split server desktop, move stuff

2023-09-11 19:16:26 +02:00 · 2023-09-11 19:16:26 +02:00 · 5e9a74280e
commit 5e9a74280e
parent 69026cb461
19 changed files with 107 additions and 127 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1,55 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  cfg = config.my;
-  helpers = import ../helpers;
-in {
-  imports = [
-    ./home
-    ./desktop
-    ./i18n.nix
-    ./nixpkgs.nix
-  ];
-
-  config = {
-    networking = {
-      networkmanager.enable = true;
-      firewall.enable = true;
-    };
-
-    # Enable the OpenSSH daemon.
-    services.openssh = {
-      enable = true;
-      settings = {
-        # PermitRootLogin = "no"; # this is managed through authorized keys
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-      };
-    };
-
-    systemd.extraConfig = ''
-      DefaultTimeoutStopSec=12s
-    '';
-
-    programs = {
-      zsh.enable = true;
-
-      git = {
-        enable = true;
-        package = pkgs.gitFull;
-      };
-    };
-
-    environment = {
-      pathsToLink = ["/share/zsh"];
-
-      systemPackages = with pkgs; [
-        lm_sensors
-        tldr
-        ncdu
-      ];
-    };
-  };
-}
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@ -7,8 +7,13 @@
  cfg = config.my.desktop;
 in {
  imports = [
+    <home-manager/nixos>
    ./gnome.nix
    ./kde.nix
+    ./i18n.nix
+    ./nixpkgs.nix
+    ./vinzenz.nix
+    ./ronja.nix
  ];

  options.my.desktop = {
@ -16,6 +21,9 @@ in {
  };

  config = lib.mkIf cfg.enable {
+    home-manager.useUserPackages = true;
+    home-manager.useGlobalPkgs = true;
+
    services = {
      # Enable the X11 windowing system / wayland depending on DE
      xserver.enable = true;
@ -23,7 +31,15 @@ in {
      # Enable CUPS to print documents.
      printing.enable = true;

-      openssh.settings.PermitRootLogin = "no";
+      # Enable the OpenSSH daemon.
+      openssh = {
+        enable = true;
+        settings = {
+          PermitRootLogin = "no";
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+        };
+      };
    };

    # Enable sound with pipewire.
@ -46,20 +62,48 @@ in {
    };

    # unblock kde connect / gsconnect
-    networking.firewall = {
-      allowedTCPPortRanges = [
-        {
-          # KDE Connect
-          from = 1714;
-          to = 1764;
-        }
-      ];
-      allowedUDPPortRanges = [
-        {
-          # KDE Connect
-          from = 1714;
-          to = 1764;
-        }
+    networking = {
+      networkmanager.enable = true;
+      firewall.enable = true;
+
+      firewall = {
+        allowedTCPPortRanges = [
+          {
+            # KDE Connect
+            from = 1714;
+            to = 1764;
+          }
+        ];
+        allowedUDPPortRanges = [
+          {
+            # KDE Connect
+            from = 1714;
+            to = 1764;
+          }
+        ];
+      };
+    };
+
+    systemd.extraConfig = ''
+      DefaultTimeoutStopSec=12s
+    '';
+
+    programs = {
+      zsh.enable = true;
+
+      git = {
+        enable = true;
+        package = pkgs.gitFull;
+      };
+    };
+
+    environment = {
+      pathsToLink = ["/share/zsh"];
+
+      systemPackages = with pkgs; [
+        lm_sensors
+        tldr
+        ncdu
      ];
    };
  };
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@ -4,7 +4,9 @@
  lib,
  ...
 }: let
-  cfg = config.my.gnome;
+  desktopCfg = config.my.desktop;
+  cfg = desktopCfg.gnome;
+
  applyGnomeUserSettings = {
    home.packages = with pkgs; [
      gnome.gpaste
@ -17,7 +19,7 @@
    };
  };
 in {
-  options.my.gnome = {
+  options.my.desktop.gnome = {
    enable = lib.mkEnableOption "gnome desktop";
  };

@ -56,8 +58,8 @@ in {
    ];

    home-manager.users = {
-      vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings;
-      ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings;
+      vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyGnomeUserSettings;
+      ronja = lib.mkIf desktopCfg.ronja.enable applyGnomeUserSettings;
    };
  };
 }
--- a/modules/desktop/i18n.nix
+++ b/modules/desktop/i18n.nix
--- a/modules/desktop/kde.nix
+++ b/modules/desktop/kde.nix
@ -4,7 +4,8 @@
  lib,
  ...
 }: let
-  cfg = config.my.kde;
+  desktopCfg = config.my.desktop;
+  cfg = desktopCfg.kde;

  applyKdeUserSettings = {
    home = {
@ -17,7 +18,7 @@
    };
  };
 in {
-  options.my.kde = {
+  options.my.desktop.kde = {
    enable = lib.mkEnableOption "KDE desktop";
  };

@ -56,8 +57,8 @@ in {
    };

    home-manager.users = {
-      vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings;
-      ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings;
+      vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyKdeUserSettings;
+      ronja = lib.mkIf desktopCfg.ronja.enable applyKdeUserSettings;
    };
  };
 }
--- a/modules/desktop/nixpkgs.nix
+++ b/modules/desktop/nixpkgs.nix
--- a/modules/desktop/ronja.nix
+++ b/modules/desktop/ronja.nix
@ -5,9 +5,9 @@
  ...
 }:
 with lib; let
-  cfg = config.my.home.ronja;
+  cfg = config.my.desktop.ronja;
 in {
-  options.my.home.ronja = {
+  options.my.desktop.ronja = {
    enable = lib.mkEnableOption "user ronja";
  };

@ -21,7 +21,6 @@ in {
    };

