From 9a797194d81c4bf4b8bdf8aeee6edb035e22630c Mon Sep 17 00:00:00 2001 From: Christoph Schmatzler Date: Mon, 11 Aug 2025 12:38:20 +0200 Subject: [PATCH] up --- hosts/nixos/tahani/default.nix | 89 +-------------------------------- profiles/darwin/default.nix | 1 - profiles/nixos/default.nix | 90 +++++++++++++++++++++++++++------- profiles/nixos/disks.nix | 33 ------------- 4 files changed, 75 insertions(+), 138 deletions(-) delete mode 100644 profiles/nixos/disks.nix diff --git a/hosts/nixos/tahani/default.nix b/hosts/nixos/tahani/default.nix index 63086e3..6e6188e 100644 --- a/hosts/nixos/tahani/default.nix +++ b/hosts/nixos/tahani/default.nix @@ -6,13 +6,10 @@ hostname, user, ... -}: let - sshKeys = import ../../../shared/ssh-keys.nix; -in { +}: { imports = [ ../../../profiles/base ../../../profiles/nixos - agenix.nixosModules.default ]; boot = { @@ -34,93 +31,11 @@ in { kernelPackages = pkgs.linuxPackages_latest; }; - time.timeZone = "UTC"; - networking = { hostName = hostname; useDHCP = false; interfaces."%INTERFACE%".useDHCP = true; }; - nix.nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"]; - - programs = { - gnupg.agent.enable = true; - fish.enable = true; - }; - - services = { - openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - PasswordAuthentication = false; - }; - }; - syncthing = { - enable = true; - openDefaultPorts = true; - dataDir = "/home/${user}/.local/share/syncthing"; - configDir = "/home/${user}/.config/syncthing"; - user = "${user}"; - group = "users"; - guiAddress = "127.0.0.1:8384"; - overrideFolders = true; - overrideDevices = true; - - settings = { - devices = {}; - options.globalAnnounceEnabled = false; # Only sync on LAN - }; - }; - }; - - # Enable CUPS to print documents - # services.printing.enable = true; - # services.printing.drivers = [ pkgs.brlaser ]; # Brother printer driver - - # Crypto wallet support - hardware.ledger.enable = true; - - # Add docker daemon - virtualisation.docker.enable = true; - virtualisation.docker.logDriver = "json-file"; - - # Additional user config beyond what's in profiles/nixos - users.users = { - ${user} = { - extraGroups = [ - "docker" - ]; - openssh.authorizedKeys.keys = sshKeys.keys; - }; - - root = { - openssh.authorizedKeys.keys = sshKeys.keys; - }; - }; - - # Don't require password for users in `wheel` group for these commands - security.sudo = { - enable = true; - extraRules = [ - { - commands = [ - { - command = "${pkgs.systemd}/bin/reboot"; - options = ["NOPASSWD"]; - } - ]; - groups = ["wheel"]; - } - ]; - }; - - environment.systemPackages = with pkgs; [ - agenix.packages."${pkgs.system}".default # "x86_64-linux" - gitAndTools.gitFull - inetutils - ]; - - system.stateVersion = "21.05"; # Don't change this + system.stateVersion = "21.05"; } diff --git a/profiles/darwin/default.nix b/profiles/darwin/default.nix index 465e171..e25d72d 100644 --- a/profiles/darwin/default.nix +++ b/profiles/darwin/default.nix @@ -35,7 +35,6 @@ }; home-manager = { - useGlobalPkgs = true; users.${user} = { pkgs, config, diff --git a/profiles/nixos/default.nix b/profiles/nixos/default.nix index 7005486..2b31f8e 100644 --- a/profiles/nixos/default.nix +++ b/profiles/nixos/default.nix @@ -2,32 +2,88 @@ pkgs, nixvim, user, + agenix, ... -}: { +}: let + sshKeys = import ../../shared/ssh-keys.nix; +in { imports = [ - ./disks.nix + agenix.nixosModules.default ]; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + time.timeZone = "UTC"; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"]; }; - users.users.${user} = { - isNormalUser = true; - home = "/home/${user}"; - extraGroups = [ - "wheel" - "sudo" - "network" - "systemd-journal" - ]; - shell = pkgs.fish; + virtualisation.docker = { + enable = true; + logDriver = "json-file"; }; + programs = { + gnupg.agent.enable = true; + fish.enable = true; + }; + + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = false; + }; + }; + tailscale.enable = true; + }; + + users.users = { + ${user} = { + isNormalUser = true; + home = "/home/${user}"; + extraGroups = [ + "wheel" + "sudo" + "network" + "systemd-journal" + "docker" + ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = sshKeys.keys; + }; + + root = { + openssh.authorizedKeys.keys = sshKeys.keys; + }; + }; + + security.sudo = { + enable = true; + extraRules = [ + { + commands = [ + { + command = "${pkgs.systemd}/bin/reboot"; + options = ["NOPASSWD"]; + } + ]; + groups = ["wheel"]; + } + ]; + }; + + environment.systemPackages = with pkgs; [ + agenix.packages."${pkgs.system}".default + inetutils + ]; + home-manager = { - useGlobalPkgs = true; users.${user} = { pkgs, config, diff --git a/profiles/nixos/disks.nix b/profiles/nixos/disks.nix deleted file mode 100644 index 54217ba..0000000 --- a/profiles/nixos/disks.nix +++ /dev/null @@ -1,33 +0,0 @@ -_: { - disko.devices = { - disk = { - main = { - device = "/dev/nvme0n1"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "512M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "fmask=0022" "dmask=0022" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -}