Move vim packages to pkgs

Add system config Split up modules into home and system sets Update Cleanup Move home config Add module attrs Fix empty LUKS device UUID Import local secrets
2020-12-25 17:38:07 +01:00 · 2020-12-25 17:38:07 +01:00 · e1c562191b
commit e1c562191b
parent 4724f264dd
67 changed files with 1055 additions and 202 deletions
--- a/hosts/gorgon/default.nix
+++ b/hosts/gorgon/default.nix
@ -0,0 +1,123 @@
+{ config, pkgs, lib, ... }:
+let
+  this = import ../.. {};
+in
+{
+  imports = (lib.attrValues this.modules) ++ [
+    ../../modules/profiles/base
+    <nixos-hardware/lenovo/thinkpad/t14s/amd/gen1>
+  ];
+
+  boot.kernelModules = [ "kvm-amd" ];
+
+  virtualisation = {
+    libvirtd.enable = true;
+    docker.enable = false;
+  };
+
+  networking.hostName = "gorgon";
+
+  dadada = {
+    steam.enable = true;
+    fido2 = {
+      credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000";
+      enablePam = true;
+    };
+    luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
+    networking = {
+      wanInterfaces = [ "enp2s0f0" "wlp3s0" ];
+      enableBsShare = true;
+      vpnExtension = "3";
+    };
+  };
+
+  boot.kernel.sysctl = {
+    "vm.swappiness" = 90;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  programs.adb.enable = true;
+
+  services.fstrim.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing = {
+    enable = true;
+    browsing = true;
+    drivers = with pkgs; [
+      hplip
+      brlaser
+      brgenml1lpr
+      brgenml1cupswrapper
+    ];
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+    pulseaudio = {
+      enable = true;
+      extraModules = [ pkgs.pulseaudio-modules-bt ];
+      extraConfig = ''
+        set-source-volume 1 10000
+      '';
+      package = pkgs.pulseaudioFull;
+    };
+  };
+
+  services.avahi.enable = true;
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      22000 # Syncthing
+    ];
+    allowedUDPPorts = [
+      21027 # Syncthing
+    ];
+  };
+
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome3.enable = true;
+
+  xdg.mime.enable = true;
+
+  users.users = {
+    dadada = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ];
+      shell = "/run/current-system/sw/bin/zsh";
+      initialHashedPassword = "nopass";
+    };
+
+    "tim.schubert" = {
+      isNormalUser = true;
+      extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ];
+      shell = "/run/current-system/sw/bin/zsh";
+      initialHashedPassword = "nopass";
+    };
+  };
+
+  networking.hosts = {
+    "fd42:dead:beef:0:5054:ff:fefb:7361" = [
+      "media.dadada.li"
+      "ifrit.dadada.li"
+      "weechat.dadada.li"
+      "webchat.dadada.li"
+    ];
+    "192.168.42.103" = [
+      "media.dadada.li"
+      "ifrit.dadada.li"
+      "weechat.dadada.li"
+      "webchat.dadada.li"
+    ];
+    "fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ];
+    "fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ];
+    "192.168.42.15" = [ "agares.dadada.li" "agares" ];
+    "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ];
+    "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ];
+  };
+}
--- a/hosts/gorgon/home/default.nix
+++ b/hosts/gorgon/home/default.nix
@ -0,0 +1,42 @@
+{ config, pkgs, lib, ... }:
+let
+  this = import ../../.. {};
+in
+{
+  nixpkgs.overlays = [
+    this.overlays.tubslatex
+  ];
+
+  imports = lib.attrValues this.hmModules;
+
+  dadada.home = {
+    vim.enable = true;
+    direnv.enable = true;
+    git.enable = true;
+    gpg.enable = true;
+    gtk.enable = true;
+    keyring.enable = true;
+    kitty.enable = true;
+    ssh.enable = true;
+    syncthing.enable = true;
+    xdg.enable = true;
+    zsh.enable = true;
+
+    session = {
+      enable = true;
+      sessionVars = {
+        EDITOR = "vim";
+        PAGER = "less";
+        MAILDIR = "\$HOME/.var/mail";
+        MBLAZE = "\$HOME/.config/mblaze";
+        NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config";
+        MOZ_ENABLE_WAYLAND= "1";
+      };
+    };
+  };
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+
+  home.packages = import ./pkgs.nix { pkgs = pkgs; };
+}
--- a/hosts/gorgon/home/pkgs.nix
+++ b/hosts/gorgon/home/pkgs.nix
@ -0,0 +1,85 @@
