diff --git a/helpers/default.nix b/helpers/default.nix deleted file mode 100644 index 4845b6f..0000000 --- a/helpers/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{lib, ...}: { - mkIfElse = p: yes: no: - lib.mkMerge [ - (lib.mkIf p yes) - (lib.mkIf (!p) no) - ]; -} diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix index b45da07..415b8cb 100644 --- a/hetzner-vpn1.nix +++ b/hetzner-vpn1.nix @@ -1,14 +1,14 @@ {...}: { imports = [ - ./modules - (import ./hardware "hetzner-vpn1") + ./modules/server + (import ./modules/hardware "hetzner-vpn1") ]; config = { my = { - desktop.enable = false; server.enable = true; }; + users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' ]; diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 48e1990..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - pkgs, - ... -}: let - cfg = config.my; - helpers = import ../helpers; -in { - imports = [ - ./home - ./desktop - ./i18n.nix - ./nixpkgs.nix - ]; - - config = { - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - # PermitRootLogin = "no"; # this is managed through authorized keys - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - systemd.extraConfig = '' - DefaultTimeoutStopSec=12s - ''; - - programs = { - zsh.enable = true; - - git = { - enable = true; - package = pkgs.gitFull; - }; - }; - - environment = { - pathsToLink = ["/share/zsh"]; - - systemPackages = with pkgs; [ - lm_sensors - tldr - ncdu - ]; - }; - }; -} diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index dca0499..aa50881 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -7,8 +7,13 @@ cfg = config.my.desktop; in { imports = [ + ./gnome.nix ./kde.nix + ./i18n.nix + ./nixpkgs.nix + ./vinzenz.nix + ./ronja.nix ]; options.my.desktop = { @@ -16,6 +21,9 @@ in { }; config = lib.mkIf cfg.enable { + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + services = { # Enable the X11 windowing system / wayland depending on DE xserver.enable = true; @@ -23,7 +31,15 @@ in { # Enable CUPS to print documents. printing.enable = true; - openssh.settings.PermitRootLogin = "no"; + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; }; # Enable sound with pipewire. @@ -46,20 +62,48 @@ in { }; # unblock kde connect / gsconnect - networking.firewall = { - allowedTCPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } - ]; - allowedUDPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } + networking = { + networkmanager.enable = true; + firewall.enable = true; + + firewall = { + allowedTCPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + allowedUDPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + }; + }; + + systemd.extraConfig = '' + DefaultTimeoutStopSec=12s + ''; + + programs = { + zsh.enable = true; + + git = { + enable = true; + package = pkgs.gitFull; + }; + }; + + environment = { + pathsToLink = ["/share/zsh"]; + + systemPackages = with pkgs; [ + lm_sensors + tldr + ncdu ]; }; }; diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index 96ff7de..38b9fee 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -4,7 +4,9 @@ lib, ... }: let - cfg = config.my.gnome; + desktopCfg = config.my.desktop; + cfg = desktopCfg.gnome; + applyGnomeUserSettings = { home.packages = with pkgs; [ gnome.gpaste @@ -17,7 +19,7 @@ }; }; in { - options.my.gnome = { + options.my.desktop.gnome = { enable = lib.mkEnableOption "gnome desktop"; }; @@ -56,8 +58,8 @@ in { ]; home-manager.users = { - vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings; - ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyGnomeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyGnomeUserSettings; }; }; } diff --git a/modules/i18n.nix b/modules/desktop/i18n.nix similarity index 100% rename from modules/i18n.nix rename to modules/desktop/i18n.nix diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix index aa62262..08b0c03 100644 --- a/modules/desktop/kde.nix +++ b/modules/desktop/kde.nix @@ -4,7 +4,8 @@ lib, ... }: let - cfg = config.my.kde; + desktopCfg = config.my.desktop; + cfg = desktopCfg.kde; applyKdeUserSettings = { home = { @@ -17,7 +18,7 @@ }; }; in { - options.my.kde = { + options.my.desktop.kde = { enable = lib.mkEnableOption "KDE desktop"; }; @@ -56,8 +57,8 @@ in { }; home-manager.users = { - vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings; - ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyKdeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyKdeUserSettings; }; }; } diff --git a/modules/nixpkgs.nix b/modules/desktop/nixpkgs.nix similarity index 100% rename from modules/nixpkgs.nix rename to modules/desktop/nixpkgs.nix diff --git a/modules/home/ronja.nix b/modules/desktop/ronja.nix similarity index 96% rename from modules/home/ronja.nix rename to modules/desktop/ronja.nix index 0b11bea..f7f34f5 100644 --- a/modules/home/ronja.nix +++ b/modules/desktop/ronja.