Merge pull request #2 from kaesaecracker/vpn1

Vpn1

hetzner-vpn1.nix

@@ -0,0 +1,16 @@
+{...}: {
+  imports = [
+    ./modules/server
+    (import ./modules/hardware "hetzner-vpn1")
+  ];
+
+  config = {
+    my = {
+      server.enable = true;
+    };
+
+    users.users.root.openssh.authorizedKeys.keys = [
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
+    ];
+  };
+}

modules/_common/default.nix

@@ -0,0 +1,6 @@
+{...}: {
+  imports = [
+    ./i18n.nix
+    ./nixpkgs.nix
+  ];
+}

modules/_common/nixpkgs.nix

@@ -1,11 +1,6 @@
 {...}: {
   config = {
-    nixpkgs.config = {
+    nixpkgs.config.allowUnfree = true;
-      allowUnfree = true;
-      permittedInsecurePackages = [
-        "electron-12.2.3"
-      ];
-    };
 
     system = {
       stateVersion = "22.11";

modules/default.nix

@@ -1,54 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  cfg = config.my;
-in {
-  imports = [
-    ./home
-    ./desktop
-    ./i18n.nix
-    ./nixpkgs.nix
-  ];
-
-  config = {
-    networking = {
-      networkmanager.enable = true;
-      firewall.enable = true;
-    };
-
-    # Enable the OpenSSH daemon.
-    services.openssh = {
-      enable = true;
-      settings = {
-        PermitRootLogin = "no";
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-      };
-    };
-
-    systemd.extraConfig = ''
-      DefaultTimeoutStopSec=12s
-    '';
-
-    programs = {
-      zsh.enable = true;
-
-      git = {
-        enable = true;
-        package = pkgs.gitFull;
-      };
-    };
-
-    environment = {
-      pathsToLink = ["/share/zsh"];
-
-      systemPackages = with pkgs; [
-        lm_sensors
-        tldr
-        ncdu
-      ];
-    };
-  };
-}

modules/desktop/default.nix

@@ -7,8 +7,12 @@
   cfg = config.my.desktop;
 in {
   imports = [
+    <home-manager/nixos>
+    ../_common
     ./gnome.nix
     ./kde.nix
+    ./vinzenz.nix
+    ./ronja.nix
   ];
 
   options.my.desktop = {
@@ -16,12 +20,25 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    home-manager.useUserPackages = true;
+    home-manager.useGlobalPkgs = true;
+
     services = {
       # Enable the X11 windowing system / wayland depending on DE
       xserver.enable = true;
 
       # Enable CUPS to print documents.
       printing.enable = true;
+
+      # Enable the OpenSSH daemon.
+      openssh = {
+        enable = true;
+        settings = {
+          PermitRootLogin = "no";
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+        };
+      };
     };
 
     # Enable sound with pipewire.
@@ -44,7 +61,11 @@ in {
     };
 
     # unblock kde connect / gsconnect
-    networking.firewall = {
+    networking = {
+      networkmanager.enable = true;
+      firewall.enable = true;
+
+      firewall = {
         allowedTCPPortRanges = [
           {
             # KDE Connect
@@ -61,4 +82,32 @@ in {
         ];
       };
     };
+
+    systemd.extraConfig = ''
+      DefaultTimeoutStopSec=12s
+    '';
+
+    programs = {
+      zsh.enable = true;
+
+      git = {
+        enable = true;
+        package = pkgs.gitFull;
+      };
+    };
+
+    environment = {
+      pathsToLink = ["/share/zsh"];
+
+      systemPackages = with pkgs; [
+        lm_sensors
+        tldr
+        ncdu
+      ];
+    };
+
+    nixpkgs.config.permittedInsecurePackages = [
+      "electron-12.2.3"
+    ];
+  };
 }

modules/desktop/gnome.nix

@@ -4,22 +4,22 @@
   lib,
   ...
 }: let
-  cfg = config.my.gnome;
+  desktopCfg = config.my.desktop;
+  cfg = desktopCfg.gnome;
 
-  #applyGnomeUserSettings = {
+  applyGnomeUserSettings = {
-  #  home.packages = with pkgs; [
+    home.packages = with pkgs; [
-  #    gnome.gpaste
+      gnome.gpaste
-  #    amberol
+      amberol
-  #  ];
+    ];
-
+    dconf.settings = {
-#    dconf.settings = {
+      "org/gnome/desktop/peripherals/keyboard" = {
- #     "org/gnome/desktop/peripherals/keyboard" = {
+        numlock-state = true;
-  #      numlock-state = true;
+      };
-  #    };
+    };
-  #  };
+  };
-  #};
 in {
-  options.my.gnome = {
+  options.my.desktop.gnome = {
     enable = lib.mkEnableOption "gnome desktop";
   };
 
