started overhaul

2025-02-10 22:16:14 +01:00 · 2025-02-10 22:16:14 +01:00 · d6bdbe514d
commit d6bdbe514d
parent d1fec56ebf
14 changed files with 649 additions and 23 deletions
--- a/overhaul/machines/common/configuration.nix
+++ b/overhaul/machines/common/configuration.nix
@ -0,0 +1,86 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../pkgs/zsh.nix
+  ];
+
+  services.tailscale.enable = true;
+
+  services.mullvad-vpn.enable = true;
+  services.mullvad-vpn.package = pkgs.mullvad-vpn;
+  networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+  };
+
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age = {
+      sshKeyPaths = [ "/home/horseman/.ssh/id_ed25519" ];
+      keyFile = "/home/horseman/.config/sops/age/keys.txt";
+      generateKey = false;
+    };
+    secrets = {
+      "syncthing/user".owner = "horseman";
+      "syncthing/password".owner = "horseman";
+    };
+    templates = {
+      "syncuser".content = ''${config.sops.placeholder."syncthing/user"}''; 
+      "syncpassword".content = ''${config.sops.placeholder."syncthing/password"}'';       
+    };
+  };
+
+  services.syncthing = {
+    enable = true;
+    user = "horseman";
+    dataDir = "/home/horseman";
+    configDir = "/home/horseman/.config/syncthing";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      options = {
+        urAccepted = -1;
+      };
+      gui = {
+        user = config.sops.templates."syncuser".content;
+        password = config.sops.templates."syncpassword".content;
+      };
+      devices = {
+        "luna" = {
+          id = "MW4ZTAX-D7KDLRL-YHNGNCF-V6FW5L4-SCKQKES-BO7KV43-L5667GL-JHIYEAA";
+          autoAcceptFolders = true;
+          name = "luna";
+        };
+        "terra" = {
+          id = "2QWRFLY-ZUY5C6C-X36R5CY-PJSGLYY-5HWIWJN-2YYWRPU-T66GJMU-GXTQ6QK";
+          autoAcceptFolders = true;
+          name = "terra";
+        };
+        "solis" = {
+          id = "YOSYADZ-3OZ3XBH-7XEIK2W-DHAEIFD-5P5ZIHB-PAP74DH-T7GHLKT-O32YEA4";
+          autoAcceptFolders = true;
+          name = "solis";
+        };
+      };
+      folders = {
+        "Documents" = {
+          id = "documentFolder";
+          path = "/home/horseman/Documents";
+          devices = [ "luna" "terra" "solis" ];
+        };
+      };
+    };
+  };
+  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
+  networking.firewall.allowedTCPPorts = [ 8384 22000 ];
+}
--- a/overhaul/machines/luna/configuration.nix
+++ b/overhaul/machines/luna/configuration.nix
@ -0,0 +1,74 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./hardware-configuration.nix
+    ../../pkgs/firefox.nix
+    ../common/configuration.nix
+  ];
+
+  home-manager = {
+    extraSpecialArgs = { inherit inputs outputs; };
+    users = {
+      horseman = import ../../home-manager/apps.nix;
+    };
+  };
+
+  networking.hostName = "luna";
+  networking.networkmanager.enable = true;
+  networking.extraHosts = ''
+    127.0.0.1 koala.rails.local members.rails.local leden.rails.local intro.rails.local
+  '';
+
+  services.xserver.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.autoNumlock = true;
+  services.displayManager.defaultSession = "plasma";
+  boot.loader.systemd-boot.enable = true;  
+  boot.kernelModules = [ "snd-seq" "snd-rawmidi" ];
+
+  hardware.bluetooth.enable = true;
+  hardware.pulseaudio.enable = false;
+  services.jack = {
+    jackd.enable = false;
+    alsa.enable = true;
+    loopback.enable = false;
+  };
+
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [
+    kate
+    konsole
+  ];
+  environment.gnome.excludePackages = with pkgs; [
+    gnome-calendar
+    gnome-characters
+    nautilus
+    gnome-clocks
+    gnome-contacts
+    evince
+    file-roller
+    geary
+    gnome-system-monitor
+    eog
+    gnome-logs
+    gnome-maps
+    gnome-music
+    seahorse
+    gnome-text-editor
+  ];
+
+
+  virtualisation.docker.enable = true;
+
+  virtualisation.virtualbox.host.enable = true;
+  users.extraGroups.vboxusers.members = [ "horseman" ];
+
+  users.extraUsers.horseman.extraGroups = [ "jackaudio" ];
+}
--- a/overhaul/machines/luna/hardware-configuration.nix
+++ b/overhaul/machines/luna/hardware-configuration.nix
@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c1447573-eee5-48ea-9937-84330065628b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B516-99F1";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/overhaul/machines/solis/configuration.nix
