From b71f8ee6360610f2077dbee66596051af8e6a86a Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 00:04:27 +0200 Subject: [PATCH 1/8] first building version of lpt2 as flake --- README.md | 15 -- common/default.nix | 8 ++ {modules => common}/globalinstalls.nix | 0 {modules => common}/i18n.nix | 0 modules/sshd.nix => common/networking.nix | 10 ++ common/nixpkgs.nix | 46 ++++++ flake.lock | 133 ++++++++++++++++++ flake.nix | 32 +++++ home/default.nix | 14 ++ {modules/desktop => home}/gnome-home.nix | 28 ++-- {modules/users => home}/ronja-home.nix | 0 .../shared-modules.nix | 0 {modules/users => home}/vinzenz-home.nix | 2 +- .../desktop-environment.nix | 24 +--- .../desktop-hardware.nix | 8 +- {modules/desktop => hosts}/gaming.nix | 8 +- {modules/desktop => hosts}/gnome.nix | 10 +- hosts/intel-graphics.nix | 28 ++++ hosts/latex.nix | 14 ++ {modules/desktop => hosts}/printing.nix | 8 +- hosts/vinzenz-lpt2/default.nix | 6 + .../vinzenz-lpt2/environment.nix | 40 ++---- hosts/vinzenz-lpt2/hardware.nix | 62 ++++++++ modules/buildtools.nix | 116 --------------- modules/default.nix | 25 ---- modules/desktop/kde-home.nix | 18 --- modules/desktop/kde.nix | 46 ------ modules/desktop/latex.nix | 20 --- modules/hardware/default.nix | 40 ------ modules/hardware/intel.nix | 42 ------ modules/hardware/vinzenz-lpt.nix | 34 ----- modules/hardware/vinzenz-lpt2.nix | 43 ------ modules/nixpkgs.nix | 80 ----------- modules/tailscale.nix | 19 --- modules/users/default.nix | 24 ---- modules/users/home-manager.nix | 25 ---- {modules => modules_bak}/hardware/amd.nix | 0 .../hardware/hetzner-vpn1.nix | 0 .../hardware/vinzenz-pc2.nix | 0 .../hetzner-vpn1.nix | 0 .../vinzenz-pc2.nix | 0 {modules/users => users}/ronja.nix | 11 +- {modules/users => users}/vinzenz.nix | 6 +- vinzenz-lpt.nix | 28 ---- 44 files changed, 396 insertions(+), 677 deletions(-) delete mode 100644 README.md create mode 100644 common/default.nix rename {modules => common}/globalinstalls.nix (100%) rename {modules => common}/i18n.nix (100%) rename modules/sshd.nix => common/networking.nix (60%) create mode 100644 common/nixpkgs.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/default.nix rename {modules/desktop => home}/gnome-home.nix (85%) rename {modules/users => home}/ronja-home.nix (100%) rename modules/users/home-shared-modules.nix => home/shared-modules.nix (100%) rename {modules/users => home}/vinzenz-home.nix (99%) rename modules/desktop/default.nix => hosts/desktop-environment.nix (86%) rename modules/hardware/common-desktop.nix => hosts/desktop-hardware.nix (86%) rename {modules/desktop => hosts}/gaming.nix (84%) rename {modules/desktop => hosts}/gnome.nix (84%) create mode 100644 hosts/intel-graphics.nix create mode 100644 hosts/latex.nix rename {modules/desktop => hosts}/printing.nix (67%) create mode 100644 hosts/vinzenz-lpt2/default.nix rename vinzenz-lpt2.nix => hosts/vinzenz-lpt2/environment.nix (64%) create mode 100644 hosts/vinzenz-lpt2/hardware.nix delete mode 100644 modules/buildtools.nix delete mode 100644 modules/default.nix delete mode 100644 modules/desktop/kde-home.nix delete mode 100644 modules/desktop/kde.nix delete mode 100644 modules/desktop/latex.nix delete mode 100644 modules/hardware/default.nix delete mode 100644 modules/hardware/intel.nix delete mode 100644 modules/hardware/vinzenz-lpt.nix delete mode 100644 modules/hardware/vinzenz-lpt2.nix delete mode 100644 modules/nixpkgs.nix delete mode 100644 modules/tailscale.nix delete mode 100644 modules/users/default.nix delete mode 100644 modules/users/home-manager.nix rename {modules => modules_bak}/hardware/amd.nix (100%) rename {modules => modules_bak}/hardware/hetzner-vpn1.nix (100%) rename {modules => modules_bak}/hardware/vinzenz-pc2.nix (100%) rename hetzner-vpn1.nix => modules_bak/hetzner-vpn1.nix (100%) rename vinzenz-pc2.nix => modules_bak/vinzenz-pc2.nix (100%) rename {modules/users => users}/ronja.nix (64%) rename {modules/users => users}/vinzenz.nix (74%) delete mode 100644 vinzenz-lpt.nix diff --git a/README.md b/README.md deleted file mode 100644 index 5cee190..0000000 --- a/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# nixos-configuration - -``` -/ -├── modules -│ ├── desktop -│ ├── hardware (includes hostname.nix) -│ └── users -└── hostname.nix (imports modules) -``` - -When adding a new host: `ln -s ./new-devicename.nix /etc/nixos/configuration.nix` - -Use `sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz home-manager` to add home manager support. - diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..326c69c --- /dev/null +++ b/common/default.nix @@ -0,0 +1,8 @@ +{...}: { + imports = [ + ./nixpkgs.nix + ./globalinstalls.nix + ./i18n.nix + ./networking.nix + ]; +} diff --git a/modules/globalinstalls.nix b/common/globalinstalls.nix similarity index 100% rename from modules/globalinstalls.nix rename to common/globalinstalls.nix diff --git a/modules/i18n.nix b/common/i18n.nix similarity index 100% rename from modules/i18n.nix rename to common/i18n.nix diff --git a/modules/sshd.nix b/common/networking.nix similarity index 60% rename from modules/sshd.nix rename to common/networking.nix index 747eeac..94bc82d 100644 --- a/modules/sshd.nix +++ b/common/networking.nix @@ -9,5 +9,15 @@ KbdInteractiveAuthentication = false; }; }; + + services.tailscale = { + enable = true; + openFirewall = true; + }; + + networking.firewall = { + enable = true; + checkReversePath = "loose"; + }; }; } diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix new file mode 100644 index 0000000..eb546a0 --- /dev/null +++ b/common/nixpkgs.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + ... +}: { + options.my.allowUnfreePackages = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + example = ["steam"]; + }; + config = { + nixpkgs.config = { + # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.my.allowUnfreePackages; + }; + + nix = { + settings = { + substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"]; + trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; + }; + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + }; + + system = { + stateVersion = "22.11"; + # enable auto updates + autoUpgrade = { + enable = true; + dates = "weekly"; + }; + }; + + documentation = { + enable = true; # documentation of packages + nixos.enable = false; # nixos documentation + man.enable = true; # manual pages and the man command + info.enable = false; # info pages and the info command + doc.enable = false; # documentation distributed in packages' /share/doc + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5881a01 --- /dev/null +++ b/flake.lock @@ -0,0 +1,133 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1729691686, + "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "lix-module": "lix-module", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c5c9d20 --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = inputs @ { + nixpkgs, + home-manager, + lix-module, + ... + }: { + nixosConfigurations = { + vinzenz-lpt2 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + lix-module.nixosModules.default + home-manager.nixosModules.home-manager + ./common + ./hosts/vinzenz-lpt2 + ]; + }; + }; + }; +} diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..2cf09f9 --- /dev/null +++ b/home/default.nix @@ -0,0 +1,14 @@ +{ + config, + pkgs, + lib, + ... +}: { + config = { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = import ./shared-modules.nix; + }; + }; +} diff --git a/modules/desktop/gnome-home.nix b/home/gnome-home.nix similarity index 85% rename from modules/desktop/gnome-home.nix rename to home/gnome-home.nix index bc61e73..e82151c 100644 --- a/modules/desktop/gnome-home.nix +++ b/home/gnome-home.nix @@ -3,10 +3,8 @@ config, pkgs, ... -}: let - isEnabled = config.my.desktop.enableGnome; -in { - config = lib.mkIf isEnabled { +}: { + config = { home-manager.sharedModules = [ { home.packages = with pkgs; @@ -87,17 +85,17 @@ in { }; }; } - (lib.mkIf config.my.tailscale.enable - { - home.packages = with pkgs; - [ - trayscale - ] - ++ (with gnomeExtensions; [ - tailscale-qs - ]); - dconf.settings."org/gnome/shell".enabled-extensions = ["tailscale@joaophi.github.com"]; - }) + + { + home.packages = with pkgs; + [ + trayscale + ] + ++ (with gnomeExtensions; [ + tailscale-qs + ]); + dconf.settings."org/gnome/shell".enabled-extensions = ["tailscale@joaophi.github.com"]; + } ]; }; } diff --git a/modules/users/ronja-home.nix b/home/ronja-home.nix similarity index 100% rename from modules/users/ronja-home.nix rename to home/ronja-home.nix diff --git a/modules/users/home-shared-modules.nix b/home/shared-modules.nix similarity index 100% rename from modules/users/home-shared-modules.nix rename to home/shared-modules.nix diff --git a/modules/users/vinzenz-home.nix b/home/vinzenz-home.nix similarity index 99% rename from modules/users/vinzenz-home.nix rename to home/vinzenz-home.nix index d2a9554..883d538 100644 --- a/modules/users/vinzenz-home.nix +++ b/home/vinzenz-home.nix @@ -150,7 +150,7 @@ in enable = true; git = true; icons = true; - extraOptions = [ + extraOptions = [ "--group-directories-first" "--header" ]; diff --git a/modules/desktop/default.nix b/hosts/desktop-environment.nix similarity index 86% rename from modules/desktop/default.nix rename to hosts/desktop-environment.nix index 9ff9eef..97fb613 100644 --- a/modules/desktop/default.nix +++ b/hosts/desktop-environment.nix @@ -1,28 +1,10 @@ -modulesCfg: { +{ config, pkgs, lib, ... -}: let - isEnabled = config.my.desktop.enable; - isHomeManager = modulesCfg.enableHomeManager; -in { - imports = - [ - ./gnome.nix - ./kde.nix - ./gaming.nix - ./printing.nix - ./latex.nix - ] - ++ lib.optionals isHomeManager [ - ./gnome-home.nix - ./kde-home.nix - ]; - - options.my.desktop.enable = lib.mkEnableOption "desktop"; - - config = lib.mkIf isEnabled { +}: { + config = { services = { # Enable the X11 windowing system / wayland depending on DE xserver = { diff --git a/modules/hardware/common-desktop.nix b/hosts/desktop-hardware.nix similarity index 86% rename from modules/hardware/common-desktop.nix rename to hosts/desktop-hardware.nix index 05047a2..ac8be03 100644 --- a/modules/hardware/common-desktop.nix +++ b/hosts/desktop-hardware.nix @@ -3,12 +3,8 @@ pkgs, config, ... -}: let - isEnabled = config.my.hardware.enableCommonDesktopSettings; -in { - options.my.hardware.enableCommonDesktopSettings = lib.mkEnableOption "common hw settings for desktops"; - - config = lib.mkIf isEnabled { +}: { + config = { boot = { kernelPackages = pkgs.linuxPackages_zen; kernelParams = ["quiet" "udev.log_level=3"]; diff --git a/modules/desktop/gaming.nix b/hosts/gaming.nix similarity index 84% rename from modules/desktop/gaming.nix rename to hosts/gaming.nix index 81e4011..2154d0f 100644 --- a/modules/desktop/gaming.nix +++ b/hosts/gaming.nix @@ -3,12 +3,8 @@ pkgs, lib, ... -}: let - isEnabled = config.my.desktop.enableGaming; -in { - options.my.desktop.enableGaming = lib.mkEnableOption "gaming with wine"; - - config = lib.mkIf isEnabled { +}: { + config = { hardware = { opengl = { driSupport = true; diff --git a/modules/desktop/gnome.nix b/hosts/gnome.nix similarity index 84% rename from modules/desktop/gnome.nix rename to hosts/gnome.nix index efdf080..58fe4ee 100644 --- a/modules/desktop/gnome.nix +++ b/hosts/gnome.nix @@ -3,14 +3,8 @@ pkgs, lib, ... -}: let - isEnabled = config.my.desktop.enableGnome; -in { - options.my.desktop.enableGnome = lib.mkEnableOption "gnome desktop"; - - config = lib.mkIf isEnabled { - my.desktop.enable = true; - +}: { + config = { services = { xserver = { # Enable the GNOME Desktop Environment. diff --git a/hosts/intel-graphics.nix b/hosts/intel-graphics.nix new file mode 100644 index 0000000..35decc0 --- /dev/null +++ b/hosts/intel-graphics.