restructure flake, remove ona-book

partially based on https://codeberg.org/kiara/cfg
2025-03-15 11:03:03 +01:00 · 2025-03-15 11:03:03 +01:00 · 7153f0836a
parent a620f86204
commit 7153f0836a
17 changed files with 189 additions and 337 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,33 +22,34 @@
      lix-module,
      nixos-hardware,
    }:
    let
      devices = {
        vinzenz-lpt2 = "x86_64-linux";
        vinzenz-pc2 = "x86_64-linux";
        hetzner-vpn2 = "aarch64-linux";
        forgejo-runner-1 = "aarch64-linux";
      };
      forDevice = f: nixpkgs.lib.mapAttrs f devices;
    in
    {
-      nixosConfigurations =
+      nixosConfigurations = forDevice (
-        let
+        device: system:
-          host-params = {
+        nixpkgs.lib.nixosSystem {
-            inherit nixpkgs;
+          inherit system;
-            inherit home-manager;
+          modules = [
-            inherit lix-module;
+            lix-module.nixosModules.default
-            inherit nixos-hardware;
+            home-manager.nixosModules.home-manager
-            common-modules = [
+
-              lix-module.nixosModules.default
+            { networking.hostName = device; }
-              ./common
+
-            ];
+            ./common
-            desktop-modules = [
+
-              home-manager.nixosModules.home-manager
+            ./hosts/${device}/hardware.nix
-              ./home
+            ./hosts/${device}/imports.nix
-              ./modules/desktop-environment.nix
+            ./hosts/${device}/configuration.nix
-              ./modules/desktop-hardware.nix
+          ];
-            ];
+        }
-          };
+      );
        in
        {
          vinzenz-lpt2 = import ./hosts/vinzenz-lpt2 host-params;
          vinzenz-pc2 = import ./hosts/vinzenz-pc2 host-params;
          hetzner-vpn2 = import ./hosts/hetzner-vpn2 host-params;
          forgejo-runner-1 = import ./hosts/forgejo-runner-1 host-params;
          ona-book = import ./hosts/ona-book host-params;
        };
      formatter = {
        x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
--- a/hosts/forgejo-runner-1/configuration.nix
+++ b/hosts/forgejo-runner-1/configuration.nix
@ -0,0 +1,15 @@
 { pkgs, ... }:
 {
  # uncomment for build check on non arm system (requires --impure)
  # nixpkgs.buildPlatform = builtins.currentSystem;
  services.tailscale.useRoutingFeatures = "both";
  system.autoUpgrade.allowReboot = true;
  users.users = {
    root.openssh.authorizedKeys.keys = [
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
    ];
  };
 }
--- a/hosts/forgejo-runner-1/default.nix
+++ b/hosts/forgejo-runner-1/default.nix
@ -1,27 +0,0 @@
 { nixpkgs, common-modules, ... }:
 nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  modules = common-modules ++ [
    ./hardware.nix
    ../../users/vinzenz.nix
    ../../modules/podman.nix
    ./forgejo-runner.nix
    { networking.hostName = "forgejo-runner-1"; }
    {
      # uncomment for build check on non arm system (requires --impure)
      # nixpkgs.buildPlatform = builtins.currentSystem;
    }
    {
      services.tailscale.useRoutingFeatures = "both";
      system.autoUpgrade.allowReboot = true;
      users.users = {
        root.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
        ];
      };
    }
  ];
 }
--- a/hosts/forgejo-runner-1/imports.nix
+++ b/hosts/forgejo-runner-1/imports.nix
@ -0,0 +1,7 @@
 {
  imports = [
    ../../users/vinzenz.nix
    ../../modules/podman.nix
    ./forgejo-runner.nix
  ];
 }
--- a/hosts/hetzner-vpn2/configuration.nix
+++ b/hosts/hetzner-vpn2/configuration.nix
@ -0,0 +1,27 @@
 { pkgs, ... }:
 {
  # uncomment for build check on non arm system (requires --impure)
  # nixpkgs.buildPlatform = builtins.currentSystem;
  services.tailscale.useRoutingFeatures = "both";
  users.users = {
    root.openssh.authorizedKeys.keys = [
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
    ];
    vinzenz.openssh.authorizedKeys.keys = [
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
    ];
    ronja.openssh.authorizedKeys.keys = [
      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
    ];
  };
  system.autoUpgrade.allowReboot = true;
 }
--- a/hosts/hetzner-vpn2/default.nix
+++ b/hosts/hetzner-vpn2/default.nix
@ -1,40 +0,0 @@
 { nixpkgs, common-modules, ... }:
 nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  modules = common-modules ++ [
    ./hardware.nix
    ./nginx.nix
    ../../users/vinzenz.nix
    ../../users/ronja.nix
    { networking.hostName = "hetzner-vpn2"; }
    {
      # uncomment for build check on non arm system (requires --impure)
      # nixpkgs.buildPlatform = builtins.currentSystem;
    }
    {
      services.tailscale.useRoutingFeatures = "both";
    }
    {
      users.users = {
        root.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
        ];
        vinzenz.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
        ];
        ronja.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
        ];
      };
    }
    {
      system.autoUpgrade.allowReboot = true;
    }
  ];
 }
--- a/hosts/hetzner-vpn2/imports.nix
+++ b/hosts/hetzner-vpn2/imports.nix
@ -0,0 +1,7 @@
 {
  imports = [
    ./nginx.nix
    ../../users/vinzenz.nix
    ../../users/ronja.nix
  ];
 }
--- a/hosts/ona-book/default.nix
+++ b/hosts/ona-book/default.nix
@ -1,46 +0,0 @@
 {
  nixpkgs,
  common-modules,
  desktop-modules,
  nixos-hardware,
  home-manager,
  ...
