From e3bb5729346a30da9f834dcda13a7d5c632ef6f0 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sun, 21 Jul 2024 19:23:30 -0700 Subject: [PATCH] migrate configurations to include default --- provision/hosts/bulwark/configuration.nix | 50 +---------------- provision/hosts/default/configuration.nix | 53 ++++++++++++++++++ provision/hosts/default/default.nix | 2 +- provision/hosts/kestrel/configuration.nix | 50 +---------------- provision/hosts/shivan/configuration.nix | 66 +---------------------- provision/hosts/torus/configuration.nix | 62 +++------------------ 6 files changed, 67 insertions(+), 216 deletions(-) create mode 100644 provision/hosts/default/configuration.nix diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index 4cf2a516..01c5d523 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -5,53 +5,11 @@ ./syncthing.nix ]; - nix = { - package = pkgs.nixFlakes; - extraOptions = "experimental-features = nix-command flakes"; - - settings.auto-optimise-store = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - # Add non-free packages - nixpkgs.config.allowUnfree = true; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ]; - nixpkgs.overlays = import ../../lib/overlays.nix; - - # Hardware options - hardware.bluetooth.enable = true; - hardware.bluetooth.package = pkgs.bluez; - hardware.sensor.iio.enable = true; - hardware.graphics.enable = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Set networking options networking.hostName = "bulwark"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - i18n.defaultLocale = "en_US.UTF-8"; - - # Add fonts - fonts.packages= with pkgs; [ - nerdfonts - ]; - - # Define user account. - users.users.${user} = { - isNormalUser = true; - extraGroups = [ "dialout" "wheel" ]; # Enable ‘sudo’ for the user. - }; - # Password-less root security.sudo.extraRules = [{ users = [ "${user}" ]; @@ -64,10 +22,10 @@ environment.systemPackages = with pkgs; [ ]; - # host secrets + # Secrets age.secrets."wireguard/bulwark".file = ../../secrets/wireguard/bulwark.age; - # Enable modules + # Modules modules = { desktop = { sway.enable = false; @@ -103,7 +61,6 @@ }; }; - # Home manager modules home-manager.users.${user} = { modules = { desktop = { @@ -111,7 +68,4 @@ }; }; }; - - # Did you read the comment? - system.stateVersion = "23.11"; } diff --git a/provision/hosts/default/configuration.nix b/provision/hosts/default/configuration.nix new file mode 100644 index 00000000..14fbdb73 --- /dev/null +++ b/provision/hosts/default/configuration.nix @@ -0,0 +1,53 @@ +{ config, pkgs, user, lib, ... }: +{ + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + + settings.auto-optimise-store = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + }; + + # Add non-free packages + nixpkgs.config.allowUnfree = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ]; + nixpkgs.overlays = import ../../lib/overlays.nix; + + # Hardware options + hardware.bluetooth.enable = true; + hardware.bluetooth.package = pkgs.bluez; + hardware.sensor.iio.enable = true; + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Set your time zone. + time.timeZone = "America/Los_Angeles"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Fonts + fonts.packages = with pkgs; [ + nerdfonts + ]; + + # Define user account. + users.users.${user} = { + isNormalUser = true; + extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; + shell = pkgs.bash; + }; + + environment.systemPackages = with pkgs; [ + cowsay # A program which generates ASCII pictures of a cow with a message + ]; + + # Did you read the comment? + system.stateVersion = "23.11"; +} diff --git a/provision/hosts/default/default.nix b/provision/hosts/default/default.nix index 52f8ba6d..43e9b54f 100644 --- a/provision/hosts/default/default.nix +++ b/provision/hosts/default/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./home-configuration.nix ]; + imports = [ ./configuration.nix ./home-configuration.nix ]; } diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index dbdf43bd..18d54a96 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -4,60 +4,18 @@ ./syncthing.nix ]; - nix = { - package = pkgs.nixFlakes; - extraOptions = "experimental-features = nix-command flakes"; - - settings.auto-optimise-store = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - # Add non-free packages - nixpkgs.config.allowUnfree = true; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ]; - nixpkgs.overlays = import ../../lib/overlays.nix; - # Use zen kernel boot.kernelPackages = pkgs.linuxPackages_zen; - # Hardware options - hardware.bluetooth.enable = true; - hardware.bluetooth.package = pkgs.bluez; - hardware.sensor.iio.enable = true; - hardware.graphics.enable = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Set networking options networking.hostName = "kestrel"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - i18n.defaultLocale = "en_US.UTF-8"; - - # Add fonts - fonts.packages = with pkgs; [ - nerdfonts - ]; - # Enable docker virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "btrfs"; - # Define user account. - users.users.${user} = { - isNormalUser = true; - extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user. - }; - # Password-less root security.sudo.extraRules = [{ users = [ "${user}" ]; @@ -71,10 +29,10 @@ distrobox # Platform for creating and managing Linux distribution images. ]; - # host secrets + # Secrets age.secrets."wireguard/kestrel".file = ../../secrets/wireguard/kestrel.age; - # System modules + # Modules modules = { desktop = { sway.enable = false; @@ -116,7 +74,6 @@ }; }; - # Home manager modules home-manager.users.