@@ -39,7 +39,9 @@ in {
       };
     };
 
-    environment.systemPackages = [pkgs.gnomeExtensions.gsconnect];
+    environment.systemPackages = with pkgs; [
+      gnomeExtensions.gsconnect
+    ];
 
     # remove some gnome default apps
     environment.gnome.excludePackages = with pkgs.gnome; [
@@ -56,8 +58,8 @@ in {
     ];
 
     home-manager.users = {
-  #    vinzenz = lib.mkIf config.my.home.vinzenz.enable applyGnomeUserSettings;
+      vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyGnomeUserSettings;
-  #    ronja = lib.mkIf config.my.home.ronja.enable applyGnomeUserSettings;
+      ronja = lib.mkIf desktopCfg.ronja.enable applyGnomeUserSettings;
     };
   };
 }

modules/desktop/kde.nix

@@ -4,21 +4,21 @@
   lib,
   ...
 }: let
-  cfg = config.my.kde;
+  desktopCfg = config.my.desktop;
+  cfg = desktopCfg.kde;
 
-  # applyKdeUserSettings = {
+  applyKdeUserSettings = {
-  #   #home = {
+    home = {
-  #   #  packages = with pkgs; [
+      packages = with pkgs; [
-  #   #  ];
+      ];
-  #   #};
+    };
-
+    services.kdeconnect = {
-  #   services.kdeconnect = {
+      enable = true;
-  #     enable = true;
+      indicator = true;
-  #     indicator = true;
+    };
-  #   };
+  };
-  # };
 in {
-  options.my.kde = {
+  options.my.desktop.kde = {
     enable = lib.mkEnableOption "KDE desktop";
   };
 
@@ -37,17 +37,19 @@ in {
       };
     };
 
-    environment.systemPackages = with pkgs; [
+    environment = {
+      systemPackages = with pkgs; [
         libsForQt5.kate
         libsForQt5.kalk
       ];
 
-    environment.plasma5.excludePackages = with pkgs.libsForQt5; [
+      plasma5.excludePackages = with pkgs.libsForQt5; [
         elisa
         gwenview
         okular
         khelpcenter
       ];
+    };
 
     programs = {
       dconf.enable = true;
@@ -55,8 +57,8 @@ in {
     };
 
     home-manager.users = {
-      #vinzenz = lib.mkIf config.my.home.vinzenz.enable applyKdeUserSettings;
+      vinzenz = lib.mkIf desktopCfg.vinzenz.enable applyKdeUserSettings;
-      #ronja = lib.mkIf config.my.home.ronja.enable applyKdeUserSettings;
+      ronja = lib.mkIf desktopCfg.ronja.enable applyKdeUserSettings;
     };
   };
 }

modules/desktop/ronja.nix

@@ -5,9 +5,9 @@
   ...
 }:
 with lib; let
-  cfg = config.my.home.ronja;
+  cfg = config.my.desktop.ronja;
 in {
-  options.my.home.ronja = {
+  options.my.desktop.ronja = {
     enable = lib.mkEnableOption "user ronja";
   };
 
@@ -21,7 +21,6 @@ in {
     };
 
     # home manager
-    my.home.enable = true;
     home-manager.users.ronja = {
       config,
       pkgs,

modules/desktop/vinzenz.nix

@@ -4,9 +4,9 @@
   lib,
   ...
 }: let
-  cfg = config.my.home.vinzenz;
+  cfg = config.my.desktop.vinzenz;
 in {
-  options.my.home.vinzenz = {
+  options.my.desktop.vinzenz = {
     enable = lib.mkEnableOption "user vinzenz";
   };
 
@@ -20,7 +20,6 @@ in {
     };
 
     # home manager
-    my.home.enable = true;
     home-manager.users.vinzenz = {
       config,
       pkgs,
@@ -80,13 +79,6 @@ in {
         '';
       };
 
-      services = {
-        kdeconnect = {
-          enable = true;
-          indicator = true;
-        };
-      };
-
       programs = {
         home-manager.enable = true;
 

modules/hardware/common-desktop.nix

@@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  isEnabled = config.my.hardware.common-desktop.enable;
+in {
+  imports = [
+  ];
+
+  options.my.hardware.common-desktop = {
+    enable = lib.mkEnableOption "common desktop hardware settings";
+  };
+
+  config = lib.mkIf isEnabled {
+    boot.loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+    # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+    hardware.enableRedistributableFirmware = true;
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  };
+}

modules/hardware/default.nix

@@ -6,6 +6,7 @@ hostName: {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     (builtins.toString ./. + "/${hostName}.nix")
+    ./common-desktop.nix
   ];
 
