From 82815bd863f7419841c7b508c14c3ab0baef2423 Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Mon, 22 Apr 2024 04:57:27 +0200 Subject: [PATCH] 5 am --- README.md | 8 ++++ common/default.nix | 49 +++++++------------------ common/hardware/btrfs.nix | 7 ++++ common/hardware/raspberry-pi.nix | 2 + common/locales/paris.nix | 3 ++ common/packages/git.nix | 17 +++++++++ common/packages/steam.nix | 7 ++++ hosts/enry/configuration.nix | 18 ++------- hosts/new-new-phoenix/configuration.nix | 19 ++-------- hosts/new-phoenix/configuration.nix | 22 ++--------- hosts/phoenix/configuration.nix | 28 ++------------ hosts/stuff/configuration.nix | 9 ++--- hosts/theseus/configuration.nix | 33 +++-------------- 13 files changed, 82 insertions(+), 140 deletions(-) create mode 100644 common/hardware/btrfs.nix create mode 100644 common/locales/paris.nix create mode 100644 common/packages/git.nix create mode 100644 common/packages/steam.nix diff --git a/README.md b/README.md index d03a573..0d47e37 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,14 @@ Build a configuration: `# nixos-rebuild switch --flake .#phoenix` Build enry and upload a generation: TODO +### git + +generate an ssh key: `ssh-keygen -t ed25519` + +add to ssh-agent: `ssh-add .ssh/id_ed25519` + +add to git: `git config --global user.signingkey ~/.ssh/id_ed25519` + # Hosts ## theseus diff --git a/common/default.nix b/common/default.nix index 178615a..0fc8044 100644 --- a/common/default.nix +++ b/common/default.nix @@ -9,25 +9,15 @@ imports = [ ./packages/neovim.nix ./packages/zsh.nix + ./packages/git.nix + ./locales/paris.nix ]; nixpkgs = { - # You can add overlays here overlays = [ - # Add overlays your own flake exports (from overlays and pkgs dir): outputs.overlays.additions outputs.overlays.modifications outputs.overlays.unstable-packages - - # You can also add overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) ]; }; @@ -53,47 +43,31 @@ auto-optimise-store = true; }; + # systemd-boot boot.loader = { systemd-boot.enable = true; - efi.canTouchEfiVariables = true; }; - # Set your time zone. - time.timeZone = "Europe/Paris"; - - services.fwupd.enable = true; - - services.tailscale.enable = true; - networking = { networkmanager.enable = true; firewall = { enable = true; - trustedInterfaces = ["tailscale0"]; }; }; + # sudo and nix can only be used by the wheel group nix.settings.allowed-users = ["@wheel"]; security.sudo.execWheelOnly = true; - programs.git = { + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { enable = true; - config = { - user = { - name = "Tasia Iso"; - email = "tasiaiso@proton.me"; - gpg.format = "ssh"; - commit.gpgsign = "true"; - # git config --global user.signingkey ~/.ssh/id_ed25519 - }; - - init = { - defaultBranch = "master"; - }; - }; + enableSSHSupport = true; }; environment.systemPackages = with pkgs; [ @@ -111,4 +85,9 @@ file ffmpeg ]; + + services = { + fwupd.enable = true; + tailscale.enable = true; + }; } diff --git a/common/hardware/btrfs.nix b/common/hardware/btrfs.nix new file mode 100644 index 0000000..c304bb0 --- /dev/null +++ b/common/hardware/btrfs.nix @@ -0,0 +1,7 @@ +{lib, ...}: { + services.btrfs.autoScrub = { + enable = true; + interval = "weekly"; + fileSystems = lb.mkDefault ["/"]; + }; +} diff --git a/common/hardware/raspberry-pi.nix b/common/hardware/raspberry-pi.nix index 3be59c2..1bc904e 100644 --- a/common/hardware/raspberry-pi.nix +++ b/common/hardware/raspberry-pi.nix @@ -1,4 +1,6 @@ {lib, ...