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = { + hardware.opengl = { + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + intel-ocl + ]; + extraPackages32 = with pkgs.pkgsi686Linux; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; + }; + environment.systemPackages = with pkgs; [ + nvtopPackages.intel + ]; + my.allowUnfreePackages = ["intel-ocl"]; + }; +} diff --git a/hosts/latex.nix b/hosts/latex.nix new file mode 100644 index 0000000..93384bb --- /dev/null +++ b/hosts/latex.nix @@ -0,0 +1,14 @@ +{ + config, + pkgs, + lib, + ... +}: { + config = { + environment.systemPackages = with pkgs; [ + fontconfig + texliveFull + texstudio + ]; + }; +} diff --git a/modules/desktop/printing.nix b/hosts/printing.nix similarity index 67% rename from modules/desktop/printing.nix rename to hosts/printing.nix index ba73ac9..f60272e 100644 --- a/modules/desktop/printing.nix +++ b/hosts/printing.nix @@ -3,12 +3,8 @@ pkgs, lib, ... -}: let - isEnabled = config.my.desktop.enablePrinting; -in { - options.my.desktop.enablePrinting = lib.mkEnableOption "printing"; - - config = lib.mkIf isEnabled { +}: { + config = { services = { # Enable CUPS to print documents. printing.enable = true; diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix new file mode 100644 index 0000000..d8c409e --- /dev/null +++ b/hosts/vinzenz-lpt2/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./hardware.nix + ./environment.nix + ]; +} diff --git a/vinzenz-lpt2.nix b/hosts/vinzenz-lpt2/environment.nix similarity index 64% rename from vinzenz-lpt2.nix rename to hosts/vinzenz-lpt2/environment.nix index 3dcbed0..8b9e6c1 100644 --- a/vinzenz-lpt2.nix +++ b/hosts/vinzenz-lpt2/environment.nix @@ -1,28 +1,17 @@ {pkgs, ...}: { imports = [ - (import ./modules { - hostName = "vinzenz-lpt2"; - enableHomeManager = true; - }) + ../../home + ../../home/gnome-home.nix + ../../users/vinzenz.nix + ../desktop-environment.nix + ../gnome.nix + ../gaming.nix + ../printing.nix + ../latex.nix ]; config = { - my = { - enabledUsers = ["vinzenz" "ronja"]; - tailscale.enable = true; - desktop = { - enableGnome = true; - enableGaming = true; - enablePrinting = true; - enableLaTeX = true; - }; - - allowUnfreePackages = [ - "rider" - "clion" - "pycharm-professional" - ]; - }; + home-manager.users.vinzenz = import ../../home/vinzenz-home.nix; virtualisation = { containers.enable = true; @@ -38,11 +27,11 @@ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' ]; - - users.users.ronja.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' - ]; - + # + #users.users.ronja.openssh.authorizedKeys.keys = [ + # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' + #]; + # services.nginx = { enable = true; @@ -67,6 +56,5 @@ allowedTCPPorts = [80 8001 3000]; allowedUDPPorts = [2342]; }; - }; } diff --git a/hosts/vinzenz-lpt2/hardware.nix b/hosts/vinzenz-lpt2/hardware.nix new file mode 100644 index 0000000..610d40f --- /dev/null +++ b/hosts/vinzenz-lpt2/hardware.nix @@ -0,0 +1,62 @@ +{ + pkgs, + lib, + ... +}: { + imports = [ + ../desktop-hardware.nix + ../intel-graphics.nix + ]; + config = { + # intel cpu + boot.kernelModules = ["kvm-intel"]; + hardware.cpu.intel.updateMicrocode = true; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + boot.initrd = { + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; + luks.devices = { + "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = { + device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3"; + }; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/E2B7-2BC1"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 32 * 1024; + } + ]; + + services.thermald.enable = true; + services.hardware.bolt.enable = true; # thunderbolt security + }; +} diff --git a/modules/buildtools.nix b/modules/buildtools.nix deleted file mode 100644 index bcb260b..0000000 --- a/modules/buildtools.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - cfg = config.my.buildtools; - isDesktop = config.my.desktop.enable; - dotnetPackage = with pkgs.unstable; (dotnetCorePackages.combinePackages [ - dotnet-sdk_8 - ]); -in { - options.my.buildtools = { - native = lib.mkEnableOption "include native build tools"; - dotnet = lib.mkEnableOption "include dotnet build tools"; - rust = lib.mkEnableOption "include rust build tools"; - jetbrains-remote-server = lib.mkEnableOption "setup jetbrais IDE installs so -remote-dev-server can be started"; - objective-c = lib.mkEnableOption "Objective-C with GNUStep"; - js = lib.mkEnableOption "node stuff"; - android = lib.mkEnableOption "android development"; - python = lib.mkEnableOption "generic python 3"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.native { - environment.systemPackages = with pkgs; [ - cmake - gnumake - gcc - gdb - ]; - }) - - (lib.mkIf cfg.dotnet { - environment = { - systemPackages = with pkgs; [ - dotnetPackage - - zlib - zlib.dev - openssl - icu - icu.dev - - # native aot - gcc - libunwind - ]; - variables = { - DOTNET_CLI_TELEMETRY_OPTOUT = "1"; - }; - }; - programs.nix-ld.libraries = with pkgs; [ - # native aot - libunwind - icu - zlib - zlib.dev - openssl - icu - icu.dev - dotnetPackage - ]; - }) - - (lib.mkIf cfg.js { - environment.systemPackages = with pkgs; [ - nodejs - ]; - }) - - (lib.mkIf cfg.rust { - environment.systemPackages = with pkgs; [ - rustup - musl - ]; - }) - - (lib.mkIf cfg.jetbrains-remote-server { - my.buildtools.dotnet = true; - my.buildtools.native = true; - my.buildtools.python = true; - }) - - (lib.mkIf cfg.objective-c { - my.buildtools.native = true; - environment.systemPackages = - (with pkgs.gnustep; [ - gui - make - gorm - base - back - system_preferences - projectcenter - libobjc - gworkspace - ]) - ++ (with pkgs; [ - clang-tools - clang - ]); - }) - - (lib.mkIf cfg.android { - environment.systemPackages = with pkgs; [ - android-tools - android-udev-rules - ]; - }) - - (lib.mkIf cfg.python { - environment.systemPackages = with pkgs; [python3 python3Packages.pip]; - }) - ]; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index f794bcf..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -modulesCfg: {lib, ...}: { - imports = - [ - ./i18n.nix - ./nixpkgs.nix - ./globalinstalls.nix - ./sshd.nix - ./tailscale.nix - ./buildtools.nix - ] - ++ (map (path: (import path modulesCfg)) [ - ./hardware - ./users - ./desktop - ]); - - config = { - my.modulesCfg = modulesCfg; - - networking.firewall = { - enable = true; - checkReversePath = "loose"; - }; - }; -} diff --git a/modules/desktop/kde-home.nix b/modules/desktop/kde-home.nix deleted file mode 100644 index 2ece5e0..0000000 --- a/modules/desktop/kde-home.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: let - isEnabled = config.my.desktop.enableKde; -in { - config = lib.mkIf isEnabled { - home-manager.sharedModules = [ - { - services.kdeconnect = { - enable = true; - indicator = true; - }; - } - ]; - }; -} diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix deleted file mode 100644 index c6b6590..0000000 --- a/modules/desktop/kde.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - isEnabled = config.my.desktop.enableKde; -in { - options.my.desktop.enableKde = lib.mkEnableOption "KDE desktop"; - - config = lib.mkIf isEnabled { - my.desktop.enable = true; - - services = { - # Enable the KDE Plasma Desktop Environment. - xserver = { - desktopManager.plasma5.enable = true; - - displayManager = { - sddm.enable = true; - defaultSession = "plasmawayland"; - }; - }; - }; - - environment = { - systemPackages = with pkgs; [ - libsForQt5.kate - libsForQt5.kalk - ]; - - plasma5.excludePackages = with pkgs.libsForQt5; [ - elisa - gwenview - okular - khelpcenter - ]; - }; - - programs = { - dconf.enable = true; - partition-manager.enable = true; - kdeconnect.enable = true; - }; - }; -} diff --git a/modules/desktop/latex.nix b/modules/desktop/latex.nix deleted file mode 100644 index a0cb9a0..0000000 --- a/modules/desktop/latex.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - isEnabled = config.my.desktop.enableLaTeX; -in { - options.my.desktop.enableLaTeX = lib.mkEnableOption "LaTeX tools and IDE"; - - config = lib.mkIf isEnabled { - my.desktop.enable = true; - - environment.systemPackages = with pkgs; [ - fontconfig - texliveFull - texstudio - ]; - }; -} diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix deleted file mode 100644 index a9a4a84..0000000 --- a/modules/hardware/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -modulesCfg: { - modulesPath, - lib, - ... -}: let - hostName = modulesCfg.hostName; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (builtins.toString ./. + "/${hostName}.nix") - ./common-desktop.nix - ./amd.nix - ./intel.nix - ]; - - options.my.modulesCfg.hostName = lib.mkOption { - type = lib.types.str; - }; - - config = { - networking.hostName = hostName; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - - hardware.enableRedistributableFirmware = true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - }; -} diff --git a/modules/hardware/intel.nix b/modules/hardware/intel.nix deleted file mode 100644 index 271a285..0000000 --- a/modules/hardware/intel.