From 9b00e9003c57b284c80de854ea89dff137179b6a Mon Sep 17 00:00:00 2001 From: Swarsel Date: Thu, 21 Dec 2023 23:04:35 +0100 Subject: [PATCH] add twoson config; start adding server config --- Nix.org | 540 +++++++++++++++++++++++++--- flake.lock | 37 ++ flake.nix | 126 +++++-- profiles/TEMPLATE/nixos.nix | 1 - profiles/server1/TEMPLATE/nixos.nix | 35 ++ profiles/twoson/home.nix | 128 +++++++ profiles/twoson/nixos.nix | 103 ++++++ secrets/keys/authorized_keys | 1 + 8 files changed, 880 insertions(+), 91 deletions(-) create mode 100644 profiles/server1/TEMPLATE/nixos.nix create mode 100644 profiles/twoson/home.nix create mode 100644 profiles/twoson/nixos.nix create mode 100644 secrets/keys/authorized_keys diff --git a/Nix.org b/Nix.org index f2f8caf..974da1a 100644 --- a/Nix.org +++ b/Nix.org @@ -149,6 +149,246 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann #+end_src +** flake.nix +*** Inputs & Inputs@Outputs + +#+begin_src nix :noweb-ref flakeinputsatoutputs + + nixpkgs, + home-manager, + nix-on-droid, + nixos-generators, + emacs-overlay, + nur, + nixgl, + stylix, + sops-nix, + lanzaboote, + +#+end_src + +#+begin_src nix :noweb-ref flakeinputs + + nixpkgs.url = github:nixos/nixpkgs/nixos-unstable; + + + # user-level configuration + home-manager = { + url = github:nix-community/home-manager; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # overlay to access bleeding edge emacs + emacs-overlay = { + url = github:nix-community/emacs-overlay; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # nix user repository + # i use this mainly to not have to build all firefox extensions + # myself as well as for the emacs-init package (tbd) + nur.url = github:nix-community/NUR; + + # provides GL to non-NixOS hosts + nixgl.url = github:guibou/nixGL; + + # manages all themeing using Home-Manager + stylix.url = github:danth/stylix; + + # nix secrets management + sops-nix.url = github:Mic92/sops-nix; + + # enable secure boot on NixOS + lanzaboote.url = github:nix-community/lanzaboote; + + # nix for android + nix-on-droid = { + url = github:t184256/nix-on-droid/release-23.05; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # generate NixOS images + nixos-generators = { + url = github:nix-community/nixos-generators; + inputs.nixpkgs.follows = "nixpkgs"; + }; + +#+end_src +*** let + +#+begin_src nix :noweb-ref flakelet + + system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment + pkgs = import nixpkgs { inherit system; + overlays = [ emacs-overlay.overlay + nur.overlay + nixgl.overlay + ]; + config.allowUnfree = true; + }; + # NixOS modules that can only be used on NixOS systems + nixModules = [ stylix.nixosModules.stylix + ./profiles/common/nixos.nix + ]; + + # Home-Manager modules wanted on non-NixOS systems + homeModules = [ stylix.homeManagerModules.stylix + ]; + # Home-Manager modules wanted on both NixOS and non-NixOS systems + mixedModules = [ sops-nix.homeManagerModules.sops + ./profiles/common/home.nix + ]; + +#+end_src +*** nixosConfigurations + +#+begin_src nix :noweb-ref flakenixosconf + + onett = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/onett/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/onett/home.nix + ]; + } + ]; + }; + + twoson = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/twoson/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/twoson/home.nix + ]; + } + ]; + }; + + stand = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/stand/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.homelen.imports = mixedModules ++ [ + ./profiles/stand/home.nix + ]; + } + ]; + }; + + threed = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + lanzaboote.nixosModules.lanzaboote + ./profiles/threed/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/threed/home.nix + ]; + } + ]; + }; + +#+end_src +*** homeConfigurations + +#+begin_src nix :noweb-ref flakehomeconf + + "leons@PCisLee" = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = homeModules ++ mixedModules ++ [ + ./profiles/surface/home.nix + ]; + }; + +#+end_src + +*** nixOnDroidConfigurations + +#+begin_src nix :noweb-ref flakedroidconf + + default = nix-on-droid.lib.nixOnDroidConfiguration { + modules = [ + ./profiles/mysticant/configuration.nix + ]; + }; + +#+end_src + +*** nixos-generators + +#+begin_src nix :noweb-ref flakenixosgenerators + + proxmox-lxc = nixos-generators.nixosGenerate { + inherit system; + modules = [ + ./profiles/server1/TEMPLATE/nixos.nix + ]; + format = "proxmox-lxc"; + }; + +#+end_src + +* flake.nix + +This tangles the flake.nix file; This block only needs to be touched when updating the general structure of the flake. For everything else, see the respective noweb-ref block. + +#+begin_src nix :noweb yes :tangle flake.nix + + { + description = "SwarseFlake - Nix Flake for all SwarselSystems"; + + inputs = { + <> + }; + + outputs = inputs@{ + self, + <> + ... + }: let + <> + in { + + # NixOS setups - run home-manager as a NixOS module for better compatibility + # another benefit - full rebuild on nixos-rebuild switch + # run rebuild using `nswitch` + + # NEW HOSTS: For a new host, decide whether a NixOS (nixosConfigurations) or non-NixOS (homeConfigurations) is used. + # Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/. + + nixosConfigurations = { + <> + }; + + # pure Home Manager setups - for non-NixOS machines + # run rebuild using `hmswitch` + + homeConfigurations = { + <> + }; + + nixOnDroidConfigurations = { + <> + }; + + packages.x86_64-linux = { + <> + }; + + }; + } + +#+end_src + * TODO System specific configuration This section mainly exists house different `configuration.nix` files for system level configurations of NixOS systems as well as `home.nix` for user level configurations on all systems. @@ -215,7 +455,6 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } #+end_src @@ -308,11 +547,12 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl #+end_src -** TODO Surface +** Physical hosts +*** TODO Surface My Surface Pro 3, only used for on-the-go university work. Be careful when pushing largechanges to this machine, as it easily runs out of memory on large switches. At the moment the only machine running non-NixOS, so special care must be taken not to break this one during updates. -*** TODO Channel setup +**** TODO Channel setup This installs nixGL, which is needed to run GL apps installed through home-manager, since this machine is not using NixOS. @@ -327,7 +567,7 @@ This installs nixGL, which is needed to run GL apps installed through home-manag This is needed in order to use EGL. Prefix programs that use it with `nixGL` -*** Home manager +**** Home manager #+begin_src nix :noweb yes :tangle profiles/surface/home.nix @@ -463,11 +703,11 @@ This is needed in order to use EGL. Prefix programs that use it with `nixGL` #+end_src -** Onett (Lenovo Y510P) +*** Onett (Lenovo Y510P) My laptop, sadly soon to be replaced by a new one, since most basic functions are stopping to work lately. -*** NixOS +**** NixOS #+begin_src nix :noweb yes :tangle profiles/onett/nixos.nix @@ -523,7 +763,7 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar #+end_src -*** Home Manager +**** Home Manager #+begin_src nix :noweb yes :tangle profiles/onett/home.nix @@ -625,13 +865,10 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar #+end_src -** Stand +*** Twoson (Lenovo Thinkpad T14s Gen3) +**** NixOS -My home PC, the most powerful machine. Sadly Sway cannot make good use out of it's NVIDIA card, so it runs a dual boot setup with a kind of broken GRUB that does not autodetect the windows partition. - -*** NixOS - -#+begin_src nix :noweb yes :tangle profiles/stand/nixos.nix +#+begin_src nix :noweb yes :tangle profiles/twoson/nixos.nix { config, lib, pkgs, inputs, ... }: @@ -640,35 +877,38 @@ My home PC, the most powerful machine. Sadly Sway cannot make good use out of it <> services = { - getty.autologinUser = "homelen"; - greetd.settings.initial_session.user="homelen"; + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user="swarsel"; }; - stylix.image = ../../wallpaper/standwp.png; + # Bootloader + # boot.loader.grub.enable = true; + # boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + # boot.loader.grub.useOSProber = true; + + # -------------------------------------- + # you might need a configuration like this instead: + # Bootloader + # boot.loader.grub.enable = true; + # boot.loader.grub.devices = ["nodev" ]; + # boot.loader.grub.useOSProber = true; + # boot.kernelPackages = pkgs.linuxPackages_latest; + # -------------------------------------- + + networking.hostName = "twoson"; # Define your hostname. + + stylix.image = ../../wallpaper/t14swp.png; <> - # Bootloader. - boot.loader.grub = { - enable = true; - devices = ["nodev" ]; - useOSProber = true; + # Configure keymap in X11 (only used for login) + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; }; - # boot.kernelPackages = pkgs.linuxPackages_latest; - networking = { - hostName = "stand"; # Define your hostname. - enableIPv6 = false; - firewall.enable = false; - # networkmanager.enable = true; - }; - - hardware = { - bluetooth.enable = true; - }; - - users.users.homelen = { + users.users.swarsel = { isNormalUser = true; - description = "Leon S"; + description = "TEMPLATE"; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; packages = with pkgs; []; }; @@ -676,62 +916,90 @@ My home PC, the most powerful machine. Sadly Sway cannot make good use out of it environment.systemPackages = with pkgs; [ ]; - system.stateVersion = "23.05"; # Did you read the comment? Dont change this basically + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + } #+end_src -*** Home Manager -#+begin_src nix :noweb yes :tangle profiles/stand/home.nix +**** Home Manager +#+begin_src nix :noweb yes :tangle profiles/twoson/home.nix { config, pkgs, lib, fetchFromGitHub, ... }: { - <> - + <> home = { - username = "homelen"; - homeDirectory = "/home/homelen"; - stateVersion = "23.05"; # Please read the comment before changing. - keyboard.layout = "us"; - packages = with pkgs; [ + username = "swarsel"; + homeDirectory = "/home/swarsel"; + stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. + keyboard.layout = "us"; # TEMPLATE + home.packages = with pkgs; [ + # --------------------------------------------------------------- + # if schildichat works on this machine, use it, otherwise go for element + # element-desktop + # --------------------------------------------------------------- ]; }; - + # update path if the sops private key is stored somewhere else sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; - services.blueman-applet.enable = true; - - # waybar config + # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { + #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; }; - <> + + # ----------------------------------------------------------------- + # is this machine always connected to power? If yes, use this block: + # <> + # ----------------------------------------------------------------- + + # ----------------------------------------------------------------- + # if not always connected to power (laptop), use this (default): + <> + # ----------------------------------------------------------------- wayland.windowManager.sway= { config = rec { + # update for actual inputs here, input = { "36125:53060:splitkb.com_Kyria_rev3" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; + # "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + # xkb_layout = "us"; + # xkb_options = "grp:win_space_toggle"; + # # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; + # xkb_variant = "altgr-intl"; + # }; + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; + }; + }; output = { DP-1 = { - mode = "2560x1440"; + mode = "1920x1280"; # TEMPLATE scale = "1"; - bg = "~/.dotfiles/wallpaper/standwp.png fill"; + bg = "~/.dotfiles/wallpaper/t14swp.png fill"; }; }; keybindings = let modifier = config.wayland.windowManager.sway.config.modifier; in { + # TEMPLATE "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; }; startup = [ @@ -743,11 +1011,11 @@ My home PC, the most powerful machine. Sadly Sway cannot make good use out of it #+end_src -** Threed (Surface Pro 3) +*** Threed (Surface Pro 3) New setup for the SP3, this time using NixOS - another machine will take over the HM-only config for compatibility in the future. -*** NixOS +**** NixOS #+begin_src nix :noweb yes :tangle profiles/threed/nixos.nix @@ -801,7 +1069,7 @@ New setup for the SP3, this time using NixOS - another machine will take over th #+end_src -*** Home Manager +**** Home Manager #+begin_src nix :noweb yes :tangle profiles/threed/home.nix { config, pkgs, lib, fetchFromGitHub, ... }: @@ -881,6 +1149,168 @@ New setup for the SP3, this time using NixOS - another machine will take over th } #+end_src +*** Stand + +My home PC, the most powerful machine. Sadly Sway cannot make good use out of it's NVIDIA card, so it runs a dual boot setup with a kind of broken GRUB that does not autodetect the windows partition. + +**** NixOS + +#+begin_src nix :noweb yes :tangle profiles/stand/nixos.nix + + { config, lib, pkgs, inputs, ... }: + + { + + <> + + services = { + getty.autologinUser = "homelen"; + greetd.settings.initial_session.user="homelen"; + }; + + stylix.image = ../../wallpaper/standwp.png; + <> + + # Bootloader. + boot.loader.grub = { + enable = true; + devices = ["nodev" ]; + useOSProber = true; + }; + + # boot.kernelPackages = pkgs.linuxPackages_latest; + networking = { + hostName = "stand"; # Define your hostname. + enableIPv6 = false; + firewall.enable = false; + # networkmanager.enable = true; + }; + + hardware = { + bluetooth.enable = true; + }; + + users.users.homelen = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; []; + }; + + environment.systemPackages = with pkgs; [ + ]; + + system.stateVersion = "23.05"; # Did you read the comment? Dont change this basically + + } + +#+end_src + +**** Home Manager +#+begin_src nix :noweb yes :tangle profiles/stand/home.nix + + { config, pkgs, lib, fetchFromGitHub, ... }: + + { + + <> + + home = { + username = "homelen"; + homeDirectory = "/home/homelen"; + stateVersion = "23.05"; # Please read the comment before changing. + keyboard.layout = "us"; + packages = with pkgs; [ + ]; + }; + + sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + + services.blueman-applet.enable = true; + + # waybar config + programs.waybar.settings.mainBar = { + cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; + temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; + }; + <> + + wayland.windowManager.sway= { + config = rec { + input = { + "36125:53060:splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + + output = { + DP-1 = { + mode = "2560x1440"; + scale = "1"; + bg = "~/.dotfiles/wallpaper/standwp.png fill"; + }; + }; + + keybindings = let + modifier = config.wayland.windowManager.sway.config.modifier; + in { + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + }; + + startup = [ + <> + ]; + }; + }; + } + +#+end_src + +** Virtual hosts +*** TEMPLATE +**** NixOS + +#+begin_src nix :tangle profiles/server1/TEMPLATE/nixos.nix + + { pkgs, modulesPath, ... }: + + { + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + proxmoxLXC.manageNetwork = true; # manage network myself + proxmoxLXC.manageHostName = true; # manage hostname myself + networking.hostName = "TEMPLATE"; # Define your hostname. + networking.useDHCP = true; + networking.enableIPv6 = false; + networking.firewall.enable = false; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; + # users.users.root.password = "TEMPLATE"; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + } + +#+end_src + * Common NixOS These are system-level settings specific to NixOS machines. All settings that are required on all machines go here. diff --git a/flake.lock b/flake.lock index 813926e..5ad0b9d 100644 --- a/flake.lock +++ b/flake.lock @@ -469,6 +469,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1693701915, + "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701689616, + "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "246219bc21b943c6f6812bb7744218ba0df08600", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1699354722, @@ -713,6 +749,7 @@ "lanzaboote": "lanzaboote", "nix-on-droid": "nix-on-droid", "nixgl": "nixgl", + "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_3", "nur": "nur", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index 0fe5d8d..aa80ff6 100644 --- a/flake.nix +++ b/flake.nix @@ -2,46 +2,70 @@ description = "SwarseFlake - Nix Flake for all SwarselSystems"; inputs = { + nixpkgs.url = github:nixos/nixpkgs/nixos-unstable; - + + # user-level configuration home-manager = { url = github:nix-community/home-manager; inputs.nixpkgs.follows = "nixpkgs"; - }; - + }; + # overlay to access bleeding edge emacs emacs-overlay = { url = github:nix-community/emacs-overlay; inputs.nixpkgs.follows = "nixpkgs"; }; - + # nix user repository # i use this mainly to not have to build all firefox extensions # myself as well as for the emacs-init package (tbd) nur.url = github:nix-community/NUR; - + # provides GL to non-NixOS hosts nixgl.url = github:guibou/nixGL; - + # manages all themeing using Home-Manager stylix.url = github:danth/stylix; - + # nix secrets management sops-nix.url = github:Mic92/sops-nix; - + # enable secure boot on NixOS lanzaboote.url = github:nix-community/lanzaboote; - + # nix for android nix-on-droid = { url = github:t184256/nix-on-droid/release-23.05; inputs.nixpkgs.follows = "nixpkgs"; }; - + + # generate NixOS images + nixos-generators = { + url = github:nix-community/nixos-generators; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; - outputs = inputs@{ self, nixpkgs, home-manager, nix-on-droid, emacs-overlay, nur, nixgl, stylix, sops-nix, lanzaboote, ... }: let + outputs = inputs@{ + self, + + nixpkgs, + home-manager, + nix-on-droid, + nixos-generators, + emacs-overlay, + nur, + nixgl, + stylix, + sops-nix, + lanzaboote, + + ... + }: let + system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment pkgs = import