diff --git a/flake.nix b/flake.nix index fbea410..0fe13d8 100644 --- a/flake.nix +++ b/flake.nix @@ -2,112 +2,36 @@ description = "Complete system and home config"; inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; nur.url = "github:nix-community/nur"; + }; outputs = { self, nixpkgs, home-manager, ... }@inputs: { nixosConfigurations = { - nova = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - networking.hostName = "nova"; - } - ./system - ./system/alt.nix - ./system/btrbk.nix - ./system/cast.nix - ./system/desktop.nix - ./system/ergodox.nix - ./system/gnome.nix - ./system/guest.nix - ./system/hardware/nova.nix - ./system/plasma.nix - ./system/steam.nix - ./system/yubikey.nix - # ./system/distrobox.nix - ]; - }; - - tron = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - networking.hostName = "tron"; - } - ./system - ./system/desktop.nix - ./system/hardware/tron.nix - ./system/gnome.nix - ./system/btrbk.nix - ./system/yubikey.nix - ]; - }; - - romulus = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - networking.hostName = "romulus"; - environment.systemPackages = [ - nixpkgs.wl-clipboard - ]; - programs.sway.enable = true; - security.rtkit.enable = true; - } - ./system - ./system/desktop.nix - ./system/hardware/romulus.nix - ]; - }; - arielle = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; - modules = [ - { - networking.hostName = "arielle"; - networking.domain = "ktiu.net"; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - } - ./system/hardware/arielle.nix - ./system - ./system/web-server - - #infrastructure - ./system/web-server/mail - ./system/web-server/radicale.nix - ./system/web-server/outline.nix - ./system/web-server/forgejo.nix - # ./system/web-server/jenkins.nix - - # web hosting - ./system/web-server/oopsidentify.nix - ./system/web-server/fundkorb-button.nix - ./system/web-server/ksh-map.nix - ]; + modules = [ ./hosts/arielle ]; }; homer = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; - modules = [ - { - networking.hostName = "homer"; - } - ./system - ./system/desktop.nix - ./system/hardware/homer.nix - ./system/gnome.nix - ./system/steam.nix - ./system/remote-desktop.nix - ./system/media.nix - ./system/guest.nix - ]; + modules = [ ./hosts/homer ]; + }; + + mila = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ ./hosts/mila ]; + }; + + nova = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ ./hosts/nova ]; }; }; diff --git a/home/firefox.nix b/home/firefox.nix index 8c7898b..f51e776 100644 --- a/home/firefox.nix +++ b/home/firefox.nix @@ -72,8 +72,7 @@ definedAliases = [ "@no" ]; }; "Home manager options" = { - # urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-${osConfig.system.nixos.release}"; }]; - urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-25.05"; }]; + urls = [{ template = "https://home-manager-options.extranix.com/?query={searchTerms}&release=release-${osConfig.system.nixos.release}"; }]; icon = "https://mipmip.github.io/home-manager-option-search/images/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; definedAliases = [ "@hm" ]; diff --git a/home/fish.nix b/home/fish.nix index f8c7d2b..3e65ddb 100644 --- a/home/fish.nix +++ b/home/fish.nix @@ -1,7 +1,10 @@ -{ config, pkgs, ... }: +{ config, ... }: + { + home.shellAliases = { - top = "btm --battery"; + top = "btm --battery"; + du = "dust"; ymd = "date +'%Y-%m-%d'"; dmy = "date +'%-d.-%-m.%Y'"; v = "nvim"; @@ -9,12 +12,13 @@ R = "R --no-save --no-restore"; cdg = "cd \$(git rev-parse --show-toplevel)"; }; + programs.fish = { + enable = true; + interactiveShellInit = "fish_add_path ${config.xdg.dataHome}/npm/packages/bin"; - shellAbbrs = { - openconnect = "openconnect --config=/home/till/.config/openconnect/config"; - }; + shellInit = '' set -gx EDITOR "nvim" set -gx VISUAL "nvim" diff --git a/home/gpg.nix b/home/gpg.nix index 9563388..356cf21 100644 --- a/home/gpg.nix +++ b/home/gpg.nix @@ -1,6 +1,11 @@ { config, pkgs, ... }: { + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-gnome3; + enableSSHSupport = true; + }; programs.gpg.settings = { no-emit-version = true; @@ -23,5 +28,4 @@ ''; target = "../.gnupg/scdaemon.conf"; }; - } diff --git a/home/mail/default.nix b/home/mail/default.nix index 0285349..db101f8 100644 --- a/home/mail/default.nix +++ b/home/mail/default.nix @@ -225,7 +225,7 @@ enable = true; extraConfig.from = "kein_schlussstrich_hessen@systemli.org"; }; - passwordCommand = "secret-tool lookup server mail.systemli.org account kein_schlussstrich_hessen@systemli.org"; + passwordCommand = "pass other/ksh_systemli"; }; }; diff --git a/home/nvim/autocommands.vim b/home/nvim/autocommands.vim index 09fee23..354e037 100644 --- a/home/nvim/autocommands.vim +++ b/home/nvim/autocommands.vim @@ -9,9 +9,3 @@ augroup netrw autocmd! autocmd FileType netrw setl bufhidden=wipe augroup end - -augroup repl - autocmd! - autocmd TermOpen * setlocal nonumber norelativenumber - autocmd TermOpen * nmap Q :bdelete! -augroup end diff --git a/home/ssh.nix b/home/ssh.nix index 181ccca..bb4e147 100644 --- a/home/ssh.nix +++ b/home/ssh.nix @@ -1,4 +1,13 @@ -{ config, ... }: +{ config, osConfig, ... }: + +let + + certs = { + uni = "${config.home.homeDirectory}/.ssh/tstraube@${osConfig.networking.hostname}"; + personal = "${config.home.homeDirectory}/.ssh/till@${osConfig.networking.hostname}"; + }; + +in { programs.ssh = { @@ -8,18 +17,48 @@ matchBlocks = { - gu = { + "hrz login.server.uni-frankfurt.de" = { hostname = "login.server.uni-frankfurt.de"; user = "tstraube"; - identityFile = "${config.home.homeDirectory}/.ssh/tstraube"; + identityFile = certs.uni; }; - geocom = { - hostname = "geocom.uni-frankfurt.de"; - user = "till"; - identityFile = "${config.home.homeDirectory}/.ssh/tstraube"; + geocom3 = { + hostname = "141.2.194.220"; + user = "tstraube"; + identityFile = certs.uni; }; + geocom2 = { + hostname = "141.2.194.235"; + user = "till"; + identityFile = certs.uni; + }; + + "gitlab gitlab.rz.uni-frankfurt.de" = { + hostname = "gitlab.rz.uni-frankfurt.de"; + user = "tstraube"; + identityFile = certs.uni; + }; + + "arielle arielle.ktiu.net" = { + hostname = "arielle.ktiu.net"; + user = "till"; + identityFile = certs.personal; + }; + + "homer fernseher" = { + hostname = "homer"; + user = "till"; + identityFile = certs.personal; + }; + + # "mila" = { + # hostname = "mila"; + # user = "till"; + # identityFile = certs.personal; + # }; + }; }; } diff --git a/hosts/arielle/default.nix b/hosts/arielle/default.nix new file mode 100644 index 0000000..1c6bee4 --- /dev/null +++ b/hosts/arielle/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + networking.hostName = "arielle"; + networking.domain = "ktiu.net"; + + imports = [ + ./hardware + ../system + ../system/web-server + ../system/mail-server + ]; +} diff --git a/hosts/arielle/hardware.nix b/hosts/arielle/hardware.nix new file mode 100644 index 0000000..7d2b330 --- /dev/null +++ b/hosts/arielle/hardware.nix @@ -0,0 +1,28 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/087544b8-4941-436b-be6c-e32bc3787b12"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/9408a2ce-646d-406e-8407-c9bafd0a728c"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/homer/default.nix b/hosts/homer/default.nix new file mode 100644 index 0000000..0182d7a --- /dev/null +++ b/hosts/homer/default.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + networking.hostName = "homer"; + + imports = [ + ./hardware.nix + ../system + ../system/desktop + ../system/desktop/gnome.nix + ../system/desktop/steam.nix + ../system/desktop/remote-desktop.nix + ../system/media-server.nix + ../users/guest.nix + ]; +} diff --git a/system/hardware/homer.nix b/hosts/homer/hardware.nix similarity index 67% rename from system/hardware/homer.nix rename to hosts/homer/hardware.nix index 305cffa..a18ff94 100644 --- a/system/hardware/homer.nix +++ b/hosts/homer/hardware.nix @@ -1,13 +1,13 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { - imports = - [ (modulesPath + "/hardware/network/broadcom-43xx.nix") - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; @@ -53,14 +53,12 @@ ]; }; - swapDevices = [ ]; + swapDevices = [{ + device = "/swapfile"; + size = 8 * 1045; + }]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/mila/default.nix b/hosts/mila/default.nix new file mode 100644 index 0000000..4bc882d --- /dev/null +++ b/hosts/mila/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + networking.hostname = "mila"; + + imports = [ + ./hardware.nix + ../system + ../system/desktop + ../system/desktop/gnome.nix + ]; +} diff --git a/hosts/nova/default.nix b/hosts/nova/default.nix new file mode 100644 index 0000000..1e653f3 --- /dev/null +++ b/hosts/nova/default.