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - cfg = config.my.hardware.intel; -in { - options.my.hardware.intel = { - cpu = lib.mkEnableOption "intel cpu"; - iGpu = lib.mkEnableOption "intel integrated gpu"; - xe = lib.mkEnableOption "intel xe gpu"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.cpu { - boot.kernelModules = ["kvm-intel"]; - hardware.cpu.intel.updateMicrocode = true; - }) - (lib.mkIf (cfg.iGpu || cfg.xe) { - hardware.opengl = { - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-ocl - ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - ]; - }; - environment.systemPackages = with pkgs; [ - nvtopPackages.intel - ]; - my.allowUnfreePackages = ["intel-ocl"]; - }) - ]; -} diff --git a/modules/hardware/vinzenz-lpt.nix b/modules/hardware/vinzenz-lpt.nix deleted file mode 100644 index 5f028ef..0000000 --- a/modules/hardware/vinzenz-lpt.nix +++ /dev/null @@ -1,34 +0,0 @@ -{...}: { - config = { - my.hardware = { - enableCommonDesktopSettings = true; - amd.radeon = true; - intel = { - cpu = true; - iGpu = true; - }; - }; - - boot = { - initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/34cb86c4-8823-4785-9672-92ef0bcd5eaf"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - "/boot/efi" = { - device = "/dev/disk/by-uuid/2381-1CD2"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/f5932f70-60e4-4abe-b23d-2cab3c095c7d";} - ]; - }; -} diff --git a/modules/hardware/vinzenz-lpt2.nix b/modules/hardware/vinzenz-lpt2.nix deleted file mode 100644 index d220276..0000000 --- a/modules/hardware/vinzenz-lpt2.nix +++ /dev/null @@ -1,43 +0,0 @@ -{...}: { - config = { - my.hardware = { - enableCommonDesktopSettings = true; - intel = { - cpu = true; - xe = true; - }; - }; - - boot.initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; - luks.devices = { - "luks-2c654ff2-3c42-48d3-a1e3-9545679afaa3" = { - device = "/dev/disk/by-uuid/2c654ff2-3c42-48d3-a1e3-9545679afaa3"; - }; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/e4dad0c8-26a1-45e9-bbd9-48565eb6574e"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/E2B7-2BC1"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 32 * 1024; - } - ]; - - services.thermald.enable = true; - services.hardware.bolt.enable = true; # thunderbolt security - }; -} diff --git a/modules/nixpkgs.nix b/modules/nixpkgs.nix deleted file mode 100644 index a1444df..0000000 --- a/modules/nixpkgs.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ - config, - lib, - ... -}: let - unstable-commit-sha = "9df3e30ce24fd28c7b3e2de0d986769db5d6225d"; - ultrastable-commit-sha = "2be119add7b37dc535da2dd4cba68e2cf8d1517e"; -in { - options.my.allowUnfreePackages = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - example = ["steam"]; - }; - - imports = [ - # this switches the nix implementation to lix everywhere, but means recompiling lix every build. - # https://lix.systems/add-to-config/ - ( - let - module = fetchTarball { - name = "source"; - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"; - sha256 = "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE="; - }; - lixSrc = fetchTarball { - name = "source"; - url = "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz"; - sha256 = "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc="; - }; - in - import "${module}/module.nix" {lix = lixSrc;} - ) - ]; - - config = { - nixpkgs.config = { - # make nixos-unstable availiable as 'pkgs.unstable' - packageOverrides = pkgs: { - unstable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${unstable-commit-sha}") { - config = config.nixpkgs.config; - }; - ultrastable = import (fetchTarball "https://github.com/nixos/nixpkgs/tarball/${ultrastable-commit-sha}") { - config = config.nixpkgs.config; - }; - }; - - # https://github.com/NixOS/nixpkgs/issues/197325#issuecomment-1579420085 - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.my.allowUnfreePackages; - }; - - nix = { - settings = { - substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"]; - trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; - }; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 7d"; - }; - }; - - system = { - stateVersion = "22.11"; - # enable auto updates - autoUpgrade = { - enable = true; - dates = "weekly"; - }; - }; - - documentation = { - enable = true; # documentation of packages - nixos.enable = false; # nixos documentation - man.enable = true; # manual pages and the man command - info.enable = false; # info pages and the info command - doc.enable = false; # documentation distributed in packages' /share/doc - }; - }; -} diff --git a/modules/tailscale.nix b/modules/tailscale.nix deleted file mode 100644 index b301dcb..0000000 --- a/modules/tailscale.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: let - cfg = config.my.tailscale; -in { - options.my.tailscale = { - enable = lib.mkEnableOption "enable tailscale vpn"; - }; - - config = lib.mkIf cfg.enable { - services.tailscale = { - enable = true; - openFirewall = true; - }; - }; -} diff --git a/modules/users/default.nix b/modules/users/default.nix deleted file mode 100644 index 1d84a1d..0000000 --- a/modules/users/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -modulesCfg: { - config, - pkgs, - lib, - ... -}: let - enableHomeManager = modulesCfg.enableHomeManager; -in { - options.my = { - modulesCfg.enableHomeManager = lib.mkEnableOption "enable home manager"; - enabledUsers = lib.mkOption { - type = lib.types.listOf lib.types.str; - }; - }; - - imports = - [ - ./vinzenz.nix - ./ronja.nix - ] - ++ lib.optionals enableHomeManager [ - ./home-manager.nix - ]; -} diff --git a/modules/users/home-manager.nix b/modules/users/home-manager.nix deleted file mode 100644 index 73adcc6..0000000 --- a/modules/users/home-manager.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - imports = [ - - ]; - - config = { - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - - # defaults for users - sharedModules = import ./home-shared-modules.nix; - - users = { - ronja = lib.mkIf (builtins.elem "ronja" config.my.enabledUsers) (import ./ronja-home.nix); - vinzenz = lib.mkIf (builtins.elem "vinzenz" config.my.enabledUsers) (import ./vinzenz-home.nix); - }; - }; - }; -} diff --git a/modules/hardware/amd.nix b/modules_bak/hardware/amd.nix similarity index 100% rename from modules/hardware/amd.nix rename to modules_bak/hardware/amd.nix diff --git a/modules/hardware/hetzner-vpn1.nix b/modules_bak/hardware/hetzner-vpn1.nix similarity index 100% rename from modules/hardware/hetzner-vpn1.nix rename to modules_bak/hardware/hetzner-vpn1.nix diff --git a/modules/hardware/vinzenz-pc2.nix b/modules_bak/hardware/vinzenz-pc2.nix similarity index 100% rename from modules/hardware/vinzenz-pc2.nix rename to modules_bak/hardware/vinzenz-pc2.nix diff --git a/hetzner-vpn1.nix b/modules_bak/hetzner-vpn1.nix similarity index 100% rename from hetzner-vpn1.nix rename to modules_bak/hetzner-vpn1.nix diff --git a/vinzenz-pc2.nix b/modules_bak/vinzenz-pc2.nix similarity index 100% rename from vinzenz-pc2.nix rename to modules_bak/vinzenz-pc2.nix diff --git a/modules/users/ronja.nix b/users/ronja.nix similarity index 64% rename from modules/users/ronja.nix rename to users/ronja.nix index 61323ba..b8a271d 100644 --- a/modules/users/ronja.nix +++ b/users/ronja.nix @@ -1,12 +1,5 @@ -{ - config, - pkgs, - lib, - ... -}: let - isUserEnabled = builtins.elem "ronja" config.my.enabledUsers; -in { - config = lib.mkIf isUserEnabled { +{pkgs, ...}: { + config = { # Define user account users.users.ronja = { isNormalUser = true; diff --git a/modules/users/vinzenz.nix b/users/vinzenz.nix similarity index 74% rename from modules/users/vinzenz.nix rename to users/vinzenz.nix index 08c3011..e7a38f4 100644 --- a/modules/users/vinzenz.nix +++ b/users/vinzenz.nix @@ -3,10 +3,8 @@ pkgs, lib, ... -}: let - isUserEnabled = builtins.elem "vinzenz" config.my.enabledUsers; -in { - config = lib.mkIf isUserEnabled { +}: { + config = { users.users.vinzenz = { isNormalUser = true; name = "vinzenz"; diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix deleted file mode 100644 index 347fedd..0000000 --- a/vinzenz-lpt.nix +++ /dev/null @@ -1,28 +0,0 @@ -{...}: { - imports = [ - (import ./modules { - hostName = "vinzenz-lpt"; - enableHomeManager = true; - }) - ]; - - config = { - my = { - enabledUsers = ["vinzenz"]; - tailscale.enable = true; - desktop = { - enableGnome = true; - enableGaming = true; - enablePrinting = true; - }; - buildtools = { - dotnet = true; - }; - }; - - users.users.vinzenz.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ]; - }; -} From 160229278171b46bec07ac1806ba9b766a91e95f Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 00:16:05 +0200 Subject: [PATCH 2/8] enable experimental features --- common/nixpkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix index eb546a0..8f5a12b 100644 --- a/common/nixpkgs.nix +++ b/common/nixpkgs.nix @@ -18,6 +18,7 @@ settings = { substituters = ["https://nix-community.cachix.org" "https://cache.nixos.org/"]; trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; + experimental-features = ["nix-command" "flakes"]; }; gc = { automatic = true; From 5944fe5cca787f4faeba40b92c199dc91026376b Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 12:32:15 +0200 Subject: [PATCH 3/8] split config --- flake.nix | 19 +- home/{gnome-home.nix => gnome.nix} | 3 + home/ronja-home.nix | 2 +- home/vinzenz-home.nix | 248 --------------------- home/vinzenz/default.nix | 104 +++++++++ home/vinzenz/git.nix | 16 ++ home/vinzenz/ssh.nix | 47 ++++ home/vinzenz/vscode.nix | 46 ++++ home/vinzenz/zsh.nix | 29 +++ hosts/vinzenz-lpt2/default.nix | 3 + hosts/vinzenz-lpt2/environment.nix | 14 +- hosts/vinzenz-lpt2/hardware.nix | 4 +- {hosts => modules}/desktop-environment.nix | 12 +- {hosts => modules}/desktop-hardware.nix | 0 {hosts => modules}/gaming.nix | 0 {hosts => modules}/gnome.nix | 0 {hosts => modules}/intel-graphics.nix | 0 {hosts => modules}/latex.nix | 0 {hosts => modules}/printing.nix | 0 19 files changed, 271 insertions(+), 276 deletions(-) rename home/{gnome-home.nix => gnome.nix} (98%) delete mode 100644 home/vinzenz-home.nix create mode 100644 home/vinzenz/default.nix create mode 100644 home/vinzenz/git.nix create mode 100644 home/vinzenz/ssh.nix create mode 100644 home/vinzenz/vscode.nix create mode 100644 home/vinzenz/zsh.nix rename {hosts => modules}/desktop-environment.nix (92%) rename {hosts => modules}/desktop-hardware.nix (100%) rename {hosts => modules}/gaming.nix (100%) rename {hosts => modules}/gnome.nix (100%) rename {hosts => modules}/intel-graphics.nix (100%) rename {hosts => modules}/latex.nix (100%) rename {hosts => modules}/printing.nix (100%) diff --git a/flake.nix b/flake.nix index c5c9d20..d50aed4 100644 --- a/flake.nix +++ b/flake.nix @@ -16,16 +16,21 @@ home-manager, lix-module, ... - }: { + }: let + common-modules = [ + lix-module.nixosModules.default + home-manager.nixosModules.home-manager + ./common + ]; + in { nixosConfigurations = { vinzenz-lpt2 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ - lix-module.nixosModules.default - home-manager.nixosModules.home-manager - ./common - ./hosts/vinzenz-lpt2 - ]; + modules = + common-modules + ++ [ + ./hosts/vinzenz-lpt2 + ]; }; }; }; diff --git a/home/gnome-home.nix b/home/gnome.nix similarity index 98% rename from home/gnome-home.nix rename to home/gnome.nix index e82151c..828c0ce 100644 --- a/home/gnome-home.nix +++ b/home/gnome.nix @@ -4,6 +4,9 @@ pkgs, ... }: { + imports = [ + ../modules/gnome.nix + ]; config = { home-manager.sharedModules = [ { diff --git a/home/ronja-home.nix b/home/ronja-home.nix index aed4e1e..0457204 100644 --- a/home/ronja-home.nix +++ b/home/ronja-home.nix @@ -3,7 +3,7 @@ pkgs, ... }: { - home .packages = with pkgs; [ + home.packages = with pkgs; [ ## Apps telegram-desktop kdiff3 diff --git a/home/vinzenz-home.nix b/home/vinzenz-home.nix deleted file mode 100644 index 883d538..0000000 --- a/home/vinzenz-home.nix +++ /dev/null @@ -1,248 +0,0 @@ -{ - config, - osConfig, - pkgs, - lib, - ... -}: let - isGnomeEnabled = osConfig.my.desktop.enableGnome; -in - lib.mkMerge [ - { - home.packages = with pkgs; [ - keepassxc - insync - - telegram-desktop - element-desktop - - wireguard-tools - wirelesstools - - alejandra # nix formatter - - arduino - uucp - - kdiff3 - jetbrains-toolbox - ]; - - programs = { - home-manager.enable = true; - - fzf.enable = true; - - zsh = { - initExtra = '' - eval "$(direnv hook zsh)"; - export PATH=$PATH:/home/vinzenz/.cargo/bin - ''; - - shellAliases = { - my-apply = "sudo nixos-rebuild boot"; - my-switch = "sudo nixos-rebuild switch"; - my-update = "sudo nixos-rebuild boot --upgrade"; - my-pull = "git -C ~/Repos/nixos-configuration pull --rebase"; - my-fmt = "alejandra ."; - my-test = "sudo nixos-rebuild test"; - my-direnvallow = "echo \"use nix\" > .envrc && direnv allow"; - my-ip4 = "ip addr show | grep 192"; - }; - - history = { - size = 10000; - path = "${config.xdg.dataHome}/zsh/history"; - expireDuplicatesFirst = true; - }; - - oh-my-zsh = { - enable = true; - theme = "agnoster"; - plugins = ["git" "sudo" "docker" "systemadmin"]; - }; - }; - - git = { - enable = true; - userName = "Vinzenz Schroeter"; - userEmail = "vinzenz.f.s@gmail.com"; - - aliases = { - prettylog = "log --pretty=oneline --graph"; - spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; - }; - - extraConfig = { - pull.ff = "only"; - merge.tool = "kdiff3"; - push.autoSetupRemote = "true"; - }; - }; - - vscode = { - enable = true; - package = pkgs.vscodium; - enableUpdateCheck = false; - extensions = with pkgs.vscode-extensions; [ - bbenoist.nix - ms-python.python - kamadorueda.alejandra - editorconfig.editorconfig - yzhang.markdown-all-in-one - redhat.vscode-yaml - pkief.material-icon-theme - mhutchie.git-graph - rust-lang.rust-analyzer - tamasfe.even-better-toml - llvm-vs-code-extensions.vscode-clangd - mkhl.direnv - vadimcn.vscode-lldb - ms-dotnettools.csharp - ]; - userSettings = { - "git.autofetch" = true; - "update.mode" = "none"; - "editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace"; - "editor.fontLigatures" = true; - "editor.formatOnSave" = true; - "editor.formatOnSaveMode" = "modificationsIfAvailable"; - "editor.minimap.autohide" = true; - "diffEditor.diffAlgorithm" = "advanced"; - "explorer.excludeGitIgnore" = true; - "markdown.extension.tableFormatter.normalizeIndentation" = true; - "markdown.extension.toc.orderedList" = false; - "telemetry.telemetryLevel" = "off"; - "redhat.telemetry.enabled" = false; - "workbench.startupEditor" = "readme"; - "workbench.enableExperiments" = false; - "workbench.iconTheme" = "material-icon-theme"; - "rust-analyzer.checkOnSave.command" = "clippy"; - "extensions.autoUpdate" = false; - "extensions.autoCheckUpdates" = false; - "\[makefile\]" = { - "editor.insertSpaces" = false; - "editor.detectIndentation" = false; - }; - }; - }; - - direnv = { - enable = true; - nix-direnv.enable = true; - }; - - chromium = { - enable = true; - extensions = [ - { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - } - { - id = "dcpihecpambacapedldabdbpakmachpb"; - updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; - } - ]; - }; - - eza = { - enable = true; - git = true; - icons = true; - extraOptions = [ - "--group-directories-first" - "--header" - ]; - }; - - # checked https://rycee.gitlab.io/home-manager/options.html until "programs.notmuch" - - ssh = { - enable = true; - matchBlocks = { - "vpn1" = { - host = "vpn1 hetzner-vpn1"; - hostname = "157.90.146.125"; # 2a01:4f8:c012:7137::/64 - user = "root"; - }; - "vpn1-ts" = { - host = "vpn1-ts hetzner-vpn1.donkey-pentatonic.ts.net"; - hostname = "hetzner-vpn1.donkey-pentatonic.ts.net"; - user = "root"; - }; - "openwrt" = { - host = "openwrt openwrt.lan"; - hostname = "openwrt.lan"; - user = "root"; - }; - "openwrt-ts" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - port = 2222; - user = "root"; - }; - "openwrt-j" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - proxyJump = "vpn1"; - port = 2222; - user = "root"; - }; - "pc2-power" = { - hostname = "openwrt.donkey-pentatonic.ts.net"; - proxyJump = "vpn1"; - port = 2222; - user = "pc2-power"; - }; - "avd-power" = { - # hostname = "2001:678:560:23:9833:63ff:fe2d:f477" - # hostname = "195.160.172.25"; - hostname = "avd-jumphost.club.berlin.ccc.de"; - user = "power"; - }; - "avd" = { - hostname = "avd.club.berlin.ccc.de"; - user = "vinzenz"; - }; - }; - }; - }; - - editorconfig = { - enable = true; - settings = { - "*" = { - charset = "utf-8"; - end_of_line = "lf"; - trim_trailing_whitespace = true; - insert_final_newline = true; - max_line_width = 120; - indent_style = "space"; - indent_size = 4; - }; - "*.nix" = { - indent_size = 2; - }; - }; - }; - - home.file."policy.json" = { - target = ".config/containers/policy.json"; - text = '' - { - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } - } - ''; - }; - } - ] diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix new file mode 100644 index 0000000..a10b7ca --- /dev/null +++ b/home/vinzenz/default.nix @@ -0,0 +1,104 @@ +inputs @ { + config, + osConfig, + pkgs, + lib, + ... +}: let + isGnomeEnabled = osConfig.my.desktop.enableGnome; +in { + programs = { + home-manager.enable = true; + fzf.enable = true; + zsh = import ./zsh.nix inputs; + git = import ./git.nix; + vscode = import ./vscode.nix inputs; + ssh = import ./ssh.nix; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + chromium = { + enable = true; + extensions = [ + { + # ublock origin + id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; + } + { + id = "dcpihecpambacapedldabdbpakmachpb"; + updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; + } + ]; + }; + + eza = { + enable = true; + git = true; + icons = true; + extraOptions = [ + "--group-directories-first" + "--header" + ]; + }; + }; + + home.packages = with pkgs; [ + keepassxc + insync + + telegram-desktop + element-desktop + + wireguard-tools + wirelesstools + + alejandra # nix formatter + + arduino + uucp + + kdiff3 + jetbrains-toolbox + ]; + + editorconfig = { + enable = true; + settings = { + "*" = { + charset = "utf-8"; + end_of_line = "lf"; + trim_trailing_whitespace = true; + insert_final_newline = true; + max_line_width = 120; + indent_style = "space"; + indent_size = 4; + }; + "*.nix" = { + indent_size = 2; + }; + }; + }; + + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; +} diff --git a/home/vinzenz/git.nix b/home/vinzenz/git.nix new file mode 100644 index 0000000..bb64f13 --- /dev/null +++ b/home/vinzenz/git.nix @@ -0,0 +1,16 @@ +{ + enable = true; + userName = "Vinzenz Schroeter"; + userEmail = "vinzenz.f.s@gmail.com"; + + aliases = { + prettylog = "log --pretty=oneline --graph"; + spring-clean = "!git branch --merged | xargs -n 1 -r git branch -d"; + }; + + extraConfig = { + pull.ff = "only"; + merge.tool = "kdiff3"; + push.autoSetupRemote = "true"; + }; +} diff --git a/home/vinzenz/ssh.nix b/home/vinzenz/ssh.nix new file mode 100644 index 0000000..360958e --- /dev/null +++ b/home/vinzenz/ssh.nix @@ -0,0 +1,47 @@ +{ + enable = true; + matchBlocks = { + "vpn1" = { + host = "vpn1 hetzner-vpn1"; + hostname = "157.90.146.125"; # 2a01:4f8:c012:7137::/64 + user = "root"; + }; + "vpn1-ts" = { + host = "vpn1-ts hetzner-vpn1.donkey-pentatonic.ts.net"; + hostname = "hetzner-vpn1.donkey-pentatonic.ts.net"; + user = "root"; + }; + "openwrt" = { + host = "openwrt openwrt.lan"; + hostname = "openwrt.lan"; + user = "root"; + }; + "openwrt-ts" = { + hostname = "openwrt.donkey-pentatonic.ts.net"; + port = 2222; + user = "root"; + }; + "openwrt-j" = { + hostname = "openwrt.donkey-pentatonic.ts.net"; + proxyJump = "vpn1"; + port = 2222; + user = "root"; + }; + "pc2-power" = { + hostname = "openwrt.donkey-pentatonic.ts.net"; + proxyJump = "vpn1"; + port = 2222; + user = "pc2-power"; + }; + "avd-power" = { + # hostname = "2001:678:560:23:9833:63ff:fe2d:f477" + # hostname = "195.160.172.25"; + hostname = "avd-jumphost.club.berlin.ccc.de"; + user = "power"; + }; + "avd" = { + hostname = "avd.club.berlin.ccc.de"; + user = "vinzenz"; + }; + }; +} diff --git a/home/vinzenz/vscode.nix b/home/vinzenz/vscode.nix new file mode 100644 index 0000000..e88cef4 --- /dev/null +++ b/home/vinzenz/vscode.nix @@ -0,0 +1,46 @@ +{pkgs, ...}: { + enable = true; + package = pkgs.vscodium; + enableUpdateCheck = false; + extensions = with pkgs.vscode-extensions; [ + bbenoist.nix + ms-python.python + kamadorueda.alejandra + editorconfig.editorconfig + yzhang.markdown-all-in-one + redhat.vscode-yaml + pkief.material-icon-theme + mhutchie.git-graph + rust-lang.rust-analyzer + tamasfe.even-better-toml + llvm-vs-code-extensions.vscode-clangd + mkhl.direnv + vadimcn.vscode-lldb + ms-dotnettools.csharp + ]; + userSettings = { + "git.autofetch" = true; + "update.mode" = "none"; + "editor.fontFamily" = "'Fira Code', 'Droid Sans Mono', 'monospace', monospace"; + "editor.fontLigatures" = true; + "editor.formatOnSave" = true; + "editor.formatOnSaveMode" = "modificationsIfAvailable"; + "editor.minimap.autohide" = true; + "diffEditor.diffAlgorithm" = "advanced"; + "explorer.excludeGitIgnore" = true; + "markdown.extension.tableFormatter.normalizeIndentation" = true; + "markdown.extension.toc.orderedList" = false; + "telemetry.telemetryLevel" = "off"; + "redhat.telemetry.enabled" = false; + "workbench.startupEditor" = "readme"; + "workbench.enableExperiments" = false; + "workbench.iconTheme" = "material-icon-theme"; + "rust-analyzer.checkOnSave.command" = "clippy"; + "extensions.autoUpdate" = false; + "extensions.autoCheckUpdates" = false; + "\[makefile\]" = { + "editor.insertSpaces" = false; + "editor.detectIndentation" = false; + }; + }; +} diff --git a/home/vinzenz/zsh.nix b/home/vinzenz/zsh.nix new file mode 100644 index 0000000..c6d011c --- /dev/null +++ b/home/vinzenz/zsh.nix @@ -0,0 +1,29 @@ +{config, ...