vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:e04f33e50cc7c10603d42f816baa0c62aea189b4
Branches Tags
vinzenz:main
vinzenz:headscale
vinzenz:vpn1-wg
...
compare: vinzenz:33f5a07af15ee0db93c754fa909b4bfd87b78f60
Branches Tags
vinzenz:main
vinzenz:headscale
vinzenz:vpn1-wg

3 commits
e04f33e50c ... 33f5a07af1

Author SHA1 Message Date
Vinzenz Schroeter
33f5a07af1 generate pxvirt lxc template tar 2026-01-03 18:45:55 +01:00
Vinzenz Schroeter
6bfa995c4d move more stuf out of flake.nix 2026-01-03 18:44:59 +01:00
Vinzenz Schroeter
0bb0018450 move host specific module imports into hosts default.nix 2025-12-11 21:13:48 +01:00
11 changed files with 243 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

37
flake.lock generated
View file

@ -440,6 +440,42 @@
"type": "github" "type": "github"
} }
}, },
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764234087,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764522689, "lastModified": 1764522689,
@ -561,6 +597,7 @@
"niri": "niri", "niri": "niri",
"nix-filter": "nix-filter", "nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur", "nur": "nur",

157
flake.nix
View file

@ -31,6 +31,10 @@
url = "github:nix-community/nix-vscode-extensions"; url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";
inputs = { inputs = {
@ -80,7 +84,7 @@
}; };
outputs = outputs =
{ inputs@{
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
@ -88,6 +92,7 @@
lanzaboote, lanzaboote,
niri, niri,
nix-vscode-extensions, nix-vscode-extensions,
nixos-generators,
nixpkgs-unstable, nixpkgs-unstable,
servicepoint-cli, servicepoint-cli,
servicepoint-simulator, servicepoint-simulator,
@ -102,49 +107,18 @@
devices = { devices = {
vinzenz-lpt2 = { vinzenz-lpt2 = {
system = "x86_64-linux"; system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
];
home-manager-users = { home-manager-users = {
inherit (self.homeConfigurations) vinzenz; inherit (self.homeConfigurations) vinzenz;
}; };
}; };
vinzenz-pc2 = { vinzenz-pc2 = {
system = "x86_64-linux"; system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-vinzenz
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
];
home-manager-users = { home-manager-users = {
inherit (self.homeConfigurations) vinzenz ronja; inherit (self.homeConfigurations) vinzenz;
}; };
}; };
ronja-pc = { ronja-pc = {
system = "x86_64-linux"; system = "x86_64-linux";
additional-modules = [
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.vinzenz-desktop-settings
];
home-manager-users = { home-manager-users = {
inherit (self.homeConfigurations) ronja; inherit (self.homeConfigurations) ronja;
}; };
@ -154,7 +128,9 @@
}; };
forgejo-runner-1 = { forgejo-runner-1 = {
system = "aarch64-linux"; system = "aarch64-linux";
additional-modules = [ self.nixosModules.podman ]; };
epimetheus = {
system = "aarch64-linux";
}; };
}; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
@ -230,104 +206,30 @@
device, device,
system, system,
home-manager-users ? { }, home-manager-users ? { },
additional-modules ? [ ],
}: }:
let let
specialArgs = { specialArgs = inputs // {
inherit device; inherit device home-manager-users;
}; };
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;
modules = [ modules = [
{ {
networking.hostName = device; imports = [
./nixosConfigurations/${device}
self.nixosModules.global-settings
]
++ (lib.optionals (home-manager-users != { }) [
self.nixosModules.global-settings-desktop
]);
nixpkgs = { nixpkgs = {
inherit system; inherit system;
hostPlatform = lib.mkDefault system; hostPlatform = lib.mkDefault system;
}; };
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nixpkgs.overlays = [
self.overlays.unstable-packages
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
} }
];
./nixosConfigurations/${device}
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
]
++ (nixpkgs.lib.optionals (home-manager-users != { }) [
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
};
time.timeZone = "Europe/Berlin";
home-manager.sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
self.homeModules.zsh-powerlevel10k
# keep-sorted end
];
home-manager.users = home-manager-users;
}
# keep-sorted start
home-manager.nixosModules.home-manager
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-unstable
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
])
++ additional-modules;
} }
); );
@ -339,5 +241,22 @@
formatting = treefmt-eval.config.build.check self; formatting = treefmt-eval.config.build.check self;
} }
); );
packages = forAllSystems (
{ ... }:
{
nixos-aarch64-pxvirt-lxc-template = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "proxmox-lxc";
specialArgs = inputs // {
device = "nixos-aarch64-pxvirt-lxc-template";
};
modules = [
self.nixosModules.global-settings
self.nixosModules.pxvirt-guest
];
};
}
);
}; };
} }

8
nixosConfigurations/epimetheus/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ self, ... }:
{
imports = [ self.nixosModules.pxvirt-guest ];
config = {
};
}

