From 3440bc178cb862eede12d1394120999285a23e8b Mon Sep 17 00:00:00 2001 From: catvayor Date: Thu, 3 Oct 2024 17:42:38 +0200 Subject: [PATCH] ~ --- hive.nix | 8 ++- kat/default.nix | 30 ++++++++- machines/kat-mail-test/default.nix | 42 +++--------- machines/kat-manah/default.nix | 47 ++++--------- machines/kat-orchid/default.nix | 36 ++-------- machines/kat-probook/default.nix | 103 ++++++++++++----------------- machines/kat-son/default.nix | 44 ++---------- machines/kat-virt/default.nix | 92 ++------------------------ machines/kat-watcher/default.nix | 61 ++++------------- 9 files changed, 128 insertions(+), 335 deletions(-) diff --git a/hive.nix b/hive.nix index 8e8aeaf..402de0c 100644 --- a/hive.nix +++ b/hive.nix @@ -166,12 +166,17 @@ in perl git ]; - boot.supportedFilesystems = [ "bcachefs" ]; programs.zsh.enable = true; services.openssh.enable = true; services.qemuGuest.enable = true; + boot.supportedFilesystems = { + bcachefs = true; + zfs = lib.mkForce false; + }; boot.kernelParams = [ "console=ttyS0" ]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; services.getty.autologinUser = lib.mkForce "root"; + system.stateVersion = lib.mkForce "24.11"; }; kat-kexec = @@ -212,5 +217,6 @@ in zfs = lib.mkForce false; }; services.getty.autologinUser = lib.mkForce "root"; + system.stateVersion = lib.mkForce "24.11"; }; } diff --git a/kat/default.nix b/kat/default.nix index 6b3292c..66ba518 100644 --- a/kat/default.nix +++ b/kat/default.nix @@ -35,12 +35,19 @@ with lib; ''; }; }; - boot.tmp.useTmpfs = true; + + boot = { + tmp.useTmpfs = true; + supportedFilesystems.bcachefs = mkDefault true; + kernelPackages = pkgs.linuxPackages_latest; + }; + networking = { useNetworkd = true; nftables.enable = true; }; systemd.network.enable = true; + nix = { nixPath = [ "nixpkgs=${builtins.storePath pkgs.path}" @@ -50,6 +57,27 @@ with lib; settings.nix-path = config.nix.nixPath; package = pkgs.lix; }; + + time.timeZone = mkDefault "Europe/Paris"; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = mkDefault "fr"; + }; + + environment.systemPackages = with pkgs; [ + tree + ranger + ripgrep + wget + git + lazygit + btop + screen + nix-search-cli + nix-output-monitor + ]; + services = { resolved.enable = !config.boot.isContainer; openssh.settings = { diff --git a/machines/kat-mail-test/default.nix b/machines/kat-mail-test/default.nix index 7cbd4ab..69107cc 100644 --- a/machines/kat-mail-test/default.nix +++ b/machines/kat-mail-test/default.nix @@ -16,14 +16,13 @@ in ./modo.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - time.timeZone = "Europe/Paris"; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; networking = { + useNetworkd = lib.mkForce false; interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ @@ -50,34 +49,11 @@ in ]; }; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; + services = { + openssh.enable = true; + netbird.enable = true; }; - services.dbus.packages = with pkgs; [ dconf ]; - - nixpkgs.config.allowUnfree = true; - - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - wget - nix-search-cli - git - btop - ranger - screen - ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.openssh.enable = true; - networking.firewall.enable = false; security.acme = { @@ -113,7 +89,5 @@ in certificateScheme = "acme"; }; - services.netbird.enable = true; - system.stateVersion = "23.11"; } diff --git a/machines/kat-manah/default.nix b/machines/kat-manah/default.nix index 2ac6d0e..1e9414e 100644 --- a/machines/kat-manah/default.nix +++ b/machines/kat-manah/default.nix @@ -5,17 +5,22 @@ nodes, ... }: - { imports = [ ./hardware-configuration.nix ]; - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + kernel.sysctl."net.ipv4.ip_forward" = true; + kernelModules = [ + "kvm-intel" + "kvm-amd" + ]; + }; kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; systemd.network = { @@ -61,42 +66,14 @@ }; }; - time.timeZone = "Europe/Paris"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - services.dbus.packages = with pkgs; [ dconf ]; - - nixpkgs.config.allowUnfree = true; - - programs.zsh.enable = true; - environment.systemPackages = with pkgs; [ - wget - brightnessctl - nix-search-cli - git - btop - ranger dnsmasq - screen + tcpdump ]; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - services.openssh.enable = true; services.netbird.enable = true; - boot.kernelModules = [ - "kvm-intel" - "kvm-amd" - ]; programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; diff --git a/machines/kat-orchid/default.nix b/machines/kat-orchid/default.nix index ed5ce00..f9968ec 100644 --- a/machines/kat-orchid/default.nix +++ b/machines/kat-orchid/default.nix @@ -1,5 +1,3 @@ -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, @@ -13,14 +11,13 @@ ./disks.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - time.timeZone = "Europe/Paris"; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; networking = { + useNetworkd = lib.mkForce false; interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ @@ -47,31 +44,8 @@ ]; }; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - services.dbus.packages = with pkgs; [ dconf ]; - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - wget - nix-search-cli - git - btop - ranger - screen - tree - ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - services.openssh.enable = true; networking.firewall.enable = false; diff --git a/machines/kat-probook/default.nix b/machines/kat-probook/default.nix index 457b137..0f6a98f 100644 --- a/machines/kat-probook/default.nix +++ b/machines/kat-probook/default.nix @@ -13,86 +13,65 @@ # ./router.