From db67663eb6e2bd1496ae3cc8ea12a1f42f924bd7 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 10 Sep 2023 11:32:18 +0200 Subject: [PATCH 1/7] re-enable kde/gnome user specific settings --- modules/desktop/gnome.nix | 32 +++++++++++++------------- modules/desktop/kde.nix | 47 ++++++++++++++++++++------------------- modules/home/vinzenz.nix | 7 ------ 3 files changed, 40 insertions(+), 46 deletions(-) diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index f440fa2..96ff7de 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -5,19 +5,17 @@ ... }: let cfg = config.my.gnome; - - #applyGnomeUserSettings = { - # home.packages = with pkgs; [ - # gnome.gpaste - # amberol - # ]; - -# dconf.settings = { - # "org/gnome/desktop/peripherals/keyboard" = { - # numlock-state = true; - # }; - # }; - #}; + applyGnomeUserSettings = { + home.packages = with pkgs; [ + gnome.gpaste + amberol + ]; + dconf.settings = { + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = true; + }; + }; + }; in { options.my.gnome = { enable = lib.mkEnableOption "gnome desktop"; @@ -39,7 +37,9 @@ in { }; }; - environment.systemPackages = [pkgs.gnomeExtensions.gsconnect]; + environment.systemPackages = with pkgs; [ + gnomeExtensions.gsconnect + ]; # remove some gnome default apps environment.gnome.excludePackages = with pkgs.gnome; [ @@ -56,8 +56,8 @@ in { ]; home-manager.users = { - # vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings; - # ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings; + vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings; + ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings; }; }; } diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix index 24af742..aa62262 100644 --- a/modules/desktop/kde.nix +++ b/modules/desktop/kde.nix @@ -6,17 +6,16 @@ }: let cfg = config.my.kde; - # applyKdeUserSettings = { - # #home = { - # # packages = with pkgs; [ - # # ]; - # #}; - - # services.kdeconnect = { - # enable = true; - # indicator = true; - # }; - # }; + applyKdeUserSettings = { + home = { + packages = with pkgs; [ + ]; + }; + services.kdeconnect = { + enable = true; + indicator = true; + }; + }; in { options.my.kde = { enable = lib.mkEnableOption "KDE desktop"; @@ -37,17 +36,19 @@ in { }; }; - environment.systemPackages = with pkgs; [ - libsForQt5.kate - libsForQt5.kalk - ]; + environment = { + systemPackages = with pkgs; [ + libsForQt5.kate + libsForQt5.kalk + ]; - environment.plasma5.excludePackages = with pkgs.libsForQt5; [ - elisa - gwenview - okular - khelpcenter - ]; + plasma5.excludePackages = with pkgs.libsForQt5; [ + elisa + gwenview + okular + khelpcenter + ]; + }; programs = { dconf.enable = true; @@ -55,8 +56,8 @@ in { }; home-manager.users = { - #vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings; - #ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings; + vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings; + ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings; }; }; } diff --git a/modules/home/vinzenz.nix b/modules/home/vinzenz.nix index 2538077..799eb62 100644 --- a/modules/home/vinzenz.nix +++ b/modules/home/vinzenz.nix @@ -80,13 +80,6 @@ in { ''; }; - services = { - kdeconnect = { - enable = true; - indicator = true; - }; - }; - programs = { home-manager.enable = true; From e65ba7c8a622aff78c5dd946e2c12ec7871d38bd Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 10 Sep 2023 14:12:01 +0200 Subject: [PATCH 2/7] prepare configuration for server use --- hardware/common-desktop.nix | 33 +++++++++++++++ hardware/default.nix | 1 + hardware/hetzner-vpn1.nix | 80 +++++++++++++++++++++++++++++++++++++ hardware/vinzenz-lpt.nix | 2 + hardware/vinzenz-pc2.nix | 2 + helpers/default.nix | 7 ++++ hetzner-vpn1.nix | 16 ++++++++ modules/default.nix | 3 +- modules/desktop/default.nix | 2 + modules/server/default.nix | 33 +++++++++++++++ vinzenz-lpt.nix | 6 ++- vinzenz-pc2.nix | 10 +++-- 12 files changed, 188 insertions(+), 7 deletions(-) create mode 100644 hardware/common-desktop.nix create mode 100644 hardware/hetzner-vpn1.nix create mode 100644 helpers/default.nix create mode 100644 hetzner-vpn1.nix create mode 100644 modules/server/default.nix diff --git a/hardware/common-desktop.nix b/hardware/common-desktop.nix new file mode 100644 index 0000000..83a34f6 --- /dev/null +++ b/hardware/common-desktop.