diff --git a/flake.lock b/flake.lock index f794795..c388be8 100644 --- a/flake.lock +++ b/flake.lock @@ -440,42 +440,6 @@ "type": "github" } }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1764522689, @@ -597,7 +561,6 @@ "niri": "niri", "nix-filter": "nix-filter", "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "nur": "nur", diff --git a/flake.nix b/flake.nix index 5894172..cdc2bf4 100644 --- a/flake.nix +++ b/flake.nix @@ -31,10 +31,6 @@ url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nur = { url = "github:nix-community/NUR"; inputs = { @@ -84,7 +80,7 @@ }; outputs = - inputs@{ + { self, nixpkgs, home-manager, @@ -92,7 +88,6 @@ lanzaboote, niri, nix-vscode-extensions, - nixos-generators, nixpkgs-unstable, servicepoint-cli, servicepoint-simulator, @@ -107,18 +102,49 @@ devices = { vinzenz-lpt2 = { system = "x86_64-linux"; + additional-modules = [ + self.nixosModules.user-vinzenz + + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.intel-graphics + self.nixosModules.secure-boot + ]; home-manager-users = { inherit (self.homeConfigurations) vinzenz; }; }; vinzenz-pc2 = { system = "x86_64-linux"; + additional-modules = [ + self.nixosModules.user-vinzenz + self.nixosModules.user-ronja + + self.nixosModules.gnome + self.nixosModules.wine-gaming + self.nixosModules.steam + self.nixosModules.podman + self.nixosModules.vinzenz-desktop-settings + self.nixosModules.amd-graphics + self.nixosModules.secure-boot + ]; home-manager-users = { - inherit (self.homeConfigurations) vinzenz; + inherit (self.homeConfigurations) vinzenz ronja; }; }; ronja-pc = { system = "x86_64-linux"; + additional-modules = [ + self.nixosModules.user-ronja + + self.nixosModules.gnome + self.nixosModules.steam + self.nixosModules.wine-gaming + self.nixosModules.vinzenz-desktop-settings + ]; home-manager-users = { inherit (self.homeConfigurations) ronja; }; @@ -128,9 +154,7 @@ }; forgejo-runner-1 = { system = "aarch64-linux"; - }; - epimetheus = { - system = "aarch64-linux"; + additional-modules = [ self.nixosModules.podman ]; }; }; inherit (nixpkgs) lib; @@ -206,30 +230,104 @@ device, system, home-manager-users ? { }, + additional-modules ? [ ], }: let - specialArgs = inputs // { - inherit device home-manager-users; + specialArgs = { + inherit device; }; in nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [ { - imports = [ - ./nixosConfigurations/${device} - self.nixosModules.global-settings - ] - ++ (lib.optionals (home-manager-users != { }) [ - self.nixosModules.global-settings-desktop - ]); - + networking.hostName = device; nixpkgs = { inherit system; hostPlatform = lib.mkDefault system; }; + system = { + stateVersion = "22.11"; + autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; + }; + + nixpkgs.overlays = [ + self.overlays.unstable-packages + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + documentation = { + info.enable = false; # info pages and the info command + doc.enable = false; # documentation distributed in packages' /share/doc + }; } - ]; + + ./nixosConfigurations/${device} + + # keep-sorted start + lanzaboote.nixosModules.lanzaboote + self.nixosModules.allowed-unfree-list + self.nixosModules.autoupdate + self.nixosModules.default + self.nixosModules.extra-caches + self.nixosModules.globalinstalls + self.nixosModules.lix-is-nix + self.nixosModules.openssh + self.nixosModules.prometheus-node + self.nixosModules.systemd-boot + self.nixosModules.tailscale + zerforschen-plus.nixosModules.default + # keep-sorted end + ] + ++ (nixpkgs.lib.optionals (home-manager-users != { }) [ + { + home-manager = { + extraSpecialArgs = specialArgs; + useGlobalPkgs = true; + useUserPackages = true; + }; + + time.timeZone = "Europe/Berlin"; + + home-manager.sharedModules = [ + { home.stateVersion = "22.11"; } + # keep-sorted start + self.homeModules.git + self.homeModules.gnome-extensions + self.homeModules.nano + self.homeModules.templates + self.homeModules.zsh-basics + self.homeModules.zsh-powerlevel10k + # keep-sorted end + ]; + + home-manager.users = home-manager-users; + } + + # keep-sorted start + home-manager.nixosModules.home-manager + self.nixosModules.en-de + self.nixosModules.firmware-updates + self.nixosModules.gnome + self.nixosModules.kdeconnect + self.nixosModules.modern-desktop + self.nixosModules.niri + self.nixosModules.nix-ld + self.nixosModules.pkgs-unstable + self.nixosModules.pkgs-vscode-extensions + self.nixosModules.quiet-boot + self.nixosModules.stylix + servicepoint-cli.nixosModules.default + servicepoint-simulator.nixosModules.default + servicepoint-tanks.nixosModules.default + stylix.nixosModules.stylix + # keep-sorted end + ]) + ++ additional-modules; } ); @@ -241,22 +339,5 @@ formatting = treefmt-eval.config.build.check self; } ); - - packages = forAllSystems ( - { ... }: - { - nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate { - system = "aarch64-linux"; - format = "proxmox-lxc"; - specialArgs = inputs // { - device = "nixos-aarch64-pxvirt-lxc-template"; - }; - modules = [ - self.nixosModules.global-settings - self.nixosModules.pxvirt-guest - ]; - }; - } - ); }; } diff --git a/nixosConfigurations/epimetheus/default.nix b/nixosConfigurations/epimetheus/default.nix deleted file mode 100644 index 02c6ae8..0000000 --- a/nixosConfigurations/epimetheus/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ self, ... }: -{ - imports = [ self.nixosModules.pxvirt-guest ]; - - config = { - - }; -} diff --git a/nixosConfigurations/forgejo-runner-1/default.nix b/nixosConfigurations/forgejo-runner-1/default.nix index a8adb69..f9d3c3f 100644 --- a/nixosConfigurations/forgejo-runner-1/default.nix +++ b/nixosConfigurations/forgejo-runner-1/default.nix @@ -1,9 +1,7 @@ -{ self, ... }: { imports = [ ./hardware.nix ./forgejo-runner.nix - self.nixosModules.podman ]; config = { diff --git a/nixosConfigurations/ronja-pc/default.nix b/nixosConfigurations/ronja-pc/default.nix index 7630611..dd22382 100644 --- a/nixosConfigurations/ronja-pc/default.nix +++ b/nixosConfigurations/ronja-pc/default.nix @@ -1,17 +1,11 @@ { config, pkgs, - self, ... }: { imports = [ ./hardware.nix - self.nixosModules.user-ronja - self.nixosModules.gnome - self.nixosModules.steam - self.nixosModules.wine-gaming - self.nixosModules.vinzenz-desktop-settings ]; config = { diff --git a/nixosConfigurations/vinzenz-lpt2/default.nix b/nixosConfigurations/vinzenz-lpt2/default.nix index 6145225..38e9a3f 100644 --- a/nixosConfigurations/vinzenz-lpt2/default.nix +++ b/nixosConfigurations/vinzenz-lpt2/default.nix @@ -1,15 +1,6 @@ -{ self, ... }: { imports = [ ./hardware.nix - self.nixosModules.user-vinzenz - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.vinzenz-desktop-settings - self.nixosModules.intel-graphics - self.nixosModules.secure-boot ]; config = { @@ -62,7 +53,5 @@ nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ]; - - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; }; } diff --git a/nixosConfigurations/vinzenz-pc2/default.nix b/nixosConfigurations/vinzenz-pc2/default.nix index 5f68511..23505b1 100644 --- a/nixosConfigurations/vinzenz-pc2/default.nix +++ b/nixosConfigurations/vinzenz-pc2/default.nix @@ -1,18 +1,9 @@ -{ pkgs, self, ... }: +{ pkgs, ... }: { imports = [ ./hardware.nix ./vscode-server.nix ./hass.nix - - self.nixosModules.user-vinzenz - self.nixosModules.gnome - self.nixosModules.wine-gaming - self.nixosModules.steam - self.nixosModules.podman - self.nixosModules.vinzenz-desktop-settings - self.nixosModules.amd-graphics - self.nixosModules.secure-boot ]; config = { @@ -36,6 +27,11 @@ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' ]; + users.users.ronja.