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + networking.hostName = "nova"; + + imports = [ + ./hardware.nix + ../users/alt.nix + ../users/guest.nix + ../system + ../system/desktop + ../system/desktop/gnome.nix + # ../system/desktop/cast.nix + ../system/desktop/ergodox.nix + ../system/desktop/steam.nix + ../system/desktop/yubikey.nix + ]; +} diff --git a/system/hardware/nova.nix b/hosts/nova/hardware.nix similarity index 82% rename from system/hardware/nova.nix rename to hosts/nova/hardware.nix index 7a860bc..a23e271 100644 --- a/system/hardware/nova.nix +++ b/hosts/nova/hardware.nix @@ -10,6 +10,9 @@ in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" "v4l2loopback" ]; @@ -24,15 +27,6 @@ in options = [ "subvol=root" "compress=zstd" "discard=async" ]; }; - # the following subvolumes are automatically mounted and won't be snapshotted: - # /home/till/.local/share/Steam - # /home/till/.local/share/Trash - # /home/till/.cache - # /home/till/tmp - # /home/till/.mozilla/firefox/till/storage - # /home/till/.config/Mattermost/Cache - # /home/till/.config/Mattermost/Code\ Cache - fileSystems."/nix" = subvolume // { options = [ "subvol=nix" "compress=zstd" "noatime" "discard=async" ]; }; diff --git a/system/alt.nix b/system/alt.nix deleted file mode 100644 index 726c48b..0000000 --- a/system/alt.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -{ - users.users.alt = { - home = "/home/alt"; - isSystemUser = true; - group = "users"; - description = "Alt"; - extraGroups = [ - "networkmanager" - ]; - shell = pkgs.fish; - }; -} diff --git a/system/btrbk.nix b/system/btrbk.nix deleted file mode 100644 index 0981e09..0000000 --- a/system/btrbk.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.btrbk = { - instances.btrbk = { - onCalendar = "hourly"; - settings = { - subvolume = "/home"; - snapshot_preserve = "40d"; - snapshot_preserve_min = "4d"; - snapshot_dir = "/btrbk_snapshots"; - target = "/run/media/till/backup/${config.networking.hostName}"; - target_preserve_min = "no"; - target_preserve = "10d 10w 24m"; - }; - }; - }; -} diff --git a/system/cosmic.nix b/system/cosmic.nix deleted file mode 100644 index e6ffb66..0000000 --- a/system/cosmic.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.desktopManager.cosmic.enable = true; -} diff --git a/system/default.nix b/system/default.nix index 1a3827a..f885e18 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,6 +1,14 @@ { config, pkgs, ... }: { + imports = [ + ../users/till.nix + ]; + + networking.networkmanager.enable = true; + users.mutableUsers = true; + time.timeZone = "Europe/Berlin"; + programs.fish.enable = true; nix = { settings.experimental-features = [ "nix-command" "flakes" ]; @@ -9,22 +17,6 @@ optimise.automatic = true; }; - time.timeZone = "Europe/Berlin"; - - programs.fish.enable = true; - - users.mutableUsers = true; - - users.users.till = { - isNormalUser = true; - description = "Till"; - extraGroups = [ "wheel" ]; - shell = pkgs.fish; - openssh.authorizedKeys.keyFiles = [ - ./ssh/till${"@"}nova.pub - ]; - }; - environment.systemPackages = with pkgs; [ dig.dnsutils file @@ -32,19 +24,20 @@ htop killall neovim + netutils pwgen tree unzip wget ]; - services = { - ntp.enable = true; - openssh.enable = true; - openssh.settings.PasswordAuthentication = false; - openssh.settings.PermitRootLogin = "no"; + services.ntp.enable = true; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.PermitRootLogin = "no"; }; system.stateVersion = "22.11"; - } diff --git a/system/desktop/btrbk.nix b/system/desktop/btrbk.nix new file mode 100644 index 0000000..22b03b3 --- /dev/null +++ b/system/desktop/btrbk.nix @@ -0,0 +1,16 @@ +{ config, ... }: + +{ + services.btrbk.instances.btrbk = { + onCalendar = "hourly"; + settings = { + subvolume = "/home"; + snapshot_preserve = "40d"; + snapshot_preserve_min = "4d"; + snapshot_dir = "/btrbk_snapshots"; + target = "/run/media/till/backup/${config.networking.hostName}"; + target_preserve_min = "no"; + target_preserve = "10d 10w 24m"; + }; + }; +} diff --git a/system/cast.nix b/system/desktop/cast.nix similarity index 100% rename from system/cast.nix rename to system/desktop/cast.nix diff --git a/system/desktop.nix b/system/desktop/default.nix similarity index 85% rename from system/desktop.nix rename to system/desktop/default.nix index 739ab74..a24f2e8 100644 --- a/system/desktop.nix +++ b/system/desktop/default.nix @@ -3,12 +3,9 @@ { imports = [ ./interception-tools.nix - ./secrets.nix + ./btrbk.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - networking.networkmanager = { enable = true; plugins = with pkgs; [ networkmanager-openvpn ]; @@ -20,12 +17,6 @@ LC_PAPER = "de_DE.UTF-8"; }; - users.users.till = { - extraGroups = [ - "networkmanager" - ]; - }; - services.pulseaudio.enable = false; services.pipewire = { diff --git a/system/ergodox.nix b/system/desktop/ergodox-udev.nix similarity index 50% rename from system/ergodox.nix rename to system/desktop/ergodox-udev.nix index bd4e09d..54a8db9 100644 --- a/system/ergodox.nix +++ b/system/desktop/ergodox-udev.nix @@ -1,9 +1,7 @@ -{ config, pkgs, ... }: +{ ... }: { - services.udev = { - extraRules = '' + services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="wheel" - ''; - }; + ''; } diff --git a/system/gnome.nix b/system/desktop/gnome.nix similarity index 81% rename from system/gnome.nix rename to system/desktop/gnome.nix index 565bdff..e1e463a 100644 --- a/system/gnome.nix +++ b/system/desktop/gnome.nix @@ -9,13 +9,13 @@ defaultSession = "gnome"; }; - environment.gnome.excludePackages = (with pkgs; [ + environment.gnome.excludePackages = with pkgs; [ gnome-tour geary yelp gnome-contacts gnome-initial-setup - ]); + ]; environment.systemPackages = with pkgs; [ gnome-sound-recorder @@ -24,12 +24,10 @@ ]; services.gnome.gnome-browser-connector.enable = true; - - services.gnome.gnome-keyring.enable = lib.mkForce false; + # services.gnome.gnome-keyring.enable = lib.mkForce false; programs.kdeconnect = { enable = true; package = lib.mkForce pkgs.gnomeExtensions.gsconnect; }; - } diff --git a/system/interception-tools.nix b/system/desktop/interception-tools.nix similarity index 100% rename from system/interception-tools.nix rename to system/desktop/interception-tools.nix diff --git a/system/media.nix b/system/desktop/media.nix similarity index 100% rename from system/media.nix rename to system/desktop/media.nix diff --git a/system/desktop/remote-desktop.nix b/system/desktop/remote-desktop.nix new file mode 100644 index 0000000..4feb26c --- /dev/null +++ b/system/desktop/remote-desktop.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + services.gnome.gnome-remote-desktop.enable = true; +} diff --git a/system/yubikey.nix b/system/desktop/yubikey-pam.nix similarity index 83% rename from system/yubikey.nix rename to system/desktop/yubikey-pam.nix index cbe1417..b7bc143 100644 --- a/system/yubikey.nix +++ b/system/desktop/yubikey-pam.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: { - services.pcscd.enable = true; environment.systemPackages = with pkgs; [ @@ -20,9 +19,8 @@ # ''; }; - security.pam.services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - }; - + # security.pam.services = { + # login.u2fAuth = true; + # sudo.u2fAuth = true; + # }; } diff --git a/system/distrobox.nix b/system/distrobox.nix deleted file mode 100644 index 2cc4904..0000000 --- a/system/distrobox.