Overhaul luna complete

2025-02-25 15:56:58 +01:00 · 2025-02-25 15:56:58 +01:00 · 6f9fdca876
commit 6f9fdca876
parent 06f5971965
110 changed files with 2408 additions and 2129 deletions
--- a/machines/common/configuration.nix
+++ b/machines/common/configuration.nix
@ -1,146 +0,0 @@
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    ../../pkgs/zsh.nix
-  ];
-
-  nixpkgs = {
-    overlays = [
-      outputs.overlays.additions
-      outputs.overlays.modifications
-      outputs.overlays.unstable-packages
-    ];
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-  nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
-
-  programs.nix-ld.enable = true;
-  programs.nix-ld.libraries = with pkgs; [
-    dotnetCorePackages.sdk_9_0
-  ];
-
-  nix.nixPath = ["/etc/nix/path"];
-  environment.etc =
-    lib.mapAttrs'
-    (name: value: {
-      name = "nix/path/${name}";
-      value.source = value.flake;
-    })
-    config.nix.registry;
-
-  nix.settings.trusted-users = [ "root" "horseman" ];
-  nix.settings = {
-    experimental-features = "nix-command flakes";
-    auto-optimise-store = true;
-  };
-
-  time.timeZone = "Europe/Amsterdam";
-  services.lorri.enable = true;
-  services.tailscale.enable = true;
-
-  services.mullvad-vpn.enable = true;
-  services.mullvad-vpn.package = pkgs.mullvad-vpn;
-  networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
-  services.resolved = {
-    enable = true;
-    dnssec = "true";
-    domains = [ "~." ];
-    fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
-  };
-
-  sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
-    defaultSopsFormat = "yaml";
-    age = {
-      sshKeyPaths = [ "/home/horseman/.ssh/id_ed25519" ];
-      keyFile = "/home/horseman/.config/sops/age/keys.txt";
-      generateKey = false;
-    };
-    secrets = {
-      "syncthing/user".owner = "horseman";
-      "syncthing/password".owner = "horseman";
-    };
-    templates = {
-      "syncuser".content = ''${config.sops.placeholder."syncthing/user"}''; 
-      "syncpassword".content = ''${config.sops.placeholder."syncthing/password"}'';       
-    };
-  };
-
-  services.syncthing = {
-    enable = true;
-    user = "horseman";
-    dataDir = "/home/horseman";
-    configDir = "/home/horseman/.config/syncthing";
-    overrideDevices = true;
-    overrideFolders = true;
-    settings = {
-      options = {
-        urAccepted = -1;
-      };
-      gui = {
-        user = config.sops.templates."syncuser".content;
-        password = config.sops.templates."syncpassword".content;
-      };
-      devices = {
-        "luna" = {
-          id = "MW4ZTAX-D7KDLRL-YHNGNCF-V6FW5L4-SCKQKES-BO7KV43-L5667GL-JHIYEAA";
-          autoAcceptFolders = true;
-          name = "luna";
-        };
-        "terra" = {
-          id = "2QWRFLY-ZUY5C6C-X36R5CY-PJSGLYY-5HWIWJN-2YYWRPU-T66GJMU-GXTQ6QK";
-          autoAcceptFolders = true;
-          name = "terra";
-        };
-        "solis" = {
-          id = "YOSYADZ-3OZ3XBH-7XEIK2W-DHAEIFD-5P5ZIHB-PAP74DH-T7GHLKT-O32YEA4";
-          autoAcceptFolders = true;
-          name = "solis";
-        };
-      };
-      folders = {
-        "Documents" = {
-          id = "documentFolder";
-          path = "/home/horseman/Documents";
-          devices = [ "luna" "terra" "solis" ];
-        };
-      };
-    };
-  };
-  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
-  networking.firewall.allowedTCPPorts = [ 8384 22000 ];
-
-  users.users = {
-    horseman = {
-      initialPassword = "1234";
-      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [
-        ../../config/ssh/authorized_keys
-      ];
-      extraGroups = [
-        "wheel"
-        "networkmanager"
-        "docker"
-      ];
-    };
-  };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-    };
-  };
-
-  system.stateVersion = "23.11";
-}
--- a/machines/luna/configuration.nix
+++ b/machines/luna/configuration.nix
@ -7,68 +7,11 @@
  ...
 }: {
  imports = [
-    inputs.home-manager.nixosModules.home-manager
    ./hardware-configuration.nix
-    ../../pkgs/firefox.nix
-    ../common/configuration.nix
+    ./modules.nix
  ];

