diff --git a/.gitignore b/.gitignore deleted file mode 100644 index fcfc4a1..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -result* diff --git a/flake.lock b/flake.lock index cd9faaf..618136d 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1677969766, - "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", + "lastModified": 1676153903, + "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", "owner": "ryantm", "repo": "agenix", - "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", + "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", "type": "github" }, "original": { @@ -63,15 +63,15 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { - "lastModified": 1680257010, - "narHash": "sha256-pNMB9sdoZOXEsszLD5TS0WG5Ysj2rVRmf92uxsxH/9A=", + "lastModified": 1676484851, + "narHash": "sha256-IQtPR+ObyNgh+Gc5rvfPUD3Xe7jsWk6jTMSwU6YOdHs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cfec7f9501cc0e001f49d725a7cd733af7deb2ed", + "rev": "fb1cdbb0a12d7f0e0e50022c405aca7c856dd233", "type": "github" }, "original": { @@ -95,152 +95,51 @@ "type": "github" } }, - "home-manager": { + "hm": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1678831854, - "narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=", + "lastModified": 1676257154, + "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", "owner": "nix-community", "repo": "home-manager", - "rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771", + "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", "type": "github" }, "original": { "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nix-on-droid", - "nixpkgs" - ], - "utils": "utils_2" - }, - "locked": { - "lastModified": 1663932797, - "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "nix-formatter-pack": { - "inputs": { - "nixpkgs": [ - "nix-on-droid", - "nixpkgs" - ], - "nmd": "nmd", - "nmt": "nmt" - }, - "locked": { - "lastModified": 1666720474, - "narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=", - "owner": "Gerschtli", - "repo": "nix-formatter-pack", - "rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5", - "type": "github" - }, - "original": { - "owner": "Gerschtli", - "repo": "nix-formatter-pack", - "type": "github" - } - }, - "nix-on-droid": { - "inputs": { - "home-manager": "home-manager_2", - "nix-formatter-pack": "nix-formatter-pack", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", - "nmd": "nmd_2" - }, - "locked": { - "lastModified": 1670198918, - "narHash": "sha256-oNlUhAM0/a3pDdCMmBWA+CLrDAIYJqAAMyrDp8fNSM4=", - "owner": "t184256", - "repo": "nix-on-droid", - "rev": "b00cb5e7e2a47d85a019119069b153cda4002d0a", - "type": "github" - }, - "original": { - "owner": "t184256", "ref": "release-22.11", - "repo": "nix-on-droid", + "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1678703398, - "narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=", + "lastModified": 1676546582, + "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b", + "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-for-bootstrap": { - "locked": { - "lastModified": 1669834992, - "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1678654296, - "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-22.11-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1669542132, - "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "lastModified": 1676569297, + "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", "type": "github" }, "original": { @@ -249,62 +148,12 @@ "type": "indirect" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1666190571, - "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", - "owner": "rycee", - "repo": "nmd", - "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmd_2": { - "flake": false, - "locked": { - "lastModified": 1666190571, - "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", - "owner": "rycee", - "repo": "nmd", - "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "root": { "inputs": { "agenix": "agenix", "emacs": "emacs", - "home-manager": "home-manager", - "nix-on-droid": "nix-on-droid", + "hm": "hm", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", "snm": "snm" } }, @@ -315,7 +164,7 @@ "nixpkgs-22_11": [ "nixpkgs" ], - "utils": "utils_3" + "utils": "utils_2" }, "locked": { "lastModified": 1671659164, @@ -348,21 +197,6 @@ } }, "utils_2": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_3": { "locked": { "lastModified": 1605370193, "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", diff --git a/flake.nix b/flake.nix index c1bf290..2a55083 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,10 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + hm = { + url = "github:nix-community/home-manager/release-22.