5 am

2024-04-22 04:57:27 +02:00 · 2024-04-22 04:57:27 +02:00 · 82815bd863
parent b11dc9f775
commit 82815bd863
13 changed files with 82 additions and 140 deletions
--- a/README.md
+++ b/README.md
@ -23,6 +23,14 @@ Build a configuration: `# nixos-rebuild switch --flake .#phoenix`

 Build enry and upload a generation: TODO

+### git
+
+generate an ssh key: `ssh-keygen -t ed25519`
+
+add to ssh-agent: `ssh-add .ssh/id_ed25519`
+
+add to git: `git config --global user.signingkey ~/.ssh/id_ed25519`
+
 # Hosts

 ## theseus
--- a/common/default.nix
+++ b/common/default.nix
@ -9,25 +9,15 @@
  imports = [
    ./packages/neovim.nix
    ./packages/zsh.nix
+    ./packages/git.nix
+    ./locales/paris.nix
  ];

  nixpkgs = {
-    # You can add overlays here
    overlays = [
-      # Add overlays your own flake exports (from overlays and pkgs dir):
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
-
-      # You can also add overlays exported from other flakes:
-      # neovim-nightly-overlay.overlays.default
-
-      # Or define it inline, for example:
-      # (final: prev: {
-      #   hi = final.hello.overrideAttrs (oldAttrs: {
-      #     patches = [ ./change-hello-to-hi.patch ];
-      #   });
-      # })
    ];
  };

@ -53,47 +43,31 @@
    auto-optimise-store = true;
  };

+  # systemd-boot
  boot.loader = {
    systemd-boot.enable = true;
-
    efi.canTouchEfiVariables = true;
  };

-  # Set your time zone.
-  time.timeZone = "Europe/Paris";
-
-  services.fwupd.enable = true;
-
-  services.tailscale.enable = true;
-
  networking = {
    networkmanager.enable = true;

    firewall = {
      enable = true;
-
      trustedInterfaces = ["tailscale0"];
    };
  };

+  # sudo and nix can only be used by the wheel group
  nix.settings.allowed-users = ["@wheel"];
  security.sudo.execWheelOnly = true;

-  programs.git = {
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.mtr.enable = true;
+  programs.gnupg.agent = {
    enable = true;
-    config = {
-      user = {
-        name = "Tasia Iso";
-        email = "tasiaiso@proton.me";
-        gpg.format = "ssh";
-        commit.gpgsign = "true";
-        # git config --global user.signingkey ~/.ssh/id_ed25519
-      };
-
-      init = {
-        defaultBranch = "master";
-      };
-    };
+    enableSSHSupport = true;
  };

  environment.systemPackages = with pkgs; [
@ -111,4 +85,9 @@
    file
    ffmpeg
  ];
+
+  services = {
+    fwupd.enable = true;
+    tailscale.enable = true;
+  };
 }
--- a/common/hardware/btrfs.nix
+++ b/common/hardware/btrfs.nix
@ -0,0 +1,7 @@
+{lib, ...}: {
+  services.btrfs.autoScrub = {
+    enable = true;
+    interval = "weekly";
+    fileSystems = lb.mkDefault ["/"];
+  };
+}
--- a/common/hardware/raspberry-pi.nix
+++ b/common/hardware/raspberry-pi.nix
@ -1,4 +1,6 @@
 {lib, ...}: {
+  # Raspberry PI 3 B+
+
  # Disable systemd-boot
  boot.loader = {
    systemd-boot = {
--- a/common/locales/paris.nix
+++ b/common/locales/paris.nix
@ -0,0 +1,3 @@
+{
+  time.timeZone = "Europe/Paris";
+}
--- a/common/packages/git.nix
+++ b/common/packages/git.nix
@ -0,0 +1,17 @@
+{
+  programs.git = {
+    enable = true;
+    config = {
+      user = {
+        name = "Tasia Iso";
+        email = "tasiaiso@proton.me";
+        gpg.format = "ssh";
+        commit.gpgsign = "true";
+      };
+
+      init = {
+        defaultBranch = "master";
+      };
+    };
+  };
+}
--- a/common/packages/steam.nix
+++ b/common/packages/steam.nix
@ -0,0 +1,7 @@
+{
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
+  };
+}
--- a/hosts/enry/configuration.nix
+++ b/hosts/enry/configuration.nix
@ -8,19 +8,15 @@
    ../../common/default.nix
    ../../common/hardware/raspberry-pi.nix

+    ../../common/packages/sshd.nix
+
    ../../modules/nixos/vedirect-reader.nix
  ];

  networking = {
    hostName = "enry";
-
-    firewall.enable = true;
-    # firewall.allowedTCPPorts = [8080 12345 13378];
-    # firewall.allowedUDPPorts = [8080];
  };

-  # services.vedirect-reader.enable = true;
-
  users.users.user = {
    isNormalUser = true;
    description = "User";
@ -32,18 +28,12 @@
    ];
  };

-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-    };
-  };
-
  environment.systemPackages = with pkgs; [
    #
  ];

+  # services.vedirect-reader.enable = true;
+
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.11";
 }
--- a/hosts/new-new-phoenix/configuration.nix
+++ b/hosts/new-new-phoenix/configuration.nix
@ -18,9 +18,10 @@
    ../../common/de/plasma6.nix
    # ../../common/de/hyprland.nix