nixpkgs { inherit system; overlays = [ emacs-overlay.overlay @@ -54,7 +78,7 @@ nixModules = [ stylix.nixosModules.stylix ./profiles/common/nixos.nix ]; - + # Home-Manager modules wanted on non-NixOS systems homeModules = [ stylix.homeManagerModules.stylix ]; @@ -62,6 +86,7 @@ mixedModules = [ sops-nix.homeManagerModules.sops ./profiles/common/home.nix ]; + in { # NixOS setups - run home-manager as a NixOS module for better compatibility @@ -72,20 +97,33 @@ # Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/. nixosConfigurations = { - - onett = nixpkgs.lib.nixosSystem { + + onett = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ ./profiles/onett/nixos.nix home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/onett/home.nix + ./profiles/onett/home.nix ]; } ]; - }; - + }; + + twoson = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/twoson/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/twoson/home.nix + ]; + } + ]; + }; + stand = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ @@ -93,12 +131,12 @@ home-manager.nixosModules.home-manager { home-manager.users.homelen.imports = mixedModules ++ [ - ./profiles/stand/home.nix + ./profiles/stand/home.nix ]; } ]; - }; - + }; + threed = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ @@ -107,30 +145,48 @@ home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/threed/home.nix + ./profiles/threed/home.nix ]; } ]; - }; - - }; + }; + + }; # pure Home Manager setups - for non-NixOS machines # run rebuild using `hmswitch` - homeConfigurations = { + homeConfigurations = { + + "leons@PCisLee" = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = homeModules ++ mixedModules ++ [ + ./profiles/surface/home.nix + ]; + }; + + }; - "leons@PCisLee" = home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = homeModules ++ mixedModules ++ [ - ./profiles/surface/home.nix - ]; - }; + nixOnDroidConfigurations = { + + default = nix-on-droid.lib.nixOnDroidConfiguration { + modules = [ + ./profiles/mysticant/configuration.nix + ]; + }; + + }; - }; - - nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { - modules = [ ./profiles/mysticant/configuration.nix ]; + packages.x86_64-linux = { + + proxmox-lxc = nixos-generators.nixosGenerate { + inherit system; + modules = [ + ./profiles/server1/TEMPLATE/nixos.nix + ]; + format = "proxmox-lxc"; + }; + }; }; diff --git a/profiles/TEMPLATE/nixos.nix b/profiles/TEMPLATE/nixos.nix index fb6f2f7..c9c02fd 100644 --- a/profiles/TEMPLATE/nixos.nix +++ b/profiles/TEMPLATE/nixos.nix @@ -99,5 +99,4 @@ system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } diff --git a/profiles/server1/TEMPLATE/nixos.nix b/profiles/server1/TEMPLATE/nixos.nix new file mode 100644 index 0000000..a0c8baa --- /dev/null +++ b/profiles/server1/TEMPLATE/nixos.nix @@ -0,0 +1,35 @@ +{ pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + proxmoxLXC.manageNetwork = true; # manage network myself + proxmoxLXC.manageHostName = true; # manage hostname myself + networking.hostName = "TEMPLATE"; # Define your hostname. + networking.useDHCP = true; + networking.enableIPv6 = false; + networking.firewall.enable = false; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; + # users.users.root.password = "TEMPLATE"; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change +} diff --git a/profiles/twoson/home.nix b/profiles/twoson/home.nix new file mode 100644 index 0000000..61891c0 --- /dev/null +++ b/profiles/twoson/home.nix @@ -0,0 +1,128 @@ +{ config, pkgs, lib, fetchFromGitHub, ... }: + +{ + + + home = { + username = "swarsel"; + homeDirectory = "/home/swarsel"; + stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. + keyboard.layout = "us"; # TEMPLATE + home.packages = with pkgs; [ + # --------------------------------------------------------------- + # if schildichat works on this machine, use it, otherwise go for element + # element-desktop + # --------------------------------------------------------------- + ]; + }; + # update path if the sops private key is stored somewhere else + sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + + # waybar config - TEMPLATE - update for cores and temp + programs.waybar.settings.mainBar = { + #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; + cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; + temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; + }; + + # ----------------------------------------------------------------- + # is this machine always connected to power? If yes, use this block: + # + # programs.waybar.settings.mainBar."custom/pseudobat"= { + # format= ""; + # on-click-right= "wlogout -p layer-shell"; + # }; + # programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" + # "mpris" + # "custom/left-arrow-light" + # "network" + # "custom/left-arrow-dark" + # "pulseaudio" + # "custom/left-arrow-light" + # "custom/pseudobat" + # "battery" + # "custom/left-arrow-dark" + # "group/hardware" + # "custom/left-arrow-light" + # "clock#2" + # "custom/left-arrow-dark" + # "clock#1" + # ]; + # + # ----------------------------------------------------------------- + + # ----------------------------------------------------------------- + # if not always connected to power (laptop), use this (default): + + programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; + + # ----------------------------------------------------------------- + + wayland.windowManager.sway= { + config = rec { + # update for actual inputs here, + input = { + "36125:53060:splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + # xkb_layout = "us"; + # xkb_options = "grp:win_space_toggle"; + # # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; + # xkb_variant = "altgr-intl"; + # }; + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; + }; + + }; + + output = { + DP-1 = { + mode = "1920x1280"; # TEMPLATE + scale = "1"; + bg = "~/.dotfiles/wallpaper/t14swp.png fill"; + }; + }; + + keybindings = let + modifier = config.wayland.windowManager.sway.config.modifier; + in { + # TEMPLATE + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; + }; + + startup = [ + + { command = "nextcloud --background";} + { command = "spotify";} + { command = "discord --start-minimized";} + { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "ANKI_WAYLAND=1 anki";} + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} + { command = "nm-applet";} + + ]; + }; + }; +} diff --git a/profiles/twoson/nixos.nix b/profiles/twoson/nixos.nix new file mode 100644 index 0000000..9218afe --- /dev/null +++ b/profiles/twoson/nixos.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + + + imports = + [ + ./hardware-configuration.nix + ]; + + + services = { + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user="swarsel"; + }; + + # Bootloader + # boot.loader.grub.enable = true; + # boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + # boot.loader.grub.useOSProber = true; + + # -------------------------------------- + # you might need a configuration like this instead: + # Bootloader + # boot.loader.grub.enable = true; + # boot.loader.grub.devices = ["nodev" ]; + # boot.loader.grub.useOSProber = true; + # boot.kernelPackages = pkgs.linuxPackages_latest; + # -------------------------------------- + + networking.hostName = "twoson"; # Define your hostname. + + stylix.image = ../../wallpaper/t14swp.png; + + + stylix = { + base16Scheme = ../../wallpaper/swarsel.yaml; + # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml"; + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.capitaine-cursors; + name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + + monospace = { + package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); + name = "FiraCode Nerd Font Mono"; + }; + + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + + + + + # Configure keymap in X11 (only used for login) + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + users.users.swarsel = { + isNormalUser = true; + description = "TEMPLATE"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; []; + }; + + environment.systemPackages = with pkgs; [ + ]; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + +} diff --git a/secrets/keys/authorized_keys b/secrets/keys/authorized_keys new file mode 100644 index 0000000..e908661 --- /dev/null +++ b/secrets/keys/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd0XXoLfRE0AyasxscEBwMqOnLWPqwz+etGqzVNeSw/RcgnxOi903mlVjCH+jzWMSe2GVSgzgM20j/r9sfE2P1z+wq/RODFS04JM0ltUoFkkm/IDZXQ2piOk7AoVi5ajdx4EiBnXY87jvxh5cCgQltkj3ouPF7FVN/MaN21IgWYB8NgkaVGft//OplodlDQNot17c0sFMibY0HcquwmHhqKOtKM1gT98+jZl0rd1rCqXFOvkesW6FPC4nzirPai+Hizp5gncrkJOZmLLqrjVx6PfpQzqzIhoUn1YS5CpyfXnKZUgx2Oi8SENmWOZ9DxYvDklgEttob37E2bIXbUhOw/u4I3olGFgCsKL6jg0N+d5teEaCZFnzlOp0UMWiUo7lVqq7Bwl3rNka2pxEdZ9v/1+m9cJiP7h6pnKmccVGku57iGIDnsnoTrmo1qbAje+EsmPYbc+qMnTDvOdSHTOXnjsyTd+ADklvMHCUAuf6ku4ktQEhlZxU3PvYvKHa1cTCEXxLWjytIgHgTgab9M5IH29Q55LSRRQBzUdkwjOG6KhsqG+xEE6038EbXr0MGKTm01AFmeVZWewmkSLu2UdoOMiw8mTSQhQFfp2QruYHnh7oJCo7ttKT1sLoRX+TfgQm1ryn/orhReg2GFfmbiLGxaJGVNvjqCxqrIFQXx4ZDHw== cardno:22_412_379