+{ pkgs }:
+with pkgs; [
+  android-studio
+  anki
+  aspell
+  aspellDicts.de
+  aspellDicts.en
+  aspellDicts.en-computers
+  aspellDicts.en-science
+  aqbanking
+  bluez-tools
+  chromium
+  clang
+  clang-tools
+  darcs
+  direnv
+  element-desktop
+  evince
+  ffmpeg
+  file
+  firefox-bin
+  fractal
+  fzf
+  gimp
+  git-lfs
+  gitAndTools.hub
+  gnome3.gnome-tweak-tool
+  gnome3.nautilus
+  gnome3.vinagre
+  gnucash
+  gnumake
+  gnupg
+  graphviz
+  grim
+  imagemagick
+  inkscape
+  inotify-tools
+  irssi
+  jameica
+  jq
+  kcachegrind
+  keepassxc
+  #keys
+  kitty
+  ldns
+  libreoffice
+  libvirt
+  lsof
+  mblaze
+  mkpasswd
+  mpv
+  mumble
+  ncurses
+  nfs-utils
+  niv
+  nmap
+  openssl
+  p7zip
+  pass
+  pavucontrol
+  pinentry-gnome
+  playerctl
+  pwgen
+  python27Packages.dbus-python
+  python3
+  python38Packages.dateutil
+  python38Packages.managesieve
+  python38Packages.solo-python
+  signal-desktop
+  slurp
+  sqlite
+  sshfs-fuse
+  steam
+  tcpdump
+  tdesktop
+  tubslatex
+  thunderbird-bin
+  unzip
+  usbutils
+  virtmanager
+  whois
+  wireshark
+  xdg_utils
+  youtube-dl
+]
--- a/hosts/ifrit/default.nix
+++ b/hosts/ifrit/default.nix
@ -0,0 +1,150 @@
+{ config, pkgs, lib, ... }:
+let
+  hostAliases = [
+    "ifrit.dadada.li"
+    "vpn.dadada.li"
+    "media.dadada.li"
+    "media.local"
+  ];
+  backups = "/mnt/storage/backup";
+  this = import ../.. {};
+  keys = ../../pkgs/keys/keys;
+in {
+  imports = (lib.attrValues this.modules) ++ [
+    ../../modules/profiles/base
+    <nixpkgs/nixos/modules/profiles/minimal.nix>
+  ];
+
+  dadada = {
+    admin.enable = true;
+    fileShare.enable = true;
+    admin.users = {
+      "dadada" = [ "${keys}/dadada.pub" ];
+    };
+
+    vpnServer.enable = true;
+    vpnServer.peers = {
+      "metis" = {
+        id = "1";
+        key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns=";
+      };
+      "morax" = {
+        id = "2";
+        key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE=";
+      };
+      "gorgon" = {
+        id = "3";
+        key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
+      };
+    };
+
+    weechat.enable = true;
+  };
+
+  services.borgbackup.repos = {
+    "metis" = {
+      allowSubRepos = false;
+      authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
+      path = "${backups}/metis";
+      quota = "1T";
+    };
+    "gorgon" = {
+      allowSubRepos = false;
+      authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
+      path = "${backups}/gorgon";
+      quota = "1T";
+    };
+    "wohnzimmerpi" = {
+      allowSubRepos = false;
+      authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
+      path = "${backups}/wohnzimmerpi";
+      quota = "50G";
+    };
+  };
+
+  networking.hostName = "ifrit";
+  networking.domain = "dadada.li";
+
+  networking.hosts = {
+    "127.0.0.1" = hostAliases;
+    "::1" = hostAliases;
+  };
+
+  networking.nameservers = [
+    "1.1.1.1"
+    "1.0.0.1"
+  ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  fileSystems."/mnt/storage" = {
+    device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
+    mountPoint = "/mnt/storage";
+    neededForBoot = false;
+    options = [ "nofail" ];
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80 443 # HTTP(S)
+      111 2049 # NFS
+      137 138 139 445 # SMB
+    ];
+    allowedUDPPorts = [
+      137 138 139 445 # SMB
+      111 2049 # NFS
+      51234 # Wireguard
+    ];
+  };
+
+  security.acme = {
+    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+    certs."webchat.dadada.li" = {
+      credentialsFile = "/var/lib/lego/acme-joker.env";
+      dnsProvider = "joker";
+      postRun = "systemctl reload nginx.service";
+    };
+    certs."weechat.dadada.li" = {
+      credentialsFile = "/var/lib/lego/acme-joker.env";
+      dnsProvider = "joker";
+      postRun = "systemctl reload nginx.service";
+    };
+  };
+
+  users.users."mist" = {
+    isNormalUser = true;
+  };
+
+  services.ddclient = {
+    enable = true;
+    configFile = /var/lib/dyndns/config;
+  };
+
+  services.avahi = {
+    enable = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      workstation = true;
+    };
+  };
+}