up

2025-08-11 12:38:20 +02:00
parent 8b3e652b40
commit 9a797194d8
4 changed files with 75 additions and 138 deletions
--- a/hosts/nixos/tahani/default.nix
+++ b/hosts/nixos/tahani/default.nix
@@ -6,13 +6,10 @@
  hostname,
  user,
  ...
-}: let
+}: {
  sshKeys = import ../../../shared/ssh-keys.nix;
 in {
  imports = [
    ../../../profiles/base
    ../../../profiles/nixos
    agenix.nixosModules.default
  ];
  boot = {
@@ -34,93 +31,11 @@ in {
    kernelPackages = pkgs.linuxPackages_latest;
  };
  time.timeZone = "UTC";
  networking = {
    hostName = hostname;
    useDHCP = false;
    interfaces."%INTERFACE%".useDHCP = true;
  };
-  nix.nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
+  system.stateVersion = "21.05";
  programs = {
    gnupg.agent.enable = true;
    fish.enable = true;
  };
  services = {
    openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "yes";
        PasswordAuthentication = false;
      };
    };
    syncthing = {
      enable = true;
      openDefaultPorts = true;
      dataDir = "/home/${user}/.local/share/syncthing";
      configDir = "/home/${user}/.config/syncthing";
      user = "${user}";
      group = "users";
      guiAddress = "127.0.0.1:8384";
      overrideFolders = true;
      overrideDevices = true;
      settings = {
        devices = {};
        options.globalAnnounceEnabled = false; # Only sync on LAN
      };
    };
  };
  # Enable CUPS to print documents
  # services.printing.enable = true;
  # services.printing.drivers = [ pkgs.brlaser ]; # Brother printer driver
  # Crypto wallet support
  hardware.ledger.enable = true;
  # Add docker daemon
  virtualisation.docker.enable = true;
  virtualisation.docker.logDriver = "json-file";
  # Additional user config beyond what's in profiles/nixos
  users.users = {
    ${user} = {
      extraGroups = [
        "docker"
      ];
      openssh.authorizedKeys.keys = sshKeys.keys;
    };
    root = {
      openssh.authorizedKeys.keys = sshKeys.keys;
    };
  };
  # Don't require password for users in `wheel` group for these commands
  security.sudo = {
    enable = true;
    extraRules = [
      {
        commands = [
          {
            command = "${pkgs.systemd}/bin/reboot";
            options = ["NOPASSWD"];
          }
        ];
        groups = ["wheel"];
      }
    ];
  };
  environment.systemPackages = with pkgs; [
    agenix.packages."${pkgs.system}".default # "x86_64-linux"
    gitAndTools.gitFull
    inetutils
  ];
  system.stateVersion = "21.05"; # Don't change this
 }
--- a/profiles/darwin/default.nix
+++ b/profiles/darwin/default.nix
@@ -35,7 +35,6 @@
  };
  home-manager = {
    useGlobalPkgs = true;
    users.${user} = {
      pkgs,
      config,
--- a/profiles/nixos/default.nix
+++ b/profiles/nixos/default.nix
@@ -2,32 +2,88 @@
  pkgs,
  nixvim,
  user,
  agenix,
  ...
-}: {
+}: let
  sshKeys = import ../../shared/ssh-keys.nix;
 in {
  imports = [
-    ./disks.nix
+    agenix.nixosModules.default
  ];
-  nix.gc = {
+  time.timeZone = "UTC";
-    automatic = true;
+
-    dates = "weekly";
+  nix = {
-    options = "--delete-older-than 30d";
+    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
  };
-  users.users.${user} = {
+  virtualisation.docker = {
-    isNormalUser = true;
+    enable = true;
-    home = "/home/${user}";
+    logDriver = "json-file";
    extraGroups = [
      "wheel"
      "sudo"
      "network"
      "systemd-journal"
    ];
    shell = pkgs.fish;
  };
  programs = {
    gnupg.agent.enable = true;
    fish.enable = true;
  };
  services = {
    openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "yes";
        PasswordAuthentication = false;
      };
    };
    tailscale.enable = true;
  };
  users.users = {
    ${user} = {
      isNormalUser = true;
      home = "/home/${user}";
      extraGroups = [
        "wheel"
        "sudo"
        "network"
        "systemd-journal"
        "docker"
      ];
      shell = pkgs.fish;
      openssh.authorizedKeys.keys = sshKeys.keys;
    };
    root = {
      openssh.authorizedKeys.keys = sshKeys.keys;
    };
  };
  security.sudo = {
    enable = true;
    extraRules = [
      {
        commands = [
          {
            command = "${pkgs.systemd}/bin/reboot";
            options = ["NOPASSWD"];
          }
        ];
        groups = ["wheel"];
      }
    ];
  };
  environment.systemPackages = with pkgs; [
    agenix.packages."${pkgs.system}".default
    inetutils
  ];
  home-manager = {
    useGlobalPkgs = true;
    users.${user} = {
      pkgs,
      config,
--- a/profiles/nixos/disks.nix
+++ b/profiles/nixos/disks.nix
@@ -1,33 +0,0 @@
 _: {
  disko.devices = {
    disk = {
      main = {
        device = "/dev/nvme0n1";
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              type = "EF00";
              size = "512M";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "fmask=0022" "dmask=0022" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };
 }