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + ... +}: let + isEnabled = config.my.hardware.common-desktop.enable; +in { + imports = [ + ]; + + options.my.hardware.common-desktop = { + enable = lib.mkEnableOption "common desktop hardware settings"; + }; + + config = lib.mkIf isEnabled { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + }; +} diff --git a/hardware/default.nix b/hardware/default.nix index 3a06ecb..a5608dc 100644 --- a/hardware/default.nix +++ b/hardware/default.nix @@ -6,6 +6,7 @@ hostName: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (builtins.toString ./. + "/${hostName}.nix") + ./common-desktop.nix ]; config = { diff --git a/hardware/hetzner-vpn1.nix b/hardware/hetzner-vpn1.nix new file mode 100644 index 0000000..7b62a41 --- /dev/null +++ b/hardware/hetzner-vpn1.nix @@ -0,0 +1,80 @@ +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.cleanTmpDir = true; + zramSwap.enable = true; + networking.domain = ""; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/77CF-345D"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + boot.initrd.kernelModules = ["nvme"]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "8.8.8.8" + ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "157.90.146.125"; + prefixLength = 32; + } + ]; + ipv6.addresses = [ + { + address = "2a01:4f8:c012:7137::1"; + prefixLength = 64; + } + { + address = "fe80::9400:2ff:fe87:7fc9"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" + + ''; +} diff --git a/hardware/vinzenz-lpt.nix b/hardware/vinzenz-lpt.nix index cf01a43..3b36625 100644 --- a/hardware/vinzenz-lpt.nix +++ b/hardware/vinzenz-lpt.nix @@ -1,5 +1,7 @@ {...}: { config = { + my.hardware.common-desktop.enable = true; + boot = { initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; initrd.kernelModules = []; diff --git a/hardware/vinzenz-pc2.nix b/hardware/vinzenz-pc2.nix index 8e27145..609479e 100644 --- a/hardware/vinzenz-pc2.nix +++ b/hardware/vinzenz-pc2.nix @@ -1,5 +1,7 @@ {...}: { config = { + my.hardware.common-desktop.enable = true; + boot = { initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage" initrd.kernelModules = []; diff --git a/helpers/default.nix b/helpers/default.nix new file mode 100644 index 0000000..1a1041b --- /dev/null +++ b/helpers/default.nix @@ -0,0 +1,7 @@ +{lib, ...}: { + mkIfElse = p: yes: no: + lib.mkMerge [ + (mkIf p yes) + (mkIf (!p) no) + ]; +} diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix new file mode 100644 index 0000000..b45da07 --- /dev/null +++ b/hetzner-vpn1.nix @@ -0,0 +1,16 @@ +{...}: { + imports = [ + ./modules + (import ./hardware "hetzner-vpn1") + ]; + + config = { + my = { + desktop.enable = false; + server.enable = true; + }; + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' + ]; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 71d87d1..74584f5 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,6 +4,7 @@ ... }: let cfg = config.my; + helpers = import ../helpers; in { imports = [ ./home @@ -22,7 +23,7 @@ in { services.openssh = { enable = true; settings = { - PermitRootLogin = "no"; + PermitRootLogin = helpers.mkIfElse config.my.server.enable "yes" "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 