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - dockerCompat = true; - }; - - environment.systemPackages = [ pkgs.distrobox ]; -} diff --git a/system/hardware/arielle.nix b/system/hardware/arielle.nix deleted file mode 100644 index db82c88..0000000 --- a/system/hardware/arielle.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/087544b8-4941-436b-be6c-e32bc3787b12"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/9408a2ce-646d-406e-8407-c9bafd0a728c"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/system/hardware/ernst.nix b/system/hardware/ernst.nix deleted file mode 100644 index 42947cd..0000000 --- a/system/hardware/ernst.nix +++ /dev/null @@ -1,33 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "ums_realtek" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/35ee7723-47bd-49de-b211-73550c14d765"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/system/hardware/romulus.nix b/system/hardware/romulus.nix deleted file mode 100644 index 8307f61..0000000 --- a/system/hardware/romulus.nix +++ /dev/null @@ -1,58 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/d9731b0f-57a1-42ba-b9bd-92e225df5bc2"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/d1bb3d19-d95f-4486-8350-2f3a5b473881"; - - fileSystems."/swap" = - { device = "/dev/disk/by-uuid/d9731b0f-57a1-42ba-b9bd-92e225df5bc2"; - fsType = "btrfs"; - options = [ "subvol=swap" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/d9731b0f-57a1-42ba-b9bd-92e225df5bc2"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/d9731b0f-57a1-42ba-b9bd-92e225df5bc2"; - fsType = "btrfs"; - options = [ "subvol=nix" "noatime" "compress=zstd" ]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/EB36-69BF"; - fsType = "vfat"; - }; - - swapDevices = [ { device = "/swap/swapfile"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/system/hardware/tron.nix b/system/hardware/tron.nix deleted file mode 100644 index 3e36c00..0000000 --- a/system/hardware/tron.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -let - subvolume = { - # device = "/dev/disk/by-uuid/6a0d25d4-0253-4467-85cc-ab3e0ef71f54"; - fsType = "btrfs"; - }; -in - -{ - - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; - - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "v4l2loopback" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; - - boot.initrd.luks.devices."cryptroot" = { - # device = "/dev/disk/by-uuid/eaad533f-8586-4002-9c53-5aecf8e7abd8"; - allowDiscards = true; - }; - - fileSystems."/" = subvolume // { - options = [ "subvol=root" "compress=zstd" "discard=async" ]; - }; - - # the following subvolumes are automatically mounted and won't be snapshotted: - # /home/till/.local/share/Steam - # /home/till/.local/share/Trash - # /home/till/.cache - # /home/till/tmp - # /home/till/.mozilla/firefox/till/storage - # /home/till/.config/Mattermost/Cache - # /home/till/.config/Mattermost/Code\ Cache - - fileSystems."/nix" = subvolume // { - options = [ "subvol=nix" "compress=zstd" "noatime" "discard=async" ]; - }; - - fileSystems."/home" = subvolume // { - options = [ "subvol=home" "compress=zstd" "discard=async" ]; - }; - - fileSystems."/boot" = { - # device = "/dev/disk/by-uuid/7362-C4C4"; - fsType = "vfat"; - }; - - swapDevices = [{ - device = "/swapfile"; - size = 8 * 1045; - }]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.trackpoint.enable = true; - boot.kernelParams = [ "psmouse.elantech_smbus=0" ]; - -} diff --git a/system/hyprland.nix b/system/hyprland.nix deleted file mode 100644 index af157b3..0000000 --- a/system/hyprland.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: - -{ - programs.uwsm.enable = true; - - programs.hyprland = { - enable = true; - withUWSM = true; - }; - - programs.waybar.enable = true; - - environment.systemPackages = with pkgs; [ - swaynotificationcenter - tofi - ]; -} diff --git a/system/web-server/mail/default.nix b/system/mail-server/default.nix similarity index 100% rename from system/web-server/mail/default.nix rename to system/mail-server/default.nix diff --git a/system/web-server/mail/dkim.nix b/system/mail-server/dkim.nix similarity index 100% rename from system/web-server/mail/dkim.nix rename to system/mail-server/dkim.nix