diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix new file mode 100644 index 0000000..415b8cb --- /dev/null +++ b/hetzner-vpn1.nix @@ -0,0 +1,16 @@ +{...}: { + imports = [ + ./modules/server + (import ./modules/hardware "hetzner-vpn1") + ]; + + config = { + my = { + server.enable = true; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' + ]; + }; +} diff --git a/modules/_common/default.nix b/modules/_common/default.nix new file mode 100644 index 0000000..6432356 --- /dev/null +++ b/modules/_common/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./i18n.nix + ./nixpkgs.nix + ]; +} diff --git a/modules/i18n.nix b/modules/_common/i18n.nix similarity index 100% rename from modules/i18n.nix rename to modules/_common/i18n.nix diff --git a/modules/nixpkgs.nix b/modules/_common/nixpkgs.nix similarity index 62% rename from modules/nixpkgs.nix rename to modules/_common/nixpkgs.nix index dc7c9e9..be3e744 100644 --- a/modules/nixpkgs.nix +++ b/modules/_common/nixpkgs.nix @@ -1,11 +1,6 @@ {...}: { config = { - nixpkgs.config = { - allowUnfree = true; - permittedInsecurePackages = [ - "electron-12.2.3" - ]; - }; + nixpkgs.config.allowUnfree = true; system = { stateVersion = "22.11"; diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 71d87d1..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - pkgs, - ... -}: let - cfg = config.my; -in { - imports = [ - ./home - ./desktop - ./i18n.nix - ./nixpkgs.nix - ]; - - config = { - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - systemd.extraConfig = '' - DefaultTimeoutStopSec=12s - ''; - - programs = { - zsh.enable = true; - - git = { - enable = true; - package = pkgs.gitFull; - }; - }; - - environment = { - pathsToLink = ["/share/zsh"]; - - systemPackages = with pkgs; [ - lm_sensors - tldr - ncdu - ]; - }; - }; -} diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 771dff8..9584650 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -7,8 +7,12 @@ cfg = config.my.desktop; in { imports = [ + + ../_common ./gnome.nix ./kde.nix + ./vinzenz.nix + ./ronja.nix ]; options.my.desktop = { @@ -16,12 +20,25 @@ in { }; config = lib.mkIf cfg.enable { + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + services = { # Enable the X11 windowing system / wayland depending on DE xserver.enable = true; # Enable CUPS to print documents. printing.enable = true; + + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; }; # Enable sound with pipewire. @@ -44,21 +61,53 @@ in { }; # unblock kde connect / gsconnect - networking.firewall = { - allowedTCPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } - ]; - allowedUDPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } + networking = { + networkmanager.enable = true; + firewall.enable = true; + + firewall = { + allowedTCPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + allowedUDPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + }; + }; + + systemd.extraConfig = '' + DefaultTimeoutStopSec=12s + ''; + + programs = { + zsh.enable = true; + + git = { + enable = true; + package = pkgs.gitFull; + }; + }; + + environment = { + pathsToLink = ["/share/zsh"]; + + systemPackages = with pkgs; [ + lm_sensors + tldr + ncdu ]; }; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-12.2.3" + ]; }; } diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index f440fa2..38b9fee 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -4,22 +4,22 @@ lib, ... }: let - cfg = config.my.gnome; + desktopCfg = config.my.desktop; + cfg = desktopCfg.gnome; - #applyGnomeUserSettings = { - # home.packages = with pkgs; [ - # gnome.gpaste - # amberol - # ]; - -# dconf.settings = { - # "org/gnome/desktop/peripherals/keyboard" = { - # numlock-state = true; - # }; - # }; - #}; + applyGnomeUserSettings = { + home.packages = with pkgs; [ + gnome.gpaste + amberol + ]; + dconf.settings = { + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = true; + }; + }; + }; in { - options.my.gnome = { + options.my.desktop.gnome = { enable = lib.mkEnableOption "gnome desktop"; }; @@ -39,7 +39,9 @@ in { }; }; - environment.systemPackages = [pkgs.gnomeExtensions.gsconnect]; + environment.systemPackages = with pkgs; [ + gnomeExtensions.gsconnect + ]; # remove some gnome default apps environment.gnome.excludePackages = with pkgs.gnome; [ @@ -56,8 +58,8 @@ in { ]; home-manager.users = { - # vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings; - # ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyGnomeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyGnomeUserSettings; }; }; } diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix index 24af742..08b0c03 100644 --- a/modules/desktop/kde.nix +++ b/modules/desktop/kde.nix @@ -4,21 +4,21 @@ lib, ... }: let - cfg = config.my.kde; + desktopCfg = config.my.desktop; + cfg = desktopCfg.kde; - # applyKdeUserSettings = { - # #home = { - # # packages = with pkgs; [ - # # ]; - # #}; - - # services.kdeconnect = { - # enable = true; - # indicator = true; - # }; - # }; + applyKdeUserSettings = { + home = { + packages = with pkgs; [ + ]; + }; + services.kdeconnect = { + enable = true; + indicator = true; + }; + }; in { - options.my.kde = { + options.my.desktop.kde = { enable = lib.mkEnableOption "KDE desktop"; }; @@ -37,17 +37,19 @@ in { }; }; - environment.systemPackages = with pkgs; [ - libsForQt5.kate - libsForQt5.kalk - ]; + environment = { + systemPackages = with pkgs; [ + libsForQt5.kate + libsForQt5.kalk + ]; - environment.plasma5.excludePackages = with pkgs.libsForQt5; [ - elisa - gwenview - okular - khelpcenter - ]; + plasma5.excludePackages = with pkgs.libsForQt5; [ + elisa + gwenview + okular + khelpcenter + ]; + }; programs = { dconf.enable = true; @@ -55,8 +57,8 @@ in { }; home-manager.users = { - #vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings; - #ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyKdeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyKdeUserSettings; }; }; } diff --git a/modules/home/ronja.nix b/modules/desktop/ronja.nix similarity index 96% rename from modules/home/ronja.nix rename to modules/desktop/ronja.nix index 0b11bea..f7f34f5 100644 --- a/modules/home/ronja.nix +++ b/modules/desktop/ronja.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.my.home.ronja; + cfg = config.my.desktop.ronja; in { - options.my.home.ronja = { + options.my.desktop.ronja = { enable = lib.mkEnableOption "user ronja"; }; @@ -21,7 +21,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.ronja = { config, pkgs, diff --git a/modules/home/vinzenz.nix b/modules/desktop/vinzenz.nix similarity index 96% rename from modules/home/vinzenz.nix rename to modules/desktop/vinzenz.nix index 2538077..010becb 100644 --- a/modules/home/vinzenz.nix +++ b/modules/desktop/vinzenz.nix @@ -4,9 +4,9 @@ lib, ... }: let - cfg = config.my.home.vinzenz; + cfg = config.my.desktop.vinzenz; in { - options.my.home.vinzenz = { + options.my.desktop.vinzenz = { enable = lib.mkEnableOption "user vinzenz"; }; @@ -20,7 +20,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.vinzenz = { config, pkgs, @@ -80,13 +79,6 @@ in { ''; }; - services = { - kdeconnect = { - enable = true; - indicator = true; - }; - }; - programs = { home-manager.enable = true; diff --git a/modules/hardware/common-desktop.nix b/modules/hardware/common-desktop.nix new file mode 100644 index 0000000..83a34f6 --- /dev/null +++ b/modules/hardware/common-desktop.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + ... +}: let + isEnabled = config.my.hardware.common-desktop.enable; +in { + imports = [ + ]; + + options.my.hardware.common-desktop = { + enable = lib.mkEnableOption "common desktop hardware settings"; + }; + + config = lib.mkIf isEnabled { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/hardware/default.nix b/modules/hardware/default.nix similarity index 97% rename from hardware/default.nix rename to modules/hardware/default.nix index 3a06ecb..a5608dc 100644 --- a/hardware/default.nix +++ b/modules/hardware/default.nix @@ -6,6 +6,7 @@ hostName: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (builtins.toString ./. + "/${hostName}.nix") + ./common-desktop.nix ]; config = { diff --git a/modules/hardware/hetzner-vpn1.nix b/modules/hardware/hetzner-vpn1.nix new file mode 100644 index 0000000..8ac8edc --- /dev/null +++ b/modules/hardware/hetzner-vpn1.nix @@ -0,0 +1,97 @@ +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + config = { + boot = { + tmp.cleanOnBoot = true; + loader = { + systemd-boot.enable = lib.mkForce false; + efi.canTouchEfiVariables = lib.mkForce false; + grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + kernelModules = ["nvme"]; + }; + }; + + zramSwap.enable = true; + networking.domain = ""; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/77CF-345D"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + }; + + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = ["8.8.8.8"]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4 = { + addresses = [ + { + address = "157.90.146.125"; + prefixLength = 32; + } + ]; + routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a01:4f8:c012:7137::1"; + prefixLength = 64; + } + { + address = "fe80::9400:2ff:fe87:7fc9"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + }; + + services.udev.extraRules = '' + ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" + + ''; + }; +} diff --git a/hardware/vinzenz-lpt.nix b/modules/hardware/vinzenz-lpt.nix similarity index 94% rename from hardware/vinzenz-lpt.nix rename to modules/hardware/vinzenz-lpt.nix index cf01a43..3b36625 100644 --- a/hardware/vinzenz-lpt.nix +++ b/modules/hardware/vinzenz-lpt.nix @@ -1,5 +1,7 @@ {...}: { config = { + my.hardware.common-desktop.enable = true; + boot = { initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; initrd.kernelModules = []; diff --git a/hardware/vinzenz-pc2.nix b/modules/hardware/vinzenz-pc2.nix similarity index 96% rename from hardware/vinzenz-pc2.nix rename to modules/hardware/vinzenz-pc2.nix index 8e27145..609479e 100644 --- a/hardware/vinzenz-pc2.nix +++ b/modules/hardware/vinzenz-pc2.nix @@ -1,5 +1,7 @@ {...}: { config = { + my.hardware.common-desktop.enable = true; + boot = { initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage" initrd.kernelModules = []; diff --git a/modules/home/default.nix b/modules/home/default.nix deleted file mode 100644 index 6d85a0d..0000000 --- a/modules/home/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.my.home; -in { - imports = [ - ./vinzenz.nix - ./ronja.nix - # enable home manager - - ]; - - options.my.home = { - enable = lib.mkEnableOption "my home management"; - }; - - config = lib.mkIf cfg.enable { - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; - }; -} diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..39940cd --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,52 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.my.server; +in { + imports = [ + ../_common + ]; + + options.my.server = { + enable = lib.mkEnableOption "server role"; + }; + + config = lib.mkIf cfg.enable { + services = { + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + # PermitRootLogin = "no"; # this is managed through authorized keys + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; + + programs = { + git.enable = true; + zsh.enable = true; + }; + + networking.firewall = { + enable = true; + allowedTCPPortRanges = [ + { + # ssh + from = 22; + to = 22; + } + ]; + }; + + environment = { + systemPackages = with pkgs; [ + ncdu + ]; + }; + }; +} diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix index 5474c3d..cf67dd5 100644 --- a/vinzenz-lpt.nix +++ b/vinzenz-lpt.nix @@ -1,12 +1,17 @@ {...}: { imports = [ - ./modules - (import ./hardware "vinzenz-lpt") + ./modules/desktop + (import ./modules/hardware "vinzenz-lpt") ]; config = { - my.gnome.enable = true; - my.home.vinzenz.enable = true; + my = { + desktop = { + enable = true; + gnome.enable = true; + vinzenz.enable = true; + }; + }; services.flatpak.enable = true; }; diff --git a/vinzenz-pc2.nix b/vinzenz-pc2.nix index 83ea523..d348a3f 100644 --- a/vinzenz-pc2.nix +++ b/vinzenz-pc2.nix @@ -1,14 +1,17 @@ {...}: { imports = [ ./modules - (import ./hardware "vinzenz-pc2") + (import ./modules/hardware "vinzenz-pc2") ]; config = { - my.kde.enable = true; - my.home = { - vinzenz.enable = true; - ronja.enable = true; + my = { + desktop = { + enable = true; + kde.enable = true; + vinzenz.enable = true; + ronja.enable = true; + }; }; users.groups."games" = {