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.my.home.ronja; + cfg = config.my.desktop.ronja; in { - options.my.home.ronja = { + options.my.desktop.ronja = { enable = lib.mkEnableOption "user ronja"; }; @@ -21,7 +21,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.ronja = { config, pkgs, diff --git a/modules/home/vinzenz.nix b/modules/desktop/vinzenz.nix similarity index 98% rename from modules/home/vinzenz.nix rename to modules/desktop/vinzenz.nix index 799eb62..010becb 100644 --- a/modules/home/vinzenz.nix +++ b/modules/desktop/vinzenz.nix @@ -4,9 +4,9 @@ lib, ... }: let - cfg = config.my.home.vinzenz; + cfg = config.my.desktop.vinzenz; in { - options.my.home.vinzenz = { + options.my.desktop.vinzenz = { enable = lib.mkEnableOption "user vinzenz"; }; @@ -20,7 +20,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.vinzenz = { config, pkgs, diff --git a/hardware/common-desktop.nix b/modules/hardware/common-desktop.nix similarity index 100% rename from hardware/common-desktop.nix rename to modules/hardware/common-desktop.nix diff --git a/hardware/default.nix b/modules/hardware/default.nix similarity index 100% rename from hardware/default.nix rename to modules/hardware/default.nix diff --git a/hardware/hetzner-vpn1.nix b/modules/hardware/hetzner-vpn1.nix similarity index 100% rename from hardware/hetzner-vpn1.nix rename to modules/hardware/hetzner-vpn1.nix diff --git a/hardware/vinzenz-lpt.nix b/modules/hardware/vinzenz-lpt.nix similarity index 100% rename from hardware/vinzenz-lpt.nix rename to modules/hardware/vinzenz-lpt.nix diff --git a/hardware/vinzenz-pc2.nix b/modules/hardware/vinzenz-pc2.nix similarity index 100% rename from hardware/vinzenz-pc2.nix rename to modules/hardware/vinzenz-pc2.nix diff --git a/modules/home/default.nix b/modules/home/default.nix deleted file mode 100644 index 5e63d11..0000000 --- a/modules/home/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.my.home; -in { - imports = - [ - ./vinzenz.nix - ./ronja.nix - # enable home manager - ] - ++ lib.optional (builtins.pathExists ) ; - - options.my.home = { - enable = lib.mkEnableOption "my home management"; - }; - - config = lib.mkIf cfg.enable { - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; - }; -} diff --git a/modules/server/default.nix b/modules/server/default.nix index a8f584c..f6874d8 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -14,13 +14,25 @@ in { config = lib.mkIf cfg.enable { services = { - services.openssh.enable = true; + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + # PermitRootLogin = "no"; # this is managed through authorized keys + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; programs = { + git.enable = true; + zsh.enable = true; }; networking.firewall = { + enable = true; allowedTCPPortRanges = [ { # ssh @@ -29,5 +41,11 @@ in { } ]; }; + + environment = { + systemPackages = with pkgs; [ + ncdu + ]; + }; }; } diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix index eb7957d..cf67dd5 100644 --- a/vinzenz-lpt.nix +++ b/vinzenz-lpt.nix @@ -1,13 +1,16 @@ {...}: { imports = [ - ./modules - (import ./hardware "vinzenz-lpt") + ./modules/desktop + (import ./modules/hardware "vinzenz-lpt") ]; config = { my = { - gnome.enable = true; - home.vinzenz.enable = true; + desktop = { + enable = true; + gnome.enable = true; + vinzenz.enable = true; + }; }; services.flatpak.enable = true; diff --git a/vinzenz-pc2.nix b/vinzenz-pc2.nix index 200ed8a..d348a3f 100644 --- a/vinzenz-pc2.nix +++ b/vinzenz-pc2.nix @@ -1,13 +1,14 @@ {...}: { imports = [ ./modules - (import ./hardware "vinzenz-pc2") + (import ./modules/hardware "vinzenz-pc2") ]; config = { my = { - kde.enable = true; - home = { + desktop = { + enable = true; + kde.enable = true; vinzenz.enable = true; ronja.enable = true; };