771dff8..dca0499 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -22,6 +22,8 @@ in { # Enable CUPS to print documents. printing.enable = true; + + openssh.settings.PermitRootLogin = "no"; }; # Enable sound with pipewire. diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..a8f584c --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,33 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.my.server; +in { + imports = []; + + options.my.server = { + enable = lib.mkEnableOption "server role"; + }; + + config = lib.mkIf cfg.enable { + services = { + services.openssh.enable = true; + }; + + programs = { + }; + + networking.firewall = { + allowedTCPPortRanges = [ + { + # ssh + from = 22; + to = 22; + } + ]; + }; + }; +} diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix index 5474c3d..eb7957d 100644 --- a/vinzenz-lpt.nix +++ b/vinzenz-lpt.nix @@ -5,8 +5,10 @@ ]; config = { - my.gnome.enable = true; - my.home.vinzenz.enable = true; + my = { + gnome.enable = true; + home.vinzenz.enable = true; + }; services.flatpak.enable = true; }; diff --git a/vinzenz-pc2.nix b/vinzenz-pc2.nix index 83ea523..200ed8a 100644 --- a/vinzenz-pc2.nix +++ b/vinzenz-pc2.nix @@ -5,10 +5,12 @@ ]; config = { - my.kde.enable = true; - my.home = { - vinzenz.enable = true; - ronja.enable = true; + my = { + kde.enable = true; + home = { + vinzenz.enable = true; + ronja.enable = true; + }; }; users.groups."games" = { From 69026cb4614d3501b55ee19a4140559379d908e0 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Mon, 11 Sep 2023 18:46:47 +0200 Subject: [PATCH 3/7] make home manager optional --- helpers/default.nix | 4 ++-- modules/default.nix | 2 +- modules/home/default.nix | 13 +++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/helpers/default.nix b/helpers/default.nix index 1a1041b..4845b6f 100644 --- a/helpers/default.nix +++ b/helpers/default.nix @@ -1,7 +1,7 @@ {lib, ...}: { mkIfElse = p: yes: no: lib.mkMerge [ - (mkIf p yes) - (mkIf (!p) no) + (lib.mkIf p yes) + (lib.mkIf (!p) no) ]; } diff --git a/modules/default.nix b/modules/default.nix index 74584f5..48e1990 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -23,7 +23,7 @@ in { services.openssh = { enable = true; settings = { - PermitRootLogin = helpers.mkIfElse config.my.server.enable "yes" "no"; + # PermitRootLogin = "no"; # this is managed through authorized keys PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; diff --git a/modules/home/default.nix b/modules/home/default.nix index 6d85a0d..5e63d11 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -6,12 +6,13 @@ }: let cfg = config.my.home; in { - imports = [ - ./vinzenz.nix - ./ronja.nix - # enable home manager - - ]; + imports = + [ + ./vinzenz.nix + ./ronja.nix + # enable home manager + ] + ++ lib.optional (builtins.pathExists ) ; options.my.home = { enable = lib.mkEnableOption "my home management"; From 5e9a74280e6f767d9ec0b2049c3cf9b8c7c9ae47 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Mon, 11 Sep 2023 19:16:26 +0200 Subject: [PATCH 4/7] split server desktop, move stuff --- helpers/default.nix | 7 -- hetzner-vpn1.nix | 6 +- modules/default.nix | 55 -------------- modules/desktop/default.nix | 74 +++++++++++++++---- modules/desktop/gnome.nix | 10 ++- modules/{ => desktop}/i18n.nix | 0 modules/desktop/kde.nix | 9 ++- modules/{ => desktop}/nixpkgs.nix | 0 modules/{home => desktop}/ronja.nix | 5 +- modules/{home => desktop}/vinzenz.nix | 5 +- .../hardware}/common-desktop.nix | 0 {hardware => modules/hardware}/default.nix | 0 .../hardware}/hetzner-vpn1.nix | 0 .../hardware}/vinzenz-lpt.nix | 0 .../hardware}/vinzenz-pc2.nix | 0 modules/home/default.nix | 25 ------- modules/server/default.nix | 20 ++++- vinzenz-lpt.nix | 11 ++- vinzenz-pc2.nix | 7 +- 19 files changed, 