-    # ../../common/packages/syncthing.nix
-    ../../common/packages/sshd.nix
    ../../common/tasia-packages.nix
+    ../../common/packages/sshd.nix
+    ../../common/packages/steam.nix
+    # ../../common/packages/syncthing.nix

    # ../../modules/nixos/vedirect-reader.nix
  ];
@ -78,20 +79,6 @@
  virtualisation.docker.enable = true;
  # services.flatpak.enable = false;

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
-  };
-
  services.syncthing = {
    dataDir = lib.mkForce "/home/user";
    configDir = lib.mkForce "/data/sync/configuration/";
--- a/hosts/new-phoenix/configuration.nix
+++ b/hosts/new-phoenix/configuration.nix
@ -6,13 +6,12 @@
  imports = [
    ./hardware-configuration.nix
    ../../common/default.nix
-    # ../../common/full-install.nix

    ../../common/locales/en.nix
    ../../common/locales/fr-keymap.nix
    ../../common/hardware/intelcpu.nix
-    # ../../common/hardware/amdgpu.nix
    ../../common/hardware/ssd.nix
+    ../../common/hardware/btrfs.nix

    ../../common/packages/syncthing.nix
    ../../common/packages/adguardhome.nix
@ -37,34 +36,19 @@
    extraGroups = ["networkmanager" "wheel" "syncthing"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
+      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
    ];
  };

-  services.btrfs.autoScrub = {
-    enable = true;
-    interval = "weekly";
-    fileSystems = ["/" "/data"];
-  };
+  services.btrfs.autoScrub.fileSystems = ["/" "/data"];

  virtualisation.docker.enable = true;

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
  services.syncthing = {
    dataDir = lib.mkForce "/home/user";
    configDir = lib.mkForce "/data/sync/configuration/";
  };

-  # Needed to build enry
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
-
  environment.systemPackages = with pkgs; [
    #
  ];
--- a/hosts/phoenix/configuration.nix
+++ b/hosts/phoenix/configuration.nix
@ -14,13 +14,14 @@
    ../../common/hardware/intelcpu.nix
    ../../common/hardware/amdgpu.nix
    ../../common/hardware/ssd.nix
+    ../../common/hardware/btrfs.nix

    ../../common/de/plasma6.nix
-    ../../common/de/hyprland.nix

+    ../../common/tasia-packages.nix
    ../../common/packages/syncthing.nix
    ../../common/packages/adguardhome.nix
-    ../../common/tasia-packages.nix
+    ../../common/packages/steam.nix

    ../../modules/nixos/vedirect-reader.nix
  ];
@ -56,39 +57,18 @@
    ];
  };

-  services.btrfs.autoScrub = {
-    enable = true;
-    interval = "weekly";
-    fileSystems = ["/" "/data"];
-  };
+  services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"];

  # services.vedirect-reader.enable = true;

  virtualisation.docker.enable = true;
  services.flatpak.enable = false;

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
-  };
-
  services.syncthing = {
    dataDir = lib.mkForce "/home/user";
    configDir = lib.mkForce "/data/sync/configuration/";
  };

-  # Needed to build enry
-  boot.binfmt.emulatedSystems = ["aarch64-linux"];
-
  environment.systemPackages = with pkgs; [
    #
  ];
--- a/hosts/stuff/configuration.nix
+++ b/hosts/stuff/configuration.nix
@ -6,10 +6,13 @@
    ../../common/locales/fr.nix
    ../../common/locales/fr-keymap.nix
    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/ssd.nix
+    ../../common/hardware/btrfs.nix

    ../../common/de/plasma5.nix

    ../../common/packages/syncthing.nix
+    ../../common/packages/sshd.nix
    # ../../common/packages/adguardhome.nix
  ];

@ -19,16 +22,12 @@
    extraGroups = ["networkmanager" "wheel" "syncthing"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
+      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
    ];
  };

  networking = {
    hostName = "stuff";
-
-    firewall.enable = true;
-    #firewall.allowedTCPPorts = [ ];
-    #firewall.allowedUDPPorts = [ ];
  };

  environment.systemPackages = with pkgs; [
--- a/hosts/theseus/configuration.nix
+++ b/hosts/theseus/configuration.nix
@ -14,24 +14,24 @@
    ../../common/hardware/intelcpu.nix
    ../../common/hardware/nvidiagpu.nix
    ../../common/hardware/ssd.nix
+    ../../common/hardware/btrfs.nix

    ../../common/de/plasma6.nix
    ../../common/de/hyprland.nix

+    ../../common/tasia-packages.nix
    ../../common/packages/syncthing.nix
    ../../common/packages/adguardhome.nix
-    ../../common/tasia-packages.nix
+    ../../common/packages/steam.nix
+    ../../common/packages/sshd.nix
  ];

  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
-    # boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
  };

  networking = {
    hostName = "theseus";
-
-    firewall.enable = true;
  };

  users.users.user = {
@ -40,32 +40,11 @@
    extraGroups = ["networkmanager" "wheel" "syncthing"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
+      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
    ];
  };

-  services.btrfs.autoScrub = {
-    enable = true;
-    interval = "weekly";
-    fileSystems = ["/"];
-  };
-
-  # virtualisation.docker.enable = true;
-  # services.flatpak.enable = true;
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  programs.mtr.enable = true;
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
-  };
+  services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"];

  services.syncthing = {
    dataDir = lib.mkForce "/home/user/Sync/Phone/";