diff --git a/system/web-server/mail/dovecot.nix b/system/mail-server/dovecot.nix similarity index 100% rename from system/web-server/mail/dovecot.nix rename to system/mail-server/dovecot.nix diff --git a/system/web-server/mail/postfix.nix b/system/mail-server/postfix.nix similarity index 100% rename from system/web-server/mail/postfix.nix rename to system/mail-server/postfix.nix diff --git a/system/web-server/mail/roundcube.nix b/system/mail-server/roundcube.nix similarity index 100% rename from system/web-server/mail/roundcube.nix rename to system/mail-server/roundcube.nix diff --git a/system/plasma.nix b/system/plasma.nix deleted file mode 100644 index f62e344..0000000 --- a/system/plasma.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.desktopManager.plasma6.enable = true; -} diff --git a/system/remote-desktop.nix b/system/remote-desktop.nix deleted file mode 100644 index 43e66c1..0000000 --- a/system/remote-desktop.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.gnome.gnome-remote-desktop.enable = true -} diff --git a/system/secrets.nix b/system/secrets.nix deleted file mode 100644 index 98d5838..0000000 --- a/system/secrets.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: - -{ - - programs.gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-gnome3; - enableSSHSupport = true; - settings = { - # disable-scdaemon = ""; - }; - }; - -} diff --git a/system/steam.nix b/system/steam.nix deleted file mode 100644 index 781e12e..0000000 --- a/system/steam.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, pkgs, ... }: - -{ - programs.steam.enable = true; -} diff --git a/system/sway.nix b/system/sway.nix deleted file mode 100644 index 609c87d..0000000 --- a/system/sway.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, ... }: - -{ - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - - programs.waybar.enable = true; - - services.gnome.gnome-keyring.enable = true; - - environment.systemPackages = with pkgs; [ - grim - slurp - wl-clipboard - swaynotificationcenter - tofi - ]; -} diff --git a/system/web-server/default.nix b/system/web-server/default.nix index 6081eb1..2138020 100644 --- a/system/web-server/default.nix +++ b/system/web-server/default.nix @@ -1,64 +1,16 @@ -{ config, pkgs, ... }: +{ ... }: { - nixpkgs.config.allowUnfree = true; + imports = [ + ./nginx.nix + ./letsencrypt.nix - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts = { - - "${config.networking.domain}" = { - onlySSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - return = "200 'This domain used for e-mail hosting only.'"; - extraConfig = '' - add_header Content-Type text/plain; - ''; - }; - }; - - "${config.networking.fqdn}-80" = { - serverAliases = [ - "*.ktiu.net" - "*.t9e.me" - ]; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; - }; - locations."/" = { - return = "301 https://$host$request_uri"; - }; - }; - - "${config.networking.fqdn}" = { - onlySSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - return = "404"; - }; - }; - - }; - - }; - - security.acme = { - - acceptTerms = true; - defaults.email = "till@ktiu.net"; - - certs."${config.networking.domain}" = { - domain = config.networking.domain; - webroot = "/var/lib/acme/.challenges"; - group = config.services.nginx.group; - extraDomainNames = [ config.networking.fqdn ]; - }; - }; + ./forgejo.nix + ./outline.nix + ./radicale.nix + # ./ksh.nix + ./ksh-map.nix + ./oopsidenfiy.nix + ]; } diff --git a/system/web-server/jenkins.nix b/system/web-server/jenkins.nix deleted file mode 100644 index e9b5e4d..0000000 --- a/system/web-server/jenkins.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.jenkins = { - enable = true; - port = 7401; - }; - - security.acme.certs."${config.networking.domain}".extraDomainNames = [ - "jenkins.${config.networking.domain}" - ]; - - services.nginx.virtualHosts = { - "jenkins.