diff --git a/provision/flake.nix b/provision/flake.nix index f21acd23..7e5f7d96 100644 --- a/provision/flake.nix +++ b/provision/flake.nix @@ -15,34 +15,18 @@ outputs = inputs @ { self, nixpkgs, home-manager, jovian-nixos, agenix, nixos-wsl, ... }: let system = "x86_64-linux"; - user = "tstarr"; + hosts = builtins.fromJSON (builtins.readFile ./hosts.json); lib = nixpkgs.lib; in { - nixosConfigurations = { - kestrel = lib.nixosSystem (import ./hosts/kestrel { + nixosConfigurations = lib.mapAttrs (hostname: hostConfig: + lib.nixosSystem (import ./hosts/${hostConfig.role} { inherit lib; - inherit system user inputs agenix home-manager; - }); - shivan = lib.nixosSystem (import ./hosts/shivan { - inherit lib; - inherit system user inputs agenix home-manager; - }); - torus = lib.nixosSystem (import ./hosts/torus { - inherit lib; - inherit system user inputs agenix home-manager; - }); - bulwark = lib.nixosSystem (import ./hosts/bulwark { - inherit lib; - inherit system user inputs agenix home-manager jovian-nixos; - }); - wsl = lib.nixosSystem (import ./hosts/wsl { - inherit lib; - inherit system user inputs agenix home-manager nixos-wsl; - }); - osprey = lib.nixosSystem (import ./hosts/osprey { - inherit lib; - inherit system user inputs agenix home-manager; - }); - }; + inherit system inputs agenix home-manager jovian-nixos nixos-wsl; + specialArgs = { + user = hostConfig.user; + hostname = "${hostname}"; + }; + }) + ) hosts; }; } diff --git a/provision/hosts.json b/provision/hosts.json new file mode 100644 index 00000000..e26f8eb5 --- /dev/null +++ b/provision/hosts.json @@ -0,0 +1,30 @@ +{ + "kestrel": { + "role": "kestrel", + "user": "tstarr" + }, + "shivan": { + "role": "shivan", + "user": "tstarr" + }, + "torus": { + "role": "torus", + "user": "tstarr" + }, + "bulwark": { + "role": "bulwark", + "user": "tstarr" + }, + "osprey": { + "role": "osprey", + "user": "tstarr" + }, + "wsl": { + "role": "wsl", + "user": "user" + }, + "htpc-bako": { + "role": "htpc", + "user": "starr" + } +} diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index 4afe3c2b..f24e1fa0 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -1,11 +1,11 @@ -{ config, lib, pkgs, user, ... }: +{ config, lib, pkgs, user, hostname, ... }: { imports = [ ./steam-deck.nix ]; # Set networking options - networking.hostName = "bulwark"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/bulwark/default.nix b/provision/hosts/bulwark/default.nix index 83fb02bd..e16ebed1 100644 --- a/provision/hosts/bulwark/default.nix +++ b/provision/hosts/bulwark/default.nix @@ -1,5 +1,8 @@ -{ lib, system, user, inputs, agenix, home-manager, jovian-nixos, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, jovian-nixos, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; specialArgs = { inherit user inputs home-manager jovian-nixos; }; modules = [ diff --git a/provision/hosts/htpc/configuration.nix b/provision/hosts/htpc/configuration.nix new file mode 100644 index 00000000..e0ff1614 --- /dev/null +++ b/provision/hosts/htpc/configuration.nix @@ -0,0 +1,26 @@ +{ config, pkgs, user, lib, hostname, ... }: +{ + # Use performance governor for sweet gaming performance! + powerManagement.cpuFreqGovernor = "performance"; + + # Set networking options + networking.hostName = "${hostname}"; + networking.firewall.checkReversePath = "loose"; + networking.firewall.enable = false; + + # Modules + modules = { + desktop = { + enable = true; + gnome.enable = true; + }; + programs = { + chezmoi.apply = true; + kitty.enable = true; + }; + services = { + samba-client.enable = true; + ssh.enable = true; + }; + }; +} diff --git a/provision/hosts/htpc/default.nix b/provision/hosts/htpc/default.nix new file mode 100644 index 00000000..29312e91 --- /dev/null +++ b/provision/hosts/htpc/default.nix @@ -0,0 +1,21 @@ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { + inherit system; + specialArgs = { inherit user hostname inputs home-manager; }; + modules = [ + ../default # shared by all configs + ../default/physical/configuration.nix # shared by physical machines + ./configuration.nix # htpc specific + ../../modules + /etc/nixos/hardware-configuration.nix + agenix.nixosModules.default + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit user; }; + } + ]; +} diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index 67a52371..6614d566 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { imports = [ ./backup.nix @@ -9,7 +9,7 @@ powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "kestrel"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/kestrel/default.nix b/provision/hosts/kestrel/default.nix index c4d30e18..0f63c0f7 100644 --- a/provision/hosts/kestrel/default.nix +++ b/provision/hosts/kestrel/default.nix @@ -1,7 +1,10 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; - specialArgs = { inherit user inputs home-manager; }; + specialArgs = { inherit user hostname inputs home-manager; }; modules = [ ../default # shared by all configs ../default/physical/configuration.nix # shared by physical machines diff --git a/provision/hosts/osprey/configuration.nix