 }:
 nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules = common-modules ++ [
    home-manager.nixosModules.home-manager
    ../../home
    ../../modules/desktop-environment.nix
    nixos-hardware.nixosModules.apple-macbook-pro-14-1
    { allowedUnfreePackages = [ "b43-firmware" ]; }
    ./hardware.nix
    ../../home/gnome.nix
    ../../users/ronja.nix
    ../../modules/gnome.nix
    {
      networking = {
        hostName = "ona-book";
        networkmanager.enable = true;
      };
      services.xserver.xkb = {
        layout = "us";
        options = "eurosign:e,caps:escape";
      };
    }
    {
      home-manager.users.ronja = import ../../home/ronja;
      users.users.ronja.openssh.authorizedKeys.keys = [
      ];
    }
    {
    }
  ];
 }
--- a/hosts/ona-book/hardware.nix
+++ b/hosts/ona-book/hardware.nix
@ -1,79 +0,0 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/hardware/network/broadcom-43xx.nix")
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  config = {
    boot = {
      initrd.availableKernelModules = [
        "xhci_pci"
        "nvme"
        "usb_storage"
        "sd_mod"
      ];
      initrd.kernelModules = [ ];
      kernelModules = [
        "kvm-intel"
        "snd_hda_codec_cs8409"
        "hci_uart"
        "bluetooth"
        "btbcm"
      ];
      extraModulePackages = [ ];
      blacklistedKernelModules = [ ];
      kernelParams = [];
      loader = {
        efi.canTouchEfiVariables = true;
        systemd-boot = {
          enable = true;
          editor = false; # do not allow changing kernel parameters
          consoleMode = "max";
        };
      };
    };
    fileSystems = {
      "/" = {
        device = "/dev/disk/by-uuid/15220182-5617-4963-814e-19ff29b7db8c";
        fsType = "btrfs";
      };
      "/boot" = {
        device = "/dev/disk/by-uuid/1C7D-07C1";
        fsType = "vfat";
        options = [
          "fmask=0077"
          "dmask=0077"
        ];
      };
    };
    swapDevices = [
      { device = "/dev/disk/by-uuid/e4c91c7e-8b62-48e4-923d-4d750ebbc7db"; }
    ];
    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
    # (the default) this is the recommended approach. When using systemd-networkd it's
    # still possible to use this option, but it's recommended to use it in conjunction
    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
    networking.useDHCP = lib.mkDefault true;
    # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    hardware.enableAllFirmware = true;
    nixpkgs.config.allowUnfree = true;
    hardware.enableRedistributableFirmware = true;
    hardware.facetimehd.enable = true;
  };
 }
--- a/hosts/vinzenz-lpt2/configuration.nix
+++ b/hosts/vinzenz-lpt2/configuration.nix
@ -0,0 +1,34 @@
 {
  pkgs,
  ...
 }:
 {
  imports = [ ./nginx.nix ];
  networking.networkmanager.enable = true;
  nix.settings.extra-platforms = [
    "aarch64-linux"
    "i686-linux"
  ];
  services.xserver.xkb = {
    # Configure keymap in X11
    layout = "de";
    variant = "";
  };
  # Configure console keymap
  console.keyMap = "de";
  home-manager.users.vinzenz = import ../../home/vinzenz;
  users.users.vinzenz.openssh.authorizedKeys.keys = [
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
  ];
  #users.users.ronja.openssh.authorizedKeys.keys = [
  #  ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
  #];
  programs.adb.enable = true;
 }
--- a/hosts/vinzenz-lpt2/default.nix
+++ b/hosts/vinzenz-lpt2/default.nix
@ -1,60 +0,0 @@
 {
  nixpkgs,
  common-modules,
  desktop-modules,
  ...