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; # simple mailserver @@ -14,20 +13,8 @@ inputs.nixpkgs-22_11.follows = "nixpkgs"; }; - nix-on-droid = { - url = "github:t184256/nix-on-droid/release-22.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - emacs = { - url = "github:nix-community/emacs-overlay"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - -# simplex-chat = { -# url = "github:simplex-chat/simplex-chat"; -# inputs.nixpkgs.follows = "nixpkgs"; -# }; + emacs.url = "github:nix-community/emacs-overlay"; + emacs.inputs.nixpkgs.follows = "nixpkgs"; # age for nix to store encrypted passwords conveniently agenix = { @@ -36,7 +23,7 @@ }; }; - outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: { + outputs = { self, hm, nixpkgs, agenix, snm, ... }@inputs: { nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -50,7 +37,7 @@ ./modules/security.nix ./hosts/thrall agenix.nixosModules.age - home-manager.nixosModules.home-manager + hm.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -58,16 +45,5 @@ } ]; }; - - nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; - homeConfigurations = import ./outputs/homeConfigurations inputs; - - nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { - modules = [ - ./hosts/redmi - { nix.registry.nixpkgs.flake = nixpkgs; } - { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; } - ]; - }; }; } diff --git a/home/cli.nix b/home/cli.nix index 9c0d303..5e8d247 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -1,11 +1,8 @@ { config, pkgs, ... }: # minimal config, suitable for servers -let - myUser = "alex"; - myName = "Alexander Kobjolke"; - myMail = "me@failco.de"; -in { + +{ imports = [ # shell config #./modules/shell @@ -13,8 +10,8 @@ in { programs.home-manager.enable = true; home = { - username = myUser; - homeDirectory = "/home/${myUser}"; + username = "alex"; + homeDirectory = "/home/alex"; stateVersion = "21.05"; sessionPath = [ "$HOME/.local/bin" "$HOME/.emacs.d/bin" ]; }; @@ -34,7 +31,6 @@ in { gotop gnumake ripgrep # better grep - pijul sqlite.dev sqlite # pass @@ -67,22 +63,11 @@ in { ''; }; - xdg.configFile.pijul = { - target = "pijul/config.toml"; - text = '' - [author] - name = "${myUser}" - full_name = "${myName}" - email = "${myMail}" - ''; - }; - programs = { zsh = { enable = true; enableAutosuggestions = true; # enableSyntaxHighlighting = true; - shellAliases = { e = "emacsclient -c $@"; }; oh-my-zsh = { enable = true; plugins = [ "git" ]; @@ -103,7 +88,6 @@ in { emacs = { enable = true; package = pkgs.emacsGit; - extraPackages = epkgs: with epkgs; [ vterm ]; #package = pkgs.emacsUnstable; }; @@ -115,8 +99,8 @@ in { git = { enable = true; ignores = [ "*~" "*.swp" "result" "dist-newstyle" ]; - userEmail = myMail; - userName = myName; + userEmail = "me@failco.de"; + userName = "Alexander Kobjolke"; aliases = { st = "status"; }; extraConfig = { init.defaultBranch = "main"; }; }; diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix deleted file mode 100644 index 3974771..0000000 --- a/hosts/dregil/configuration.nix +++ /dev/null @@ -1,177 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, config, pkgs, lib, ... }: -let - nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' - export __NV_PRIME_RENDER_OFFLOAD=1 - export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 - export __GLX_VENDOR_LIBRARY_NAME=nvidia - export __VK_LAYER_NV_optimus=NVIDIA_only - exec "$@" - ''; -in -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - # - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # do not protect the kernel image to allow hibernation - security.protectKernelImage = lib.mkForce false; - - networking.hostName = "dregil"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; # use xkbOptions in tty. - }; - - # Enable the X11 windowing system. - services.xserver = { - enable = true; - exportConfiguration = true; - - # Configure keymap in X11 - layout = "dvorak"; - - xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt"; - - videoDrivers = [ "nvidia" ]; # "modesetting" ]; - - displayManager.lightdm = { - enable = true; - }; - - desktopManager.xfce.