${config.networking.domain}" = { - onlySSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.jenkins.port}"; - proxyWebsockets = true; - }; - }; - }; -} diff --git a/system/web-server/kein-schlussstrich-hessen.org b/system/web-server/ksh.nix similarity index 98% rename from system/web-server/kein-schlussstrich-hessen.org rename to system/web-server/ksh.nix index 892afb8..a7c182e 100644 --- a/system/web-server/kein-schlussstrich-hessen.org +++ b/system/web-server/ksh.nix @@ -11,7 +11,7 @@ serverAliases = [ "www.kein-schlussstrich-hessen.de" "www.kein-schlussstrich-hessen.org" - ] + ]; globalRedirect = "kein-schlussstrich-hessen.org"; enableACME = true; }; diff --git a/system/web-server/letsencrypt.nix b/system/web-server/letsencrypt.nix new file mode 100644 index 0000000..7e99212 --- /dev/null +++ b/system/web-server/letsencrypt.nix @@ -0,0 +1,29 @@ +{ config, ... }: + +{ + security.acme = { + acceptTerms = true; + defaults.email = "till@ktiu.net"; + certs."${config.networking.domain}" = { + domain = config.networking.domain; + webroot = "/var/lib/acme/.challenges"; + group = config.services.nginx.group; + extraDomainNames = [ config.networking.fqdn ]; + }; + }; + + services.nginx.virtualHosts = { + "${config.networking.fqdn}-80" = { + serverAliases = [ + "*.ktiu.net" + "*.t9e.me" + ]; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + return = "301 https://$host$request_uri"; + }; + }; + }; +} diff --git a/system/web-server/nginx.nix b/system/web-server/nginx.nix new file mode 100644 index 0000000..d891acf --- /dev/null +++ b/system/web-server/nginx.nix @@ -0,0 +1,34 @@ +{ config, ... }: + +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + + "${config.networking.domain}" = { + onlySSL = true; + useACMEHost = config.networking.domain; + locations."/" = { + return = "200 'This domain used for e-mail hosting only.'"; + extraConfig = '' + add_header Content-Type text/plain; + ''; + }; + }; + + "${config.networking.fqdn}" = { + onlySSL = true; + useACMEHost = config.networking.domain; + locations."/" = { + return = "404"; + }; + }; + + }; + }; +} diff --git a/system/web-server/outline.nix b/system/web-server/outline.nix index 5840033..f82fa0c 100644 --- a/system/web-server/outline.nix +++ b/system/web-server/outline.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: { + # imports = [ ./dex.nix ]; # environment.systemPackages = with pkgs; [ # openssl diff --git a/system/xfce.nix b/system/xfce.nix deleted file mode 100644 index 59f9f76..0000000 --- a/system/xfce.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.xserver.enable = true; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.desktopManager.xfce.enable = true; -} diff --git a/template.nix b/template.nix new file mode 100644 index 0000000..da77699 --- /dev/null +++ b/template.nix @@ -0,0 +1,7 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ]; + +} diff --git a/system/ssh/till@nova.pub b/till@nova.pub similarity index 100% rename from system/ssh/till@nova.pub rename to till@nova.pub diff --git a/users/alt.nix b/users/alt.nix new file mode 100644 index 0000000..94ce7e8 --- /dev/null +++ b/users/alt.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + users.users.alt = { + isNormalUser = true; + description = "Alt"; + extraGroups = [ "networkmanager" ]; + shell = pkgs.fish; + }; +} diff --git a/system/guest.nix b/users/guest.nix similarity index 58% rename from system/guest.nix rename to users/guest.nix index 4d4e88a..a3485b6 100644 --- a/system/guest.nix +++ b/users/guest.nix @@ -2,16 +2,12 @@ { users.users.guest = { - home = "/home/guest"; isNormalUser = true; - group = "users"; description = "Guest"; - extraGroups = [ - "networkmanager" - ]; + extraGroups = [ "networkmanager" ]; shell = pkgs.fish; openssh.authorizedKeys.keyFiles = [ - ./ssh/till${"@"}nova.pub + ../../till${"@"}nova.pub ]; }; } diff --git a/users/till.nix b/users/till.nix new file mode 100644 index 0000000..7f94dad --- /dev/null +++ b/users/till.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +{ + users.users.till = { + isNormalUser = true; + description = "Till"; + extraGroups = [ + "wheel" + "networkmanager" + ]; + shell = pkgs.fish; + openssh.authorizedKeys.keyFiles = [ + ../../till${"@"}nova.pub + ]; + }; +}