 }:
 nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules =
    common-modules
    ++ desktop-modules
    ++ [
      ./hardware.nix
      ./nginx.nix
      ../../home/gnome.nix
      ../../users/vinzenz.nix
      ../../modules/gnome.nix
      ../../modules/gaming.nix
      ../../modules/printing.nix
      ../../modules/podman.nix
      {
        networking = {
          hostName = "vinzenz-lpt2";
          networkmanager.enable = true;
        };
        nix.settings.extra-platforms = [
          "aarch64-linux"
          "i686-linux"
        ];
        services.xserver.xkb = {
          # Configure keymap in X11
          layout = "de";
          variant = "";
        };
        # Configure console keymap
        console.keyMap = "de";
      }
      {
        home-manager.users.vinzenz = import ../../home/vinzenz;
        users.users.vinzenz.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
        ];
        #users.users.ronja.openssh.authorizedKeys.keys = [
        #  ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
        #];
      }
      {
        programs.adb.enable = true;
      }
    ];
 }
--- a/hosts/vinzenz-lpt2/imports.nix
+++ b/hosts/vinzenz-lpt2/imports.nix
@ -0,0 +1,15 @@
 {
  imports = [
    ../../home/gnome.nix
    ../../users/vinzenz.nix
    ../../modules/gnome.nix
    ../../modules/gaming.nix
    ../../modules/printing.nix
    ../../modules/podman.nix
    ../../home
    ../../modules/desktop-environment.nix
    ../../modules/desktop-hardware.nix
  ];
 }
--- a/hosts/vinzenz-pc2/configuration.nix
+++ b/hosts/vinzenz-pc2/configuration.nix
@ -0,0 +1,40 @@
 {
  pkgs,
  ...
 }:
 {
  imports = [
    ./hardware.nix
    ./vscode-server.nix
  ];
  networking.networkmanager.enable = true;
  nix.settings.extra-platforms = [
    "aarch64-linux"
    "i686-linux"
  ];
  services.xserver.xkb = {
    # Configure keymap in X11
    layout = "de";
    variant = "";
  };
  # Configure console keymap
  console.keyMap = "de";
  home-manager.users = {
    vinzenz = import ../../home/vinzenz;
    ronja = import ../../home/ronja;
  };
  users.users.vinzenz.openssh.authorizedKeys.keys = [
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
  ];
  users.users.ronja.openssh.authorizedKeys.keys = [
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
  ];
 }
--- a/hosts/vinzenz-pc2/default.nix
+++ b/hosts/vinzenz-pc2/default.nix
@ -1,59 +0,0 @@
 {
  nixpkgs,
  common-modules,
  desktop-modules,
  ...
 }:
 nixpkgs.lib.nixosSystem {
  system = "x86_64-linux";
  modules =
    common-modules
    ++ desktop-modules
    ++ [
      ./hardware.nix
      ./vscode-server.nix
      ../../home/gnome.nix
      ../../users/vinzenz.nix
      ../../users/ronja.nix
      ../../modules/gnome.nix
      ../../modules/gaming.nix
      ../../modules/printing.nix
      ../../modules/podman.nix
      {
        networking = {
          hostName = "vinzenz-pc2";
          networkmanager.enable = true;
        };
        nix.settings.extra-platforms = [
          "aarch64-linux"
          "i686-linux"
        ];
        services.xserver.xkb = {
          # Configure keymap in X11
          layout = "de";
          variant = "";
        };
        # Configure console keymap
        console.keyMap = "de";
      }
      {
        home-manager.users = {
          vinzenz = import ../../home/vinzenz;
          ronja = import ../../home/ronja;
        };
        users.users.vinzenz.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
        ];
        users.users.ronja.openssh.authorizedKeys.keys = [
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
        ];
      }
    ];
 }
--- a/hosts/vinzenz-pc2/imports.nix
+++ b/hosts/vinzenz-pc2/imports.nix
@ -0,0 +1,15 @@
 {
  imports = [
    ../../home/gnome.nix
    ../../users/vinzenz.nix
    ../../users/ronja.nix
    ../../modules/gnome.nix
    ../../modules/gaming.nix
    ../../modules/printing.nix
    ../../modules/podman.nix
    ../../home
    ../../modules/desktop-environment.nix
    ../../modules/desktop-hardware.nix
  ];
 }
--- a/modules/gaming.nix
+++ b/modules/gaming.nix
@ -75,6 +75,7 @@
      "steam-original"
      "steam-run"
      "steam-unwrapped"
      "ut1999"
    ];
  };
 }
--- a/users/vinzenz.nix
+++ b/users/vinzenz.nix
@ -14,6 +14,7 @@
        "podman"
        "nginx"
        "adbusers"
        "kvm"
      ];
      shell = pkgs.zsh;
      autoSubUidGidRange = true;