}: { + # Raspberry PI 3 B+ + # Disable systemd-boot boot.loader = { systemd-boot = { diff --git a/common/locales/paris.nix b/common/locales/paris.nix new file mode 100644 index 0000000..c955eaa --- /dev/null +++ b/common/locales/paris.nix @@ -0,0 +1,3 @@ +{ + time.timeZone = "Europe/Paris"; +} diff --git a/common/packages/git.nix b/common/packages/git.nix new file mode 100644 index 0000000..c34afd2 --- /dev/null +++ b/common/packages/git.nix @@ -0,0 +1,17 @@ +{ + programs.git = { + enable = true; + config = { + user = { + name = "Tasia Iso"; + email = "tasiaiso@proton.me"; + gpg.format = "ssh"; + commit.gpgsign = "true"; + }; + + init = { + defaultBranch = "master"; + }; + }; + }; +} diff --git a/common/packages/steam.nix b/common/packages/steam.nix new file mode 100644 index 0000000..fd8630d --- /dev/null +++ b/common/packages/steam.nix @@ -0,0 +1,7 @@ +{ + programs.steam = { + enable = true; + remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server + }; +} diff --git a/hosts/enry/configuration.nix b/hosts/enry/configuration.nix index 02a305d..50a64ec 100644 --- a/hosts/enry/configuration.nix +++ b/hosts/enry/configuration.nix @@ -8,19 +8,15 @@ ../../common/default.nix ../../common/hardware/raspberry-pi.nix + ../../common/packages/sshd.nix + ../../modules/nixos/vedirect-reader.nix ]; networking = { hostName = "enry"; - - firewall.enable = true; - # firewall.allowedTCPPorts = [8080 12345 13378]; - # firewall.allowedUDPPorts = [8080]; }; - # services.vedirect-reader.enable = true; - users.users.user = { isNormalUser = true; description = "User"; @@ -32,18 +28,12 @@ ]; }; - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; - environment.systemPackages = with pkgs; [ # ]; + # services.vedirect-reader.enable = true; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "23.11"; } diff --git a/hosts/new-new-phoenix/configuration.nix b/hosts/new-new-phoenix/configuration.nix index 35bd12c..4869c80 100644 --- a/hosts/new-new-phoenix/configuration.nix +++ b/hosts/new-new-phoenix/configuration.nix @@ -18,9 +18,10 @@ ../../common/de/plasma6.nix # ../../common/de/hyprland.nix - # ../../common/packages/syncthing.nix - ../../common/packages/sshd.nix ../../common/tasia-packages.nix + ../../common/packages/sshd.nix + ../../common/packages/steam.nix + # ../../common/packages/syncthing.nix # ../../modules/nixos/vedirect-reader.nix ]; @@ -78,20 +79,6 @@ virtualisation.docker.enable = true; # services.flatpak.enable = false; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server - }; - services.syncthing = { dataDir = lib.mkForce "/home/user"; configDir = lib.mkForce "/data/sync/configuration/"; diff --git a/hosts/new-phoenix/configuration.nix b/hosts/new-phoenix/configuration.nix index ff72008..815d497 100644 --- a/hosts/new-phoenix/configuration.nix +++ b/hosts/new-phoenix/configuration.nix @@ -6,13 +6,12 @@ imports = [ ./hardware-configuration.nix ../../common/default.nix - # ../../common/full-install.nix ../../common/locales/en.nix ../../common/locales/fr-keymap.nix ../../common/hardware/intelcpu.nix - # ../../common/hardware/amdgpu.nix ../../common/hardware/ssd.nix + ../../common/hardware/btrfs.nix ../../common/packages/syncthing.nix ../../common/packages/adguardhome.nix @@ -37,34 +36,19 @@ extraGroups = ["networkmanager" "wheel" "syncthing"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ - # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect + "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix" ]; }; - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - fileSystems = ["/" "/data"]; - }; + services.btrfs.autoScrub.fileSystems = ["/" "/data"]; virtualisation.docker.enable = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - services.syncthing = { dataDir = lib.mkForce "/home/user"; configDir = lib.mkForce "/data/sync/configuration/"; }; - # Needed to build enry - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - environment.systemPackages = with pkgs; [ # ]; diff --git a/hosts/phoenix/configuration.nix b/hosts/phoenix/configuration.nix index c243a49..0f17c8c 100644 --- a/hosts/phoenix/configuration.nix +++ b/hosts/phoenix/configuration.nix @@ -14,13 +14,14 @@ ../../common/hardware/intelcpu.nix ../../common/hardware/amdgpu.nix ../../common/hardware/ssd.nix + ../../common/hardware/btrfs.nix ../../common/de/plasma6.nix - ../../common/de/hyprland.nix + ../../common/tasia-packages.nix ../../common/packages/syncthing.nix ../../common/packages/adguardhome.nix - ../../common/tasia-packages.nix + ../../common/packages/steam.nix ../../modules/nixos/vedirect-reader.nix ]; @@ -56,39 +57,18 @@ ]; }; - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - fileSystems = ["/" "/data"]; - }; + services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"]; # services.vedirect-reader.enable = true; virtualisation.docker.enable = true; services.flatpak.enable = false; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server - }; - services.syncthing = { dataDir = lib.mkForce "/home/user"; configDir = lib.mkForce "/data/sync/configuration/"; }; - # Needed to build enry - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - environment.systemPackages = with pkgs; [ # ]; diff --git a/hosts/stuff/configuration.nix b/hosts/stuff/configuration.nix index 1ebfb5e..0d5b470 100644 --- a/hosts/stuff/configuration.nix +++ b/hosts/stuff/configuration.nix @@ -6,10 +6,13 @@ ../../common/locales/fr.nix ../../common/locales/fr-keymap.nix ../../common/hardware/intelcpu.nix + ../../common/hardware/ssd.nix + ../../common/hardware/btrfs.nix ../../common/de/plasma5.nix ../../common/packages/syncthing.nix + ../../common/packages/sshd.nix # ../../common/packages/adguardhome.nix ]; @@ -19,16 +22,12 @@ extraGroups = ["networkmanager" "wheel" "syncthing"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ - # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect + "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix" ]; }; networking = { hostName = "stuff"; - - firewall.enable = true; - #firewall.allowedTCPPorts = [ ]; - #firewall.allowedUDPPorts = [ ]; }; environment.systemPackages = with pkgs; [ diff --git a/hosts/theseus/configuration.nix b/hosts/theseus/configuration.nix index 888bd65..e04f608 100644 --- a/hosts/theseus/configuration.nix +++ b/hosts/theseus/configuration.nix @@ -14,24 +14,24 @@ ../../common/hardware/intelcpu.nix ../../common/hardware/nvidiagpu.nix ../../common/hardware/ssd.nix + ../../common/hardware/btrfs.nix ../../common/de/plasma6.nix ../../common/de/hyprland.nix + ../../common/tasia-packages.nix ../../common/packages/syncthing.nix ../../common/packages/adguardhome.nix - ../../common/tasia-packages.nix + ../../common/packages/steam.nix + ../../common/packages/sshd.nix ]; boot = { kernelPackages = pkgs.linuxPackages_latest; - # boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; }; networking = { hostName = "theseus"; - - firewall.enable = true; }; users.users.user = { @@ -40,32 +40,11 @@ extraGroups = ["networkmanager" "wheel" "syncthing"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ - # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect + "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix" ]; }; - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - fileSystems = ["/"]; - }; - - # virtualisation.docker.enable = true; - # services.flatpak.enable = true; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server - }; + services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"]; services.syncthing = { dataDir = lib.mkForce "/home/user/Sync/Phone/";