-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    users = {
-      horseman = import ../../home-manager/apps.nix;
-    };
-  };
-
  networking.hostName = "luna";
-  networking.networkmanager.enable = true;
-  networking.extraHosts = ''
-    127.0.0.1 koala.rails.local members.rails.local leden.rails.local intro.rails.local
-  '';
-
-  services.xserver.enable = true;
-  services.desktopManager.plasma6.enable = true;
-  services.displayManager.sddm.enable = true;
-  services.displayManager.sddm.autoNumlock = true;
-  services.displayManager.defaultSession = "plasma";
-  boot.loader.systemd-boot.enable = true;  
-  boot.kernelModules = [ "snd-seq" "snd-rawmidi" ];
-
-  hardware.bluetooth.enable = true;
-  hardware.pulseaudio.enable = false;
-  services.jack = {
-    jackd.enable = false;
-    alsa.enable = true;
-    loopback.enable = false;
-  };
-
-  environment.plasma6.excludePackages = with pkgs.kdePackages; [
-    kate
-    konsole
-  ];
-  environment.gnome.excludePackages = with pkgs; [
-    gnome-calendar
-    gnome-characters
-    nautilus
-    gnome-clocks
-    gnome-contacts
-    evince
-    file-roller
-    geary
-    gnome-system-monitor
-    eog
-    gnome-logs
-    gnome-maps
-    gnome-music
-    seahorse
-    gnome-text-editor
-  ];
-
-
-  virtualisation.docker.enable = true;
-
-  virtualisation.virtualbox.host.enable = true;
-  users.extraGroups.vboxusers.members = [ "horseman" ];
-
-  users.extraUsers.horseman.extraGroups = [ "jackaudio" ];
+  
+  system.stateVersion = "24.11";
 }
--- a/machines/luna/hardware-configuration.nix
+++ b/machines/luna/hardware-configuration.nix
@ -1,29 +1,33 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/c1447573-eee5-48ea-9937-84330065628b";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/c1447573-eee5-48ea-9937-84330065628b";
+    fsType = "ext4";
+  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B516-99F1";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/B516-99F1";
+    fsType = "vfat";
+  };

-  swapDevices = [ ];
+  swapDevices = [];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/machines/luna/modules.nix
+++ b/machines/luna/modules.nix
@ -0,0 +1,44 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [../../modules];
+
+  config.horseman = {
+    users.horseman.enable = true;
+
+    base = {
+      nix.enable = true;
+    };
+
+    boot = {
+      loader.systemd.enable = true;
+      greeter.sddm.enable = true;
+    };
+
+    wm = {
+      plasma.enable = true;
+    };
+
+    hardware = {
+      audio.enable = true;
+      bluetooth.enable = true;
+      wifi.enable = true;
+    };
+
+    network = {
+      mullvad.enable = true;
+      ssh.enable = true;
+      syncthing.enable = true;
+      tailscale.enable = true;
+    };
+
+    apps = {
+      dev.enable = true;
+    };
+  };
+}
--- a/machines/solis/configuration.nix
+++ b/machines/solis/configuration.nix
@ -6,57 +6,7 @@
  pkgs,
  ...
 }: {
-  imports = [
-    inputs.home-manager.nixosModules.home-manager
-    ./hardware-configuration.nix
-    ../common/configuration.nix
-    ../../modules/sleep-at-night.nix
-  ];
-
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    users = {
-      horseman = import ../../home-manager/server-apps.nix;
-    };
-  };
+  imports = [];

  networking.hostName = "solis";
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-
-  virtualisation.docker.enable = true;
-
-  services.resolved.enable = true;
-  services.resolved.extraConfig = "DNSStubListener=no\n";
-
-  systemd.timers."backupSyncthing" = {
-    wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "weekly";
-        Persistent = true;
-      };
-  };
-
-  systemd.services."backupSyncthing" = {
-    script = ''
-      /home/horseman/nix-config/misc/backup.sh
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "horseman";
-    };
-  };
-
-  # services.sleep-at-night = {
-  #   enable = true;
-  #   shutdown = {
-  #     hour = 00;
-  #     minute = 30;
-  #   };
-  #   wakeup = "08:00:00";
-  # };
-
-  networking.firewall.enable = true;
-  networking.firewall.allowPing = true;
 }
--- a/machines/solis/hardware-configuration.nix
+++ b/machines/solis/hardware-configuration.nix
@ -1,26 +1,30 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