}: { + initExtra = '' + eval "$(direnv hook zsh)"; + export PATH=$PATH:/home/vinzenz/.cargo/bin + ''; + + shellAliases = { + my-apply = "sudo nixos-rebuild boot"; + my-switch = "sudo nixos-rebuild switch"; + my-update = "sudo nixos-rebuild boot --upgrade"; + my-pull = "git -C ~/Repos/nixos-configuration pull --rebase"; + my-fmt = "alejandra ."; + my-test = "sudo nixos-rebuild test"; + my-direnvallow = "echo \"use nix\" > .envrc && direnv allow"; + my-ip4 = "ip addr show | grep 192"; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + expireDuplicatesFirst = true; + }; + + oh-my-zsh = { + enable = true; + theme = "agnoster"; + plugins = ["git" "sudo" "docker" "systemadmin"]; + }; +} diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix index d8c409e..20b21b3 100644 --- a/hosts/vinzenz-lpt2/default.nix +++ b/hosts/vinzenz-lpt2/default.nix @@ -3,4 +3,7 @@ ./hardware.nix ./environment.nix ]; + config = { + networking.hostName = "vinzenz-lpt2"; + }; } diff --git a/hosts/vinzenz-lpt2/environment.nix b/hosts/vinzenz-lpt2/environment.nix index 8b9e6c1..e85de40 100644 --- a/hosts/vinzenz-lpt2/environment.nix +++ b/hosts/vinzenz-lpt2/environment.nix @@ -1,17 +1,17 @@ {pkgs, ...}: { imports = [ ../../home - ../../home/gnome-home.nix + ../../home/gnome.nix ../../users/vinzenz.nix - ../desktop-environment.nix - ../gnome.nix - ../gaming.nix - ../printing.nix - ../latex.nix + ../../modules/desktop-environment.nix + ../../modules/gnome.nix + ../../modules/gaming.nix + ../../modules/printing.nix + ../../modules/latex.nix ]; config = { - home-manager.users.vinzenz = import ../../home/vinzenz-home.nix; + home-manager.users.vinzenz = import ../../home/vinzenz; virtualisation = { containers.enable = true; diff --git a/hosts/vinzenz-lpt2/hardware.nix b/hosts/vinzenz-lpt2/hardware.nix index 610d40f..4e11ab5 100644 --- a/hosts/vinzenz-lpt2/hardware.nix +++ b/hosts/vinzenz-lpt2/hardware.nix @@ -4,8 +4,8 @@ ... }: { imports = [ - ../desktop-hardware.nix - ../intel-graphics.nix + ../../modules/desktop-hardware.nix + ../../modules/intel-graphics.nix ]; config = { # intel cpu diff --git a/hosts/desktop-environment.nix b/modules/desktop-environment.nix similarity index 92% rename from hosts/desktop-environment.nix rename to modules/desktop-environment.nix index 97fb613..fa0e1b9 100644 --- a/hosts/desktop-environment.nix +++ b/modules/desktop-environment.nix @@ -6,18 +6,10 @@ }: { config = { services = { - # Enable the X11 windowing system / wayland depending on DE - xserver = { - enable = true; - }; - + xserver.enable = true; libinput.enable = true; - - # flatpak xdg-portal-kde crashes, otherwise this would be global flatpak.enable = true; - fstrim.enable = true; - earlyoom = { enable = true; freeMemThreshold = 5; @@ -106,8 +98,6 @@ hunspell hunspellDicts.de-de hunspellDicts.en-us-large - - gnumake ]; nixpkgs.config.permittedInsecurePackages = []; diff --git a/hosts/desktop-hardware.nix b/modules/desktop-hardware.nix similarity index 100% rename from hosts/desktop-hardware.nix rename to modules/desktop-hardware.nix diff --git a/hosts/gaming.nix b/modules/gaming.nix similarity index 100% rename from hosts/gaming.nix rename to modules/gaming.nix diff --git a/hosts/gnome.nix b/modules/gnome.nix similarity index 100% rename from hosts/gnome.nix rename to modules/gnome.nix diff --git a/hosts/intel-graphics.nix b/modules/intel-graphics.nix similarity index 100% rename from hosts/intel-graphics.nix rename to modules/intel-graphics.nix diff --git a/hosts/latex.nix b/modules/latex.nix similarity index 100% rename from hosts/latex.nix rename to modules/latex.nix diff --git a/hosts/printing.nix b/modules/printing.nix similarity index 100% rename from hosts/printing.nix rename to modules/printing.nix From f41cd58e54949da6978c8dadf19114c6ebbb6f8e Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 14:59:00 +0200 Subject: [PATCH 4/8] transform the other hosts to flake --- common/globalinstalls.nix | 5 +- flake.nix | 24 +++++++++- hosts/hetzner-vpn1/default.nix | 9 ++++ .../hetzner-vpn1/environment.nix | 11 +---- .../hetzner-vpn1/hardware.nix | 1 - hosts/vinzenz-lpt2/default.nix | 2 + hosts/vinzenz-lpt2/environment.nix | 4 +- hosts/vinzenz-pc2/default.nix | 9 ++++ .../vinzenz-pc2/environment.nix | 30 +++++------- .../vinzenz-pc2/hardware.nix | 14 +++--- modules/amd-graphics.nix | 24 ++++++++++ modules_bak/hardware/amd.nix | 47 ------------------- 12 files changed, 90 insertions(+), 90 deletions(-) create mode 100644 hosts/hetzner-vpn1/default.nix rename modules_bak/hetzner-vpn1.nix => hosts/hetzner-vpn1/environment.nix (93%) rename modules_bak/hardware/hetzner-vpn1.nix => hosts/hetzner-vpn1/hardware.nix (99%) create mode 100644 hosts/vinzenz-pc2/default.nix rename modules_bak/vinzenz-pc2.nix => hosts/vinzenz-pc2/environment.nix (67%) rename modules_bak/hardware/vinzenz-pc2.nix => hosts/vinzenz-pc2/hardware.nix (87%) create mode 100644 modules/amd-graphics.nix delete mode 100644 modules_bak/hardware/amd.nix diff --git a/common/globalinstalls.nix b/common/globalinstalls.nix index b602f99..20bf11d 100644 --- a/common/globalinstalls.nix +++ b/common/globalinstalls.nix @@ -22,14 +22,11 @@ zsh.enable = true; htop.enable = true; iotop.enable = true; + git.enable = true; nano = { enable = true; syntaxHighlight = true; }; - git = { - enable = true; - package = pkgs.gitFull; - }; }; }; } diff --git a/flake.nix b/flake.nix index d50aed4..ffc2c07 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,6 @@ }: let common-modules = [ lix-module.nixosModules.default - home-manager.nixosModules.home-manager ./common ]; in { @@ -29,9 +28,32 @@ modules = common-modules ++ [ + home-manager.nixosModules.home-manager ./hosts/vinzenz-lpt2 ]; }; + vinzenz-pc2 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + common-modules + ++ [ + home-manager.nixosModules.home-manager + ./hosts/vinzenz-pc2 + ]; + }; + hetzner-vpn1 = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = + common-modules + ++ [ + ./hosts/hetzner-vpn1 + + { + # uncomment for build check on non arm system (requires --impure) + # nixpkgs.buildPlatform = builtins.currentSystem; + } + ]; + }; }; }; } diff --git a/hosts/hetzner-vpn1/default.nix b/hosts/hetzner-vpn1/default.nix new file mode 100644 index 0000000..e2d62fe --- /dev/null +++ b/hosts/hetzner-vpn1/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + ./hardware.nix + ./environment.nix + ]; + config = { + networking.hostName = "hetzner-vpn1"; + }; +} diff --git a/modules_bak/hetzner-vpn1.nix b/hosts/hetzner-vpn1/environment.nix similarity index 93% rename from modules_bak/hetzner-vpn1.nix rename to hosts/hetzner-vpn1/environment.nix index 7a06a07..280d8d7 100644 --- a/modules_bak/hetzner-vpn1.nix +++ b/hosts/hetzner-vpn1/environment.nix @@ -24,18 +24,11 @@ pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; in { imports = [ - (import ./modules { - hostName = "hetzner-vpn1"; - enableHomeManager = false; - }) + ../../users/vinzenz.nix + ../../users/ronja.nix ]; config = { - my = { - enabledUsers = ["ronja" "vinzenz"]; - tailscale.enable = true; - }; - users.users = { root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' diff --git a/modules_bak/hardware/hetzner-vpn1.nix b/hosts/hetzner-vpn1/hardware.nix similarity index 99% rename from modules_bak/hardware/hetzner-vpn1.nix rename to hosts/hetzner-vpn1/hardware.nix index e147668..7494a08 100644 --- a/modules_bak/hardware/hetzner-vpn1.nix +++ b/hosts/hetzner-vpn1/hardware.nix @@ -96,7 +96,6 @@ services.udev.extraRules = '' ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" - ''; }; } diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix index 20b21b3..987bf07 100644 --- a/hosts/vinzenz-lpt2/default.nix +++ b/hosts/vinzenz-lpt2/default.nix @@ -5,5 +5,7 @@ ]; config = { networking.hostName = "vinzenz-lpt2"; + + nix.settings.extra-platforms = ["aarch64-linux"]; }; } diff --git a/hosts/vinzenz-lpt2/environment.nix b/hosts/vinzenz-lpt2/environment.nix index e85de40..66e6fe9 100644 --- a/hosts/vinzenz-lpt2/environment.nix +++ b/hosts/vinzenz-lpt2/environment.nix @@ -27,11 +27,11 @@ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' ]; - # + #users.users.ronja.openssh.authorizedKeys.keys = [ # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' #]; - # + services.nginx = { enable = true; diff --git a/hosts/vinzenz-pc2/default.nix b/hosts/vinzenz-pc2/default.nix new file mode 100644 index 0000000..356f331 --- /dev/null +++ b/hosts/vinzenz-pc2/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + ./hardware.nix + ./environment.nix + ]; + config = { + networking.hostName = "vinzenz-pc2"; + }; +} diff --git a/modules_bak/vinzenz-pc2.nix b/hosts/vinzenz-pc2/environment.nix similarity index 67% rename from modules_bak/vinzenz-pc2.nix rename to hosts/vinzenz-pc2/environment.nix index 82b0dd6..bde8e94 100644 --- a/modules_bak/vinzenz-pc2.nix +++ b/hosts/vinzenz-pc2/environment.nix @@ -1,26 +1,18 @@ {pkgs, ...}: { imports = [ - (import ./modules { - hostName = "vinzenz-pc2"; - enableHomeManager = true; - }) + ../../home + ../../home/gnome.nix + ../../users/vinzenz.nix + ../../modules/desktop-environment.nix + ../../modules/gnome.nix + ../../modules/gaming.nix + ../../modules/printing.nix ]; config = { - my = { - enabledUsers = ["vinzenz" "ronja"]; - tailscale.enable = true; - desktop = { - enableGnome = true; - enableGaming = true; - enablePrinting = true; - }; - buildtools = { - native = true; - dotnet = true; - rust = true; - jetbrains-remote-server = true; - }; + home-manager.users = { + vinzenz = import ../../home/vinzenz; + ronja = import ../../home/ronja; }; users.users.vinzenz.openssh.authorizedKeys.keys = [ @@ -39,7 +31,7 @@ port = 8542; host = "100.125.93.127"; # tailscale withoutConnectionToken = true; - extraPackages = with pkgs; [nodejs gitFull gh direnv]; + extraPackages = with pkgs; [nodejs git gh direnv]; }; virtualisation.podman = { diff --git a/modules_bak/hardware/vinzenz-pc2.nix b/hosts/vinzenz-pc2/hardware.nix similarity index 87% rename from modules_bak/hardware/vinzenz-pc2.nix rename to hosts/vinzenz-pc2/hardware.nix index 3f6ce4a..65b63d8 100644 --- a/modules_bak/hardware/vinzenz-pc2.nix +++ b/hosts/vinzenz-pc2/hardware.nix @@ -1,12 +1,12 @@ {...