    # home manager
-    my.home.enable = true;
    home-manager.users.ronja = {
      config,
      pkgs,
--- a/modules/desktop/vinzenz.nix
+++ b/modules/desktop/vinzenz.nix
@ -4,9 +4,9 @@
  lib,
  ...
 }: let
-  cfg = config.my.home.vinzenz;
+  cfg = config.my.desktop.vinzenz;
 in {
-  options.my.home.vinzenz = {
+  options.my.desktop.vinzenz = {
    enable = lib.mkEnableOption "user vinzenz";
  };

@ -20,7 +20,6 @@ in {
    };

    # home manager
-    my.home.enable = true;
    home-manager.users.vinzenz = {
      config,
      pkgs,
--- a/modules/hardware/common-desktop.nix
+++ b/modules/hardware/common-desktop.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  isEnabled = config.my.hardware.common-desktop.enable;
+in {
+  imports = [
+  ];
+
+  options.my.hardware.common-desktop = {
+    enable = lib.mkEnableOption "common desktop hardware settings";
+  };
+
+  config = lib.mkIf isEnabled {
+    boot.loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+    # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+    hardware.enableRedistributableFirmware = true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  };
+}
--- a/modules/hardware/default.nix
+++ b/modules/hardware/default.nix
@ -0,0 +1,32 @@
+hostName: {
+  modulesPath,
+  lib,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (builtins.toString ./. + "/${hostName}.nix")
+    ./common-desktop.nix
+  ];
+
+  config = {
+    networking.hostName = hostName;
+
+    boot.loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+    # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+    hardware.enableRedistributableFirmware = true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  };
+}
--- a/modules/hardware/hetzner-vpn1.nix
+++ b/modules/hardware/hetzner-vpn1.nix
@ -0,0 +1,80 @@
+{
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.cleanTmpDir = true;
+  zramSwap.enable = true;
+  networking.domain = "";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/77CF-345D";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "8.8.8.8"
+    ];
+    defaultGateway = "172.31.1.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "157.90.146.125";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2a01:4f8:c012:7137::1";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::9400:2ff:fe87:7fc9";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "172.31.1.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
+        ];
+      };
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0"
+
+  '';
+}
--- a/modules/hardware/vinzenz-lpt.nix
+++ b/modules/hardware/vinzenz-lpt.nix
@ -0,0 +1,32 @@
+{...}: {
+  config = {
+    my.hardware.common-desktop.enable = true;
+
+    boot = {
+      initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
+      initrd.kernelModules = [];
+      kernelModules = ["kvm-intel"];
+      extraModulePackages = [];
+      loader.efi.efiSysMountPoint = "/boot/efi";
+    };
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf";
+        fsType = "btrfs";
+        options = ["subvol=@"];
+      };
+
+      "/boot/efi" = {
+        device = "/dev/disk/by-uuid/2381-1CD2";
+        fsType = "vfat";
+      };
+    };
+
+    swapDevices = [
+      {device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";}
+    ];
+
+    hardware.cpu.intel.updateMicrocode = true;
+  };
+}
--- a/modules/hardware/vinzenz-pc2.nix
+++ b/modules/hardware/vinzenz-pc2.nix
@ -0,0 +1,55 @@
+{...}: {
+  config = {
+    my.hardware.common-desktop.enable = true;
+
+    boot = {
+      initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage"
+      initrd.kernelModules = [];
+      kernelModules = ["kvm-amd"];
+      extraModulePackages = [];
+      loader.efi.efiSysMountPoint = "/boot";
+    };
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+        fsType = "btrfs";
+        options = ["subvol=@"];
+      };
+
+      "/home" = {
+        device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+        fsType = "btrfs";
+        options = ["subvol=@home"];
+      };
+
+      "/games" = {
+        device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+        fsType = "btrfs";
+        options = ["subvol=@games"];
+      };
+
+      "/boot" = {
+        device = "/dev/disk/by-uuid/AF67-8F16";
+        fsType = "vfat";
+      };
+
+      "/mnt/nixos_btrfs_root" = {
+        # subvolume with id 5 is always the root volume
+        # this is convenient for managing the flat subvolume hierarchy
+        device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8";
+        fsType = "btrfs";
+        options = ["subvolid=5"];
+      };
+
+      "/mnt/ssd2" = {
+        device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a";
+        fsType = "ext4";
+      };
+    };
+
+    swapDevices = [];
+
+    hardware.cpu.amd.updateMicrocode = true;
+  };
+}
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -1,25 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.my.home;
-in {
-  imports =
-    [
-      ./vinzenz.nix
-      ./ronja.nix
-      # enable home manager
-    ]
-    ++ lib.optional (builtins.pathExists <home-manager/nixos>) <home-manager/nixos>;
-
-  options.my.home = {
-    enable = lib.mkEnableOption "my home management";
-  };
-
-  config = lib.mkIf cfg.enable {
-    home-manager.useUserPackages = true;
-    home-manager.useGlobalPkgs = true;
-  };
-}
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -14,13 +14,25 @@ in {

  config = lib.mkIf cfg.enable {
    services = {
-      services.openssh.enable = true;
+      # Enable the OpenSSH daemon.
+      services.openssh = {
+        enable = true;
+        settings = {
+          # PermitRootLogin = "no"; # this is managed through authorized keys
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+        };
+      };
+
    };

    programs = {
+      git.enable = true;
+      zsh.enable = true;
    };

    networking.firewall = {
+      enable = true;
      allowedTCPPortRanges = [
        {
          # ssh
@ -29,5 +41,11 @@ in {
        }
      ];
    };
+
+    environment = {
+      systemPackages = with pkgs; [
+        ncdu
+      ];
+    };
  };
 }