-  boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/74211087-d087-49d5-bc58-eb49748a51f0";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/74211087-d087-49d5-bc58-eb49748a51f0";
+    fsType = "ext4";
+  };

-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/bfe8c490-e8d7-438e-b95b-5bc5743bb23b"; }
-    ];
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/bfe8c490-e8d7-438e-b95b-5bc5743bb23b";}
+  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/machines/terra/configuration.nix
+++ b/machines/terra/configuration.nix
@ -6,104 +6,7 @@
  pkgs,
  ...
 }: {
-  imports = [
-    inputs.home-manager.nixosModules.home-manager
-    ./hardware-configuration.nix
-    ./refind.nix
-    ../../pkgs/firefox.nix
-    ../common/configuration.nix
-  ];
-
-  # NVIDIA Drivers
-  hardware.graphics.enable32Bit = true;
-  hardware.graphics.enable = true;
-  services.xserver.videoDrivers = ["nvidia"];
-  hardware.nvidia = {
-    modesetting.enable = true;
-    powerManagement.enable = false;
-    powerManagement.finegrained = false;
-    open = true;
-    nvidiaSettings = true;
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
-  };
-  # End NVIDIA
-
-
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    users = {
-      horseman = import ../../home-manager/apps.nix;
-    };
-  };
+  imports = [];

  networking.hostName = "terra";
-
-  systemd.timers."enable-wol" = {
-    wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnBootSec = "5m";
-        OnUnitActiveSec = "1m";
-        Unit = "enable-wol.service";
-      };
-  };
-
-  systemd.services."enable-wol" = {
-    script = ''
-      /home/horseman/nix-config/misc/startup.sh
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    ethtool
-  ];
-
-  environment.plasma6.excludePackages = with pkgs.kdePackages; [
-    kate
-    konsole
-  ];
-  environment.gnome.excludePackages = with pkgs; [
-    gnome-calendar
-    gnome-characters
-    nautilus
-    gnome-clocks
-    gnome-contacts
-    evince
-    file-roller
-    geary
-    gnome-system-monitor
-    eog
-    gnome-logs
-    gnome-maps
-    gnome-music
-    seahorse
-    gnome-text-editor
-  ];
-
-  services.xserver.enable = true;
-  services.desktopManager.plasma6.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-  services.displayManager.sddm.enable = true;
-  services.displayManager.sddm.autoNumlock = true;
-  services.displayManager.sddm.wayland.enable = false;
-  services.displayManager.defaultSession = "plasma";
-  boot.loader.systemd-boot.enable = true;
-
-  programs.ssh.askPassword = lib.mkForce "/nix/store/qrzq7dqp8dkffb5dvi42q647dhm87ady-ksshaskpass-6.0.3/bin/ksshaskpass";
-
-  networking.networkmanager.enable = true;
-
-  virtualisation.docker.enable = true;
-
-  hardware.pulseaudio.enable = false;
-  services.jack = {
-    jackd.enable = true;
-    alsa.enable = false;
-    loopback.enable = true;
-  };
-
-  users.extraUsers.horseman.extraGroups = [ "jackaudio" ];
 }
--- a/machines/terra/hardware-configuration.nix
+++ b/machines/terra/hardware-configuration.nix
@ -1,31 +1,35 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4d963cda-4ec7-4cee-8e82-35402d385f54";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/4d963cda-4ec7-4cee-8e82-35402d385f54";
+    fsType = "ext4";
+  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/6AB6-63FD";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/6AB6-63FD";
+    fsType = "vfat";
+  };

-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/53db744d-a858-49b0-a3a1-c7c576aba0c9"; }
-    ];
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/53db744d-a858-49b0-a3a1-c7c576aba0c9";}
+  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/machines/terra/refind.nix
+++ b/machines/terra/refind.nix
@ -1,13 +0,0 @@
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
-  environment.systemPackages = [
-    pkgs.refind
-    pkgs.efibootmgr
-  ];
-}