}: { + imports = [ + ../../modules/desktop-hardware.nix + ../../modules/amd-graphics.nix + ]; config = { - my.hardware = { - enableCommonDesktopSettings = true; - amd = { - cpu = true; - gpu = true; - }; - }; + # amd cpu + boot.kernelModules = ["kvm-amd"]; + hardware.cpu.amd.updateMicrocode = true; boot = { initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage" diff --git a/modules/amd-graphics.nix b/modules/amd-graphics.nix new file mode 100644 index 0000000..426119e --- /dev/null +++ b/modules/amd-graphics.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = { + boot.kernelModules = ["amdgpu"]; + services.xserver.videoDrivers = ["amdgpu"]; + + hardware.opengl = { + extraPackages = with pkgs; [ + amdvlk + ]; + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + }; + + environment.systemPackages = with pkgs; [ + nvtopPackages.amd + ]; + }; +} diff --git a/modules_bak/hardware/amd.nix b/modules_bak/hardware/amd.nix deleted file mode 100644 index 06f3a85..0000000 --- a/modules_bak/hardware/amd.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - cfg = config.my.hardware.amd; -in { - options.my.hardware.amd = { - cpu = lib.mkEnableOption "amd cpu"; - gpu = lib.mkEnableOption "amd gpu"; - radeon = lib.mkEnableOption "amd legacy gpu"; # old hardware, dont judge - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.cpu { - boot.kernelModules = ["kvm-amd"]; - hardware.cpu.amd.updateMicrocode = true; - }) - - (lib.mkIf cfg.gpu { - boot.kernelModules = ["amdgpu"]; - services.xserver.videoDrivers = ["amdgpu"]; - - hardware.opengl = { - extraPackages = with pkgs; [ - amdvlk - ]; - extraPackages32 = with pkgs; [ - driversi686Linux.amdvlk - ]; - }; - - environment.systemPackages = with pkgs; [ - nvtopPackages.amd - ]; - }) - - (lib.mkIf cfg.radeon { - boot.kernelModules = ["radeon"]; - services.xserver.videoDrivers = ["radeon"]; - environment.systemPackages = with pkgs; [ - radeontop - ]; - }) - ]; -} From 074ea3bd3b8a1bda201fc9794bbc3b9e6f58d5b9 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 16:43:08 +0200 Subject: [PATCH 5/8] fixes for pc2, misc changes --- flake.nix | 14 +++++----- home/{ronja-home.nix => ronja.nix} | 0 home/vinzenz/default.nix | 4 +-- hosts/hetzner-vpn1/environment.nix | 44 +++++++++++++++--------------- hosts/vinzenz-pc2/environment.nix | 3 +- users/vinzenz.nix | 7 +---- 6 files changed, 33 insertions(+), 39 deletions(-) rename home/{ronja-home.nix => ronja.nix} (100%) diff --git a/flake.nix b/flake.nix index ffc2c07..023e2e9 100644 --- a/flake.nix +++ b/flake.nix @@ -16,13 +16,13 @@ home-manager, lix-module, ... - }: let - common-modules = [ - lix-module.nixosModules.default - ./common - ]; - in { - nixosConfigurations = { + }: { + nixosConfigurations = let + common-modules = [ + lix-module.nixosModules.default + ./common + ]; + in { vinzenz-lpt2 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = diff --git a/home/ronja-home.nix b/home/ronja.nix similarity index 100% rename from home/ronja-home.nix rename to home/ronja.nix diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix index a10b7ca..27e4669 100644 --- a/home/vinzenz/default.nix +++ b/home/vinzenz/default.nix @@ -4,9 +4,7 @@ inputs @ { pkgs, lib, ... -}: let - isGnomeEnabled = osConfig.my.desktop.enableGnome; -in { +}: { programs = { home-manager.enable = true; fzf.enable = true; diff --git a/hosts/hetzner-vpn1/environment.nix b/hosts/hetzner-vpn1/environment.nix index 280d8d7..9bb013a 100644 --- a/hosts/hetzner-vpn1/environment.nix +++ b/hosts/hetzner-vpn1/environment.nix @@ -2,27 +2,7 @@ pkgs, lib, ... -}: let - servicesDomain = "services.zerforschen.plus"; - mkServiceConfig = host: port: { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}/"; - extraConfig = '' - # bind to tailscale ip - proxy_bind 100.88.118.60; - # pam auth - limit_except OPTIONS { - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - } - ''; - }; - }; - lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; - pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; -in { +}: { imports = [ ../../users/vinzenz.nix ../../users/ronja.nix @@ -66,7 +46,27 @@ in { recommendedGzipSettings = true; recommendedOptimisation = true; - virtualHosts = { + virtualHosts = let + servicesDomain = "services.zerforschen.plus"; + mkServiceConfig = host: port: { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${host}:${toString port}/"; + extraConfig = '' + # bind to tailscale ip + proxy_bind 100.88.118.60; + # pam auth + limit_except OPTIONS { + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + } + ''; + }; + }; + lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; + pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; + in { "vscode.${servicesDomain}" = lib.mkMerge [ (mkServiceConfig pc2 8542) {locations."/" .proxyWebsockets = true;} diff --git a/hosts/vinzenz-pc2/environment.nix b/hosts/vinzenz-pc2/environment.nix index bde8e94..e9392a5 100644 --- a/hosts/vinzenz-pc2/environment.nix +++ b/hosts/vinzenz-pc2/environment.nix @@ -3,6 +3,7 @@ ../../home ../../home/gnome.nix ../../users/vinzenz.nix + ../../users/ronja.nix ../../modules/desktop-environment.nix ../../modules/gnome.nix ../../modules/gaming.nix @@ -12,7 +13,7 @@ config = { home-manager.users = { vinzenz = import ../../home/vinzenz; - ronja = import ../../home/ronja; + ronja = import ../../home/ronja.nix; }; users.users.vinzenz.openssh.authorizedKeys.keys = [ diff --git a/users/vinzenz.nix b/users/vinzenz.nix index e7a38f4..d4bbde4 100644 --- a/users/vinzenz.nix +++ b/users/vinzenz.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: { +{pkgs, ...}: { config = { users.users.vinzenz = { isNormalUser = true; From f673c6ae299c33b5d28f7eee7a29b7abdd5e1c54 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 17:30:11 +0200 Subject: [PATCH 6/8] split up modules differently --- flake.nix | 47 +++++-------- hosts/hetzner-vpn1/default.nix | 102 ++++++++++++++++++++++++++--- hosts/hetzner-vpn1/environment.nix | 81 ----------------------- hosts/vinzenz-lpt2/default.nix | 86 +++++++++++++++++++++--- hosts/vinzenz-lpt2/environment.nix | 60 ----------------- hosts/vinzenz-lpt2/hardware.nix | 1 - hosts/vinzenz-pc2/default.nix | 67 ++++++++++++++++--- hosts/vinzenz-pc2/environment.nix | 50 -------------- hosts/vinzenz-pc2/fstab.nix | 37 +++++++++++ hosts/vinzenz-pc2/hardware.nix | 42 +----------- 10 files changed, 286 insertions(+), 287 deletions(-) delete mode 100644 hosts/hetzner-vpn1/environment.nix delete mode 100644 hosts/vinzenz-lpt2/environment.nix delete mode 100644 hosts/vinzenz-pc2/environment.nix create mode 100644 hosts/vinzenz-pc2/fstab.nix diff --git a/flake.nix b/flake.nix index 023e2e9..50da7d9 100644 --- a/flake.nix +++ b/flake.nix @@ -22,38 +22,23 @@ lix-module.nixosModules.default ./common ]; + desktop-modules = [ + home-manager.nixosModules.home-manager + ./home + ./modules/desktop-environment.nix + ./modules/desktop-hardware.nix + ]; + host-params = { + inherit nixpkgs; + inherit home-manager; + inherit lix-module; + common-modules = common-modules; + desktop-modules = desktop-modules; + }; in { - vinzenz-lpt2 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - common-modules - ++ [ - home-manager.nixosModules.home-manager - ./hosts/vinzenz-lpt2 - ]; - }; - vinzenz-pc2 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - common-modules - ++ [ - home-manager.nixosModules.home-manager - ./hosts/vinzenz-pc2 - ]; - }; - hetzner-vpn1 = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = - common-modules - ++ [ - ./hosts/hetzner-vpn1 - - { - # uncomment for build check on non arm system (requires --impure) - # nixpkgs.buildPlatform = builtins.currentSystem; - } - ]; - }; + vinzenz-lpt2 = import ./hosts/vinzenz-lpt2 host-params; + vinzenz-pc2 = import ./hosts/vinzenz-pc2 host-params; + hetzner-vpn1 = import ./hosts/hetzner-vpn1 host-params; }; }; } diff --git a/hosts/hetzner-vpn1/default.nix b/hosts/hetzner-vpn1/default.nix index e2d62fe..35b060f 100644 --- a/hosts/hetzner-vpn1/default.nix +++ b/hosts/hetzner-vpn1/default.nix @@ -1,9 +1,95 @@ -{...}: { - imports = [ - ./hardware.nix - ./environment.nix - ]; - config = { - networking.hostName = "hetzner-vpn1"; - }; +{ + nixpkgs, + common-modules, + desktop-modules, + ... +}: +nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = + common-modules + ++ [ + ./hardware.nix + ../../users/vinzenz.nix + ../../users/ronja.nix + { + networking.hostName = "hetzner-vpn1"; + } + { + # uncomment for build check on non arm system (requires --impure) + # nixpkgs.buildPlatform = builtins.currentSystem; + } + + { + users.users = { + root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' + ]; + vinzenz.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' + ]; + ronja.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' + ]; + }; + } + { + security.acme = { + acceptTerms = true; + defaults.email = "acme@zerforschen.plus"; + }; + + security.pam.services.nginx.setEnvironment = false; + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = ["shadow"]; + }; + + services.nginx = { + enable = true; + additionalModules = [pkgs.nginxModules.pam]; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = let + servicesDomain = "services.zerforschen.plus"; + mkServiceConfig = host: port: { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${host}:${toString port}/"; + extraConfig = '' + # bind to tailscale ip + proxy_bind 100.88.118.60; + # pam auth + limit_except OPTIONS { + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + } + ''; + }; + }; + lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; + pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; + in { + "vscode.${servicesDomain}" = lib.mkMerge [ + (mkServiceConfig pc2 8542) + {locations."/" .proxyWebsockets = true;} + ]; + "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; + "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + } + ]; } diff --git a/hosts/hetzner-vpn1/environment.nix b/hosts/hetzner-vpn1/environment.nix deleted file mode 100644 index 9bb013a..0000000 --- a/hosts/hetzner-vpn1/environment.