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - libinput = { - enable = true; - touchpad.disableWhileTyping = true; - touchpad.naturalScrolling = true; - mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling; - }; - }; - - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [ - corefonts - noto-fonts - noto-fonts-emoji - fira-code - fira-code-symbols - nerdfonts - ]; - }; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.alex = { - isNormalUser = true; - extraGroups = [ "wheel" # Enable ‘sudo’ for the user. - "input" - ]; - packages = with pkgs; [ - # gui tool - alacritty - firefox - jitsi-meet-electron - - # editing - helix - nil # nix language server - - # system tools - htop-vim # htop with vim bindings - erdtree # du+tree had sex - dua # ncdu but better - bat # better cat - uhk-agent - - # gaming support - lutris - #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat" - ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - wget - ripgrep - git - nvidia-offload - ]; - - # adjust channels to nixpkgs used on this system via this flake - environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath; - nix.nixPath = [ - "nixpkgs=${inputs.nixpkgs-unstable}" - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - programs.neovim = { - enable = true; - }; - - programs.steam = { - enable = true; - }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - system.nixos.tags = [ "HiDPI" "nvidia-only" ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? - -} - diff --git a/hosts/dregil/default.nix b/hosts/dregil/default.nix deleted file mode 100644 index 678c04d..0000000 --- a/hosts/dregil/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs, ... }: -let - inherit (inputs.nixpkgs-unstable.lib) nixosSystem; - - system = "x86_64-linux"; - - pkgs = import inputs.nixpkgs-unstable { - inherit system; - config = { - allowUnfree = true; - }; - }; -in -nixosSystem { - inherit system pkgs; - specialArgs = { inherit inputs; }; - modules = [ - ../../modules/security.nix - ../../modules/common-system.nix - ./configuration.nix - ]; -} diff --git a/hosts/dregil/hardware-configuration.nix b/hosts/dregil/hardware-configuration.nix deleted file mode 100644 index 198484c..0000000 --- a/hosts/dregil/hardware-configuration.nix +++ /dev/null @@ -1,92 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ]; - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f"; - preLVM = true; - allowDiscards = true; - fallbackToPassword = true; - keyFile = "/dev/sda2"; - keyFileSize = 4096; - }; - }; - boot.kernelModules = [ "kvm-intel" "nvidia" ]; - boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ]; - boot.kernelParams = [ "module_blacklist=i915" ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime" ]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/786D-42D7"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; - } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp52s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - hardware.video.hidpi.enable = true; - - hardware.nvidia = { - nvidiaSettings = true; - nvidiaPersistenced = true; - -# modesetting.enable = true; - package = config.boot.kernelPackages.nvidiaPackages.beta; -# prime = { -# offload.enable = true; -# -# intelBusId = "PCI:1:0:0"; -# nvidiaBusId = "PCI:1:0:0"; -# intelBusId = "0@0:2:0"; -# nvidiaBusId = "1@1:0:0"; -# }; - }; - - hardware.opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; - - hardware.keyboard.uhk.enable = true; -} diff --git a/hosts/redmi/default.nix b/hosts/redmi/default.nix deleted file mode 100644 index 9f607a0..0000000 --- a/hosts/redmi/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Simply install just the packages - environment.packages = with pkgs; [ - # User-facing stuff that you really really want to have - vim # or some other editor, e.g. nano or neovim - - git - mosh - openssh - wget - - # Some common stuff that people expect to have - #diffutils - #findutils - #utillinux - #tzdata - #hostname - #man - #gnugrep - #gnupg - #gnused - gnutar - #bzip2 - gzip - #xz - #zip - #unzip - ]; - - # Backup etc files instead of failing to activate generation if a file already exists in /etc - environment.etcBackupExtension = ".bak"; - - # Read the changelog