Commit 390584c97f92
Changed files (14)
location
modules
location/docker.nix
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports =[
- <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- ];
-
- hardware.sane = {
- brscan4.enable = true;
- brscan4.netDevices = {
- docker = { model = "MFC-9330CDW"; ip = "10.0.0.28"; };
- };
- };
-}
location/home.nix
@@ -1,4 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-}
machine/hokkaido.nix
@@ -1,16 +1,12 @@
{ config, pkgs, ... }:
{
- imports =
- [
- ../profiles/yubikey.nix
- ../location/home.nix
- ../hardware/thinkpad-x220.nix
- ];
+ imports = [ ../hardware/thinkpad-x220.nix ];
profiles.laptop.enable = true;
profiles.ssh.enable = true;
profiles.dev.enable = true;
+ profiles.yubikey.enable = true;
time.timeZone = "Europe/Paris";
machine/honshu.nix
@@ -1,11 +1,7 @@
{ config, pkgs, ... }:
{
- imports =
- [
- ../hardware/dell-latitude-e6540.nix
- ../location/home.nix
- ];
+ imports = [ ../hardware/dell-latitude-e6540.nix ];
profiles.ssh.enable = true;
profiles.dev.enable = true;
machine/kerkouane.nix
@@ -1,13 +1,11 @@
{ config, pkgs, ... }:
{
- imports = [
- ../networking.nix # generated at runtime by nixos-infect
- ../profiles/wireguard.server.nix
- ];
+ imports = [ ../networking.nix ];
profiles.ssh.enable = true;
profiles.git.enable = true;
+ profiles.wireguard.enable = true;
boot.cleanTmpDir = true;
boot.loader.grub.enable = true;
machine/shikoku.nix
@@ -1,10 +1,6 @@
{ config, pkgs, ... }:
{
- imports = [
- ../location/home.nix
- ];
-
profiles.desktop.enable = true;
profiles.docker.enable = true;
profiles.buildkit.enable = true;
machine/wakasu.nix
@@ -1,11 +1,7 @@
{ config, pkgs, ... }:
{
- imports =
- [
- ../location/home.nix
- ../hardware/lenovo-p50.nix
- ];
+ imports = [ ../hardware/lenovo-p50.nix ];
profiles.laptop.enable = true;
profiles.docker.enable = true;
modules/profiles/wireguard.server.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.wireguard.server;
+in
+{
+ options = {
+ profiles.wireguard.server = {
+ enable = mkOption {
+ default = false;
+ description = "Enable wireguard.server profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+ environment.systemPackages = [ pkgs.wireguard ];
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ networking.firewall.extraCommands = ''
+ iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
+ '';
+ networking.firewall.allowedUDPPorts = [ 51820 ];
+ networking.firewall.trustedInterfaces = [ "wg0" ];
+ networking.wireguard.interfaces = with import ../../../assets/machines.nix; {
+ "wg0" = {
+ ips = wireguard.kerkouane.allowedIPs;
+ listenPort = wg.listenPort;
+ privateKeyFile = "/etc/nixos/wireguard.private.key";
+ peers = wg.peers;
+ };
+ };
+ };
+}
modules/profiles/yubikey.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.yubikey;
+in
+{
+ options = {
+ profiles.yubikey = {
+ enable = mkOption {
+ default = false;
+ description = "Enable yubikey profile";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ services.udev.extraRules = ''
+ # Yubico YubiKey
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
+ # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+ '';
+
+ environment = {
+ systemPackages = with pkgs; [
+ yubico-piv-tool
+ ];
+ };
+ };
+}
modules/module-list.nix
@@ -23,6 +23,8 @@
./profiles/syncthing.nix
./profiles/users.nix
./profiles/virtualization.nix
+ ./profiles/wireguard.server.nix
+ ./profiles/yubikey.nix
./programs/podman.nix
./services/syncthing.nix
./services/wireguard.client.nix
profiles/mopidy.nix
@@ -1,35 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../accounts.nix;
-
-{
- services.mopidy = {
- enable = true;
- extensionPackages = with pkgs; [
- mopidy-spotify
- mopidy-moped
- mopidy-mopify
- mopidy-youtube
- ];
- configuration = ''
- [core]
- restore_state = true
- [local]
- enabled = true
- [spotify]
- username = ${spotify.user}
- password = ${spotify.password}
- client_id = ${spotify.client_id}
- client_secret = ${spotify.client_secret}
- bitrate = 320
- timeout = 30
- [youtube]
- enabled = true
- [audio]
- mixer = software
- mixer_volume =
- output = pulsesink server=127.0.0.1
- buffer_time =
- '';
- };
-}
profiles/virtualization.vbox.nix
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- virtualisation = {
- virtualbox.host.enable = true;
- nixpkgs.config.virtualbox.enableExtensionPack = true;
- networking.firewall.trustedInterfaces = [ "vboxnet0" ];
- environment = {
- systemPackages = with pkgs; [
- vagrant
- ];
- };
- }
-}
profiles/wireguard.server.nix
@@ -1,20 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
- environment.systemPackages = [ pkgs.wireguard ];
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- networking.firewall.extraCommands = ''
- iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
- '';
- networking.firewall.allowedUDPPorts = [ 51820 ];
- networking.firewall.trustedInterfaces = [ "wg0" ];
- networking.wireguard.interfaces = with import ../assets/machines.nix; {
- "wg0" = {
- ips = wireguard.kerkouane.allowedIPs;
- listenPort = wg.listenPort;
- privateKeyFile = "/etc/nixos/wireguard.private.key";
- peers = wg.peers;
- };
- };
-}
profiles/yubikey.nix
@@ -1,15 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.udev.extraRules = ''
- # Yubico YubiKey
- KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
- # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
- '';
-
- environment = {
- systemPackages = with pkgs; [
- yubico-piv-tool
- ];
- };
-}