firewall configuration
+  networking.firewall = {
+    # Samba
+    allowedTCPPorts = [ 445 139 ];
+    allowedUDPPorts = [ 137 138 ];
+  };
+
+  # Disable IPv6
+  networking.enableIPv6 = false;
+}
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 81c823e..0000000
--- a/shell.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-
-with pkgs;
-
-mkShell {
-  buildInputs = [
-
-  ];
-}