${user} = { modules = { desktop = { @@ -124,7 +81,4 @@ }; }; }; - - # Did you read the comment? - system.stateVersion = "23.11"; } diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index c64b2d0c..f75e0df5 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -4,60 +4,17 @@ ./syncthing.nix ]; - nix = { - package = pkgs.nixFlakes; - extraOptions = "experimental-features = nix-command flakes"; - - settings.auto-optimise-store = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - # Add non-free packages - nixpkgs.config.allowUnfree = true; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ]; - nixpkgs.overlays = import ../../lib/overlays.nix; - # Use zen kernel boot.kernelPackages = pkgs.linuxPackages_zen; - # Hardware options - hardware.bluetooth.enable = true; - hardware.bluetooth.package = pkgs.bluez; - hardware.sensor.iio.enable = true; - hardware.graphics.enable = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Set networking options networking.hostName = "shivan"; networking.firewall.checkReversePath = "loose"; networking.firewall.enable = false; - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - i18n.defaultLocale = "en_US.UTF-8"; - - # Add fonts - fonts.packages = with pkgs; [ - nerdfonts - ]; # Enable docker virtualisation.docker.enable = true; - # Define user account. - users.users.${user} = { - isNormalUser = true; - extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user. - }; - # Password-less root security.sudo.extraRules = [{ users = [ "${user}" ]; @@ -71,7 +28,7 @@ distrobox # Platform for creating and managing Linux distribution images. ]; - # Enable modules + # Modules modules = { desktop = { sway.enable = true; @@ -98,17 +55,10 @@ secrets.enable = true; ssh.enable = true; terminal.enable = true; - wireguard-client = { - enable = false; - #privateKeyFile = "/run/secrets/wireguard/kestrel"; - #address = [ "192.168.3.3/24" ]; - #publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ="; - #endpoint = "66.218.43.87"; - }; + wireguard-client.enable = false; }; }; - # Home manager modules home-manager.users.${user} = { modules = { desktop = { @@ -116,16 +66,4 @@ }; }; }; - - # Home manager modules - home-manager.users.${user} = { - modules = { - desktop = { - kitty.enable = true; - }; - }; - }; - - # Did you read the comment? - system.stateVersion = "23.11"; } diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix index 065378e6..c50efdde 100644 --- a/provision/hosts/torus/configuration.nix +++ b/provision/hosts/torus/configuration.nix @@ -11,51 +11,22 @@ ./nextcloud.nix ]; - nix = { - package = pkgs.nixFlakes; - extraOptions = "experimental-features = nix-command flakes"; - - settings.auto-optimise-store = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - # Add non-free packages - nixpkgs.config.allowUnfree = true; - nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; - nixpkgs.overlays = import ../../lib/overlays.nix; - # Use normal kernel boot.kernelPackages = pkgs.linuxPackages; # Set kernel modules boot.kernelModules = [ "sg" ]; - # Hardware options - hardware.graphics.enable = true; - hardware.graphics.enable32Bit = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Set networking options networking.hostName = "torus"; - # Needed for wireguard-server - boot.kernel.sysctl = { - "net.ipv4.conf.all.forwarding" = true; - }; networking.firewall.enable = true; networking.firewall.checkReversePath = "loose"; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ 80 443 ]; - - # Set your time zone. - time.timeZone = "America/Los_Angeles"; - i18n.defaultLocale = "en_US.UTF-8"; + networking.nameservers = [ "8.8.8.8" "8.8.4.4" ]; + boot.kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; # Needed for wireguard-server + }; # Enable virtualisation virtualisation.docker.enable = true; @@ -63,19 +34,9 @@ virtualisation.docker.enableNvidia = true; services.xserver.videoDrivers = [ "nvidia" ]; - - # Define user account. - users.users.${user} = { - isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user. - shell = pkgs.bash; - }; - environment.systemPackages = with pkgs; [ docker-compose # Tool for defining and running multi-container Docker applications. python3 # Interpreted, high-level programming language known for its simplicity and versatility. - zk # Command-line tool for interacting with Apache ZooKeeper, a centralized service for distributed systems. - gollum # Wiki software that provides a simple, Git-based wiki engine. ]; security.acme = { @@ -83,14 +44,9 @@ defaults.email = "starrtyler88@gmail.com"; }; - + # Nginx security.pam.services.nginx.setEnvironment = false; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = [ "shadow" ]; - }; - - networking.nameservers = [ "8.8.8.8" "8.8.4.4" ]; - + systemd.services.nginx.serviceConfig = { SupplementaryGroups = [ "shadow" ]; }; services.nginx = { enable = true; recommendedGzipSettings = true; @@ -133,7 +89,7 @@ }; }; - # Enable modules + # Modules modules = { devel = { tooling.enable = true; @@ -148,7 +104,6 @@ }; }; - # Home manager modules home-manager.users.${user} = { modules = { desktop = { @@ -156,7 +111,4 @@ }; }; }; - - # Did you read the comment? - system.stateVersion = "23.11"; }