Incorporate NixOS configuration

TL;DR:
- Move /etc/nixos/configuration.nix -> //nixos/configuration.nix
- Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix
- Document installer.nix
- Create rebuild.nix wrapper around `sudo nixos-rebuild switch`

Previously I sketched ideas for the configuration.nix for socrates -- also known
as flattop -- the inexpensive Acer laptop residing in my flat and stored that
configuration.nix file in briefcase. Now, however, I have successfully installed
NixOS onto socrates. By default NixOS saves the configuration.nix and
hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files
into briefcase.

Because the command `nixos-rebuild` looks for the NixOS configuration
file in /etc/nixos, I wrote rebuild.nix, which creates a program to
call `nixos-rebuild` with the new location of my configuration.nix.

nixos/configuration.nix

@@ -1,35 +1,140 @@
-{ config, pkgs, ... }:
+{ pkgs ? import <nixpkgs> {}, ... }:
 
-# TODO(wpcarro): Refactor to prefer nested attribute for configuration values
-# instead of using one-liner field accessors.
 {
-  imports = [
-    ./hardware-configuration.nix
-  ];
+  imports = [ ./hardware.nix ];
 
-  # TODO(wpcarro): Is this correct? I believe my laptop only supports BIOS and
-  # not UEFI.
-  boot.loader.grub.device = "/dev/sda";
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "socrates";
-  networking.wireless.enable = true;
-  # Don't remove this.
-  networking.useDHCP = false;
-  networking.interfaces.enp2s0f1.useDHCP = true;
-  networking.interfaces.wlp3s0.useDHCP = true;
+  networking = {
+    hostName = "socrates";
+    # The global useDHCP flag is deprecated, therefore explicitly set to false
+    # here.  Per-interface useDHCP will be mandatory in the future, so this
+    # generated config replicates the default behaviour.
+    useDHCP = false;
+    networkmanager.enable = true;
+    interfaces.enp2s0f1.useDHCP = true;
+    interfaces.wlp3s0.useDHCP = true;
+    firewall.allowedTCPPorts = [ 9418 80 443 ];
+  };
 
   time.timeZone = "UTC";
 
+  programs.fish.enable = true;
+  programs.mosh.enable = true;
+
   environment.systemPackages = with pkgs; [
-    emacs
+    curl
+    direnv
+    emacs26-nox
+    gnupg
+    htop
+    pass
+    vim
+    certbot
+    tree
+    git
   ];
 
-  services.openssh.enable = true;
+  users = {
+    # I need a git group to run the git server.
+    groups.git = {};
 
-  users.users.wpcarro = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
+    users.wpcarro = {
+      isNormalUser = true;
+      extraGroups = [ "git" "wheel" ];
+      shell = pkgs.fish;
+    };
+
+    users.git = {
+      group = "git";
+      isNormalUser = false;
+    };
   };
 
-  system.stateVersion = "20.09";
+  nix = {
+    # Expose depot as <depot>, nixpkgs as <nixpkgs>
+    nixPath = [
+      "briefcase=/home/wpcarro/briefcase"
+      "depot=/home/wpcarro/depot"
+      "nixpkgs=/home/wpcarro/nixpkgs"
+    ];
+
+    # Allow wpcarro to call nixos-rebuild
+    trustedUsers = [ "root" "wpcarro" ];
+  };
+
+  ##############################################################################
+  # Services
+  ##############################################################################
+  services.openssh.enable = true;
+
+  services.lorri.enable = true;
+
+  # TODO(wpcarro): Expose the Monzo credentials to this job. Currently they're
+  # managed with direnv and pass, which presumably systemd isn't accessing.
+  systemd.user.services.monzo-token-server = {
+    enable = true;
+    description = "Ensure my Monzo access token is valid";
+    script = "/home/wpcarro/.nix-profile/bin/token-server";
+
+    serviceConfig = {
+      WorkingDirectory = "%h/briefcase/monzo_ynab";
+      Type = "oneshot";
+    };
+  };
+
+  services.gitDaemon = {
+    enable = true;
+    basePath = "/srv/git";
+    exportAll = true;
+    repositories = [ "/srv/git/briefcase" ];
+  };
+
+  # Since I'm using this laptop as a server in my flat, I'd prefer to close its
+  # lid.
+  services.logind.lidSwitch = "ignore";
+
+  # Provision SSL certificates to support HTTPS connections.
+  security.acme.acceptTerms = true;
+  security.acme.certs."wpcarro.dev".email = "wpcarro@gmail.com";
+
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    commonHttpConfig = ''
+      log_format json_combined escape=json
+      '{'
+          '"time_local":"$time_local",'
+          '"remote_addr":"$remote_addr",'
+          '"remote_user":"$remote_user",'
+          '"request":"$request",'
+          '"status": "$status",'
+          '"body_bytes_sent":"$body_bytes_sent",'
+          '"request_time":"$request_time",'
+          '"http_referrer":"$http_referer",'
+          '"http_user_agent":"$http_user_agent"'
+      '}';
+      access_log syslog:server=unix:/dev/log json_combined;
+    '';
+
+    virtualHosts.blog = {
+      serverName = "blog.wpcarro.dev";
+      useACMEHost = "wpcarro.dev";
+      addSSL = true;
+      extraConfig = ''
+        location / {
+          proxy_pass http://localhost:80
+        }
+      '';
+    };
+  };
+
+  system.stateVersion = "20.09"; # Did you read the comment?
 }

nixos/hardware.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/aadf1a77-1e98-4b5f-8e74-abf8e77bda34";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1613-35B9";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 2;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

nixos/installer.nix

@@ -1,3 +1,4 @@
+# This expression can be used to create NixOS .iso images.
 { config, pkgs, ...  }:
 
 {

nixos/rebuild.nix

@@ -0,0 +1,9 @@
+{ pkgs ? import <nixpkgs> {}, ... }:
+
+pkgs.writeShellScriptBin "rebuild" ''
+  set -ue
+  sudo nixos-rebuild \
+    -I nixos-config=/home/wpcarro/briefcase/nixos/configuration.nix \
+    -I nixpkgs=/home/wpcarro/nixpkgs \
+    switch
+''