   config = {

modules/hardware/hetzner-vpn1.nix

@@ -0,0 +1,97 @@
+{
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  config = {
+    boot = {
+      tmp.cleanOnBoot = true;
+      loader = {
+        systemd-boot.enable = lib.mkForce false;
+        efi.canTouchEfiVariables = lib.mkForce false;
+        grub = {
+          enable = true;
+          efiSupport = true;
+          efiInstallAsRemovable = true;
+          device = "nodev";
+        };
+      };
+      initrd = {
+        availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+        kernelModules = ["nvme"];
+      };
+    };
+
+    zramSwap.enable = true;
+    networking.domain = "";
+
+    fileSystems = {
+      "/boot" = {
+        device = "/dev/disk/by-uuid/77CF-345D";
+        fsType = "vfat";
+      };
+      "/" = {
+        device = "/dev/sda1";
+        fsType = "ext4";
+      };
+    };
+
+    # This file was populated at runtime with the networking
+    # details gathered from the active system.
+    networking = {
+      nameservers = ["8.8.8.8"];
+      defaultGateway = "172.31.1.1";
+      defaultGateway6 = {
+        address = "fe80::1";
+        interface = "eth0";
+      };
+      dhcpcd.enable = false;
+      usePredictableInterfaceNames = lib.mkForce false;
+      interfaces = {
+        eth0 = {
+          ipv4 = {
+            addresses = [
+              {
+                address = "157.90.146.125";
+                prefixLength = 32;
+              }
+            ];
+            routes = [
+              {
+                address = "172.31.1.1";
+                prefixLength = 32;
+              }
+            ];
+          };
+          ipv6 = {
+            addresses = [
+              {
+                address = "2a01:4f8:c012:7137::1";
+                prefixLength = 64;
+              }
+              {
+                address = "fe80::9400:2ff:fe87:7fc9";
+                prefixLength = 64;
+              }
+            ];
+            routes = [
+              {
+                address = "fe80::1";
+                prefixLength = 128;
+              }
+            ];
+          };
+        };
+      };
+    };
+
+    services.udev.extraRules = ''
+      ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0"
+
+    '';
+  };
+}

modules/hardware/vinzenz-lpt.nix

@@ -1,5 +1,7 @@
 {...}: {
   config = {
+    my.hardware.common-desktop.enable = true;
+
     boot = {
       initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
       initrd.kernelModules = [];

modules/hardware/vinzenz-pc2.nix

@@ -1,5 +1,7 @@
 {...}: {
   config = {
+    my.hardware.common-desktop.enable = true;
+
     boot = {
       initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; # "usb_storage"
       initrd.kernelModules = [];

modules/home/default.nix

@@ -1,24 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.my.home;
-in {
-  imports = [
-    ./vinzenz.nix
-    ./ronja.nix
-    # enable home manager
-    <home-manager/nixos>
-  ];
-
-  options.my.home = {
-    enable = lib.mkEnableOption "my home management";
-  };
-
-  config = lib.mkIf cfg.enable {
-    home-manager.useUserPackages = true;
-    home-manager.useGlobalPkgs = true;
-  };
-}

modules/server/default.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.my.server;
+in {
+  imports = [
+    ../_common
+  ];
+
+  options.my.server = {
+    enable = lib.mkEnableOption "server role";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      # Enable the OpenSSH daemon.
+      openssh = {
+        enable = true;
+        settings = {
+          # PermitRootLogin = "no"; # this is managed through authorized keys
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+        };
+      };
+    };
+
+    programs = {
+      git.enable = true;
+      zsh.enable = true;
+    };
+
+    networking.firewall = {
+      enable = true;
+      allowedTCPPortRanges = [
+        {
+          # ssh
+          from = 22;
+          to = 22;
+        }
+      ];
+    };
+
+    environment = {
+      systemPackages = with pkgs; [
+        ncdu
+      ];
+    };
+  };
+}

vinzenz-lpt.nix

@@ -1,12 +1,17 @@
 {...}: {
   imports = [
-    ./modules
+    ./modules/desktop
-    (import ./hardware "vinzenz-lpt")
+    (import ./modules/hardware "vinzenz-lpt")
   ];
 
   config = {
-    my.gnome.enable = true;
+    my = {
-    my.home.vinzenz.enable = true;
+      desktop = {
+        enable = true;
+        gnome.enable = true;
+        vinzenz.enable = true;
+      };
+    };
 
     services.flatpak.enable = true;
   };

vinzenz-pc2.nix

@@ -1,15 +1,18 @@
 {...}: {
   imports = [
     ./modules
-    (import ./hardware "vinzenz-pc2")
+    (import ./modules/hardware "vinzenz-pc2")
   ];
 
   config = {
-    my.kde.enable = true;
+    my = {
-    my.home = {
+      desktop = {
+        enable = true;
+        kde.enable = true;
         vinzenz.enable = true;
         ronja.enable = true;
       };
+    };
 
     users.groups."games" = {
       members = ["vinzenz" "ronja"];