b/provision/hosts/osprey/configuration.nix index b9195da7..65ab7512 100644 --- a/provision/hosts/osprey/configuration.nix +++ b/provision/hosts/osprey/configuration.nix @@ -1,10 +1,10 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { # Use performance governor for sweet gaming performance! powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "osprey"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = false; networking.firewall.enable = false; diff --git a/provision/hosts/osprey/default.nix b/provision/hosts/osprey/default.nix index 3b4f8302..bcd208c4 100644 --- a/provision/hosts/osprey/default.nix +++ b/provision/hosts/osprey/default.nix @@ -1,5 +1,8 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index c3184431..0323cc89 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -1,10 +1,10 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { # Use performance governor for sweet gaming performance! powerManagement.cpuFreqGovernor = "performance"; # Set networking options - networking.hostName = "shivan"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/shivan/default.nix b/provision/hosts/shivan/default.nix index f4fcc139..1210b7e3 100644 --- a/provision/hosts/shivan/default.nix +++ b/provision/hosts/shivan/default.nix @@ -1,5 +1,8 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index 72125462..f3746c3a 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, ... }: +{ config, pkgs, user, lib, hostname, ... }: { imports = [ ./wireguard-server.nix @@ -18,7 +18,7 @@ boot.kernelModules = [ "sg" ]; # Set networking options - networking.hostName = "torus"; + networking.hostName = "${hostname}"; networking.firewall.enable = true; networking.firewall.checkReversePath = "loose"; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/provision/hosts/torus/default.nix b/provision/hosts/torus/default.nix index 237ab50e..e60e2cd3 100644 --- a/provision/hosts/torus/default.nix +++ b/provision/hosts/torus/default.nix @@ -1,5 +1,8 @@ -{ lib, system, user, inputs, agenix, home-manager, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; specialArgs = { inherit user inputs home-manager; }; modules = [ diff --git a/provision/hosts/wsl/configuration.nix b/provision/hosts/wsl/configuration.nix index 6d635183..d07a885c 100644 --- a/provision/hosts/wsl/configuration.nix +++ b/provision/hosts/wsl/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, user, lib, inputs, nixos-wsl, ... }: +{ config, pkgs, user, lib, inputs, nixos-wsl, hostname, ... }: let defaultUser = user; in @@ -15,7 +15,7 @@ in }; # Set networking options - networking.hostName = "wsl"; + networking.hostName = "${hostname}"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; diff --git a/provision/hosts/wsl/default.nix b/provision/hosts/wsl/default.nix index 3619e9fc..b11c2c7a 100644 --- a/provision/hosts/wsl/default.nix +++ b/provision/hosts/wsl/default.nix @@ -1,5 +1,8 @@ -{ lib, system, user, inputs, agenix, home-manager, nixos-wsl, ... }: -{ +{ lib, specialArgs, system, inputs, agenix, home-manager, nixos-wsl, ... }: +let + user = specialArgs.user; + hostname = specialArgs.hostname; +in { inherit system; specialArgs = { inherit user inputs nixos-wsl home-manager; }; modules = [ diff --git a/provision/modules/programs/firefox/default.nix b/provision/modules/programs/firefox/default.nix index c0540ca2..10def893 100644 --- a/provision/modules/programs/firefox/default.nix +++ b/provision/modules/programs/firefox/default.nix @@ -14,6 +14,13 @@ in { home-manager.users.${user} = { programs.firefox = { enable = true; + policies = { + SecurityDevices = { + Add = { + "NIPR" = "${pkgs.opensc}/lib/opensc-pkcs11.so"; + }; + }; + }; profiles.default = { bookmarks = import ./bookmarks.nix; isDefault = true; diff --git a/provision/readme.md b/provision/readme.md index 53eaa5ad..776cb771 100644 --- a/provision/readme.md +++ b/provision/readme.md @@ -14,16 +14,17 @@ nix-shell -p vim git neovim git clone https://github.com/starr-dusT/dotfiles ~/.local/share/chezmoi ``` -3. Copy existing configuration files from another host and modify as needed. Make sure to move the installer created configuration-hardware.nix to dotfiles (e.g. `provision/hosts//hardware.nix`). +3. Copy existing configuration files from another host and modify as needed. For most configs, move the installer created `configuration-hardware.nix` to dotfiles (e.g. `provision/hosts//hardware.nix`); however, role-based installs like `htpc` and `wsl` either do not require a `hardware.nix` file or the flake imports `hardware-configuration.nix` from `/etc/nixos`. 4. If required move agenix keypairs to `~/.ssh/keys/{age,age.pub}`. A new keypair may be required and agenix files will need to be rekeyed on another system. 5. Rebuild the system and initialize chezmoi dotfiles to save America: ```bash -sudo nixos-rebuild switch --flake .# +sudo nixos-rebuild switch --impure --flake .# chezmoi init && chezmoi apply ``` +*Note:* if the `chezmoi.apply` option is enabled in `configuration.nix` the dotfiles should deploy automatically. The chezmoi commands then are not necessary. 6. Profit!