before changing this value - system.stateVersion = "22.11"; - - # Set up nix for flakes - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - # Set your time zone - time.timeZone = "Europe/Berlin"; -} diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 9631cb7..1db9143 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -55,8 +55,8 @@ in { defaultGateway = "195.90.208.1"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; firewall = { - allowedTCPPorts = [ 22 53 80 443 5000 ]; - allowedUDPPorts = [ 53 42666 ]; + allowedTCPPorts = [ 22 80 443 5000 ]; + allowedUDPPorts = [ 42666 ]; }; # wireguard related config @@ -70,27 +70,18 @@ in { listenPort = 42666; postSetup = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE ''; postShutdown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE ''; privateKeyFile = config.age.secrets.wireguard-thrall.path; - peers = [ - { - # my phone - publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - allowedIPs = [ "10.0.0.2/32" ]; - } - { - # my tablet - publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; - allowedIPs = [ "10.0.0.3/32" ]; - } - ]; + peers = [{ + # my phone + publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; + allowedIPs = [ "10.0.0.2/32" ]; + }]; }; }; }; @@ -160,12 +151,6 @@ in { # List services that you want to enable: - # depending on wireguard - services.kresd = { - enable = true; - listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; - }; - # Enable the OpenSSH daemon. services.openssh.enable = true; @@ -189,24 +174,6 @@ in { root = "/srv/www/failco.de"; serverAliases = [ "www.failco.de" "mail.failco.de" ]; }; - - "git.failco.de" = { - forceSSL = true; - enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:3001/"; }; - }; - }; - - services.gitea = { - enable = true; - database.type = "sqlite3"; - lfs.enable = true; - domain = "git.failco.de"; - rootUrl = "https://git.failco.de"; - httpAddress = "127.0.0.1"; - httpPort = 3001; - - settings.service.DISABLE_REGISTRATION = true; }; services.fail2ban = { @@ -244,15 +211,15 @@ in { mailserver = { enable = true; fqdn = "thrall.failco.de"; - domains = [ "failco.de" "jakalx.net" ]; + domains = [ "failco.de" ]; loginAccounts = { "me@failco.de" = { hashedPasswordFile = config.age.secrets.mailPass.path; - aliases = [ "lx@failco.de" "alex@failco.de" ]; + aliases = [ "jakalx@failco.de" ]; - catchAll = [ "failco.de" "jakalx.net" ]; + catchAll = [ "failco.de" ]; }; }; diff --git a/modules/common-system.nix b/modules/common-system.nix deleted file mode 100644 index fb4273f..0000000 --- a/modules/common-system.nix +++ /dev/null @@ -1,49 +0,0 @@ -{config, pkgs, inputs, ...}: -{ - i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "Europe/Berlin"; - - environment.systemPackages = with pkgs; [ - wget - tmux - ripgrep - git - dua - erdtree - exa - fd - fzf - bat - ]; - - networking.firewall.enable = true; - - users.users.alex = { - isNormalUser = true; - extraGroups = [ "wheel" "input" ]; - shell = pkgs.zsh; - }; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - registry = { - nixpkgs.flake = inputs.nixpkgs; - nixpkgs-unstable.flake = inputs.nixpkgs-unstable; - }; - - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - warn-dirty = false; - - # avoid unwanted garbage collection when using direnv - keep-outputs = true; - keep-derivations = true; - }; - }; -} diff --git a/outputs/homeConfigurations/default.nix b/outputs/homeConfigurations/default.nix deleted file mode 100644 index 4fe9a2a..0000000 --- a/outputs/homeConfigurations/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -inputs: with inputs; -let - pkgs = import nixpkgs-unstable { - system = "x86_64-linux"; - config.allowUnfree = true; - overlays = []; - }; -in -{ - "alex@dregil" = home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ - { - programs.home-manager.enable = true; - - home = { - username = "alex"; - homeDirectory = "/home/alex"; - stateVersion = "22.11"; - - packages = with pkgs; [ - lutris - ]; - }; - - # do not show home-manager notifications - news.display = "silent"; - } - ]; - }; -} diff --git a/secrets/me@failco.de-mail b/secrets/me@failco.de-mail new file mode 100644 index 0000000..c240f66 --- /dev/null +++ b/secrets/me@failco.de-mail @@ -0,0 +1 @@ +$6$wEpQRnG6C6N0$63CchCNtmKUOmIu.R6qLyx30fpGnpwjXhWMbwyrk4sye5g0cpmHuShQ.2UUDHkSGUKsCvAG5rBOgX7I38N89U.