107 insertions(+), 127 deletions(-) delete mode 100644 helpers/default.nix delete mode 100644 modules/default.nix rename modules/{ => desktop}/i18n.nix (100%) rename modules/{ => desktop}/nixpkgs.nix (100%) rename modules/{home => desktop}/ronja.nix (96%) rename modules/{home => desktop}/vinzenz.nix (98%) rename {hardware => modules/hardware}/common-desktop.nix (100%) rename {hardware => modules/hardware}/default.nix (100%) rename {hardware => modules/hardware}/hetzner-vpn1.nix (100%) rename {hardware => modules/hardware}/vinzenz-lpt.nix (100%) rename {hardware => modules/hardware}/vinzenz-pc2.nix (100%) delete mode 100644 modules/home/default.nix diff --git a/helpers/default.nix b/helpers/default.nix deleted file mode 100644 index 4845b6f..0000000 --- a/helpers/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{lib, ...}: { - mkIfElse = p: yes: no: - lib.mkMerge [ - (lib.mkIf p yes) - (lib.mkIf (!p) no) - ]; -} diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix index b45da07..415b8cb 100644 --- a/hetzner-vpn1.nix +++ b/hetzner-vpn1.nix @@ -1,14 +1,14 @@ {...}: { imports = [ - ./modules - (import ./hardware "hetzner-vpn1") + ./modules/server + (import ./modules/hardware "hetzner-vpn1") ]; config = { my = { - desktop.enable = false; server.enable = true; }; + users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' ]; diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 48e1990..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - pkgs, - ... -}: let - cfg = config.my; - helpers = import ../helpers; -in { - imports = [ - ./home - ./desktop - ./i18n.nix - ./nixpkgs.nix - ]; - - config = { - networking = { - networkmanager.enable = true; - firewall.enable = true; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - # PermitRootLogin = "no"; # this is managed through authorized keys - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - systemd.extraConfig = '' - DefaultTimeoutStopSec=12s - ''; - - programs = { - zsh.enable = true; - - git = { - enable = true; - package = pkgs.gitFull; - }; - }; - - environment = { - pathsToLink = ["/share/zsh"]; - - systemPackages = with pkgs; [ - lm_sensors - tldr - ncdu - ]; - }; - }; -} diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index dca0499..aa50881 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -7,8 +7,13 @@ cfg = config.my.desktop; in { imports = [ + ./gnome.nix ./kde.nix + ./i18n.nix + ./nixpkgs.nix + ./vinzenz.nix + ./ronja.nix ]; options.my.desktop = { @@ -16,6 +21,9 @@ in { }; config = lib.mkIf cfg.enable { + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + services = { # Enable the X11 windowing system / wayland depending on DE xserver.enable = true; @@ -23,7 +31,15 @@ in { # Enable CUPS to print documents. printing.enable = true; - openssh.settings.PermitRootLogin = "no"; + # Enable the OpenSSH daemon. + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; }; # Enable sound with pipewire. @@ -46,20 +62,48 @@ in { }; # unblock kde connect / gsconnect - networking.firewall = { - allowedTCPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } - ]; - allowedUDPPortRanges = [ - { - # KDE Connect - from = 1714; - to = 1764; - } + networking = { + networkmanager.enable = true; + firewall.enable = true; + + firewall = { + allowedTCPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + allowedUDPPortRanges = [ + { + # KDE Connect + from = 1714; + to = 1764; + } + ]; + }; + }; + + systemd.extraConfig = '' + DefaultTimeoutStopSec=12s + ''; + + programs = { + zsh.enable = true; + + git = { + enable = true; + package = pkgs.gitFull; + }; + }; + + environment = { + pathsToLink = ["/share/zsh"]; + + systemPackages = with pkgs; [ + lm_sensors + tldr + ncdu ]; }; }; diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index 96ff7de..38b9fee 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -4,7 +4,9 @@ lib, ... }: let - cfg = config.my.gnome; + desktopCfg = config.my.desktop; + cfg = desktopCfg.gnome; + applyGnomeUserSettings = { home.packages = with pkgs; [ gnome.gpaste @@ -17,7 +19,7 @@ }; }; in { - options.my.gnome = { + options.my.desktop.gnome = { enable = lib.mkEnableOption "gnome desktop"; }; @@ -56,8 +58,8 @@ in { ]; home-manager.users = { - vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings; - ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyGnomeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyGnomeUserSettings; }; }; } diff --git a/modules/i18n.nix b/modules/desktop/i18n.nix similarity index 100% rename from modules/i18n.nix rename to modules/desktop/i18n.nix diff --git a/modules/desktop/kde.nix b/modules/desktop/kde.nix index aa62262..08b0c03 100644 --- a/modules/desktop/kde.nix +++ b/modules/desktop/kde.nix @@ -4,7 +4,8 @@ lib, ... }: let - cfg = config.my.kde; + desktopCfg = config.my.desktop; + cfg = desktopCfg.kde; applyKdeUserSettings = { home = { @@ -17,7 +18,7 @@ }; }; in { - options.my.kde = { + options.my.desktop.kde = { enable = lib.mkEnableOption "KDE desktop"; }; @@ -56,8 +57,8 @@ in { }; home-manager.users = { - vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings; - ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings; + vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyKdeUserSettings; + ronja = lib.mkIf desktopCfg.ronja.enable applyKdeUserSettings; }; }; } diff --git a/modules/nixpkgs.nix b/modules/desktop/nixpkgs.nix similarity index 100% rename from modules/nixpkgs.nix rename to modules/desktop/nixpkgs.nix diff --git a/modules/home/ronja.nix b/modules/desktop/ronja.nix similarity index 96% rename from modules/home/ronja.nix rename to modules/desktop/ronja.nix index 0b11bea..f7f34f5 100644 --- a/modules/home/ronja.nix +++ b/modules/desktop/ronja.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.my.home.ronja; + cfg = config.my.desktop.ronja; in { - options.my.home.ronja = { + options.my.desktop.ronja = { enable = lib.mkEnableOption "user ronja"; }; @@ -21,7 +21,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.ronja = { config, pkgs, diff --git a/modules/home/vinzenz.nix b/modules/desktop/vinzenz.nix similarity index 98% rename from modules/home/vinzenz.nix rename to modules/desktop/vinzenz.nix index 799eb62..010becb 100644 --- a/modules/home/vinzenz.nix +++ b/modules/desktop/vinzenz.nix @@ -4,9 +4,9 @@ lib, ... }: let - cfg = config.my.home.vinzenz; + cfg = config.my.desktop.vinzenz; in { - options.my.home.vinzenz = { + options.my.desktop.vinzenz = { enable = lib.mkEnableOption "user vinzenz"; }; @@ -20,7 +20,6 @@ in { }; # home manager - my.home.enable = true; home-manager.users.vinzenz = { config, pkgs, diff --git a/hardware/common-desktop.nix b/modules/hardware/common-desktop.nix similarity index 100% rename from hardware/common-desktop.nix rename to modules/hardware/common-desktop.nix diff --git a/hardware/default.nix b/modules/hardware/default.nix similarity index 100% rename from hardware/default.nix rename to modules/hardware/default.nix diff --git a/hardware/hetzner-vpn1.nix b/modules/hardware/hetzner-vpn1.nix similarity index 100% rename from hardware/hetzner-vpn1.nix rename to modules/hardware/hetzner-vpn1.nix diff --git a/hardware/vinzenz-lpt.nix b/modules/hardware/vinzenz-lpt.nix similarity index 100% rename from hardware/vinzenz-lpt.nix rename to modules/hardware/vinzenz-lpt.nix diff --git a/hardware/vinzenz-pc2.nix b/modules/hardware/vinzenz-pc2.nix similarity index 100% rename from hardware/vinzenz-pc2.nix rename to modules/hardware/vinzenz-pc2.nix diff --git a/modules/home/default.nix b/modules/home/default.nix deleted