+++ b/overhaul/machines/solis/configuration.nix
@ -0,0 +1,62 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./hardware-configuration.nix
+    ../common/configuration.nix
+    ../../modules/sleep-at-night.nix
+  ];
+
+  home-manager = {
+    extraSpecialArgs = { inherit inputs outputs; };
+    users = {
+      horseman = import ../../home-manager/server-apps.nix;
+    };
+  };
+
+  networking.hostName = "solis";
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  virtualisation.docker.enable = true;
+
+  services.resolved.enable = true;
+  services.resolved.extraConfig = "DNSStubListener=no\n";
+
+  systemd.timers."backupSyncthing" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "weekly";
+        Persistent = true;
+      };
+  };
+
+  systemd.services."backupSyncthing" = {
+    script = ''
+      /home/horseman/nix-config/misc/backup.sh
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "horseman";
+    };
+  };
+
+  # services.sleep-at-night = {
+  #   enable = true;
+  #   shutdown = {
+  #     hour = 00;
+  #     minute = 30;
+  #   };
+  #   wakeup = "08:00:00";
+  # };
+
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+}
--- a/overhaul/machines/solis/hardware-configuration.nix
+++ b/overhaul/machines/solis/hardware-configuration.nix
@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/74211087-d087-49d5-bc58-eb49748a51f0";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/bfe8c490-e8d7-438e-b95b-5bc5743bb23b"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/overhaul/machines/terra/configuration.nix
+++ b/overhaul/machines/terra/configuration.nix
@ -0,0 +1,109 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./hardware-configuration.nix
+    ./refind.nix
+    ../../pkgs/firefox.nix
+    ../common/configuration.nix
+  ];
+
+  # NVIDIA Drivers
+  hardware.graphics.enable32Bit = true;
+  hardware.graphics.enable = true;
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = true;
+    nvidiaSettings = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+  # End NVIDIA
+
+
+  home-manager = {
+    extraSpecialArgs = { inherit inputs outputs; };
+    users = {
+      horseman = import ../../home-manager/apps.nix;
+    };
+  };
+
+  networking.hostName = "terra";
+
+  systemd.timers."enable-wol" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "5m";
+        OnUnitActiveSec = "1m";
+        Unit = "enable-wol.service";
+      };
+  };
+
+  systemd.services."enable-wol" = {
+    script = ''
+      /home/horseman/nix-config/misc/startup.sh
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    ethtool
+  ];
+
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [
+    kate
+    konsole
+  ];
+  environment.gnome.excludePackages = with pkgs; [
+    gnome-calendar
+    gnome-characters
+    nautilus
+    gnome-clocks
+    gnome-contacts
+    evince
+    file-roller
+    geary
+    gnome-system-monitor
+    eog
+    gnome-logs
+    gnome-maps
+    gnome-music
+    seahorse
+    gnome-text-editor
+  ];
+
+  services.xserver.enable = true;
+  services.desktopManager.plasma6.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.autoNumlock = true;
+  services.displayManager.sddm.wayland.enable = false;
+  services.displayManager.defaultSession = "plasma";
+  boot.loader.systemd-boot.enable = true;
+
+  programs.ssh.askPassword = lib.mkForce "/nix/store/qrzq7dqp8dkffb5dvi42q647dhm87ady-ksshaskpass-6.0.3/bin/ksshaskpass";
+
+  networking.networkmanager.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  hardware.pulseaudio.enable = false;
+  services.jack = {
+    jackd.enable = true;
+    alsa.enable = false;
+    loopback.enable = true;
+  };
+
+  users.extraUsers.horseman.extraGroups = [ "jackaudio" ];
+}
--- a/overhaul/machines/terra/hardware-configuration.nix
+++ b/overhaul/machines/terra/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/4d963cda-4ec7-4cee-8e82-35402d385f54";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/6AB6-63FD";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/53db744d-a858-49b0-a3a1-c7c576aba0c9"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/overhaul/machines/terra/refind.nix
+++ b/overhaul/machines/terra/refind.nix
@ -0,0 +1,13 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [
+    pkgs.refind
+    pkgs.efibootmgr
+  ];
+}