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; networking.networkmanager.enable = true; - networking.nftables.enable = true; - time.timeZone = "Europe/Paris"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; nixpkgs.config.allowUnfree = true; security.rtkit.enable = true; - services.pipewire = { + hardware.bluetooth = { enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - hardware = { - bluetooth = { - enable = true; - powerOnBoot = false; - }; + powerOnBoot = false; }; - environment.systemPackages = with pkgs; [ - wget - brightnessctl - nix-search-cli - git - btop - ranger - tree - lazygit - nix-output-monitor - ripgrep - ]; + environment.systemPackages = with pkgs; [ brightnessctl ]; fonts.packages = with pkgs; [ fira-code-nerdfont font-awesome ]; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; + services = { + pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + }; + syncthing = { + enable = true; + systemService = true; + dataDir = "/home/catvayor"; + user = "catvayor"; + group = "users"; + openDefaultPorts = true; + settings = { + folders."essentials" = { + path = "~/essentials"; + id = "vgpwu-fk3ct"; + devices = [ + "katel" + ]; + }; + devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ"; + }; + }; + netbird.enable = true; }; - services.syncthing = { - enable = true; - systemService = true; - dataDir = "/home/catvayor"; - user = "catvayor"; - group = "users"; - openDefaultPorts = true; - settings = { - folders."essentials" = { - path = "~/essentials"; - id = "vgpwu-fk3ct"; - devices = [ - "katest" - "katel" - ]; - }; - devices.katest.id = "UPVXT7D-ZQF4E3J-4WKLLRV-2KF7323-7VOMEJJ-4PZVXW4-UQ2YABE-G7ID4AD"; - devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ"; + programs = { + steam.enable = true; + virt-manager.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; }; }; - services.netbird.enable = true; - - programs.steam.enable = true; - - # boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; - programs.virt-manager.enable = true; - # virtualisation.libvirtd.enable = true; system.stateVersion = "23.11"; } diff --git a/machines/kat-son/default.nix b/machines/kat-son/default.nix index 31ab59b..f12feb9 100644 --- a/machines/kat-son/default.nix +++ b/machines/kat-son/default.nix @@ -1,5 +1,3 @@ -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, @@ -12,14 +10,13 @@ ./disks.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - time.timeZone = "Europe/Paris"; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; networking = { + useNetworkd = lib.mkForce false; interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ @@ -46,35 +43,6 @@ ]; }; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - services.dbus.packages = with pkgs; [ dconf ]; - - nixpkgs.config.allowUnfree = true; - - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - wget - nix-search-cli - git - btop - ranger - screen - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - services.openssh.enable = true; networking.firewall.enable = false; @@ -93,5 +61,5 @@ }; }; - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.11"; } diff --git a/machines/kat-virt/default.nix b/machines/kat-virt/default.nix index b91208e..90e5c4f 100644 --- a/machines/kat-virt/default.nix +++ b/machines/kat-virt/default.nix @@ -4,18 +4,16 @@ pkgs, ... }: - { imports = [ ./hardware-configuration.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - time.timeZone = "Europe/Paris"; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; networking = { + useNetworkd = lib.mkForce false; interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ @@ -42,59 +40,6 @@ ]; }; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # security.polkit.enable = true; - # programs.light.enable = true; - services.dbus.packages = with pkgs; [ dconf ]; - - nixpkgs.config.allowUnfree = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - wget - nix-search-cli - git - btop - ranger - screen - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; security.acme = { @@ -113,32 +58,7 @@ }; }; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. networking.firewall.enable = false; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.11"; } diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index 8247948..c6fc932 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -11,23 +11,18 @@ ./disks.nix ]; - boot = { - loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; - supportedFilesystems = [ "bcachefs" ]; - kernelPackages = pkgs.linuxPackages_latest; + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; }; - time.timeZone = "Europe/Paris"; + kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; networking = { - useNetworkd = true; useDHCP = false; + firewall.allowedUDPPorts = [ 1194 ]; }; - kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; systemd.network = { enable = true; networks = { @@ -77,22 +72,16 @@ wireguardPeers = [ { - AllowedIPs = [ - "10.42.0.1/32" - ]; - PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; + AllowedIPs = [ + "10.42.0.1/32" + ]; + PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; } ]; }; }; }; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; @@ -105,33 +94,11 @@ ''; }; - services.dbus.packages = with pkgs; [ dconf ]; + environment.systemPackages = with pkgs; [ tcpdump ]; - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - wget - nix-search-cli - git - btop - ranger - screen - ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.openssh.enable = true; - - services.netbird.enable = true; - networking = { - nftables.enable = true; - firewall = { - allowedTCPPorts = [ 22 ]; - allowedUDPPorts = [ 1194 ]; - }; + services = { + openssh.enable = true; + netbird.enable = true; }; system.stateVersion = "23.11";