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - imports = [ - ../../users/vinzenz.nix - ../../users/ronja.nix - ]; - - config = { - users.users = { - root.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' - ]; - vinzenz.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' - ]; - ronja.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' - ]; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "acme@zerforschen.plus"; - }; - - security.pam.services.nginx.setEnvironment = false; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = ["shadow"]; - }; - - services.nginx = { - enable = true; - additionalModules = [pkgs.nginxModules.pam]; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = let - servicesDomain = "services.zerforschen.plus"; - mkServiceConfig = host: port: { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}/"; - extraConfig = '' - # bind to tailscale ip - proxy_bind 100.88.118.60; - # pam auth - limit_except OPTIONS { - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - } - ''; - }; - }; - lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; - pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; - in { - "vscode.${servicesDomain}" = lib.mkMerge [ - (mkServiceConfig pc2 8542) - {locations."/" .proxyWebsockets = true;} - ]; - "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; - "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - }; -} diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix index 987bf07..02e98ab 100644 --- a/hosts/vinzenz-lpt2/default.nix +++ b/hosts/vinzenz-lpt2/default.nix @@ -1,11 +1,79 @@ -{...}: { - imports = [ - ./hardware.nix - ./environment.nix - ]; - config = { - networking.hostName = "vinzenz-lpt2"; +{ + nixpkgs, + common-modules, + desktop-modules, + ... +}: +nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + common-modules + ++ desktop-modules + ++ [ + ./hardware.nix - nix.settings.extra-platforms = ["aarch64-linux"]; - }; + ../../home/gnome.nix + ../../users/vinzenz.nix + ../../modules/gnome.nix + ../../modules/gaming.nix + ../../modules/printing.nix + ../../modules/latex.nix + + { + networking.hostName = "vinzenz-lpt2"; + nix.settings.extra-platforms = ["aarch64-linux"]; + } + + { + home-manager.users.vinzenz = import ../../home/vinzenz; + + users.users.vinzenz.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' + ]; + + #users.users.ronja.openssh.authorizedKeys.keys = [ + # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' + #]; + } + + { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + }; + } + + { + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "vinzenz-lpt2" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3000/"; + proxyWebsockets = true; + }; + + serverAliases = ["172.23.42.96"]; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 8001 3000]; + allowedUDPPorts = [2342]; + }; + } + ]; } diff --git a/hosts/vinzenz-lpt2/environment.nix b/hosts/vinzenz-lpt2/environment.nix deleted file mode 100644 index 66e6fe9..0000000 --- a/hosts/vinzenz-lpt2/environment.nix +++ /dev/null @@ -1,60 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../../home - ../../home/gnome.nix - ../../users/vinzenz.nix - ../../modules/desktop-environment.nix - ../../modules/gnome.nix - ../../modules/gaming.nix - ../../modules/printing.nix - ../../modules/latex.nix - ]; - - config = { - home-manager.users.vinzenz = import ../../home/vinzenz; - - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; - }; - - users.users.vinzenz.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ]; - - #users.users.ronja.openssh.authorizedKeys.keys = [ - # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' - #]; - - services.nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "vinzenz-lpt2" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000/"; - proxyWebsockets = true; - }; - - serverAliases = ["172.23.42.96"]; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 8001 3000]; - allowedUDPPorts = [2342]; - }; - }; -} diff --git a/hosts/vinzenz-lpt2/hardware.nix b/hosts/vinzenz-lpt2/hardware.nix index 4e11ab5..a6e5ff5 100644 --- a/hosts/vinzenz-lpt2/hardware.nix +++ b/hosts/vinzenz-lpt2/hardware.nix @@ -4,7 +4,6 @@ ... }: { imports = [ - ../../modules/desktop-hardware.nix ../../modules/intel-graphics.nix ]; config = { diff --git a/hosts/vinzenz-pc2/default.nix b/hosts/vinzenz-pc2/default.nix index 356f331..8d9ab6f 100644 --- a/hosts/vinzenz-pc2/default.nix +++ b/hosts/vinzenz-pc2/default.nix @@ -1,9 +1,60 @@ -{...}: { - imports = [ - ./hardware.nix - ./environment.nix - ]; - config = { - networking.hostName = "vinzenz-pc2"; - }; +{ + nixpkgs, + common-modules, + desktop-modules, + ... +}: +nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + common-modules + ++ desktop-modules + ++ [ + ./hardware.nix + ../../home/gnome.nix + ../../users/vinzenz.nix + ../../users/ronja.nix + ../../modules/gnome.nix + ../../modules/gaming.nix + ../../modules/printing.nix + { + networking.hostName = "vinzenz-pc2"; + } + { + home-manager.users = { + vinzenz = import ../../home/vinzenz; + ronja = import ../../home/ronja.nix; + }; + + users.users.vinzenz.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' + ]; + + users.users.ronja.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' + ]; + } + { + services.openvscode-server = { + enable = true; + telemetryLevel = "off"; + port = 8542; + host = "100.125.93.127"; # tailscale + withoutConnectionToken = true; + extraPackages = with pkgs; [nodejs git gh direnv]; + }; + + virtualisation.podman = { + enable = true; + }; + + networking = { + firewall = { + allowedTCPPorts = [8542 8543 8544 80]; + }; + }; + } + ]; } diff --git a/hosts/vinzenz-pc2/environment.nix b/hosts/vinzenz-pc2/environment.nix deleted file mode 100644 index e9392a5..0000000 --- a/hosts/vinzenz-pc2/environment.nix +++ /dev/null @@ -1,50 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../../home - ../../home/gnome.nix - ../../users/vinzenz.nix - ../../users/ronja.nix - ../../modules/desktop-environment.nix - ../../modules/gnome.nix - ../../modules/gaming.nix - ../../modules/printing.nix - ]; - - config = { - home-manager.users = { - vinzenz = import ../../home/vinzenz; - ronja = import ../../home/ronja.nix; - }; - - users.users.vinzenz.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrY6tcgnoC/xbgL7vxSjddEY9MBxRXe9n2cAHt88/TT home roaming'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' - ]; - - users.users.ronja.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' - ]; - - services.openvscode-server = { - enable = true; - telemetryLevel = "off"; - port = 8542; - host = "100.125.93.127"; # tailscale - withoutConnectionToken = true; - extraPackages = with pkgs; [nodejs git gh direnv]; - }; - - virtualisation.podman = { - enable = true; - }; - - networking = { - firewall = { - allowedTCPPorts = [8542 8543 8544 80]; - }; - - interfaces.eno1.wakeOnLan.enable = true; - }; - }; -} diff --git a/hosts/vinzenz-pc2/fstab.nix b/hosts/vinzenz-pc2/fstab.nix new file mode 100644 index 0000000..19fd5ff --- /dev/null +++ b/hosts/vinzenz-pc2/fstab.nix @@ -0,0 +1,37 @@ +{ + "/" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@"]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@home"]; + }; + + "/games" = { + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvol=@games"]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/AF67-8F16"; + fsType = "vfat"; + }; + + "/mnt/nixos_btrfs_root" = { + # subvolume with id 5 is always the root volume + # this is convenient for managing the flat subvolume hierarchy + device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; + fsType = "btrfs"; + options = ["subvolid=5"]; + }; + + "/mnt/ssd2" = { + device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a"; + fsType = "ext4"; + }; +} diff --git a/hosts/vinzenz-pc2/hardware.nix b/hosts/vinzenz-pc2/hardware.nix index 65b63d8..6893194 100644 --- a/hosts/vinzenz-pc2/hardware.nix +++ b/hosts/vinzenz-pc2/hardware.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ../../modules/desktop-hardware.nix ../../modules/amd-graphics.nix ]; config = { @@ -13,44 +12,9 @@ loader.efi.efiSysMountPoint = "/boot"; }; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = ["subvol=@home"]; - }; - - "/games" = { - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = ["subvol=@games"]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/AF67-8F16"; - fsType = "vfat"; - }; - - "/mnt/nixos_btrfs_root" = { - # subvolume with id 5 is always the root volume - # this is convenient for managing the flat subvolume hierarchy - device = "/dev/disk/by-uuid/0e9c983a-e733-447e-8181-f41d6670c4b8"; - fsType = "btrfs"; - options = ["subvolid=5"]; - }; - - "/mnt/ssd2" = { - device = "/dev/disk/by-uuid/6b2a647d-c68e-4c07-85bf-c9bfc5db7e8a"; - fsType = "ext4"; - }; - }; - + fileSystems = import ./fstab.nix; swapDevices = []; + + interfaces.eno1.wakeOnLan.enable = true; }; } From 8ca186274224a33845b9baec76ce1085952b59f0 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 17:41:46 +0200 Subject: [PATCH 7/8] remove unneccessary var --- flake.nix | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index 50da7d9..4402c2e 100644 --- a/flake.nix +++ b/flake.nix @@ -18,22 +18,20 @@ ... }: { nixosConfigurations = let - common-modules = [ - lix-module.nixosModules.default - ./common - ]; - desktop-modules = [ - home-manager.nixosModules.home-manager - ./home - ./modules/desktop-environment.nix - ./modules/desktop-hardware.nix - ]; host-params = { inherit nixpkgs; inherit home-manager; inherit lix-module; - common-modules = common-modules; - desktop-modules = desktop-modules; + common-modules = [ + lix-module.nixosModules.default + ./common + ]; + desktop-modules = [ + home-manager.nixosModules.home-manager + ./home + ./modules/desktop-environment.nix + ./modules/desktop-hardware.nix + ]; }; in { vinzenz-lpt2 = import ./hosts/vinzenz-lpt2 host-params; From 164795dfd29d40eb19db81baca79da076403f66c Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 18:15:50 +0200 Subject: [PATCH 8/8] split up files more --- home/gnome-shared-dconf.nix | 42 ++++++++++++++++++++++ home/gnome.nix | 43 +---------------------- home/vinzenz/default.nix | 34 ++---------------- home/vinzenz/editorconfig.nix | 17 +++++++++ hosts/hetzner-vpn1/default.nix | 54 +---------------------------- hosts/hetzner-vpn1/nginx.nix | 52 +++++++++++++++++++++++++++ hosts/vinzenz-lpt2/default.nix | 41 ++-------------------- hosts/vinzenz-lpt2/nginx.nix | 26 ++++++++++++++ hosts/vinzenz-pc2/default.nix | 22 ++---------- hosts/vinzenz-pc2/vscode-server.nix | 16 +++++++++ modules/podman.nix | 11 ++++++ 11 files changed, 172 insertions(+), 186 deletions(-) create mode 100644 home/gnome-shared-dconf.nix create mode 100644 home/vinzenz/editorconfig.nix create mode 100644 hosts/hetzner-vpn1/nginx.nix create mode 100644 hosts/vinzenz-lpt2/nginx.nix create mode 100644 hosts/vinzenz-pc2/vscode-server.nix create mode 100644 modules/podman.nix diff --git a/home/gnome-shared-dconf.nix b/home/gnome-shared-dconf.nix new file mode 100644 index 0000000..58133e7 --- /dev/null +++ b/home/gnome-shared-dconf.nix @@ -0,0 +1,42 @@ +{ + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + clock-show-seconds = true; + show-battery-percentage = true; + }; + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = true; + }; + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = true; + }; + "org/gnome/desktop/peripherals/touchpad" = { + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + "org/gnome/tweaks" = { + show-extensions-notice = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + disabled-extensions = []; + enabled-extensions = [ + "appindicatorsupport@rgcjonas.gmail.com" + "workspace-indicator@gnome-shell-extensions.gcampax.github.com" + "caffeine@patapon.info" + "GPaste@gnome-shell-extensions.gnome.org" + "gsconnect@andyholmes.github.io" + "solaar-extension@sidevesh" + ]; + }; + "ca/desrt/dconf-editor" = { + show-warning = false; + }; + "org/gnome/desktop/wm/keybindings" = { + switch-windows = ["Tab"]; + switch-windows-backward = ["Tab"]; + switch-applications = ["Tab"]; + switch-applications-backward = ["Tab"]; + }; +} diff --git a/home/gnome.nix b/home/gnome.nix index 828c0ce..c85a98d 100644 --- a/home/gnome.nix +++ b/home/gnome.nix @@ -35,48 +35,7 @@ solaar-extension ]); - dconf.settings = { - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - clock-show-seconds = true; - show-battery-percentage = true; - }; - "org/gnome/mutter" = { - edge-tiling = true; - dynamic-workspaces = true; - }; - "org/gnome/desktop/peripherals/keyboard" = { - numlock-state = true; - }; - "org/gnome/desktop/peripherals/touchpad" = { - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - "org/gnome/tweaks" = { - show-extensions-notice = false; - }; - "org/gnome/shell" = { - disable-user-extensions = false; - disabled-extensions = []; - enabled-extensions = [ - "appindicatorsupport@rgcjonas.gmail.com" - "workspace-indicator@gnome-shell-extensions.gcampax.github.com" - "caffeine@patapon.info" - "GPaste@gnome-shell-extensions.gnome.org" - "gsconnect@andyholmes.github.io" - "solaar-extension@sidevesh" - ]; - }; - "ca/desrt/dconf-editor" = { - show-warning = false; - }; - "org/gnome/desktop/wm/keybindings" = { - switch-windows = ["Tab"]; - switch-windows-backward = ["Tab"]; - switch-applications = ["Tab"]; - switch-applications-backward = ["Tab"]; - }; - }; + dconf.settings = import ./gnome-shared-dconf.nix; gtk = { enable = true; diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix index 27e4669..b88bf1c 100644 --- a/home/vinzenz/default.nix +++ b/home/vinzenz/default.nix @@ -18,20 +18,6 @@ inputs @ { nix-direnv.enable = true; }; - chromium = { - enable = true; - extensions = [ - { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - } - { - id = "dcpihecpambacapedldabdbpakmachpb"; - updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; - } - ]; - }; - eza = { enable = true; git = true; @@ -43,6 +29,8 @@ inputs @ { }; }; + editorconfig = import ./editorconfig.nix; + home.packages = with pkgs; [ keepassxc insync @@ -62,24 +50,6 @@ inputs @ { jetbrains-toolbox ]; - editorconfig = { - enable = true; - settings = { - "*" = { - charset = "utf-8"; - end_of_line = "lf"; - trim_trailing_whitespace = true; - insert_final_newline = true; - max_line_width = 120; - indent_style = "space"; - indent_size = 4; - }; - "*.nix" = { - indent_size = 2; - }; - }; - }; - home.file."policy.json" = { target = ".config/containers/policy.json"; text = '' diff --git a/home/vinzenz/editorconfig.nix b/home/vinzenz/editorconfig.nix new file mode 100644 index 0000000..8eb3987 --- /dev/null +++ b/home/vinzenz/editorconfig.nix @@ -0,0 +1,17 @@ +{ + enable = true; + settings = { + "*" = { + charset = "utf-8"; + end_of_line = "lf"; + trim_trailing_whitespace = true; + insert_final_newline = true; + max_line_width = 120; + indent_style = "space"; + indent_size = 4; + }; + "*.nix" = { + indent_size = 2; + }; + }; +} diff --git a/hosts/hetzner-vpn1/default.nix b/hosts/hetzner-vpn1/default.nix index 35b060f..d69b3c3 100644 --- a/hosts/hetzner-vpn1/default.nix +++ b/hosts/hetzner-vpn1/default.nix @@ -10,6 +10,7 @@ nixpkgs.lib.nixosSystem { common-modules ++ [ ./hardware.nix + ./nginx.nix ../../users/vinzenz.nix ../../users/ronja.nix { @@ -19,7 +20,6 @@ nixpkgs.lib.nixosSystem { # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; } - { users.users = { root.openssh.authorizedKeys.keys = [ @@ -39,57 +39,5 @@ nixpkgs.lib.nixosSystem { ]; }; } - { - security.acme = { - acceptTerms = true; - defaults.email = "acme@zerforschen.plus"; - }; - - security.pam.services.nginx.setEnvironment = false; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = ["shadow"]; - }; - - services.nginx = { - enable = true; - additionalModules = [pkgs.nginxModules.pam]; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = let - servicesDomain = "services.zerforschen.plus"; - mkServiceConfig = host: port: { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}/"; - extraConfig = '' - # bind to tailscale ip - proxy_bind 100.88.118.60; - # pam auth - limit_except OPTIONS { - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - } - ''; - }; - }; - lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; - pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; - in { - "vscode.${servicesDomain}" = lib.mkMerge [ - (mkServiceConfig pc2 8542) - {locations."/" .proxyWebsockets = true;} - ]; - "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; - "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - } ]; } diff --git a/hosts/hetzner-vpn1/nginx.nix b/hosts/hetzner-vpn1/nginx.nix new file mode 100644 index 0000000..e102194 --- /dev/null +++ b/hosts/hetzner-vpn1/nginx.nix @@ -0,0 +1,52 @@ +{pkgs, ...}: { + security.acme = { + acceptTerms = true; + defaults.email = "acme@zerforschen.plus"; + }; + + security.pam.services.nginx.setEnvironment = false; + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = ["shadow"]; + }; + + services.nginx = { + enable = true; + additionalModules = [pkgs.nginxModules.pam]; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = let + servicesDomain = "services.zerforschen.plus"; + mkServiceConfig = host: port: { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${host}:${toString port}/"; + extraConfig = '' + # bind to tailscale ip + proxy_bind 100.88.118.60; + # pam auth + limit_except OPTIONS { + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + } + ''; + }; + }; + lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; + pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; + in { + "vscode.${servicesDomain}" = lib.mkMerge [ + (mkServiceConfig pc2 8542) + {locations."/" .proxyWebsockets = true;} + ]; + "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; + "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix index 02e98ab..b65af8e 100644 --- a/hosts/vinzenz-lpt2/default.nix +++ b/hosts/vinzenz-lpt2/default.nix @@ -11,6 +11,7 @@ nixpkgs.lib.nixosSystem { ++ desktop-modules ++ [ ./hardware.nix + ./nginx.nix ../../home/gnome.nix ../../users/vinzenz.nix @@ -18,6 +19,7 @@ nixpkgs.lib.nixosSystem { ../../modules/gaming.nix ../../modules/printing.nix ../../modules/latex.nix + ../../modules/podman.nix { networking.hostName = "vinzenz-lpt2"; @@ -36,44 +38,5 @@ nixpkgs.lib.nixosSystem { # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' #]; } - - { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; - }; - } - - { - services.nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "vinzenz-lpt2" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000/"; - proxyWebsockets = true; - }; - - serverAliases = ["172.23.42.96"]; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 8001 3000]; - allowedUDPPorts = [2342]; - }; - } ]; } diff --git a/hosts/vinzenz-lpt2/nginx.nix b/hosts/vinzenz-lpt2/nginx.nix new file mode 100644 index 0000000..74db1c9 --- /dev/null +++ b/hosts/vinzenz-lpt2/nginx.nix @@ -0,0 +1,26 @@ +{...}: { + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "vinzenz-lpt2" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3000/"; + proxyWebsockets = true; + }; + + serverAliases = ["172.23.42.96"]; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 8001 3000]; + allowedUDPPorts = [2342]; + }; +} diff --git a/hosts/vinzenz-pc2/default.nix b/hosts/vinzenz-pc2/default.nix index 8d9ab6f..827455f 100644 --- a/hosts/vinzenz-pc2/default.nix +++ b/hosts/vinzenz-pc2/default.nix @@ -11,12 +11,14 @@ nixpkgs.lib.nixosSystem { ++ desktop-modules ++ [ ./hardware.nix + ./vscode-server.nix ../../home/gnome.nix ../../users/vinzenz.nix ../../users/ronja.nix ../../modules/gnome.nix ../../modules/gaming.nix ../../modules/printing.nix + ../../modules/podman.nix { networking.hostName = "vinzenz-pc2"; } @@ -36,25 +38,5 @@ nixpkgs.lib.nixosSystem { ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' ]; } - { - services.openvscode-server = { - enable = true; - telemetryLevel = "off"; - port = 8542; - host = "100.125.93.127"; # tailscale - withoutConnectionToken = true; - extraPackages = with pkgs; [nodejs git gh direnv]; - }; - - virtualisation.podman = { - enable = true; - }; - - networking = { - firewall = { - allowedTCPPorts = [8542 8543 8544 80]; - }; - }; - } ]; } diff --git a/hosts/vinzenz-pc2/vscode-server.nix b/hosts/vinzenz-pc2/vscode-server.nix new file mode 100644 index 0000000..a6645c5 --- /dev/null +++ b/hosts/vinzenz-pc2/vscode-server.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + services.openvscode-server = { + enable = true; + telemetryLevel = "off"; + port = 8542; + host = "100.125.93.127"; # tailscale + withoutConnectionToken = true; + extraPackages = with pkgs; [nodejs git gh direnv]; + }; + + networking = { + firewall = { + allowedTCPPorts = [8542 8543 8544 80]; + }; + }; +} diff --git a/modules/podman.nix b/modules/podman.nix new file mode 100644 index 0000000..03532f3 --- /dev/null +++ b/modules/podman.nix @@ -0,0 +1,11 @@ +{...}: { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + }; +}