2
nixosConfigurations/forgejo-runner-1/default.nix
View file

@ -1,7 +1,9 @@
{ self, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
./forgejo-runner.nix ./forgejo-runner.nix
self.nixosModules.podman
]; ];
config = { config = {

6
nixosConfigurations/ronja-pc/default.nix
View file

@ -1,11 +1,17 @@
{ {
config, config,
pkgs, pkgs,
self,
... ...
}: }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-ronja
self.nixosModules.gnome
self.nixosModules.steam
self.nixosModules.wine-gaming
self.nixosModules.vinzenz-desktop-settings
]; ];
config = { config = {

11
nixosConfigurations/vinzenz-lpt2/default.nix
View file

@ -1,6 +1,15 @@
{ self, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.intel-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
@ -53,5 +62,7 @@
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"mbedtls-2.28.10" "mbedtls-2.28.10"
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
} }

16
nixosConfigurations/vinzenz-pc2/default.nix
View file

@ -1,9 +1,18 @@
{ pkgs, ... }: { pkgs, self, ... }:
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
./vscode-server.nix ./vscode-server.nix
./hass.nix ./hass.nix
self.nixosModules.user-vinzenz
self.nixosModules.gnome
self.nixosModules.wine-gaming
self.nixosModules.steam
self.nixosModules.podman
self.nixosModules.vinzenz-desktop-settings
self.nixosModules.amd-graphics
self.nixosModules.secure-boot
]; ];
config = { config = {
@ -27,11 +36,6 @@
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
]; ];
users.users.ronja.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgN6J8KyVyQqBAz+y3drXDmIsxOPkdPB+ISgpIP9Eld Generated By Termius''
];
environment.systemPackages = with pkgs; [ lact ]; environment.systemPackages = with pkgs; [ lact ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [

57
nixosModules/global-settings-desktop.nix Normal file
View file

@ -0,0 +1,57 @@
{
home-manager-users,
self,
home-manager,
servicepoint-cli,
servicepoint-simulator,
servicepoint-tanks,
stylix,
specialArgs,
...
}:
{
imports = [
{
home-manager = {
extraSpecialArgs = specialArgs;
useGlobalPkgs = true;
useUserPackages = true;
};
time.timeZone = "Europe/Berlin";
home-manager.sharedModules = [
{ home.stateVersion = "22.11"; }
# keep-sorted start
self.homeModules.git
self.homeModules.gnome-extensions
self.homeModules.nano
self.homeModules.templates
self.homeModules.zsh-basics
self.homeModules.zsh-powerlevel10k
# keep-sorted end
];
home-manager.users = home-manager-users;
}
# keep-sorted start
home-manager.nixosModules.home-manager
self.nixosModules.en-de
self.nixosModules.firmware-updates
self.nixosModules.gnome
self.nixosModules.kdeconnect
self.nixosModules.modern-desktop
self.nixosModules.niri
self.nixosModules.nix-ld
self.nixosModules.pkgs-unstable
self.nixosModules.pkgs-vscode-extensions
self.nixosModules.quiet-boot
self.nixosModules.stylix
servicepoint-cli.nixosModules.default
servicepoint-simulator.nixosModules.default
servicepoint-tanks.nixosModules.default
stylix.nixosModules.stylix
# keep-sorted end
];
}

47
nixosModules/global-settings.nix Normal file
View file

@ -0,0 +1,47 @@
{
device,
self,
lanzaboote,
zerforschen-plus,
...
}:
{
imports = [
# keep-sorted start
lanzaboote.nixosModules.lanzaboote
self.nixosModules.allowed-unfree-list
self.nixosModules.autoupdate
self.nixosModules.default
self.nixosModules.extra-caches
self.nixosModules.globalinstalls
self.nixosModules.lix-is-nix
self.nixosModules.openssh
self.nixosModules.prometheus-node
self.nixosModules.systemd-boot
self.nixosModules.tailscale
zerforschen-plus.nixosModules.default
# keep-sorted end
];
config = {
networking.hostName = device;
system = {
stateVersion = "22.11";
autoUpgrade.flake = "git+https://git.berlin.ccc.de/vinzenz/nixos-configuration.git";
};
nixpkgs.overlays = [
self.overlays.unstable-packages
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
documentation = {
info.enable = false; # info pages and the info command
doc.enable = false; # documentation distributed in packages' /share/doc
};
};
}

2
nixosModules/openssh.nix
View file

@ -3,7 +3,7 @@
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
PermitRootLogin = "without-password"; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
}; };

26
nixosModules/pxvirt-guest.nix Normal file
View file

@ -0,0 +1,26 @@
{ modulesPath, lib, ... }:
{
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
config = {
# TODO is this needed?
# nix.settings.sandbox = false;
proxmoxLXC = {
manageNetwork = false;
privileged = false;
};
# Let Proxmox host handle fstrim
services.fstrim.enable = false;
# TODO is this needed
# Cache DNS lookups to improve performance
services.resolved.extraConfig = ''
Cache=true
CacheFromLocalhost=true
'';
boot.loader.systemd-boot.enable = lib.mkForce false;
};
}