file mode 100644 index 5e63d11..0000000 --- a/modules/home/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.my.home; -in { - imports = - [ - ./vinzenz.nix - ./ronja.nix - # enable home manager - ] - ++ lib.optional (builtins.pathExists ) ; - - options.my.home = { - enable = lib.mkEnableOption "my home management"; - }; - - config = lib.mkIf cfg.enable { - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; - }; -} diff --git a/modules/server/default.nix b/modules/server/default.nix index a8f584c..f6874d8 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -14,13 +14,25 @@ in { config = lib.mkIf cfg.enable { services = { - services.openssh.enable = true; + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + # PermitRootLogin = "no"; # this is managed through authorized keys + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; programs = { + git.enable = true; + zsh.enable = true; }; networking.firewall = { + enable = true; allowedTCPPortRanges = [ { # ssh @@ -29,5 +41,11 @@ in { } ]; }; + + environment = { + systemPackages = with pkgs; [ + ncdu + ]; + }; }; } diff --git a/vinzenz-lpt.nix b/vinzenz-lpt.nix index eb7957d..cf67dd5 100644 --- a/vinzenz-lpt.nix +++ b/vinzenz-lpt.nix @@ -1,13 +1,16 @@ {...}: { imports = [ - ./modules - (import ./hardware "vinzenz-lpt") + ./modules/desktop + (import ./modules/hardware "vinzenz-lpt") ]; config = { my = { - gnome.enable = true; - home.vinzenz.enable = true; + desktop = { + enable = true; + gnome.enable = true; + vinzenz.enable = true; + }; }; services.flatpak.enable = true; diff --git a/vinzenz-pc2.nix b/vinzenz-pc2.nix index 200ed8a..d348a3f 100644 --- a/vinzenz-pc2.nix +++ b/vinzenz-pc2.nix @@ -1,13 +1,14 @@ {...}: { imports = [ ./modules - (import ./hardware "vinzenz-pc2") + (import ./modules/hardware "vinzenz-pc2") ]; config = { my = { - kde.enable = true; - home = { + desktop = { + enable = true; + kde.enable = true; vinzenz.enable = true; ronja.enable = true; }; From c022eb979b52a037d03ef920bf90defe446aa637 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Mon, 11 Sep 2023 19:17:32 +0200 Subject: [PATCH 5/7] fix ssh --- modules/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/server/default.nix b/modules/server/default.nix index f6874d8..06918bc 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -15,7 +15,7 @@ in { config = lib.mkIf cfg.enable { services = { # Enable the OpenSSH daemon. - services.openssh = { + openssh = { enable = true; settings = { # PermitRootLogin = "no"; # this is managed through authorized keys From c1e4cdb929faf75af7cbfb20b8f040f1ed9b4f49 Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Mon, 11 Sep 2023 19:21:31 +0200 Subject: [PATCH 6/7] move out common stuff again --- modules/_common/default.nix | 6 ++++++ modules/{desktop => _common}/i18n.nix | 0 modules/{desktop => _common}/nixpkgs.nix | 0 modules/desktop/default.nix | 3 +-- modules/server/default.nix | 5 +++-- 5 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 modules/_common/default.nix rename modules/{desktop => _common}/i18n.nix (100%) rename modules/{desktop => _common}/nixpkgs.nix (100%) diff --git a/modules/_common/default.nix b/modules/_common/default.nix new file mode 100644 index 0000000..6432356 --- /dev/null +++ b/modules/_common/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./i18n.nix + ./nixpkgs.nix + ]; +} diff --git a/modules/desktop/i18n.nix b/modules/_common/i18n.nix similarity index 100% rename from modules/desktop/i18n.nix rename to modules/_common/i18n.nix diff --git a/modules/desktop/nixpkgs.nix b/modules/_common/nixpkgs.nix similarity index 100% rename from modules/desktop/nixpkgs.nix rename to modules/_common/nixpkgs.nix diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index aa50881..f9553c6 