From 6bfa995c4d29917fb47bf26a9949fdf132891739 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Thu, 11 Dec 2025 22:13:32 +0100 Subject: [PATCH] move more stuf out of flake.nix --- flake.nix | 100 +++--------------- nixosConfigurations/epimetheus/default.nix | 8 ++ .../forgejo-runner-1/default.nix | 4 +- nixosConfigurations/ronja-pc/default.nix | 12 +-- nixosConfigurations/vinzenz-lpt2/default.nix | 18 ++-- nixosConfigurations/vinzenz-pc2/default.nix | 18 ++-- nixosModules/global-settings-desktop.nix | 57 ++++++++++ nixosModules/global-settings.nix | 47 ++++++++ nixosModules/openssh.nix | 2 +- nixosModules/pxvirt-guest.nix | 26 +++++ 10 files changed, 180 insertions(+), 112 deletions(-) create mode 100644 nixosConfigurations/epimetheus/default.nix create mode 100644 nixosModules/global-settings-desktop.nix create mode 100644 nixosModules/global-settings.nix create mode 100644 nixosModules/pxvirt-guest.nix diff --git a/flake.nix b/flake.nix index 6667dad..0af55eb 100644 --- a/flake.nix +++ b/flake.nix @@ -80,7 +80,7 @@ }; outputs = - { + inputs@{ self, nixpkgs, home-manager, @@ -124,6 +124,9 @@ forgejo-runner-1 = { system = "aarch64-linux"; }; + epimetheus = { + system = "aarch64-linux"; + }; }; inherit (nixpkgs) lib; forDevice = f: lib.mapAttrs (device: value: f (value // { inherit device; })) devices; @@ -200,101 +203,28 @@ home-manager-users ? { }, }: let - specialArgs = { - inherit device; - my-nixos-modules = self.nixosModules; + specialArgs = inputs // { + inherit device home-manager-users; }; in nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [ { - networking.hostName = device; + imports = [ + ./nixosConfigurations/${device} + self.nixosModules.global-settings + ] + ++ (lib.optionals (home-manager-users != { }) [ + self.nixosModules.global-settings-desktop + ]); + nixpkgs = { inherit system; hostPlatform = lib.mkDefault system; }; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - - nixpkgs.overlays = [ - self.overlays.unstable-packages - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - documentation = { - info.enable = false; # info pages and the info command - doc.enable = false; # documentation distributed in packages' /share/doc - }; } - - ./nixosConfigurations/${device} - - # keep-sorted start - lanzaboote.nixosModules.lanzaboote - self.nixosModules.allowed-unfree-list - self.nixosModules.autoupdate - self.nixosModules.default - self.nixosModules.extra-caches - self.nixosModules.globalinstalls - self.nixosModules.lix-is-nix - self.nixosModules.openssh - self.nixosModules.prometheus-node - self.nixosModules.systemd-boot - self.nixosModules.tailscale - zerforschen-plus.nixosModules.default - # keep-sorted end - ] - ++ (nixpkgs.lib.optionals (home-manager-users != { }) [ - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - }; - - time.timeZone = "Europe/Berlin"; - - home-manager.sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - self.homeModules.zsh-powerlevel10k - # keep-sorted end - ]; - - home-manager.users = home-manager-users; - } - - # keep-sorted start - home-manager.nixosModules.home-manager - self.nixosModules.en-de - self.nixosModules.firmware-updates - self.nixosModules.gnome - self.nixosModules.kdeconnect - self.nixosModules.modern-desktop - self.nixosModules.niri - self.nixosModules.nix-ld - self.nixosModules.pkgs-unstable - self.nixosModules.pkgs-vscode-extensions - self.nixosModules.quiet-boot - self.nixosModules.stylix - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - # keep-sorted end - ]); + ]; } ); diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix new file mode 100644 index 0000000..02c6ae8 --- /dev/null +++ b/nixosConfigurations/epimetheus/default.nix @@ -0,0 +1,8 @@ +{ self, ... }: +{ + imports = [ self.nixosModules.pxvirt-guest ]; + + config = { + + }; +} diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index 16cf0e5..a8adb69 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,9 +1,9 @@ -{ my-nixos-modules, ... }: +{ self, ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix - my-nixos-modules.podman + self.nixosModules.podman ]; config = { diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 18058a5..7630611 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,17 +1,17 @@ { config, pkgs, - my-nixos-modules, + self, ... }: { imports = [ ./hardware.nix - my-nixos-modules.user-ronja - my-nixos-modules.gnome - my-nixos-modules.steam - my-nixos-modules.wine-gaming - my-nixos-modules.vinzenz-desktop-settings + self.nixosModules.user-ronja + self.nixosModules.gnome + self.nixosModules.steam + self.nixosModules.wine-gaming + self.nixosModules.vinzenz-desktop-settings ]; config = { diff --git a/nixosConfigurations/vinzenz-lpt2/default.nix b/nixosConfigurations/vinzenz-lpt2/default.nix index 1478a41..1c08898 100644 --- a/nixosConfigurations/vinzenz-lpt2/default.nix +++ b/nixosConfigurations/vinzenz-lpt2/default.nix @@ -1,15 +1,15 @@ -{ my-nixos-modules, ... }: +{ self, ... }: { imports = [ ./hardware.nix - my-nixos-modules.user-vinzenz - my-nixos-modules.gnome - my-nixos-modules.wine-gaming - my-nixos-modules.steam - my-nixos-modules.podman - my-nixos-modules.vinzenz-desktop-settings - my-nixos-modules.intel-graphics - my-nixos-modules.secure-boot + self.nixosModules.user-vinzenz + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.intel-graphics + self.nixosModules.secure-boot ]; config = { diff --git a/nixosConfigurations/vinzenz-pc2/default.nix b/nixosConfigurations/vinzenz-pc2/default.nix index 6ebbc16..5f68511 100644 --- a/nixosConfigurations/vinzenz-pc2/default.nix +++ b/nixosConfigurations/vinzenz-pc2/default.nix @@ -1,18 +1,18 @@ -{ pkgs, my-nixos-modules, ... }: +{ pkgs, self, ... }: { imports = [ ./hardware.nix ./vscode-server.nix ./hass.nix - my-nixos-modules.user-vinzenz - my-nixos-modules.gnome - my-nixos-modules.wine-gaming - my-nixos-modules.steam - my-nixos-modules.podman - my-nixos-modules.vinzenz-desktop-settings - my-nixos-modules.amd-graphics - my-nixos-modules.secure-boot + self.nixosModules.user-vinzenz + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.amd-graphics + self.nixosModules.secure-boot ]; config = { diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix new file mode 100644 index 0000000..a92a5d2 --- /dev/null +++ b/nixosModules/global-settings-desktop.nix @@ -0,0 +1,57 @@ +{ + home-manager-users, + self, + home-manager, + servicepoint-cli, + servicepoint-simulator, + servicepoint-tanks, + stylix, + specialArgs, + ... +}: +{ + imports = [ + { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + }; + + time.timeZone = "Europe/Berlin"; + + home-manager.sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + self.homeModules.zsh-powerlevel10k + # keep-sorted end + ]; + + home-manager.users = home-manager-users; + } + + # keep-sorted start + home-manager.nixosModules.home-manager + self.nixosModules.en-de + self.nixosModules.firmware-updates + self.nixosModules.gnome + self.nixosModules.kdeconnect + self.nixosModules.modern-desktop + self.nixosModules.niri + self.nixosModules.nix-ld + self.nixosModules.pkgs-unstable + self.nixosModules.pkgs-vscode-extensions + self.nixosModules.quiet-boot + self.nixosModules.stylix + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + # keep-sorted end + ]; +} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix new file mode 100644 index 0000000..77bddae --- /dev/null +++ b/nixosModules/global-settings.nix @@ -0,0 +1,47 @@ +{ + device, + self, + lanzaboote, + zerforschen-plus, + ... +}: +{ + imports = [ + # keep-sorted start + lanzaboote.nixosModules.lanzaboote + self.nixosModules.allowed-unfree-list + self.nixosModules.autoupdate + self.nixosModules.default + self.nixosModules.extra-caches + self.nixosModules.globalinstalls + self.nixosModules.lix-is-nix + self.nixosModules.openssh + self.nixosModules.prometheus-node + self.nixosModules.systemd-boot + self.nixosModules.tailscale + zerforschen-plus.nixosModules.default + # keep-sorted end + ]; + + config = { + networking.hostName = device; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + + nixpkgs.overlays = [ + self.overlays.unstable-packages + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + documentation = { + info.enable = false; # info pages and the info command + doc.enable = false; # documentation distributed in packages' /share/doc + }; + }; +} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index ed24fe2..7ff8b18 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -3,7 +3,7 @@ enable = true; openFirewall = true; settings = { - PermitRootLogin = "without-password"; + PermitRootLogin = "prohibit-password"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix new file mode 100644 index 0000000..067a0ec --- /dev/null +++ b/nixosModules/pxvirt-guest.nix @@ -0,0 +1,26 @@ +{ modulesPath, lib, ... }: +{ + imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + + config = { + # TODO is this needed? + # nix.settings.sandbox = false; + + proxmoxLXC = { + manageNetwork = false; + privileged = false; + }; + + # Let Proxmox host handle fstrim + services.fstrim.enable = false; + + # TODO is this needed + # Cache DNS lookups to improve performance + services.resolved.extraConfig = '' + Cache=true + CacheFromLocalhost=true + ''; + + boot.loader.systemd-boot.enable = lib.mkForce false; + }; +}