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius'' + ]; + environment.systemPackages = with pkgs; [ lact ]; networking.firewall.allowedUDPPorts = [ diff --git a/nixosModules/global-settings-desktop.nix b/nixosModules/global-settings-desktop.nix deleted file mode 100644 index a92a5d2..0000000 --- a/nixosModules/global-settings-desktop.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - home-manager-users, - self, - home-manager, - servicepoint-cli, - servicepoint-simulator, - servicepoint-tanks, - stylix, - specialArgs, - ... -}: -{ - imports = [ - { - home-manager = { - extraSpecialArgs = specialArgs; - useGlobalPkgs = true; - useUserPackages = true; - }; - - time.timeZone = "Europe/Berlin"; - - home-manager.sharedModules = [ - { home.stateVersion = "22.11"; } - # keep-sorted start - self.homeModules.git - self.homeModules.gnome-extensions - self.homeModules.nano - self.homeModules.templates - self.homeModules.zsh-basics - self.homeModules.zsh-powerlevel10k - # keep-sorted end - ]; - - home-manager.users = home-manager-users; - } - - # keep-sorted start - home-manager.nixosModules.home-manager - self.nixosModules.en-de - self.nixosModules.firmware-updates - self.nixosModules.gnome - self.nixosModules.kdeconnect - self.nixosModules.modern-desktop - self.nixosModules.niri - self.nixosModules.nix-ld - self.nixosModules.pkgs-unstable - self.nixosModules.pkgs-vscode-extensions - self.nixosModules.quiet-boot - self.nixosModules.stylix - servicepoint-cli.nixosModules.default - servicepoint-simulator.nixosModules.default - servicepoint-tanks.nixosModules.default - stylix.nixosModules.stylix - # keep-sorted end - ]; -} diff --git a/nixosModules/global-settings.nix b/nixosModules/global-settings.nix deleted file mode 100644 index 77bddae..0000000 --- a/nixosModules/global-settings.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - device, - self, - lanzaboote, - zerforschen-plus, - ... -}: -{ - imports = [ - # keep-sorted start - lanzaboote.nixosModules.lanzaboote - self.nixosModules.allowed-unfree-list - self.nixosModules.autoupdate - self.nixosModules.default - self.nixosModules.extra-caches - self.nixosModules.globalinstalls - self.nixosModules.lix-is-nix - self.nixosModules.openssh - self.nixosModules.prometheus-node - self.nixosModules.systemd-boot - self.nixosModules.tailscale - zerforschen-plus.nixosModules.default - # keep-sorted end - ]; - - config = { - networking.hostName = device; - system = { - stateVersion = "22.11"; - autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git"; - }; - - nixpkgs.overlays = [ - self.overlays.unstable-packages - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - documentation = { - info.enable = false; # info pages and the info command - doc.enable = false; # documentation distributed in packages' /share/doc - }; - }; -} diff --git a/nixosModules/openssh.nix b/nixosModules/openssh.nix index 7ff8b18..ed24fe2 100644 --- a/nixosModules/openssh.nix +++ b/nixosModules/openssh.nix @@ -3,7 +3,7 @@ enable = true; openFirewall = true; settings = { - PermitRootLogin = "prohibit-password"; + PermitRootLogin = "without-password"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; diff --git a/nixosModules/pxvirt-guest.nix b/nixosModules/pxvirt-guest.nix deleted file mode 100644 index 067a0ec..0000000 --- a/nixosModules/pxvirt-guest.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ modulesPath, lib, ... }: -{ - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - - config = { - # TODO is this needed? - # nix.settings.sandbox = false; - - proxmoxLXC = { - manageNetwork = false; - privileged = false; - }; - - # Let Proxmox host handle fstrim - services.fstrim.enable = false; - - # TODO is this needed - # Cache DNS lookups to improve performance - services.resolved.extraConfig = '' - Cache=true - CacheFromLocalhost=true - ''; - - boot.loader.systemd-boot.enable = lib.mkForce false; - }; -}