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -8,10 +8,9 @@ in { imports = [ + ../_common ./gnome.nix ./kde.nix - ./i18n.nix - ./nixpkgs.nix ./vinzenz.nix ./ronja.nix ]; diff --git a/modules/server/default.nix b/modules/server/default.nix index 06918bc..39940cd 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -6,7 +6,9 @@ }: let cfg = config.my.server; in { - imports = []; + imports = [ + ../_common + ]; options.my.server = { enable = lib.mkEnableOption "server role"; @@ -23,7 +25,6 @@ in { KbdInteractiveAuthentication = false; }; }; - }; programs = { From ec2166ec2dc1d101c1bfb1a29d0f9fc09e965a2e Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Mon, 11 Sep 2023 21:00:02 +0200 Subject: [PATCH 7/7] fix vpn1 config --- modules/_common/nixpkgs.nix | 7 +- modules/desktop/default.nix | 4 + modules/hardware/hetzner-vpn1.nix | 151 +++++++++++++++++------------- 3 files changed, 89 insertions(+), 73 deletions(-) diff --git a/modules/_common/nixpkgs.nix b/modules/_common/nixpkgs.nix index dc7c9e9..be3e744 100644 --- a/modules/_common/nixpkgs.nix +++ b/modules/_common/nixpkgs.nix @@ -1,11 +1,6 @@ {...}: { config = { - nixpkgs.config = { - allowUnfree = true; - permittedInsecurePackages = [ - "electron-12.2.3" - ]; - }; + nixpkgs.config.allowUnfree = true; system = { stateVersion = "22.11"; diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index f9553c6..9584650 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -105,5 +105,9 @@ in { ncdu ]; }; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-12.2.3" + ]; }; } diff --git a/modules/hardware/hetzner-vpn1.nix b/modules/hardware/hetzner-vpn1.nix index 7b62a41..8ac8edc 100644 --- a/modules/hardware/hetzner-vpn1.nix +++ b/modules/hardware/hetzner-vpn1.nix @@ -7,74 +7,91 @@ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.cleanTmpDir = true; - zramSwap.enable = true; - networking.domain = ""; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/77CF-345D"; - fsType = "vfat"; - }; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; - boot.initrd.kernelModules = ["nvme"]; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = [ - "8.8.8.8" - ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { - address = "157.90.146.125"; - prefixLength = 32; - } - ]; - ipv6.addresses = [ - { - address = "2a01:4f8:c012:7137::1"; - prefixLength = 64; - } - { - address = "fe80::9400:2ff:fe87:7fc9"; - prefixLength = 64; - } - ]; - ipv4.routes = [ - { - address = "172.31.1.1"; - prefixLength = 32; - } - ]; - ipv6.routes = [ - { - address = "fe80::1"; - prefixLength = 128; - } - ]; + config = { + boot = { + tmp.cleanOnBoot = true; + loader = { + systemd-boot.enable = lib.mkForce false; + efi.canTouchEfiVariables = lib.mkForce false; + grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + }; + initrd = { + availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + kernelModules = ["nvme"]; }; }; - }; - services.udev.extraRules = '' - ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" - ''; + zramSwap.enable = true; + networking.domain = ""; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/77CF-345D"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + }; + + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = ["8.8.8.8"]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4 = { + addresses = [ + { + address = "157.90.146.125"; + prefixLength = 32; + } + ]; + routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + }; + ipv6 = { + addresses = [ + { + address = "2a01:4f8:c012:7137::1"; + prefixLength = 64; + } + { + address = "fe80::9400:2ff:fe87:7fc9"; + prefixLength = 64; + } + ]; + routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + }; + + services.udev.extraRules = '' + ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" + + ''; + }; }